c Commands – Part I

Context

[Tree] (config>service>vprn>mvpn c-mcast-signaling)

Full Context

configure service vprn mvpn c-mcast-signaling

Description

This command specifies BGP or PIM, for PE-to-PE signaling of CE multicast states. When this command is set to PIM and neighbor discovery by BGP is disabled, PIM peering will be enabled on the inclusive tree.

Changes may only be made to this command when the mvpn node is shutdown.

The no form of this command reverts it back to the default.

Default

c-mcast-signaling bgp

Parameters

bgp

Specifies to use BGP for PE-to-PE signaling of CE multicast states. Auto-discovery must be enabled.

pim

Specifies to use PIM for PE-to-PE signaling of CE multicast states.

Platforms

All

Context

[Tree] (config>test-oam>sath>svc-test>svc-stream>frm-payl>eth c-tag)

Full Context

configure test-oam service-activation-testhead service-test service-stream frame-payload ethernet c-tag

Description

Commands in this context configure the customer VLAN tag (C-tag) information.

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS

Context

[Tree] (config>port>ethernet>dot1x>macsec>sub-port ca-name)

Full Context

configure port ethernet dot1x macsec sub-port ca-name

Description

This command configures the Connectivity Association (CA) linked to this MACsec sub-port. The specified CA provides the MACsec parameter to be used or negotiated with other peers.

The no form of this command removes the CA from the MACsec sub-port.

Parameters

ca-name

Specifies the appropriate ca to be used under this MACsec sub-port, up to 32 characters.

Platforms

All

Context

[Tree] (config>anysec>tnl-enc>enc-grp ca-name)

Full Context

configure anysec tunnel-encryption encryption-group ca-name

Description

This command configures the CA used for this encryption group.

The no form of this command removes the CA.

Parameters

ca-name

Specifies the CA name for use under this ANYsec subport, up to 32 characters.

Platforms

7750 SR-1-24D, 7750 SR-1-46S, 7750 SR-1-48D, 7750 SR-1-92S, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-1se

Context

[Tree] (config>ipsec>cert-profile>entry>send-chain ca-profile)

Full Context

configure ipsec cert-profile entry send-chain ca-profile

Description

This command specifies a CA certificate in the specified ca-profile to be sent to the peer.

Multiple configurations (up to seven) of this command are allowed in the same entry.

Parameters

name

Specifies the profile name up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>system>security>pki ca-profile)

Full Context

configure system security pki ca-profile

Description

This command creates a new ca-profile or enters the configuration context of an existing ca-profile. Up to 128 ca-profiles can be created in the system. A shutdown of the ca-profile will not affect the current up and running ipsec-tunnel or ipsec-gw that is associated with the ca-profile. However, authentication afterwards will fail with a shutdown ca-profile.

Executing a no shutdown command in this context causes the system to reload the configured cert-file and crl-file.

A ca-profile can be applied under the ipsec-tunnel or ipsec-gw configuration.

The no form of this command removes the name parameter from the configuration. A ca-profile cannot be removed until all the associated entities (ipsec-tunnel/gw) have been removed.

Parameters

name

Specifies the name of the ca-profile up to 32 characters.

create

Keyword used to create a new ca-profile. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

All

Context

[Tree] (debug>certificate>ocsp ca-profile)

[Tree] (debug>certificate>cmpv2 ca-profile)

[Tree] (debug>certificate>auto-crl-update ca-profile)

Full Context

debug certificate ocsp ca-profile

debug certificate cmpv2 ca-profile

debug certificate auto-crl-update ca-profile

Description

This command debugs output of the specified CA profile.

• Protection method of each message is logged.

• All HTTP messages are logged. Format allows offline analysis using Wireshark.

• In the event of failed transactions, saved certificates are not deleted from file system for further debug and analysis.

• The system allows CMPv2 debugging for multiple ca-profile at the same time.

Parameters

profile-name

Specifies the name of the CA profile, up to 32 characters.

Platforms

All

Context

[Tree] (config>system>security>tls>cert-profile>entry>send-chain ca-profile)

Full Context

configure system security tls cert-profile entry send-chain ca-profile

Description

This command enables a certificate authority (CA) certificate in the specified CA profile to be sent to the peer. Up to seven configurations of this command are permitted in the same entry.

The no form of the command disables the transmission of a CA certificate from the specified CA profile.

Parameters

name

Specifies the name of the certificate authority profile, up to 32 characters in length.

Platforms

All

Context

[Tree] (admin>certificate>est cacert)

Full Context

admin certificate est cacert

Description

This command downloads a Certificate Authority (CA) certificate from an EST server specified by the EST profile. The downloaded certificate is imported and saved with the filename specified by the output-cert-filename.

Parameters

name

Specifies the EST profile name, up to 32 characters

output-cert-filename

Specifies the filename of the resulting CA certificate, up to 200 characters

force

Overwrites the existing file with same filename

Platforms

All

Context

[Tree] (config>python>py-policy cache)

Full Context

configure python python-policy cache

Description

Commands in this context configure the limits of the caching API inside the Python scripts.

The no form of this command removes the configured cache parameters from the configuration.

Parameters

create

This keyword is required when first creating the Python policy. Once the context is created, it is possible to navigate into the context without the create keyword.

Platforms

All

Context

[Tree] (config>service>vprn>radius-proxy>server cache)

[Tree] (config>router>radius-proxy>server cache)

Full Context

configure service vprn radius-proxy server cache

configure router radius-proxy server cache

Description

Commands in this context configure the cache under radius-proxy server. The cache contains per-subscriber authentication information learned from RADIUS authentication messages, and is used to authorize subsequent DHCP requests.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (debug>router>rpki-session>packet cache-reset)

Full Context

debug router rpki-session packet cache-reset

Description

This command enables debugging for cache reset RPKI packets.

The no form of this command disables debugging for cache reset RPKI packets.

Platforms

All

Context

[Tree] (debug>router>rpki-session>packet cache-response)

Full Context

debug router rpki-session packet cache-response

Description

This command enables debugging for cache response RPKI packets.

The no form of this command disables debugging for cache response RPKI packets.

Platforms

All

Context

[Tree] (config>cflowd cache-size)

Full Context

configure cflowd cache-size

Description

This command configures the maximum number of active flows to maintain in the flow cache table.

The no form of this command reverts the number of active entries to the default value.

Default

The default is hardware dependent.

Parameters

num-entries

Specifies the maximum number of entries maintained in the cflowd cache. The number depends on the CPM version.

Values

Ranges are hardware dependent.

Platforms

All

Context

[Tree] (config>macsec>conn-assoc>static-cak>pre-shared-key cak)

Full Context

configure macsec connectivity-association static-cak pre-shared-key cak

Description

Specifies the connectivity association key (CAK) for a pre-shared key. Two values are derived from CAK.

• Key Encryption Key (KEK), this is used to encrypt the MKA and SAK (symmetric key used for data path PDUs) to be distributed between all members.

• Integrity Check Value (ICK), this is used to authenticate the MKA and SAK PDUs to be distributed between all members.

The no form of this command removes the value.

Parameters

hex-string

Specifies the value of the CAK.

Values

up to 64 hexadecimal characters, 32 hexadecimal characters for 128-bit key and 64 hexadecimal characters for 256-bit key

hash

Keyword, specifying the hash scheme.

hash2

Keyword, specifying the hash scheme.

custom

Specifies the custom encryption for management interface.

Platforms

All

Context

[Tree] (config>subscr-mgmt>wlan-gw>tunnel-query calculate-counts)

Full Context

configure subscriber-mgmt wlan-gw tunnel-query calculate-counts

Description

This command specifies whether or not to count the number of tunnels matching the specified criteria.

Default

no calculate-counts

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config call-trace)

Full Context

configure call-trace

Description

Commands in this context configure parameters related to the call trace debugging tool.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (debug call-trace)

Full Context

debug call-trace

Description

Commands in this context set up various call trace debug sessions.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>acct-plcy>include-radius-attribute called-station-id)

[Tree] (config>subscr-mgmt>auth-policy>include-radius-attribute called-station-id)

Full Context

configure subscriber-mgmt radius-accounting-policy include-radius-attribute called-station-id

configure subscriber-mgmt authentication-policy include-radius-attribute called-station-id

Description

This command includes called station ID attributes.

The no form of this command reverts to the default.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>diam-appl-plcy>gx>include-avp called-station-id)

[Tree] (config>subscr-mgmt>diam-appl-plcy>nasreq>include-avp called-station-id)

Full Context

configure subscriber-mgmt diameter-application-policy gx include-avp called-station-id

configure subscriber-mgmt diameter-application-policy nasreq include-avp called-station-id

Description

This command includes called station ID attributes.

The no form of this command reverts to the default.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>diam-appl-plcy>gy>include-avp called-station-id)

Full Context

configure subscriber-mgmt diameter-application-policy gy include-avp called-station-id

Description

This command configures the value of the called station ID AVP.

The no form of this command returns the command to the default setting.

Parameters

called-station-id

Specifies the called station ID, up to 64 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>ipsec>rad-auth-plcy>include called-station-id)

[Tree] (config>ipsec>rad-acct-plcy>include called-station-id)

Full Context

configure ipsec radius-authentication-policy include-radius-attribute called-station-id

configure ipsec radius-accounting-policy include-radius-attribute called-station-id

Description

This command includes called station ID attributes.

The no form of this command excludes called station ID attributes.

Default

no called-station-id

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>aaa>isa-radius-plcy>acct-include-attributes called-station-id)

[Tree] (config>aaa>isa-radius-plcy>auth-include-attributes called-station-id)

Full Context

configure aaa isa-radius-policy acct-include-attributes called-station-id

configure aaa isa-radius-policy auth-include-attributes called-station-id

Description

This command includes called station id attributes.

The no form of the command excludes called station id attributes.

Default

no called-station-id

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vprn>l2tp calling-number-format)

[Tree] (config>router>l2tp calling-number-format)

Full Context

configure service vprn l2tp calling-number-format

configure router l2tp calling-number-format

Description

This command what string to put in the Calling Number AVP, for L2TP control messages related to a session in this L2TP protocol instance.

Default

calling-number-format "%S %s"

Parameters

ascii-spec

Specifies the L2TP calling number AVP.

Values

char-specification ascii-spec
char-specification	ascii-char | char-origin
ascii-char	a printable ASCII character
char-origin	%origin
origin	S | c | r | s | l
	S	system name, the value of TIMETRA-CHASSIS-MIB::tmnxChassisName
	c	Agent Circuit Id
	r	Agent Remote Id
	s	SAP ID, formatted as a character string
	l	Logical Line ID

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>aaa>l2tp-acct-plcy>include-radius-attribute calling-station-id)

Full Context

configure aaa l2tp-accounting-policy include-radius-attribute calling-station-id

Description

This command enables the inclusion of the calling-station-id attribute in RADIUS authentication requests and RADIUS accounting messages.

Default

no calling-station-id

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>ipsec>rad-auth-plcy>include calling-station-id)

[Tree] (config>ipsec>rad-acct-plcy>include calling-station-id)

Full Context

configure ipsec radius-authentication-policy include-radius-attribute calling-station-id

configure ipsec radius-accounting-policy include-radius-attribute calling-station-id

Description

This command enables the inclusion of the calling-station-id attribute in RADIUS authentication requests and RADIUS accounting messages.

Default

no calling-station-id

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>ies>if>sap calling-station-id)

[Tree] (config>service>vprn>sub-if>grp-if>sap calling-station-id)

[Tree] (config>service>ies>sub-if>grp-if>sap calling-station-id)

[Tree] (config>service>vpls>sap calling-station-id)

[Tree] (config>subscr-mgmt>acct-plcy>include-radius-attribute calling-station-id)

[Tree] (config>subscr-mgmt>auth-plcy>include-radius-attribute calling-station-id)

[Tree] (config>service>vprn>if>sap calling-station-id)

Full Context

configure service ies interface sap calling-station-id

configure service vprn subscriber-interface group-interface sap calling-station-id

configure service ies subscriber-interface group-interface sap calling-station-id

configure service vpls sap calling-station-id

configure subscriber-mgmt radius-accounting-policy include-radius-attribute calling-station-id

configure subscriber-mgmt authentication-policy include-radius-attribute calling-station-id

configure service vprn interface sap calling-station-id

Description

This command enables the inclusion of the calling-station-id attribute in RADIUS authentication requests and RADIUS accounting messages.

The no form of this command reverts to the default.

Default

calling-station-id sap-string

Parameters

llid

Specifies that the logical link identifier (LLID) is mapping from a physical to logical identification of a subscriber line and supplied by a RADIUS llid-server.

mac

Specifies that the MAC address is sent.

remote-id

Specifies that the remote ID is sent.

sap-id

Specifies that the SAP ID is sent.

sap-string

Specifies that the value is the inserted value set at the SAP level. If no calling-station-id value is set at the SAP level, the calling-station-id attribute will not be sent.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>diam-appl-plcy>gx>include-avp calling-station-id)

[Tree] (config>subscr-mgmt>diam-appl-plcy>nasreq>include-avp calling-station-id)

Full Context

configure subscriber-mgmt diameter-application-policy gx include-avp calling-station-id

configure subscriber-mgmt diameter-application-policy nasreq include-avp calling-station-id

Description

This command includes the calling-station-id AVP in the specified format.

The no form of this command reverts to the default.

Parameters

type

Specifies the format of the Calling-Station-ID AVP.

Values

llid — The logical link identifier (LLID) is the mapping from a physical to logical identification of a subscriber line and supplied by a RADIUS llid-serv

mac — Specifies that the MAC address is sent.

remote-id — Specifies that the remote ID is sent

sap-id — Specifies that the sap-id is sent

sap-string — Specifies that the value is the inserted value set at the SAP level. If no calling-station-id value is set at the SAP level, the calling-station-id attribute will not be sent.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>aaa>isa-radius-plcy>acct-include-attributes calling-station-id)

[Tree] (config>aaa>isa-radius-plcy>auth-include-attributes calling-station-id)

Full Context

configure aaa isa-radius-policy acct-include-attributes calling-station-id

configure aaa isa-radius-policy auth-include-attributes calling-station-id

Description

This command enables the inclusion of the calling-station-id attribute in RADIUS authentication requests and RADIUS accounting messages.

Default

no calling-station-id

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (configure>system>security>profile>netconf>base-op-authorization cancel-commit)

Full Context

configure system security profile netconf base-op-authorization cancel-commit

Description

This command enables the NETCONF <cancel-commit> RPC.

The no form of this command disables the RPC.

Default

no cancel-commit

Platforms

All

Context

[Tree] (candidate)

Full Context

candidate

Description

Commands in this context edit candidate configurations.

Commands in the candidate CLI branch, except candidate edit, are available only when in edit-cfg mode.

Platforms

All

Context

[Tree] (config>system>netconf>capabilities candidate)

Full Context

configure system netconf capabilities candidate

Description

This command allows the SR OS NETCONF server to access the candidate configuration datastore. Configuring this command also enables using commit and discard-changes.

When configure system management-interface configuration-mode is set to classic, the candidate capability is disabled, even if this command is configured.

The no form of the command disables the SR OS NETCONF server from accessing the candidate datastore. If the candidate is disabled, requests that reference the candidate datastore return an error, and when a NETCONF client establishes a new session, the candidate capability is not advertised in the SR OS NETCONF Hello message.

Default

candidate

Platforms

All

Context

[Tree] (config>router>p2mp-sr-tree>p2mp-policy candidate-path)

Full Context

configure router p2mp-sr-tree p2mp-policy candidate-path

Description

This command configures a candidate path in the P2MP policy entry for the P2MP SR tree.

A P2MP SR policy can contain multiple candidate paths, which are redundant trees. Each candidate path represents a P2MP SR tree with its own traffic engineering constraints. Each candidate path has its own preference; the candidate path with the highest preference is the active P2MP SR tunnel.

