d Commands – Part II
designated-role
designated-role
Syntax
designated-role {standby | active}
no designated-role
Context
[Tree] (config>redundancy>multi-chassis>ipsec-domain designated-role)
Full Context
configure redundancy multi-chassis ipsec-domain designated-role
Description
This command sets the designated role for the tunnel group in the IPsec domain.
The no form of this command reverts to the default value.
Default
designated-role standby
Parameters
- standby
-
Sets the designated role to standby.
- active
-
Sets the designated role to active.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
dest-class
dest-class
Syntax
dest-class dest-class
no dest-class
Context
[Tree] (config>router>policy-options>policy-statement>default-action dest-class)
[Tree] (config>router>policy-options>policy-statement>entry dest-class)
Full Context
configure router policy-options policy-statement default-action dest-class
configure router policy-options policy-statement entry dest-class
Description
This command specifies the policy accounting destination class index to associate with matched routes.
Default
no dest-class
Parameters
- dest-class
-
Specifies the destination class.
Platforms
7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS
- configure router policy-options policy-statement default-action dest-class
All
- configure router policy-options policy-statement entry dest-class
dest-global-id
dest-global-id
Syntax
dest-global-id dest-global-id
no dest-global-id
Context
[Tree] (config>router>mpls>lsp dest-global-id)
Full Context
configure router mpls lsp dest-global-id
Description
This optional command configures the MPLS-TP Global ID of the far end node of the MPLS-TP LSP. This command is only allowed for MPLS-TP LSPs. Global ID values of 0 indicate that the local node’s configured global ID is used. If the local global-id is 0, then the dest-global-id must also be 0. The dest-global-id cannot be changed if an LSP is in use by an SDP.
Default
dest-global-id 0
Parameters
- dest-global-id
-
Specifies the destination global ID.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
dest-ip
dest-ip
Syntax
[no] dest-ip ip-address
Context
[Tree] (config>service>ies>if>sap>ip-tunnel dest-ip)
[Tree] (config>service>vprn>if>sap>ip-tunnel dest-ip)
[Tree] (config>service>vprn>sap>ipsec-tunnel dest-ip)
Full Context
configure service ies interface sap ip-tunnel dest-ip
configure service vprn interface sap ip-tunnel dest-ip
configure service vprn sap ipsec-tunnel dest-ip
Description
This command configures a private IPv4 or IPv6 address of the remote tunnel endpoint. A tunnel can have up to 16 dest-ip commands. At least one dest-ip address is required in the configuration of a tunnel. A tunnel does not come up operationally unless all dest-ip addresses are reachable (part of a local subnet).
Unnumbered interfaces are not supported.
The no form of this command deletes the destination IP of the tunnel.
Parameters
- ip-address
-
Specifies the private IPv4 or IPv6 address of the remote IP tunnel endpoint. If this remote IP address is not within the subnet of the IP interface associated with the tunnel then the tunnel will not come up.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
dest-ip-addr
dest-ip-addr
Syntax
dest-ip-addr ip-address
no dest-ip-addr
Context
[Tree] (config>mcast-mgmt>mcast-rprt-dest dest-ip-addr)
Full Context
configure mcast-management mcast-reporting-dest dest-ip-addr
Description
This command specifies the IP address of the external node to which IGMP events are exported. The destination IP address can only be reachable from the global routing table (no vrf access).
The no form of this command removes the destination address from the configuration.
Parameters
- ip-addr
-
Specifies the IP address of the multicast reporting destination.
Platforms
All
dest-mac
dest-mac
Syntax
dest-mac {nearest-bridge | nearest-non-tpmr | nearest-customer}
Context
[Tree] (config>port>ethernet>lldp dest-mac)
Full Context
configure port ethernet lldp dest-mac
Description
This command configures destination MAC address parameters.
Default
dest-mac nearest-bridge
Parameters
- nearest-bridge
-
Specifies to use the nearest bridge.
- nearest-non-tpmr
-
Specifies to use the nearest non-Two-Port MAC Relay (TPMR).
- nearest-customer
-
Specifies to use the nearest customer.
Platforms
All
dest-mac
Syntax
dest-mac ieee-address
no dest-mac
Context
[Tree] (config>oam-pm>session>ethernet dest-mac)
Full Context
configure oam-pm session ethernet dest-mac
Description
This command defines the destination MAC address of the peer MEP and sets the destination MAC address in the layer two header to match. This must be a unicast address.
The no form of this command removes session parameter.
Parameters
- ieee-address
-
Specifies the Layer 2 unicast MAC address of the destination MEP.
Platforms
All
dest-mac
Syntax
dest-mac {nearest-bridge | nearest-non-tpmr | nearest-customer}
Context
[Tree] (config>lag>lldp-member-template dest-mac)
Full Context
configure lag lldp-member-template dest-mac
Description
This command configures the destination MAC address parameters.
Default
dest-mac nearest-bridge
Parameters
- nearest-bridge
-
Keyword to specify that the nearest bridge should be used.
- nearest-non-tpmr
-
Keyword to specify that the nearest non-Two-Port MAC Relay (TPMR) should be used.
- nearest-customer
-
Keyword to specify that the nearest customer should be used.
Platforms
All
dest-mac-address
dest-mac-address
Syntax
dest-mac-address mac-address [create]
no dest-mac-address mac-address
Context
[Tree] (config>macsec>mac-policy dest-mac-address)
Full Context
configure macsec mac-policy dest-mac-address
Description
This command specifies the destination MAC address.
The no form of this command removes the MAC address.
Parameters
- mac-address
-
Specifies the value of the MAC address policy.
- create
-
Mandatory to create the configuration.
Platforms
All
dest-mac-rewrite
dest-mac-rewrite
Syntax
dest-mac-rewrite ieee-address
no dest-mac-rewrite
Context
[Tree] (config>service>vpls>sap>egress dest-mac-rewrite)
Full Context
configure service vpls sap egress dest-mac-rewrite
Description
This commands enables the overwriting of a destination MAC address to an operator-configured value for all unicast packets egressing the specified SAP. The command is intended to be deployed with L2 PBF SAP redirect when a remote end of the SAP interface is an L3 interface with a MAC address different from the MAC address of the non-PBF-ed L3 interface. See Filter Policy in the 7450 ESS, 7750 SR, 7950 XRS, and VSR Router Configuration Guide for more details.
The no form disables the option.
Default
no dest-mac-rewrite
Parameters
- ieee-address
-
Specifies the MAC address
Platforms
All
dest-realm-learning
dest-realm-learning
Syntax
[no] dest-realm-learning
Context
[Tree] (config>subscr-mgmt>diam-appl-plcy>gy dest-realm-learning)
[Tree] (config>subscr-mgmt>diam-appl-plcy>gx dest-realm-learning)
Full Context
configure subscriber-mgmt diameter-application-policy gy dest-realm-learning
configure subscriber-mgmt diameter-application-policy gx dest-realm-learning
Description
This command configures destination realm learning that is used in outgoing Gx and Gy Credit Control Request (CCR) messages. Destination realm is a mandatory configuration parameter.
The configured destination realm is always used in the initial CCR-I message. The consecutive request message of a Gx or Gy session can use the destination realm as learned from replies within a DIAMETER session (if learning is enabled), or they can ignore the realm from the reply and always use the configured destination realm in Gx and Gy request messages (learning is disabled).
The no form of this command ignores the realm from the reply.
Default
dest-realm-learning
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
dest-tunnel-number
dest-tunnel-number
Syntax
dest-tunnel-number dest-tunnel-number
no dest-tunnel-number
Context
[Tree] (config>router>mpls>lsp dest-tunnel-number)
Full Context
configure router mpls lsp dest-tunnel-number
Description
This optional command configures the MPLS-TP tunnel number of the LSP at the far end node of the MPLS-TP LSP. This command is only allowed for MPLS-TP LSPs. If it is not entered, then the system will take the dest-tunnel-number to be the same as the src-tunnel-num for the LSP.
Default
The default value is the configured src-tunnel-num.
Parameters
- dest-tunnel-number
-
Specifies the destination tunnel number.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
dest-udp-port
dest-udp-port
Syntax
dest-udp-port udp-port-number
no dest-udp-port
Context
[Tree] (config>oam-pm>session>ip dest-udp-port)
Full Context
configure oam-pm session ip dest-udp-port
Description
This command defines the destination UDP port on outbound TWAMP Light packets sent from the session controller. The destination UDP port must match the UDP port value configured on the TWAMP Light reflector that is responding to this specific TWAMP Light test.
The no form of this command removes the destination UDP port setting.
Parameters
- udp-port-number
-
Specifies the UDP source port.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
dest-udp-port
Syntax
dest-udp-port port-number
Context
[Tree] (config>test-oam>link-meas>template>twl dest-udp-port)
Full Context
configure test-oam link-measurement measurement-template twamp-light dest-udp-port
Description
This command configures the destination UDP port used by the link measurement tests.
Default
dest-udp-port 862
Parameters
- port-number
-
Specifies the destination UDP port copied into the UDP header of each Echo request packet launched for each link measurement test belonging to the specified template.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
dest-udp-port
Syntax
dest-udp-port port-number
Context
[Tree] (config>test-oam>lag-meas>template>twl dest-udp-port)
Full Context
configure test-oam lag-ip-measurement lag-ip-measurement-template twamp-light dest-udp-port
Description
This command configures the destination UDP port for the test packets.
Default
dest-udp-port 862
Parameters
- port-number
-
Specifies the destination UDP port number.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
destination
destination
Syntax
destination ip-address
no destination
Context
[Tree] (config>oam-pm>session>ip destination)
Full Context
configure oam-pm session ip destination
Description
This command defines the destination IP address that is assigned to the TWAMP Light packets. The destination address must be included in the prefix list on the session reflector within the configured context in order to allow the reflector to process the inbound TWAMP Light packets.
The no form of this command removes the destination parameters.
Parameters
- ip-address
-
Specifies the IP address of the IP peer to which the packet is directed.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
destination
Syntax
destination ip-address [create]
no destination ip-address
Context
[Tree] (config>filter>redirect-policy destination)
Full Context
configure filter redirect-policy destination
Description
This command defines a destination in a redirect policy. More than one destination can be configured. Whether a destination IPv4/IPv6 address will receive redirected packets depends on the effective priority value after evaluation.
The most preferred destination is programmed in hardware as action forward next-hop. If all destinations are down (as determined by the supported tests), action forward is programmed in hardware. All destinations within a given policy must be either IPv4 or (exclusive) IPv6. The redirect policy with IPv4 destinations configured can only be used by IPv4 filter policies. The redirect policy with IPv6 destinations configured can only be used by IPv6 filter policies.
Default
no destination
Parameters
- ip-address
-
Specifies the IPv4 address (in dotted decimal notation) or IPv6 address to send the redirected traffic to.
Platforms
All
destination
Syntax
destination memory num-entries
destination syslog syslog-id
no destination
Context
[Tree] (config>filter>log destination)
Full Context
configure filter log destination
Description
This command configures the destination for filter log entries for the filter log ID.
Filter logs can be sent to either memory (memory) or to an existing Syslog server definition (syslog).
If the filter log destination is memory, the maximum number of entries in the log must be specified.
The no form of the command deletes the filter log association.
Default
destination memory 1000
Parameters
- memory num-entries
-
Specifies the destination of the filter log ID is a memory log. The num-entries value is the maximum number of entries in the filter log expressed as a decimal integer.
- syslog syslog-id
-
Specifies the destination of the filter log ID is a Syslog server. The syslog-id parameter is the number of the Syslog server definition.
Platforms
All
destination
Syntax
destination {ip-address | fqdn} port port [create]
no destination {ip-address | fqdn} port port
Context
[Tree] (config>system>telemetry>destination-group destination)
[Tree] (config>system>grpc-tunnel>destination-group destination)
Full Context
configure system telemetry destination-group destination
configure system grpc-tunnel destination-group destination
Description
This command configures a destination IP address and port for a specific destination within a destination group. Up to two destinations can be defined within a destination group. Each destination is an IPv4 address, an IPv6 address, or the Fully Qualified Domain Name (FQDN).
The no form of this command removes the destination from the destination group.
Parameters
- ip-address
-
Specifies the IPv4 address (in dotted decimal notation) or IPv6 address.
- fqdn
-
Specifies the FQDN.
- port
-
Specifies the TCP destination port number.
- create
-
Keyword used to create a destination.
Platforms
All
destination
Syntax
destination ip-address
no destination
Context
[Tree] (config>router>if>if-attr>delay>dyn>twamp>ipv4 destination)
Full Context
configure router interface if-attribute delay dynamic twamp-light ipv4 destination
Description
This command configures the unicast IPv4 destination address for the TWAMP Light test packet. When this command is not configured, the destination IPv4 address is auto-assigned for interfaces configured with a prefix length of 30 and 31. All other interface prefix lengths and unnumbered interfaces are unable to auto- assign the destination IPv4 address. If the interface does not use a prefix length of 30 or 31, the destination must be configured.
Deleting a configured destination removes the specified address and causes the source address to be auto-assigned for prefix length of 30 and 31.
Configuration modifications are allowed without administratively disabling the IPv4 protocol.
The no form of this command removes the IPv4 address from the configuration.
Default
no destination
Parameters
- ip-address
-
Specifies the IPv4 destination address.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
destination
Syntax
destination ipv6-address
no destination
Context
[Tree] (config>router>if>if-attr>delay>dyn>twamp>ipv6 destination)
Full Context
configure router interface if-attribute delay dynamic twamp-light ipv6 destination
Description
This command configures the IPv6 destination address of the TWAMP Light test packet. When this command is not configured, no destination address is present and an error is raised to prevent the transmission of the test packet.
The IPv6 protocol can be enabled without addressing. However, the test does not transmit packets.
The link local address must be in the form fe80::/60 in accordance with RFC 4291, IP Version 6 Addressing Architecture.
The no form of this command removes the IPv6 address from the configuration.
Default
no destination
Parameters
- ipv6-address
-
Specifies the TWAMP Light IPv6 destination address
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
destination-address
destination-address
Syntax
[no] destination-address ip-address
Context
[Tree] (config>filter>gre-tun-tmp>ipv4 destination-address)
Full Context
configure filter gre-tunnel-template ipv4 destination-address
Description
This command defines one or more destinations for the GRE IP header used to encapsulate the matching IPv4/IPv6 packet.
Traffic matching the associated IPv4 or IPv6 filter are hashed across all available destination address. If no destination address is available, then matching traffic follows the configured pbr-down-action-override action, if configured.
The no form of this command removes the specified destination IP address configuration from the associated GRE tunnel template.
Parameters
- ip-address
-
Specifies up to 16 IPv4 addresses to be used as the destination address.
Platforms
All
destination-address
Syntax
destination-address ip-address
no destination-address
Context
[Tree] (config>service>vprn>if>ping-template destination-address)
[Tree] (config>service>ies>if>ping-template destination-address)
Full Context
configure service vprn interface ping-template destination-address
configure service ies interface ping-template destination-address
Description
This command configures the address to where the ICMP echo requests are
directed to test connectivity. The source of the ICMP echo request is the
primary IPv4 address of the interface under which the ping-template is
configured. The destination address must be on the same subnet as the source
IP address. A configuration warning message displays if the primary IPv4
address and the destination are not on the same subnet, INFO: PIP
#2092 Ping template misconfiguration - destination-address and primary
IP address should fall in the same subnet. Unnumbered
interfaces and loopback addresses are not supported.
The config>service>ies|vprn>interface>ping-template must be in the no shutdown state to remove or change the destination-address ip-address.
The no form of this command removes the destination address from the configuration.
Parameters
- ip-address
-
Specifies the destination address to where the ICMP echo requests are directed to test connectivity, in a.b.c.d format.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
destination-class
destination-class
Syntax
destination-class index
no destination-class index
no destination-class all
Context
[Tree] (config>router>policy-acct-template destination-class)
Full Context
configure router policy-acct-template destination-class
Description
Commands in this context create a destination class index for the template.
The no form of this command removes the index from the configuration.
Parameters
- index
-
Specifies the destination index value.
- all
-
Deletes all destination class indexes from this configuration.
Platforms
7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS
destination-class
Syntax
destination-class dest-index
no destination-class [dest-index]
Context
[Tree] (config>service>vprn>static-route-entry>indirect destination-class)
[Tree] (config>service>vprn>static-route-entry>ipsec-tunnel destination-class)
Full Context
configure service vprn static-route-entry indirect destination-class
configure service vprn static-route-entry ipsec-tunnel destination-class
Description
This command configures the policy accounting destination-class index to be used when incrementing accounting statistic for traffic matching the associated static route.
The no form of this command removes the associated destination-class from the associated static route nexthop.
Default
no destination-class
Parameters
- dest-index
-
The destination index integer value.
Platforms
7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS
destination-class
Syntax
destination-class dest-index
no destination-class
Context
[Tree] (config>filter>ip-filter>entry>match destination-class)
[Tree] (config>filter>ipv6-filter>entry>match destination-class)
Full Context
configure filter ip-filter entry match destination-class
configure filter ipv6-filter entry match destination-class
Description
This command configures the BGP destination-class value match criterion. Filtering egress traffic on destination-class requires the destination-class-lookup command to be enabled on the interface that the packet ingresses on.
The no form of the command removes the destination-class value match criterion.
Default
no destination-class
Parameters
- dest-index
-
Specifies the destination index integer value.
Platforms
All
destination-class
Syntax
destination-class dest-index
no destination-class [dest-index]
Context
[Tree] (config>router>static-route-entry>indirect destination-class)
[Tree] (config>router>static-route-entry>next-hop destination-class)
Full Context
configure router static-route-entry indirect destination-class
configure router static-route-entry next-hop destination-class
Description
This command configures the policy accounting destination-class index to be used when incrementing accounting statistic for traffic matching the associated static route.
The no form of this command removes the associated destination-class from the associated static route next hop.
Default
no destination-class
Parameters
- dest-index
-
Specifies the destination index integer value.
Platforms
7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS
destination-class-lookup
destination-class-lookup
Syntax
[no] destination-class-lookup
Context
[Tree] (config>service>ies>if>ingress destination-class-lookup)
Full Context
configure service ies interface ingress destination-class-lookup
Description
This command enables BGP destination-class lookup for packets on this interface ingress and is supported on FP3-based cards and later. It is used in combination with an IP filter or IPv6 filter destination-class to filter traffic egress of the router based on BGP destination classes.
The command is supported on network, IES, VPRN and R-VPLS interfaces. It is not supported on subscriber interfaces, tunnel interfaces or VPRN network interfaces.
Default
no destination-class-lookup
Platforms
All
destination-class-lookup
Syntax
[no] destination-class-lookup
Context
[Tree] (config>service>vprn>if>ingress destination-class-lookup)
Full Context
configure service vprn interface ingress destination-class-lookup
Description
This command enables BGP destination-class lookup for packets on this interface ingress and is supported on FP3-based cards and later. It is used in combination with an IP filter or IPv6 filter destination-class to filter traffic egress of the router based on BGP destination classes.
The command is supported on network, IES, VPRN and R-VPLS interfaces. It is not supported on subscriber interfaces, tunnel interfaces and VPRN network interfaces.
Default
no destination-class-lookup
Platforms
All
destination-class-lookup
Syntax
[no] destination-class-lookup
Context
[Tree] (config>router>if>ingress destination-class-lookup)
Full Context
configure router interface ingress destination-class-lookup
Description
This command enables BGP destination-class lookup for packets on this interface ingress. It is used in combination with an IP filter or IPv6 filter destination-class to filter traffic egress of the router based on BGP destination classes.
The command is supported on network, IES, VPRN and R-VPLS interfaces. It is not supported on subscriber interfaces, tunnel interfaces or VPRN network interfaces.
The no form of this command reverts to the default value.
Default
no destination-class-lookup
Platforms
All
destination-group
destination-group
Syntax
destination-group name [create]
no destination-group name
Context
[Tree] (config>system>telemetry destination-group)
[Tree] (config>system>grpc-tunnel destination-group)
Full Context
configure system telemetry destination-group
configure system grpc-tunnel destination-group
Description
Commands in this context configure commands for destination groups.
The no form of this command removes the destination group name.
Parameters
- name
-
Specifies the destination group name, up to 32 characters.
- create
-
Keyword used to create a destination group.
Platforms
All
destination-group
Syntax
destination-group name
no destination-group
Context
[Tree] (config>system>grpc-tunnel>tunnel destination-group)
Full Context
configure system grpc-tunnel tunnel destination-group
Description
This command assigns the specified destination group to a gRPC tunnel.
The no form of this command removes the specified destionation group from the gRPC tunnel.
Default
no destination-group
Parameters
- name
-
Specifies the destination group name, up to 32 characters
Platforms
All
destination-group
Syntax
destination-group name
no destination-group
Context
[Tree] (config>system>telemetry>persistent-subscriptions>subscription destination-group)
Full Context
configure system telemetry persistent-subscriptions subscription destination-group
Description
This command assigns an existing destination group to the specified persistent subscription. The assigned destination-group must already exist before the configured persistent subscription can be activated.
The no form of this command removes the destination group name from the persistent subscription.
Parameters
- name
-
Specifies the destination group name, up to 32 characters.
Platforms
All
destination-ip
destination-ip
Syntax
[no] destination-ip
Context
[Tree] (config>service>nat>syslog>syslog-export-policy>include destination-ip)
Full Context
configure service nat syslog syslog-export-policy include destination-ip
Description
This command includes the destination IP address in the flow log. The destination-ip is significant in Destination Based NAT (DNAT) where the foreign IP address is translated. A foreign IP address is the original IP address toward the destination node and in DNAT it is replaced by the destination-ip. More clearly, on the inside (private side), the IP address of the destination node is referred to as foreign IP (original destination IP), and once this address is translated by DNAT, it is referred to as destination IP (translated destination IP) on the outside (public side).
The no form of the command disables the feature.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
destination-port
destination-port
Syntax
destination-port [destination-port]
Context
[Tree] (config>service>nat>syslog>syslog-export-policy>collector destination-port)
Full Context
configure service nat syslog syslog-export-policy collector destination-port
Description
This command configures the destination port (collector port) to which UDP stream containing the syslog flow records are sent.
Default
destination-port 514
Parameters
- destination-port
-
Specifies the destination port to which UDP streams are sent.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
destination-prefix
destination-prefix
Syntax
destination-prefix ip-prefix/length [nat-policy nat-policy-name]
no destination-prefix ip-prefix/length
Context
[Tree] (config>router>nat>inside destination-prefix)
[Tree] (config>service>vprn>nat>inside destination-prefix)
Full Context
configure router nat inside destination-prefix
configure service vprn nat inside destination-prefix
Description
This command configures a destination prefix. An (internal) static route will be created for this prefix. All traffic that hits this route will be subject to NAT. The system will not allow a destination-prefix to be configured if the configured nat-policy refers to an IP pool that resides in the same service (as this would result in a routing loop).
Parameters
- ip-prefix
-
Specifies the IP prefix; host bits must be zero (0).
- length
-
Specifies the prefix length.
- nat-policy-name
-
Specifies the NAT policy name, up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
destination-prefix
Syntax
[no] destination-prefix
Context
[Tree] (config>cflowd>collector>aggregation destination-prefix)
Full Context
configure cflowd collector aggregation destination-prefix
Description
This command specifies that the aggregation data is based on destination prefix information.
The no form removes this type of aggregation from the collector configuration.
Platforms
All
detail-level
detail-level
Syntax
detail-level {low | medium | high}
no detail-level
Context
[Tree] (debug>router>ip>dhcp6 detail-level)
[Tree] (debug>router>ip>dhcp detail-level)
[Tree] (debug>router>local-dhcp-server detail-level)
Full Context
debug router ip dhcp6 detail-level
debug router ip dhcp detail-level
debug router local-dhcp-server detail-level
Description
This command debugs the DHCP tracing detail level.
Parameters
- low
-
Displays a low detail level for DHCP debugging.
- medium
-
Displays a medium detail level for DHCP debugging.
- high
-
Displays a high detail level for DHCP debugging.