The no form of this command removes the specified candidate path from the P2MP SR policy.

Parameters

candidate-path-name

Specifies the name of the candidate path, up to 32 characters.

Platforms

All

Context

[Tree] (config>system>security>user>console cannot-change-password)

Full Context

configure system security user console cannot-change-password

Description

This command allows a user the privilege to change their password for both FTP and console login.

To disable a user’s privilege to change their password, use the cannot-change-password form of this command.

Default

no cannot-change-password

Platforms

All

Context

[Tree] (config>app-assure>group>policy>app-profile capacity-cost)

Full Context

configure application-assurance group policy app-profile capacity-cost

Description

This command configures an application profile capacity cost. Capacity-Cost based load balancing allows a cost to be assigned to diverted SAPs (with the app-profile) and this is then used for load-balancing SAPs between ISAs as well as for a threshold that notifies the operator if/when capacity planning has been exceeded.

Default

capacity-cost 1

Parameters

cost

Specifies the profile capacity cost.

Values

1 to 65535

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>dsm captive-portal-api-url)

[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>dsm captive-portal-api-url)

Full Context

configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range distributed-sub-mgmt captive-portal-api-url

configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range distributed-sub-mgmt captive-portal-api-url

Description

This command specifies a URL for an RFC 8908 captive portal API server that is included in DHCP, RA, and DHCPv6 messages as described in RFC 8910. This command supports the same macro substitutions as the configure subscriber-mgmt http-redirect-policy url command.

This command is mutually exclusive with the one-time-redirect and send-unrestricted-portal-url commands in the same context.

When unconfigured, the WLAN-GW populates the URL in DHCP, RA, and DHCPv6 messages based on whether redirect is applied and the value of the one-time-redirect command.

The no form of this command removes the configuration.

Default

no captive-portal-api-url

Parameters

rdr-url-string

Specifies the HTTP redirect URL, up to 255 characters. This option can be used for any session.

Values

The following macro substitutions may be used:

$URL — is always replaced by an empty string

$MAC — a string that represents the MAC address of the UE

$IP — a string that represents the IP address of the UE

Note: Nokia does not recommend using IP in multi-stack deployments, as this leads to different URLs in DHCP, RA, and DHCPv6 messages which is discouraged by RFC 8910.

$NASIP — a string that represents the RADIUS IP address of the ISA/ESA-VM

$NASIPV6 — a string that represents the RADIUS IPv6 address of the ISA/ESA-VM

$URLPRM — a string that represents the Application Assurance HTTP URL parameter of the UE

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>app-assure>group>http-redirect captive-redirect)

Full Context

configure application-assurance group http-redirect captive-redirect

Description

This command configures the captive redirect capability for an HTTP redirect policy. HTTP redirect policies using captive redirect can be used in conjunction with a session filter policy and will terminate TCP flows in the ISA-AA card before reaching the Internet to redirect subscribers to the predefined redirect URL. Non-HTTP TCP flows are TCP reset. Captive redirect uses the provisioned VLAN id to send the HTTP response to subscribers; therefore this VLAN id must be properly assigned in the same VPN as the subscriber. The operator can select the URL arguments to include in the redirect URL using either a specific template id or by configuring the redirect URL using one of the supported macro substitution keywords.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (debug>pcap capture)

Full Context

debug pcap capture

Description

This command starts and stops the packet capture process for the specified session-name.

Parameters

start

Starts the packet capture process and also start or restarts the FTP or TFTP session. If the FTP or TFTP server is unreachable, the command prompt rejects further input until the retires are timed out after 24 seconds (after four attempts of about six seconds each). If the same file name is unchanged in the config>mirror>mirror-dest>pcap context between captures, this command overwrites the file content.

stop

Stops the packet capture process and also stops the FTP or TFTP session. If the FTP or TFTP server is unreachable, the command prompt rejects further input until the retires are timed out after 24 seconds (after four attempts of about six seconds each).

Platforms

All

Context

[Tree] (debug>dynsvc>data-triggers capture-sap)

Full Context

debug dynamic-services data-triggers capture-sap

Description

This command enables or disables the generation of dynamic services data trigger debug events, such as:

• data trigger received

• authentication

• data trigger SAP created

• dynamic service SAP created

• dropped data trigger with drop reason such as data trigger exists or lockout active.

Multiple capture SAPs can be specified simultaneously.

Optionally, a single encap-val per capture-sap can be specified to limit the output of the debug events to the data trigger events with the specified encapsulation.

Optionally, the debug output can be restricted to dropped data trigger events only.

Parameters

sap-id

Specifies the dynamic services data trigger capture SAP for which debug events should be logged.

encap-val qtag[.qtag]

Optionally restrict the debug output to data trigger events with the specified encapsulation.

Values

1 to 4094

mode

Optionally restrict the debug output to specific events.

Values

all—log all data trigger events

dropped-only—log only dropped data trigger events

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config card)

Full Context

configure card

Description

This mandatory command enables access to the chassis and context. In SR OS cards cover IOM, IMM, and XCM.

The no form of this command removes the card from the configuration. All associated ports, services, and MDAs must be shutdown.

Default

no card

Parameters

slot-number

Specifies the slot number of the card in the chassis. The maximum slot number is platform dependent. Refer to the hardware installation guides.

Values

1 to 10

Platforms

All

Context

[Tree] (config>card card-type)

Full Context

configure card card-type

Description

This mandatory command adds an IOM/XCM to the device configuration for the slot. The card type can be preprovisioned, meaning that the card does not need to be installed in the chassis.

A card must be provisioned before an MDA, connector, or port can be configured.

A card can only be provisioned in a slot that is vacant, meaning no other card can be provisioned (configured) for that particular slot. To reconfigure a slot position, use the no form of this command to remove the current information.

A card can only be provisioned in a slot if the card type is allowed in the slot. An error message is generated if an attempt is made to provision a card type that is not allowed.

If a card is inserted that does not match the configured card type for the slot, then a log event and facility alarm is raised. The alarm is cleared when the correct card type is installed or the configuration is modified.

A log event and facility alarm are is raised if an administratively enabled card is removed from the chassis. The alarm is cleared when the correct card type is installed or the configuration is modified. A log event is issued when a card is removed that is administratively disabled.

Because IMMs do not have the capability to install separate MDAs, the configuration of the MDA is automatic. This configuration only includes the default parameters such as default buffer policies. Commands to manage the MDA such as shutdown and so on, remain in the MDA configuration context.

Some card hardware can support two different firmware loads. One load includes the base Ethernet functionality, including 10G WAN mode, but does not include 1588 port-based timestamping. The second load includes the base Ethernet functionality and 1588 port-based timestamping, but does not include 10G WAN mode. These are identified as two card types that are the same, except for a "-ptp” suffix to indicate the second loadset; for example, imm40-10gb-sfp and imm40-10gb-sfp-ptp. A hard reset of the card occurs when switching between the two provisioned types.

An appropriate alarm is raised if a partial or complete card failure is detected. The alarm is cleared when the error condition ceases.

New generations of cards include variants controlled by hardware and software licensing. For these cards, the license level must be provisioned in addition to the card type. A card cannot become operational unless the provisioned license level matches the license level of the card installed into the slot. The set of license levels varies by card type.

The provisioned level controls aspects related to connector provisioning and the consumption of hardware egress queues and egress policers. Changes to the provisioned license level may be blocked if configuration exists that would not be permitted with the new target license level.

If the license level is not specified, the level is set to the highest license level for that card.

The no form of this command removes the card from the configuration.

Default

no card-type

Parameters

card-type

Specifies the type of card to be configured and installed in that slot. Values for this attribute vary by platform and release. The release notes include a listing of all supported card-types and their CLI strings. In addition, the command can be queried to check which card-types are relevant for the active platform type. Some examples include iom4-e-b and imm-2pac-fp3.

card-level

Specifies the license level of the card, up to 32 characters. Possible values vary by card type.

Platforms

All

Context

[Tree] (config>service>vprn carrier-carrier-vpn)

Full Context

configure service vprn carrier-carrier-vpn

Description

This command configures a VPRN service to support a Carrier Supporting Carrier model. It should be configured on a network provider’s CSC-PE device.

This command cannot be applied to a VPRN unless it has no SAP or spoke-SDP interfaces. Once this command has been entered one or more MPLS-capable CSC interfaces can be created in the VPRN.

The no form of this command removes the Carrier Supporting Carrier capability from a VPRN.

Default

no carrier-carrier-vpn

Platforms

All

Context

[Tree] (config>subscr-mgmt>cat-map category)

Full Context

configure subscriber-mgmt category-map category

Description

Commands in this context configure RADIUS credit control, Diameter credit control (Gy), Diameter Gx Usage Monitoring, or Idle-Timeout.

Up to sixteen categories can be configured per category map. The internal category for Gx session level Usage Monitoring is included in this limit. The instantiation of the internal category is controlled with the gx-session-level-usage command.

Parameters

category-name

Specifies the category name, up to 32 characters.

create

Keyword used to create a category instance. The create keyword can be enabled or disabled in the environment>create context.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>sla-prof>cat-map category)

Full Context

configure subscriber-mgmt sla-profile category-map category

Description

This command defines the category in the category map to be used for the idle timeout monitoring of subscriber hosts.

The no form of this command reverts to the default.

Parameters

category-name

Specifies the name, up to 32 characters, of the category where the queues and policers are defined for idle timeout monitoring of subscriber hosts.

create

Keyword used to create a category instance. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>app-assure>group>url-filter>web-service>profile category)

Full Context

configure application-assurance group url-filter web-service profile category

Description

This command configures the category that will be blocked in the category profile.

The no form of this command removes the category blocking configuration.

Parameters

category

Specifies the URL category name for the configured web service, up to 256 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt category-map)

Full Context

configure subscriber-mgmt category-map

Description

This command specifies the category map name.

The no form of this command reverts to the default.

Parameters

category-map-name

Specifies the category map name, up to 32 characters.

create

Keyword used to create a category map instance. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>sla-prof category-map)

Full Context

configure subscriber-mgmt sla-profile category-map

Description

This command references the category-map to be used for the idle-timeout monitoring of subscriber hosts associated with this sla-profile. The category-map must already exist in the config>subscr-mgmt context.

The no form of this command reverts to the default.

Parameters

category-map-name

Specifies the name of the category map, up to 32 characters, where the activity-threshold and the category is defined for idle-timeout monitoring of subscriber hosts.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host>ident-strings category-map-name)

[Tree] (config>subscr-mgmt>loc-user-db>ppp>host>ident-strings category-map-name)

Full Context

configure subscriber-mgmt local-user-db ipoe host identification-strings category-map-name

configure subscriber-mgmt local-user-db ppp host identification-strings category-map-name

Description

This command specifies the category map name.

The no form of this command removes the category map name from the configuration.

Parameters

category-map-name

Specifies an existing category map name, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>mcast-mgmt>bw-plcy>t2>sec-path>queue cbs)

[Tree] (config>mcast-mgmt>bw-plcy>t2>prim-path>queue cbs)

Full Context

configure mcast-management bandwidth-policy t2-paths secondary-path queue-parameters cbs

configure mcast-management bandwidth-policy t2-paths primary-path queue-parameters cbs

Description

This command overrides the default committed buffer size (CBS) for each individual path’s queue. The queue's CBS threshold is used when requesting buffers from the systems ingress buffer pool to indicate whether the requested buffer should be removed from the reserved portion of the buffer pool or the shared portion. When the queue’s fill depth is below or equal to the CBS threshold, the requested buffer comes from the reserved portion. After the queue's depth exceeds the CBS threshold, buffers come from the shared portion.

The cbs percent-of-resv-cbs parameter is defined as a percentage of the reserved portion of the pool. The system allows the sum of all CBS values to equal more than 100% allowing for oversubscription of the reserved portion of the pool. If the reserved portion is oversubscribed and the queues are currently using more reserved space than provisioned in the pool, the pool automatically starts using the shared portion of the pool for within-CBS buffer allocation. The shared early detection slopes can assume more buffers that exist within the shared portion that may cause the early detection function to fail.

For the primary-path and secondary-path queues, the percentage is applied to a single queue for each path.

The no form of this command restores the path queue's default CBS value.

Parameters

percent-of-resv-cbs

Specifies the percent of buffers reserved from the total buffer pool space, expressed as a decimal integer. If 10 MB is the total buffers in the buffer pool, a value of 10 would reserve 1 MB (10%) of buffer space for the forwarding class queue. The value 0 specifies that no reserved buffers are required by the queue (a minimal reserved size can be applied for scheduling purposes).

Values

0 to 100

Default

Primary:	5
Secondary:	30

Platforms

7450 ESS, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-7/12/12e, 7750 SR-s, 7950 XRS, VSR

Context

[Tree] (config>qos>sap-egress>dynamic-queue cbs)

Full Context

configure qos sap-egress dynamic-queue cbs

Description

This command configures the committed buffer size (CBS) that is reserved for the queue. The CBS is applied to each dynamic queue and is not shared.

Default

no cbs (auto)

Parameters

size-in-kbytes

Specifies the size of the CBS in kilobytes.

Values

0 to 1048576

default (auto)

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>sla-prof>ingress>qos>queue cbs)

[Tree] (config>subscr-mgmt>sla-prof>egress>qos>queue cbs)

Full Context

configure subscriber-mgmt sla-profile ingress qos queue cbs

configure subscriber-mgmt sla-profile egress qos queue cbs

Description

This command can be used to override specific attributes of the specified queue's CBS parameters. It is permissible, and possibly desirable, to oversubscribe the total CBS reserved buffers for a given access port egress buffer pool. Oversubscription may be desirable due to the potential large number of service queues and the economy of statistical multiplexing the individual queues’ CBS settings into the defined reserved total.

When oversubscribing the reserved total, it is possible for a queue depth to be lower than its CBS setting and still not receive a buffer from the buffer pool for an ingress frame. As more queues are using their CBS buffers and the total in use exceeds the defined reserved total, essentially the buffers are being removed from the shared portion of the pool without the shared in use average and total counts being decremented. This can affect the operation of the high and low priority RED slopes on the pool, causing them to miscalculate when to start randomly drop packets.

The no form of this command returns the CBS size to the size as configured in the QoS policy.

Default

no cbs

Parameters

size-in-kbytes

The size parameter is an integer expression of the number of kilobytes reserved for the queue. If a value of 10KBytes is desired, enter the value 10. A value of 0 specifies that no reserved buffers are required by the queue (a minimal reserved size can still be applied for scheduling purposes).

Values

0 to 1048576, default

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>sla-prof>egress>qos>policer cbs)

[Tree] (config>subscr-mgmt>sla-prof>ingress>qos>policer cbs)

Full Context

configure subscriber-mgmt sla-profile egress qos policer cbs

configure subscriber-mgmt sla-profile ingress qos policer cbs

Description

This command is used to configure the policer’s CIR leaky bucket’s exceed threshold. The CIR bucket’s exceed threshold represents the committed burst tolerance allowed by the policer. If the policer’s forwarding rate is equal to or less than the policer's defined CIR, the CIR bucket depth hovers around the 0 depth with spikes up to the maximum packet size in the offered load. If the forwarding rate increases beyond the profiling rate, the amount of data allowed to be in-profile above the rate is capped by the threshold.

The policer’s cbs size defined in the QoS policy may be overridden on an sla-profile or SAP where the policy is applied.

The no form of this command returns the policer to its default CBS size.

Parameters

size

Specifies the size parameter and is expressed as an integer representing the required size in either bytes or kilobytes. The default is kilobytes. The optional byte and kilobyte keywords are mutually exclusive and are used to explicitly define whether size represents bytes or kilobytes.

Values

0 to 2683435456

bytes

Specifies the size parameter the size parameter in bytes. When bytes is defined, the value given for size is interpreted as the queue’s MBS value given in bytes.

kilobytes

Specifies the size parameter in kilobytes. When kilobytes is defined, the value is interpreted as the queue’s MBS value given in kilobytes.