Platforms
All
- debug router ip dhcp6 detail-level
- debug router ip dhcp detail-level
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
- debug router local-dhcp-server detail-level
detail-level
Syntax
detail-level detail-level
Context
[Tree] (debug>router>l2tp>packet detail-level)
[Tree] (debug>router>l2tp>group>packet detail-level)
[Tree] (debug>router>l2tp>assignment-id>packet detail-level)
Full Context
debug router l2tp packet detail-level
debug router l2tp group packet detail-level
debug router l2tp assignment-id packet detail-level
Description
This command configures the L2TP packet debugging level of detail.
Parameters
- detail-level
-
Specifies the detail level.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
detail-level
Syntax
detail-level {low | medium | high}
no detail-level
Context
[Tree] (debug>service>id>ppp>packet detail-level)
Full Context
debug service id ppp packet detail-level
Description
This command specify the detail level of PPP packet debug output.
The no form of this command disables debugging.
Parameters
- low | medium | high
-
Specifies the detail level of PPP packet debug output.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
detail-level
Syntax
detail-level {low | medium | high}
no detail-level
Context
[Tree] (debug>router>radius detail-level)
Full Context
debug router radius detail-level
Description
This command specifies the output detail level of command debug router radius.
Default
detail-level medium
Parameters
- low
-
Specifies that the output includes packet type, server address, length, radius-server-policy name.
- medium
-
Specifies all output in low level including the RADIUS attributes in the packet.
- high
-
Specifies all output in medium level including the hex packet dump.
Platforms
All
detail-level
Syntax
detail-level detail-level
Context
[Tree] (debug>router>wpp>portal>packet detail-level)
[Tree] (debug>router>wpp>packet detail-level)
Full Context
debug router wpp portal packet detail-level
debug router wpp packet detail-level
Description
This command specifies the detail level of WPP packet debugging.
Parameters
- detail-level
-
specifies the detail level of WPP packet debugging.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
detail-level
Syntax
detail-level {low | medium | high}
Context
[Tree] (debug>subscr-mgmt>vrgw>brg>pppoe-client>brg-id detail-level)
Full Context
debug subscriber-mgmt vrgw brg pppoe-client brg-id detail-level
Description
This command specifies the amount of detail present in debugging the specified PPPoE client.
Default
detail-level high
Parameters
- low
-
Specifies a low level of detail during debugging.
- medium
-
Specifies a medium level of detail during debugging.
- high
-
Specifies a high level of detail during debugging.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
detail-level
Syntax
detail-level {low | medium | high}
no detail-level
Context
[Tree] (debug>service>id>igmp-snooping detail-level)
Full Context
debug service id igmp-snooping detail-level
Description
This command enables and configures the IGMP tracing detail level.
The no form of this command disables the IGMP tracing detail level.
Platforms
All
detail-level
Syntax
detail-level {low | medium | high}
no detail-level
Context
[Tree] (debug>service>id>mld detail-level)
Full Context
debug service id mld-snooping detail-level
Description
This command enables and configures the MLD tracing detail level.
The no form of this command disables the MLD tracing detail level.
Platforms
All
detail-level
Syntax
detail-level {low | medium | high}
no detail-level
Context
[Tree] (debug>service>id>dhcp detail-level)
Full Context
debug service id dhcp detail-level
Description
This command configures the DHCP tracing detail level.
The no form of the command disables debugging.
Parameters
- low
-
Displays a low detail level for DHCP debugging.
- medium
-
Displays a medium detail level for DHCP debugging.
- high
-
Displays a high detail level for DHCP debugging.
Platforms
All
detail-level
Syntax
detail-level detail-level
Context
[Tree] (debug>router>pcp>pcp-server>packet detail-level)
Full Context
debug router pcp pcp-server packet detail-level
Description
This command configures the packet debugging level of detail.
Parameters
- detail-level
-
Specifies the detail level.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
detailed-acct-attributes
detailed-acct-attributes
Syntax
[no] detailed-acct-attributes
Context
[Tree] (config>subscr-mgmt>acct-plcy>include detailed-acct-attributes)
Full Context
configure subscriber-mgmt radius-accounting-policy include-radius-attribute detailed-acct-attributes
Description
This command enables detailed reporting of per queue and per policer octet and packet counters using RADIUS VSAs. Enabled by default. It can be enabled simultaneously with aggregate counters (std-acct-attributes).
The no form of this command excludes the detailed counter VSAs from the RADIUS accounting messages.
Default
detailed-acct-attributes
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
detect
detect
Syntax
detect num-moves num-moves window minutes [trusted-mac-move-factor factor]
Context
[Tree] (config>service>vpls>bgp-evpn>mac-duplication detect)
Full Context
configure service vpls bgp-evpn mac-duplication detect
Description
This command modifies the behavior of the mac-duplication command, which is always enabled by default. It monitors the number of moves of a MAC address for a period of time (window).
Default
detect num-moves 5 window 3 trusted-mac-move-factor 1
Parameters
- num-moves
-
Identifies the number of MAC moves in a VPLS service. The counter is incremented when a specified MAC is locally relearned in the FDB or flushed from the FDB due to the reception of a better remote EVPN route for that MAC.
- minutes
-
Specifies the length of the window in minutes.
- factor
-
Specifies the multiplying value used to calculate a MAC duplication event. The num-moves value is multiplied by this value to determine the number of moves needed to declare a trusted MAC as duplicate.
For example, if num-moves=5 and factor=3, five moves within the window is enough to declare a non-trusted MAC as duplicate. However, 15 moves are needed to declare a trusted MAC as duplicate.
By default, the value of factor is 1, which means the factor for a trusted MAC is the same as for a non-trusted MAC. This provides a backwards compatible solution upon upgrade of the node.
Platforms
All
detect-seen-ip
detect-seen-ip
Syntax
[no] detect-seen-ip
Context
[Tree] (config>app-assure>group>transit-ip-policy detect-seen-ip)
Full Context
configure application-assurance group transit-ip-policy detect-seen-ip
Description
This command enables the detection of transit subscribers based on the IP address.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
detection-time
detection-time
Syntax
detection-time seconds
no detection-time
Context
[Tree] (config>sys>security>dist-cpu-protection>policy>protocol>dynamic-parameters detection-time)
Full Context
configure system security dist-cpu-protection policy protocol dynamic-parameters detection-time
Description
When a dynamic enforcing policer is instantiated, it remains allocated until at least a contiguous conforming period of detection-time passes.
Default
detection-time 30
Parameters
- seconds
-
Specifies the detection time.
Platforms
All
detection-time
Syntax
detection-time seconds
Context
[Tree] (config>sys>security>dist-cpu-protection>policy>static-policer detection-time)
Full Context
configure system security dist-cpu-protection policy static-policer detection-time
Description
When a policer is declared as in an "exceed” state, it remains as exceeding until a contiguous conforming period of detection-time passes. The detection-time only starts after the exceed-action hold-down is complete. If the policer detects another exceed during the detection count down then a hold-down is once again triggered before the policer re-enters the detection time (that is, the countdown timer starts again at the configured value). During the hold-down (and the detection-time), the policer is considered as in an "exceed” state.
Default
detection-time 30
Parameters
- seconds
-
Specifies the detection time.
Platforms
All
deterministic
deterministic
Syntax
deterministic
Context
[Tree] (config>service>vprn>nat>inside deterministic)
[Tree] (config>router>nat>inside deterministic)
Full Context
configure service vprn nat inside deterministic
configure router nat inside deterministic
Description
Commands in this context configure deterministic NAT.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
deterministic
Syntax
deterministic
Context
[Tree] (config>service>vprn>nat>outside>pool deterministic)
Full Context
configure service vprn nat outside pool deterministic
Description
This command configures deterministic NAT for this pool.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
deterministic-med
deterministic-med
Syntax
[no] deterministic-med
Context
[Tree] (config>service>vprn>bgp>best-path-selection deterministic-med)
Full Context
configure service vprn bgp best-path-selection deterministic-med
Description
This command controls how the BGP decision process compares routes on the basis of MED. When deterministic-med is configured, BGP groups paths that are equal up to the MED comparison step based on neighbor AS, and then compares the best path from each group to arrive at the overall best path. This change to the BGP decision process makes best path selection completely deterministic in all cases. Without deterministic-med, the overall best path selection is sometimes dependent on the order of the route arrival because of the rule that MED cannot be compared in routes from different neighbor AS.
Default
no deterministic-med
Platforms
All
deterministic-med
Syntax
[no] deterministic-med
Context
[Tree] (config>router>bgp>best-path-selection deterministic-med)
Full Context
configure router bgp best-path-selection deterministic-med
Description
This command controls how the BGP decision process compares routes on the basis of MED. When deterministic-med is configured, BGP groups paths that are equal up to the MED comparison step based on neighbor AS, and then compares the best path from each group to arrive at the overall best path. This change to the BGP decision process makes best path selection completely deterministic in all cases. Without deterministic-med, the overall best path selection is sometimes dependent on the order of the route arrival because of the rule that MED cannot be compared in routes from different neighbor AS.
Default
no deterministic-med
Platforms
All
deterministic-script
deterministic-script
Syntax
deterministic-script
Context
[Tree] (config>service>nat deterministic-script)
Full Context
configure service nat deterministic-script
Description
This command configures the script generated for deterministic NAT.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
device
device
Syntax
device ieee-address [create]
no device ieee-address
Context
[Tree] (config>system>bluetooth device)
Full Context
configure system bluetooth device
Description
This command is used to add and remove devices from the Bluetooth allowlist or to enter the context to configure the MAC. The router only accepts pairing requests with devices that are in the allowlist. The devices are identified through their IEEE 802 MAC addresses. Up to six devices can be defined in the allowlist.
The create keyword must be used to add a new device.
The no form of this command removes the indicated device from the allowlist.
Parameters
- ieee-address
-
Specifies the MAC address of the external Bluetooth device.
Platforms
7750 SR-1, 7750 SR-s, 7950 XRS-20e
device-label
device-label
Syntax
device-label name
no device-label
Context
[Tree] (config>system>management-interface>remote-management device-label)
Full Context
configure system management-interface remote-management device-label
Description
This command configures the metadata label that is supplied to all remote managers. This label can be used to group devices (network-nodes) that serve a common purpose or role.
If this command is also configured for a specific remote manager in the config>system> management-interface>remote-management>manager context, that configuration takes precedence.
The no form of this command causes an empty string to be used.
Parameters
- name
-
Specifies the device-label name, up to 64 characters.
Platforms
All
device-label
Syntax
device-label name
no device-label
Context
[Tree] (config>system>management-interface>remote-management>manager device-label)
Full Context
configure system management-interface remote-management manager device-label
Description
This command configures the metadata label that is supplied to this remote manager. This label can be used to group devices (network-nodes) with a common purpose/role.
This command takes precedence over the same command configured in the global context (config>system>management-interface>remote-management).
The no form of this command causes the device-label name to be inherited from the global context (config>system>management-interface>remote-management).
Parameters
- name
-
Specifies the device-label name, up to 64 characters.
Platforms
All
device-name
device-name
Syntax
device-name name
no device-name
Context
[Tree] (config>system>management-interface>remote-management device-name)
Full Context
configure system management-interface remote-management device-name
Description
This command configures a device name that is supplied to all remote managers. This name identifies the specified SR OS node in the network.
If this command is also configured for a specific manager in the config>system>management-interface>remote-management> manager context, that configuration takes precedence.
The no form of this command causes the system to use the default device name (system-name).
Default
system-name
Parameters
- name
-
Specifies the device name, up to 64 characters.
Platforms
All
device-name
Syntax
device-name name
no device-name
Context
[Tree] (config>system>management-interface>remote-management>manager device-name)
Full Context
configure system management-interface remote-management manager device-name
Description
This command configures a device name that is supplied to the specific manager. This name identifies the specified SR OS node in the network.
This command takes precedence over the same command configured in the global context (config>system>management-interface>remote-management).
The no form of this command causes the device name to be inherited from the global context (config>system>management-interface>remote-management).
Default
system-name
Parameters
- name
-
Specifies the device name, up to 64 characters.
Platforms
All
df-bit-lac
df-bit-lac
Syntax
df-bit-lac {always | never}
no df-bit-lac
Context
[Tree] (config>service>vprn>l2tp df-bit-lac)
[Tree] (config>router>l2tp df-bit-lac)
Full Context
configure service vprn l2tp df-bit-lac
configure router l2tp df-bit-lac
Description
By default, the LAC df-bit-lac is always set and sends all L2TP packets with the DF bit set to 1. The DF bit is configurable to allow downstream routers to fragment the L2TP packets. The LAC itself will not fragment L2TP packets. L2TP packets that have a larger MTU size than what the LAC egress ports allows are dropped.
The no form of this command reverts to the default.
Default
df-bit-lac always
Parameters
- always
-
Specifies that the LAC sends all L2TP packets with the DF bit set to 1.
- never
-
Specifies that the LAC sends all L2TP packets with the DF bit set to 0.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
df-bit-lac
Syntax
df-bit-lac {always | never | default}
no df-bit-lac
Context
[Tree] (config>router>l2tp>group>tunnel df-bit-lac)
[Tree] (config>service>vprn>l2tp>group df-bit-lac)
[Tree] (config>service>vprn>l2tp>group>tunnel df-bit-lac)
[Tree] (config>router>l2tp>group df-bit-lac)
Full Context
configure router l2tp group tunnel df-bit-lac
configure service vprn l2tp group df-bit-lac
configure service vprn l2tp group tunnel df-bit-lac
configure router l2tp group df-bit-lac
Description
By default, the LAC df-bit-lac is set to default and sends all L2TP packets with the DF bit set to 1. The DF bit is configurable to allow downstream routers to fragment the L2TP packets. The LAC will not fragment L2TP packets. L2TP packets that have a larger MTU size than what the LAC egress ports allows are dropped. The configuration of the df-bit can be overridden at different levels: l2tp, tunnel, and group. The configuration at the tunnel level overrides the configuration on both the group and l2tp levels. The configuration at the group level overrides the configuration on l2tp.
The no form of this command reverts to the default.
Default
df-bit-lac default
Parameters
- always
-
Specifies that the LAC sends all L2TP packets with the DF bit set to 1.
- never
-
Specifies that the LAC sends all L2TP packets with the DF bit set to 0.
- default
-
Follows the DF-bit configuration specified on upper levels.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
dh-group
dh-group
Syntax
dh-group {1 | 2 | 5 | 14 | 15 | 19 | 20 | 21}
Context
[Tree] (config>ipsec>ike-transform dh-group)
Full Context
configure ipsec ike-transform dh-group
Description
This command specifies the Diffie-Hellman group to be used in this IKE transform instance.
Default
dh-group 2 (1024-bit — More Modular Exponential (MODP))
Parameters
- dh-group {1 | 2 | 5 | 14 | 15 | 19 | 20 | 21}
-
Specifies which Diffie-Hellman group to use for calculating session keys. More bits provide a higher level of security, but require more processing. Three groups are supported with IKE-v1:
Group 1: 768 bits
Group 2: 1024 bits
Group 5: 1536 bits
Group 14: 2048 bits
Group 15: 3072 bits
Group 19: P-256 ECC Curve, 256 bits
Group 20: P-384 ECC Curve, 384 bits
Group 21: P-512 ECC Curve, 512 bits
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
dhcp
dhcp
Syntax
dhcp
Context
[Tree] (config>subscr-mgmt>msap-policy>vpls-only-sap-parameters dhcp)
Full Context
configure subscriber-mgmt msap-policy vpls-only-sap-parameters dhcp
Description
Commands in this context configure DHCP parameters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
dhcp
Syntax
dhcp
Context
[Tree] (config>service>ies>sub-if>grp-if dhcp)
[Tree] (config>service>vpls>mesh-sdp dhcp)
[Tree] (config>service>vprn>sub-if>grp-if dhcp)
[Tree] (config>service>vpls>spoke-sdp dhcp)
[Tree] (config>service>vpls>sap dhcp)
[Tree] (config>service>vprn>sub-if dhcp)
[Tree] (config>service>vprn>if dhcp)
[Tree] (config>service>vprn dhcp)
[Tree] (config>service>ies>sub-if dhcp)
[Tree] (config>service>ies>if dhcp)
Full Context
configure service ies subscriber-interface group-interface dhcp
configure service vpls mesh-sdp dhcp
configure service vprn subscriber-interface group-interface dhcp
configure service vpls spoke-sdp dhcp
configure service vpls sap dhcp
configure service vprn subscriber-interface dhcp
configure service vprn interface dhcp
configure service vprn dhcp
configure service ies subscriber-interface dhcp
configure service ies interface dhcp
Description
Commands in this context configure DHCP parameters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
- configure service ies subscriber-interface dhcp
- configure service vprn dhcp
- configure service vprn subscriber-interface dhcp
- configure service ies subscriber-interface group-interface dhcp
- configure service vprn subscriber-interface group-interface dhcp
All
- configure service vpls mesh-sdp dhcp
- configure service vprn interface dhcp
- configure service ies interface dhcp
- configure service vpls sap dhcp
- configure service vpls spoke-sdp dhcp
dhcp
Syntax
[no] dhcp [interface ip-int-name]
[no] dhcp mac ieee-address
[no] dhcp sap sap-id
Context
[Tree] (debug>router>ip dhcp)
Full Context
debug router ip dhcp
Description
This command enables DHCP debugging.
The no form of this command disables debugging.
Parameters
- ip-int-name
-
Specifies the name of the IP interface, up to 32 characters. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes.
- ieee-address
-
Specifies the 48-bit MAC address for the static ARP in the form aa:bb:cc:dd:ee:ff or aa-bb-cc-dd-ee-ff where aa, bb, cc, dd, ee, and ff are hexadecimal numbers. Allowed values are any non-broadcast, non-multicast MAC and non-IEEE reserved MAC addresses.
- sap-id
-
Specifies the physical port identifier portion of the SAP definition.
Platforms
All
dhcp
Syntax
dhcp type direction {ingress | egress} script script
no dhcp type direction {ingress | egress}
Context
[Tree] (config>python>py-policy dhcp)
Full Context
configure python python-policy dhcp
Description
This command specifies the Python script for the specified DHCPv4 packet type in the specified direction.
Multiple dhcp command configurations are allowed in the same Python policy.
The no form of this command reverts to the default.
Parameters
- type
-
Specifies the message type of the event.
- direction {ingress | egress}
-
Specifies whether the packet is being received by the system or being sent by the system.
- script script
-
Specifies the name of the Python script, up to 32 characters, that is used to handle the specified message.
Platforms
All
dhcp
Syntax
dhcp
Context
[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range dhcp)
[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range dhcp)
Full Context
configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range dhcp
configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range dhcp
Description
Commands in this context create DHCP configuration for WLAN-GW ISA subscribers (such as migrant subscribers).
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
dhcp
Syntax
[no] dhcp
Context
[Tree] (debug>service>id dhcp)
Full Context
debug service id dhcp
Description
Commands in this context perform DHCP debugging.
The no form of the command disables DHCP debugging.
Platforms
All
dhcp
Syntax
dhcp
Context
[Tree] (config>app-assure>group>transit-ip-policy dhcp)
Full Context
configure application-assurance group transit-ip-policy dhcp
Description
This command enables dynamic DHCP-based management of transit aa-subs for the transit-ip-policy. This is mutually exclusive to other types management of transit subs for a given transit-ip-policy.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
dhcp
Syntax
[no] dhcp
Context
[Tree] (config>service>ies>if>sap>ipsec-gw dhcp)
[Tree] (config>service>vprn>if>sap>ipsec-gw dhcp)
Full Context
configure service ies interface sap ipsec-gw dhcp
configure service vprn interface sap ipsec-gw dhcp
Description
Commands in this context configure DHCPv4-based address assignment for IKEv2 remote-access tunnels.
The system acts as a DHCPv4 client on behalf of the IPsec client, and also a relay agent to relay DHCPv4 packets to the DHCPv4 server.
DHCPv4 DORA(Discovery/Offer/Request/Ack) exchange happens during IKEv2 remote-access tunnel setup. The system also supports standard renew.
In order to use this feature, the relay-proxy must be enabled on the corresponding interface (either the private interface or the interface that has the gi-address as the interface address).
Default
no dhcp
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
dhcp
Syntax
dhcp
Context
[Tree] (config>router>if dhcp)
Full Context
configure router interface dhcp
Description
Commands in this context configure DHCP parameters.
Platforms
All
dhcp
Syntax
dhcp [include-user-class] [timeout timeout]
dhcp client-id [string ascii-string] [hex hex-string] [include-user-class] [timeout timeout]
no dhcp
Context
[Tree] (bof>autoconfigure>ipv4 dhcp)
Full Context
bof autoconfigure ipv4 dhcp
Description
This command configures the IPv4 DHCP client for OOB management. The OOB management IPv4 can be set using a DHCP server offer.
The no form of this command disables IPv4 DHCP OOB management.
Default
no dhcp
Parameters
- include-user-class
-
Specifies to include Option 77 user class data in the offer.
- client-id
-
Specifies to include the client ID for IPv4 Option 61 for auto-discovery. The identifier is opaque and is in string format. By default, this is the chassis serial number.
- timeout
-
Specifies the DHCP offer timeout, in seconds.
- ascii-string
-
Specifies the string format for this option, up to 127 characters.
- hex-string
-
Specifies the hexadecimal format for this option, up to 254 hex nibbles.
Platforms
7450 ESS-7, 7750 SR-1, 7750 SR-7, 7750 SR-1e, 7750 SR-2e, 7750 SR-s
dhcp
Syntax
dhcp [include-user-class] [timeout timeout]
dhcp client-id duid-type [string ascii-string] [hex hex-string] [include-user-class] [timeout timeout]
no dhcp
Context
[Tree] (bof>autoconfigure>ipv6 dhcp)
Full Context
bof autoconfigure ipv6 dhcp
Description
This command configures the IPv6 DHCP client for out-of-band (OOB) management. The OOB management IPv6 can be set using a DHCP server offer.
The no form of this command disables IPv6 DHCP client OOB management.
Default
no dhcp
Parameters
- include-user-class
-
Specifies to include Option 15 user class data in the offer.
- client-id
-
Specifies to include the client ID for IPv6 DHCP Option 1 for auto-discovery. The identifier is opaque and is in string format. By default, this is the chassis serial number.
- seconds
-
Specifies the DHCP client ID timeout, in seconds.
- duid-type
-
Specifies the type code of the server DUID.
- ascii-string
-
Specifies the string format for this option, up to 124 characters.
- hex-string
-
Specifies the hexadecimal format for this option, up to 248 hex nibbles.
- timeout
-
Specifies the DHCP offer timeout, in seconds.
Platforms
7450 ESS-7, 7750 SR-1, 7750 SR-7, 7750 SR-1e, 7750 SR-2e, 7750 SR-s
dhcp
Syntax
[no] dhcp
Context
[Tree] (config>sys>security>cpu-protection>ip>included-protocols dhcp)
Full Context
configure system security cpu-protection ip-src-monitoring included-protocols dhcp
Description
This command includes the extracted IPv4 DHCP packets for ip-src-monitoring. IPv4 DHCP packets will be subject to the per-source-rate of CPU protection policies.
Default
dhcp (Note this is different from the other protocols)
Platforms
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS
dhcp-client
dhcp-client
Syntax
[no] dhcp-client
Context
[Tree] (debug>router>l2tp>peer>packet dhcp-client)
[Tree] (debug>router>l2tp>assignment-id>packet dhcp-client)
[Tree] (debug>router>l2tp>packet dhcp-client)
[Tree] (debug>router>l2tp>group>packet dhcp-client)
Full Context
debug router l2tp peer packet dhcp-client
debug router l2tp assignment-id packet dhcp-client
debug router l2tp packet dhcp-client
debug router l2tp group packet dhcp-client
Description
This command enables debugging for DHCP client packet.
The no form of this command disables debugging for DHCP client packet.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
dhcp-client
Syntax
dhcp-client [terminate-only]
no dhcp-client
Context
[Tree] (debug>service>id>ppp>event dhcp-client)
Full Context
debug service id ppp event dhcp-client
Description
This command enable PPP event debug for DHCP client.
The no form of this command disables PPP event debugging for the DHCP client.