Default

kilobyte

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>ies>if>sap>ingress>queue-override>queue cbs)

[Tree] (config>service>ies>if>sap>egress>queue-override>queue cbs)

[Tree] (config>service>vpls>sap>ingress>queue-override>queue cbs)

[Tree] (config>service>vpls>sap>egress>queue-override>queue cbs)

Full Context

configure service ies interface sap ingress queue-override queue cbs

configure service ies interface sap egress queue-override queue cbs

configure service vpls sap ingress queue-override queue cbs

configure service vpls sap egress queue-override queue cbs

Description

This command overrides specific attributes of the specified queue’s CBS parameters.

It is permissible, and possibly desirable, to oversubscribe the total CBS reserved buffers for a given access port egress buffer pool. Oversubscription may be desirable due to the potential large number of service queues and the economy of statistical multiplexing the individual queue’s CBS settings into the defined reserved total.

When oversubscribing the reserved total, it is possible for a queue depth to be lower than its CBS setting and still not receive a buffer from the buffer pool for an ingress frame. As more queues are using their CBS buffers and the total in use exceeds the defined reserved total, essentially the buffers are being removed from the shared portion of the pool without the shared in use average and total counts being decremented. This can affect the operation of the high and low priority RED slopes on the pool, causing them to miscalculate when to start randomly drop packets.

If the CBS value is larger than the MBS value, an error will occur, preventing the CBS change.

The no form of this command returns the CBS size to the default value.

Parameters

size-in-kbytes

Specifies the size parameter is an integer expression of the number of kilobytes reserved for the queue. If a value of 10 kbytes is desired, enter the value 10. A value of 0 specifies that no reserved buffers are required by the queue (a minimal reserved size can still be applied for scheduling purposes).

Values

0 to 1048576, default

Platforms

All

Context

[Tree] (config>service>vprn>if>sap>egress>queue-override>queue cbs)

[Tree] (config>service>vprn>if>sap>ingress>queue-override>queue cbs)

Full Context

configure service vprn interface sap egress queue-override queue cbs

configure service vprn interface sap ingress queue-override queue cbs

Description

This command can be used to override specific attributes of the specified queue’s CBS parameters.

It is permissible, and possibly desirable, to oversubscribe the total CBS reserved buffers for a given access port egress buffer pool. Oversubscription may be desirable due to the potential large number of service queues and the economy of statistical multiplexing the individual queue’s CBS setting into the defined reserved total.

When oversubscribing the reserved total, it is possible for a queue depth to be lower than its CBS setting and still not receive a buffer from the buffer pool for an ingress frame. As more queues are using their CBS buffers and the total in use exceeds the defined reserved total, essentially the buffers are being removed from the shared portion of the pool without the shared in use average and total counts being decremented. This can affect the operation of the high and low priority RED slopes on the pool, causing them to miscalculate when to start randomly drop packets.

If the CBS value is larger than the MBS value, an error occurs, preventing the CBS change.

The no form of this command returns the CBS to the default value.

Default

no cbs

Parameters

size-in-kbytes

The size parameter is an integer expression of the number of kilobytes reserved for the queue. For a value of 10 kbytes, enter the number 10. A value of 0 specifies that no reserved buffers are required by the queue (a minimum reserved size can be applied for scheduling purposes).

Values

0 to 131072 or default

Platforms

All

Context

[Tree] (config>subscr-mgmt>isa-policer cbs)

Full Context

configure subscriber-mgmt isa-policer cbs

Description

This command specifies the committed burst-size value of this policer. This can only be set on dual-bucket-bandwidth policers.

The no form of this command reverts to its default.

Default

cbs 0

Parameters

burst-size

Specifies the committed burst-size in kbytes.

Values

0 to 131071

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>card>fp>ingress>network>qgrp>policer-over>plcr cbs)

[Tree] (config>card>fp>ingress>access>qgrp>policer-over>plcr cbs)

Full Context

configure card fp ingress network queue-group policer-override policer cbs

configure card fp ingress access queue-group policer-override policer cbs

Description

This command configures the policer’s CIR leaky bucket’s exceed threshold. The CIR bucket’s exceed threshold represents the committed burst tolerance allowed by the policer. If the policer’s forwarding rate is equal to or less than the policer’s defined CIR, the CIR bucket depth hovers around the 0 depth with spikes up to the maximum packet size in the offered load. If the forwarding rate increases beyond the profiling rate, the amount of data allowed to be in-profile above the rate is capped by the threshold.

The policer’s cbs size defined in the QoS policy may be overridden on an sla-profile or SAP where the policy is applied.

The no form of this command returns the policer to its default CBS size.

Parameters

size

Specifies that the size parameter is required when specifying cbs and is expressed as an integer representing the required size in either bytes or kilobytes. The default is kilobytes. The optional bytes and kilobytes keywords are mutually exclusive and are used to explicitly define whether size represents bytes or kilobytes.

Values

0 to 2683435456

bytes

When bytes is defined, the value given for size is interpreted as the queue’s CBS value specified in bytes.

kilobytes

When kilobytes is defined, the value is interpreted as the queue’s CBS value given in kilobytes.

Default

kilobyte

default

Specifying the keyword default sets the CBS to its default value.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

Context

[Tree] (config>port>ethernet>access>ing>qgrp>qover>q cbs)

[Tree] (config>port>ethernet>access>egr>qgrp>qover>q cbs)

[Tree] (config>port>ethernet>network>egr>qover>q cbs)

Full Context

configure port ethernet access ingress queue-group queue-overrides queue cbs

configure port ethernet access egress queue-group queue-overrides queue cbs

configure port ethernet network egress queue-overrides queue cbs

Description

This command defines the default committed buffer size for the template queue. Overall, the CBS command follows the same behavior and provisioning characteristics as the CBS command in the queue-group or network QoS policy. The exception is the addition of the cbs-value qualifier keywords bytes or kilobytes.

The no form of this command restores the default CBS size to the template queue.

Default

cbs default

Parameters

size-in-kbytes

The size parameter is an integer expression of the number of kilobytes reserved for the queue. If a value of 10 kbytes is desired, enter the value 10. A value of 0 specifies that no reserved buffers are required by the queue (a minimal reserved size can still be applied for scheduling purposes).

Values

0 to 1048576 or default

Platforms

All

Context

[Tree] (config>service>cpipe>sap>egress>policer-over>plcr cbs)

[Tree] (config>service>epipe>sap>ingress>policer-over>plcr cbs)

[Tree] (config>service>epipe>sap>egress>policer-over>plcr cbs)

[Tree] (config>service>ipipe>sap>ingress>policer-over>plcr cbs)

[Tree] (config>service>cpipe>sap>ingress>policer-over>plcr cbs)

[Tree] (config>service>ipipe>sap>egress>policer-over>plcr cbs)

Full Context

configure service cpipe sap egress policer-override policer cbs

configure service epipe sap ingress policer-override policer cbs

configure service epipe sap egress policer-override policer cbs

configure service ipipe sap ingress policer-override policer cbs

configure service cpipe sap ingress policer-override policer cbs

configure service ipipe sap egress policer-override policer cbs

Description

This command, within the SAP ingress and egress policer-overrides contexts, is used to override the sap-ingress and sap-egress QoS policy configured CBS parameter for the specified policer-id.

The no form of this command returns the CBS size to the default value.

Default

no cbs

Parameters

size

The size parameter is required when specifying cbs override and is expressed as an integer representing the required size in either bytes or kilobytes. The default is kilobytes. The optional byte and kilobyte keywords are mutually exclusive and are used to explicitly define whether size represents bytes or kilobytes.

Values

0 to 2683435456, default

bytes

When bytes is defined, the value given for size is interpreted as the policer’s MBS value in bytes.

kilobytes

When kilobytes is defined, the value given for size is interpreted as the policer’s MBS value in kilobytes.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS

• configure service cpipe sap ingress policer-override policer cbs
• configure service cpipe sap egress policer-override policer cbs

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

• configure service epipe sap egress policer-override policer cbs
• configure service ipipe sap egress policer-override policer cbs
• configure service epipe sap ingress policer-override policer cbs
• configure service ipipe sap ingress policer-override policer cbs

Context

[Tree] (config>service>cpipe>sap>egress>queue-override>queue cbs)

[Tree] (config>service>epipe>sap>egress>queue-override>queue cbs)

[Tree] (config>service>ipipe>sap>ingress>queue-override>queue cbs)

[Tree] (config>service>cpipe>sap>ingress>queue-override>queue cbs)

[Tree] (config>service>ipipe>sap>egress>queue-override>queue cbs)

[Tree] (config>service>epipe>sap>ingress>queue-override>queue cbs)

Full Context

configure service cpipe sap egress queue-override queue cbs

configure service epipe sap egress queue-override queue cbs

configure service ipipe sap ingress queue-override queue cbs

configure service cpipe sap ingress queue-override queue cbs

configure service ipipe sap egress queue-override queue cbs

configure service epipe sap ingress queue-override queue cbs

Description

This command can be used to override specific attributes of the specified queue’s CBS parameters.

It is permissible, and possibly desirable, to oversubscribe the total CBS reserved buffers for a specific access port egress buffer pool. Oversubscription may be desirable due to the potential large number of service queues and the economy of statistical multiplexing the individual queue’s CBS setting into the defined reserved total.

When oversubscribing the reserved total, it is possible for a queue depth to be lower than its CBS setting and still not receive a buffer from the buffer pool for an ingress frame. As more queues are using their CBS buffers and the total in use exceeds the defined reserved total, essentially the buffers are being removed from the shared portion of the pool without the shared in use average and total counts being decremented. This can affect the operation of the high and low priority RED slopes on the pool, causing them to miscalculate when to start randomly to drop packets.

The no form of this command returns the CBS size to the default value.

Default

no cbs

Parameters

size-in-kbytes

The size parameter is an integer expression of the number of kilobytes reserved for the queue. If a value of 10KBytes is wanted, enter the value 10. A value of 0 specifies that no reserved buffers are required by the queue (a minimal reserved size can still be applied for scheduling purposes).

Values

0 to 131072, default

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

• configure service cpipe sap egress queue-override queue cbs
• configure service cpipe sap ingress queue-override queue cbs

All

• configure service epipe sap egress queue-override queue cbs
• configure service ipipe sap egress queue-override queue cbs
• configure service ipipe sap ingress queue-override queue cbs
• configure service epipe sap ingress queue-override queue cbs

Context

[Tree] (config>service>vpls>sap>egress>policer-override>plcr cbs)

[Tree] (config>service>vpls>sap>ingress>policer-override>plcr cbs)

Full Context

configure service vpls sap egress policer-override policer cbs

configure service vpls sap ingress policer-override policer cbs

Description

This command, within the SAP ingress and egress policer-overrides contexts, is used to override the sap-ingress and sap-egress QoS policy configured CBS parameter for the specified policer-id.

The no form of this command returns the CBS size to the default value.

Default

no cbs

Parameters

size

This parameter is required when specifying CBS override and is expressed as an integer representing the required size in either bytes or kilobytes. The default is kilobytes. The optional byte and kilobyte keywords are mutually exclusive and are used to explicitly define whether size represents bytes or kilobytes.

Values

0 to 2683435456, default

Default

kilobytes

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

Context

[Tree] (config>service>ies>if>sap>ingress>policer-over>plcr cbs)

[Tree] (config>service>ies>if>sap>egress>policer-over>plcr cbs)

Full Context

configure service ies interface sap ingress policer-override policer cbs

configure service ies interface sap egress policer-override policer cbs

Description

This command, within the SAP ingress and egress policer-overrides contexts, is used to override the sap-ingress and sap-egress QoS policy configured CBS parameter for the specified policer-id.

The no form of this command returns the CBS size to the default value.

Default

no cbs

Parameters

size

This parameter is required when specifying CBS override and is expressed as an integer representing the required size in either bytes or kilobytes. The default is kilobytes. The optional byte and kilobyte keywords are mutually exclusive and are used to explicitly define whether size represents bytes or kilobytes.

Values

0 to 2683435456, default

Default

kilobytes

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

Context

[Tree] (config>service>vprn>if>sap>ingress>policer-over>plcr cbs)

[Tree] (config>service>vprn>if>sap>egress>policer-over>plcr cbs)

Full Context

configure service vprn interface sap ingress policer-override policer cbs

configure service vprn interface sap egress policer-override policer cbs

Description

This command, within the SAP ingress and egress policer-overrides contexts, is used to override the sap-ingress and sap-egress QoS policy configured CBS parameter for the specified policer-id.

The no form of this command returns the CBS size to the default value.

Default

no cbs

Parameters

size

This parameter is required when specifying CBS override and is expressed as an integer representing the required size in either bytes or kilobytes. The default is kilobytes. The optional byte and kilobyte keywords are mutually exclusive and are used to explicitly define whether size represents bytes or kilobytes.

Values

0 to 2683435456, default

Default

kilobytes

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

Context

[Tree] (config>app-assure>group>policer>congestion-override-stage2 cbs)

[Tree] (config>app-assure>group>policer>congestion-override cbs)

Full Context

configure application-assurance group policer congestion-override-stage2 cbs

configure application-assurance group policer congestion-override cbs

Description

This command configures the committed burst size for a policer. It is recommended that CBS is configured larger than twice the maximum MTU for the traffic handled by the policer to allow for some burstiness of the traffic. CBS is configurable for dual-bucket bandwidth policers only.

The no form of this command removes the congested CBS value from the configuration

Parameters

congested-cbs

Specifies the committed burst size, in kbytes, when the access-network-level, which the subscriber belongs to, is in a congested state.

Values

0 to 131071

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>app-assure>group>tod-override cbs)

[Tree] (config>app-assure>group>policer cbs)

Full Context

configure application-assurance group policer tod-override cbs

configure application-assurance group policer cbs

Description

This command configures the committed burst size for a policer. It is recommended that CBS is configured larger than twice the maximum MTU for the traffic handled by the policer to allow for some burstiness of the traffic. CBS is configurable for dual-bucket bandwidth policers only.

The no form of this command removes the committed burst size from the configuration.

Parameters

committed-burst-size

Specifies an integer value defining size, in kbytes, for the CBS of the policer.

Values

0 to 131071

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>qos>sap-egress>dyn-policer cbs)

[Tree] (config>qos>sap-ingress>dyn-policer cbs)

[Tree] (config>qos>sap-egress>policer cbs)

[Tree] (config>qos>sap-ingress>policer cbs)

Full Context

configure qos sap-egress dynamic-policer cbs

configure qos sap-ingress dynamic-policer cbs

configure qos sap-egress policer cbs

configure qos sap-ingress policer cbs

Description

This command configures the policer’s CIR leaky bucket’s exceed threshold. The CIR bucket’s exceed threshold represents the committed burst tolerance allowed by the policer. If the policer’s forwarding rate is equal to or less than the policer's defined CIR, the CIR bucket depth hovers around the 0 depth with spikes up to the maximum packet size in the offered load. If the forwarding rate increases beyond the profiling rate, the amount of data allowed to be in-profile above the rate is capped by the threshold.

The policer’s cbs size defined in the QoS policy may be overridden on an sla-profile or SAP where the policy is applied.

The no form of this command returns the policer to its default CBS size.

By default, the CBS is 16 Mbytes when CIR equals max or is greater than or equal to the FP capacity (this overrides an explicit configured CBS value); otherwise, 10 ms volume of traffic for a configured non-zero/non-max CIR capped to 3968 kbytes, with a minimum of 256 bytes.

Parameters

size [bytes | kilobytes]

Specifies an integer representing the required size in either bytes or kilobytes. The default is kilobytes. The optional byte and kilobyte keywords are mutually exclusive and are used to explicitly define whether size represents bytes or kilobytes.