Parameters
- terminate-only
-
Enables debug for local terminated PPP session.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
dhcp-client
Syntax
[no] dhcp-client
Context
[Tree] (debug>service>id>ppp>packet dhcp-client)
Full Context
debug service id ppp packet dhcp-client
Description
This command enables debugging for specific DHCP client packets.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
dhcp-client
Syntax
dhcp-client
Context
[Tree] (config>service>vprn>sub-if>grp-if>pppoe dhcp-client)
[Tree] (config>service>ies>sub-if>grp-if>pppoe dhcp-client)
Full Context
configure service vprn subscriber-interface group-interface pppoe dhcp-client
configure service ies subscriber-interface group-interface pppoe dhcp-client
Description
Commands in this context configure the PPPoE-to-DHCP options.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
dhcp-filter
dhcp-filter
Syntax
dhcp-filter filter-id [create]
no dhcp-filter
Context
[Tree] (config>filter dhcp-filter)
Full Context
configure filter dhcp-filter
Description
Commands in this context create and configure the specified DHCP filter policy.
Parameters
- filter-id
-
Specifies the DHCP filter policy ID expressed as a decimal integer.
- create
-
Keyword required to create the configuration context.
Platforms
All
dhcp-leasetime-threshold
dhcp-leasetime-threshold
Syntax
dhcp-leasetime-threshold [days days] [hrs hours] [min minutes] [sec seconds]
no dhcp-leasetime-threshold
Context
[Tree] (config>system>persistence>options dhcp-leasetime-threshold)
Full Context
configure system persistence options dhcp-leasetime-threshold
Description
This command configures Dynamic Data Persistence (DDP) compact flash access optimization for DHCP leases.
The DHCP lease-time threshold controls the eligibility of a DHCP lease for persistency updates when no data other than the lease expiry time is to be updated. When the offered lease time of the DHCP lease is less than the configured threshold, the lease is flagged to skip persistency updates and will be installed with its full lease time upon a persistency recovery after a reboot.
The dhcp-leasetime-threshold command controls persistency updates for DHCPv4 and DHCPv6 leases for a DHCP relay or proxy and DHCPv4 leases for DHCP snooping (enabled with subscriber-mgmt) and a DHCP server (enabled with dhcp-server).
The no form of the command disables the DHCP lease time threshold.
Default
no dhcp-leasetime-threshold
Parameters
- days
-
Specifies the threshold in days.
- hours
-
Specifies the threshold in hours.
- minutes
-
Specifies the threshold in minutes.
- seconds
-
Specifies the threshold in seconds.
Platforms
All
dhcp-leasetime-threshold
Syntax
dhcp-leasetime-threshold [days days] [hrs hours] [min minutes] [sec seconds]
no dhcp-leasetime-threshold
Context
[Tree] (config>redundancy>multi-chassis>options>sub-mgmt dhcp-leasetime-threshold)
Full Context
configure redundancy multi-chassis options sub-mgmt dhcp-leasetime-threshold
Description
This command configures the DHCP lease time threshold to be eligible for MCS synchronization.
DHCP leases for the sub-mgmt MCS applications are eligible to skip synchronization if the committed lease time is less than the active threshold on a multi-chassis peer. The active threshold is the minimum value of the thresholds configured on the nodes at each end of a multi-chassis peer. The threshold is inactive when it is unconfigured on at least one end of the multi-chassis peer.
The no form of the command disables the DHCP lease time threshold.
Default
no dhcp-leasetime-threshold
No threshold is active and all sub-mgmt DHCP leases are synchronized.
Parameters
- days
-
Specifies the threshold in days.
- hours
-
Specifies the threshold in hours.
- minutes
-
Specifies the threshold in minutes.
- seconds
-
Specifies the threshold in seconds.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
dhcp-options
dhcp-options
Syntax
[no] dhcp-options
Context
[Tree] (config>subscr-mgmt>auth-plcy>include-radius-attribute dhcp-options)
Full Context
configure subscriber-mgmt authentication-policy include-radius-attribute dhcp-options
Description
This command enables insertion of RADIUS VSA containing all DHCP options from DHCP discover (or DHCP request) message. The VSA contains all DHCP options in a form of the string. If required (the total length of all DHCP options exceeds 255B), multiple VSAs are included.
The no form of this command reverts to the default.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
dhcp-options
Syntax
[no] dhcp-options
Context
[Tree] (config>aaa>isa-radius-plcy>acct-include-attributes dhcp-options)
[Tree] (config>aaa>isa-radius-plcy>auth-include-attributes dhcp-options)
Full Context
configure aaa isa-radius-policy acct-include-attributes dhcp-options
configure aaa isa-radius-policy auth-include-attributes dhcp-options
Description
This command enables insertion of RADIUS VSA containing all dhcp-options from dhcp-discover (or dhcp-request) message. The VSA contains all dhcp-options in a form of the string. If required (the total length of all dhcp-options exceeds 255B), multiple VSAs are included.
Default
no dhcp-options
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
dhcp-pool
dhcp-pool
Syntax
dhcp-pool
Context
[Tree] (config>subscr-mgmt>vrgw>brg>brg-profile dhcp-pool)
Full Context
configure subscriber-mgmt vrgw brg brg-profile dhcp-pool
Description
Commands in this context configure per-subscriber IPv4 address pool parameters to be used for address allocation. Pools for different subscribers can overlap. Specific pool parameters can be overridden by RADIUS.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
dhcp-python-policy
dhcp-python-policy
Syntax
dhcp-python-policy policy-name
no dhcp-python-policy
Context
[Tree] (config>service>vpls>sap dhcp-python-policy)
Full Context
configure service vpls sap dhcp-python-policy
Description
This command specifies the name of the Python policy. The Python policy is created in the config>python>python-policy name context.
The no form of this command reverts to the default.
Parameters
- policy-name
-
Specifies a Python policy name, up to 32 characters.
Platforms
All
dhcp-server
dhcp-server
Syntax
dhcp-server
Context
[Tree] (config>system>persistence dhcp-server)
Full Context
configure system persistence dhcp-server
Description
This command configures DHCP server persistence parameters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
dhcp-triggered
dhcp-triggered
Syntax
[no] dhcp-triggered
Context
[Tree] (config>subscr-mgmt>wlan-gw>ue-query>state dhcp-triggered)
Full Context
configure subscriber-mgmt wlan-gw ue-query state dhcp-triggered
Description
This command enables matching on UEs currently in a DHCP-triggered state. This query only filters UEs that are currently authenticating due to a DHCP, DHCPv6, or RS trigger, not RADIUS-authenticated UEs in an ESM, DSM, or portal state that were originally authenticated due to a DHCP, DHCPv6, or RS trigger.
The no form of this command disables matching on UEs in a DHCP-triggered state, unless all state matching is disabled.
Default
no dhcp-triggered
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
dhcp-user-db
dhcp-user-db
Syntax
dhcp-user-db local-user-db-name
no dhcp-user-db
Context
[Tree] (config>service>vpls>sap dhcp-user-db)
Full Context
configure service vpls sap dhcp-user-db
Description
This command enabled access to LUDB for DHCPv4 hosts under the capture SAP. The name of this local user database must match the name of local user database configured under the config>service>vprn/ies>sub-if>group-if>dhcp context.
Parameters
- local-user-db
-
Specifies the name of the local user database name up to 32 characters.
Platforms
All
dhcp-vendor-class-id
dhcp-vendor-class-id
Syntax
[no] dhcp-vendor-class-id
Context
[Tree] (config>subscr-mgmt>auth-plcy>include-radius-attribute dhcp-vendor-class-id)
[Tree] (config>subscr-mgmt>acct-plcy>include-radius-attribute dhcp-vendor-class-id)
Full Context
configure subscriber-mgmt authentication-policy include-radius-attribute dhcp-vendor-class-id
configure subscriber-mgmt radius-accounting-policy include-radius-attribute dhcp-vendor-class-id
Description
This command includes the [26-6527-36] Alc-DHCP-Vendor-Class-Id attribute in authentication or RADIUS accounting messages. The content of the DHCP Vendor-Class-Identifier option (60) is mapped in this attribute.
The no form of this command reverts to the default.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
dhcp-vendor-class-id
Syntax
[no] dhcp-vendor-class-id
Context
[Tree] (config>aaa>isa-radius-plcy>acct-include-attributes dhcp-vendor-class-id)
[Tree] (config>aaa>isa-radius-plcy>auth-include-attributes dhcp-vendor-class-id)
Full Context
configure aaa isa-radius-policy acct-include-attributes dhcp-vendor-class-id
configure aaa isa-radius-policy auth-include-attributes dhcp-vendor-class-id
Description
This command includes the "[26-6527-36] Alc-DHCP-Vendor-Class-Id” attribute in authentication or RADIUS accounting messages. The content of the DHCP Vendor-Class-Identifier option (60) is mapped in this attribute.
Default
no dhcp-vendor-class-id
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
dhcp6
dhcp6
Syntax
dhcp6
Context
[Tree] (config>service>vprn>interface dhcp6)
[Tree] (config>service>vpls>mesh-sdp dhcp6)
[Tree] (config>service>vprn>sub-if>grp-if>ipv6 dhcp6)
[Tree] (config>service>ies>if dhcp6)
[Tree] (config>service>vprn dhcp6)
[Tree] (config>service>vprn>sub-if>grp-if dhcp6)
[Tree] (config>service>vpls>sap dhcp6)
[Tree] (config>service>ies>sub-if>grp-if dhcp6)
[Tree] (config>service>ies>sub-if>grp-if>ipv6 dhcp6)
[Tree] (config>service>ies>sub-if dhcp6)
[Tree] (config>service>vprn>sub-if dhcp6)
[Tree] (config>service>vpls>spoke-sdp dhcp6)
Full Context
configure service vprn interface dhcp6
configure service vpls mesh-sdp dhcp6
configure service vprn subscriber-interface group-interface ipv6 dhcp6
configure service ies interface dhcp6
configure service vprn dhcp6
configure service vprn subscriber-interface group-interface dhcp6
configure service vpls sap dhcp6
configure service ies subscriber-interface group-interface dhcp6
configure service ies subscriber-interface group-interface ipv6 dhcp6
configure service ies subscriber-interface dhcp6
configure service vprn subscriber-interface dhcp6
configure service vpls spoke-sdp dhcp6
Description
Commands in this context configure DHCPv6 parameters.
Platforms
All
- configure service ies interface dhcp6
- configure service vpls spoke-sdp dhcp6
- configure service vprn interface dhcp6
- configure service vpls sap dhcp6
- configure service vpls mesh-sdp dhcp6
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
- configure service vprn subscriber-interface dhcp6
- configure service ies subscriber-interface dhcp6
- configure service vprn subscriber-interface group-interface ipv6 dhcp6
- configure service vprn subscriber-interface group-interface dhcp6
- configure service ies subscriber-interface group-interface ipv6 dhcp6
- configure service vprn dhcp6
- configure service ies subscriber-interface group-interface dhcp6
dhcp6
Syntax
dhcp6
Context
[Tree] (config>system dhcp6)
Full Context
configure system dhcp6
Description
Commands in this context configure system-wide DHCPv6 parameters.
Platforms
All
dhcp6
Syntax
[no] dhcp6 [ip-int-name]
[no] dhcp6 client-identifier duid duid-hex-string [mask mask-hex-string]
[no] dhcp6 client-identifier link-layer-address lla-hex-string
[no] dhcp6 interface ip-int-name
[no] dhcp6 sap sap-id
Context
[Tree] (debug>router>ip dhcp6)
Full Context
debug router ip dhcp6
Description
This command enables DHCPv6 debugging with optional interface, SAP, and client-identifier match criteria to filter the debug output.
The no form of this command disables debugging.
Parameters
- ip-int-name
-
Specifies the name of an existing IP interface, up to 32 characters. Up to four DHCPv6 interface match criteria can be specified per routing instance.
- client-identifier
-
Specifies a client identifier option match criteria.
- duid duid-hex-string
-
Specifies a hexadecimal value for an opaque match on the client DUID in the client identifier option. When the actual length of the client DUID is longer than the length of the specified hex-string, only the left most octets are matched. Up to four DHCPv6 client-identifier match criteria can be specified per routing instance.
- mask mask-hex-string
-
Specifies an optional substring match criteria. When a mask is specified, both hex-string lengths must be equal.
- link-layer-address lla-hex-string
-
Specifies a hexadecimal value for a link layer address field match of a type 1 (DUID-LLT) or type 3 (DUID-LL) client DUID in the client identifier option. When the actual length of the link layer address field is longer than the length of the specified hex-string, only the left most octets are matched. Up to four DHCPv6 client-identifier match criteria can be specified per routing instance.
- sap-id
-
Specifies an existing SAP identifier. Up to four DHCPv6 SAP match criteria can be specified per routing instance.
Platforms
All
dhcp6
Syntax
dhcp6 type direction {ingress | egress} script script
no dhcp6 type direction {ingress | egress}
Context
[Tree] (config>python>py-policy dhcp6)
Full Context
configure python python-policy dhcp6
Description
This command specifies the Python script for the specified DHCPv6 packet type in the specified direction.
Multiple dhcps command configurations are allowed in the same Python policy.
The no form of this command reverts to the default.
Parameters
- type
-
Specifies the message type of the event.
- direction {ingress | egress}
-
Specifies whether the event is incoming or outgoing.
- script
-
Specifies the name of the Python script, up to 32 characters, that will be used to handle the specified message.
Platforms
All
dhcp6
Syntax
dhcp6
Context
[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range dhcp6)
[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range dhcp6)
Full Context
configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range dhcp6
configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range dhcp6
Description
Commands in this context create DHCPv6 configuration for WLAN-GW ISA subscribers.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
dhcp6
Syntax
[no] dhcp6
Context
[Tree] (config>service>vprn>if>sap>ipsec-gw dhcp6)
[Tree] (config>service>ies>if>sap>ipsec-gw dhcp6)
Full Context
configure service vprn interface sap ipsec-gw dhcp6
configure service ies interface sap ipsec-gw dhcp6
Description
Commands in this context configure DHCPv6-based address assignment for IKEv2 remote-access tunnels.
The system acts as a DHCPv6 client on behalf of the IPsec client, and also acts as a relay agent to relay DHCPv6 packets to the DHCPv6 server.
DHCPv6 exchange happens during IKEv2 remote-access tunnel setup. The system also supports standard renew.
Default
no dhcp6
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
dhcp6-address
dhcp6-address
Syntax
dhcp6-address ipv6-address
no dhcp6-address
Context
[Tree] (config>subscr-mgmt>wlan-gw>ue-query dhcp6-address)
Full Context
configure subscriber-mgmt wlan-gw ue-query dhcp6-address
Description
This command enables matching on UEs with the specified DHCPv6 IA-NA address.
The no form of this command disables matching on the IA-NA address.
Default
no dhcp6-address
Parameters
- ipv6-address
-
Specifies the IA-NA address.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
dhcp6-filter
dhcp6-filter
Syntax
dhcp6-filter filter-id [create]
no dhcp6-filter
Context
[Tree] (config>filter dhcp6-filter)
Full Context
configure filter dhcp6-filter
Description
Commands in this context create and configure the specified DHCPv6 filter policy.
The no form of this command reverts to the default.
Parameters
- filter-id
-
Specifies the DHCPv6 filter policy ID expressed as a decimal integer.
- create
-
Keyword required to create the configuration context.
Platforms
All
dhcp6-options
dhcp6-options
Syntax
[no] dhcp6-options
Context
[Tree] (config>subscr-mgmt>auth-plcy>include dhcp6-options)
Full Context
configure subscriber-mgmt authentication-policy include-radius-attribute dhcp6-options
Description
This command copies DHCPv6 options from received DHCPv6 messages on ingress access and pass them to the RADIUS server in Accept-Request. The messages is carried in the RADIUS VSA Alc-ToServer-Dhcp6-Options.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
dhcp6-options
Syntax
[no] dhcp6-options
Context
[Tree] (config>aaa>isa-radius-plcy>acct-include-attributes dhcp6-options)
Full Context
configure aaa isa-radius-policy acct-include-attributes dhcp6-options
Description
If a DHCPv6 stack is active for a UE, this attribute defines if options received in the last DHCPv6 message should be reflected.
Default
no dhcp6-options
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
dhcp6-options
Syntax
[no] dhcp6-options
Context
[Tree] (config>aaa>isa-radius-plcy>auth-include-attributes dhcp6-options)
Full Context
configure aaa isa-radius-policy auth-include-attributes dhcp6-options
Description
If authentication was triggered by DHCPv6, this knob defines if options received in that DHCPv6 message should be reflected in the radius Access-Request.
Default
no dhcp6-options
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
dhcp6-python-policy
dhcp6-python-policy
Syntax
dhcp6-python-policy policy-name
no dhcp6-python-policy
Context
[Tree] (config>service>vpls>sap dhcp6-python-policy)
Full Context
configure service vpls sap dhcp6-python-policy
Description
This command specified the Python policy for DHCPv6 packets sent/received on the capture SAP.
The no form of this command removes the policy name from the configuration.
Parameters
- policy name
-
Specifies an existing Python policy name, up to 256 characters.
Platforms
All
dhcp6-relay
dhcp6-relay
Syntax
[no] dhcp6-relay
Context
[Tree] (config>service>ies>if>ipv6 dhcp6-relay)
[Tree] (config>service>vprn>if>ipv6 dhcp6-relay)
Full Context
configure service ies interface ipv6 dhcp6-relay
configure service vprn interface ipv6 dhcp6-relay
Description
Commands in this context configure DHCPv6 relay parameters for the interface.
The no form of this command disables DHCPv6 relay.
Platforms
All
dhcp6-server
dhcp6-server
Syntax
[no] dhcp6-server
Context
[Tree] (config>service>ies>if>ipv6 dhcp6-server)
[Tree] (config>service>vprn>if>ipv6 dhcp6-server)
Full Context
configure service ies interface ipv6 dhcp6-server
configure service vprn interface ipv6 dhcp6-server
Description
Commands in this context configure DHCPv6 server parameters for the interface.
The no form of this command disables the DHCP6 server.
Platforms
All
dhcp6-user-db
dhcp6-user-db
Syntax
dhcp6-user-db local-user-db
no dhcp6-user-db
Context
[Tree] (config>service>vpls>sap dhcp6-user-db)
Full Context
configure service vpls sap dhcp6-user-db
Description
This command enabled access to LUDB for DHCPv6 hosts under the capture SAP. The name of this LUDB must match the name of the LUDB configured under the config>service>vprn/ies>sub-if>grp-if>dhcp hierarchy.
The no form of this command reverts to the default.
Parameters
- local-user-db
-
Specifies the name of the local-user-database, up to 32 characters.
Platforms
All
dhcpv4
dhcpv4
Syntax
dhcpv4
Context
[Tree] (config>router>subscriber-mgmt dhcpv4)
[Tree] (config>service>vprn>subscriber-mgmt dhcpv4)
Full Context
configure router subscriber-mgmt dhcpv4
configure service vprn subscriber-mgmt dhcpv4
Description
Commands in this context configure DHCPv4 parameters that apply to this routing instance.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
dhcpv4-nat
dhcpv4-nat
Syntax
dhcpv4-nat
Context
[Tree] (config>service>ies>sub-if>wlan-gw>pool-manager>dhcp6-client dhcpv4-nat)
[Tree] (config>service>vprn>sub-if>wlan-gw>pool-manager>dhcp6-client dhcpv4-nat)
Full Context
configure service ies subscriber-interface wlan-gw pool-manager dhcpv6-client dhcpv4-nat
configure service vprn subscriber-interface wlan-gw pool-manager dhcpv6-client dhcpv4-nat
Description
This node enables address pools for DHCPv4 NAT inside addresses. This configuration is only available in wholesale interfaces.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
dhcpv6-client
dhcpv6-client
Syntax
dhcpv6-client
Context
[Tree] (config>service>vprn>sub-if>wlan-gw>pool-manager dhcpv6-client)
[Tree] (config>service>ies>sub-if>wlan-gw>pool-manager dhcpv6-client)
Full Context
configure service vprn subscriber-interface wlan-gw pool-manager dhcpv6-client
configure service ies subscriber-interface wlan-gw pool-manager dhcpv6-client
Description
This command configures the DHCPv6 client for the pool manager.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
diameter
diameter
Syntax
diameter type direction {ingress | egress} script script
no diameter type direction {ingress | egress}
Context
[Tree] (config>python>py-policy diameter)
Full Context
configure python python-policy diameter
Description
This command specifies the Python script to use for the specified Diameter message type in the specified direction.
Multiple diameter command configurations are allowed in the same Python policy.
The no form of this command reverts to the default.
Parameters
- type
-
Specifies the message type.
Message type
Application
Direction
aaa – AA Answer
Nasreq
ingress
aar – AA Request
Nasreq
egress
asa – Abort Session Answer
Gx, Gy
egress
asr – Abort Session Request
Gx, Gy
ingress
cca – Credit Control Answer
Gx, Gy
ingress
ccr – Credit Control Request
Gx, Gy
egress
cea – Capabilities Exchange Answer
Base
ingress
cer – Capabilities Exchange Request
Base
egress
dpa – Disconnect Peer Answer
Base
ingress/egress
dpr – Disconnect Peer Request
Base
ingress/egress
dwa – Device Watchdog Answer
Base
ingress/egress
dwr – Device Watchdog Request
Base
ingress/egress
raa – Re-Authentication Answer
Gx, Gy
egress
rar – Re-Authentication Request
Gx, Gy
ingress
- direction {ingress | egress}
-
Specifies if the message is incoming or outgoing.
- script
-
Specifies the name of the Python script, up to 32 characters, that is used to handle the specified message.
Platforms
All
diameter
Syntax
diameter
Context
[Tree] (config>aaa diameter)
Full Context
configure aaa diameter
Description
Commands in this context configure Diameter parameters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
diameter
Syntax
[no] diameter
Context
[Tree] (debug diameter)
Full Context
debug diameter
Description
This command enables debugging for diameter.
The no form of this command disables debugging.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
diameter
Syntax
diameter
Context
[Tree] (config>app-assure>group>transit-ip diameter)
Full Context
configure application-assurance group transit-ip-policy diameter
Description
Commands in this context configure dynamic Diameter-based management of transit AA subs for the transit IP policy. This is mutually exclusive to other types of management of transit subs for a given transit IP policy.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
diameter-application-policy
diameter-application-policy
Syntax
diameter-application-policy policy-name
no diameter-application-policy
Context
[Tree] (config>service>ies>sub-if>grp-if diameter-application-policy)
[Tree] (config>service>vpls>sap diameter-application-policy)
[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host diameter-application-policy)
[Tree] (config>subscr-mgmt>loc-user-db>ppp>host diameter-application-policy)
[Tree] (config>service>vprn>sub-if>grp-if diameter-application-policy)
Full Context
configure service ies subscriber-interface group-interface diameter-application-policy
configure service vpls sap diameter-application-policy
configure subscriber-mgmt local-user-db ipoe host diameter-application-policy
configure subscriber-mgmt local-user-db ppp host diameter-application-policy
configure service vprn subscriber-interface group-interface diameter-application-policy
Description
This command applies the diameter-application-policy to the processing of the host attachment requests.
The no form of this command reverts to the default value.
Parameters
- policy-name
-
Specifies the name of the diameter policy, up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
- configure subscriber-mgmt local-user-db ipoe host diameter-application-policy
- configure subscriber-mgmt local-user-db ppp host diameter-application-policy
- configure service vprn subscriber-interface group-interface diameter-application-policy
- configure service ies subscriber-interface group-interface diameter-application-policy
All
- configure service vpls sap diameter-application-policy
diameter-application-policy
Syntax
diameter-application-policy application-policy-name [create]
no diameter-application-policy application-policy-name
Context
[Tree] (config>subscr-mgmt diameter-application-policy)
Full Context
configure subscriber-mgmt diameter-application-policy
Description
Commands in this context create and configure diameter application policy.
The no form of this command reverts to the default.
Parameters
- application-policy-name
-
Specifies the name of the diameter policy, up to 32 characters.