Values

0 to 2683435456, default

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

• configure qos sap-egress dynamic-policer cbs
• configure qos sap-ingress dynamic-policer cbs

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

• configure qos sap-ingress policer cbs
• configure qos sap-egress policer cbs

Context

[Tree] (config>qos>sap-egress>queue cbs)

Full Context

configure qos sap-egress queue cbs

Description

This command provides a mechanism to override the default reserved buffers for the queue. It is permissible, and possibly desirable, to oversubscribe the total CBS reserved buffers for a specific access port egress buffer pool. Oversubscription may be desirable because of the potentially large number of service queues and the economy of statistical multiplexing the CBS settings of the individual into the defined reserved total.

When oversubscribing the reserved total, it is possible for a queue depth to be lower than its CBS setting and still not receive a buffer from the buffer pool for an ingress frame. As more queues use their CBS buffers and the total-in-use exceeds the defined reserved total, essentially the buffers are removed from the shared portion of the pool without the shared in-use average and total counts being decremented. This can affect the operation of the high- and low-priority RED slopes on the pool, causing them to miscalculate when to start randomly dropping packets.

If the CBS value is larger than the MBS value, the CBS is capped to the value of the MBS or the minimum CBS value. If the MBS and CBS values are configured to be equal (or nearly equal), this will result in the CBS being slightly higher than the value configured.

The delay-time command option configures the CBS as a function of the expected delay. The system automatically translates this configuration into kilobytes based on the administrative rate of the queue parent (for example, the port, scheduler, or aggregate-shaper).

The delay-percent command option configures the CBS as percentage of the SAP delay budget of the queue configured using the latency-budget command.

The no form of this command returns the CBS size to the default value.

Default

cbs default

Parameters

size-in-kbytes

The size parameter is an integer expression of the number of kilobytes reserved for the queue. If a value of 10 kbytes is required, enter the value 10. A value of 0 specifies that no reserved buffers are required by the queue (a minimal reserved size can still be applied for scheduling purposes). The CBS maximum value used is constrained by the pool size in which the queue exists.

Values

0 to 1048576

Minimum configurable non-zero value: 6 kbytes on an FP2, 7680 bytes on an FP3, and 16 kbytes on an FP4

Minimum non-zero default value: maximum of 10 ms of CIR, or 6 kbytes on an FP2, 7680 bytes on an FP3, and 16 kbytes on an FP4

microseconds

Specifies the CBS as a function of delay time.

Values

0 to 1000000

percent

Specifies the CBS as a percentage of the SAP latency budget.

Values

0.00 to 100.00

Platforms

All

Context

[Tree] (config>qos>sap-ingress>queue cbs)

Full Context

configure qos sap-ingress queue cbs

Description

This command provides a mechanism to override the default reserved buffers for the queue. It is permissible, and possibly desirable, to oversubscribe the total CBS reserved buffers for a given access port egress buffer pool. Oversubscription may be desirable due to the potentially large number of service queues and the economy of statistical multiplexing the individual queue’s CBS settings into the defined reserved total.

When oversubscribing the reserved total, it is possible for a queue depth to be lower than its CBS setting and still not receive a buffer from the buffer pool for an ingress frame. As more queues are using their CBS buffers and the total in use exceeds the defined reserved total, essentially the buffers are being removed from the shared portion of the pool without the shared in use average and total counts being decremented. This can affect the operation of the high- and low-priority RED slopes on the pool, causing them to miscalculate when to start randomly dropping packets.

If the CBS value is larger than the MBS value, the CBS is capped to the value of the MBS or the minimum CBS value. If the MBS and CBS values are configured to be equal (or nearly equal), this will result in the CBS being slightly higher than the value configured.

The no form of this command returns the CBS size to the default value.

Default

cbs default

Parameters

size-in-kbytes

The size parameter is an integer expression of the number of kilobytes reserved for the queue. If a value of 10 kbytes is desired, enter the value 10. A value of 0 specifies that no reserved buffers are required by the queue (a minimal reserved size can still be applied for scheduling purposes) The CBS maximum value used is constrained by the pool size in which the queue exists.

Values

0 to 1048576 or default

Minimum configurable non-zero value: 6 kbytes on an FP2, 7680 bytes on an FP3, and 16 kbytes on an FP4

Minimum non-zero default value: maximum of 10 ms of CIR, or 6 kbytes on an FP2, 7680 bytes on an FP3, and 16 kbytes on an FP4

Platforms

All

Context

[Tree] (config>qos>network-queue>queue cbs)

Full Context

configure qos network-queue queue cbs

Description

The Committed Burst Size (cbs) command specifies the relative number of reserved buffers for a specific ingress network FP forwarding class queue or egress network port forwarding class queue. The value is entered as a percentage.

The CBS for a queue is used to determine whether it has exhausted its reserved buffers while enqueuing packets. When the queue has exceeded the number of buffers considered in reserve for this queue, it must contend with other queues for the available shared buffer space within the buffer pool. Access to this shared pool space is controlled through Random Early Detection (RED) slope application.

Two RED slopes are maintained in each buffer pool. A high-priority slope is used by in-profile packets. A low-priority slope is used by out-of-profile packets. At egress, there are two additional RED slopes maintained in each buffer pool: the highplus slope is used by inplus-profile packets, and the exceed slope is used by exceed-profile packets. All network control and management packets are considered in-profile. Assured packets are handled by their in-profile and out-of-profile markings. All best-effort packets are considered out-of-profile. Premium queues should be configured such that the CBS percent is sufficient to prevent shared buffering of packets. This is generally taken care of by the CIR scheduling of premium queues and the overall small amount of traffic on the class. Premium queues in a properly designed system will drain before all others, limiting their buffer utilization.

The RED slopes will detect congestion conditions and work to discard packets and slow down random TCP session flows through the queue. The RED slope definitions can be defined, modified, or disabled through the slope policy assigned to the FP for the network ingress buffer pool or assigned to the network port for network egress buffer pools.

The resultant CBS size can be larger than the MBS. This will result in a portion of the CBS for the queue to be unused and should be avoided.

The no form of this command returns the CBS size for the queue to the default for the forwarding class.

Default

The cbs forwarding class defaults are listed in the CBS Forwarding Class Defaults.

Parameters

percent

The percent of buffers reserved from the total buffer pool space, expressed as a decimal integer. If 10 Mbytes is the total buffer space in the buffer pool, a value of 10 would reserve 1 Mbyte (10%) of buffer space for the forwarding class queue. The value 0 specifies that no reserved buffers are required by the queue (a minimal reserved size can be applied for scheduling purposes).

Values

0 to 100

Platforms

All

Context

[Tree] (config>qos>qgrps>egr>qgrp>policer cbs)

[Tree] (config>qos>qgrps>ing>qgrp>policer cbs)

Full Context

configure qos queue-group-templates egress queue-group policer cbs

configure qos queue-group-templates ingress queue-group policer cbs

Description

The cbs command is used to define the default committed buffer size for the template queue or the CBS for the template policer. Overall, the cbs command follows the same behavior and provisioning characteristics as the cbs command in the SAP ingress and egress QoS policy.

The no form of this command restores the default CBS size to the template policer.

Default

default

Parameters

size-in-kbytes

For the queues, the size parameter is an integer expression of the number of kilobytes reserved for the queue. If a value of 10 kbytes is desired, enter the value 10. A value of 0 specifies that no reserved buffers are required by the queue (a minimal reserved size can still be applied for scheduling purposes). For policers, the size parameter is an integer expression of the number of kilobytes for the policer CBS.

Values

0 to 2683435456, default

Minimum default value: 16 Mbytes when CIR equals max or is greater than or equal to the FP capacity (this overrides an explicit configured CBS value); otherwise, 10 ms volume of traffic for a configured non-zero/non-max CIR capped to 3968 kbytes, with a minimum of 256 bytes.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

Context

[Tree] (config>qos>qgrps>egr>qgrp>queue cbs)

[Tree] (config>qos>qgrps>ing>qgrp>queue cbs)

Full Context

configure qos queue-group-templates egress queue-group queue cbs

configure qos queue-group-templates ingress queue-group queue cbs

Description

The cbs command is used to define the default committed buffer size for the template queue or the CBS for the template policer. Overall, the cbs command follows the same behavior and provisioning characteristics as the cbs command in the SAP ingress and egress QoS policy.

The no form of this command restores the default CBS size to the template policer.

Default

default

Parameters

size-in-kbytes

For the queues, the size parameter is an integer expression of the number of kilobytes reserved for the queue. If a value of 10 kbytes is desired, enter the value 10. A value of 0 specifies that no reserved buffers are required by the queue (a minimal reserved size can still be applied for scheduling purposes). For policers, the size parameter is an integer expression of the number of kilobytes for the policer CBS.

Values

0 to 1048576 or default

Minimum configurable non-zero value: 6 kbytes on an FP2, 7680 bytes on an FP3, and 16 kbytes on an FP4

Minimum non-zero default value: maximum of 10 ms of CIR or 6 kbytes on an FP2, 7680 bytes on an FP3, and 16 kbytes on an FP4

Platforms

All

Context

[Tree] (config>qos>shared-queue>queue cbs)

Full Context

configure qos shared-queue queue cbs

Description

The Committed Burst Size (cbs) command specifies the relative amount of reserved buffers for a specific ingress shared queue. The value is entered as a percentage.

The CBS for a queue is used to determine whether it has exhausted its reserved buffers while enqueuing packets. When the queue has exceeded the amount of buffers considered in reserve for this queue, it must contend with other queues for the available shared buffer space within the buffer pool.

The resultant CBS size can be larger than the MBS. This will result in a portion of the CBS for the queue being unused and should be avoided.

Default

The queue CBS defaults are listed in Queue CBS Default Values.

Parameters

percent

The percent of buffers reserved from the total buffer pool space, expressed as a decimal integer. The value 0 specifies that no reserved buffers are required by the queue (a minimal reserved size can be applied for scheduling purposes).

Values

0 to 100

Platforms

All

Context

[Tree] (config>sys>security>cpm-queue>queue cbs)

Full Context

configure system security cpm-queue queue cbs

Description

This command specifies the amount of buffer that can be drawn from the reserved buffer portion of the queue’s buffer pool.

Parameters

cbs

Specifies the committed burst size in kbytes.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>channel>source-override>video>analyzer>alarms cc-error)

[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>video>analyzer>alarms cc-error)

[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>channel>video>analyzer>alarms cc-error)

Full Context

configure mcast-management multicast-info-policy bundle channel source-override video analyzer alarms cc-error

configure mcast-management multicast-info-policy bundle video analyzer alarms cc-error

configure mcast-management multicast-info-policy bundle channel video analyzer alarms cc-error

Description

This command configures the analyzer to check the continuity counter. The continuity counter should be incremented per PID; otherwise, it is considered a continuity counter error.

Default

no cc-error

Platforms

7450 ESS, 7750 SR, 7750 SR-s

Context

[Tree] (config>eth-tunnel>path>eth-cfm>mep ccm-enable)

Full Context

configure eth-tunnel path eth-cfm mep ccm-enable

Description

This command enables the generation of CCM messages.

The no form of this command disables the generation of CCM messages.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>port>ethernet>eth-cfm>mep ccm-enable)

[Tree] (config>lag>eth-cfm>mep ccm-enable)

Full Context

configure port ethernet eth-cfm mep ccm-enable

configure lag eth-cfm mep ccm-enable

Description

This command enables the generation of CCM messages.

The no form of this command disables the generation of CCM messages.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>service>epipe>spoke-sdp>eth-cfm>mep ccm-enable)

[Tree] (config>service>epipe>sap>eth-cfm>mep ccm-enable)

Full Context

configure service epipe spoke-sdp eth-cfm mep ccm-enable

configure service epipe sap eth-cfm mep ccm-enable

Description

This command enables the generation of CCM messages.

The no form of this command disables the generation of CCM messages.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>service>vpls>mesh-sdp>mep ccm-enable)

[Tree] (config>service>vpls>eth-cfm>mep ccm-enable)

[Tree] (config>service>vpls>spoke-sdp>eth-cfm>mep ccm-enable)

[Tree] (config>service>vpls>sap>eth-cfm>mep ccm-enable)

Full Context

configure service vpls mesh-sdp mep ccm-enable

configure service vpls eth-cfm mep ccm-enable

configure service vpls spoke-sdp eth-cfm mep ccm-enable

configure service vpls sap eth-cfm mep ccm-enable

Description

This command enables the generation of CCM messages.

The no form of this command disables the generation of CCM messages.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>service>ies>if>spoke-sdp>eth-cfm>mep ccm-enable)

[Tree] (config>service>ies>sub-if>grp-if>sap>eth-cfm>mep ccm-enable)

[Tree] (config>service>ies>if>sap>eth-cfm>mep ccm-enable)

Full Context

configure service ies interface spoke-sdp eth-cfm mep ccm-enable

configure service ies subscriber-interface group-interface sap eth-cfm mep ccm-enable

configure service ies interface sap eth-cfm mep ccm-enable

Description

This command enables the generation of CCM messages.

The no form of this command disables the generation of CCM messages.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

• configure service ies interface sap eth-cfm mep ccm-enable
• configure service ies interface spoke-sdp eth-cfm mep ccm-enable

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s

• configure service ies subscriber-interface group-interface sap eth-cfm mep ccm-enable

Context

[Tree] (config>service>vprn>if>spoke-sdp>eth-cfm>mep ccm-enable)

[Tree] (config>service>vprn>if>sap>eth-cfm>mep ccm-enable)

[Tree] (config>service>vprn>sub-if>grp-if>sap>eth-cfm ccm-enable)

Full Context

configure service vprn interface spoke-sdp eth-cfm mep ccm-enable

configure service vprn interface sap eth-cfm mep ccm-enable

configure service vprn subscriber-interface group-interface sap eth-cfm ccm-enable

Description

This command enables the generation of CCM messages.

The no form of this command disables the generation of CCM messages.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

• configure service vprn interface spoke-sdp eth-cfm mep ccm-enable
• configure service vprn interface sap eth-cfm mep ccm-enable

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s

• configure service vprn subscriber-interface group-interface sap eth-cfm ccm-enable

Context

[Tree] (config>router>if>eth-cfm>mep ccm-enable)

Full Context

configure router interface eth-cfm mep ccm-enable

Description

This command enables the generation of CCM messages.

The no form of this command disables the generation of CCM messages.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>eth-ring>path>eth-cfm>mep ccm-enable)

Full Context

configure eth-ring path eth-cfm mep ccm-enable

Description

This command enables the generation of CCM messages.

The no form of the command disables the generation of CCM messages.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>eth-tunnel ccm-hold-time)

Full Context

configure eth-tunnel ccm-hold-time

Description

This command allows a sub second CCM enabled MEP to delay a transition to a failed state if a configured remote CCM peer has timed out. The MEP will remain in the UP state for 3.5 times CCM interval + down-delay.

The no form of this command removes the additional delay

Parameters

down down-timeout

Specifies the time, in centiseconds, used for the hold-timer for associated Continuity Check (CC) Session down event dampening. This guards against reporting excessive member operational state transitions.

This is implemented by not advertising subsequent transitions of the CC state to the Ethernet Tunnel Group until the configured timer has expired.

Values

0 to 1000

Default

0

up up-timeout

Specifies the time, in deciseconds, used for the hold-timer for associated Continuity Check (CC) Session up event dampening. This guards against reporting excessive member operational state transitions.

This is implemented by not advertising subsequent transitions of the CC state to the Ethernet Tunnel Group until the configured timer has expired.

Values

0 to 5000

Default

20

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>eth-cfm>domain>assoc ccm-hold-time)

Full Context

configure eth-cfm domain association ccm-hold-time

Description

This command allows a sub second CCM enabled MEP to delay a transition to a failed state if a configured remote CCM peer has timed out. The MEP remains in the UP state for 3.5 times CCM interval + down-delay.

The no form of this command removes the additional delay.