- create
-
Specifies the keyword used to create a diameter application policy. The create keyword requirement can be enabled or disabled in the environment>create context.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
diameter-auth-policy
diameter-auth-policy
Syntax
diameter-auth-policy name
no diameter-auth-policy
Context
[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host diameter-auth-policy)
[Tree] (config>subscr-mgmt>loc-user-db>ppp>host diameter-auth-policy)
Full Context
configure subscriber-mgmt local-user-db ipoe host diameter-auth-policy
configure subscriber-mgmt local-user-db ppp host diameter-auth-policy
Description
This command is used to configure the Diameter NASREQ application policy to use for authentication.
The no form of this command reverts to the default.
Parameters
- name
-
Specifies the name of the Diameter NASREQ application policy, up to 32 characters, to use for authentication.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
diameter-auth-policy
Syntax
diameter-auth-policy diameter-authentication-policy-name
no diameter-auth-policy
Context
[Tree] (config>subscr-mgmt>gtp>apn-policy>apn diameter-auth-policy)
Full Context
configure subscriber-mgmt gtp apn-policy apn diameter-auth-policy
Description
This command configures the Diameter authentication policy with which the GTP connection is authenticated.
The no form of this command removes the authentication policy. Only new session setups are affected.
Default
no diameter-auth-policy
Parameters
- diameter-authentication-policy-name
-
Specifies the name of the authentication policy to be used, up to 32 characters.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
diameter-auth-policy
Syntax
diameter-auth-policy name
no diameter-auth-policy
Context
[Tree] (config>service>vpls>sap diameter-auth-policy)
Full Context
configure service vpls sap diameter-auth-policy
Description
This command is used to configure the Diameter NASREQ application policy to use for authentication.
The no form of this command reverts to the default value.
Parameters
- name
-
Specifies the name of the Diameter NASREQ application policy, up to 32 characters, to use for authentication.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
diameter-auth-policy
Syntax
diameter-auth-policy name
no diameter-auth-policy
Context
[Tree] (config>service>vprn>sub-if>grp-if diameter-auth-policy)
[Tree] (config>service>ies>sub-if>grp-if diameter-auth-policy)
Full Context
configure service vprn subscriber-interface group-interface diameter-auth-policy
configure service ies subscriber-interface group-interface diameter-auth-policy
Description
This command is used to configure the Diameter NASREQ application policy to use for authentication.
The no form of this command reverts to the default.
Parameters
- name
-
Specifies the name of the Diameter NASREQ application policy, up to 32 characters, to use for authentication.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
diameter-node
diameter-node
Syntax
diameter-node origin-host-string destination-realm destination-realm-string
no diameter-node
Context
[Tree] (config>subscr-mgmt>diam-appl-plcy diameter-node)
Full Context
configure subscriber-mgmt diameter-application-policy diameter-node
Description
This command configures the Diameter node for this Diameter application policy.
Parameters
- origin-host-string
-
Specifies the Origin-Host AVP used by this Diameter policy, up to 80 characters.
- destination-realm-string
-
Specifies the Destination-Realm AVP used by this Diameter policy peer, up to 80 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
diffserv-te
diffserv-te
Syntax
diffserv-te [mam | rdm]
no diffserv-te
Context
[Tree] (config>router>rsvp diffserv-te)
Full Context
configure router rsvp diffserv-te
Description
This command enables Diff-Serv TE on the node.
When this command is enabled, IS-IS and OSPF starts advertising available bandwidth for each TE class configured under the diffserv-te node. This command only takes effect if the operator has already enabled TE at the IS-IS, OSPF, or both routing protocol levels:
configure router isis traffic-engineering
and/or:
configure router ospf traffic-engineering
IGP advertises for each RSVP interface in the system the available bandwidth in each TE class in the unreserved bandwidth TE parameter for that class. In addition, IGP continues to advertise the existing Maximum Reservable Link Bandwidth TE parameter to mean the maximum bandwidth that can be booked on a given interface by all classes. The value advertised is adjusted with the link subscription percentage factor configured in the configure router rsvp interface context.
The user configures the following parameters for the operation of Diff-Serv:
-
Definition of TE classes, TE Class = {Class Type (CT), LSP priority}.
-
Mapping of the system forwarding classes to the Diff-Serv Class Type (CT).
-
Configuration of the percentage of RSVP interface bandwidth each CT shares, that is, the Bandwidth Constraint (BC).
When Diff-Serv TE is enabled, the system automatically enables the Max Allocation Model (MAM) Admission Control Policy. MAM represents the bandwidth constraint model for the admission control of an LSP reservation to a link.
Each CT shares a percentage of the Maximum Reservable Link Bandwidth through the user-configured Bandwidth Constraint (BC) for this CT. The Maximum Reservable Link Bandwidth is the link bandwidth multiplied by the RSVP interface subscription factor.
The sum of all BC values across all CTs does not exceed the Maximum Reservable Link Bandwidth. In other words, the following rule is enforced:
SUM (BCc) =< Max-Reservable-Bandwidth, 0 <= c <= 7
An LSP of class-type CTc, setup priority p, holding priority h (h=<p), and bandwidth B is admitted into a link if the following condition is satisfied:
B <= Unreserved Bandwidth for TE-Class[i]
where TE-Class [i] maps to < CTc , p > in the definition of the TE classes on the node. The bandwidth reservation is effected at the holding priority, that is, in TE-class [j] = <CTc, h>. Thus, the reserved bandwidth for CTc and the unreserved bandwidth for the TE classes using CTc are updated as follows:
Reserved(CTc) = Reserved(CTc) + B
Unreserved TE-Class [j] = BCc - SUM (Reserved(CTc,q)) for 0<= q <= h
Unreserved TE-Class [i] = BCc - SUM (Reserved(CTc,q)) for 0<= q <= p
The same is done to update the unreserved bandwidth for any other TE class making use of the same CTc. These new values are advertised to the rest of the network at the next IGP-TE flooding.
The Russian Doll Model (RDM) LSP admission control policy allows bandwidth sharing across Class Types. It provides a hierarchical model by which the reserved bandwidth of a CT is the sum of the reserved bandwidths of the numerically equal and higher CTs.
The RDM model is defined using the following equations:
SUM (Reserved (CTc)) <= BCb,
where the SUM is across all values of c in the range b <= c <= (MaxCT - 1), and BCb is the bandwidth constraint of CTb.
BC0= Max-Reservable-Bandwidth, so that
SUM (Reserved(CTc)) <= Max-Reservable-Bandwidth,
where the SUM is across all values of c in the range 0 <= c <= (MaxCT - 1).
When Diff-Serv is disabled on the node, this model degenerates into a single default CT internally with eight preemption priorities and a non-configurable BC equal to the Maximum Reservable Link Bandwidth. This would behave exactly like CT0 with eight preemption priorities and BC= Maximum Reservable Link Bandwidth if Diff-Serv was enabled.
The enabling or disabling of Diff-Serv TE on the system requires the RSVP and MPLS protocol be shutdown.
The no form of this command reverts to the default value.
Default
no diffserv-te
Parameters
- mam
-
Defines the default admission control policy for Diff-Serv LSPs.
- rdm
-
Defines Russian doll model for the admission control policy of Diff-Serv LSPs.
Platforms
All
digest-type
digest-type
Syntax
digest-type {default | none | md5 | sha1}
no digest-type
Context
[Tree] (config>service>vprn>l2tp>l2tpv3 digest-type)
[Tree] (config>service>vprn>l2tp>group>l2tpv3 digest-type)
Full Context
configure service vprn l2tp l2tpv3 digest-type
configure service vprn l2tp group l2tpv3 digest-type
Description
This command configures the hashing algorithm used to calculate the message digest.
The no form of this command returns the digest-type to none.
Default
no digest-type
Parameters
- none
-
Specifies that no digest should be used.
- md5
-
Specifies that the MD5 algorithm should be used.
- sha1
-
Specifies that the SHA1 algorithm should be used.
- default
-
When specified within the config>service>vprn>l2tp>group>l2tpv3 context, this is referencing to the digest-type configuration within the config>service>vprn>l2tp>l2tpv3 context.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
digital-coherent-optics
digital-coherent-optics
Syntax
[no] digital-coherent-optics
Context
[Tree] (config>port>transceiver digital-coherent-optics)
Full Context
configure port transceiver digital-coherent-optics
Description
This command specifies if a digital coherent optics module is used for this port.
The no form of this command specifies that the optical module used in this port is not a digital coherent optics module.
Default
no digital-coherent-optics
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
dir
dir
Syntax
dir [file-url] [sort-order { d | n | s}] [reverse]
Context
[Tree] (file dir)
Full Context
file dir
Description
This command displays a list of files and subdirectories in a directory.
Parameters
- file-url
-
Specifies the path or directory name.
Use the file-url with the optional wildcard (*) to reduce the number of files to list.
- sort-order {d | n | s}
-
Specifies the sort order.
- reverse
-
Reverses the sort order.
Platforms
All
Output
The following output is an example of directory information.
Output ExampleA:cses-E12>file cf3:\ # dir
- dir [<file-url>] [sort-order { d | n | s}] [reverse]
<file-url> : <local-url> | <remote-url>
local-url - [<cflash-id>/][<file-path>]
200 chars max, including cflash-id
directory length 99 chars max each
remote-url - [ftp://<login>:<pswd>@<remote-locn>/
][<file-path>]
255 chars max
directory length 99 chars max each
remote-locn - [ <hostname> | <ipv4-address> |
[<ipv6-address>]]
ipv4-address - a.b.c.d
ipv6-address - x:x:x:x:x:x:x:x[-interface]
x:x:x:x:x:x:d.d.d.d[-interface]
x - [0..FFFF]H
d - [0..255]D
interface - 32 chars max, for link
local addresses
cflash-id - cf1:|cf1-A:|cf1-B:|cf2:|cf2-A:|
cf2-B:|cf3:|cf3-A:|cf3-B:
< d | n | s> : Sort order: d - date, n - name, s - size
<reverse> : keyword - reverse order
A:cses-E12>file cf3:\ # dir
direction
direction
Syntax
direction direction
Context
[Tree] (debug>router>l2tp>group>packet direction)
[Tree] (debug>router>l2tp>peer>packet direction)
[Tree] (debug>router>l2tp>packet direction)
[Tree] (debug>router>l2tp>assignment-id>packet direction)
Full Context
debug router l2tp group packet direction
debug router l2tp peer packet direction
debug router l2tp packet direction
debug router l2tp assignment-id packet direction
Description
This command enables debugging for packet direction.
Parameters
- direction
-
Specifies the packet direction.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
direction
Syntax
direction {ingress | egress | both}
Context
[Tree] (debug>subscr-mgmt>vrgw>brg>pppoe-client>brg-id direction)
Full Context
debug subscriber-mgmt vrgw brg pppoe-client brg-id direction
Description
This command specifies if debugging should only include ingress, egress or all messages.
Default
direction both
Parameters
- ingress
-
Specifies that debugging only includes ingress messages.
- egress
-
Specifies that debugging only includes egress messages.
- both
-
Specifies that debugging includes both ingress and egress messages.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
direction
Syntax
direction ipsec-direction
no direction
Context
[Tree] (config>ipsec>static-sa direction)
Full Context
configure ipsec static-sa direction
Description
This command configures the direction for an IPsec manual SA.
The no form of this command reverts to the default value.
Default
direction bidirectional
Parameters
- ipsec-direction
-
Identifies the direction to which this static SA entry can be applied.
Platforms
All
direction
Syntax
direction direction
Context
[Tree] (debug>router>pcp>pcp-server>packet direction)
Full Context
debug router pcp pcp-server packet direction
Description
This command enables debugging for packet direction.
Parameters
- direction
-
Specifies the packet direction.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
direction
Syntax
direction
Context
[Tree] (config>system>security>keychain direction)
Full Context
configure system security keychain direction
Description
This command specifies the data type that indicates the TCP stream direction to apply the keychain.
Platforms
All
direction-bit
direction-bit
Syntax
[no] direction-bit
Context
[Tree] (config>mirror>mirror-dest>encap>layer-3-encap direction-bit)
Full Context
configure mirror mirror-dest encap layer-3-encap direction-bit
Description
This command is used to steal one bit from the intercept-id in the LI-Shim and use it to indicate the direction of traffic flow for an LI session. Using a direction bit may be used by a LI Mediation Gateway to distinguish between the two directions of traffic flow for an LI session when both directions share a common mirror-dest, intercept-id and session-id. If the direction bit is enabled then the Mirror Header Version (2 bit mhv) in the LI-Shim will be set to binary 01, and the next bit after the mhv is set to 0 for ingress traffic and 1 for egress traffic.
For NAT based LI, ingress means the traffic is arriving at the node from the subscriber host (applies to the 7450 ESS and 7750 SR).
No changes are allowed to the direction-bit configuration once a gateway is configured.
Platforms
All
direction-bit
Syntax
[no] direction-bit
Context
[Tree] (config>li>mirror-dest-template>layer-3-encap direction-bit)
Full Context
configure li mirror-dest-template layer-3-encap direction-bit
Description
This command enables and disables the use of one bit from the interception ID field in the LI-Shim header to be used to indicate the direction of mirrored traffic flow for an LI session. An LI Mediation Gateway can use a direction bit to distinguish between the two directions of traffic flow for an LI session when both directions share a common mirror destination, interception ID, and session ID. If the direction bit is enabled, the Mirror Header Version (2-bit MHV) in the LI-Shim header will be set to binary 01, and the next bit after the MHV is set to 0 for ingress traffic and 1 for egress traffic.
For NAT-based LI, ingress traffic arrives at the node from the subscriber host. No changes are allowed to the direction bit configuration after a gateway is configured.
The no form of this command disables the use of the bit as a direction indicator.
Platforms
All
disable
disable
Syntax
[no] disable
Context
[Tree] (config>call-trace>location disable)
Full Context
configure call-trace location disable
Description
When configured, the specified compact flash will not be used by call-trace. The no form of this command enables the compact flash for use by call-trace.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
disable-4byte-asn
disable-4byte-asn
Syntax
[no] disable-4byte-asn
Context
[Tree] (config>subscr-mgmt>bgp-prng-plcy disable-4byte-asn)
Full Context
configure subscriber-mgmt bgp-peering-policy disable-4byte-asn
Description
This command disables the use of 4-byte ASNs. It can be configured at all 3 level of the hierarchy so it can be specified down to the per peer basis.
If this command is enabled 4-byte ASN support should not be negotiated with the associated remote peer.
The no form of this command resets the behavior to the default which is to enable the use of 4-byte ASN.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
disable-4byte-asn
Syntax
[no] disable-4byte-asn
Context
[Tree] (config>service>vprn>bgp disable-4byte-asn)
[Tree] (config>service>vprn>bgp>group disable-4byte-asn)
[Tree] (config>service>vprn>bgp>group>neighbor disable-4byte-asn)
Full Context
configure service vprn bgp disable-4byte-asn
configure service vprn bgp group disable-4byte-asn
configure service vprn bgp group neighbor disable-4byte-asn
Description
This command disables the use of 4-byte ASNs. It can be configured at all 3 level of the hierarchy so it can be specified down to the per peer basis.
If this command is enabled 4-byte ASN support should not be negotiated with the associated remote peer(s).
The no form of this command resets the behavior to the default which is to enable the use of 4-byte ASN.
Platforms
All
disable-4byte-asn
Syntax
[no] disable-4byte-asn
Context
[Tree] (config>router>bgp disable-4byte-asn)
[Tree] (config>router>bgp>group>neighbor disable-4byte-asn)
[Tree] (config>router>bgp>group disable-4byte-asn)
Full Context
configure router bgp disable-4byte-asn
configure router bgp group neighbor disable-4byte-asn
configure router bgp group disable-4byte-asn
Description
This command disables the support of 4-byte ASNs. It can be configured at all three levels of the hierarchy so it can be specified down to the per-peer basis.
If this command is enabled, 4-byte ASN support should not be negotiated with the associated remote peers.
The no form of this command resets the behavior to the default which is to enable the support of 4-byte ASN.
Default
no disable-4byte-asn
Platforms
All
disable-aging
disable-aging
Syntax
[no] disable-aging
Context
[Tree] (config>service>vpls>vxlan disable-aging)
[Tree] (config>service>vpls>sap disable-aging)
[Tree] (config>service>vpls disable-aging)
[Tree] (config>service>template>vpls-template disable-aging)
[Tree] (config>service>vpls>spoke-sdp disable-aging)
Full Context
configure service vpls vxlan disable-aging
configure service vpls sap disable-aging
configure service vpls disable-aging
configure service template vpls-template disable-aging
configure service vpls spoke-sdp disable-aging
Description
This command disables MAC address aging across a VPLS service, on a VPLS service SAP or spoke-SDP, or VXLAN instance with static binds. Learned MACs can be aged out if no packets are sourced from the MAC address for a period of time (aging time). In each VPLS service instance, there are independent aging timers for local learned MAC and remote learned MAC entries in the VPLS forwarding database (FDB).
The disable-aging command turns off aging for local and remote learned MAC addresses. When no disable-aging is specified for a VPLS, aging can be disabled for specific SAPs, spoke-SDPs, and VXLAN instances (or any combination) by entering the disable-aging command at the appropriate level.
When the disable-aging command is entered at the VPLS level, the aging state of individual SAPs or SDPs or VXLAN instance is ignored.
The no form of this command enables aging on the VPLS service.
Default
no disable-aging
Except for VXLAN instances, where the disable-aging is the default mode
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
- configure service vpls vxlan disable-aging
All
- configure service vpls spoke-sdp disable-aging
- configure service vpls sap disable-aging
- configure service vpls disable-aging
- configure service template vpls-template disable-aging
disable-aging
Syntax
[no] disable-aging
Context
[Tree] (config>service>pw-template disable-aging)
Full Context
configure service pw-template disable-aging
Description
This command disables MAC address aging across a service.
The no form of this command enables aging.
Default
no disable-aging
Platforms
All
disable-capability-negotiation
disable-capability-negotiation
Syntax
[no] disable-capability-negotiation
Context
[Tree] (config>service>vprn>bgp>group>neighbor disable-capability-negotiation)
[Tree] (config>service>vprn>bgp>group disable-capability-negotiation)
Full Context
configure service vprn bgp group neighbor disable-capability-negotiation
configure service vprn bgp group disable-capability-negotiation
Description
This command disables the exchange of capabilities. When command is enabled and after the peering is flapped, any new capabilities are not negotiated and strictly supports IPv4 routing exchanges with that peer.
The no form of this command removes this command from the configuration and restores the normal behavior.
Default
no disable-capability-negotiation
Platforms
All
disable-capability-negotiation
Syntax
[no] disable-capability-negotiation
Context
[Tree] (config>router>bgp>group disable-capability-negotiation)
[Tree] (config>router>bgp>group>neighbor disable-capability-negotiation)
Full Context
configure router bgp group disable-capability-negotiation
configure router bgp group neighbor disable-capability-negotiation
Description
This command disables capability negotiation. When the command is enabled and after the peering is flapped, any new capabilities are not negotiated and will strictly support IPv4 routing exchanges with that peer.
The no form of this command removes this command from the configuration and restores the normal behavior.
Default
no disable-capability-negotiation
Platforms
All
disable-client-reflect
disable-client-reflect
Syntax
[no] disable-client-reflect
Context
[Tree] (config>subscr-mgmt>bgp-prng-plcy disable-client-reflect)
Full Context
configure subscriber-mgmt bgp-peering-policy disable-client-reflect
Description
This command disables the reflection of routes by the route reflector to the group or neighbor. This only disables the reflection of routes from other client peers. Routes learned from non-client peers are still reflected to all clients.
The no form re-enables client reflection of routes to all client peers.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
disable-client-reflect
Syntax
[no] disable-client-reflect
Context
[Tree] (config>service>vprn>bgp>group>neighbor disable-client-reflect)
[Tree] (config>service>vprn>bgp disable-client-reflect)
[Tree] (config>service>vprn>bgp>group disable-client-reflect)
Full Context
configure service vprn bgp group neighbor disable-client-reflect
configure service vprn bgp disable-client-reflect
configure service vprn bgp group disable-client-reflect
Description
This command disables the reflection of routes by the route reflector to the group or neighbor. This only disables the reflection of routes from other client peers. Routes learned from non-client peers are still reflected to all clients.
The no form re-enables client reflection of routes.
Default
no disable-client-reflect
Platforms
All
disable-client-reflect
Syntax
[no] disable-client-reflect
Context
[Tree] (config>router>bgp>group>neighbor disable-client-reflect)
[Tree] (config>router>bgp disable-client-reflect)
[Tree] (config>router>bgp>group disable-client-reflect)
Full Context
configure router bgp group neighbor disable-client-reflect
configure router bgp disable-client-reflect
configure router bgp group disable-client-reflect
Description
This command determines whether routes received from neighbors considered to be RR clients are reflected to other clients.
The no form enables client reflection of routes.
Default
no disable-client-reflect
Platforms
All
disable-communities
disable-communities
Syntax
disable-communities [standard] [extended]
no disable-communities
Context
[Tree] (config>subscr-mgmt>bgp-prng-plcy disable-communities)
Full Context
configure subscriber-mgmt bgp-peering-policy disable-communities
Description
This command configures BGP to disable sending communities.
The no form of this command reverts to the default.
Parameters
- standard
-
Specifies standard communities that existed before VPRNs or 2547.
- extended
-
Specifies BGP communities used were expanded after the concept of 2547 was introduced, to include handling the VRF target.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
disable-communities
Syntax
disable-communities [standard] [extended] [ large]
no disable-communities
Context
[Tree] (config>service>vprn>bgp>group>neighbor disable-communities)
[Tree] (config>service>vprn>bgp disable-communities)
[Tree] (config>service>vprn>bgp>group disable-communities)
Full Context
configure service vprn bgp group neighbor disable-communities
configure service vprn bgp disable-communities
configure service vprn bgp group disable-communities
Description
This command configures BGP to disable sending standard, extended, or large communities to specific peers.
By default, all communities that are attached to a BGP route (any address family) are not stripped from the route when it is advertised to any type of peer: IBGP, EBGP or confed-EBGP.
Default
no disable-communities
Parameters
- standard
-
Specifies that standard 4-byte communities should be removed.
- extended
-
Specifies that 8-byte extended communities (of all types) should be removed.
- large
-
Specifies that 12-byte large communities should be removed.
Platforms
All
disable-communities
Syntax
disable-communities [standard] [extended] [large]
no disable-communities
Context
[Tree] (config>router>bgp disable-communities)
[Tree] (config>router>bgp>group>neighbor disable-communities)
[Tree] (config>router>bgp>group disable-communities)
Full Context
configure router bgp disable-communities
configure router bgp group neighbor disable-communities
configure router bgp group disable-communities
Description
This command configures BGP to disable sending standard, extended, or large communities to specific peers.
By default, all communities that are attached to a BGP route (any address family) are not stripped from the route when it is advertised to any type of peer: IBGP, EBGP, or confed-EBGP.
Default
no disable-communities
Parameters
- standard
-
Advertise the Communities attribute to peers.
- extended
-
Advertise the Extended Communities attribute to peers.
- large
-
Advertise the Large Communities attribute to peers.
Platforms
All
disable-cookies
disable-cookies
Syntax
[no] disable-cookies
Context
[Tree] (config>subscr-mgmt>ppp-policy disable-cookies)
Full Context
configure subscriber-mgmt ppp-policy disable-cookies
Description
This command disables the use of cookies.
The no form of this command enables cookies.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
disable-explicit-null
disable-explicit-null
Syntax
[no] disable-explicit-null
Context
[Tree] (config>router>bgp>label-allocation>label-ipv6 disable-explicit-null)
Full Context
configure router bgp label-allocation label-ipv6 disable-explicit-null
Description
This command controls the allocation and use of explicit null MPLS labels with labeled-unicast ipv6 routes.
When this command is enabled (no disable-explicit-null), the following behaviors apply:
-
during the times when the router is required to act as the BGP next-hop of a label-unicast IPv6 route that it is advertising, it sets the BGP label value to IPv6 explicit null (value 2), forcing a POP behavior for received packets.