Default

no ccm-hold-time

Parameters

down timer

Specifies the amount of time to delay, in centiseconds.

Values

0 to 1000

Default

0

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>eth-ring ccm-hold-time)

Full Context

configure eth-ring ccm-hold-time

Description

This command configures eth-ring dampening timers. See the down and up commands for more information.

The no form of the command sets the up and down timers to the default values.

Parameters

down-timeout

Specifies the down timeout, in centiseconds.

Values

0 to 5000

up-timeout

Specifies the hold-time for reporting the recovery, in deciseconds.

Values

0 to 5000

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>eth-cfm>domain>assoc ccm-interval)

Full Context

configure eth-cfm domain association ccm-interval

Description

This command configures the CCM transmission interval for all MEPs in the association.

The no form of this command reverts to the default value.

Default

no ccm-interval

Parameters

interval

Specifies the interval between CCM transmissions to be used by all MEPs in the MA.

Values

10 milliseconds, 100 milliseconds, 1 second, 10 seconds, 60 seconds, 600 seconds

Default

10 (seconds)

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>eth-tunnel>path>eth-cfm>mep ccm-ltm-priority)

Full Context

configure eth-tunnel path eth-cfm mep ccm-ltm-priority

Description

This command specifies the priority value for CCMs and LTMs transmitted by the MEP.

The no form of this command removes the priority value from the configuration.

Default

The highest priority on the bridge-port.

Parameters

priority

Specifies the priority of CCM and LTM messages.

Values

0 to 7

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>router>if>eth-cfm>mep ccm-ltm-priority)

[Tree] (config>lag>eth-cfm>mep ccm-ltm-priority)

[Tree] (config>port>ethernet>eth-cfm>mep ccm-ltm-priority)

Full Context

configure router interface eth-cfm mep ccm-ltm-priority

configure lag eth-cfm mep ccm-ltm-priority

configure port ethernet eth-cfm mep ccm-ltm-priority

Description

This command specifies the priority of the CCM and LTM messages transmitted by the MEP. Since CCM does not apply to the Router Facility MEP only the LTM priority is of value under that context.

The no form of this command reverts to the default values.

Default

no ccm-ltm-priority

Parameters

priority

Specifies the priority value.

Values

0 to 7

Default

7, highest priority for CCMs and LTMs transmitted by the MEP

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>service>ipipe>sap>eth-cfm>mep ccm-ltm-priority)

[Tree] (config>service>epipe>spoke-sdp>eth-cfm>mep ccm-ltm-priority)

[Tree] (config>service>epipe>sap>eth-cfm>mep ccm-ltm-priority)

Full Context

configure service ipipe sap eth-cfm mep ccm-ltm-priority

configure service epipe spoke-sdp eth-cfm mep ccm-ltm-priority

configure service epipe sap eth-cfm mep ccm-ltm-priority

Description

This command specifies the priority value for CCMs and LTMs transmitted by the MEP.

The no form of this command removes the priority value from the configuration.

Default

The highest priority on the bridge-port.

Parameters

priority

Specifies the priority of CCM and LTM messages.

Values

0 to 7

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>service>vpls>spoke-sdp>eth-cfm>mep ccm-ltm-priority)

[Tree] (config>service>vpls>sap>eth-cfm>mep ccm-ltm-priority)

[Tree] (config>service>vpls>mesh-sdp>mep ccm-ltm-priority)

[Tree] (config>service>vpls>eth-cfm>mep ccm-ltm-priority)

Full Context

configure service vpls spoke-sdp eth-cfm mep ccm-ltm-priority

configure service vpls sap eth-cfm mep ccm-ltm-priority

configure service vpls mesh-sdp mep ccm-ltm-priority

configure service vpls eth-cfm mep ccm-ltm-priority

Description

This command specifies the priority value for CCMs and LTMs transmitted by the MEP.

The no form of this command removes the priority value from the configuration.

Default

The highest priority on the bridge-port.

Parameters

priority

Specifies the priority of CCM and LTM messages

Values

0 to 7

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>service>ies>sub-if>grp-if>sap>eth-cfm>mep ccm-ltm-priority)

[Tree] (config>service>ies>if>spoke-sdp>eth-cfm>mep ccm-ltm-priority)

[Tree] (config>service>ies>if>sap>eth-cfm>mep ccm-ltm-priority)

Full Context

configure service ies subscriber-interface group-interface sap eth-cfm mep ccm-ltm-priority

configure service ies interface spoke-sdp eth-cfm mep ccm-ltm-priority

configure service ies interface sap eth-cfm mep ccm-ltm-priority

Description

This command specifies the priority value for CCMs and LTMs transmitted by the MEP.

The no form of this command removes the priority value from the configuration.

Default

The highest priority on the bridge-port.

Parameters

priority

Specifies the priority of CCM and LTM messages.

Values

0 to 7

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s

• configure service ies subscriber-interface group-interface sap eth-cfm mep ccm-ltm-priority

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

• configure service ies interface sap eth-cfm mep ccm-ltm-priority
• configure service ies interface spoke-sdp eth-cfm mep ccm-ltm-priority

Context

[Tree] (config>service>vprn>sub-if>grp-if>sap>eth-cfm ccm-ltm-priority)

[Tree] (config>service>vprn>if>spoke-sdp>eth-cfm>mep ccm-ltm-priority)

[Tree] (config>service>vprn>if>sap>eth-cfm>mep ccm-ltm-priority)

Full Context

configure service vprn subscriber-interface group-interface sap eth-cfm ccm-ltm-priority

configure service vprn interface spoke-sdp eth-cfm mep ccm-ltm-priority

configure service vprn interface sap eth-cfm mep ccm-ltm-priority

Description

This command specifies the priority value for CCMs and LTMs transmitted by the MEP.

The no form of this command removes the priority value from the configuration.

Default

The highest priority on the bridge-port.

Parameters

priority

Specifies the priority of CCM and LTM messages.

Values

0 to 7

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s

• configure service vprn subscriber-interface group-interface sap eth-cfm ccm-ltm-priority

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

• configure service vprn interface sap eth-cfm mep ccm-ltm-priority
• configure service vprn interface spoke-sdp eth-cfm mep ccm-ltm-priority

Context

[Tree] (config>eth-ring>path>eth-cfm>mep ccm-ltm-priority)

Full Context

configure eth-ring path eth-cfm mep ccm-ltm-priority

Description

This command specifies the priority value for CCMs and LTMs transmitted by the MEP.

The no form of the command removes the priority value from the configuration.

Default

The highest priority on the bridge-port.

Parameters

priority

Specifies the priority of CCM and LTM messages.

Values

0 to 7

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>lag>eth-cfm>mep ccm-padding-size)

[Tree] (config>eth-tunnel>path>eth-cfm>mep ccm-padding-size)

Full Context

configure lag eth-cfm mep ccm-padding-size

configure eth-tunnel path eth-cfm mep ccm-padding-size

Description

This command inserts additional padding in the CCM packets.

The no form of this command reverts to the default.

Parameters

ccm-padding

Specifies the additional padding in the CCM packets, in octets.

Values

3 to 1500

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>service>epipe>spoke-sdp>eth-cfm>mep ccm-padding-size)

[Tree] (config>service>vpls>spoke-sdp>eth-cfm>mep ccm-padding-size)

[Tree] (config>port>ethernet>eth-cfm>mep ccm-padding-size)

[Tree] (config>service>epipe>sap>eth-cfm>mep ccm-padding-size)

[Tree] (config>service>vpls>sap>eth-cfm>mep ccm-padding-size)

[Tree] (config>service>vpls>mesh-sdp>eth-cfm>mep ccm-padding-size)

[Tree] (config>router>if>eth-cfm>mep ccm-padding-size)

[Tree] (config>lag>eth-cfm>mep ccm-padding-size)

[Tree] (config>service>ipipe>sap>eth-cfm>mep ccm-padding-size)

Full Context

configure service epipe spoke-sdp eth-cfm mep ccm-padding-size

configure service vpls spoke-sdp eth-cfm mep ccm-padding-size

configure port ethernet eth-cfm mep ccm-padding-size

configure service epipe sap eth-cfm mep ccm-padding-size

configure service vpls sap eth-cfm mep ccm-padding-size

configure service vpls mesh-sdp eth-cfm mep ccm-padding-size

configure router interface eth-cfm mep ccm-padding-size

configure lag eth-cfm mep ccm-padding-size

configure service ipipe sap eth-cfm mep ccm-padding-size

Description

Set the byte size of the optional Data TLV to be included in the ETH-CC PDU. This will increase the size of the ETH-CC PDU by the configured value. The base size of the ETH-CC PDU, including the Interface Status TLV and Port Status TLV, is 83 bytes not including the Layer Two encapsulation. CCM padding is not supported when the CCM-Interval is less than one second.

Default

no ccm-padding-size

Parameters

ccm-padding

Specifies the byte size of the Optional Data TLV.

Values

3 to 1500

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>service>ies>if>sap>eth-cfm>mep ccm-padding-size)

[Tree] (config>service>ies>if>spoke-sdp>eth-cfm>mep ccm-padding-size)

[Tree] (config>service>ies>sub-if>grp-if>sap>eth-cfm>mep ccm-padding-size)

Full Context

configure service ies interface sap eth-cfm mep ccm-padding-size

configure service ies interface spoke-sdp eth-cfm mep ccm-padding-size

configure service ies subscriber-interface group-interface sap eth-cfm mep ccm-padding-size

Description

Set the byte size of the optional Data TLV to be included in the ETH-CC PDU. This will increase the size of the ETH-CC PDU by the configured value. The base size of the ETH-CC PDU, including the Interface Status TLV and Port Status TLV, is 83 bytes not including the Layer Two encapsulation. CCM padding is not supported when the CCM-Interval is less than one second.

Default

ccm-padding-size

Parameters

ccm-padding

Specifies the byte size of the Optional Data TLV.

Values

3 to 1500

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

• configure service ies interface spoke-sdp eth-cfm mep ccm-padding-size
• configure service ies interface sap eth-cfm mep ccm-padding-size

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s

• configure service ies subscriber-interface group-interface sap eth-cfm mep ccm-padding-size

Context

[Tree] (config>service>vprn>if>spoke-sdp>eth-cfm>mep ccm-padding-size)

[Tree] (config>service>vprn>sub-if>grp-if>sap>eth-cfm>mep ccm-padding-size)

[Tree] (config>service>vprn>if>sap>eth-cfm>mep ccm-padding-size)

Full Context

configure service vprn interface spoke-sdp eth-cfm mep ccm-padding-size

configure service vprn subscriber-interface group-interface sap eth-cfm mep ccm-padding-size

configure service vprn interface sap eth-cfm mep ccm-padding-size

Description

This command sets the byte size of the optional Data TLV to be included in the ETH-CC PDU. This will increase the size of the ETH-CC PDU by the configured value. The base size of the ETH-CC PDU, including the Interface Status TLV and Port Status TLV, is 83 bytes not including the Layer 2 encapsulation. CCM padding is not supported when the CCM-Interval is less than one second.

Parameters

ccm-padding

Specifies the byte size of the Optional Data TLV.

Values

3 to 1500

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

• configure service vprn interface spoke-sdp eth-cfm mep ccm-padding-size
• configure service vprn interface sap eth-cfm mep ccm-padding-size

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s

• configure service vprn subscriber-interface group-interface sap eth-cfm mep ccm-padding-size

Context

[Tree] (config>eth-ring>path>eth-cfm>mep ccm-padding-size)

Full Context

configure eth-ring path eth-cfm mep ccm-padding-size

Description

This command inserts additional padding in the CCM packets.

The no form of the command reverts to the default.

Parameters

ccm-padding

Specifies the additional padding in the CCM packets.

Values

3 to 1500 octets

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>lag>eth-cfm>mep ccm-tlv-ignore)

[Tree] (config>port>ethernet>eth-cfm>mep ccm-tlv-ignore)

[Tree] (config>router>if>eth-cfm>mep ccm-tlv-ignore)

Full Context

configure lag eth-cfm mep ccm-tlv-ignore

configure port ethernet eth-cfm mep ccm-tlv-ignore

configure router interface eth-cfm mep ccm-tlv-ignore

Description

This command allows the receiving MEP to ignore the specified TLVs in CCM PDU. Ignored TLVs will be reported as absent and will have no impact on the MEP state machine.

The no form of this command means the receiving MEP will process all recognized TLVs in the CCM PDU.

Default

no ccm-tlv-ignore

Parameters

interface-status

Ignores the interface status TLV on reception.

port-status

Ignores the port status TLV on reception.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>subscr-mgmt>diam-appl-plcy>gy ccrt-replay)

[Tree] (config>subscr-mgmt>diam-appl-plcy>gx ccrt-replay)

Full Context

configure subscriber-mgmt diameter-application-policy gy ccrt-replay

configure subscriber-mgmt diameter-application-policy gx ccrt-replay

Description

Commands in this context configure CCR-T replay. CCR-T replay is enabled with a no shutdown of this context. If a communication failure between client and server occurs, CCR-T replay enables the retransmission of CCR-T messages for a Gx or Gy session at a configured intervals until a valid response (CCA-t) is received or until the configured max-lifetime period expires, whichever comes first.

In Gx, replaying CCR-T messages ensures that the Gx session is cleared on the PCRF side in cases where the peering session to the PCRF was not available at the time that the initial and the first retransmitted CCR-T was sent.

In Gy, replaying CCR-T messages ensures that the final credit control usage reporting is not lost for billing by the OCS.

The subscriber host or session that triggered the Gx or Gy session that is in CCR-T replay mode is deleted from the system at the time that the initial CCR-T is sent. All resources associated with the subscriber host or session, such as queues, DHCP lease states, and PPPoE session states are released. The orphaned Gx and Gy sessions in replay mode are left in the system.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (file cd)

Full Context

file cd

Description

This command displays or changes the current working directory in the local file system.

Parameters

file-url

Specifies the file URL.

Values

local-url	[cflash-id/][file-path] up to 200 characters, including cflash-id directory length 99 chars max each
remote-url	[{ftp:// | tftp://}login:pswd@remote-locn/][file-path]
	up to 247 characters
	directory length up to 199 characters
remote-locn	[hostname | ipv4-address | [ipv6-address]]
ipv4-address	a.b.c.d
ipv6-address	x:x:x:x:x:x:x:x[-interface]
	x:x:x:x:x:x:d.d.d.d[-interface]
	x - [0 to FFFF]H
	d - [0 to 255]D
	interface - up to 32 characters, for link local addresses 255
cflash-id	cf1:, cf1-A:, cf1-B:, cf2:, cf2-A:, cf2-B:, cf3:, cf3-A:, cf3-B:

If no file-url is entered, the current working directory is displayed.

..

signifies the parent directory. This can be used in place of an actual directory name in a directory-url.

directory-url

Specifies the destination directory.

Platforms

All

Context

[Tree] (config>service>ipipe>sap ce-address)

[Tree] (config>service>ipipe>spoke-sdp ce-address)

Full Context

configure service ipipe sap ce-address

configure service ipipe spoke-sdp ce-address

Description

This command specifies the IP address of the CE device associated with an Ipipe SAP or spoke SDP. In the case of a SAP, it is the address of the CE device directly attached to the SAP. For a spoke SDP, it is the address of the CE device reachable through that spoke SDP (for example, attached to the SAP on the remote node). The address must be a host address (no subnet addresses are accepted) as there must be only one CE device attached to an Ipipe SAP. The CE address specified at one end of an Ipipe will be used in processing ARP messages at the other endpoint, as the router acts as a proxy for ARP messages.

On a 7450 ESS, this command specifies the IP address of the CE device associated with an Ipipe SAP. In the case of a SAP, it is the address of the CE device directly attached to the SAP. The address must be a host address (no subnet addresses are accepted) as there must be only one CE device attached to an Ipipe SAP. The CE address specified at one end of an Ipipe will be used in processing ARP messages at the other endpoint, as the router acts as a proxy for ARP messages.