-
received label-unicast IPv6 routes never create tunnels in TTM that can be used to resolve other BGP routes (with an IPv6 next-hop).
-
a received label-unicast IPv6 route can be resolved by a label-ipv4 BGP tunnel that is transported over a stacked tunnel (SR-TE LSP or LDPoRSVP LSP)
When this command is disabled (disable-explicit-null), the following behaviors apply:
-
during those times when the router is required to act as the BGP next-hop of a label-unicast IPv6 route that it is advertising, it sets the BGP label value to a proper value in the dynamic label range and programs a POP or SWAP operation for that label, depending on the origin of the route and various import policy actions that could apply to the route
-
received label-unicast IPv6 routes that have a prefix length of 128 bits are automatically installed in TTM so that they can be used to resolve other (non-labeled-unicast) BGP routes (with an IPv6 next-hop)
-
a received label-unicast ipv6 route cannot be resolved by a label-ipv4 BGP tunnel that is transported over a stacked tunnel (SR-TE LSP or LDPoRSVP LSP)
-
the label-ipv6 routes used for ECMP towards an IPv6 destination cannot be a mix of routes with regular label values and routes with special (IPv6 explicit null) label values
Changes in the operational status do not cause the BGP sessions of the base router to reset.
Platforms
All
disable-fast-external-failover
disable-fast-external-failover
Syntax
[no] disable-fast-external-failover
Context
[Tree] (config>subscr-mgmt>bgp-prng-plcy disable-fast-external-failover)
Full Context
configure subscriber-mgmt bgp-peering-policy disable-fast-external-failover
Description
This command configures BGP fast external failover.
The no form of this command reverts to the default.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
disable-fast-external-failover
Syntax
[no] disable-fast-external-failover
Context
[Tree] (config>service>vprn>bgp disable-fast-external-failover)
[Tree] (config>service>vprn>bgp>group disable-fast-external-failover)
[Tree] (config>service>vprn>bgp>group>neighbor disable-fast-external-failover)
Full Context
configure service vprn bgp disable-fast-external-failover
configure service vprn bgp group disable-fast-external-failover
configure service vprn bgp group neighbor disable-fast-external-failover
Description
This command configures BGP fast external failover.
Platforms
All
disable-fast-external-failover
Syntax
[no] disable-fast-external-failover
Context
[Tree] (config>router>bgp>group>neighbor disable-fast-external-failover)
[Tree] (config>router>bgp disable-fast-external-failover)
[Tree] (config>router>bgp>group disable-fast-external-failover)
Full Context
configure router bgp group neighbor disable-fast-external-failover
configure router bgp disable-fast-external-failover
configure router bgp group disable-fast-external-failover
Description
This command configures BGP fast external failover.
Default
no disable-fast-external-failover
Platforms
All
disable-graceful-shutdown
disable-graceful-shutdown
Syntax
[no] disable-graceful-shutdown
Context
[Tree] (config>system>login-control>ssh disable-graceful-shutdown)
Full Context
configure system login-control ssh disable-graceful-shutdown
Description
This command enables graceful shutdown of SSH sessions.
The no form of this command disables graceful shutdown of SSH sessions.
Platforms
All
disable-ldp-sync
disable-ldp-sync
Syntax
[no] disable-ldp-sync
Context
[Tree] (config>router>isis disable-ldp-sync)
Full Context
configure router isis disable-ldp-sync
Description
This command disables the IGP-LDP synchronization feature on all interfaces participating in the OSPF or IS-IS routing protocol. When this command is executed, IGP immediately advertises the actual value of the link cost for all interfaces which have the IGP-LDP synchronization enabled if the currently advertised cost is different. It will then disable IGP-LDP synchronization for all interfaces. This command does not delete the interface configuration. The no form of this command has to be entered to re-enable IGP-LDP synchronization for this routing protocol.
The no form of this command restores the default settings and re-enables IGP-LDP synchronization on all interfaces participating in the OSPF or IS-IS routing protocol and for which the ldp-sync-timer is configured.
Default
no disable-ldp-sync
Platforms
All
disable-ldp-sync
Syntax
[no] disable-ldp-sync
Context
[Tree] (config>router>ospf disable-ldp-sync)
[Tree] (config>router>ospf3 disable-ldp-sync)
Full Context
configure router ospf disable-ldp-sync
configure router ospf3 disable-ldp-sync
Description
This command disables the IGP-LDP synchronization feature on all interfaces participating in the OSPF routing protocol. When this command is executed, IGP immediately advertises the actual value of the link cost for all interfaces which have the IGP-LDP synchronization enabled if the currently advertised cost is different. It will then disable IGP-LDP synchronization for all interfaces. This command does not delete the interface configuration. The no form of this command has to be entered to re-enable IGP-LDP synchronization for this routing protocol.
The no form of this command restores the default settings and re-enables IGP-LDP synchronization on all interfaces participating in the OSPF or IS-IS routing protocol and for which the ldp-sync-timer is configured.
Default
no disable-ldp-sync
Platforms
All
disable-learning
disable-learning
Syntax
[no] disable-learning
Context
[Tree] (config>service>template>vpls-template disable-learning)
[Tree] (config>service>vpls disable-learning)
[Tree] (config>service>vpls>sap disable-learning)
[Tree] (config>service>vpls>spoke-sdp disable-learning)
[Tree] (config>service>vpls>vxlan disable-learning)
Full Context
configure service template vpls-template disable-learning
configure service vpls disable-learning
configure service vpls sap disable-learning
configure service vpls spoke-sdp disable-learning
configure service vpls vxlan disable-learning
Description
This command disables learning of new MAC addresses in the VPLS forwarding database (FDB) for the service instance, SAP instance, spoke-SDP instance, or VXLAN instance.
When disable-learning is enabled, new source MAC addresses are not entered in the VPLS service forwarding database. This applies for both local and remote MAC addresses.
When no disable-learning is specified for a VPLS on a 7450 ESS, it is possible to disable learning for specific SAPs and/or spoke SDPs by entering the disable-learning command at the appropriate level.
When disable-learning is disabled, new source MAC addresses are learned and entered into the VPLS forwarding database.
This parameter is mainly used in conjunction with the discard-unknown command.
The no form of this command enables learning of MAC addresses.
Default
no disable-learning
Normal MAC learning is enabled. The default mode for VXLAN instances is disable-learning.
Platforms
All
- configure service vpls disable-learning
- configure service vpls sap disable-learning
- configure service template vpls-template disable-learning
- configure service vpls spoke-sdp disable-learning
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
- configure service vpls vxlan disable-learning
disable-learning
Syntax
[no] disable-learning
Context
[Tree] (config>service>pw-template disable-learning)
Full Context
configure service pw-template disable-learning
Description
This command enables learning of new MAC addresses.
This parameter is mainly used in conjunction with the discard-unknown command.
The no form of this command enables learning of MAC addresses.
Default
no disable-learning (Normal MAC learning is enabled)
Platforms
All
disable-route-table-install
disable-route-table-install
Syntax
[no] disable-route-table-install
Context
[Tree] (config>router>bgp disable-route-table-install)
Full Context
configure router bgp disable-route-table-install
Description
This command disables the installation of all IPv4, label-ipv4, IPv6 and label-ipv6 routes into the route table and tunnel table associated with the BGP instance.
Configuring this command prevents the advertisement of all IPv4, label-ipv4, IPv6 and label-ipv6 routes if there is a change of the BGP next-hop to one of the router’s own addresses. Typically, this is only useful on a router that is a control-plane route reflector (not in the datapath).
The no form of the command enables the installation of all IPv4, label-ipv4, IPv6 and label-ipv6 routes into the route table and tunnel table associated with the BGP instance.
Default
no disable-route-table-install
Platforms
All
disable-route-table-install
Syntax
[no] disable-route-table-install
Context
[Tree] (config>router>policy-options>policy-statement>default-action disable-route-table-install)
[Tree] (config>router>policy-options>policy-statement>entry>action disable-route-table-install)
Full Context
configure router policy-options policy-statement default-action disable-route-table-install
configure router policy-options policy-statement entry action disable-route-table-install
Description
This command specifies that BGP routes (IPv4, IPv6, label-ipv4, label-ipv6) matching the policy entry (or, depending on the context, the policy’s default-action) should not be installed in the route table, tunnel table (in the case of label-ipv4 routes), or IP FIB table.
This policy action has an effect only in BGP peer import policies. This policy action does not prevent the matched routes from contributing toward aggregate routes and does not prevent the matched routes from being advertised, even if next-hop-self has been applied. This means that incorrect use of this feature can blackhole traffic.
Marking label-ipv4 routes with this action does not prevent label-swap (ILM) entries from being programmed when such routes are re-advertised with a new BGP next-hop and label.
The no form of this command provides the default behavior of installing routes that are selected as the best path, ECMP path or backup path, depending on the circumstances.
Default
no disable-route-table-install
Platforms
All
disable-router-alert-check
disable-router-alert-check
Syntax
[no] disable-router-alert-check
Context
[Tree] (config>service>vprn>igmp>group-interface disable-router-alert-check)
[Tree] (config>service>vprn>mld>group-interface disable-router-alert-check)
[Tree] (config>router>igmp>group-interface disable-router-alert-check)
[Tree] (config>router>mld>group-interface disable-router-alert-check)
[Tree] (config>router>igmp>if disable-router-alert-check)
Full Context
configure service vprn igmp group-interface disable-router-alert-check
configure service vprn mld group-interface disable-router-alert-check
configure router igmp group-interface disable-router-alert-check
configure router mld group-interface disable-router-alert-check
configure router igmp interface disable-router-alert-check
Description
This command disables router alert checking for IGMP/MLD messages received on this interface.
The no form of this command enables router alert checking.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
- configure service vprn mld group-interface disable-router-alert-check
- configure service vprn igmp group-interface disable-router-alert-check
- configure router igmp group-interface disable-router-alert-check
- configure router mld group-interface disable-router-alert-check
All
- configure router igmp interface disable-router-alert-check
disable-router-alert-check
Syntax
[no] disable-router-alert-check
Context
[Tree] (config>router>mld>if disable-router-alert-check)
Full Context
configure router mld interface disable-router-alert-check
Description
This command enables router alert checking for MLD messages received on this interface.
The no form of this command disables router alert checking.
Platforms
All
disable-router-alert-check
Syntax
[no] disable-router-alert-check
Context
[Tree] (config>subscr-mgmt>igmp-policy disable-router-alert-check)
Full Context
configure subscriber-mgmt igmp-policy disable-router-alert-check
Description
This command disables router alert checking for IGMP messages received on this interface.
The no form of this command reverts to the default value.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
disable-router-alert-check
Syntax
[no] disable-router-alert-check
Context
[Tree] (config>service>vprn>sub-if>grp-if>sap>igmp-host-tracking disable-router-alert-check)
Full Context
configure service vprn subscriber-interface group-interface sap igmp-host-tracking disable-router-alert-check
Description
This command disables the IGMP router alert check option.
The no form of this command enables the router alert check.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
disable-router-alert-check
Syntax
[no] disable-router-alert-check
Context
[Tree] (config>subscr-mgmt>mld-policy disable-router-alert-check)
Full Context
configure subscriber-mgmt mld-policy disable-router-alert-check
Description
This command disables router alert checking for MLD messages received on this interface.
The no form of this command enables router alert checking.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
disable-router-alert-check
Syntax
[no] disable-router-alert-check
Context
[Tree] (config>service>vpls>sap>igmp-host-tracking disable-router-alert-check)
[Tree] (config>service>vpls>mesh-sdp>mld-snooping disable-router-alert-check)
[Tree] (config>service>vpls>spoke-sdp>mld-snooping disable-router-alert-check)
[Tree] (config>service>vpls>spoke-sdp>igmp-snooping disable-router-alert-check)
[Tree] (config>service>vpls>mesh-sdp>igmp-snooping disable-router-alert-check)
[Tree] (config>service>vpls>sap>igmp-snooping disable-router-alert-check)
[Tree] (config>service>vpls>sap>mld-snooping disable-router-alert-check)
Full Context
configure service vpls sap igmp-host-tracking disable-router-alert-check
configure service vpls mesh-sdp mld-snooping disable-router-alert-check
configure service vpls spoke-sdp mld-snooping disable-router-alert-check
configure service vpls spoke-sdp igmp-snooping disable-router-alert-check
configure service vpls mesh-sdp igmp-snooping disable-router-alert-check
configure service vpls sap igmp-snooping disable-router-alert-check
configure service vpls sap mld-snooping disable-router-alert-check
Description
This command disables the IGMP or MLD router alert check option.
The no form of this command enables the router alert check.
Default
no disable-router-alert-check
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
- configure service vpls sap igmp-host-tracking disable-router-alert-check
All
- configure service vpls sap igmp-snooping disable-router-alert-check
- configure service vpls mesh-sdp mld-snooping disable-router-alert-check
- configure service vpls spoke-sdp igmp-snooping disable-router-alert-check
- configure service vpls spoke-sdp mld-snooping disable-router-alert-check
- configure service vpls mesh-sdp igmp-snooping disable-router-alert-check
- configure service vpls sap mld-snooping disable-router-alert-check
disable-router-alert-check
Syntax
[no] disable-router-alert-check
Context
[Tree] (config>service>vprn>igmp>if disable-router-alert-check)
[Tree] (config>service>ies>sub-if>grp-if>sap>igmp-host-tracking disable-router-alert-check)
Full Context
configure service vprn igmp interface disable-router-alert-check
configure service ies subscriber-interface group-interface sap igmp-host-tracking disable-router-alert-check
Description
This command disables the IGMP router alert check option.
The no form of this command enables the router alert check.
Platforms
All
- configure service vprn igmp interface disable-router-alert-check
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
- configure service ies subscriber-interface group-interface sap igmp-host-tracking disable-router-alert-check
disable-router-alert-check
Syntax
[no] disable-router-alert-check
Context
[Tree] (config>service>vprn>mld>if disable-router-alert-check)
Full Context
configure service vprn mld interface disable-router-alert-check
Description
This command disables router alert checking for MLD messages received on this interface.
The no form of this command enables the router alert checking.
Platforms
All
disable-selective-fib
disable-selective-fib
Syntax
[no] disable-selective-fib
Context
[Tree] (config>service>vprn disable-selective-fib)
Full Context
configure service vprn disable-selective-fib
Description
This command specifies whether the system level selective FIB setting is overridden on this instance.
The no form of this command enables the selective FIB.
Default
no disable-selective-fib
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
disable-selective-fib
Syntax
[no] disable-selective-fib
Context
[Tree] (config>router disable-selective-fib)
Full Context
configure router disable-selective-fib
Description
This command disables the selective FIB.
The no form of this command enables the selective FIB.
Default
no disable-selective-fib
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
disable-send-bvpls-evpn-flush
disable-send-bvpls-evpn-flush
Syntax
[no] disable-send-bvpls-evpn-flush
Context
[Tree] (config>service>vpls>spoke-sdp disable-send-bvpls-evpn-flush)
[Tree] (config>service>vpls>sap disable-send-bvpls-evpn-flush)
Full Context
configure service vpls spoke-sdp disable-send-bvpls-evpn-flush
configure service vpls sap disable-send-bvpls-evpn-flush
Description
This command disables the ISID-based C-MAC flush indication when the corresponding SAP or spoke-SDP enters the operationally down state.
If the send-bvpls-evpn-flush is properly enabled, the no version of the command enables B-MAC/ISID route updates to be sent when the SAP or spoke-SDP is operationally down.
Default
no disable-send-bvpls-evpn-flush
Platforms
All
disable-shcv
disable-shcv
Syntax
[no] disable-shcv [alarm] [hold-time seconds]
Context
[Tree] (config>subscr-mgmt>ancp>policy>port-dwn disable-shcv)
Full Context
configure subscriber-mgmt ancp ancp-policy port-down disable-shcv
Description
When this command is configured, the node suspends SHCV for the hosts defined with this ANCP policy until the access node sends a port-up message. When the hold-time parameter is used, the node suspends SHCV for the period of time defined. If the hold-time parameter is not defined the node will suspend SHCV until a port-up message is received.
If the optional alarm flag is used, the node sends a SHCV alarm before suspending.
The no form of this command reverts to the default.
Parameters
- alarm
-
Specifies that the node sends an alarm before suspending SHCV.
- seconds
-
Specifies the time that the node suspends SHCV.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
disable-soft-reset-extension
disable-soft-reset-extension
Syntax
[no] disable-soft-reset-extension
Context
[Tree] (config>lag>bfd disable-soft-reset-extension)
Full Context
configure lag bfd disable-soft-reset-extension
Description
This command disables the automatic extension of BFD timers during an IOM/IMM soft-reset. Normally, BFD session timers are automatically extended during a soft-reset operation on the IOMs and IMMs to avoid BFD sessions timing out and causing protocol events. However, in some cases this behavior is not desired as it could delay fast re-route transitions if the timers are in place. The disable-soft-reset-extension command controls this behavior.
Default
no disable-soft-reset-extension
Platforms
All
disable-stickiness
disable-stickiness
Syntax
[no] disable-stickiness
Context
[Tree] (config>aaa>radius-srv-plcy>servers disable-stickiness)
Full Context
configure aaa radius-server-policy servers disable-stickiness
Description
This command disables a subscriber RADIUS accounting session from sticking with a single server under normal working conditions. If a direct algorithm is used, all subscriber RADIUS sessions will go directly to the server with the lowest configured index. If a failure occurs, a new in-service server with the next lowest index is used. When the original server recovers, if stickiness is not disabled, all existing sessions will continue to use the new server. This command disables stickiness, and as a result, the recovered original RADIUS server will again service every subscriber. If a round-robin algorithm is used and stickiness is not disabled, an accounting session for a particular subscriber (or host, depending on the accounting mode) will stay with the same server. This command removes the stickiness and all subscriber accounting messages will go through the list of servers in a round-robin manner.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
disable-targeted-session
disable-targeted-session
Syntax
[no] disable-targeted-session
Context
[Tree] (config>router>ldp>targ-session disable-targeted-session)
Full Context
configure router ldp targeted-session disable-targeted-session
Description
This command disables support for SDP triggered automatic generated targeted sessions. Targeted sessions are LDP sessions between non-directly connected peers. The discovery messages for an indirect LDP session are addressed to the specified peer and not to the multicast address.
The no form of this command enables the set up of any targeted sessions.
Default
no disable-targeted-session
Platforms
All
disallow-igp
disallow-igp
Syntax
[no] disallow-igp
Context
[Tree] (config>router>static-route-entry>indirect>tunnel-next-hop disallow-igp)
Full Context
configure router static-route-entry indirect tunnel-next-hop disallow-igp
Description
This optional command determines if the associated static route can be resolved via an IGP next-hop in the RTM if no tunnel next-hops are found in TTM.
When configured, the associated static route will not be resolved to an available IGP route in the RTM.
The no form of this command returns the behavior to the default, which allows the static route to be resolved via an IGP route in the RTM if no tunnel next-hop can be found in the TTM.
Default
no disallow-igp
Platforms
All
disallow-sequence-keys
disallow-sequence-keys
Syntax
disallow-sequence-keys number-of-characters
no disallow-sequence-keys
Context
[Tree] (config>system>sec>passwd>compl disallow-sequence-keys)
Full Context
configure system security password complexity-rules disallow-sequence-keys
Description
This command configures the number of consecutive characters that are not allowed to be entered as part of the password on a U.S. English or Korean keyboard. These characters can be lowercase or uppercase letters, or numbers. Special characters are not taken into account. These consecutive characters can be horizontal (left to right) or (right to left) or diagonal (up to bottom or bottom to top). If the number of consecutive characters is equal to or larger than the configured value, the password is disallowed.
For example, if the user attempts to use the password "dsalkjhgfdsa", with this command configured to 8, the system rejects the password because the first consecutive sequence “dsa” is 3 lowercase letters, which passes the check, but the second consecutive sequence is “lkjhgfdsa”, which consists of 9 consecutive lowercase letters and this does not pass the check.
The no form of this command removes the restriction on the number of characters.
Default
no disallow-sequence-keys
Parameters
- number-of-characters
-
Specifies the number of characters.
Platforms
All
discard
discard
Syntax
discard [now]
Context
[Tree] (candidate discard)
Full Context
candidate discard
Description
This command deletes the entire contents of the candidate configuration and exits the edit-cfg mode. Undo cannot be used to recover a candidate that has been discarded with candidate discard.
Parameters
- now
-
Avoids a confirmation prompt for the discard.
Platforms
All
discard-changes
discard-changes
Syntax
[no] discard-changes
Context
[Tree] (configure>system>security>profile>netconf>base-op-authorization discard-changes)
Full Context
configure system security profile netconf base-op-authorization discard-changes
Description
This command enables the NETCONF <discard-changes> RPC.
The no form of this command disables the RPC.
Default
no discard-changes
The operation is enabled by default in the built-in system-generated administrative profile.
Platforms
All
discard-eligible
discard-eligible
Syntax
discard-eligible {true | false}
Context
[Tree] (config>test-oam>sath>svc-test>svc-stream>frm-payl>eth>s-tag discard-eligible)
[Tree] (config>test-oam>sath>svc-test>svc-stream>frm-payl>eth>c-tag discard-eligible)
Full Context
configure test-oam service-activation-testhead service-test service-stream frame-payload ethernet s-tag discard-eligible
configure test-oam service-activation-testhead service-test service-stream frame-payload ethernet c-tag discard-eligible
Description
This command configures the marking of the discard eligibility (DEI) bit in the VLAN header.
Default
discard-eligible false
Parameters
- true
-
Keyword to indicate that the frame is discard eligible.
- false
-
Keyword to indicate that the frame is not discard eligible.
Platforms
7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS
discard-rx-pause-frames
discard-rx-pause-frames
Syntax
[no] discard-rx-pause-frames
Context
[Tree] (config>port>ethernet discard-rx-pause-frames)
Full Context
configure port ethernet discard-rx-pause-frames
Description
This command discards received pause frames. Pause frames are used for local link flow control.
The no form of this command processes pause frames upon reception and the transmit side of the receiving port pauses in its transmissions.
Default
no discard-rx-pause-frames
Platforms
All
discard-unknown
discard-unknown
Syntax
[no] discard-unknown
Context
[Tree] (config>service>vpls discard-unknown)
[Tree] (config>service>template>vpls-template discard-unknown)
Full Context
configure service vpls discard-unknown
configure service template vpls-template discard-unknown
Description
By default, packets with unknown destination MAC addresses are flooded. If discard-unknown is enabled at the VPLS level, packets with unknown destination MAC address will be dropped instead (even when configured FDB size limits for VPLS or SAP are not yet reached).
The no form of this command allows flooding of packets with unknown destination MAC addresses in the VPLS.
Default
no discard-unknown
Platforms
All
discard-unknown-source
discard-unknown-source
Syntax
[no] discard-unknown-source
Context
[Tree] (config>service>template>vpls-sap-template discard-unknown-source)
[Tree] (config>service>template>vpls-template discard-unknown-source)
[Tree] (config>service>vpls>sap discard-unknown-source)
[Tree] (config>service>vpls>vxlan discard-unknown-source)
[Tree] (config>service>vpls>spoke-sdp discard-unknown-source)
Full Context
configure service template vpls-sap-template discard-unknown-source
configure service template vpls-template discard-unknown-source
configure service vpls sap discard-unknown-source
configure service vpls vxlan discard-unknown-source
configure service vpls spoke-sdp discard-unknown-source
Description
When this command is enabled, packets received on a SAP, a spoke-SDP, or a static VXLAN instance with an unknown source MAC address will be dropped only if the maximum number of MAC addresses for that SAP or spoke-SDP (see max-nbr-mac-addr [config>service>vpls>sap max-nbr-mac-addr, config>service>vpls>spoke-sdp max-nbr-mac-addr]) has been reached. If max-nbr-mac-addr has not been set for the SAP or spoke-SDP, enabling discard-unknown-source has no effect.
When disabled, the packets are forwarded based on the destination MAC addresses.
The no form of this command causes packets with an unknown source MAC addresses to be forwarded by destination MAC addresses in VPLS.
Default
no discard-unknown-source
Platforms
All
- configure service vpls spoke-sdp discard-unknown-source
- configure service template vpls-sap-template discard-unknown-source
- configure service template vpls-template discard-unknown-source
- configure service vpls sap discard-unknown-source
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
- configure service vpls vxlan discard-unknown-source
discard-unknown-source
Syntax
[no] discard-unknown-source
Context
[Tree] (config>service>pw-template discard-unknown-source)
Full Context
configure service pw-template discard-unknown-source
Description
When this command is enabled, packets received with an unknown source MAC address will be dropped only if the maximum number of MAC addresses have been reached.
When disabled, the packets are forwarded based on the destination MAC addresses.
The no form of this command causes packets with an unknown source MAC addresses to be forwarded by destination MAC addresses.
Default
no discard-unknown-source
Platforms
All
disconnect
disconnect
Syntax
disconnect [address ip-address | session-id session-id | username user-name | {console | bluetooth | telnet | ftp | ssh | netconf | grpc}]
Context
[Tree] (admin disconnect)
Full Context
admin disconnect
Description
This command disconnects a user from a session.
Issuing the disconnect command without any parameters disconnects the session in which the command was executed.
If any of the session type options (for example, console, bluetooth, telnet, FTP, SSH) are specified, only the respective sessions are affected.
If no session type options are specified, all sessions from the IP address or from the specified user are disconnected.
Any task that the user is executing is terminated. FTP files accessed by the user are not removed.
A major severity security log event is created specifying what was terminated and by whom.
By default, no disconnect options are configured.
Parameters
- ip-address
-
Specifies the IP address to disconnect, specified in dotted decimal notation.
Note:IPv6 is supported on the 7750 SR and 7950 XRS.
- session-id
-
The model-driven session ID. Can be obtained using the show system management-interface datastore-locks [detail] command.
- user-name
-
Specifies the name of the user. The name can be up to 32 characters.
- console
-
Disconnects the console session.
- bluetooth
-
Disconnects the Bluetooth session.
- telnet
-
Disconnects the Telnet session.
- ftp
-
Disconnects the FTP session.
- ssh
-
Disconnects the SSH session.
- netconf
-
Disconnects the NETCONF session.
- grpc
-
Disconnects the gRPC session.
Platforms
All
discover-delay
discover-delay
Syntax
discover-delay delay
no discover-delay
Context
[Tree] (config>service>vprn>sub-if>dhcp>osel discover-delay)
[Tree] (config>service>ies>sub-if>grp-if>dhcp>osel discover-delay)
[Tree] (config>service>vprn>sub-if>grp-if>dhcp>osel discover-delay)
Full Context
configure service vprn subscriber-interface dhcp offer-selection discover-delay
configure service ies subscriber-interface group-interface dhcp offer-selection discover-delay
configure service vprn subscriber-interface group-interface dhcp offer-selection discover-delay
Description
This command configures the default time to delay DHCP Discover messages. The delay is applied to all DHCP Discover messages for which no per DHCP server or per client MAC delay is configured.
The no form of this command removes the delay.
Parameters
- delay
-
Specifies the default time to delay DHCP Discover messages, in deciseconds.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
discover-delay
Syntax
discover-delay delay
no discover-delay
Context
[Tree] (config>service>vprn>sub-if>dhcp>osel>clnt-mac discover-delay)
[Tree] (config>service>ies>sub-if>grp-if>dhcp>osel>clnt-mac discover-delay)
[Tree] (config>service>vprn>sub-if>grp-if>dhcp>osel>clnt-mac discover-delay)
Full Context
configure service vprn subscriber-interface dhcp offer-selection client-mac discover-delay
configure service ies subscriber-interface group-interface dhcp offer-selection client-mac discover-delay
configure service vprn subscriber-interface group-interface dhcp offer-selection client-mac discover-delay
Description
This command configures the amount of time to delay DHCP Discover messages from odd or even source MAC addresses.
The no form of this command removes the delay.
Parameters
- delay
-
Specifies the amount of time to delay DHCP Discover messages from odd or even source MAC addresses, in deciseconds.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
discover-delay
Syntax
discover-delay delay
no discover-delay
Context
[Tree] (config>service>vprn>sub-if>grp-if>dhcp>osel>srvr discover-delay)
[Tree] (config>service>vprn>sub-if>dhcp>osel>srvr discover-delay)
[Tree] (config>service>ies>sub-if>grp-if>dhcp>osel>srvr discover-delay)
Full Context
configure service vprn subscriber-interface group-interface dhcp offer-selection server discover-delay
configure service vprn subscriber-interface dhcp offer-selection server discover-delay
configure service ies subscriber-interface group-interface dhcp offer-selection server discover-delay
Description
This command configures the amount of time to delay DHCP Discover messages relayed to the server.
The no form of this command removes the delay.
Parameters
- delay
-
Specifies the amount of time to delay DHCP Discover messages relayed to the server, in deciseconds.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
discovery
discovery
Syntax
discovery [padi] [pado] [padr] [pads] [padt]
no discovery
Context
[Tree] (debug>service>id>ppp>packet discovery)
Full Context
debug service id ppp packet discovery
Description
This command enables debugging for specific PPP discovery packets.
Parameters
- padi
-
Enables debugging for PADI PPP discovery packets.
- pado
-
Enables debugging for PADO PPP discovery packets.
- padr
-
Enables debugging for PADR PPP discovery packets.
- pads
-
Enables debugging for PADS PPP discovery packets.
- padt
-
Enables debugging for PADT PPP discovery packets.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
discovery
Syntax
discovery [padi] [pado] [padr] [pads] [ padt]
Context
[Tree] (debug>subscr-mgmt>vrgw>brg>pppoe-client>brg-id discovery)
Full Context
debug subscriber-mgmt vrgw brg pppoe-client brg-id discovery
Description
This command, limits debugging only to the specified messages in the discovery phase.
Parameters
- padi
-
Limits debugging only to padi messages.
- pado
-
Limits debugging only to pado messages.
- padr
-
Limits debugging only to padr messages.
- pads
-
Limits debugging only to pads messages.
- padt
-
Limits debugging only to padt messages.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
discovery
Syntax
discovery
Context
[Tree] (config>port>ethernet>efm-oam discovery)
Full Context
configure port ethernet efm-oam discovery
Description
This is the top level of the hierarchy containing various discovery parameters that allow the operator to control certain aspects of the negotiation process as well as what action to take when there is a mismatch in peer capabilities.
Platforms
All
discovery-interval
discovery-interval
Syntax
discovery-interval interval-secs [boot interval-secs]
no discovery-interval
Context
[Tree] (config>redundancy>multi-chassis>peer>mc-ipsec discovery-interval)
Full Context
configure redundancy multi-chassis peer mc-ipsec discovery-interval
Description
This command specifies the time interval of tunnel-group stays in the Discovery state. Interval-1 is used as discovery-interval when a new tunnel-group is added to multi-chassis redundancy (mp-ipsec); interval-2 is used as discovery-interval when the system boots up, it is optional, when it is not specified, the interval-1 will be used.
Default
discovery-interval 300 boot 300
Parameters
- interval-secs
-
Specifies the maximum duration, in seconds, of the discovery interval during which a newly activated multi- chassis IPsec tunnel-group will remain dormant while trying to contact its redundant peer. Groups held dormant in this manner will neither pass traffic nor negotiate security keys. This interval ends when either the redundant peer is contacted and a master election occurs, or when the maximum duration expires.
- boot interval-secs
-
Specifies the maximum duration of an interval immediately following system startup. When the normal discovery interval for a group would expire while the post-boot discovery interval is still active, then the group's discovery interval is extended until the post-boot discovery interval expires. This allows an extension to the normal discovery stage of groups following a chassis reboot, to account for the larger variance in routing.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
discovery-interval
Syntax
discovery-interval seconds
Context
[Tree] (config>test-oam>link-meas>template>twl>ipv6-dest-disc discovery-interval)
Full Context
configure test-oam link-measurement measurement-template twamp-light ipv6-destination-discovery discovery-interval
Description
This command configures the frequency at which IPv6 peer discovery packets are transmitted when the discovery-timer is active.
The no form of the command reverts to the default value.
Default
discovery-interval 10
Parameters
- seconds
-
Specifies transmission frequency of the discovery packet.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
discovery-timer
discovery-timer
Syntax
discovery-timer seconds
Context
[Tree] (config>test-oam>link-meas>template>twl>ipv6-dest-disc discovery-timer)
Full Context
configure test-oam link-measurement measurement-template twamp-light ipv6-destination-discovery discovery-timer
Description
This command configures the amount of time to transmit peer discovery packets at the discovery-interval. The timer starts when the IPv6 protocols is enabled under the config>router>if>if-attribute>delay>dynamic> twamp-light>ipv6 context. At the expiration of the discovery-interval or when a peer is discovered, the probe interval changes to the value configured for the update-interval.
The no form of the command reverts to the default value.
Default
discovery-interval 60
Parameters
- seconds
-
Specifies transmission frequency of the discovery packet.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
discriminator
discriminator
Syntax
discriminator discriminator
no discriminator
Context
[Tree] (config>bfd>seamless-bfd>reflector discriminator)
Full Context
configure bfd seamless-bfd reflector discriminator
Description
This command specifies the S-BFD discriminator.
The no form of this command removes the discriminator.
Parameters
- discriminator
-
Specifies the discriminator value.
Platforms
All
discriminator
Syntax
discriminator discriminator
no discriminator
Context
[Tree] (config>router>bfd>seamless-bfd>peer discriminator)
Full Context
configure router bfd seamless-bfd peer discriminator
Description
This command specifies the seamless BFD reflector discriminator for the remote peer node in the mapping table used by seamless BFD sessions initiated on the router.
The no form of this command removes the discriminator.
Parameters
- discriminator
-
Specifies the discriminator of the remote node.
Platforms
All
disjointness-reference
disjointness-reference
Syntax
[no] disjointness-reference
Context
[Tree] (config>router>pcep>pcc>pce-assoc>div disjointness-reference)
Full Context
configure router pcep pcc pce-associations diversity disjointness-reference
Description
This command configures the value conveyed in the P-flag of the DISJOINTNESS-CONFIGURATION TLV. When enabled, it indicates that this LSP path is the reference path for the disjoint set of paths. The PCE must first compute the path of this LSP and then apply the requested disjointness type to compute the path of all other paths in the same diversity association ID.
The no form of this command sets the P-flag to false.
Default
P-flag to false
Platforms
All
disjointness-type
disjointness-type
Syntax
disjointness-type {loose | strict}
no disjointness-type
Context
[Tree] (config>router>pcep>pcc>pce-assoc>div disjointness-type)
Full Context
configure router pcep pcc pce-associations diversity disjointness-type
Description
This command configures the disjointness type for the association group.
The no form of this command reverts to the default value.
Default
disjointness-type loose
Parameters
- loose
-
Keyword to specify the loose disjointness type.
- strict
-
Keyword to specify the strict disjointness type.
Platforms
All
dispersion
dispersion
Syntax
dispersion dispersion
Context
[Tree] (config>port>dwdm>coherent dispersion)
Full Context
configure port dwdm coherent dispersion
Description
This command configures the residual chromatic dispersion to be compensated when the coherent receiver is operating in manual dispersion control mode.
Default
0
Parameters
- dispersion
-
Specifies the dispersion compensation.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
display
display
Syntax
display type {type} url-string format {format} [password [32 chars max]]
Context
[Tree] (admin>certificate display)
Full Context
admin certificate display
Description
This command displays the content of an input file in plain text.
The following list summarizes the formats supported by this command:
-
System
-
system format
-
PKCS #12
-
PKCS #7 PEM encoded
-
PKCS #7 DER encoded
-
RFC 4945
-
-
Certificate Request
-
PKCS #10
-
-
Key
-
system format
-
PKCS #12
-
-
CRL
-
system format
-
PKCS #7 PEM encoded
-
PKCS #7 DER encoded
-
RFC 4945
-
Parameters
- url-string
-
Specifies the local CF card url of the input file.
- type
-
Specifies the type of input file.
- format
-
Specifies the format of input file.
- password
-
Specifies the password to decrypt the input file in case that it is an encrypted PKCS#12 file, up to 99 characters.
Platforms
All
display-config
display-config
Syntax
display-config [detail | index]
Context
[Tree] (admin display-config)
Full Context
admin display-config
Description
This command displays the system’s running configuration.
By default, only non-default settings are displayed.
Specifying the detail option displays all default and non-default configuration parameters.
Parameters
- detail
-
Displays default and non-default configuration parameters.
- index
-
Displays only persistent-indices.
Platforms
All
display-key
display-key
Syntax
display-key type {ike | esp} gateway name name dynamic-tunnel ip-address: port
display-key type {ike | esp} tunnel ipsec-tunnel-name
Context
[Tree] (admin>ipsec display-key)
Full Context
admin ipsec display-key
Description
This command displays existing IKE-SA or CHILD-SA keys..
This command does not work if config>ipsec>no show-ipsec-keys or no max-history-{esp|ike}-key-records is configured under corresponding ipsec-gw or ipsec-tunnel.
Parameters
- name
-
The name, up to 32 characters.
- ip-address
-
The IP address of the remote client.
- port
-
The port of the remote client.
- ipsec-tunnel-name
-
The IPsec tunnel name, up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
Output
The following outputs are examples of the admin ipsec display-key command.
Output Exampleadmin ipsec display-key type ike gateway name "rw" dynamic-tunnel 11.1.1.100:500
===============================================================================
IKE-SA history: max-num-records 3 current-num-saved-records 1
local: 172.16.100.1 remote: 11.1.1.100
record [0]: established time: 01/25/2018 20:51:55
Initiator-SPI: d67ac71d73656496 Responder-SPI: d67ac71d73656496 Ike Version: 2
SK_er: aes128, len: 16, val: a5da1c57f09a7eb7dbe9526cd52e2189
SK_ar: sha1, len: 20, val: c11797bb8ebe5a1fadf46363bf5e763552bb45d0
SK_ei: aes128, len: 16, val: 467124009cc577a8b23882a81ab9df70
SK_ai: sha1, len: 20, val: 7dfef89bad31cb72d1ca8da2c04a9521993c7f9
admin ipsec display-key type esp gateway name "rw" dynamic-tunnel 11.1.1.100:500
ESP-SA history: max-num-records 48 current-num-saved-records 2ynamic-tunnel 11.1.1.100:500
local: 172.16.100.1 remote: 11.1.1.100
record [0]: established time: 01/25/2018 20:54:56
InSpi: 154532(0x00025ba4)
encr-alg: aes128 len: 16 val: 0xd26aa32d8bd328b1e8332fa5c7b5eeaa
auth-alg: sha1 len: 20 val: 0x0b37ddb824a43921d3b0ee81a6910eed065a9845
OutSpi: 3286259439(0xc3e056ef)
encr-alg: aes128 len: 16 val: 0x3acd95376ce04fcded2e0c80cc4289cf
alg: sha1 len: 20 val: 0x9f5a46b5cdc572972b44cdbd36b5f824ab060634
record [1]: established time: 01/25/2018 20:51:55
InSpi: 261186(0x0003fc42)
encr-alg: aes128 len: 16 val: 0x8bf97675d37de3e3f6e634e3e11fc3aa
auth-alg: sha1 len: 20 val: 0xf10c0f0821488cc14f8715cc323441fc967a79dd
OutSpi: 3246917342(0xc18806de)
encr-alg: aes128 len: 16 val: 0xf36aaaa7a3a09734fe4fc6cd0ac9043e
alg: sha1 len: 20 val: 0x40c13a444e4fb1d42a13812f70b17041ed0f56ee
dist-cpu-protection
dist-cpu-protection
Syntax
dist-cpu-protection policy-name
no dist-cpu-protection
Context
[Tree] (config>subscr-mgmt>msap-policy dist-cpu-protection)
[Tree] (config>service>vprn>sub-if>grp-if>sap dist-cpu-protection)
Full Context
configure subscriber-mgmt msap-policy dist-cpu-protection
configure service vprn subscriber-interface group-interface sap dist-cpu-protection
Description
This command assigns a Distributed CPU Protection (DCP) policy to an MSAP policy. The DCP policy is automatically assigned to MSAPs created with this policy. A non-existent DCP policy can be assigned to an msap-policy because an MSAP policy is similar to a template that is applied in the MSAP creation. The DCP policy is validated at the time that the MSAP is created, and the MSAP creation is blocked (and an appropriate log event created) if the DCP policy does not exist.
For other types of objects (for example, normal non-MSAP SAPs and network interfaces) the DCP policy must exist before it can be assigned to the SAP.
The no form of this command removes the policy name from the configuration.
If no dist-cpu-protection policy is assigned to an MSAP policy, then the default access DCP policy (_default-access-policy) is used.
If no DCP functionality is required on the MSAP policy, then an empty DCP policy can be created and explicitly assigned to the MSAP policy.
Parameters
- policy-name
-
Specifies the name of the DCP policy, up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
dist-cpu-protection
Syntax
dist-cpu-protection policy-name
no dist-cpu-protection
Context
[Tree] (config>subscr-mgmt>sap-template dist-cpu-protection)
Full Context
configure subscriber-mgmt sap-template dist-cpu-protection
Description
This command assigns a DCP policy to a SAP template. The policy is automatically assigned to SAPs that are autocreated with this SAP template. The dist-cpu-protection policy must exit before it is assigned to a SAP template.
The no form of this command removes the policy name from the configuration.
If a DCP policy is not assigned to an SAP template, the default access DCP policy (_defaultaccess-policy) is used.
If no DCP functionality is required on the autocreated SAPs, an empty DCP policy can be created and explicitly assigned to the SAP template.
Default
no dist-cpu-protection
Parameters
- policy-name
-
Specifies the name of the DCP policy, up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
dist-cpu-protection
Syntax
dist-cpu-protection policy-name
no dist-cpu-protection
Context
[Tree] (config>service>ipipe>sap dist-cpu-protection)
[Tree] (config>service>cpipe>sap dist-cpu-protection)
[Tree] (config>service>epipe>sap dist-cpu-protection)
Full Context
configure service ipipe sap dist-cpu-protection
configure service cpipe sap dist-cpu-protection
configure service epipe sap dist-cpu-protection
Description
This command assigns a Distributed CPU Protection (DCP) policy to the SAP. Only a valid existing DCP policy can be assigned to a SAP or a network interface (this rule does not apply to templates, such as an msap-policy template).
If no dist-cpu-protection policy is assigned to a SAP, then the default access DCP policy (_default-access-policy) is used.
If no DCP functionality is required on the SAP, then an empty DCP policy can be created and explicitly assigned to the SAP.
Parameters
- policy-name
-
Specifies the name of the DCP policy, up to 32 characters in length
Platforms
All
- configure service epipe sap dist-cpu-protection
- configure service ipipe sap dist-cpu-protection
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
- configure service cpipe sap dist-cpu-protection
dist-cpu-protection
Syntax
dist-cpu-protection policy-name
no dist-cpu-protection
Context
[Tree] (config>service>vpls>sap dist-cpu-protection)
Full Context
configure service vpls sap dist-cpu-protection
Description
This command assigns a Distributed CPU Protection (DCP) policy to the SAP. Only a valid existing DCP policy can be assigned to a SAP or a network interface (this rule does not apply to templates, such as an msap-policy template).
Default
If no dist-cpu-protection policy is assigned to a SAP, then the default access DCP policy (_default-access-policy) is used. If no DCP functionality is required on the SAP, then an empty DCP policy can be created and explicitly assigned to the SAP.
Parameters
- policy-name
-
Specifies the name of the DCP policy, up to 32 characters in length
Platforms
All
dist-cpu-protection
Syntax
dist-cpu-protection policy-name
no dist-cpu-protection
Context
[Tree] (config>service>ies>if>sap dist-cpu-protection)
[Tree] (config>service>ies>sub-if>grp-if>sap dist-cpu-protection)
Full Context
configure service ies interface sap dist-cpu-protection
configure service ies subscriber-interface group-interface sap dist-cpu-protection
Description
This command assigns a Distributed CPU Protection (DCP) policy to the SAP. Only a valid DCP policy can be assigned to a SAP or a network interface. This rule does not apply to templates such as an msap-policy.
Default
If no dist-cpu-protection policy is assigned to an SAP, then the default access DCP policy (default-access-policy) is used. If no DCP functionality is required on the SAP, then an empty DCP policy can be created and explicitly assigned to the SAP policy.
Parameters
- policy-name
-
Specifies the name of the DCP policy, up to 32 characters in length
Platforms
All
- configure service ies interface sap dist-cpu-protection
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
- configure service ies subscriber-interface group-interface sap dist-cpu-protection
dist-cpu-protection
Syntax
dist-cpu-protection policy-name
no dist-cpu-protection
Context
[Tree] (config>service>vprn>nw-if dist-cpu-protection)
Full Context
configure service vprn network-interface dist-cpu-protection
Description
This command assigns a Distributed CPU Protection (DCP) policy to the network interface. Only a valid created DCP policy can be assigned to a network interface (this rule does not apply to templates such as an msap-policy).
Default
If no dist-cpu-protection policy is assigned to the VPRN network interface, then the default network DCP policy (_default-network-policy) is used.
If no DCP functionality is required on the VPRN network interface then an empty DCP policy can be created and explicitly assigned to the VPRN network interface.
Parameters
- policy-name
-
Specifies the name of the DCP policy, up to 32 characters in length
Platforms
All
dist-cpu-protection
Syntax
dist-cpu-protection policy-name
no dist-cpu-protection
Context
[Tree] (config>service>vprn>if>sap dist-cpu-protection)
Full Context
configure service vprn interface sap dist-cpu-protection
Description
This command assigns a Distributed CPU Protection (DCP) policy to the SAP. Only a valid created DCP policy can be assigned to a SAP or a network interface (This rule does not apply to templates such as an msap-policy).
Default
If no dist-cpu-protection policy is assigned to an SAP policy, then the default access DCP policy (default-access-policy) is used. If no DCP functionality is required on the SAP policy, then an empty DCP policy can be created and explicitly assigned to the SAP policy.
Parameters
- policy-name
-
Specifies the name of the DCP policy, up to 32 characters in length
Platforms
All
dist-cpu-protection
Syntax
dist-cpu-protection policy-name
no dist-cpu-protection
Context
[Tree] (config>router>if dist-cpu-protection)
Full Context
configure router interface dist-cpu-protection
Description
This command assigns a Distributed CPU Protection (DCP) policy to the SAP. Only a valid created DCP policy can be assigned to a SAP or a network interface (note that this rule does not apply to templates such as an msap-policy).
If the user does not assign a DCP policy to a router interface, the system uses the default network DCP policy.
Default
no dist-cpu-protection
Parameters
- policy-name
-
Specifies the name of the DCP policy, up to 32 characters in length
Platforms
All
dist-cpu-protection
Syntax
dist-cpu-protection
Context
[Tree] (config>system>security dist-cpu-protection)
Full Context
configure system security dist-cpu-protection
Description
Commands in this context configure the Distributed CPU Protection (DCP) feature.
Platforms
All
dist-lag-rate-shared
dist-lag-rate-shared
Syntax
[no] dist-lag-rate-shared
Context
[Tree] (config>qos>port-scheduler-policy dist-lag-rate-shared)
Full Context
configure qos port-scheduler-policy dist-lag-rate-shared
Description
This command enables sharing of rates when the port on which this port-scheduler-policy is configured is part of a LAG configured in distribute mode.
When enabled, the absolute rate values configured as part of the max-rate, PIR/CIR group rates and PIR/CIR level rates are shared across the member ports of the LAG when configured in distribute mode.
This command does not have any effect when the port on which this port-scheduler-policy is configured is part of a LAG in link or port-fair mode. Similarly, when rates are configured as a percent-rate, this parameter is ignored.
Platforms
All
distinguisher
distinguisher
Syntax
distinguisher id
no distinguisher
Context
[Tree] (conf>router>segment-routing>sr-policies>policy distinguisher)
Full Context
configure router segment-routing sr-policies static-policy distinguisher
Description
This command associates a distinguisher value with a statically defined segment routing policy. This is a mandatory parameter and configuration command for non-local segment routing policies (for which the head-end parameter is set to a value other than "local”). Every non-local segment routing policy must have a unique distinguisher value. When a non-local static segment routing policy is imported into BGP and originated as a BGP route, the configured distinguisher value is copied into the NLRI of the route.