Parameters

ip-address

Specifies the IP address of the CE device associated with an Ipipe SAP.

Platforms

All

Context

[Tree] (config>service>ipipe ce-address-discovery)

Full Context

configure service ipipe ce-address-discovery

Description

This command specifies whether the service automatically discovers the CE IP addresses.

When enabled, the addresses are automatically discovered on SAPs that support address discovery, and on the spoke SDPs. When enabled, addresses configuration on the Ipipe SAP and spoke SDPs are not allowed. If CE address discovery is required on an Ipipe service, the SAP should be created before either the spoke-SDP is administratively enabled or ce-address-discovery is configured.

If disabled, CE IP addresses must be manually configured for the SAPs to become operationally up.

Default

no ce-address-discovery

Parameters

ipv6

The ipv6 keyword enables IPv6 CE address discovery support on the Ipipe so that both IPv4 and IPv6 address discovery are supported. If the ipv6 keyword is not included, then only IPv4 address discovery is supported and IPv6 packets are dropped.

Platforms

All

Context

[Tree] (config>service>epipe>sap cem)

[Tree] (config>service>cpipe>sap cem)

Full Context

configure service epipe sap cem

configure service cpipe sap cem

Description

Commands in this context specify circuit emulation (CEM) properties.

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e

• configure service epipe sap cem

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

• configure service cpipe sap cem

Context

[Tree] (config>mirror>mirror-dest>sap cem)

Full Context

configure mirror mirror-dest sap cem

Description

Commands in this context specify circuit emulation (CEM) mirroring properties.

Ingress and egress options cannot be supported at the same time on a CEM encap-type SAP. The options must be configured in either the ingress or egress contexts.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>ipsec>cert-profile>entry cert)

Full Context

configure ipsec cert-profile entry cert

Description

This command specifies the file name of an imported certificate for the cert-profile entry.

The no form of this command removes the cert-file-name from the entry configuration.

Default

no cert

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>ipsec>trans-mode-prof>dyn cert)

[Tree] (config>service>ies>if>ipsec>ipsec-tunnel>dyn cert)

[Tree] (config>router>if>ipsec>ipsec-tunnel>dyn cert)

[Tree] (config>service>vprn>if>sap>ipsec-gw cert)

[Tree] (config>service>vprn>if>ipsec>ipsec-tunnel>dyn cert)

[Tree] (config>service>ies>if>sap>ipsec-gw cert)

Full Context

configure ipsec ipsec-transport-mode-profile dynamic-keying cert

configure service ies interface ipsec ipsec-tunnel dynamic-keying cert

configure router interface ipsec ipsec-tunnel dynamic-keying cert

configure service vprn interface sap ipsec-gw cert

configure service vprn interface ipsec ipsec-tunnel dynamic-keying cert

configure service ies interface sap ipsec-gw cert

Description

Commands in this context configure certificate parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

• configure service vprn interface sap ipsec-gw cert
• configure ipsec ipsec-transport-mode-profile dynamic-keying cert
• configure service ies interface sap ipsec-gw cert

VSR

• configure service vprn interface ipsec ipsec-tunnel dynamic-keying cert
• configure service ies interface ipsec ipsec-tunnel dynamic-keying cert
• configure router interface ipsec ipsec-tunnel dynamic-keying cert

Context

[Tree] (config>system>security>tls>cert-profile>entry cert)

Full Context

configure system security tls cert-profile entry cert

Description

This command specifies the file name of an imported certificate for the cert-profile entry.

The no form of the command removes the certificate.

Default

no cert

Parameters

cert-filename

Specifies the file name of the TLS certificate, up to 95 characters in length.

Platforms

All

Context

[Tree] (config>system>security>pki>cert-auto-upd cert)

Full Context

configure system security pki certificate-auto-update cert

Description

This command configures the imported certificate filename for the certificate automatic update.

The no form of this command removes the cert-file-name from the configuration.

Parameters

cert-file-name

Specifies the filename of the certificate, up to 95 characters in length.

Platforms

All

Context

[Tree] (config>system>security>pki>ca-profile cert-file)

Full Context

configure system security pki ca-profile cert-file

Description

This command specifies the filename of a file in cf3:\system-pki\cert as the CA’s certificate of the ca-profile.

Notes:

• The system will perform following checks against configured cert-file when a no shutdown command is issued:

  • Configured cert-file must be a DER formatted X.509v3 certificate file.

  • All non-optional fields defined in section 4.1 of RFC 5280 must exist and conform to the RFC 5280 defined format.

  • Check the version field to see if its value is 0x2.

  • Check The Validity field to see that if the certificate is still in validity period.

  • X509 basic constraints extension must exists, and CA Boolean must be True.

  • If Key Usage extension exists, then at least keyCertSign and cRLSign should be asserted.

  • If the certificate is not a self-signing certificate, then system will try to look for issuer’s CA’s certificate to verify if this certificate is signed by issuer’s CA; but if there is no such CA-profile configured, then system will just proceed with a warning message.

  • If the certificate is not a self-signing certificate, then system will try to look for issuer’s CA’s CRL to verify that it has not been revoked; but if there is no such CA-profile configured or there is no such CRL, then system will just proceed with a warning message.

  If any of above checks fails, then the no shutdown command will fail.

• Changing or removing of cert-file is only allowed when the ca-profile is in a shutdown state.

The no form of this command removes the filename from the configuration.

Parameters

filename

Specifies a local CF card file URL.

Platforms

All

Context

[Tree] (config>ipsec cert-profile)

Full Context

configure ipsec cert-profile

Description

This command creates a new cert-profile or enters the configuration context of an existing cert-profile.

The no form of this command removes the profile name from the cert-profile configuration.

Parameters

profile-name

Specifies the name of the certification profile up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>router>if>ipsec>ipsec-tun>dyn>cert cert-profile)

[Tree] (config>service>vprn>if>sap>ipsec-gw>cert cert-profile)

[Tree] (config>service>vprn>if>ipsec>ipsec-tunnel>dyn>cert cert-profile)

[Tree] (config>ipsec>trans-mode-prof>dyn>cert cert-profile)

[Tree] (config>service>ies>if>sap>ipsec-gw>cert cert-profile)

[Tree] (config>service>ies>if>ipsec>ipsec-tunnel>dyn>cert cert-profile)

[Tree] (config>service>vprn>if>sap>ipsec-tun>dyn>cert cert-profile)

Full Context

configure router interface ipsec ipsec-tunnel dynamic-keying cert cert-profile

configure service vprn interface sap ipsec-gw cert cert-profile

configure service vprn interface ipsec ipsec-tunnel dynamic-keying cert cert-profile

configure ipsec ipsec-transport-mode-profile dynamic-keying cert cert-profile

configure service ies interface sap ipsec-gw cert cert-profile

configure service ies interface ipsec ipsec-tunnel dynamic-keying cert cert-profile

configure service vprn interface sap ipsec-tunnel dynamic-keying cert cert-profile

Description

This command specifies the name of certificate profile to be used for authentication.

The no form of this command removes the name from the configuration.

Parameters

name

Specifies the profile name, up to 32 characters

Platforms

VSR

• configure router interface ipsec ipsec-tunnel dynamic-keying cert cert-profile
• configure service ies interface ipsec ipsec-tunnel dynamic-keying cert cert-profile
• configure service vprn interface ipsec ipsec-tunnel dynamic-keying cert cert-profile

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

• configure service vprn interface sap ipsec-gw cert cert-profile
• configure ipsec ipsec-transport-mode-profile dynamic-keying cert cert-profile
• configure service ies interface sap ipsec-gw cert cert-profile
• configure service vprn interface sap ipsec-tunnel dynamic-keying cert cert-profile

Context

[Tree] (config>system>security>tls cert-profile)

Full Context

configure system security tls cert-profile

Description

This command configures TLS certificate profile information. The certificate profile contains the certificates that are sent to the TLS peer (server or client) to authenticate itself. It is mandatory for the TLS server to send this information. The TLS client may optionally send this information upon request from the TLS server.

The no form of the command deletes the specified TLS certificate profile.

Parameters

profile-name

Specifies the name of the TLS certificate profile, up to 32 characters in length.

create

Keyword used to create the TLS certificate profile.

Platforms

All

Context

[Tree] (config>system>security>tls>client-tls-profile cert-profile)

Full Context

configure system security tls client-tls-profile cert-profile

Description

This command assigns a TLS certificate profile to be used by the TLS client profile. This certificate is sent to the server for authentication of the client and public key.

The no form of the command removes the TLS certificate profile assignment.

Parameters

name

Specifies the name of the TLS certificate profile, up to 32 characters in length.

Platforms

All

Context

[Tree] (config>system>security>tls>server-tls-profile cert-profile)

Full Context

configure system security tls server-tls-profile cert-profile

Description

This command assigns a TLS certificate profile to be used by the TLS server profile. This certificate is sent to the client for authentication of the server and public key.

The no form of the command removes the TLS certificate profile assignment.

Parameters

name

Specifies the name of the TLS certificate profile, up to 32 characters in length.

Platforms

All

Context

[Tree] (admin>certificate>cmpv2 cert-request)

Full Context

admin certificate cmpv2 cert-request

Description

This command requests an additional certificate after the system has obtained the initial certificate from the CA.

The request is authenticated by a signature signed by the current-key, along with the current-cert. The hash algorithm used for signature is depends on the key type:

• DSA key: SHA1

• RSA key: MD5/SHA1/SHA224 | SHA256 | SHA384 | SHA512, by default is SHA1

In some cases, the CA may not return a certificate immediately, due to reasons such as request processing need manual intervention. In such cases, the admin certificate cmpv2 poll command can be used to poll the status of the request.

Parameters

ca ca-profile-name

Specifies a ca-profile name which includes CMP server information up to 32 characters.

current-key key-filename

Specifies corresponding certificate issued by the CA up to 95 characters.

current-cert cert-filename

Specifies the file name of an imported certificate that is attached to the certificate request up to 95 characters.

newkey key-filename

Specifies the file name of the imported key up to 95 characters.

hash-alg hash-algorithm

Specifies the hash algorithm for RSA key.

Values

md5,sha1,sha224,sha256,sha384,sha512

subject-dn dn

Specifies the subject of the requesting certificate up to 256 characters.

Values

attr1=val1,attr2=val2 where: attrN={C | ST | O | OU | CN}

save-as save-path-of-result-cert

Specifies the save full path name of saving the result certificate, up to 200 characters.

domain-name domain-names

Specifies FQDNs for SubjectAltName of the requesting certificate, separated by commas, up to 512 characters.

ip-addr ip-address | ipv6-address

Specifies an IPv4 or IPv6 address for SubjectAltName of the requesting certificate.

Platforms

All

Context

[Tree] (config>redundancy cert-sync)

Full Context

configure redundancy cert-sync

Description

This command automatically synchronizes the certificate/CRL/key when importing or generating (for the key). If a new CF card is inserted into slot3 into the backup CPM, the system will sync the whole system-pki directory from the active CPM.

Default

enabled

Platforms

All

Context

[Tree] (config>app-assure>group>certificate-profile certificate)

Full Context

configure application-assurance group certificate-profile certificate

Description

This command indicated the file name of the certificate to be added to the profile.

The no form of this command removes the certificate from the profile.

Default

no certificate

Parameters

certificate-file

Specifies the name of the certificate file, up to 95 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (admin certificate)

Full Context

admin certificate

Description

Commands in this context configure X.509 certificate related operational parameters. For information about CMPv6 admin certificate commands, see the 7450 ESS, 7750 SR, and VSR Multiservice Integrated Service Adapter and Extended Services Appliance Guide.

Platforms

All

Context

[Tree] (debug certificate)

Full Context

debug certificate

Description

Commands in this context debug certificates.

Platforms

All

Context

[Tree] (debug>ipsec certificate)

Full Context

debug ipsec certificate

Description

This command enables debug for certificate chain computation in cert-profile.

Parameters

filename

Displays the filename of imported certificate, up to 95 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>system>security>pki certificate-auto-update)

Full Context

configure system security pki certificate-auto-update

Description

This command configures automatic updates for the specified certificate. This must be an imported certificate.

Platforms

All

Context

[Tree] (config>system>security>pki certificate-display-format)

Full Context

configure system security pki certificate-display-format

Description

This command specifies the display format used for the Certificates and Certificate Revocation Lists.

Default

certificate-display-format ascii

Parameters

ascii

Specifies the ASCII format to use for the Certificates and Certificate Revocation Lists.

utf8

Specifies the UTF8 format to use for the Certificates and Certificate Revocation Lists.

Platforms

All

Context

[Tree] (config>system>security>pki certificate-expiration-warning)

Full Context

configure system security pki certificate-expiration-warning

Description

With this command configured, the system issues two types of warnings related to certificate expiration:

• BeforeExp — A warning message issued before certificate expire

• AfterExp — A warning message issued when certificate expire

This command specifies when system will issue BeforeExp message before a certificate expires. For example, with certificate-expiration-warning 5, the system will issue a BeforeExp message 5 hours before a certificate expires. An optional repeat <repeat-hour> parameter will enable the system to repeat the BeforeExp message every hour until the certificate expires.

If the user only wants AfterExp, then certificate-expiration-warning 0 can be used to achieve this.

BeforeExp and AfterExp warnings can be cleared in following cases:

• The certificate is reloaded by the admin certificate reload command. In this case, if the reloaded file is not expired, then AfterExp is cleared. And, if the reloaded file is outside of configured warning window, then the BeforeExp is also cleared.

• When the ca-profile/ipsec-gw/ipsec-tunnel/cert-profile is shutdown, then BeforeExp and AfterExp of corresponding certificates are cleared.

• When no certificate-expiration-warning command is configured, then all existing BeforeExp and AfterExp are cleared.

• Users may change the configuration of the certificate-expiration-warning so that certain certificates are no longer in the warning window. BeforeExp of corresponding certificates are cleared.

• If the system time changes so that the new time causes the certificates to no longer be in the warning window, then BeforeExp is cleared. If the new time causes an expired certificate to come non-expired, then AfterExp is cleared.

Default

no certificate-expiration-warning

Parameters

hours

Specifies the amount of time before a certificate expires when system issues BeforeExp.

Values

0 to 8760

repeat-hours

Specifies the time the system will repeat BeforeExp every repeat-hour.

Values

0 to 8760

Platforms

All

Context

[Tree] (config>app-assure>group certificate-profile)

Full Context

configure application-assurance group certificate-profile

Description

This command creates a certificate profile to be used for certificate-based encryption in HTTP header enrichment.

The no form of this command removes the certificate profile.

Parameters

cert-profile-name

Specifies the name of the profile, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>system>security>pki certificate-update-profile)

Full Context

configure system security pki certificate-update-profile

Description

Commands in this context configure a certificate update profile that specifies the behavior of the automatic update certificate.

The no form of this command removes the profile.

Parameters

profile-name

Specifies the name of the profile, up to 32 characters.

create

Mandatory keyword to create a certificate update profile.

Platforms

All

Context

[Tree] (config>system>thresholds cflash-cap-alarm)

Full Context

configure system thresholds cflash-cap-alarm

Description

This command enables capacity monitoring of the compact flash specified in this command. The severity level is alarm. Both a rising and falling threshold can be specified.

The no form of this command removes the configured compact flash threshold alarm.

Parameters

cflash-id

Specifies the name of the cflash device to be monitored.

Values

cf1:, cf1-A:, cf1-B:, cf2:, cf2-A:, cf2-B:, cf3:, cf3-A:, cf3-B:

rising-threshold threshold

Specifies a threshold for the sampled statistic. When the current sampled value is greater than or equal to this threshold, and the value at the last sampling interval was less than this threshold, a single threshold crossing event will be generated. A single threshold crossing event will also be generated if the first sample taken is greater than or equal to this threshold and the associated startup-alarm is equal to rising or either.