The no form of this command removes the distinguisher association.
Default
no distinguisher
Parameters
- id
-
Specifies the distinguisher ID.
Platforms
All
distinguisher
Syntax
distinguisher distinguisher-id
no distinguisher
Context
[Tree] (config>router>policy-options>policy-statement>entry>from distinguisher)
Full Context
configure router policy-options policy-statement entry from distinguisher
Description
This command configures an SR Policy distinguisher as a route policy match criterion. This match criterion is only used in import policies.
The no form of this command removes the distinguisher ID match criterion from the configuration.
Parameters
- distinguisher-id
-
Specifies the SR policy distinguisher ID.
Platforms
All
distributed-sub-mgmt
distributed-sub-mgmt
Syntax
distributed-sub-mgmt
Context
[Tree] (config>service>vprn>wlan-gw distributed-sub-mgmt)
Full Context
configure service vprn wlan-gw distributed-sub-mgmt
Description
Commands in this context configure Distributed Subscriber Management (DSM) for soft GRE group interface and for ranges of IEEE 802.1q VLAN tags in soft GRE group interfaces.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
distributed-sub-mgmt
Syntax
distributed-sub-mgmt
Context
[Tree] (config>subscr-mgmt>wlan-gw distributed-sub-mgmt)
[Tree] (config>service>vprn>wlan-gw distributed-sub-mgmt)
[Tree] (config>router>wlan-gw distributed-sub-mgmt)
Full Context
configure subscriber-mgmt wlan-gw distributed-sub-mgmt
configure service vprn wlan-gw distributed-sub-mgmt
configure router wlan-gw distributed-sub-mgmt
Description
Commands in this context configure profiles, templates and policies that can be applied to DSM subscribers.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
distributed-sub-mgmt
Syntax
[no] distributed-sub-mgmt
Context
[Tree] (config>isa>wlan-gw-group distributed-sub-mgmt)
Full Context
configure isa wlan-gw-group distributed-sub-mgmt
Description
This command configures the WLAN gateway distributed subscriber management.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
distributed-sub-mgmt
Syntax
distributed-sub-mgmt
Context
[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range distributed-sub-mgmt)
[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range distributed-sub-mgmt)
Full Context
configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range distributed-sub-mgmt
configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range distributed-sub-mgmt
Description
Commands in this context configure distributed-sub-mgmt configuration per vlan-range. This also includes vlan-range default, which makes this configuration applicable to the wlan-gw group-interface.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
diversity
diversity
Syntax
[no] diversity association-name
Context
[Tree] (config>router>pcep>pcc>pce-assoc diversity)
Full Context
configure router pcep pcc pce-associations diversity
Description
This command creates a named diversity association from which the parameters for the specified diversity association are configured.
The no form of the command deletes the specified diversity association.
Parameters
- association-name
-
Specifies the name of the diversity association, up to 32 characters.
Platforms
All
diversity
Syntax
[no] diversity diversity-assoc-name
Context
[Tree] (config>router>mpls>lsp-template>pce-assoc diversity)
[Tree] (config>router>mpls>lsp>pce-assoc diversity)
Full Context
configure router mpls lsp-template pce-associations diversity
configure router mpls lsp pce-associations diversity
Description
This command binds the LSP to a named diversity association. The diversity association must exist under the PCC. Up to five diversity associations can be configured per LSP.
The no form of the command removes the LSP binding from the specified diversity association.
Parameters
- diversity-assoc-name
-
Specifies the name of an existing diversity association, up to 32 characters.
Platforms
All
diversity-type
diversity-type
Syntax
diversity-type {link | node | srlg-link | srlg-node}
no diversity-type
Context
[Tree] (config>router>pcep>pcc>pce-assoc>div diversity-type)
Full Context
configure router pcep pcc pce-associations diversity diversity-type
Description
This command configures the diversity type for the association group. This command is mandatory. If the command is not configured, the system does not validate the association configuration.
The no form of the command reverts to the default value.
Default
no diversity-type
Parameters
- link
-
Keyword to specify the link diversity type.
- node
-
Keyword to specify the node diversity type.
- srlg-link
-
Keyword to specify the SRLG-link diversity type.
- srlg-node
-
Keyword to specify the SRLG-node diversity type.
Platforms
All
divert
divert
Syntax
[no] divert
Context
[Tree] (config>app-assure>group>policy>app-profile divert)
Full Context
configure application-assurance group policy app-profile divert
Description
This command enables the redirection of traffic to AA ISA for the system-wide forwarding classes diverted to application assurance (divert-fc) for AA subscribers using this application profile.
The no form of this command stops redirect of traffic to AA ISAs for the AA subscribers using this application profile.
Default
no divert
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
divert-fc
divert-fc
Syntax
[no] divert-fc fc-name
Context
[Tree] (config>isa>aa-grp divert-fc)
Full Context
configure isa application-assurance-group divert-fc
Description
This command selects a forwarding class in the system to be diverted to an application assurance engine for this application assurance group. Only traffic to/from subscribers with application assurance enabled is diverted.
To divert multiple forwarding classes, the command needs to be executed multiple times specifying each forwarding class to be diverted at a time.
The no form of this command stops diverting of the traffic to an application assurance engine for this application assurance group.
Parameters
- fc-name
-
Creates a class instance of the forwarding class fc-name.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
dm
dm
Syntax
dm [test-id test-id] [create]
no dm
Context
[Tree] (config>oam-pm>session>mpls dm)
Full Context
configure oam-pm session mpls dm
Description
This command assigns an identifier to the DM test and creates the individual test.
The no form of this command removes the DM test function from the OAM-PM session.
Parameters
- test-id
-
Specifies the value of the 26-bit test identifier sent as session identifier in the DM PDU.
- create
-
Creates the DM test. The create keyword requirement can be enabled/disabled in the environment>create context.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
dmm
dmm
Syntax
dmm [test-id test-id] [create]
no dmm
Context
[Tree] (config>oam-pm>session>ethernet dmm)
Full Context
configure oam-pm session ethernet dmm
Description
This command defines the test ID to be assigned to the delay test and creates the container to allow the individual test parameters to be configured.
The no form of this command removes the DMM test function from the PM Session.
Parameters
- test-id
-
Specifies the value to be placed in the 4-byte test ID field of an ETH-DMM PDU.
- create
-
Creates the test.
Platforms
All
dmr-prefix
dmr-prefix
Syntax
dmr-prefix dmr-prefix
no dmr-prefix
Context
[Tree] (config>service>nat>map-domain dmr-prefix)
Full Context
configure service nat map-domain dmr-prefix
Description
This command configures the IPv6 prefix of the BR (dmr-prefix), which is used as a default MAP rule (route) in the CEs. Each MAP domain in the VSR has a unique dmr-prefix.
Parameters
- dmr-prefix
-
Specifies the IPv6 prefix associated with a MAP domain in the BR. The prefix represents a dmr-rule in the CE.
Platforms
7750 SR-1-24D, 7750 SR-1-46S, 7750 SR-1-48D, 7750 SR-1-92S, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-1se, 7750 SR-2se, 7750 SR-7s, 7750 SR-14s, VSR
dnat
dnat
Syntax
[no] dnat
Context
[Tree] (config>service>nat>nat-policy dnat)
Full Context
configure service nat nat-policy dnat
Description
This command defines context for destination NAT (DNAT) specific configuration under the nat-policy.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
dnat-only
dnat-only
Syntax
dnat-only router router-instance nat-group nat-group-id
no dnat-only
Context
[Tree] (config>service>nat>nat-policy>dnat dnat-only)
Full Context
configure service nat nat-policy dnat dnat-only
Description
This command configures outside routing context and nat-group in which DNAT translation shout take place. This command is mutually exclusive with the pool command in nat-policy. When DNAT-only is enabled, no source and port NAT (SNAPT) is performed. In other words, only the destination IP address (going from inside to outside) is translated while the source IP address and port are not translated.
Parameters
- router router-instance
-
Specifies the routing context on the outside (public side).
- nat-group nat-group-id
-
Specifies the NAT group IP.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
dnat-only
Syntax
dnat-only
Context
[Tree] (config>router>nat>outside dnat-only)
[Tree] (config>service>vprn>nat>inside dnat-only)
[Tree] (config>service>vprn>nat>outside dnat-only)
[Tree] (config>router>nat>inside dnat-only)
Full Context
configure router nat outside dnat-only
configure service vprn nat inside dnat-only
configure service vprn nat outside dnat-only
configure router nat inside dnat-only
Description
Commands in this context configure the dnat-only parameters.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
dns
dns
Syntax
[no] dns
Context
[Tree] (config>service>vprn dns)
Full Context
configure service vprn dns
Description
Commands in this context configure domain name servers.
The no form of this command disables DNS for this service.
Platforms
All
dns
Syntax
dns target-addr dns-name name-server ip-address [source ip-address] [count send-count] [timeout timeout] [interval interval] [record-type {ipv4-a-record | ipv6-aaaa-record}] [router-instance router-instance]
Context
[Tree] (oam dns)
[Tree] (config>saa>test>type dns)
Full Context
oam dns
configure saa test type dns
Description
This command performs DNS name resolution. If ipv4-a-record is specified, DNS target addresses are queried for A records only. If ipv6-aaaa-record is specified, AAAA records are queried first, and if a successful response is not received, the DNS server is queried for A records (applies to the 7750 SR and 7950 XRS).
Parameters
- dns-name
-
Specifies the DNS domain name, up to 255 characters.
- interval
-
Specifies the time, in seconds, used to override the default request message send interval and defines the minimum amount of time that must expire before the next message request is sent.
If the interval is set to 1 second, and the timeout value is set to 10 seconds, then the maximum time between message requests is 10 seconds and the minimum is 1 second. This depends upon the receipt of a message response corresponding to the outstanding message request.
- ip-address
-
Specifies the IP address of the primary DNS server.
ipv4-address:
a.b.c.d
ipv6-address:
x:x:x:x:x:x:x:x (eight 16-bit pieces)
x:x:x:x:x:x:d.d.d.d
x:
0 to FFFF]H
d:
[0 to 255]D
- record-type
-
Specifies a record type (applies to the 7750 SR and 7950 XRS only).
- send-count
-
Specifies the number of messages to send. The send-count parameter overrides the default number of message requests sent. Each message request must either time out or receive a reply before the next message request is sent. The message interval value must have expired before the next message request is sent.
- timeout
-
Specifies the time, in seconds, to override the default timeout value and is the amount of time that the router waits for a message response after sending the message request. Upon the expiration of the message time out, the requesting router assumes that the message response is not received. Any response received after the request times out is silently discarded.
- router-instance
-
Specifies the preferred method to enter a service name or routing instance from which to launch the DNS query. This value is stored as the service name. This is the only service-linking function allowed for both mixed-mode and model-driven configuration modes.
Platforms
All
dns
Syntax
dns
Context
[Tree] (config>router dns)
Full Context
configure router dns
Description
This command configures the DNS.
Default
dns
Platforms
All
dns
Syntax
dns
Context
[Tree] (config>system dns)
Full Context
configure system dns
Description
This command configures DNS settings.
Platforms
All
dns-domain
dns-domain
Syntax
dns-domain dns-name
no dns-domain
Context
[Tree] (bof dns-domain)
Full Context
bof dns-domain
Description
This command configures the domain name used when performing DNS address resolution. This is a required parameter if DNS address resolution is required. Only a single domain name can be configured. If multiple domain statements are configured, the last one encountered is used.
The no form of this command removes the domain name from the configuration.
Default
no dns-domain
Parameters
- dns-name
-
Specifies the DNS domain name, up to 178 characters.
Platforms
All
dns-ip-cache
dns-ip-cache
Syntax
dns-ip-cache dns-ip-cache-name [create]
no dns-ip-cache dns-ip-cache-name
Context
[Tree] (config>app-assure>group dns-ip-cache)
Full Context
configure application-assurance group dns-ip-cache
Description
This command configures a DNS IP cache used to snoop DNS requests generated by subscribers to populate a cache of IP addresses matching a specified list of domain names. In the context of URL content charging strengthening, it is also mandatory to specify a list of trusted DNS servers to populate the DNS IP cache.
Parameters
- dns-ip-cache-name
-
Specifies the Application Assurance DNS IP cache name, up to 32 characters.
- create
-
Specifies a keyword used to create the DNS IP cache.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
dns-ip-cache
Syntax
dns-ip-cache dns-ip-cache-name
Context
[Tree] (config>app-assure>group>sess-fltr>entry>match dns-ip-cache)
Full Context
configure application-assurance group session-filter entry match dns-ip-cache
Description
This command configures a DNS IP cache using session filter DST IP match criteria. It is typically combine with an allow action in the context of captive-redirect.
Parameters
- dns-ip-cache-name
-
Specifies the name of the DNS IP cache name, up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
dns-match
dns-match
Syntax
dns-match
Context
[Tree] (config>app-assure>group>dns-ip-cache dns-match)
Full Context
configure application-assurance group dns-ip-cache dns-match
Description
Commands in this context configure match parameters in the DNS IP cache.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
dns-options
dns-options
Syntax
[no] dns-options
Context
[Tree] (config>subscr-mgmt>rtr-adv-plcy dns-options)
Full Context
configure subscriber-mgmt router-advertisement-policy dns-options
Description
Commands in this context configure IPv6 DNS options for SLAAC hosts.
The no form of this command returns the command to the default setting.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
dns-options
Syntax
[no] dns-options
Context
[Tree] (config>service>vprn>router-advert dns-options)
[Tree] (config>service>ies>sub-if>grp-if>ipv6>rtr-adv dns-options)
[Tree] (config>service>vprn>router-advert>if dns-options)
[Tree] (config>service>vprn>sub-if>ipv6>rtr-adv dns-options)
[Tree] (config>service>vprn>sub-if>grp-if>ipv6>rtr-adv dns-options)
[Tree] (config>service>ies>sub-if>ipv6>rtr-adv dns-options)
Full Context
configure service vprn router-advertisement dns-options
configure service ies subscriber-interface group-interface ipv6 router-advertisements dns-options
configure service vprn router-advertisement interface dns-options
configure service vprn subscriber-interface ipv6 router-advertisements dns-options
configure service vprn subscriber-interface group-interface ipv6 router-advertisements dns-options
configure service ies subscriber-interface ipv6 router-advertisements dns-options
Description
Commands in this context configure DNS information for Stateless Address Auto-Configuration (SLAAC) hosts.
When specified at the router-advertisement level in the routing context, this command allows configuration of service-wide parameters. These can then be inherited at the interface level by specifying the config>service>vprn>router-advert>if>dns-options>include-dns command.
The no form of this command disables configuration of DNS information for Stateless Address Auto-Configuration (SLAAC) hosts.
Platforms
All
- configure service vprn router-advertisement interface dns-options
- configure service vprn router-advertisement dns-options
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
- configure service vprn subscriber-interface ipv6 router-advertisements dns-options
- configure service ies subscriber-interface group-interface ipv6 router-advertisements dns-options
- configure service ies subscriber-interface ipv6 router-advertisements dns-options
- configure service vprn subscriber-interface group-interface ipv6 router-advertisements dns-options
dns-options
Syntax
[no] dns-options
Context
[Tree] (config>router>router-advert dns-options)
[Tree] (config>router>router-advert>if dns-options)
Full Context
configure router router-advertisement dns-options
configure router router-advertisement interface dns-options
Description
Commands in this context configure DNS information for Stateless Address Auto-Configuration (SLAAC) hosts. When specified at the router-advertisement level in the routing context, this command allows configuration of service-wide parameters. These can then be inherited at the interface level by specifying the config>router>router-advert>if>dns-options>include-dns command.
The no form of this command disables configuration of DNS information for Stateless Address Auto-Configuration (SLAAC) hosts.
Platforms
All
dns-server
dns-server
Syntax
dns-server ip-address [ip-address]
no dns-server
Context
[Tree] (config>router>dhcp>server>pool>options dns-server)
[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host>options dns-server)
[Tree] (config>subscr-mgmt>loc-user-db>ppp>host>options dns-server)
[Tree] (config>service>vprn>dhcp>server>pool>options dns-server)
Full Context
configure router dhcp local-dhcp-server pool options dns-server
configure subscriber-mgmt local-user-db ipoe host options dns-server
configure subscriber-mgmt local-user-db ppp host options dns-server
configure service vprn dhcp local-dhcp-server pool options dns-server
Description
This command configures the IPv4 address of the DNS server.
The no form of this command removes the IPv4 address of the DNS server from the configuration.
Parameters
- ip-address
-
Specifies up to four DNS server IP addresses.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
dns-server
Syntax
dns-server ipv6-address [ipv6-address]
no dns-server
Context
[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host>options6 dns-server)
[Tree] (config>subscr-mgmt>loc-user-db>ppp>host>options6 dns-server)
[Tree] (config>router>dhcp6>server>defaults>options dns-server)
[Tree] (config>router>dhcp6>server>pool>options dns-server)
[Tree] (config>service>vprn>dhcp6>server>defaults>options dns-server)
[Tree] (config>service>vprn>dhcp6>server>pool>prefix>options dns-server)
[Tree] (config>router>dhcp6>server>pool>prefix>options dns-server)
[Tree] (config>service>vprn>dhcp6>server>pool>options dns-server)
Full Context
configure subscriber-mgmt local-user-db ipoe host options6 dns-server
configure subscriber-mgmt local-user-db ppp host options6 dns-server
configure router dhcp6 local-dhcp-server defaults options dns-server
configure router dhcp6 local-dhcp-server pool options dns-server
configure service vprn dhcp6 local-dhcp-server defaults options dns-server
configure service vprn dhcp6 local-dhcp-server pool prefix options dns-server
configure router dhcp6 local-dhcp-server pool prefix options dns-server
configure service vprn dhcp6 local-dhcp-server pool options dns-server
Description
This command configures IPv6 DNS server addresses that can be used for name resolution.
The no form of this command removes the IPv6 address of the DNS server from the configuration.
Parameters
- ipv6-address
-
Specifies up to four IPv6 DNS server addresses.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
- configure service vprn dhcp6 local-dhcp-server pool options dns-server
- configure subscriber-mgmt local-user-db ipoe host options6 dns-server
- configure service vprn dhcp6 local-dhcp-server pool prefix options dns-server
- configure router dhcp6 local-dhcp-server pool prefix options dns-server
- configure router dhcp6 local-dhcp-server pool options dns-server
- configure subscriber-mgmt local-user-db ppp host options6 dns-server
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
- configure service vprn dhcp6 local-dhcp-server defaults options dns-server
- configure router dhcp6 local-dhcp-server defaults options dns-server
dns-server
Syntax
dns-server ip-address
no dns-server
Context
[Tree] (config>app-assure>group>url-filter>web-service dns-server)
Full Context
configure application-assurance group url-filter web-service dns-server
Description
This command configures the DNS server that is used to resolve the web service host name.
The no form of this command removes the DNS server configuration.
Default
no dns-server
Parameters
- ip-address
-
Specifies the IP address of the DNS server to use.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
dnssec
dnssec
Syntax
dnssec
Context
[Tree] (config>system>dns dnssec)
Full Context
configure system dns dnssec
Description
This command configures system Domain Name System Security Extensions (DNSSEC) settings.
Platforms
All
do-not-fragment
do-not-fragment
Syntax
[no] do-not-fragment
Context
[Tree] (config>oam-pm>session>ip do-not-fragment)
Full Context
configure oam-pm session ip do-not-fragment
Description
This command configures the Do Not Fragment (DF) bit in the IPv4 header of the TWAMP Light test packet in order to prevent packet fragmentation. This is only applicable to IPv4. IPv6 does not include the bit as part of the specification. This parameter is ignored but not blocked when the address is IPv6.
The no form of this command allows packet fragmentation.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
dod-label-distribution
dod-label-distribution
Syntax
[no] dod-label-distribution
Context
[Tree] (config>router>ldp>session-params>peer dod-label-distribution)
Full Context
configure router ldp session-parameters peer dod-label-distribution
Description
This command enables the use of the LDP Downstream-on-Demand (DoD) label distribution procedures.
When this option is enabled, LDP will set the A-bit in the Label Initialization message when the LDP session to the peer is established. When both peers set the A-bit, they will both use the DoD label distribution method over the LDP session (RFC 5036).
This feature can only be enabled on a link-level LDP session and therefore will apply to prefix labels only, not service labels.
As soon as the link LDP session comes up, the router will send a label request to its DoD peer for the FEC prefix corresponding to the peer’s LSR-id. The DoD peer LSR-id is found in the basic Hello discovery messages the peer used to establish the Hello adjacency with the router.
Similarly if the router and the directly attached DoD peer entered into extended discovery and established a targeted LDP session, the router will immediately send a label request for the FEC prefix corresponding to the peer’s LSR-id found in the extended discovery messages.
However, the router will not advertise any <FEC, label> bindings, including the FEC of its own LSR-id, unless the DoD peer requested it using a Label Request Message.
When the DoD peer sends a label request for any FEC prefix, the router will reply with a <FEC, label> binding for that prefix if the FEC was already activated on the router. If not, the router replies with a notification message containing the status code of "no route.” The router will not attempt in the latter case to send a label request to the next-hop for the FEC prefix when the LDP session to this next-hop uses the DoD label distribution mode. Hence the reference to single-hop LDP DoD procedures.
As soon as the link LDP session comes up, the router will send a label request to its DoD peer for the FEC prefix corresponding to the peer’s LSR-id. The DoD peer LSR-id is found in the basic Hello discovery messages the peer used to establish the Hello adjacency with the router.
Similarly if the router and the directly attached DoD peer entered into extended discovery and established a targeted LDP session, the router immediately sends a label request for the FEC prefix corresponding to the peer’s LSR-id found in the extended discovery messages. Peer address has to be the peer LSR-ID address.
The no form of this command disables the DoD label distribution with an LDP neighbor.
Default
no dod-label-distribution
Platforms
All
domain
domain
Syntax
domain domain-name expression expression
no domain domain-name
Context
[Tree] (config>app-assure>group>dns-ip-cache>dns-match domain)
Full Context
configure application-assurance group dns-ip-cache dns-match domain
Description
This command configures a domain expression to populate the DNS IP cache. Up to 32 domains can be configured.
Parameters
- domain-name
-
Specifies the name of the domain expression entry.
- expression
-
Specifies a domain name expression string, up to 64 characters, used to define a pattern match. This domain expression uses the same syntax as the expressions used in app-filters.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
domain
Syntax
domain domain-name [nat-group nat-group-id] [create]
no domain domain-name
Context
[Tree] (config>service>vprn>firewall domain)
[Tree] (config>router>firewall domain)
Full Context
configure service vprn firewall domain
configure router firewall domain
Description
This command configures a domain to contain firewall parameters. Each domain must be assigned to a NAT group where firewall functionality will be performed.
The no form of the command removes the domain.
Parameters
- create
-
Mandatory keyword used when creating the domain.
- domain-name
-
Specifies the name of the domain, up to 32 characters maximum.
- nat-group-id
-
Specifies the ID of the NAT group where the firewall functionality will be performed.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
domain
Syntax
domain router router-name name domain-name
no domain
Context
[Tree] (config>service>nat>firewall-policy domain)
Full Context
configure service nat firewall-policy domain
Description
This command specifies a router and domain to which the firewall policy will be applied. All associated traffic must be part of the prefixes specified by this domain.
The no form of the command removes the domain association from the firewall policy.
Default
no domain
Parameters
- domain-name
-
Specifies the name of the firewall domain in the specified router instance. 32 characters maximum.
- router-name
-
Specifies the name of the router instance to use.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
domain
Syntax
domain md-index [format md-name-format] [name md-name] level level [admin-name admin-name]
domain md-index
no domain md-index
Context
[Tree] (config>eth-cfm domain)
Full Context
configure eth-cfm domain
Description
This command configures Connectivity Fault Management (CFM) Maintenance Domain (MD) parameters.
The no form of this command removes the MD index parameters from the configuration.