After a rising threshold crossing event is generated, another such event will not be generated until the sampled value falls below this threshold and reaches less than or equal to the falling-threshold value.

The threshold value represents units of 512 bytes.

Values

-2147483648 to 2147483647

Default

0

falling-threshold threshold

Specifies a threshold for the sampled statistic. When the current sampled value is less than or equal to this threshold, and the value at the last sampling interval was greater than this threshold, a single threshold crossing event will be generated. A single threshold crossing event will also be generated if the first sample taken is less than or equal to this threshold and the associated startup-alarm is equal to falling or either.

After a falling threshold crossing event is generated, another such event will not be generated until the sampled value rises above this threshold and reaches greater than or equal to the rising-threshold value.

The threshold value represents units of 512 bytes.

Values

-2147483648 to 2147483647

Default

0

seconds

Specifies the polling period, in seconds, over which the data is sampled and compared with the rising and falling thresholds.

Values

1 to 2147483647

rmon-event-type

Specifies the type of notification action to be taken when this event occurs.

Values

log — An entry is made in the RMON-MIB log table for each event occurrence. This does not create an SR OS logger entry. The RMON-MIB log table entries can be viewed using the show>system>thresholds CLI command.

trap — An SR OS logger event is generated. The SR OS logger utility then distributes the notification of this event to its configured log destinations, which may be CONSOLE, telnet session, memory log, cflash file, syslog, or SNMP trap destinations logs.

both — Both an entry in the RMON-MIB logTable and an SR OS logger event are generated.

none — No action is taken.

Default

both

alarm-type

Specifies the alarm that may be sent when this alarm is first created

If the first sample is greater than or equal to the rising threshold value and startup-alarm is equal to rising or either, a single rising threshold crossing event is generated.

If the first sample is less than or equal to the falling threshold value and startup-alarm is equal to falling or either, a single falling threshold crossing event is generated.

Values

rising, falling, either

Default

either

Configuration example

cflash-cap-alarm cf1-A: rising-threshold 50000000 falling-threshold 49999900 
interval 120 rmon-event-type both start-alarm rising

Platforms

All

Context

[Tree] (config>system>thresholds cflash-cap-alarm-pct)

Full Context

configure system thresholds cflash-cap-alarm-pct

Description

This command enables capacity monitoring of the compact flash specified in this command. The usage is monitored as a percentage of the capacity of the compact flash. The severity level is alarm. Both a rising and falling threshold can be specified.

The no form of this command removes the configured compact flash threshold alarm.

Parameters

cflash-id

Specifies the name of the cflash device to be monitored.

Values

cf1:, cf1-A:, cf1-B:, cf2:, cf2-A:, cf2-B:, cf3:, cf3-A:, cf3-B:

rising-threshold percentage

Specifies a threshold for the sampled statistic. When the current sampled value is greater than or equal to this threshold, and the value at the last sampling interval was less than this threshold, a single threshold crossing event will be generated. A single threshold crossing event will also be generated if the first sample taken is greater than or equal to this threshold and the associated startup-alarm is equal to rising or either.

After a rising threshold crossing event is generated, another such event will not be generated until the sampled value falls below this threshold and reaches less than or equal to the falling-threshold value.

The threshold value is the percentage of used space versus capacity for the specified compact flash.

Values

0 to 100

Default

0

falling-threshold percentage

Specifies a threshold for the sampled statistic. When the current sampled value is less than or equal to this threshold, and the value at the last sampling interval was greater than this threshold, a single threshold crossing event will be generated. A single threshold crossing event will also be generated if the first sample taken is less than or equal to this threshold and the associated startup-alarm is equal to falling or either.

After a falling threshold crossing event is generated, another such event will not be generated until the sampled value rises above this threshold and reaches greater than or equal to the rising-threshold value.

The threshold value is the percentage of used space versus capacity for the specified compact flash.

Values

0 to 100

Default

0

seconds

Specifies the polling period, in seconds, over which the data is sampled and compared with the rising and falling thresholds.

Values

1 to 2147483647

event-type

Specifies the type of notification action to be taken when this event occurs.

Values

log — An entry is made in the RMON-MIB log table for each event occurrence. This does not create an SR OS logger entry. The RMON-MIB log table entries can be viewed using the show>system>thresholds CLI command.

trap — An SR OS logger event is generated. The SR OS logger utility then distributes the notification of this event to its configured log destinations, which may be CONSOLE, telnet session, memory log, cflash file, syslog, or SNMP trap destinations logs.

both — Both an entry in the RMON-MIB logTable and an SR OS logger event are generated.

none — No action is taken.

Default

both

alarm-type

Specifies the alarm that may be sent when this alarm is first created.

If the first sample is greater than or equal to the rising threshold value and startup-alarm is equal to rising or either, a single rising threshold crossing event is generated.

If the first sample is less than or equal to the falling threshold value and startup-alarm is equal to falling or either, a single falling threshold crossing event is generated.

Values

rising, falling, either

Default

either

Configuration example

cflash-cap-alarm-pct cf1-A: rising-threshold 70 falling-
threshold 60 interval 120 rmon-event-type both start-alarm rising

Platforms

All

Context

[Tree] (config>system>thresholds cflash-cap-warn)

Full Context

configure system thresholds cflash-cap-warn

Description

This command enables capacity monitoring of the compact flash specified in this command.

The severity level is warning. Both a rising and falling threshold can be specified. The no form of this command removes the configured compact flash threshold warning.

Parameters

cflash-id

Specifies that the cflash-id specifies the name of the cflash device to be monitored.

Values

cf1:, cf1-A:, cf1-B:, cf2:, cf2-A:, cf2-B:, cf3:, cf3-A:, cf3-B:

rising-threshold threshold

Specifies a threshold for the sampled statistic. When the current sampled value is greater than or equal to this threshold, and the value at the last sampling interval was less than this threshold, a single threshold crossing event will be generated. A single threshold crossing event will also be generated if the first sample taken is greater than or equal to this threshold and the associated startup-alarm is equal to rising or either.

After a rising threshold crossing event is generated, another such event will not be generated until the sampled value falls below this threshold and reaches less than or equal to the falling-threshold value.

The threshold value represents units of 512 bytes.

Values

-2147483648 to 2147483647

Default

0

falling-threshold threshold

Specifies a threshold for the sampled statistic. When the current sampled value is less than or equal to this threshold, and the value at the last sampling interval was greater than this threshold, a single threshold crossing event will be generated. A single threshold crossing event will also be generated if the first sample taken is less than or equal to this threshold and the associated startup-alarm is equal to falling or either.

After a falling threshold crossing event is generated, another such event will not be generated until the sampled value rises above this threshold and reaches greater than or equal to the rising-threshold value.

The threshold value represents units of 512 bytes.

Values

-2147483648 to 2147483647

Default

0

seconds

Specifies the polling period over which the data is sampled and compared with the rising and falling thresholds.

Values

1 to 2147483647

rmon-event-type

Specifies the type of notification action to be taken when this event occurs.

Values

log — An entry is made in the RMON-MIB log table for each event occurrence. This does not create an SR OS logger entry. The RMON-MIB log table entries can be viewed using the show>system>thresholds CLI command.

trap — An SR OS logger event is generated. The SR OS logger utility then distributes the notification of this event to its configured log destinations, which may be CONSOLE, telnet session, memory log, cflash file, syslog, or SNMP trap destinations logs.

both — Both an entry in the RMON-MIB logTable and a SR OS logger event are generated.

none — No action is taken.

Default

both

alarm-type

Specifies the alarm that may be sent when this alarm is first created. If the first sample is greater than or equal to the rising threshold value and startup-alarm is equal to rising or either, a single rising threshold crossing event is generated.

If the first sample is less than or equal to the falling threshold value and startup-alarm is equal to falling or either, a single falling threshold crossing event is generated.

Values

rising, falling, either

Default

either

Configuration example

cflash-cap-warn cf1-B: rising-threshold 2000000 falling-threshold 1999900 
interval 240 rmon-event-type trap start-alarm either

Platforms

All

Context

[Tree] (config>system>thresholds cflash-cap-warn-pct)

Full Context

configure system thresholds cflash-cap-warn-pct

Description

This command enables capacity monitoring of the compact flash specified in this command. The usage is monitored as a percentage of the capacity of the compact flash.

The severity level is warning. Both a rising and falling threshold can be specified. The no form of this command removes the configured compact flash threshold warning.

Parameters

cflash-id

Specifies that the cflash-id specifies the name of the cflash device to be monitored.

Values

cf1:, cf1-A:, cf1-B:, cf2:, cf2-A:, cf2-B:, cf3:, cf3-A:, cf3-B:

rising-threshold percentage

Specifies a threshold for the sampled statistic. When the current sampled value is greater than or equal to this threshold, and the value at the last sampling interval was less than this threshold, a single threshold crossing event will be generated. A single threshold crossing event will also be generated if the first sample taken is greater than or equal to this threshold and the associated startup-alarm is equal to rising or either.

After a rising threshold crossing event is generated, another such event will not be generated until the sampled value falls below this threshold and reaches less than or equal to the falling-threshold value.

The threshold value is the percentage of used space versus capacity for the specified compact flash.

Values

0 to 100

Default

0

falling-threshold percentage

Specifies a threshold for the sampled statistic. When the current sampled value is less than or equal to this threshold, and the value at the last sampling interval was greater than this threshold, a single threshold crossing event will be generated. A single threshold crossing event will also be generated if the first sample taken is less than or equal to this threshold and the associated startup-alarm is equal to falling or either.

After a falling threshold crossing event is generated, another such event will not be generated until the sampled value rises above this threshold and reaches greater than or equal to the rising-threshold value.

The threshold value is the percentage of used space versus capacity for the specified compact flash.

Values

0 to 100

Default

0

seconds

Specifies the polling period over which the data is sampled and compared with the rising and falling thresholds.

Values

1 to 2147483647

event-type

Specifies the type of notification action to be taken when this event occurs.

Values

log — An entry is made in the RMON-MIB log table for each event occurrence. This does not create an SR OS logger entry. The RMON-MIB log table entries can be viewed using the show>system>thresholds CLI command.

trap — An SR OS logger event is generated. The SR OS logger utility then distributes the notification of this event to its configured log destinations, which may be CONSOLE, telnet session, memory log, cflash file, syslog, or SNMP trap destinations logs.

both —Both an entry in the RMON-MIB logTable and an SR OS logger event are generated.

none — No action is taken.

Default

both

alarm-type

Specifies the alarm that may be sent when this alarm is first created. If the first sample is greater than or equal to the rising threshold value and startup-alarm is equal to rising or either, a single rising threshold crossing event is generated.

If the first sample is less than or equal to the falling threshold value and startup-alarm is equal to falling or either, a single falling threshold crossing event is generated.

Values

rising, falling, either

Default

either

Configuration example

cflash-cap-warn-pct cf1-B: rising-threshold 70 falling-threshold 60 
interval 240 rmon-event-type trap start-alarm either

Platforms

All

Context

[Tree] (config>service>epipe>sap cflowd)

Full Context

configure service epipe sap cflowd

Description

This command enables cflowd to collect traffic flow samples through a service interface (SAP) for analysis. When cflowd is enabled on an Ethernet service SAP, the Ethernet traffic can be sampled and processed by the system’s cflowd engine and exported to IPFIX collectors with the l2-ip template enabled.

cflowd is used for network planning and traffic engineering, capacity planning, security, application and user profiling, performance monitoring, usage-based billing, and SLA measurement. When cflowd is enabled at the SAP level, all packets forwarded by the interface are subjected to analysis according to the cflowd configuration.

For L2 services, only ingress sampling is supported.

Default

no cflowd

Platforms

All

Context

[Tree] (config>service>vpls>sap cflowd)

Full Context

configure service vpls sap cflowd

Description

This command enables cflowd to collect traffic flow samples through a service interface (SAP) for analysis. When cflowd is enabled on an Ethernet service SAP, the Ethernet traffic can be sampled and processed by the system’s cflowd engine and exported to IPFIX collectors with the l2-ip template enabled.

cflowd is used for network planning and traffic engineering, capacity planning, security, application and user profiling, performance monitoring, usage-based billing, and SLA measurement. When cflowd is enabled at the SAP level, all packets forwarded by the interface are subjected to analysis according to the cflowd configuration.

For Layer 2 services, only ingress sampling is supported.

Default

no cflowd

Platforms

All

Context

[Tree] (config>app-assure>group cflowd)

Full Context

configure application-assurance group cflowd

Description

Commands in this context configure cflowd parameters for the application assurance group.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config cflowd)

Full Context

configure cflowd

Description

This command creates the context to configure cflowd.

The no form of this command removes all configuration under cflowd including the deletion of all configured collectors. This can only be executed if cflowd is in a shutdown state.

Default

no cflowd

Platforms

All

Context

[Tree] (config>service>ies>if cflowd-parameters)

[Tree] (config>service>vprn>sub-if>grp-if cflowd-parameters)

[Tree] (config>service>ies>sub-if>grp-if cflowd-parameters)

Full Context

configure service ies interface cflowd-parameters

configure service vprn subscriber-interface group-interface cflowd-parameters

configure service ies subscriber-interface group-interface cflowd-parameters

Description

This command creates the configuration context to configure cflowd parameters for the associated IP interfaces.

cflowd is used for network planning and traffic engineering, capacity planning, security, application and user profiling, performance monitoring, usage-based billing, and SLA measurement. When Cflowd is enabled at the interface level, all packets forwarded by the interface are subjected to analysis according to the cflowd configuration.

At a minimum, the sampling command must be configured within this context in order to enable cflowd sampling, otherwise traffic sampling will not occur.

Default

no cflowd-parameters

Platforms

All

• configure service ies interface cflowd-parameters

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

• configure service ies subscriber-interface group-interface cflowd-parameters
• configure service vprn subscriber-interface group-interface cflowd-parameters

Context

[Tree] (config>service>vprn>nw-if cflowd-parameters)

[Tree] (config>service>vprn>if cflowd-parameters)

Full Context

configure service vprn network-interface cflowd-parameters

configure service vprn interface cflowd-parameters

Description

This command creates the configuration context to configure cflowd parameters for the associated IP interfaces.

cflowd is used for network planning and traffic engineering, capacity planning, security, application and user profiling, performance monitoring, usage-based billing, and SLA measurement.

At a minimum, the sampling command must be configured within this context in order to enable cflowd sampling, otherwise traffic sampling will not occur.

Default

no cflowd-parameters

Platforms

All

Context

[Tree] (config>router>if cflowd-parameters)

Full Context

configure router interface cflowd-parameters

Description

This command creates the configuration context to configure cflowd parameters for the associated IP interfaces.

cflowd is used for network planning and traffic engineering, capacity planning, security, application and user profiling, performance monitoring, usage-based billing, and SLA measurement.

At a minimum, the sampling command must be configured within this context in order to enable cflowd sampling, otherwise traffic sampling will not occur.

Default

no cflowd-parameters

Platforms

All

Context

[Tree] (config>service>vpls>bgp-evpn cfm-mac-advertisement)

Full Context

configure service vpls bgp-evpn cfm-mac-advertisement

Description

This command enables the advertisement and withdrawal, as appropriate, of the IEEE MAC address associated with the MP (MEP and MIP) created on a SAP, Spoke or Mesh, in an EVPN service.

The up-date occurs each time an MP is added or deleted, or an IEEE MAC address is changed for an MP on a SAP, Spoke or Mesh within the service. The size of the update depends on the number of MPs in the service affected by the modification.

Only enable this functionality, as required, for services that require a resident MAC address to properly forward unicast traffic and that do not perform layer two MAC learning as part of the data plane.

Local MP IEEE MAC addresses are not stored in the local FDB and, as such, cannot be advertised through a control plane to a peer without this command.

The no version of the command disables the functionality and withdraws all previously advertised MP IEEE MAC addresses.

Platforms

All

Context

[Tree] (config>system>security>mgmt-access-filter>mac-filter>entry>match cfm-opcode)

Full Context

configure system security management-access-filter mac-filter entry match cfm-opcode

Description

This command specifies the type of opcode checking to be performed.

If the cfm-opcode match condition is configured then a check must be made to see if the Ethertype is either IEEE802.1ag or Y1731. If the Ethertype does not match then the packet is not CFM and no match to the cfm-opcode is attempted.

The CFM (ieee802.1ag or Y1731) opcode can be assigned as a range with a start and an end number or with a (less than lt, greater than gt, or equal to eq) operator.

If no range with a start and an end or operator (lt, gt, eq) followed by an opcode with the value between 0 and 255 is defined then the command is invalid.

Opcode Values lists the opcode values.

Defined by ITU-T Y.1731 32 - 63

Defined by IEEE 802.1. 64 - 255

Default

no cfm-opcode

Parameters

opcode

Specifies the opcode checking to be performed.

start

specifies the start number.

Values

0 to 255

end

Specifies the end number.

Values

0 to 255

lt | gt | eq

Specifies comparison operators.

Platforms

All

Context

[Tree] (config>service>epipe>sap>eth-cfm>mep cfm-vlan-tag)

[Tree] (config>service>vpls>spoke-sdp>eth-cfm>mep cfm-vlan-tag)

[Tree] (config>service>vpls>eth-cfm>mep cfm-vlan-tag)

[Tree] (config>service>epipe>spoke-sdp>eth-cfm>mep cfm-vlan-tag)

[Tree] (config>service>vpls>sap>eth-cfm>mep cfm-vlan-tag)

[Tree] (config>service>vpls>mesh-sdp>eth-cfm>mep cfm-vlan-tag)

Full Context

configure service epipe sap eth-cfm mep cfm-vlan-tag

configure service vpls spoke-sdp eth-cfm mep cfm-vlan-tag

configure service vpls eth-cfm mep cfm-vlan-tag

configure service epipe spoke-sdp eth-cfm mep cfm-vlan-tag

configure service vpls sap eth-cfm mep cfm-vlan-tag

configure service vpls mesh-sdp eth-cfm mep cfm-vlan-tag

Description

This command configures VLAN tags to apply to locally-generated CFM PDUs for egress processing.

The no form of the command removes the qtags from the configuration.

Parameters

qtag1

Specifies the outer VLAN ID.

Values

1 to 4094

qtag2

Specifies the inner VLAN ID and can only be specified if qtag1 is configured.

Values

1 to 4094

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>filter>ip-filter chain-to-system-filter)

[Tree] (config>filter>ipv6-filter chain-to-system-filter)

Full Context

configure filter ip-filter chain-to-system-filter

configure filter ipv6-filter chain-to-system-filter

Description

This command chains this filter to a currently active system filter. When the filter is chained to the system filter, the system filter rules are executed first, and the filter rules are only evaluated if no match on the system filter was found.

The no form of the command detaches this filter from the system filter.

Operational note:

If no system filter is currently active, the command has no effect.

Default

no chain-to-system-filter

Platforms

All

Context

[Tree] (config>service>vprn>l2tp challenge)

[Tree] (config>router>l2tp challenge)

Full Context

configure service vprn l2tp challenge

configure router l2tp challenge

Description

This command configures the use of challenge-response authentication.

The no form of this command reverts to the default never value.

Default

no challenge

Parameters

always

Specifies that the challenge-response authentication is always used.

Default

no challenge

Values

always

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vprn>l2tp>group challenge)

Full Context

configure service vprn l2tp group challenge

Description

This command configures the use of challenge-response authentication.

The no form of this command reverts to the default never value.

Default

no challenge

Parameters

always

Specifies when challenge-response is to be used for the authentication of the tunnels in this L2TP group.

Values

always

never

Specifies never to use challenge-response for the authentication of the tunnels in this L2TP group.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vprn>l2tp>group>tunnel challenge)

Full Context

configure service vprn l2tp group tunnel challenge

Description

This command configures the use of challenge-response authentication.

The no form of this command removes the parameter from the configuration and indicates that the value on group level will be taken.

Default

no challenge

Parameters

always

Specifies that challenge-response authentication should always be used for the tunnel.

never

Specifies that challenge-response authentication should never be used for the tunnel.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>gtp>peer-profile change-reporting-action)

Full Context

configure subscriber-mgmt gtp peer-profile change-reporting-action

Description

This command specifies the value of the change reporting action IE sends to the peer in applicable messages. The peer needs to indicate support first using the appropriate flag in the indication IE.

This is overridden by AAA, if AAA explicitly request notification changes for either ECGI, TAI or both. If AAA does not request any notification changes or only the generic location change, the configured value is used.

The no form of this command indicates that the IE is not sent, unless specified by AAA.

Default

no change-reporting-action

Parameters

reporting-action

Specifies the reporting action value as per TS 29.274.

Values

0 to 255, cgi-sai, rai, tai, ecgi, cgi-sai-rai, tai-ecgi

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle channel)

Full Context

configure mcast-management multicast-info-policy bundle channel

Description

This command defines explicit channels or channel ranges that are associated with the containing bundle. A channel or channel range is defined by their destination IP addresses. A channel may be defined using either IPv4 or IPv6 addresses. If a channel range is being defined, both the start and ending addresses must be the same type.

A specific channel may only be defined within a single channel or channel range within the multicast information policy. A defined channel range cannot overlap with an existing channel range.

If a channel range is to be shortened, extended, split or moved to another bundle, it must first be removed from its existing bundle.

Each specified channel range creates a containing context for any override parameters for the channel range. By default, no override parameters exist.

The no form of this command removes the specified multicast channel from the containing bundle.

Parameters

ip-address

Specifies the starting and ending destination IP addresses for a channel range. If only the start channel ip-address parameter is given, the channel ranges comprises of a single multicast channel.

If both the starting and ending address are specified, all addresses within the range including the specified address are part of the channel range.

IPv4 or IPv6 addresses may be defined. All specified addresses must be valid multicast destination addresses. The starting IP address must be numerically lower than the ending IP address.

Values

Any valid IP multicast destination address

create

This keyword is required if creating a new multicast channel range when the system is configured to require the explicit use of the keyword to prevent accidental object creation. Objects may be accidentally created when this protection is disabled and an object name is mistyped when attempting to edit the object. This keyword is not required when the protection is disabled. The keyword is ignored when the specified channel range already exists.

Platforms

All

Context

[Tree] (config>service>vprn>video-interface channel)

[Tree] (config>service>ies>video-interface channel)

Full Context

configure service vprn video-interface channel

configure service ies video-interface channel

Description

This command configures channel parameters for ad insertion.

Parameters

mcast-address

Specifies the multicast address.

source ip-address

Specifies the source IP address.

channel-name channel-name

Specifies the channel name up to 32 characters in length.

Platforms

7450 ESS, 7750 SR, 7750 SR-s

Context

[Tree] (config>router>mcac>policy>bundle channel)

Full Context

configure router mcac policy bundle channel

Description

This command creates a multicast channel within the bundle where it is configured. A join for a particular multicast channel can be accepted if:

1. Mandatory channels:

   A sufficient bandwidth exists on the interface according to the policy settings for the interface. There is always sufficient BW available on the bundle level because mandatory channels get BW pre-reserved.

2. Optional channels:

   A sufficient BW exists on both interface and bundle level.

A channel definition can be either IPv4 (start-address, end-address, source-address are IPv4 addresses) or IPv6. A single bundle can have either IPv4 or IPv6 or IPv6 and IPv4 channel definitions. A single policy can mix any of those bundles.

Overlapping channels are not allowed. Two channels overlap if they contain same groups and the same source address prefix (or both do not specify source address prefix). Two channels with same groups and different source prefixes (including one of the channels having no source configured or one of the channels having more specific prefix than the other) do not overlap and are treated as separate channels.

When joining a group from multiple sources, MCAC accounts for that only once when no source address is specified or a prefix for channel covers both sources. Channel BW should be adjusted accordingly or source-aware channel definition should be used if that is not desired.

If a bundle is removed, the channels associated are also removed and every multicast group that was previously policed (because it was in the bundle that contained the policy) becomes free of constraints.

When a new bundle is added to a MCAC policy, the bundle’s established groups on a given interfaces are accounted by the policy. Even if this action results in exceeding the bundle’s constrain, no active multicast groups are removed. When a leave message is received for an existing optional channel, then the multicast stream is pruned and subsequent new joins may be denied in accordance with the policy. It is possible that momentarily there may be insufficient bandwidth, even for mandatory channels, in this bundle.

Parameters

start-address

Specifies the beginning multicast IP address that identifies a multicast stream (BTV channel). Both addresses have to be either IPv4 or IPv6.

Values

This must be a valid IPv4 or IPv6 multicast group address

end-address

Specifies the ending multicast IP address that identifies a multicast stream (BTV channel). Both addresses have to be either IPv4 or IPv6.

Values

This must be a valid IPv4 or IPv6 multicast group address

prefix/prefix-length

Specifies the source of the multicast IP stream. This must be a valid IPv4 or IPv6 multicast source address prefix.

Values

address-prefix/prefix-length

address-prefix is valid IPv4/IPv6 multicast source IP address prefix (local scope excluded)

prefix-length [0 to 32] for IPv4 [0 to 128] for IPv6

bandwidth

Specifies the bandwidth required by this channel in kb/s. If this bandwidth is configured for a mandatory channel then this bandwidth is reserved by subtracting the amount from the total available bandwidth for all potential egress interfaces and the bundle.

If this bandwidth is configured as an optional channel then this bandwidth must be available for both the bundle and the egress interface requesting the channel to be added. Once the channel has been added the available bandwidth for the bundle and the interface must be reduced by the configured bandwidth of channel.

Values

10 to 10000000 kb/s

class

Provides deeper classification of channels used in the algorithm when LAG ports change state.

Values

high, low

Default

low

type

Specifies the channel to be either mandatory or optional.

mandatory — When the mandatory keyword is specified, then the bandwidth is reserved by subtracting it from the total available for all the potential egress interfaces and the bundle.

optional — When the optional keyword is specified then the bandwidth must be available on both the bundle and the egress interface that requests the channel to be added. Once the channel has been added the available bandwidth for the bundle and the interface must be reduced by the configured bandwidth of channel.

Values

mandatory, optional

Default

optional

Platforms

All

Context

[Tree] (debug>open-flow>of-switch channel)

Full Context

debug open-flow of-switch channel

Description

This command enables debugging of a port or ports associated with the OpenFlow switch.

The no form of this command disables debugging of a port or ports associated with the OpenFlow switch.

Parameters

ip-address:port

Specifies the IP address and port.

Values

ipv4-address	a.b.c.d:port
ipv6-address	x:x:x:x:x:x:x:x:port (eight 16-bit pieces) x - [0..FFFF]H
port	1 to 65535

detail

Keyword used to specify detailed debugging information about a port or ports associated with the OpenFlow switch.

Platforms

VSR

Context

[Tree] (config>port>tdm>ds1 channel-group)

[Tree] (config>port>tdm>e1 channel-group)

Full Context

configure port tdm ds1 channel-group

configure port tdm e1 channel-group

Description

This command creates DS0 channel groups in a channelized DS1 or E1 circuit. Channel groups cannot be further subdivided.

The no form of this command deletes the specified DS1 or E1 channel.

Parameters

channel-group-id

Identifies the channel-group ID number.

Values

DS1: 1 to 24 E1: 1 to 32

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e

Context

[Tree] (config>port>tdm>ds3 channelized)

Full Context

configure port tdm ds3 channelized

Description

This command specifies that the associated DS-3 is a channelized DS-3 with DS-1/E-1 sub-channels. Depending on the MDA type, the DS-3 parameters must be disabled if clear channel is the default (for example, on m12-ds3 MDAs). Clear channel is a channel that uses out-of-band signaling, not in-band signaling, so the channel's entire bit rate is available. Channelization must be explicitly specified. The no form specifies the associated DS-3 is a clear channel circuit and cannot contain sub-channel DS-1s/E-1s. The sub-channels must be deleted first before the no command is executed.

Default

no channelized.

Parameters

ds1

Specifies that the channel is DS-1.

e1

Specifies that the channel is E-1.

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e

Context

[Tree] (config>service>vprn>l2tp>group>tunnel chap-challenge-length)

[Tree] (config>router>l2tp>group>tunnel>ppp chap-challenge-length)

[Tree] (config>router>l2tp>group>ppp chap-challenge-length)

Full Context

configure service vprn l2tp group tunnel chap-challenge-length

configure router l2tp group tunnel ppp chap-challenge-length

configure router l2tp group ppp chap-challenge-length

Description

This command configures the maximum and minimum PPP CHAP challenge length.

The no form of this command reverts to the default value.

Default

chap-challenge-length min 32 max 64

Parameters

min length

Specifies the minimum PPP CHAP challenge length.

Values

8 to 64

Default

32

max length

Specifies the maximum PPP CHAP challenge length.

Values

8 to 64

Default

64

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vprn>l2tp>group>ppp chap-challenge-length)

Full Context

configure service vprn l2tp group ppp chap-challenge-length

Description

This command configures the maximum and minimum PPP CHAP challenge length.

The no form of this command reverts to the default value.

Default

chap-challenge-length min 32 max 64

Parameters

min length

Specifies the minimum PPP CHAP challenge length.

Values

8 to 64

max length

Specifies the maximum PPP CHAP challenge length.

Values

8 to 64

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>app-assure>group>policy-override>policy characteristic)

Full Context

configure application-assurance group policy-override policy characteristic

Description

This command configure an override characteristic and value.

Parameters

characteristic-name

Specifies the characteristic name, up to 32 characters.

value-name

Specifies the override characteristic value for the application profile characteristic used by the Application assurance subscriber.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>app-assure>group>policy>app-profile characteristic)

Full Context

configure application-assurance group policy app-profile characteristic

Description

This command assigns one of the existing values of an existing application service option characteristic to the application profile.

The no form of this command removes the characteristic from the application profile.

Parameters

characteristic-name

Specifies the name of an existing ASO characteristic.

value-name

Specifies the name for the application profile characteristic up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>app-assure>group>policy>aqp>entry>match characteristic)

Full Context

configure application-assurance group policy app-qos-policy entry match characteristic

Description

This command adds an existing characteristic and its value to the match criteria used by this AQP entry.

The no form of this command removes the characteristic from match criteria for this AQP entry.

Parameters

eq

Specifies that the value configured and the value in the flow are equal.

neq

Specifies that the value configured differs from the value in the flow.

characteristic-name

Specifies the name of the existing ASO characteristic, up to 32 characters in length.

value-name

Specifies the name of an existing value for the characteristic, up to 32 characters in length.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>app-assure>group>policy>aso characteristic)

Full Context

configure application-assurance group policy app-service-options characteristic

Description

This command creates the characteristic of the application service options.

The no form of this command deletes characteristic option. To delete a characteristic, it must not be referenced by other components of application assurance.

Parameters

characteristic-name

Specifies a string of up to 32 characters uniquely identifying this characteristic.

create

Mandatory keyword used to create when creating a characteristic. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>gtp>peer-profile charging-characteristics)

Full Context

configure subscriber-mgmt gtp peer-profile charging-characteristics

Description

Commands in this context configure charging characteristics.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>app-assure>group>policy charging-filter)

Full Context

configure application-assurance group policy charging-filter

Description

Commands in this context configure a charging filter for application assurance.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>app-assure>group>policy>chrg-fltr>entry charging-group)

Full Context

configure application-assurance group policy charging-filter entry charging-group

Description

This command configures an association between the charging group and the flows that match the charging filter entry.

The no form of this command removes the charging group.

Default

no charging-group

Parameters

charging-group-name

Specifies a string that uniquely identifies the charging group in the system, up to 32 characters.