Parameters
- md-index
-
Specifies the MD index value.
- md-name-format
-
Specifies a value that represents the type (format).
- md-name
-
Specifies a generic MD name, up to 43 characters.
- level
-
Specifies the integer identifying the MD level. Higher numbers correspond to higher maintenance domains, those with the greatest physical reach, with the highest values for customer CFM packets. Lower numbers correspond to lower maintenance domains, those with more limited physical reach, with the lowest values for single bridges or physical links.
- admin-name
-
Specifies a creation time required parameter that allows the operator to assign a name value to the domain container. This is used for information and migration purposes. This value cannot be modified without destroying the domain. If no admin-name exists, the configured md-index value is converted into a character string to become the admin-name reference. When upgrading from a release that does not include the admin-name configuration option, the md-index is converted into a character string. After an admin-name value is assigned, it cannot be modified.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
domain
Syntax
domain domain
no domain
Context
[Tree] (config>system>ptp domain)
Full Context
configure system ptp domain
Description
This command configures the PTP domain.
Some profiles may require a domain number in a restricted range. The operator must ensure that the value aligns with the expected range for the profile.
The domain cannot be changed unless PTP is shutdown. If the PTP profile setting is changed, the domain is changed to the default domain for the new PTP profile.
The no form of this command reverts to the default configuration. The default value is dependent upon the configured profile, as detailed below.
Default
domain 0 — profile ieee1588-2008
domain 4 — profile g8265dot1-2010
domain 24 — profile g8275dot1-2014
domain 44 — profile g8275dot2-2016
Parameters
- domain
-
Specifies the PTP domain.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
domain
Syntax
domain domain-value
no domain
Context
[Tree] (config>system>ptp>alternate-profile domain)
Full Context
configure system ptp alternate-profile domain
Description
This command configures the domain number of the alternate profile. This value can only be changed when the alternate profile is shut down.
To configure this command, the specified domain number for the alternate profile must be different from the domain number configured for the primary or other alternate profiles.
The no form of this command reverts to the default value. The default value is not dependent on the configured profile.
Default
domain 24
Parameters
- domain-value
-
Specifies the PTP domain.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
domain
Syntax
domain [value] [create]
no domain [value]
Context
[Tree] (config>redundancy>multi-chassis>peer>mc-ipsec domain)
Full Context
configure redundancy multi-chassis peer mc-ipsec domain
Description
This command configures domain information. This command is mutually exclusive to the tunnel-group command.
The no form of this command removes the multi-chassis IPsec domain value.
Parameters
- value
-
Specifies the domain multi-chassis IPsec domain, up to 255 characters.
- create
-
Keyword used to create the command instance.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
domain-id
domain-id
Syntax
domain-id global-field:local-field
no domain-id
Context
[Tree] (config>service>vprn>bgp-ipvpn>srv6 domain-id)
[Tree] (config>service>epipe>bgp-evpn>srv6 domain-id)
[Tree] (config>service>vprn>bgp domain-id)
[Tree] (config>service>vprn>bgp-evpn>mpls domain-id)
[Tree] (config>service>vprn>bgp-evpn>srv6 domain-id)
[Tree] (config>service>epipe>bgp-evpn>mpls domain-id)
[Tree] (config>service>vprn>bgp-ipvpn>mpls domain-id)
Full Context
configure service vprn bgp-ipvpn segment-routing-v6 domain-id
configure service epipe bgp-evpn segment-routing-v6 domain-id
configure service vprn bgp domain-id
configure service vprn bgp-evpn mpls domain-id
configure service vprn bgp-evpn segment-routing-v6 domain-id
configure service epipe bgp-evpn mpls domain-id
configure service vprn bgp-ipvpn mpls domain-id
Description
This command specifies the domain ID that identifies the network from which a BGP route was received before that route is exported to a different neighbor. The domain ID is part of a domain, represented as domain-id:isf_safi_type in the D-PATH attribute, as described in draft-ietf-bess-evpn-ipvpn-interworking. The D-PATH attribute is modified by gateway routers, where a gateway is defined as a PE where a VPRN is instantiated, and that VPRN advertises or receives routes from multiple BGP owners (for example, EVPN-IFL and BGP-IPVPN) or multiple instances of the same owner (for example, VPRN with two BGP-IPVPN instances).
In the following example, consider that a gateway receives prefix P in an EVPN-IFL instance with the following D-PATH from neighbor N:
Seg Len=1 / 65000:1:128
If the router imports the route in VPRN-1, BGP-EVPN SRv6 instance with domain 65000:2, it readvertises it to its BGP-IPVPN MPLS instance as follows:
Seg Len=2 / 65000:2:70 / 65000:1:128
That is, the gateway prepends the local domain ID and family to the D-PATH before readvertising the route into a different instance.
The D-PATH attribute is used on gateways to detect loops (for received routes where the D-PATH contains a local domain ID) and to make BGP best-path selection decisions based on the D-PATH length (shorter D-PATH is preferred).
The command is also supported in Epipe services with two instances. As in the case of multi-instance VPRN services, the configured domain ID in an Epipe instance is prepended to the AD per EVI route redistributed to the other instance.
The no form of this command removes the configured domain ID.
Default
no domain-id
Parameters
- global-field:local-field
-
Specifies the domain ID.
Platforms
7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR
- configure service vprn bgp-evpn segment-routing-v6 domain-id
- configure service epipe bgp-evpn segment-routing-v6 domain-id
- configure service vprn bgp-ipvpn segment-routing-v6 domain-id
All
- configure service vprn bgp domain-id
- configure service epipe bgp-evpn mpls domain-id
- configure service vprn bgp-ipvpn mpls domain-id
- configure service vprn bgp-evpn mpls domain-id
domain-id
Syntax
domain-id global-field:local-field
no domain-id
Context
[Tree] (config>service>vprn>bgp-evpn>vxlan domain-id)
Full Context
configure service vprn bgp-evpn vxlan domain-id
Description
This command configures the D-PATH domain ID. The domain ID identifies the network from which the BGP route was received before the RTM advertises it to a different neighbor. The domain ID is part of a domain, represented as domain-id:isf_safi_type in the D-PATH attribute, as described in draft-ietf-bess-evpn-ipvpn-interworking. Gateway routers modify the D-PATH attribute. A gateway is a PE where a VPRN is instantiated. The VPRN in this case advertises or receives routes from multiple BGP owners (for example, EVPN-IFL and BGP-IPVPN) or multiple instances of the same owner (for example, VPRN with two BGP-IPVPN instances).
Gateways use the D-PATH attribute to detect loops (for received routes where the D-PATH contains a local domain ID) and to make BGP best-path selection decisions based on the D-PATH length (shorter D-PATH is preferred).
The no form of this command removes the configured domain ID.
Default
no domain-id
Parameters
- global-field:local-field
-
Specifies the domain ID.
Platforms
7750 SR-1, 7750 SR-s
domain-name
domain-name
Syntax
domain-name domain-name
no domain-name
Context
[Tree] (config>router>dhcp6>server>pool>prefix>options domain-name)
[Tree] (config>service>vprn>dhcp6>server>pool>prefix>options domain-name)
[Tree] (config>router>dhcp>server>pool>options domain-name)
[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host>options domain-name)
[Tree] (config>service>vprn>dhcp6>server>pool>options domain-name)
[Tree] (config>router>dhcp6>server>pool>options domain-name)
[Tree] (config>service>vprn>dhcp>server>pool>options domain-name)
[Tree] (config>router>dhcp6>server>defaults>options domain-name)
Full Context
configure router dhcp6 local-dhcp-server pool prefix options domain-name
configure service vprn dhcp6 local-dhcp-server pool prefix options domain-name
configure router dhcp local-dhcp-server pool options domain-name
configure subscriber-mgmt local-user-db ipoe host options domain-name
configure service vprn dhcp6 local-dhcp-server pool options domain-name
configure router dhcp6 local-dhcp-server pool options domain-name
configure service vprn dhcp local-dhcp-server pool options domain-name
configure router dhcp6 local-dhcp-server defaults options domain-name
Description
This command configures the default domain for a DHCP client that the router uses to complete unqualified host names (without a dotted-decimal domain name).
The no form of this command removes the name from the configuration.
Parameters
- domain-name
-
Specifies the domain name for the client, up to 127 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
- configure service vprn dhcp6 local-dhcp-server pool prefix options domain-name
- configure service vprn dhcp6 local-dhcp-server pool options domain-name
- configure service vprn dhcp local-dhcp-server pool options domain-name
- configure router dhcp local-dhcp-server pool options domain-name
- configure router dhcp6 local-dhcp-server pool prefix options domain-name
- configure router dhcp6 local-dhcp-server pool options domain-name
- configure subscriber-mgmt local-user-db ipoe host options domain-name
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
- configure router dhcp6 local-dhcp-server defaults options domain-name
dot1p
dot1p
Syntax
dot1p dot1p-priority [fc fc-name] [priority {low | high}]
no dot1p dot1p-priority
Context
[Tree] (config>qos>sap-ingress dot1p)
Full Context
configure qos sap-ingress dot1p
Description
This command explicitly sets the forwarding class or subclass or enqueuing priority when a packet is marked with a dot1p-priority specified. Adding a dot1p rule on the policy forces packets that match the dot1p-priority specified to override the forwarding class and enqueuing priority based on the parameters included in the dot1p rule. When the forwarding class is not specified in the rule, a matching packet preserves (or inherits) the existing forwarding class derived from earlier matches in the classification hierarchy. When the enqueuing priority is not specified in the rule, a matching packet preserves (or inherits) the existing enqueuing priority derived from earlier matches in the classification hierarchy.
The dot1p-priority is derived from the most significant three bits in the IEEE 802.1q or IEEE 802.1p header. The three dot1p bits define 8 Class-of-Service (CoS) values commonly used to map packets to per-hop QoS behavior.
The no form of this command removes the explicit dot1p classification rule from the SAP ingress policy. Removing the rule on the policy immediately removes the rule on all ingress SAPs using the policy.
Parameters
- dot1p-priority
-
This value is a required parameter that specifies the unique IEEE 802.1p value that will match the dot1p rule. If the command is executed multiple times with the same dot1p-value, the previous forwarding class and enqueuing priority is completely overridden by the new parameters or defined to be inherited when a forwarding class or enqueuing priority parameter is missing.
A maximum of eight dot1p rules are allowed on a single policy.
- fc fc-name
-
Specifies the value given for the fc-name parameter must be one of the predefined forwarding classes in the system. Specifying the fc-name is optional. When a packet matches the rule, the forwarding class is only overridden when the fc fc-name parameter is defined on the rule. If the packet matches and the forwarding class is not explicitly defined in the rule, the forwarding class is inherited based on previous rule matches.
- priority
-
This parameter overrides the default enqueuing priority for all packets received on an ingress SAP using this policy that match this rule. Specifying the priority is optional. When a packet matches the rule, the enqueuing priority is only overridden when the priority parameter is defined on the rule. If the packet matches and priority is not explicitly defined in the rule, the enqueuing priority is inherited based on previous rule matches.
- high
-
This parameter is used in conjunction with the priority parameter. Setting the enqueuing parameter to high for a packet increases the likelihood of enqueuing the packet when the ingress queue is congested. Ingress enqueuing priority only affects ingress SAP queuing. When the packet is placed in a buffer on the ingress queue, the significance of the enqueuing priority is lost.
- low
-
This parameter is used in conjunction with the priority parameter. Setting the enqueuing parameter to low for a packet decreases the likelihood of enqueuing the packet when the ingress queue is congested. Ingress enqueuing priority only affects ingress SAP queuing. When the packet is placed in a buffer on the ingress queue, the significance of the enqueuing priority is lost.
Platforms
All
dot1p
Syntax
dot1p dot1p-value [dot1p-mask]
no dot1p
Context
[Tree] (config>qos>sap-ingress>mac-criteria>entry>match dot1p)
Full Context
configure qos sap-ingress mac-criteria entry match dot1p
Description
The IEEE 802.1p value to be used as the match criterion.
Use the no form of this command to remove the dot1p value as the match criterion.
Default
no dot1p
Parameters
- dot1p-value
-
Specifies the IEEE 802.1p value in decimal.
- dot1pmask
-
This 3-bit mask can be configured using the following formats.
Table 1. Format Styles to Configure Mask Format Style
Format Syntax
Example
Decimal
D
4
Hexadecimal
0xH
0x4
Binary
0bBBB
0b100
To select a range from 4 up to 7, specify p-value of 4 and a mask of 0b100 for value and mask.
Platforms
All
dot1p
Syntax
dot1p dot1p-value [fc fc-name] [profile {in | out | use-de | exceed | inplus}]
no dot1p dot1p-value
Context
[Tree] (config>qos>sap-egress dot1p)
Full Context
configure qos sap-egress dot1p
Description
This command defines a specific dot1p value that must be matched to perform the associated reclassification actions. If an egress packet on the SAP matches the specified dot1p value, the forwarding class or profile may be overridden. By default, the forwarding class and profile of the packet is derived from ingress classification and profiling functions.
The dot1p priority is derived from the most significant three bits in the IEEE 802.1q or IEEE 802.1p header. The three dot1p bits define 8 Class-of-Service (CoS) values commonly used to map packets to per-hop QoS behavior.
The reclassification actions from a dot1p reclassification rule may be overridden by a DSCP, IP precedence, or IP flow matching event.
The fc keyword is optional. When specified, the egress classification rule will overwrite the forwarding class derived from ingress. The new forwarding class is used for egress remarking and queue mapping decisions. If a DSCP, IP precedence, IPv6 criteria, or IP criteria match occurs after the dot1p match, the new forwarding class may be overridden by the higher priority match actions. If the higher priority match actions do not specify a new FC, the FC from the dot1p match will be used.
The profile keyword is optional. When specified, the egress classification rule will overwrite the profile of the packet derived from ingress. The new profile value is used for egress remarking and queue congestion behavior. If a DSCP, IP precedence, IPv6 criteria, or IP criteria match occurs after the dot1p match, the new profile may be overridden by the higher priority match actions. If the higher priority match actions do not specify a new profile, the profile from the dot1p match will be used.
The no form of this command removes the reclassification rule from the SAP egress QoS policy.
Parameters
- dot1p-value
-
This value is a required parameter that specifies the unique IEEE 802.1p value that will match the dot1p rule. If the command is executed multiple times with the same dot1p-value, the previous forwarding class and enqueuing priority is completely overridden by the new parameters or defined to be inherited when a forwarding class or enqueuing priority parameter is missing.
A maximum of eight dot1p rules are allowed on a single policy.
- fc fc-name
-
Specifies the value given for the fc-name parameter must be one of the predefined forwarding classes in the system. Specifying the FC name is optional. When a packet matches the rule, the forwarding class is only overridden when the fc fc-name parameter is defined on the rule. If the packet matches and the forwarding class is not explicitly defined in the rule, the forwarding class is inherited based on previous rule matches.
- profile {in | out | use-de | exceed | inplus}
-
Specifies the profile reclassification action is optional. When specified, packets matching the dot1p value will be explicitly reclassified to the profile specified regardless of the ingress profiling decision. The explicit profile reclassification may be overwritten by a DSCP, IP precedence, IPv6 criteria, or IP criteria reclassification match. To remove the profile reclassification action for the specified dotp1 value, the dot1p command must be re-executed without the profile reclassification action defined.
Platforms
All
dot1p
Syntax
dot1p {dot1p-value | in-profile dot1p-value out-profile dot1p-value [exceed-profile dot1p-value]}
no dot1p
Context
[Tree] (config>qos>sap-egress>fc dot1p)
Full Context
configure qos sap-egress fc dot1p
Description
This command explicitly defines the egress IEEE 802.1p (dot1p) bits marking for fc-name. When the marking is set, all packets of fc-name that have either an IEEE 802.1q or IEEE 802.1p encapsulation use the explicitly defined dot1p-value. If the egress packets for fc-name are not IEEE 802.1q or IEEE 802.1p encapsulated, the dot1p command has no effect.
The optional in-profile dot1p-value out-profile dot1p-value [exceed-profile dot1p-value] parameters added to the existing dot1p command adds the capability to mark on an egress SAP the in, out, and exceed-profile status via a certain dot1p combination, similarly with the DE options. All inplus-profile traffic is marked with the same value as in-profile traffic.
When the in-profile keyword is added, the out-profile keyword must be specified; however, exceed-profile is optional. If the optional exceed-profile dot1p-value is not included, any exceed-profile traffic will be marked with the same dot1p value as configured for the out-of-profile traffic.
The command with the additional structure may be used on the SAP when the internal in, out, and exceed-profile status needs to be communicated to an access network or customer device that does not support the DE bit.
When these commands are used, the DE bit or the equivalent field is left unchanged by the egress processing if a tag exists. If a new tag is added, the related DE bit is set to 0.
When the previous command (dot1p dot1p-value) is used without the new structure, it means that the dot1p value is used for the entire forwarding class, as it did before. The two versions of the command are mutually exclusive.
The in-profile or out-of-profile/exceed-profile status may be indicated via the DE bit setting if the de-mark command is used. The DE value used for exceed-profile is the same as that used for out-of-profile.
In the PBB case, for a Backbone SAP (B-SAP) and for packets originated from a local I-VPLS/PBB-Epipe, the command dictates the marking of the dot1p bits for both the BVID and ITAG.
The commands dot1p-inner and dot1p-outer take precedence over the dot1p command if both are specified in the same policy.
The no form of this command sets the IEEE 802.1p or IEEE 802.1q priority bits to 0.
Default
no dot1p
Parameters
- in-profile dot1p-value
-
Specifies the 802.1p value to set for in-profile frames in this forwarding class.
- out-profile dot1p-value
-
Specifies the 802.1p value to set for out-profile frames in this forwarding class.
- exceed-profile dot1p-value
-
Specifies the 802.1p value to set for exceed-profile frames in this forwarding class.
Platforms
All
dot1p
Syntax
dot1p dot1p-priority fc fc-name profile {in | out | use-de}
no dot1p
Context
[Tree] (config>qos>network>ingress dot1p)
Full Context
configure qos network ingress dot1p
Description
This command explicitly sets the forwarding class or enqueuing priority and profile of the packet when a packet is marked with a dot1p-priority specified. Adding a dot1p rule on the policy forces packets that match the dot1p-priority specified to override and be assigned to the forwarding class and enqueuing priority and profile of the packet, based on the parameters included in the dot1p rule. When the forwarding class is not specified in the rule, a matching packet preserves (or inherits) the existing forwarding class derived from earlier matches in the classification hierarchy. When the enqueuing priority is not specified in the rule, a matching packet preserves (or inherits) the existing enqueuing priority derived from earlier matches in the classification hierarchy.
The dot1p-priority is derived from the most significant three bits in the IEEE 802.1q or IEEE 802.1p header. The three dot1p bits define 8 Class-of-Service (CoS) values commonly used to map packets to per-hop Quality of Service (QoS) behavior.
The no form of this command removes the explicit dot1p classification rule from the policy. Removing the rule on the policy immediately removes the rule on all ingress SAPs using the policy.
Parameters
- dot1p-priority
-
This value is a required parameter that specifies the unique IEEE 802.1p value that will match the dot1p rule. If the command is executed multiple times with the same dot1p-value, the previous forwarding class and enqueuing priority is completely overridden by the new parameters or defined to be inherited when a forwarding class or enqueuing priority parameter is missing.
A maximum of eight dot1p rules are allowed on a single policy.
- fc-name
-
Specifies the value given for the fc-name parameter must be one of the predefined forwarding classes in the system. Specifying the fc-name is optional. When a packet matches the rule, the forwarding class is only overridden when the fc fc-name parameter is defined on the rule. If the packet matches and the forwarding class is not explicitly defined in the rule, the forwarding class is inherited based on previous rule matches.
- profile {in | out | use-de}
-
All packets that are assigned to this forwarding class will be considered in-profile or out-of-profile based on this command or will use the DE bit to determine the profile of the packets (in-profile is used when DE = 0 and out-of-profile is used when DE = 1). In case of congestion, the in-profile packets are preferentially queued over the out-of-profile packets.
Platforms
All
dot1p
Syntax
dot1p dot1p-priority
no dot1p
Context
[Tree] (config>qos>network>egress>fc dot1p)
Full Context
configure qos network egress fc dot1p
Description
This command is used whenever the dot1p bits are set to a common value regardless of the internal profile of the packets. Although it is not mandatory, this command should be used in combination with the de-mark command to enable the marking of the DE bit according to the internal profile of the packet.
This command acts as a shortcut for configuring the two existing commands with the same dot1p priority.
The dot1p dot1p-priority command is saved in the configuration as dot1p-in-profile dot1p-priority and dot1p-out-profile dot1p-priority. The inplus-profile traffic is marked with the same value as in-profile traffic. The exceed-profile traffic is marked with the same value as out-of-profile traffic.
Platforms
All
dot1p
Syntax
dot1p dot1p-value [ dot1p-mask]
no dot1p
Context
[Tree] (config>filter>mac-filter>entry>match dot1p)
Full Context
configure filter mac-filter entry match dot1p
Description
Configures an IEEE 802.1p value or range to be used as a MAC filter match criterion.
When a frame is missing the 802.1p bits, specifying an dot1p match criterion will fail for the frame and result in a non-match for the MAC filter entry.
The no form of the command removes the criterion from the match entry.
Egress dot1p value matching will only match if the customer payload contains the 802.1p bits. For example, if a packet ingresses on a null encapsulated SAP and the customer packet is IEEE 802.1Q or 802.1p tagged, the 802.1p bits will be present for a match evaluation. On the other hand, if a customer tagged frame is received on a dot1p encapsulated SAP, the tag will be stripped on ingress and there will be no 802.1p bits for a MAC filter match evaluation; in this case, any filter entry with a dot1p match criterion specified will fail.
Default
no dot1p
Parameters
- dot1p-value
-
Specifies the IEEE 802.1p value in decimal.
- dot1p-mask
-
Specifies a 3-bit mask that can be configured using the decimal integer, hexadecimal or binary format.
Table 2. Format Styles to Configure Mask Format Style
Format Syntax
Example
Decimal
D
4
Hexadecimal
0xH
0x4
Binary
0bBBB
0b100
To select a range from 4 up to 7 specify dot1p-value of 4 and a dot1p-mask of 0b100 for value and mask.
Platforms
All
dot1p
Syntax
dot1p dot1p-value [dot1p-mask]
Context
[Tree] (config>system>security>mgmt-access-filter>mac-filter>entry>match dot1p)
Full Context
configure system security management-access-filter mac-filter entry match dot1p
Description
This command configures Dot1p match conditions.
|
Format Style |
Format Syntax |
Example |
|---|---|---|
|
Decimal |
D |
4 |
|
Hexadecimal |
0xH |
0x4 |
|
Binary |
0bBBB |
0b100 |
Parameters
- dot1p-value
-
Specifies the IEEE 802.1p value in decimal.
- mask
-
Specifies the 3-bit mask can be configured using the following formats.
Platforms
All
dot1p
Syntax
dot1p dot1p-name
no dot1p
Context
[Tree] (config>test-oam>icmp>ping-template dot1p)
Full Context
configure test-oam icmp ping-template dot1p
Description
This command specifies values of the outer and inner dot1p bits for the VLAN when dot1q or qinq encapsulation is used. This field is not exposed to egress QoS policies.
The no form of this command reverts to the default value.
Default
dot1p 7
Parameters
- dot1p-name
-
Specifies the IEEE 802.1p value in decimal format.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
dot1p
Syntax
dot1p dot1p-priority
Context
[Tree] (config>test-oam>sath>svc-test>svc-stream>frm-payl>eth>c-tag dot1p)
[Tree] (config>test-oam>sath>svc-test>svc-stream>frm-payl>eth>s-tag dot1p)
Full Context
configure test-oam service-activation-testhead service-test service-stream frame-payload ethernet c-tag dot1p
configure test-oam service-activation-testhead service-test service-stream frame-payload ethernet s-tag dot1p
Description
This command configures the priority code point (dot1p) value for the VLAN.
Default
dot1p 7
Parameters
- dot1p-priority
-
Specifies the dot1p value.
Platforms
7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS