d Commands – Part III

Context

[Tree] (config>qos>network>egress>fc dot1p-in-profile)

Full Context

configure qos network egress fc dot1p-in-profile

Description

This command specifies dot1p in-profile mappings. The inplus-profile traffic is marked with the same value as in-profile traffic.

The no form of this command resets the configuration to the default in-profile dot1p-priority setting for policy-id 1.

Parameters

dot1p-priority

Specifies the unique IEEE 802.1p value that will match the dot1p rule. If the command is executed multiple times with the same dot1p-value, the previous forwarding class and enqueuing priority is completely overridden by the new parameters or defined to be inherited when a forwarding class or enqueuing priority parameter is missing.

A maximum of eight dot1p rules are allowed on a single policy.

Values

0 to 7

Platforms

All

Context

[Tree] (config>qos>sap-egress>fc dot1p-inner)

Full Context

configure qos sap-egress fc dot1p-inner

Description

This command explicitly configures the egress inner VLAN tag IEEE 802.1p (dot1p) bits marking for the forwarding class name. When the marking is set, all packets of the forwarding class name that have either an inner IEEE 802.1q or IEEE 802.1p encapsulation on a QinQ SAP will use the explicitly defined dot1p-value. If the egress packets for the forwarding class are not IEEE 802.1q or IEEE 802.1p QinQ encapsulated, this command has no effect.

The optional in-profile dot1p-value, out-profile dot1p-value, and exceed-profile dot1p-value parameters on the dot1p-inner command add the capability to mark the in-profile and out-of-profile status on an egress QinQ SAP. The command with the additional parameters may be used on the SAP when the internal in-profile, out-of-profile, and exceed-profile status needs to be communicated to an access network or customer device that does not support the DE bit. When the in-profile keyword is added, the rest of the structure must be specified. All inplus-profile traffic is marked with the same value as in-profile traffic.

When these commands are used, the DE bit or the equivalent field is left unchanged by the egress processing if an inner tag exists. If a new inner tag is added, the related DE bit is set to 0. The inplus/in, out, or exceed-profile status may be indicated using the DE bit setting if the de-mark or de-mark-inner command is used.

The two versions of the command (with and without parameters) are mutually exclusive.

This command takes precedence over the configure qos sap-ingress dot1p command if both are specified in the same policy, and over the default action where the marking is taken from a packet received at ingress.

The configuration of qinq-mark-top-only under the SAP egress takes precedence over the use of the dot1p-inner command in the policy; that is, the inner VLAN tag is not remarked when qinq-mark-top-only is configured. The marking used for the inner VLAN tag is based on the current default, which is governed by the marking of the packet received at the ingress to the system.

The no form of this command sets the inner IEEE 802.1p or IEEE 802.1q priority bits to 0.

Default

no dot1p-inner

Parameters

dot1p-value

Specifies the 802.1p value to set for in-profile frames in this forwarding class.

Values

0 to 7

in-profile dot1p-value

Specifies the 802.1p value to set for in-profile frames in this forwarding class.

Values

0 to 7

out-profile dot1p-value

Specifies the 802.1p value to set for out-of-profile frames in this forwarding class.

Values

0 to 7

exceed-profile dot1p-value

Specifies the 802.1p value to set for exceed-profile frames in this forwarding class.

Values

0 to 7

Platforms

All

Context

[Tree] (config>qos>network>egress>fc dot1p-out-profile)

Full Context

configure qos network egress fc dot1p-out-profile

Description

This command specifies dot1p out-of-profile mappings.

The exceed-profile traffic is marked with the same value as out-of-profile traffic.

The no form of this command resets the configuration to the default out-profile dot1p-priority setting for policy-id 1.

Parameters

dot1p-priority

Specifies the unique IEEE 802.1p value that will match the dot1p rule. If the command is executed multiple times with the same dot1p-value, the previous forwarding class and enqueuing priority is completely overridden by the new parameters or defined to be inherited when a forwarding class or enqueuing priority parameter is missing.

A maximum of eight dot1p rules are allowed on a single policy.

Values

0 to 7

Platforms

All

Context

[Tree] (config>qos>sap-egress>fc dot1p-outer)

Full Context

configure qos sap-egress fc dot1p-outer

Description

This command explicitly defines the egress outer or single VLAN tag IEEE 802.1p (dot1p) bits marking for fc-name. When the marking is set, all packets of fc-name that have either an outer or single IEEE 802.1q or IEEE 802.1p encapsulation on a qinq or a dot1p SAP, respectively, will use the explicitly defined dot1p-value. If the egress packets for fc-name are not IEEE 802.1q or IEEE 802.1p encapsulated, this command has no effect.

The optional in-profile dot1p-value out-profile dot1p-value [exceed-profile dot1p-value] parameters on the dot1p-outer command add the capability to mark the in, out, and exceed-profile status on an egress qinq or dot1p SAP. The command with the additional parameters may be used on the SAP when the internal in, out, and exceed-profile status needs to be communicated to an access network or customer device that does not support the DE bit.

When the in-profile keyword is added, the out-profile keyword must be specified; however, exceed-profile is optional. If the optional exceed-profile dot1p-value is not included, any exceed-profile traffic will be marked with the same dot1p value as configured for the out-of-profile traffic. All inplus-profile traffic is marked with the same value as in-profile traffic.

When these commands are used, the DE bit or the equivalent field is left unchanged by the egress processing if a single or outer tag exists. If a new tag is added, the related DE bit is set to 0. The in, out, or exceed-profile status may be indicated via the setting of the DE bit setting if the de-mark(-outer) command is used. The DE value used for inplus is the same as that used for in-profile and the one used for exceed-profile is the same as that used for out of profile.

In the PBB case, for a Backbone SAP (B-SAP) and for packets originated from a local I-VPLS/PBB-Epipe, the command dictates the marking of the dot1p bits for both the BVID and ITAG.

The two versions of the command (with and without parameters) are mutually exclusive.

This command takes precedence over the dot1p command if both are specified in the same policy, and over the default action where the marking is taken from a packet received at ingress.

The no form of the command sets the IEEE 802.1p or IEEE 802.1q priority bits to 0.

Default

no dot1p-outer

Parameters

dot1p-value

Specifies the 802.1p value to set for in-profile frames in this forwarding class.

Values

0 to 7

in-profile dot1p-value

Specifies the 802.1p value to set for in-profile frames in this forwarding class.

Values

0 to 7

out-profile dot1p-value

Specifies the 802.1p value to set for out-of-profile frames in this forwarding class.

Values

0 to 7

exceed-profile dot1p-value

Specifies the 802.1p value to set for exceed-profile frames in this forwarding class.

Values

0 to 7

Platforms

All

Context

[Tree] (config>service>system>bgp-evpn>eth-seg dot1q)

Full Context

configure service system bgp-evpn ethernet-segment dot1q

Description

This command creates the dot1q context for q-tag additions to the port or LAG virtual ES.

Platforms

All

Context

[Tree] (debug>oam>build-packet>packet>field-override>header dot1q)

[Tree] (config>test-oam>build-packet>header dot1q)

Full Context

debug oam build-packet packet field-override header dot1q

configure test-oam build-packet header dot1q

Description

This command creates a Dot1Q header and enables the context to define the associated parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>port>ethernet dot1q-etype)

Full Context

configure port ethernet dot1q-etype

Description

This command specifies the Ethertype expected when the port's encapsulation type is dot1q. Dot1q encapsulation is supported only on Ethernet interfaces.

The no form of this command reverts to the default value.

Parameters

value

Specifies the Ethertype to expect, in either decimal or hex.

Values

1536 to 65535 (0x0600 to 0xffff)

Default

If the encap-type is dot1p, then the default is 0x8100. If the encap-type is qinq, then the default is 0x8100.

Platforms

All

Context

[Tree] (config>pw-port dot1q-etype)

Full Context

configure pw-port dot1q-etype

Description

This command configures the Dot1q Ethertype on the PW port. The PW port is used to extract a customer's Ethernet traffic that is transported in a tunnel over an IP/MPLS network. The dot1q-etype represents the first two bytes (TPID) in the 802.1Q header of a single-tagged Ethernet frame or the inner 802.1Q header of the double-tagged Ethernet frame inside the tunnel.

The no form of this command removes the configuration.

Parameters

dot1q-etype

The value for the dot1q-etype field, in hexadecimal format.

Values

0x0600..0xFFFF

Default

0x8100

Platforms

All

Context

[Tree] (config>port>ethernet dot1x)

Full Context

configure port ethernet dot1x

Description

This command enables access to the context to configure port-specific 802.1x authentication attributes. This context can only be used when configuring a Fast Ethernet, Gigabit or 10-Gb Ethernet LAN ports on an appropriate MDA.

Platforms

All

Context

[Tree] (config>system>security dot1x)

Full Context

configure system security dot1x

Description

This command creates the context to configure 802.1x network access control on the router.

The no form of this command removes the 802.1x configuration.

Platforms

All

Context

[Tree] (config>service>ies>red-if>hold-time down)

[Tree] (config>service>vprn>if>hold-time down)

[Tree] (config>router>if>hold-time down)

[Tree] (config>service>vprn>nw-if>hold-time down)

[Tree] (config>service>ies>if>hold-time down)

[Tree] (config>service>vprn>sub-if>hold-time down)

[Tree] (config>service>vpls>if>hold-time down)

[Tree] (config>service>vprn>red-if>hold-time down)

[Tree] (config>service>ies>sub-if>hold-time down)

Full Context

configure service ies redundant-interface hold-time down

configure service vprn interface hold-time down

configure router interface hold-time down

configure service vprn network-interface hold-time down

configure service ies interface hold-time down

configure service vprn subscriber-interface hold-time down

configure service vpls interface hold-time down

configure service vprn redundant-interface hold-time down

configure service ies subscriber-interface hold-time down

Description

This command causes a delay in the activation of the associated IP interface by the specified number of seconds. The delay is invoked whenever the system attempts to bring the associated IP interface up, unless the init-only option is configured. If the init-only option is configured, the delay is only applied when the IP interface is first configured or after a system reboot.

The no form of this command removes the command from the active configuration and removes the delay in activating the associated IP interface. If the configuration is removed during a delay period, the currently running delay will continue until it completes.

Default

no down ip

Parameters

seconds

The time delay, in seconds, to make the interface operational.

Values

1 to 1200

init-only

Specifies that the down delay is only applied when the interface is configured or after a reboot.

Values

1 to 1200

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

• configure service ies redundant-interface hold-time down
• configure service vprn subscriber-interface hold-time down
• configure service vprn redundant-interface hold-time down
• configure service ies subscriber-interface hold-time down

All

• configure service vpls interface hold-time down
• configure service vprn network-interface hold-time down
• configure service ies interface hold-time down
• configure service vprn interface hold-time down
• configure router interface hold-time down

Context

[Tree] (config>subscr-mgmt>gtp>peer-profile>mme>qos down-link)

[Tree] (config>subscr-mgmt>gtp>peer-profile>ggsn>qos down-link)

[Tree] (config>subscr-mgmt>gtp>peer-profile>pgw>qos down-link)

Full Context

configure subscriber-mgmt gtp peer-profile mme qos down-link

configure subscriber-mgmt gtp peer-profile ggsn qos down-link

configure subscriber-mgmt gtp peer-profile pgw qos down-link

Description

This command configures the down-link bitrate in kb/s to be used in the GTP messages.

The no form of this command reverts to the default.

Default

down-link gbr 2000 mbr 2000

down-link gbr 2000 mbr 2000 - for ggsn

down-link gbr 0 mbr 0 - for mme and pgw

Parameters

gbr rate

Specifies the downlink Guaranteed Bit Rate (GBR) to be used in the GTP messages as QOS IE (GTPv1) or Bearer QOS (GTPv2).

mbr rate

Specifies the downlink Maximum Bit Rate (MBR) to be used in the GTP messages as QOS IE (GTPv1) or Bearer QOS (GTPv2).

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>port>ethernet down-on-internal-error)

Full Context

configure port ethernet down-on-internal-error

Description

This command configures the system to bring a port operationally down in the event the system has detected internal MAC transmit errors (Int MAC Tx Errs).

Default

no down-on-internal-error

Parameters

tx-disable

Specifies that the laser should be disabled if an internal MAC transmit error is encountered. When used, this option requires that the operator explicitly cycle the admin state of the port to clear the error and re-enable the laser.

Platforms

All

Context

[Tree] (config>service>epipe>pw-port down-on-peer-tldp-pw-status-faults)

Full Context

configure service epipe pw-port down-on-peer-tldp-pw-status-faults

Description

This command enables the PW port configured on an Epipe to go locally operationally down if any of the following status bits are received on a mate spoke-SDP across an FPE:

• 0x00000001 - Pseudowire Not Forwarding

• 0x00000002 - Local Attachment Circuit (ingress) Receive Fault

• 0x00000004 - Local Attachment Circuit (egress) Transmit Fault

• 0x00000008 - Local PSN-facing PW (ingress) Receive Fault

• 0x00000010 - Local PSN-facing PW (egress) Transmit Fault

The no form of the command specifies that the mate PW status fault bits are not taken into account in the operational state of the PW port.

Default

no down-on-peer-tldp-pw-status-faults

Platforms

All

Context

[Tree] (config>router>rsvp>dbw-accounting down-threshold)

Full Context

configure router rsvp dbw-accounting down-threshold

Description

This command sets the minimum change (in percent of the latest advertised value) above which a decrease in Maximum Reservable Link Bandwidth (MRLB) (IS-IS TE sub-TLV 10) or Maximum Reservable Bandwidth (MRB) (OSPF TE sub-TLV 7) triggers an IGP-TE update. This configuration only applies to a change in MRLB or MRB caused by dark bandwidth. Other events affecting MRLB/MRB (such as the change of the subscription factor or the loss of link in a LAG over which the RSVP interface is defined) trigger an immediate TE update, regardless of the importance of the impact.

Optionally, the threshold can also be expressed as an absolute value. In this case, the evaluation of the change is made using the percent change and the absolute change. An IGP-TE update is sent if both of these thresholds are crossed. Changing this parameter in the course of dark bandwidth accounting does not affect the accounting cycle.

Default

down-threshold 0

Parameters

percent-change

Specifies the minimum decrease in MRLB/MRB, expressed in percent.

Values

0 to 100

absolute-change

Specifies the minimum decrease in MRLB/MRB, expressed in Mb/s.

Values

0 to 1000000

Platforms

7750 SR, 7750 SR-s, 7950 XRS, VSR

Context

[Tree] (config>aaa>radius-srv-plcy>servers>health-check down-timeout)

Full Context

configure aaa radius-server-policy servers health-check down-timeout

Description

This command determines the interval to wait for a RADIUS reply message from the RADIUS server before a RADIUS server is declared out-of-service. By default, the value of the down-timeout is the number of retries multiplied by the timeout interval. Each host will use the configured timeout and retry value under the AAA RADIUS server policy.

timeout refers to the waiting period before the next retry attempt.

retry refers the number of times the host will attempt to contact the RADIUS server.

If a RADIUS server is declared out-of-service, the host pending retry attempts will move on to the next RADIUS server.

The no form of this command reverts to the default.

Parameters

minutes

Specifies the timer to wait, in minutes, before declaring the RADIUS server that is down.

Values

1 to 5

seconds

Specifies the timer to wait, in seconds, before declaring the RADIUS server that is down.

Values

1 to 59

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>port>ethernet down-when-looped)

Full Context

configure port ethernet down-when-looped

Description

This command configures Ethernet loop detection attributes.

Platforms

All

Context

[Tree] (config>subscr-mgmt>gtp>apn-policy>apn>ambr-qos-mapping downlink)

Full Context

configure subscriber-mgmt gtp apn-policy apn ambr-qos-mapping downlink

Description

When enabled, the downlink rate in the APN-AMBR IE in an incoming GTP message is interpreted as a rate override for the specified egress QoS object. For queues and policers, the PIR is overridden.

This override uses standard SR OS QoS overrides. Therefore, a subsequent Gx/RADIUS-based override removes this override.

The no form of this command disables the override mechanism.

Default

no downlink

Parameters

aggregate-rate

Specifies the aggregate rate.

arbiter-name

Specifies the name of the arbiter to be overridden, up to 32 characters.

policer-id

Specifies the ID of the policer to be overridden.

Values

1 to 63

queue-id

Specifies the ID of the queue to be overridden.

Values

1 to 8

scheduler-name

Specifies the name of the scheduler to be overridden, up to 32 characters.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>sla-prof>pfcp>seq downlink-mbr-gbr)

Full Context

configure subscriber-mgmt sla-profile pfcp-mappings session-qer downlink-mbr-gbr

Description

This command configures the downlink MBR/GBR to QoS override mapping.

The no form of the command disables the downlink MBR/GBR mapping.

Default

no downlink-mbr-gbr

Parameters

aggregate-rate

Maps the MBR/GBR to a rate override for the aggregate rate.

arbiter-name

Specifies the arbiter target of the MBR/GBR override. The arbiter name can be up to 32 characters.

policer-id

Specifies the policer ID target of the MBR/GBR override.

Values

1 to 63

queue-id

Specifies the queue ID target of the MBR/GBR override.

Values

1 to 8

scheduler-name

Specifies the scheduler name target of the MBR/GBR override. The scheduler name can be up to 32 characters.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>aaa>route-downloader download-interval)

Full Context

configure aaa route-downloader download-interval

Description

This command sets the time interval, in minutes, that the system waits for between two consecutive runs of the route-download process. The time is counted from the start-time of the run, thus, if an route-download process is still ongoing by the time the timer expires, the process will restart from count=1.

The no form of this command reverts to the default value.

Default

download-interval 720

Parameters

minutes

Specifies the time interval, in minutes, between the start of the last route downloader run and the start of the next route downloader run.

Values

1 to 1440

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vprn>nat>inside downstream-ip-filter)

Full Context

configure service vprn nat inside downstream-ip-filter

Description

This command assigns an IPv4 filter policy to the downstream NAT interface. This filter is applied to downstream traffic after the NAT function is applied but before it enters the inside VPRN instance.

The no form of the command removes the filter from the configuration.

Default

no downstream-ip-filter

Parameters

filter-id

Specifies an existing IPv4 filter policy. Values can be expressed either as a decimal integer or as an ASCII string of up to 64 characters.

Values

1 to 65535, or ASCII string of up to 64 characters

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vprn>nat>outside downstream-ip-filter)

[Tree] (config>router>nat>outside downstream-ip-filter)

Full Context

configure service vprn nat outside downstream-ip-filter

configure router nat outside downstream-ip-filter

Description

This command specifies a filter to apply to the downstream traffic after routing in the outside virtual router instance and before the NAT function; it is useful for traffic that bypasses the egress filters applied in the inside virtual router instance, such as DS-Lite traffic.

The no form of the command removes the filter from the configuration.

Default

no downstream-ip-filter

Parameters

filter-id

Specifies a filter up to 64 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>router>nat>outside downstream-ipv6-filter)

[Tree] (config>service>vprn>nat>outside downstream-ipv6-filter)

Full Context

configure router nat outside downstream-ipv6-filter

configure service vprn nat outside downstream-ipv6-filter

Description

This command configures the ipv6-filter for downstream traffic. This filter is applied to downstream traffic after it leaves the outside virtual router instance but before the NAT function is applied. This is useful for shared v6 filters that apply to all v6 DSM hosts.

The no form of the command removes the filter from the configuration.

Default

no downstream-ipv6-filter

Parameters

filter-id

Specifies an IPv6 filter up to 64 characters in length.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>saa>test>type-multi-line>lsp-trace>sr-policy downstream-map-tlv)

Full Context

configure saa test type-multi-line lsp-trace sr-policy downstream-map-tlv

Description

This command configures the downstream mapping TLV that provides a mechanism for the sender and responder nodes to exchange and validate interface and label stack information for each downstream hop in the path of the LDP FEC an RSVP LSP, or a BGP IPv4 or IPv6 label route.

The following downstream mapping TLVs are supported: the original Downstream Mapping (DSMAP) TLV defined in RFC 4379 (obsoleted by RFC 8029) and the Downstream Detailed Mapping (DDMAP) TLV defined in RFC 6424.

The no form of this command removes the configuration.

Parameters

downstream-map-tlv

Specifies which format of the downstream mapping TLV to use in the LSP trace packet. The DSMAP TLV is the original format in RFC 4379 (obsoleted by RFC 8029). The DDMAP is the new enhanced format specified in RFC 6424. The user can also choose not to include the downstream mapping TLV by entering the value none. When lsp-trace is used on a MPLS-TP LSP (static option), it can only be executed if the control-channel is set to none. In addition, the DSMAP/DDMAP TLV is only included in the echo request message if the egress interface is either a numbered IP interface or an unnumbered IP interface. The TLV is not included if the egress interface is of type unnumbered-mpls-tp.

Values

ddmap: Sends a detailed downstream mapping TLV.

dsmap: Sends a downstream mapping TLV.

none: No mapping TLV is sent.

Default

Inherited from global configuration of downstream mapping TLV in option mpls-echo-request-downstream-map {dsmap | ddmap}.

Platforms

All

Context

[Tree] (config>router>p2mp-sr-tree>replication-segment>sr-mpls downstream-nodes)

Full Context

configure router p2mp-sr-tree replication-segment segment-routing-mpls downstream-nodes

Description

This command configures a downstream node entry for the replication segment. A replication segment can have multiple downstream nodes used at a replication node where there are multiple outgoing interfaces or protection next hops.

The no form of this command removes the specified entry from the replication segment.

Parameters

downstream-nodes-index

Specifies the next-hop ID.

Values

1 to 4096

Platforms

All

Context

[Tree] (config>ipsec>ike-policy dpd)

Full Context

configure ipsec ike-policy dpd

Description

This command controls the dead peer detection mechanism.

The no form of this command removes the parameters from the configuration.

Default

no dpd

Parameters

interval

Specifies the DPD interval, in seconds. Since more time is necessary to determine if there is incoming traffic, the actual time needed to bring down the tunnel is larger than the DPD interval multiplied by max-retries.

Values

10 to 300

Default

30

max-retries

Specifies the maximum number of retries before the tunnel is removed.

Values

2 to 5

Default

3

reply-only

Specifies whether to initiate a DPD request if there is an incoming ESP or IKE packet. Issuing the command without the reply-only keyword does not initiate a DPD request if there is an incoming ESP packet.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vpls>bind>evpn-mcast-gateway dr-activation-timer)

Full Context

configure service vpls allow-ip-int-bind evpn-mcast-gateway dr-activation-timer

Description

This command configures the designated router (DR) activation timer for the EVPN gateway.

After the DR activation timer expires, each provider edge router (PE) runs the MEG or PEG DR election. The timer allows the PE to collect Inclusive Multicast Ethernet Tag routes from other MEG/PEG gateways and avoid running the DR election multiple times. The DR triggers the MEG/PEG first-hop and last-hop router actions on the router.

Default

dr-activation-timer 3

Parameters

seconds

Specifies DR election wait time, in seconds.

Values

0 to 100

Platforms

All

Context

[Tree] (config>service>vprn>dhcp>server>pool>subnet drain)

Full Context

configure service vprn dhcp local-dhcp-server pool subnet drain

Description

This command means no new leases can be assigned from this subnet and existing leases are cleaned up upon renew/rebind.

The no form of this command means the subnet is active and new leases can be assigned from it.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vprn>nat>outside>pool>address-range drain)

[Tree] (config>router>nat>outside>pool>address-range drain)

Full Context

configure service vprn nat outside pool address-range drain

configure router nat outside pool address-range drain

Description

This command starts or stops draining this NAT address range. When an address-range is being drained, it will not be used to serve new hosts. Existing hosts, however, will still be able to use the address that was assigned to them even if it is being drained. An address-range can only be deleted if the parent pool is shut down or if the range itself is effectively drained (hosts are no longer using the addresses).

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>app-assure>group>policy>aqp>entry>action drop)

Full Context

configure application-assurance group policy app-qos-policy entry action drop

Description

This command configures the drop action on flows matching this AQP entry. When enabled, all flow traffic matching this AQP entry will be dropped. When drop action is part of a set of multiple actions to be applied to a single flow as result of one or more AQP entry match, drop action will be performed first and no other action will be invoked on that flow.

The no form of this command disables the drop action on flows matching this AQP entry.

Default

no drop

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>filter>ip-filter>entry>action drop)

Full Context

configure filter ip-filter entry action drop

Description

This command configures the drop action for the traffic that matches this filter entry.

Traffic can, also, be dropped based on pkt-length, packet-length range, ttl, ttl range, or a pattern of conditional match criteria.

Packets that match the filter entry match criteria, and not the conditional match criteria value, are implicitly forwarded with no further match in the following filter entries.

For pattern match:

• the expression is left-aligned for odd number bytes, for example, the expression 0xABC is programmed 0x0ABC in the line card

• the 'data' offset requires protocol UDP or TCP to be selected in the filter entry match criteria.

Parameters

packet-length

Specifies drop packets matching both the filter entry match criteria and the packet-length value defined in the drop action statement. Packets matching the filter entry match criteria and not matching the packet-length value, as defined in the drop action statement, are implicitly forwarded with no further match in the following filter entries.

Values

lt — Specifies "less than”. The lt parameter cannot be used with the lowest possible numerical value for the parameter.

gt — Specifies "greater than”. The gt parameter cannot be used with the highest possible numerical value for the parameter.

eq — Specifies "equal to”.

packet-length-value

Specifies the packet length value for the rate limit action.

Values

0 to 65535

range

Specifies an inclusive range. When range is used, the start of the range (the first value entered) must be smaller than the end of the range (the second value entered).

expression

Specifies the hexadecimal pattern to match; up to eight bytes.

Values

0x0000000000000001 to 0xffffffffffffffff

mask

Specifies the mask for the pattern expression, up to eight bytes.

Values

0x0000000000000001 to 0xffffffffffffffff

offset-type

Specifies the starting point reference for the offset-value of this pattern.

Values

layer-3, layer-4, data, dns-qtype

offset-value

Specifies the offset value for the pattern expression. Dns-qtype supports offset value of 0.

Values

0 to 255

ttl-value

Specifies drop packets matching both the filter entry match criteria and the TTL value defined in the drop action statement. Packets matching the filter entry match criteria and not matching the TTL value, as defined in the drop action statement, are implicitly forwarded with no further match in the following filter entries.

Values

0 to 255

Platforms

All

Context

[Tree] (config>filter>ipv6-filter>entry>action drop)

Full Context

configure filter ipv6-filter entry action drop

Description

This command configures the drop action for the traffic that matches this filter entry.

Traffic can, also, be dropped based on payload-length, payload-length range, hop-limit, hop-limit range, or a pattern of conditional match criteria.

Packets that match the filter entry match criteria, but do not match the conditional match criteria value, are implicitly forwarded with no further match in the following filter entries.

For pattern match:

• the expression is left-aligned for the odd number bytes, for example, the expression 0xABC is programmed 0x0ABC in the line card

• the 'data' offset requires protocol UDP or TCP to be selected in the filter entry match criteria

Parameters

hop-limit

Specifies the hop-limit value for the drop action.

Values

lt — Specifies "less than”. The lt parameter cannot be used with the lowest possible numerical value for the parameter.

eq — Specifies "equal to”.

gt — Specifies "greater than”. The gt parameter cannot be used with the highest possible numerical value for the parameter.

hop-limit-value

Specifies the hop-limit value for the drop action.

Values

0 to 255

range

Specifies an inclusive range. When the range parameter is used, the start of the range (the first value entered) must be smaller than the end of the range (the second value entered).

expression

Specifies the hexadecimal pattern to match; up to eight bytes.

Values

0x0000000000000001 to 0xffffffffffffffff

mask

Specifies the mask for the pattern expression, up to eight bytes.

Values

0x0000000000000001 to 0xffffffffffffffff

offset-type

Specifies the starting point reference for the offset-value of this pattern.

Values

layer-3, layer-4, data, dns-qtype

offset-value

Specifies the offset value for the pattern expression. Dns-qtype supports offset value of 0.

Values

0 to 255

payload-length

Specifies drop packets matching both the filter entry match criteria and the payload-length-value defined in the drop action statement. Packets matching the filter entry match criteria and not matching the payload-length-value, as defined in the drop action statement, are implicitly forwarded with no further match in the following filter entries.

Values

lt — Specifies "less than”. The lt parameter cannot be used with the lowest possible numerical value for the parameter.

gt — Specifies "greater than”. The gt parameter cannot be used with the highest possible numerical value for the parameter.

eq — Specifies "equal to”.

payload-length-value

Specifies the payload length value for the drop action.

Values

0 to 65535

Platforms

All

Context

[Tree] (config>filter>mac-filter>entry>action drop)

Full Context

configure filter mac-filter entry action drop

Description

This command sets the MAC filter entry action to drop.

Platforms

All

Context

[Tree] (config>service>vprn>static-route-entry>indirect>cpe-check drop-count)

[Tree] (config>service>vprn>static-route-entry>next-hop>cpe-check drop-count)

Full Context

configure service vprn static-route-entry indirect cpe-check drop-count

configure service vprn static-route-entry next-hop cpe-check drop-count

Description

This optional parameter specifies the number of consecutive ping-replies that must be missed to declare the CPE down and to deactivate the associated static route.

Default

drop-count 3

Parameters

count

An integer count value.

Values

1 to 255

Platforms

All

Context

[Tree] (config>filter>redirect-policy>dest>ping-test drop-count)

Full Context

configure filter redirect-policy destination ping-test drop-count

Description

This command specifies the number of consecutive requests that must fail for the destination to be declared unreachable and the time to hold destination unreachable before repeating tests.

Default

drop-count 3 hold-down 0

Parameters

consecutive-failures

Specifies the number of consecutive ping test failures before declaring the destination down.

Values

1 to 60

hold-down seconds

Specifies the amount of time, in seconds, that the system should be held down if any of the test has marked it unreachable.

Values

0 to 86400

Platforms

All

Context

[Tree] (config>router>static-route-entry>next-hop>cpe-check drop-count)

[Tree] (config>router>static-route-entry>indirect>cpe-check drop-count)

Full Context

configure router static-route-entry next-hop cpe-check drop-count

configure router static-route-entry indirect cpe-check drop-count

Description

This optional parameter specifies the number of consecutive ping-replies that must be missed to declare the CPE down and to deactivate the associated static route.

Default

drop-count 3

Parameters

count

Specifies the integer count value.

Values

1 to 255

Platforms

All

Context

[Tree] (config>service>vprn>sub-if>grp-if>sap>static-host>managed-routes>route-entry>cpe-check drop-count)

[Tree] (config>service>ies>sub-if>grp-if>sap>static-host>managed-routes>route-entry>cpe-check drop-count)

Full Context

configure service vprn subscriber-interface group-interface sap static-host managed-routes route-entry cpe-check drop-count

configure service ies subscriber-interface group-interface sap static-host managed-routes route-entry cpe-check drop-count

Description

This command configures the number of consecutive ping replies that must be missed to declare the CPE down.

Default

drop-count 3

Parameters

count

Specifies the count value.

Values

1 to 255

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>vrrp>policy>priority-event>host-unreachable drop-count)

Full Context

configure vrrp policy priority-event host-unreachable drop-count

Description

This command configures the number of consecutively sent ICMP echo request messages that must fail before the host unreachable priority control event is set.

The drop-count command is used to define the number of consecutive message send attempts that must fail for the host-unreachable priority event to enter the set state. Each unsuccessful attempt increments the event’s consecutive message drop counter. With each successful attempt, the event’s consecutive message drop counter resets to zero.

If the event’s consecutive message drop counter reaches the drop-count value, the host-unreachable priority event enters the set state.

The event’s hold-set value defines how long the event must stay in the set state even when a successful message attempt clears the consecutive drop counter. The event is not cleared until the consecutive drop counter is less than the drop-count value and the hold-set timer has a value of zero (expired).

The no form of the command reverts to the default value.

Default

drop-count 3 — 3 consecutive ICMP echo request failures are required before the host unreachable priority control event is set.

Parameters

count

The number of ICMP echo request message attempts that must fail for the event to enter the set state. It also defines the threshold so a lower consecutive number of failures can clear the event state.

Values

1 to 60

Platforms

All

Context

[Tree] (config>filter>ipv6-filter>entry>action drop-extracted-traffic)

[Tree] (config>filter>ip-filter>entry>action drop-extracted-traffic)

Full Context

configure filter ipv6-filter entry action drop-extracted-traffic

configure filter ip-filter entry action drop-extracted-traffic

Description

This command specifies that a packet matching this filter entry is dropped if extracted to the CPM. Packets matching the filter entry match criteria and not extracted to the CPM are forwarded with no further match in the following filter entries.

Platforms

All

Context

[Tree] (config>router>bgp>group>srv6>route drop-routes-with-srv6-tlvs)

[Tree] (config>router>bgp>group>neighbor>srv6>route drop-routes-with-srv6-tlvs)

Full Context

configure router bgp group segment-routing-v6 route-advertisement drop-routes-with-srv6-tlvs

configure router bgp group neighbor segment-routing-v6 route-advertisement drop-routes-with-srv6-tlvs

Description

This command configures the router to drop and not advertise BGP routes (that belong to any address family) with SRv6 TLVs.

The no form of this command configures the router to advertise BGP routes with SRv6 TLVs.

Default

no drop-routes-with-srv6-tlvs

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

Context

[Tree] (config>mcast-mgmt>bw-plcy>t2>prim-path>queue drop-tail)

[Tree] (config>mcast-mgmt>bw-plcy>t2>sec-path>queue drop-tail)

Full Context

configure mcast-management bandwidth-policy t2-paths primary-path queue-parameters drop-tail

configure mcast-management bandwidth-policy t2-paths secondary-path queue-parameters drop-tail

Description

Commands in this context configure queue drop-tail parameters.

Platforms

7450 ESS, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-7/12/12e, 7750 SR-s, 7950 XRS, VSR

Context

[Tree] (config>service>vpls>sap>ingress>queue-override>queue drop-tail)

[Tree] (config>service>vpls>sap>egress>queue-override>queue drop-tail)

[Tree] (config>service>ies>if>sap>egress>queue-override>queue drop-tail)

[Tree] (config>service>ies>if>sap>ingress>queue-override>queue drop-tail)

Full Context

configure service vpls sap ingress queue-override queue drop-tail

configure service vpls sap egress queue-override queue drop-tail

configure service ies interface sap egress queue-override queue drop-tail

configure service ies interface sap ingress queue-override queue drop-tail

Description

Commands in this context configure queue drop tail parameters.

Platforms

All

Context

[Tree] (config>port>eth>access>egr>qgrp>qover>q drop-tail)

[Tree] (config>port>eth>access>ing>qgrp>qover>q drop-tail)

[Tree] (config>port>ethernet>network>egr>qgrp>qover>q drop-tail)

Full Context

configure port ethernet access egress queue-group queue-overrides queue drop-tail

configure port ethernet access ingress queue-group queue-overrides queue drop-tail

configure port ethernet network egress queue-group queue-overrides queue drop-tail

Description

Commands in this context configure queue drop tail parameters.

Platforms

All

Context

[Tree] (config>service>ipipe>sap>ingress>queue-override>queue drop-tail)

[Tree] (config>service>ipipe>sap>egress>queue-override>queue drop-tail)

[Tree] (config>service>epipe>sap>egress>queue-override>queue drop-tail)

[Tree] (config>service>cpipe>sap>ingress>queue-override>queue drop-tail)

[Tree] (config>service>cpipe>sap>egress>queue-override>queue drop-tail)

[Tree] (config>service>epipe>sap>ingress>queue-override>queue drop-tail)

Full Context

configure service ipipe sap ingress queue-override queue drop-tail

configure service ipipe sap egress queue-override queue drop-tail

configure service epipe sap egress queue-override queue drop-tail

configure service cpipe sap ingress queue-override queue drop-tail

configure service cpipe sap egress queue-override queue drop-tail

configure service epipe sap ingress queue-override queue drop-tail

Description

Commands in this context configure queue drop tail parameters.

Platforms

All

• configure service epipe sap egress queue-override queue drop-tail
• configure service ipipe sap egress queue-override queue drop-tail
• configure service ipipe sap ingress queue-override queue drop-tail
• configure service epipe sap ingress queue-override queue drop-tail

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

• configure service cpipe sap ingress queue-override queue drop-tail
• configure service cpipe sap egress queue-override queue drop-tail

Context

[Tree] (config>service>vprn>if>sap>ingress>queue-override>queue drop-tail)

[Tree] (config>service>vprn>if>sap>egress>queue-override>queue drop-tail)

Full Context

configure service vprn interface sap ingress queue-override queue drop-tail

configure service vprn interface sap egress queue-override queue drop-tail

Description

Commands in this context configure queue drop tail parameters.

Platforms

All

Context

[Tree] (config>qos>sap-egress>queue drop-tail)

[Tree] (config>qos>sap-ingress>queue drop-tail)

Full Context

configure qos sap-egress queue drop-tail

configure qos sap-ingress queue drop-tail

Description

Commands in this context configure queue drop tail parameters.

Platforms

All

Context

[Tree] (config>qos>network-queue>queue drop-tail)

Full Context

configure qos network-queue queue drop-tail

Description

Commands in this context configure queue drop tail parameters.

Platforms

All

Context

[Tree] (config>qos>qgrps>egr>qgrp>queue drop-tail)

[Tree] (config>qos>qgrps>ing>qgrp>queue drop-tail)

Full Context

configure qos queue-group-templates egress queue-group queue drop-tail

configure qos queue-group-templates ingress queue-group queue drop-tail

Description

Commands in this context configure queue drop-tail parameters.

Platforms

All

Context

[Tree] (config>qos>shared-queue>queue drop-tail)

Full Context

configure qos shared-queue queue drop-tail

Description

Commands in this context configure queue drop tail parameters.

Platforms

All

Context

[Tree] (config>service>vprn>nat>inside>subscriber-identification drop-unidentified-traffic)

[Tree] (config>router>nat>inside>subscriber-identification drop-unidentified-traffic)

Full Context

configure service vprn nat inside subscriber-identification drop-unidentified-traffic

configure router nat inside subscriber-identification drop-unidentified-traffic

Description

When this command denies address translation to subscribers that have not been identified via accounting messages sent by BNG and received by Radius accounting proxy. This command has effect only in Subscriber Aware Application.

Default

no drop-unidentified-traffic

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vprn>nat>inside>nat64 drop-zero-ipv4-checksum)

Full Context

configure service vprn nat inside nat64 drop-zero-ipv4-checksum

Description

This command specifies if UDP datagrams with zero IPv4 checksum are dropped.

If this command is disabled, the system calculates the IPv6 checksum for each such datagram.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vprn>nat>inside>nat64 drop-zero-ipv4-checksum)

[Tree] (config>router>nat>inside>nat64 drop-zero-ipv4-checksum)

Full Context

configure service vprn nat inside nat64 drop-zero-ipv4-checksum

configure router nat inside nat64 drop-zero-ipv4-checksum

Description

This command enables the NAT64 node to drop received UDP datagrams with zero IPv4 checksum. By default, checksum is re-calculated for non-fragmented datagrams.

The no form of the command disables the command.

Default

disabled

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (debug>subscr-mgmt>vrgw>brg>pppoe-client>brg-id dropped-only)

Full Context

debug subscriber-mgmt vrgw brg pppoe-client brg-id dropped-only

Description

This command specifies that only packets that are dropped by the vRGW will be shown in debugging.

Default

dropped-only

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>port>tdm ds1)

Full Context

configure port tdm ds1

Description

Commands in this context configure digital signal level 1 (DS-1) frame parameters. The T-Carrier system was the first successful system that supported digitized voice transmission. The original transmission rate (1.544 Mb/s) in the T-1 (DS-1) line is commonly used by Internet service providers (ISPs) to connect to the Internet.

North America uses the T-Carrier system while Europe uses the E-Carrier system of transmission, using multiples of the DS- system. Digital signals are carried inside the carrier systems.

T-1 transmits DS-1-formatted data at 1.544 Mb/s through the network. The corresponding European carrier is E-1 with a data rate of 2.048 Mb/s. E-1 and T-1 (DS-1) can be interconnected for international use.

The no form of this command disables DS-1 capabilities.

Parameters

ds1-id

Identifies the DS-1 channel being created.

Values

DS1: 1 to 28, ds1-sonet-sdh-index

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e

Context

[Tree] (config>port>tdm ds3)

Full Context

configure port tdm ds3

Description

Commands in this context configure DS-3 parameters. DS-3 lines provide a speed of 44.736 Mb/s and is also frequently used by service providers. DS-3 lines carry 28 DS-1 signals and a 44.736 Mb/s data rate.

A DS-3 connection typically supports data rates of about 43 Mb/s. A T-3 line actually consists of 672 individual channels, each supporting 64 kb/s. T-3 lines are used mainly by Service Providers to connect to the Internet backbone and for the backbone itself.

Depending on the MDA type, the DS-3 parameters must be disabled if clear channel is enabled by default (for example, on the m12-ds3 MDA). Clear channel is a channel that uses out-of-band signaling, not in-band signaling, so the channel's entire bit rate is available. Channelization must be explicitly specified. Note that if DS-3 nodes are provisioned on a channelized SONET/SDH MDA you must provision the parent STS-1 SONET/STM0 SDH path first.

North America uses the T-Carrier system while Europe uses the E-Carrier system of transmission, using multiples of the DS system. Digital signals are carried inside the carrier systems.

The no form of this command disables DS-3 capabilities.

Parameters

sonet-sdh-index

Specifies the components making up the specified SONET/SDH Path. Depending on the type of SONET/SDH port the sonet-sdh-index must specify more path indexes to specify the payload location of the path. The sonet-sdh-index differs for SONET and SDH ports.

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e

Context

[Tree] (config>qos>sap-ingress>mac-criteria>entry>match dsap)

Full Context

configure qos sap-ingress mac-criteria entry match dsap

Description

Configures an Ethernet 802.2 LLC DSAP value or range for an ingress SAP QoS policy match criterion.

This is a 1-byte field that is part of the 802.2 LLC header of the IEEE 802.3 Ethernet Frame.

The snap-pid field, etype field, ssap, and dsap fields are mutually exclusive and cannot be part of the same match criteria.

Use the no form of this command to remove the dsap value as the match criterion.

Default

no dsap

Parameters

dsap-value

The 8-bit dsap match criteria value in hexadecimal.

Values

0x00 to 0xFF (hex)

dsap-mask

This is optional and can be used when specifying a range of dsap values to use as the match criteria.

This 8-bit mask can be configured using the following formats.

Table 1. Format Styles to Configure Mask

Format Style	Format Syntax	Example
Decimal	DDD	240
Hexadecimal	0xHH	0xF0
Binary	0bBBBBBBBB	0b11110000

Values

0x00 to 0xFF (hex)

Default

FF

Platforms

All

Context

[Tree] (config>filter>mac-filter>entry>match dsap)

Full Context

configure filter mac-filter entry match dsap

Description

Configures an Ethernet 802.2 LLC DSAP value or range for a MAC filter match criterion.

This is a one-byte field that is part of the 802.2 LLC header of the IEEE 802.3 Ethernet Frame.

The snap-pid field, etype field, ssap and dsap fields are mutually exclusive and may not be part of the same match criteria.

Use the no form of the command to remove the dsap value as the match criterion.

Default

no dsap

Parameters

dsap-value

Specifies the 8-bit dsap match criteria value which can be expressed in decimal integer, hexadecimal or binary format.

Values

0 to 255

dsap-mask

Specifies an optional parameter that may be used when specifying a range of dsap values to use as the match criteria.

This 8 bit mask can be configured using the decimal integer, hexadecimal or binary formats described in the following table.

Table 2. Format Styles to Configure Mask

Format Style	Format Syntax	Example
Decimal	DDD	240
Hexadecimal	0xHH	0xF0
Binary	0bBBBBBBBB	0b11110000

Default

255 (exact match)

0x00 to 0xFF

Values

0 to 255

Platforms

All

Context

[Tree] (config>system>security>mgmt-access-filter>mac-filter>entry>match dsap)

Full Context

configure system security management-access-filter mac-filter entry match dsap

Description

This command configures DSAP match conditions.

Parameters

dsap-value

Specifies the 8-bit DSAP match criteria value in hexadecimal.

Values

0x00 to 0xFF (hex)

mask

Specifies a range of DSAP values to use as the match criteria.

This 8 bit mask can be configured using the formats described in Format Styles:

Table 3. Format Styles

Format Style	Format Syntax	Example
Decimal	DDD	240
Hexadecimal	0xHH	0xF0
Binary	0bBBBBBBBB	0b11110000

Default

FF (hex) (exact match)

Values

0x00 to 0xFF

Platforms

All

Context

[Tree] (config>subscr-mgmt>cat-map>category>exh-lvl>ingr-ip>entry>match dscp)

[Tree] (config>subscr-mgmt>cat-map>category>exh-lvl>egr-ip>entry>match dscp)

[Tree] (config>subscr-mgmt>cat-map>category>exh-lvl>ingr-ipv6>entry>match dscp)

[Tree] (config>subscr-mgmt>cat-map>category>exh-lvl>egr-ipv6>entry>match dscp)

Full Context

configure subscriber-mgmt category-map category exhausted-credit-service-level ingress-ip-filter-entries entry match dscp

configure subscriber-mgmt category-map category exhausted-credit-service-level egress-ip-filter-entries entry match dscp

configure subscriber-mgmt category-map category exhausted-credit-service-level ingress-ipv6-filter-entries entry match dscp

configure subscriber-mgmt category-map category exhausted-credit-service-level egress-ipv6-filter-entries entry match dscp

Description

This command configures DSCP match conditions.

The no form of this command reverts to the default.

Parameters

dscp-name

Specifies the DSCP name, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>ies>if>sap>ip-tunnel dscp)

Full Context

configure service ies interface sap ip-tunnel dscp

Description

This command sets the DSCP code-point in the outer IP header of encapsulated packets associated with a particular tunnel.

The no form of this command copies the DSCP value from the inner IP header (after remarking by the private tunnel SAP egress qos policy) to the outer IP header.

Default

no dscp

Parameters

dscp

Specifies the DSCP code-point to be used.

Values

be, cp1, cp2, cp3, cp4, cp5, cp6, cp7, cs1, cp9, af11, cp11, af12, cp13, af13, cp15, cs2, cp17, af21, cp19, af22, cp21, af23, cp23, cs3, cp25, af31, cp27, af32, cp29, af33, cp31, cs4, cp33, af41, cp35, af42, cp37, af43, cp39, cs5, cp41, cp42, cp43, cp44, cp45, ef, cp47, nc1, cp49, cp50, cp51, cp52, cp53, cp54, cp55, nc2, cp57, cp58, cp59, cp60, cp61, cp62, cp63

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>router>sgt-qos dscp)

[Tree] (config>service>vprn>sgt-qos dscp)

Full Context

configure router sgt-qos dscp

configure service vprn sgt-qos dscp

Description

This command creates a mapping between the DiffServ Code Point (DSCP) of the self-generated traffic and the forwarding class.

Self-generated traffic that matches the specified DSCP will be assigned to the corresponding forwarding class. Multiple commands can be entered to define the association of some or all 64 DSCPs to the forwarding class.

All DSCP names that define a DSCP value must be explicitly defined.

The no form of this command removes the DSCP-to-forwarding class association.

Parameters

dscp-name

Specifies the name of the DSCP to be associated with the forwarding class. DiffServ code point can only be specified by its name and only an existing DiffServ code point can be specified. The software provides names for the well-known code points.

Values

be, ef, cp1, cp2, cp3, cp4, cp5, cp6, cp7, cp9, cs1, cs2, cs3, cs4, cs5, nc1, nc2, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, cp11, cp13, cp15, cp17, cp19, cp21, cp23, cp25, cp27, cp29, cp31, cp33, cp35, cp37, cp39, cp41, cp42, cp43, cp44, cp45, cp47, cp49, cp50, cp51, cp52, cp53, cp54, cp55, cp57, cp58, cp59, cp60, cp61, cp62, cp63

fc fc-name

Specifies the forwarding class name. All packets with a DSCP value or MPLS EXP bit that are not defined will be placed in this forwarding class.

Values

be, l2, af, l1, h2, ef, h1, nc

Platforms

All

Context

[Tree] (config>service>vprn>if>sap>ip-tunnel dscp)

Full Context

configure service vprn interface sap ip-tunnel dscp

Description

This command sets the DSCP code-point in the outer IP header of GRE encapsulated packets associated with a particular GRE tunnel. The default, set using the no form of this command, is to copy the DSCP value from the inner IP header (after remarking by the private tunnel SAP egress qos policy) to the outer IP header.

Default

no dscp

Parameters

dscp

Specifies the DSCP code-point to be used.

Values

be, cp1, cp2, cp3, cp4, cp5, cp6, cp7, cs1, cp9, af11, cp11, af12, cp13, af13, cp15, cs2, cp17, af21, cp19, af22, cp21, af23, cp23, cs3, cp25, af31, cp27, af32, cp29, af33, cp31, cs4, cp33, af41, cp35, af42, cp37, af43, cp39, cs5, cp41, cp42, cp43, cp44, cp45, ef, cp47, nc1, cp49, cp50, cp51, cp52, cp53, cp54, cp55, nc2, cp57, cp58, cp59, cp60, cp61, cp62, cp63

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>app-assure>group>policy>aqp>entry>action>remark dscp)

Full Context

configure application-assurance group policy app-qos-policy entry action remark dscp

Description

Commands in this context configure DSCP remark action or actions on flows matching this AQP entry. When enabled, all packets for all flows matching this AQP entry will be remarked to the configured DSCP name.

DSCP remark can only be applied when the entry remarks forwarding class or forwarding class and priority. In-profile and out-of profile of a given packet for DSCP remark is assessed after all AQP policing and priority remarking actions took place.

The no form of this command stops DSCP remarking action on flows matching this AQP entry.

Default

no dscp

Parameters

in-profile dscp-name

Specifies the DSCP name to use to remark in-profile flows that match this policy.

out-profile dscp-name

Specifies the DSCP name to use to remark out-of-profile flows that match this policy.

Values

be, cp1, cp2, cp3, cp4, cp5, cp6, cp7, cs1, cp9, af11, cp11, af12, cp13, af13, cp15, cs2, cp17, af21, cp19, af22, cp21, af23, cp23, cs3, cp25, af31, cp27, af32, cp29, af33, cp31, cs4, cp33, af41, cp35, af42, cp37, af43, cp39, cs5, cp41, cp42, cp43, cp44, cp45, ef, cp47, nc1, cp49, cp50, cp51, cp52, cp53, cp54, cp55, nc2, cp57, cp58, cp59, cp60, cp61, cp62, cp63

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>app-assure>group>policy>aqp>entry>match dscp)

[Tree] (config>app-assure>group>sess-fltr>entry>match dscp)

Full Context

configure application-assurance group policy app-qos-policy entry match dscp

configure application-assurance group session-filter entry match dscp

Description

This command adds a DSCP name to the match criteria used by this entry.

The no form of this command removes dscp from match criteria for this entry.

Default

no dscp

Parameters

eq

Specifies that the value configured and the value in the flow are equal.

neq

Specifies that the value configured differs from the value in the flow.

dscp-name

Specifies the DSCP name to be used in the match.

Values

be, cp1, cp2, cp3, cp4, cp5, cp6, cp7, cs1, cp9, af11, cp11, af12, cp13, af13, cp15, cs2, cp17, af21, cp19, af22, cp21, af23, cp23, cs3, cp25, af31, cp27, af32, cp29, af33, cp31, cs4, cp33, af41, cp35, af42, cp37, af43, cp39, cs5, cp41, cp42, cp43, cp44, cp45, ef, cp47, nc1, cp49, cp50, cp51, cp52, cp53, cp54, cp55, nc2, cp57, cp58, cp59, cp60, cp61, cp62, cp63

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (debug>oam>build-packet>packet>field-override>header>ipv4 dscp)

[Tree] (config>test-oam>build-packet>header>ipv4 dscp)

Full Context

debug oam build-packet packet field-override header ipv4 dscp

configure test-oam build-packet header ipv4 dscp

Description

This command defines the DSCP value to be used in the IPv4 header.

The no form of this command reverts to the default.

Default

dscp be

Parameters

dscp-name

Specifies the DSCP value to be used in the IPv4 header.

Values

be, ef, cp1, cp2, cp3, cp4, cp5, cp6, cp7, cp9, cs1, cs2, cs3, cs4, cs5, nc1, nc2, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, cp11, cp13, cp15, cp17, cp19, cp21, cp23, cp25, cp27, cp29, cp31, cp33, cp35, cp37, cp39, cp41, cp42, cp43, cp44, cp45, cp47, cp49, cp50, cp51, cp52, cp53, cp54, cp55, cp57, cp58, cp59, cp60, cp61, cp62, cp63

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (debug>oam>build-packet>packet>field-override>header>ipv6 dscp)

[Tree] (config>test-oam>build-packet>header>ipv6 dscp)

Full Context

debug oam build-packet packet field-override header ipv6 dscp

configure test-oam build-packet header ipv6 dscp

Description

This command defines the DSCP value to be used in the IPv6 header.

The no form of this command removes the DSCP name.

Parameters

dscp-name

Specifies the DSCP value to be used in the IPv6 header.

Values

be, ef, cp1, cp2, cp3, cp4, cp5, cp6, cp7, cp9, cs1, cs2, cs3, cs4, cs5, nc1, nc2, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, cp11, cp13, cp15, cp17, cp19, cp21, cp23, cp25, cp27, cp29cp31, cp33, cp35, cp37, cp39, cp41, cp42, cp43, cp44, cp45, cp47, cp49, cp50, cp51, cp52, cp53, cp54, cp55, cp57, cp58, cp59, cp60, cp61, cp62, cp63

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>oam-pm>session>ip dscp)

Full Context

configure oam-pm session ip dscp

Description

This command can be used to explicitly configure the DSCP value to the specified dscp-name, or to use the configured fc and profile values to derive the DSCP value from the egress network QoS policy 1.

Default

dscp resolve

Parameters

dscp-name

Specifies the Diffserv code point name.

Values

be, ef, cp1, cp2, cp3, cp4, cp5, cp6, cp7, cp9, cs1, cs2, cs3, cs4, cs5, nc1, nc2, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, cp11, cp13, cp15, cp17, cp19, cp21, cp23, cp25, cp27, cp29, cp31, cp33, cp35, cp37, cp39, cp41, cp42, cp43, cp44, cp45, cp47, cp49, cp50, cp51, cp52, cp53, cp54, cp55, cp57, cp58, cp59, cp60, cp61, cp62, cp63

resolve

Specifies to use the configured fc and profile values to derive the DSCP value from the egress network QoS policy 1.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>oam-pm>session>mpls dscp)

Full Context

configure oam-pm session mpls dscp

Description

This command can be used to explicitly configure the DSCP value that is carried in the DM PDU. This value is not used on the launch point or the reflector to influence the QoS behavior on the network elements. The frame itself has no IP information because it uses the General Associated Channel Header (G-Ach). The fc and profile values are used to influence QoS behavior on the launch point and the responder.

The no form of this command reverts the dscp carried in the DM PDU to default.

Default

dscp be

Parameters

dscp-name

Specifies the Diffserv code point name.

Values

be, ef, cp1, cp2, cp3, cp4, cp5, cp6, cp7, cp9, cs1, cs2, cs3, cs4, cs5,nc1, nc2, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41,af42, af43, cp11, cp13, cp15, cp17, cp19, cp21, cp23, cp25, cp27, cp29, cp31, cp33, cp35, cp37, cp39, cp41, cp42, cp43, cp44, cp45, cp47, cp49, cp50, cp51, cp52, cp53, cp54, cp55, cp57, cp58, cp59, cp60, cp61, cp62, cp63

Values

be

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>qos>sap-ingress dscp)

Full Context

configure qos sap-ingress dscp

Description

This command explicitly sets the forwarding class or subclass or enqueuing priority when a packet is marked with the DiffServ Code Point (DSCP) value contained in the dscp-name. A list of up to eight dscp-names can be entered on a single command. The lists of dscp-names within the configuration are managed by the system to ensure that each list does not exceed eight names. Entering more than eight dscp-names with the same parameters (fc, priority) will result in multiple lists being created. Conversely, multiple lists with the same parameters (fc, priority) are merged and the lists repacked to a maximum of eight per list if DSCP names are removed or the parameters changed so the multiple lists use the same parameters. Also, if a subset of a list is entered with different parameters, then a new list will be created for the subset. When the list is stored in the configuration, the DSCP names are sorted by their DSCP value in ascending numerical order; consequently, the order in the configuration may not be exactly what the user entered.

Adding a DSCP rule on the policy forces packets that match the DSCP value specified to override the forwarding class and enqueuing priority based on the parameters included in the DSCP rule. When the forwarding class is not specified in the rule, a matching packet preserves (or inherits) the existing forwarding class derived from earlier matches in the classification hierarchy. When the enqueuing priority is not specified in the rule, a matching packet preserves (or inherits) the existing enqueuing priority derived from earlier matches in the classification hierarchy.

The DSCP value (referred to here by dscp-name) is derived from the most significant six bits in the IPv4 header ToS byte field (DSCP bits) or the Traffic Class field from the IPv6 header. If the packet does not have an IP header, DSCP-based matching is not performed. The six DSCP bits define 64 DSCP values used to map packets to per-hop Quality of Service (QoS) behavior. The most significant three bits in the IP header ToS byte field are also commonly used in a more traditional manner to specify an IP precedence value, causing an overlap between the precedence space and the DSCP space. Both IP precedence and DSCP classification rules are supported.

DSCP rules have a higher match priority than IP precedence rules and where a dscp-name DSCP value overlaps an ip-prec-value, the DSCP rule takes precedence.

The no form of this command removes the specified the dscp-names from the explicit DSCP classification rule in the SAP ingress policy. As dscp-names are removed, the system repacks the lists of dscp-names with the same parameters (up to eight per list). As the no command does not have any additional parameters, it is possible to remove multiple dscp-names from multiple DSCP statements having different parameters with one command. If a dscp-name specified in a no command does not exist in any DSCP statement, then the command is aborted at that point with an error message displayed; any DSCP names in the list before the failed entry will be processed as normal but the processing will stop at the failed entry so that the remainder of the list is not processed.

Removing the dscp-name from the policy immediately removes the DSCP name on all ingress SAPs using the policy.

Parameters

dscp-name

The DSCP name is a required parameter that specifies the unique IP header ToS byte DSCP bits value that will match the DSCP rule. If the command is executed multiple times with the same dscp-name, the previous forwarding class and enqueuing priority is completely overridden by the new parameters or defined to be inherited when a forwarding class or enqueuing priority parameter is missing.

A maximum of 64 DSCP rules are allowed on a single policy and a maximum of eight dscp-names can be specified in a single statement.

The specified name must exist as a dscp-name. SR OS software provides names for the well-known code points; these can be shown using the show qos dscp-table command.

fc fc-name

The value given for fc-name must be one of the predefined forwarding classes in the system. Specifying the fc-name is optional. When a packet matches the rule, the forwarding class is only overridden when the fc fc-name parameter is defined on the rule. If the packet matches and the forwarding class is not explicitly defined in the rule, the forwarding class is inherited based on previous rule matches.

The subclass-name parameter is optional and used with the fc-name parameter to define a preexisting subclass. The fc-name and subclass-name parameters must be separated by a period (.). If subclass-name does not exist in the context of fc-name, an error will occur. If subclass-name is removed using the no fc fc-name.subclass-name force command, the default-fc command will automatically drop the subclass-name and only use fc-name (the parent forwarding class for the subclass) as the forwarding class.

Values

fc:	class[.subclass]
		class: be, l2, af, l1, h2, ef, h1, nc
		subclass: 29 characters max

Default

Inherit (when fc fc-name is not defined, the rule preserves the previous forwarding class of the packet).

priority

This parameter overrides the default enqueuing priority for all packets received on an ingress SAP using this policy that match this rule. Specifying the priority is optional. When a packet matches the rule, the enqueuing priority is only overridden when the priority parameter is defined on the rule. If the packet matches and priority is not explicitly defined in the rule, the enqueuing priority is inherited based on previous rule matches.

Default

Inherits the priority defined by the default-priority statement.

high

This parameter is used in conjunction with the priority parameter. Setting the enqueuing parameter to high for a packet increases the likelihood of enqueuing the packet when the ingress queue is congested. Ingress enqueuing priority only affects ingress SAP queuing. When the packet is placed in a buffer on the ingress queue, the significance of the enqueuing priority is lost.

low

This parameter is used in conjunction with the priority parameter. Setting the enqueuing parameter to low for a packet decreases the likelihood of enqueuing the packet when the ingress queue is congested. Ingress enqueuing priority only affects ingress SAP queuing. When the packet is placed in a buffer on the ingress queue, the significance of the enqueuing priority is lost.

Platforms

All

Context

[Tree] (config>qos>sap-ingress>ipv6-criteria>entry>match dscp)

[Tree] (config>qos>sap-ingress>ip-criteria>entry>match dscp)

[Tree] (config>qos>sap-egress>ipv6-criteria>entry>match dscp)

[Tree] (config>qos>sap-egress>ip-criteria>entry>match dscp)

Full Context

configure qos sap-ingress ipv6-criteria entry match dscp

configure qos sap-ingress ip-criteria entry match dscp

configure qos sap-egress ipv6-criteria entry match dscp

configure qos sap-egress ip-criteria entry match dscp

Description

This command configures a DSCP code point to be used as a SAP QoS policy match criterion.

The no form of this command removes the DSCP match criterion.

Default

no dscp

Parameters

dscp-name

Specifies a dscp name that has been previously mapped to a value using the dscp-name command. The DiffServ code point can only be specified by its name.

Values

be, cp1, cp2, cp3, cp4, cp5, cp6, cp7, cs1, cp9, af11, cp11, af12, cp13, af13, cp15, cs2, cp17, af21, cp19, af22, cp21, af23, cp23, cs3, cp25, af31, cp27, af32, cp29, af33, cp31, cs4, cp33, af41, c p35, af42, cp37, af43, cp39, cs5, cp41, cp42, cp43, cp44, cp45, ef, cp47, nc1, cp49, cp50, cp51, cp52, cp53, cp54, cp55, nc2, cp57, cp58, cp59, cp60, cp61, cp62, cp63

Platforms

All

Context

[Tree] (config>qos>sap-egress dscp)

Full Context

configure qos sap-egress dscp

Description

This command defines IP Differentiated Services Code Point (DSCP) names that must be matched to perform the associated reclassification actions. The specified name must exist as a DSCP name. SR OS software provides names for the well-known code points. A list of up to eight DSCP names can be entered on a single command. The lists of DSCP names within the configuration are managed by the system to ensure that each list does not exceed eight names. Entering more than eight DSCP names with the same parameters (fc and profile) results in multiple lists being created. Conversely, multiple lists with the same parameters (fc and profile) are merged and the lists repacked to a maximum of eight per list if DSCP names are removed or the parameters changed so the multiple lists use the same parameters. Also, if a subset of a list is entered with different parameters, a new list is created for the subset. When the list is stored in the configuration, the DSCP names are sorted by their DSCP value in ascending numerical order; consequently, the order in the configuration may not be exactly what the user entered.

If an egress packet on the SAP matches an IP DSCP value corresponding to a specified DSCP name, the forwarding class, profile egress queue accounting behavior may be overridden. By default, the forwarding class and profile of the packet is derived from ingress classification and profiling functions. Matching a DSCP-based reclassification rule will override all IP precedence-based reclassification rule actions.

The IP DSCP bits used to match against DSCP reclassification rules come from the Type of Service (ToS) field within the IPv4 header or the traffic class field from the IPv6 header. If the packet does not have an IP header, DSCP-based matching is not performed.

The reclassification actions from a DSCP reclassification rule may be overridden by an IP flow match event.

The fc keyword is optional. When specified, the egress classification rule will overwrite the forwarding class derived from ingress. The new forwarding class is used for egress remarking and queue mapping decisions. If an IP criteria match occurs after the DSCP match, the new forwarding class may be overridden by the higher priority match actions. If the higher priority match actions do not specify a new fc, the fc from the dscp match will be used.

The profile keyword is optional. When specified, the egress classification rule will overwrite the profile of the packet derived from ingress. The new profile value is used for egress remarking and queue congestion behavior. If an IP criteria match occurs after the DSCP match, the new profile may be overridden by the higher priority match actions. If the higher priority match actions do not specify a new profile, the profile from the DSCP match will be used.

The no form of this command removes the specified the dscp-names from the reclassification rule in the SAP egress QoS policy. As dscp-names are removed, the system repacks the lists of dscp-names with the same parameters (up to 8 per list). As the no command does not have any additional parameters, it is possible to remove multiple dscp-names from multiple DSCP statements having different parameters with one command. If a dscp-name specified in a no command does not exist in any DSCP statement, the command is aborted at that point with an error message displayed. Any dscp-names in the list before the failed entry will be processed as normal but the processing will stop at the failed entry so that the remainder of the list is not processed.

Parameters

dscp-name

The dscp-name parameter is required when defining a DSCP reclassification rule. The specified name must exist as a DSCP name. A maximum of eight DSCP names can be specified in a single statement. SR OS software provides names for the well-known code points, which can be shown using the show qos dscp-table command.

fc-name:

The fc reclassification action is optional. When specified, packets matching the IP DSCP value corresponding to a specified dscp-name will be explicitly reclassified to the forwarding class specified as fc-name regardless of the ingress classification decision. The explicit forwarding class reclassification may be overwritten by an IP criteria reclassification match. The fc name defined must be one of the eight forwarding classes supported by the system. To remove the forwarding class reclassification action for the specified DSCP value, the dscp command must be re-executed without the fc reclassification action defined.

Values

be, l1, af, l2, h1, ef, h2 or nc

counter-id

Specifies the counter ID.

profile

The profile reclassification action is optional. When specified, packets matching the IP DSCP value corresponding to a specified dscp-name will be explicitly reclassified to the specified profile regardless of the ingress profiling decision. The explicit profile reclassification may be overwritten by an IPv6 criteria or IP criteria reclassification match. To remove the profile reclassification action for the specified dscp-name, the dscp command must be re-executed without the profile reclassification action defined.

in

Specifies that any packets matching the reclassification rule will be treated as in-profile by the egress forwarding plane.

out

Specifies that any packets matching the reclassification rule will be treated as out-of-profile by the egress forwarding plane.

exceed

Specifies that when exceed is specified, any packets matching the reclassification rule will be treated as exceed-profile by the egress forwarding plane.

inplus

Specifies that any packets matching the reclassification rule will be treated as inplus-profile by the egress forwarding plane.

Platforms

All

Context

[Tree] (config>qos>sap-egress>fc dscp)

Full Context

configure qos sap-egress fc dscp

Description

This command configures a DSCP to be used for remarking packets from the specified FC. If the optional exceed-profile, in-profile, or out-profile keyword is specified, the command will remark different DSCP depending on whether the packet was classified to be exceed, in-profile, or out-of-profile ingress to the node. All inplus-profile traffic is marked with the same value as in-profile traffic.

Default

no dscp

Parameters

dscp-name

Specifies a DSCP name that has been previously mapped to a value using the dscp-name command. The DSCP can only be specified by its name.

Values

be, cp1, cp2, cp3, cp4, cp5, cp6, cp7, cs1, cp9, af11, cp11, af12, cp13, af13, cp15, cs2, cp17, af21, cp19, af22, cp21, af23, cp23, cs3, cp25, af31, cp27, af32, cp29, af33, cp31, cs4, cp33, af41, c p35, af42, cp37, af43, cp39, cs5, cp41, cp42, cp43, cp44, cp45, ef, cp47, nc1, cp49, cp50, cp51, cp52, cp53, cp54, cp55, nc2, cp57, cp58, cp59, cp60, cp61, cp62, cp63

exceed-profile dscp-name

This optional parameter specifies the DSCP name to be used to remark the traffic that is exceed-profile. If not specified, this defaults to the same value configured for out-profile parameter.

in-profile dscp-name

Specifies the DSCP name to be used to remark the traffic that is in-profile.

out-profile dscp-name

Specifies the DSCP name to be used to remark the traffic that is out-of-profile.

Platforms

All

Context

[Tree] (config>qos>network>ingress dscp)

Full Context

configure qos network ingress dscp

Description

This command creates a mapping between the DiffServ Code Point (DSCP) of the network ingress traffic and the forwarding class.

Ingress traffic that matches the specified DSCP will be assigned to the corresponding forwarding class. Multiple commands can be entered to define the association of some or all 64 DiffServ code points to the forwarding class. For undefined code points, packets are assigned to the forwarding class specified under the default-action command.

The no form of this command removes the DiffServ code point-to-forwarding class association. The default-action then applies to that code point value.

Parameters

dscp-name

The name of the DiffServ code point to be associated with the forwarding class. DiffServ code point can only be specified by its name and only an existing DiffServ code point can be specified. The software provides names for the well-known code points.

The system-defined names available are as follows. The system-defined names must be referenced as all lowercase, exactly as shown in the first column in Default DSCP Names to DSCP Value Mapping and Default Class Selector Code Points to DSCP Value Mapping.

Additional names-to-code point value associations can be added using the 'dscp-name dscp-name dscp-value’ command.

The actual mapping is being done on the dscp-value, not the dscp-name that references the dscp-value. If a second dscp-name that references the same dscp-value is mapped within the policy, an error will occur. The second name will not be accepted until the first name is removed.

Table 4. Default DSCP Names to DSCP Value Mapping

DSCP Name	DSCP Value Decimal	DSCP Value Hexadecimal	DSCP Value Binary
nc1	48	0x30	0b110000
nc2	56	0x38	0b111000
ef	46	0x2e	0b101110
af41	34	0x22	0b100010
af42	36	0x24	0b100100
af43	38	0x26	0b100110
af31	26	0x1a	0b011010
af32	28	0x1c	0b011100
af33	30	0x1d	0b011110
af21	18	0x12	0b010010
af22	20	0x14	0b010100
af23	22	0x16	0b010110
af11	10	0x0a	0b001010
af12	12	0x0c	0b001100
af13	14	0x0e	0b001110
default	0	0x00	0b000000

Table 5. Default Class Selector Code Points to DSCP Value Mapping

DSCP Name	DSCP Value Decimal	DSCP Value Hexadecimal	DSCP Value Binary
cs7	56	0x38	0b111000
cs6	48	0X30	0b110000
cs5	40	0x28	0b101000
cs4	32	0x20	0b100000
cs3	24	0x18	0b011000
cs2	16	0x10	0b010000
cs1	08	0x8	0b001000

fc-name

Enter this required parameter to specify the fc-name with which the code point will be associated.

Values

be, l2, af, l1, h2, ef, h1, nc

profile {in | out}

Enter this required parameter to indicate whether the DiffServ code point value is the in-profile or out-of-profile value. For every DSCP value defined, the profile must be indicated. If a DSCP value is not mapped, the default-action forwarding class and profile state will be used for that value.

DSCP values mapping to forwarding classes Expedited (ef), High-1 (h1) and Network-Control (nc) can only be set to in-profile.

DSCP values mapping to forwarding class "be” can only be set to out-of-profile.

Values

in, out

Platforms

All

Context

[Tree] (config>qos>network>egress dscp)

Full Context

configure qos network egress dscp

Description

This command configures an IP Differentiated Services Code Point (DSCP) value that must be matched to perform the associated reclassification actions. If an egress packet on an IES/VPRN interface spoke SDP, on a CSC network interface in a VPRN, or on a network interface that the network QoS policy is applied to, matches the specified IP DSCP value, the forwarding class and profile may be overridden.

By default, the forwarding class and profile of the packet are derived from ingress classification and profiling functions. Matching a DHCP-based reclassification rule will override all IP precedence-based reclassification rule actions.

The IP DSCP bits used to match against DSCP reclassification rules come from the Type of Service (ToS) field within the IPv4 header or the Traffic Class field from the IPv6 header. If the packet does not have an IP header, DSCP-based matching is not performed.

The configuration of egress DSCP classification and the configuration of an egress IP criteria or IPv6 criteria entry statement within a network QoS policy are mutually exclusive.

The IP precedence- and DSCP-based reclassification are supported on a network interface, on a CSC network interface in a VPRN, and on a PW used in an IES or VPRN spoke interface. The CLI will block the application of a network QoS policy with the egress reclassification commands to the spoke SDP part of a Layer 2 service.

Conversely, the CLI will not allow the user to add the egress reclassification commands to a network QoS policy if the policy is being used by a Layer 2 spoke SDP.

The egress reclassification commands will only take effect if the redirection of the spoke SDP or CSC interface to use an egress port queue group succeeds. For example, the following CLI command would be successful:

config>service>vprn>if>spoke-sdp>egress> qos network-policy-id port-redirect-group queue-group-name instance instance-id

config>service>ies>if>spoke-sdp>egress> qos network-policy-id port-redirect-group queue-group-name instance instance-id

config>service>vprn>nw-if>qos network-policy-id port-redirect-group queue-group-name instance instance-id

If the redirection command fails, the PW will use the network QoS policy assigned to the network IP interface, however any reclassification in the network QoS policy applied to the network interface will be ignored.

The no form of this command removes the egress reclassification rule.

Parameters

dscp-name

be, ef, cp1, cp2, cp3, cp4, cp5, cp6, cp7, cp9, cs1, cs2, cs3, cs4, cs5, nc1, nc2, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, cp11, cp13, cp15, cp17, cp19, cp21, cp23, cp25, cp27, cp29, cp31, cp33, cp35, cp37, cp39, cp41, cp42, cp43, cp44, cp45, cp47, cp49, cp50, cp51, cp52, cp53, cp54, cp55, cp57, cp58, cp59, cp60, cp61, cp62, cp63

fc fc-name

be, l2, af, l1, h2, ef, h1, nc

profile {in | out | exceed | inplus}

The profile reclassification action is mandatory. When specified, packets matching the DSCP value will be explicitly reclassified to the profile specified regardless of the ingress profiling decision. To remove the profile reclassification action for the specified DSCP value, the no dscp command must be executed.

in - Specifies that any packets matching the reclassification rule will be treated as in-profile by the egress forwarding plane.

out - Specifies that any packets matching the reclassification rule will be treated as out-of-profile by the egress forwarding plane.

exceed - Specifies that any packets matching the reclassification rule will be treated as exceed-profile by the egress forwarding plane.

inplus - Specifies that any packets matching the reclassification rule will be treated as inplus-profile by the egress forwarding plane.

Platforms

All

Context

[Tree] (config>qos>network>egress>ipv6-criteria>entry>match dscp)

[Tree] (config>qos>network>egress>ip-criteria>entry>match dscp)

[Tree] (config>qos>network>ingress>ip-criteria>entry>match dscp)

[Tree] (config>qos>network>ingress>ipv6-criteria>entry>match dscp)

Full Context

configure qos network egress ipv6-criteria entry match dscp

configure qos network egress ip-criteria entry match dscp

configure qos network ingress ip-criteria entry match dscp

configure qos network ingress ipv6-criteria entry match dscp

Description

This command configures a DSCP to be used as a network QoS policy match criterion.

The no form of this command removes the DSCP match criterion.

Parameters

dscp-name

Specifies a DSCP name that has been previously mapped to a value using the dscp-name command. The DSCP can only be specified by its name.

Values

be, cp1, cp2, cp3, cp4, cp5, cp6, cp7, cs1, cp9, af11, cp11, af12, cp13, af13, cp15, cs2, cp17, af21, cp19, af22, cp21, af23, cp23, cs3, cp25, af31, cp27, af32, cp29, af33, cp31, cs4, cp33, af41, c p35, af42, cp37, af43, cp39, cs5, cp41, cp42, cp43, cp44, cp45, ef, cp47, nc1, cp49, cp50, cp51, cp52, cp53, cp54, cp55, nc2, cp57, cp58, cp59, cp60, cp61, cp62, cp63

Platforms

All

Context

[Tree] (config>filter>ipv6-filter>entry>match dscp)

[Tree] (config>filter>ip-filter>entry>match dscp)

Full Context

configure filter ipv6-filter entry match dscp

configure filter ip-filter entry match dscp

Description

This command configures a DiffServ Code Point (DSCP) name to be used as an IP filter match criterion.

The no form of the command removes the DSCP match criterion.

Default

no dscp

Parameters

dscp-name

Configures a DSCP name. The DiffServ code point may only be specified by its name.

Values

be, ef, cp1, cp2, cp3, cp4, cp5, cp6, cp7, cp9, cs1, cs2, cs3, cs4, cs5, nc1, nc2, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, cp11, cp13, cp15, cp17, cp19, cp21, cp23, cp25, cp27, cp29, cp31, cp33, cp35, cp37, cp39, cp41, cp42, cp43, cp44, cp45, cp47, cp49, cp50, cp51, cp52, cp53, cp54, cp55, cp57, cp58, cp59, cp60, cp61, cp62, cp63

Platforms

All

Context

[Tree] (cfg>sys>sec>cpm>ip-filter>entry>match dscp)

[Tree] (cfg>sys>sec>cpm>ipv6-filter>entry>match dscp)

Full Context

configure system security cpm-filter ip-filter entry match dscp

configure system security cpm-filter ipv6-filter entry match dscp

Description

This command configures a DiffServ Code Point (DSCP) name to be used as an IP filter match criterion.

The no form of this command removes the DSCP match criterion.

Default

no dscp

Parameters

dscp-name

Configures a dscp name that has been previously mapped to a value using the dscp-name command. The DiffServ code point may only be specified by its name.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>test-oam>icmp>ping-template dscp)

Full Context

configure test-oam icmp ping-template dscp

Description

This command specifies the DSCP to be carried in the IP header. This value is not exposed to egress QoS policies. This command uses well-known DSCP names.

The no form of this command reverts to the default value.

Default

dscp nc1

Parameters

dscp-name

Specifies the DSCP name, up to 32 characters.

Values

be, cp1, cp2, cp3, cp4, cp5, cp6, cp7, cs1, cp9, af11, cp11, af12, cp13, af13, cp15, cs2, cp17, af21, cp19, af22, cp21, af23, cp23, cs3, cp25, af31, cp27, af32, cp29, af33, cp31, cs4, cp33, af41, cp35, af42, cp37, af43, cp39, cs5, cp41, cp42, cp43, cp44, cp45, ef, cp47, nc1, cp49, cp50, cp51, cp52, cp53, cp54, cp55, nc2, cp57, cp58, cp59, cp60, cp61, cp62, cp63

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>test-oam>link-meas>template>twl dscp)

Full Context

configure test-oam link-measurement measurement-template twamp-light dscp

Description

This command configures the DSCP to be copied into the IP header of each TWAMP Light echo request packet launched for the test.

Default

dscp nc1

Parameters

dscp-name

Specifies the DSCP code point to be used.

Values

be, ef, cp1, cp2, cp3, cp4, cp5, cp6, cp7, cp9, cs1, cs2, cs3, cs4, cs5, nc1, nc2, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, cp11, cp13, cp15, cp17, cp19, cp21, cp23, cp25, cp27, cp29, cp31, cp33, cp35, cp37, cp39, cp41, cp42, cp43, cp44, cp45, cp47, cp49, cp50, cp51, cp52, cp53, cp54, cp55, cp57, cp58, cp59, cp60, cp61, cp62, cp63

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>test-oam>lag-meas>template>twl dscp)

Full Context

configure test-oam lag-ip-measurement lag-ip-measurement-template twamp-light dscp

Description

This command configures the DSCP in the IP header of the launched TWAMP Light packet.

Default

dscp nc1

Parameters

dscp-name

Specifies the DSCP code-point name.

Values

be, cp1, cp2, cp3, cp4, cp5, cp6, cp7, cs1, cp9, af11, cp11, af12, cp13, af13, cp15, cs2, cp17, af21, cp19, af22, cp21, af23, cp23, cs3, cp25, af31, cp27, af32, cp29, af33, cp31, cs4, cp33, af41, cp35, af42, cp37, af43, cp39, cs5, cp41, cp42, cp43, cp44, cp45, ef, cp47, nc1, cp49, cp50, cp51, cp52, cp53, cp54, cp55, nc2, cp57, cp58, cp59, cp60, cp61, cp62, cp63

Default

nc1

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>qos>network>egress>fc dscp-in-profile)

Full Context

configure qos network egress fc dscp-in-profile

Description

This command specifies the in-profile DSCP name for the forwarding class. The corresponding DSCP value will be used for all IP packets that require marking at egress on this forwarding class queue, and that are in-profile. The inplus-profile traffic is marked with the same value as in-profile traffic.

When multiple DSCP names are associated with the forwarding class at network egress, the last name entered will overwrite the previous value.

The no form of this command resets the configuration to the factory default in-profile DSCP name setting for policy-id 1.

Parameters

dscp-name

Specifies the system- or user-defined, case-sensitive dscp-name.

Values

Any defined system- or user-defined dscp-name

Platforms

All

Context

[Tree] (config>qos>network>egress>fc dscp-out-profile)

Full Context

configure qos network egress fc dscp-out-profile

Description

This command specifies the out-of-profile DSCP name for the forwarding class. The corresponding DSCP value will be used for all IP packets requiring marking the egress on this forwarding class queue that are out-of-profile. The exceed-profile traffic is marked with the same value as out-of-profile traffic.

When multiple DSCP names are associated with the forwarding class at network egress, the last name entered will overwrite the previous value.

The no form of this command resets the configuration to the factory default out-of-profile DSCP name setting for policy-id 1.

Default

Parameters

dscp-name

Specifies the system- or user-defined, case-sensitive dscp-name.

Values

Any defined system- or user-defined dscp-name

Platforms

All

Context

[Tree] (config>li>li-source>nat dslite-lsn-sub)

Full Context

configure li li-source nat dslite-lsn-sub

Description

This command configures the Dual-Stack Lite LSN subscriber source.

The no form of this command removes the value from the configuration.

Parameters

router-instance

Specifies the router instance the pool belongs to, either by router name or service ID.

Values

router-name: "Base” or "management”

Default

Base

ipv6-prefix

Specifies the IPv6 address.

Values

ipv6-prefix:	<prefix>/<length>
prefix	x:x:x:x:x:x:x:x (eight 16-bit pieces)
	x:x:x:x:x:x:d.d.d.d
	x to [0 to FFFF]H
	d to [0 to 255]D
<length>	[0 to 128]

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>router>nat>inside>dslite dslite-max-subscriber-limit)

[Tree] (config>service>vprn>nat>inside dslite-max-subscriber-limit)

Full Context

configure router nat inside dslite dslite-max-subscriber-limit

configure service vprn nat inside dslite-max-subscriber-limit

Description

This command sets the value for the number of high order bits of the source IPv6 address that will be considered as DS-Lite subscriber. The remaining bits of the source IPv6 address will be masked off, effectively aggregation all IPv6 source addresses under the configured prefix length into a single DS-Lite subscriber. Source IPv4 addresses/ports of the traffic carried within the DS-Lite subscriber will be translated into a single outside IPv4 address and the corresponding deterministic port-block (port-blocks can be extended).

The range of values for subscriber-prefix-length in non-deterministic DS-Lite is limited from 32 to 64 (a prefix will be considered as a DS-Lite subscriber) or it can be set to a value of 128 (the source IPv6 address is considered as a DS-Lite subscriber).

In cases where deterministic DS-Lite is enabled in a giver inside routing context, the range of values of the subscriber-prefix-length depends on the value of dslite-max-subscriber-limit parameter as follows:

subscriber-prefix-length – n = [32..64,128]

where n = log2(dslite-max-subscriber-limit)

[or in an alternate form: dslite-max-subscriber-limit = 2^n.]

In other words the largest prefix length for the deterministic DS-Lite subscriber will be 32+n, where n = log2(dslite-max-subscriber-limit). The subscriber prefix length can extend up to 64 bits. Beyond 64 bits for the subscriber prefix length, there only one value is allowed: 128. In the case n must be 0, which means that the mapping between B4 elements (or IPv6 address) and the IPv4 outside addresses is in 1:1 ratio (no sharing of outside IPv4 addresses).

This parameter can be changed only when there are no deterministic prefixes configured in the same routing context.

Default

128

Parameters

max

In non-deterministic DS-Lite this value can be 32 to 64,128, assuming that the deterministic DS-Lite is not concurrently enabled in the same inside routing context.

In case that deterministic DS-Lite is enabled, this value can be within the range [(32+n)..64,128] where n = log2(dslite-max-subscriber-limit). The value of 128 is allowed only when n=0 (each subscriber is mapped to a single outside IPv4 IP address).

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>wlan-gw>tunnel-query>ue-state dsm)

Full Context

configure subscriber-mgmt wlan-gw tunnel-query ue-state dsm

Description

This command enables matching on DSM UEs.

The no form of this command disables matching on DSM UEs, unless UE state matching is disabled altogether.

Default

no dsm

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>wlan-gw>ue-query>state dsm)

Full Context

configure subscriber-mgmt wlan-gw ue-query state dsm

Description

This command enables matching on UEs in a DSM state.

The no form of this command disables matching on UEs in a DSM state, unless all state matching is disabled.

Default

no dsm

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>dsm dsm-ip-filter)

[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>dsm dsm-ip-filter)

Full Context

configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range distributed-sub-mgmt dsm-ip-filter

configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range distributed-sub-mgmt dsm-ip-filter

Description

This command configures an IP filter that is distributed on ISA cards.

This command specifies the IP filter applied to all UEs corresponding to default vlan-range (such as a group-interface) or the specified vlan-range. The IP filter can be created in the config>subscr-mgmt>isa-filter context, and can contain up to 1024 match entries. The IP filter can be overridden per UE from RADIUS via access-accept or COA.

The no form of this command reverts to the default.

Parameters

dsm-ip-filter-name

Specifies the identifier of the distributed-sub-mgmt IP filter.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>li>li-source>wlan-gw dsm-subscriber)

Full Context

configure li li-source wlan-gw dsm-subscriber

Description

This command configures the DSM UE source.

Parameters

mac-address

Specifies the MAC address.

Values

mac-addr: xx:xx:xx:xx:xx:xx example: 00:0c:f1:99:85:b8

or XX:XX:XX:XX:XX:XX example: 00-0C-F1-99-85-B8

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>router>mpls>lsp>transit-path>forward-path>mip dsmap)

[Tree] (config>router>mpls>lsp>transit-path>reverse-path>mip dsmap)

[Tree] (config>router>mpls>lsp>working-tp-path>mep dsmap)

[Tree] (config>router>mpls>lsp>protect-tp-path>mep dsmap)

Full Context

configure router mpls lsp transit-path forward-path mip dsmap

configure router mpls lsp transit-path reverse-path mip dsmap

configure router mpls lsp working-tp-path mep dsmap

configure router mpls lsp protect-tp-path mep dsmap

Description

This command is used to configure the values to use in the DSMAP TLV sent by a node in an LSP Trace echo request for a static MPLS-TP LSP. A node sending a DSMAP TLV will include the in-if-num and out-if-num values. Additionally, it will include the out-label for the LSP in the Label TLV for the DSMAP in the echo request message.

The no form of this command equals to a value 0 (this means no interface validation will be performed).

Default

no dsmap

Parameters

if-num

This is a 32-bit value corresponding to the expected ingress interface if-num used by an MPLS-TP LSP for the next hop downstream.

Values

0 to 4294967295

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>subscr-mgmt>cat-map>category>exh-lvl>ingr-ip>entry>match dst-ip)

[Tree] (config>subscr-mgmt>cat-map>category>exh-lvl>ingr-ipv6>entry>match dst-ip)

Full Context

configure subscriber-mgmt category-map category exhausted-credit-service-level ingress-ip-filter-entries entry match dst-ip

configure subscriber-mgmt category-map category exhausted-credit-service-level ingress-ipv6-filter-entries entry match dst-ip

Description

This command configures the destination IP match condition.

The no form of this command reverts to the default.

Parameters

ip-address/mask

Specifies the IPv4 address and mask.

Values

ip-address	a.b.c.d
mask	0 to 32

netmask

Specifies the mask, expressed as a dotted quad.

Values

a.b.c.d

ipv6-address

Specifies the IPv6 address (applies only to the 7750 SR).

Values

ipv6-address	x:x:x:x:x:x:x:x (where x is [0 to FFFF]H)
	:x:x:x:x:x:d.d.d.d (where d is [0 to 255]D)

prefix-length

Specifies the prefix length (applies only to the 7750 SR).

Values

1 to 128

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>redundancy>mc>peer>mcr>ring>in-band-control-path dst-ip)

[Tree] (config>redundancy>mc>peer>mc>l3-ring>in-band-control-path dst-ip)

[Tree] (config>redundancy>mc>peer>mcr>node>cv dst-ip)

Full Context

configure redundancy multi-chassis peer mc-ring ring in-band-control-path dst-ip

configure redundancy multi-chassis peer multi-chassis l3-ring in-band-control-path dst-ip

configure redundancy multi-chassis peer mc-ring ring ring-node connectivity-verify dst-ip

Description

This command specifies the destination IP address used in the inband control connection. If the address is not configured, the ring cannot become operational.

Default

no dst-ip

Parameters

ip-address

Specifies the destination IP address.

Values

a.b.c.d (no multicast address)

Platforms

All

Context

[Tree] (config>subscr-mgmt>isa-filter>ipv6>entry>match dst-ip)

[Tree] (config>subscr-mgmt>isa-filter>entry>match dst-ip)

Full Context

configure subscriber-mgmt isa-filter ipv6 entry match dst-ip

configure subscriber-mgmt isa-filter entry match dst-ip

Description

This command specifies that the packet’s destination IP address must match the specified IP prefix and mask.

The no form of this command disables the match on the destination IP.

Parameters

ip-prefix/length

Specifies the IP prefix to match.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>http-rdr-plcy>fwd-entries dst-ip)

Full Context

configure subscriber-mgmt http-redirect-policy forward-entries dst-ip

Description

This command configures traffic flow to be forwarded via match in the redirect policy.

Parameters

ip-address

Specifies the IPv4 or IPv6 address to match the destination address in the IP header of the traffic received from the subscriber.

prefix-length

Specifies the length of the prefix specified by the ip-address.

Values

1 to 128 for IPv6

1 to 32 for IPv4

ip-protocol

Specifies the protocol to match the IP protocol in the IP header of the traffic received from the subscriber.

Values

tcp, udp

port-number

Specifies the port to match the destination port in the HTTP request.

Values

1 to 65535

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>app-assure>group>policy>aqp>entry>match dst-ip)

Full Context

configure application-assurance group policy app-qos-policy entry match dst-ip

Description

This command specifies a destination IP address to use as match criteria.

Default

no dst-ip

Parameters

eq

Specifies that a successful match occurs when the flow matches the specified address or prefix.

neq

Specifies that a successful match occurs when the flow does not match the specified address or prefix.

ip-address

Specifies a valid unicast address.

Values

ipv4-address	a.b.c.d[/mask]
	mask - [1..32]
ipv6-address	x:x:x:x:x:x:x:x/prefix-length
	x:x:x:x:x:x:d.d.d.d
	x - [0..FFFF]H
	d - [0..255]D
	prefix-length [1..128]

ip-prefix-list-name

Specifies the name of an IP prefix list, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>app-assure>group>sess-fltr>entry>match dst-ip)

Full Context

configure application-assurance group session-filter entry match dst-ip

Description

This command configures the destination IP address to match.

Default

no dst-ip

Parameters

ip-address

Specifies a valid unicast address.

Values

ipv4-address	a.b.c.d[/mask]
	mask - [1..32]
ipv6-address	x:x:x:x:x:x:x:x/prefix-length
	x:x:x:x:x:x:d.d.d.d
	x - [0..FFFF]H
	d - [0..255]D
	prefix-length [1..128]

dns-ip-cache-name

Specifies the name of the dns-ip-cache policy.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (debug>app-assure>group>traffic-capture>match dst-ip)

Full Context

debug application-assurance group traffic-capture match dst-ip

Description

This command configures debugging on a destination IP address.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>li>li-filter>li-ip-filter>entry>match dst-ip)

Full Context

configure li li-filter li-ip-filter entry match dst-ip

Description

This command configures destination IP address LI filter match criterion.

The no form of this command removes any configured destination IP address. The match criterion is ignored.

Parameters

ip-address

Specifies any address specified as dotted quad.

Values

a.b.c.d

mask

Specifies eight 16-bit hexadecimal pieces representing bit match criteria.

Values

1 to 32

ipv4-address-mask

Specifies a mask expressed in dotted quad notation.

Values

0.0.0.0 to 255.255.255.255

Platforms

All

Context

[Tree] (config>li>li-filter>li-ipv6-filter>entry>match dst-ip)

Full Context

configure li li-filter li-ipv6-filter entry match dst-ip

Description

This command configures destination IPv6 address LI filter match criterion.

The no form of this command removes any configured destination IPv6 address. The match criterion is ignored.

Parameters

ipv6-address

Specifies any IPv6 address entered as:.

Values

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x - [0 to FFFF]H

d - [0 to 255]D

prefix-length

Specifies the prefix length.

Values

1 to 128

ipv6-address-mask

Specifies any IPv6 address mask expressed as:

Values

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x - [0 to FFFF]H

d - [0 to 255]D

Platforms

All

Context

[Tree] (config>qos>sap-egress>ip-criteria>entry>match dst-ip)

[Tree] (config>qos>sap-ingress>ip-criteria>entry>match dst-ip)

Full Context

configure qos sap-egress ip-criteria entry match dst-ip

configure qos sap-ingress ip-criteria entry match dst-ip

Description

This command configures a destination address range to be used as a SAP QoS policy match criterion.

To match on the IPv4 destination address, specify the address and its associated mask, e.g., 10.1.0.0/16. The conventional notation of 10.1.0.0 255.255.0.0 can also be used for IPv4.

The no form of this command removes the destination IPv4 address match criterion.

Default

no dst-ip

Parameters

ip-address

Specifies the destination IPv4 address specified in dotted decimal notation.

Values

ip-address: a.b.c.d

mask

Specifies the length in bits of the subnet mask.

Values

1 to 32

ipv4-address-mask

Specifies the subnet mask in dotted decimal notation.

Values

a.b.c.d (dotted quad equivalent of mask length)

prefix-list-name

Specifies the IPv4 prefix list name, a string of up to 32 printable ASCII characters. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes.

Platforms

All

Context

[Tree] (config>qos>sap-egress>ipv6-criteria>entry>match dst-ip)

[Tree] (config>qos>sap-ingress>ipv6-criteria>entry>match dst-ip)

Full Context

configure qos sap-egress ipv6-criteria entry match dst-ip

configure qos sap-ingress ipv6-criteria entry match dst-ip

Description

This command configures a destination address range to be used as a SAP QoS policy match criterion.

To match on the IPv6 destination address, specify the address and its associated mask, for example, 2001:db8:1000::/64.

The no form of this command removes the destination IPv6 address match criterion.

Default

no dst-ip

Parameters

ipv6-address

Specifies the IPv6 address for the IP match criterion in hexadecimal digits (applies to the 7750 SR and 7950 XRS).

Values

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0 to FFFF]H

d: [0 to 255]D

prefix-length

Specifies the IPv6 prefix length for the IPv6 address expressed as a decimal integer (applies to the 7750 SR and 7950 XRS).

Values

1 to 128

ipv6-address-mask

Specifies the IPv6 address mask.

Values

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0 to FFFF]H

d: [0 to 255]D

ipv6-prefix-list-name

Specifies the IPv6 prefix list name, a string of up to 32 printable ASCII characters. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes.

Platforms

All

Context

[Tree] (config>qos>network>ingress>ip-criteria>entry>match dst-ip)

[Tree] (config>qos>network>egress>ip-criteria>entry>match dst-ip)

[Tree] (config>qos>network>ingress>ipv6-criteria>entry>match dst-ip)

[Tree] (config>qos>network>egress>ipv6-criteria>entry>match dst-ip)

Full Context

configure qos network ingress ip-criteria entry match dst-ip

configure qos network egress ip-criteria entry match dst-ip

configure qos network ingress ipv6-criteria entry match dst-ip

configure qos network egress ipv6-criteria entry match dst-ip

Description

This command configures a destination address range to be used as a network QoS policy match criterion.

To match on the destination address, specify the address and its associated mask, for example, when specifying an IPv4 address, 10.1.0.0/16 or 10.1.0.0 255.255.0.0 can be used.

The no form of this command removes the destination IP address match criterion.

Parameters

ip-address

Specifies the source IPv4 address specified in dotted decimal notation.

Values

ip-address: a.b.c.d

mask

Specifies the length in bits of the subnet mask.

Values

1 to 32

ipv4-address-mask

Specifies the subnet mask in dotted decimal notation.

Values

a.b.c.d (dotted quad equivalent of mask length)

ip-prefix-list-name

Specifies an IPv4 prefix list which contains IPv4 address prefixes to be matched.

Values

A string of up to 32 characters of printable ASCII characters. If special characters are used, the string must be enclosed within double quotes.

ipv6-address

Specifies the IPv6 prefix for the IP match criterion in hex digits.

Values

ipv6-address:	x:x:x:x:x:x:x:x (eight 16-bit pieces)
	x:x:x:x:x:x:d.d.d.d
	x: [0 to FFFF]H
	d: [0 to 255]D

mask

Specifies the length of the IPv6 address expressed as a decimal integer.

Values

1 to 128

ipv6-address-mask

Specifies the eight 16-bit hexadecimal pieces representing bit match criteria.

Values

x:x:x:x:x:x:x (eight 16-bit pieces)

ipv6-prefix-list-name

Specifies an IPv6 prefix list which contains IPv6 address prefixes to be matched.

Values

A string of up to 32 characters of printable ASCII characters. If special characters are used, the string must be enclosed within double quotes.

Platforms

All

Context

[Tree] (config>filter>ip-filter>entry>match dst-ip)

[Tree] (config>filter>ip-exception>entry>match dst-ip)

[Tree] (config>filter>ipv6-exception>entry>match dst-ip)

[Tree] (config>filter>ipv6-filter>entry>match dst-ip)

Full Context

configure filter ip-filter entry match dst-ip

configure filter ip-exception entry match dst-ip

configure filter ipv6-exception entry match dst-ip

configure filter ipv6-filter entry match dst-ip

Description

This command configures a destination address range to be used as a filter policy match criterion.

To match on the destination address, specify the address and its associated mask, e.g., 10.1.0.0/16. The conventional notation of 10.1.0.0 255.255.0.0 can also be used for IPv4.

The no form of this command removes the destination IPv4 or IPv6 address match criterion.

Default

no dst-ip

Parameters

ip-address

Specifies the destination IPv4 address in dotted decimal notation.

Values

a.b.c.d

mask

Specifies the length in bits of the subnet mask.

Values

1 to 32

ipv4-address-mask

Specifies the subnet mask in dotted decimal notation.

Values

a.b.c.d (dotted quad equivalent of mask length)

ip-prefix-listor ipv6-prefix-list prefix-list-name

Specifies to use a list of IP prefixes, which is a string of up to 32 characters of printable ASCII characters. If special characters are used, the string must be enclosed within double quotes.

ipv6-address

Specifies the IPv6 prefix for the IP match criterion in hex digits.

Values

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0..FFFF]H

d: [0..255]D

prefix-length

Specifies the IPv6 prefix length for the ipv6-address as a decimal integer.

Values

1 to 128

ipv6-address-mask

Specifies the eight 16-bit hexadecimal pieces representing bit match criteria.

Values

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0..FFFF]H

d: [0..255]D

Platforms

All

• configure filter ip-filter entry match dst-ip
• configure filter ipv6-filter entry match dst-ip

VSR

• configure filter ipv6-exception entry match dst-ip
• configure filter ip-exception entry match dst-ip

Context

[Tree] (cfg>sys>sec>cpm>ip-filter>entry>match dst-ip)

Full Context

configure system security cpm-filter ip-filter entry match dst-ip

Description

This command configures a destination IP address range to be used as an IP filter match criterion.

To match on the destination IP address, specify the address and its associated mask, for example, 10.1.0.0/16. The conventional notation of 10.1.0.0 255.255.0.0 may also be used.

The no form of this command removes the destination IP address match criterion.

Default

no dst-ip

Parameters

ip-address

Specifies the IP address for the IP match criterion in dotted decimal notation.

Values

0.0.0.0 to 255.255.255.255

ip-prefix-list

Creates a list of IPv4 prefixes for match criteria in IPv4 ACL and CPM filter policies.

ip-prefix-list-name

A string of up to 32 characters of printable ASCII characters. If special characters are used, the string must be enclosed within double quotes.

mask

Specifies the subnet mask length expressed as a decimal integer.

Values

1 to 32

netmask

Specifies the dotted quad equivalent of the mask length.

Values

0.0.0.0 to 255.255.255.255

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (cfg>sys>sec>cpm>ipv6-filter>entry>match dst-ip)

Full Context

configure system security cpm-filter ipv6-filter entry match dst-ip

Description

This command configures a destination IPv6 address range to be used as an IPv6 filter match criterion.

To match on the destination IPv6 address, specify the address.

The no form of this command removes the destination IP address match criterion.

This command only applies to the 7750 SR and 7950 XRS.

Default

no dst-ip

Parameters

ipv6-address/prefix-length

Specifies the IPv6 address for the IPv6 match criterion in dotted decimal notation. An IPv6 IP address is written as eight 4-digit (16-bit) hexadecimal numbers separated by colons. One string of zeros per address can be left out, so that 2001:db8::0:217A is the same as 2001:db8:0:0:0:0:0:217A.

Values

x:x:x:x:x:x:x:x (eight 16-bit pieces)
x:x:x:x:x:x:d.d.d.d
	x:	[0 to .FFFF]H
	d:	[0 to 255]D
prefix-length:	1 to 128

ipv6-prefix-list

Creates a list of IPv4 prefixes for match criteria in IPv4 ACL and CPM filter policies.

ipv6-prefix-list-name

Specifies a string of up to 32 characters of printable ASCII characters. If special characters are used, the string must be enclosed within double quotes.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (debug>oam>build-packet>packet>field-override>header>ipv4 dst-ipv4-address)

[Tree] (config>test-oam>build-packet>header>ipv4 dst-ipv4-address)

Full Context

debug oam build-packet packet field-override header ipv4 dst-ipv4-address

configure test-oam build-packet header ipv4 dst-ipv4-address

Description

This command defines the destination IPv4 address to be used in the IPv4 header.

The no form of this command removes the destination IPv4 address value.

Default

dst-ipv4-address 0.0.0.0

Parameters

a.b.c.d

Specifies the IPv4 destination address to be used in the IPv4 header.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>test-oam>build-packet>header>ipv6 dst-ipv6-address)

[Tree] (debug>oam>build-packet>packet>field-override>header>ipv6 dst-ipv6-address)

Full Context

configure test-oam build-packet header ipv6 dst-ipv6-address

debug oam build-packet packet field-override header ipv6 dst-ipv6-address

Description

This command defines the destination IPv6 address to be used in the IPv6 header.

The no form of this command removes the IPv6 address.

Parameters

ipv6-address

Specifies the IPv6 destination address to be used in the IPv6 header.

Values

ipv6-address:	x:x:x:x:x:x:x:x (eight 16-bit pieces)
	x:x:x:x:x:x:d.d.d.d
	x:	0 to FFFF]H
	d:	[0 to 255]D

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>li>li-filter>li-mac-filter>entry>match dst-mac)

Full Context

configure li li-filter li-mac-filter entry match dst-mac

Description

This command configures a destination MAC address or range to be used as a MAC filter match criterion.

The no form of this command removes the destination mac address as the match criterion.

Parameters

ieee-address

Specifies the 48-bit IEEE mac address to be used as a match criterion.

Values

HH:HH:HH:HH:HH:HH or HH-HH-HH-HH-HH-HH where H is a hexadecimal digit

ieee-address-mask

Specifies a 48-bit mask. The following table describes the format styles to configure the 48-bit mask.

Table 6. Format Styles to Configure Mask

Format Style	Format Syntax	Example
Decimal	DDDDDDDDDDDDDD	281474959933440
Hexadecimal	0xHHHHHHHHHHHH	0x0FFFFF000000
Binary	0bBBBBBBB...B	0b11110000...B

To configure so that all packets with a destination MAC OUI value of 00-03-FA are subject to a match condition then the entry should be specified as: 003FA000000 0xFFFFFF000000

Default

0xFFFFFFFFFFFF (exact match)

Values

0x00000000000000 — 0xFFFFFFFFFFFF

Platforms

All

Context

[Tree] (config>qos>sap-ingress>mac-criteria>entry>match dst-mac)

Full Context

configure qos sap-ingress mac-criteria entry match dst-mac

Description

Configures a destination MAC address or range to be used as a Service Ingress QoS policy match criterion.

The no form of this command removes the destination MAC address as the match criterion.

Default

no dst-mac

Parameters

ieee-address

The MAC address to be used as a match criterion.

Values

HH:HH:HH:HH:HH:HH or HH-HH-HH-HH-HH-HH where H is a hexadecimal digit

ieee-address-mask

A 48-bit mask to match a range of MAC address values.

This 48-bit mask can be configured using the following formats.

Table 7. Format Styles to Configure Mask

Format Style	Format Syntax	Example
Decimal	DDDDDDDDDDDDDD	281474959933440
Hexadecimal	0xHHHHHHHHHHHH	0xFFFFFF000000
Binary	0bBBBBBBB...B	0b11110000...B

All packets with a source MAC OUI value of 00-03-FA, subject to a match condition, should be specified as: 0003FA000000 0x0FFFFF000000

Values

0x00000000000000 to 0xFFFFFFFFFFFF (hex)

Default

0xFFFFFFFFFFFF

Platforms

All

Context

[Tree] (config>filter>mac-filter>entry>match dst-mac)

Full Context

configure filter mac-filter entry match dst-mac

Description

Configures a destination MAC address or range to be used as a MAC filter match criterion.

The no form of the command removes the destination mac address as the match criterion.

Default

no dst-mac

Parameters

ieee-address

Specifies the MAC address to be used as a match criterion.

Values

HH:HH:HH:HH:HH:HH or HH-HH-HH-HH-HH-HH where H is a hexadecimal digit. Note that both upper and lower case are supported.

ieee-address-mask

Specifies a 48-bit mask to match a range of MAC address values.

To configure so that all packets with a destination MAC OUI value of 00:03:FA are subject to a match condition then the entry should be specified as: 00:03:FA:00:00:00 FF:FF:FF:00:00:00.

Default

ff:ff:ff:ff:ff:ff (exact match)

Values

HH:HH:HH:HH:HH:HH or HH-HH-HH-HH-HH-HH

where H is a hexadecimal digit. to 0xFFFFFFFFFFFF

Note that both upper and lower case are supported.

Platforms

All

Context

[Tree] (config>system>security>mgmt-access-filter>mac-filter>entry>match dst-mac)

Full Context

configure system security management-access-filter mac-filter entry match dst-mac

Description

This command configures the destination MAC match condition.

Parameters

ieee-address

Specifies the MAC address to be used as a match criterion.

Values

HH:HH:HH:HH:HH:HH or HH-HH-HH-HH-HH-HH where H is a hexadecimal digit

mask

Specifies a 48-bit mask to match a range of MAC address values.

Platforms

All

Context

[Tree] (config>test-oam>sath>svc-test>svc-stream>frm-payl>eth dst-mac)

Full Context

configure test-oam service-activation-testhead service-test service-stream frame-payload ethernet dst-mac

Description

This command configures the unicast destination MAC address to use in the frame generated by the service activation testhead.

The no form of this command indicates that the MAC address is not used by the testhead.

Default

no dst-mac

Parameters

ieee-address

Specifies the unicast destination MAC address as a hexadecimal string.

Values

6-byte unicast MAC address using the notation xx:xx:xx:xx:xx:xx, in the range of 0 to 9 and a to f

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS

Context

[Tree] (config>test-oam>build-packet>header>ethernet dst-mac-address)

[Tree] (debug>oam>build-packet>packet>field-override>header>ethernet dst-mac-address)

Full Context

configure test-oam build-packet header ethernet dst-mac-address

debug oam build-packet packet field-override header ethernet dst-mac-address

Description

This command defines the destination MAC address for the Ethernet header.

The no form of this command deletes the configured MAC address.

Default

dst-mac-address 00:00:00:00:00:00

Parameters

ieee-address

Specifies the destination Ethernet MAC address to be used in the Ethernet header. Specifies the 48-bit MAC address.

Values

xx:xx:xx:xx:xx:xx

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>subscr-mgmt>cat-map>category>exh-lvl>egr-ipv6>entry>match dst-port)

[Tree] (config>subscr-mgmt>cat-map>category>exh-lvl>egr-ip>entry>match dst-port)

[Tree] (config>subscr-mgmt>cat-map>category>exh-lvl>ingr-ip>entry>match dst-port)

[Tree] (config>subscr-mgmt>cat-map>category>exh-lvl>ingr-ipv6>entry>match dst-port)

Full Context

configure subscriber-mgmt category-map category exhausted-credit-service-level egress-ipv6-filter-entries entry match dst-port

configure subscriber-mgmt category-map category exhausted-credit-service-level egress-ip-filter-entries entry match dst-port

configure subscriber-mgmt category-map category exhausted-credit-service-level ingress-ip-filter-entries entry match dst-port

configure subscriber-mgmt category-map category exhausted-credit-service-level ingress-ipv6-filter-entries entry match dst-port

Description

This command configures the destination port match condition.

The no form of this command reverts to the default.

Parameters

lt | gt | eq

Specifies the operator.

dst-port-number

Specifies the destination port number as a decimal hex or binary.

Values

0 to 65535

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>isa-filter>ipv6>entry>match dst-port)

[Tree] (config>subscr-mgmt>isa-filter>entry>match dst-port)

Full Context

configure subscriber-mgmt isa-filter ipv6 entry match dst-port

configure subscriber-mgmt isa-filter entry match dst-port

Description

This command specifies that the packet’s UDP/TCP dst-port must match a specific value. This command is not valid in a match context that is not specific to UDP or TCP.

The no form of this command removes matching of the layer-4 port.

Parameters

operator

Specifies that the only supported value is eq (equal to). The destination port value must be equal to the port-number value.

port-number

Specifies the number of the port to match.

Values

0 to 65535

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>http-rdr-plcy dst-port)

Full Context

configure subscriber-mgmt http-redirect-policy dst-port

Description

This command specifies the port to match the destination port in the HTTP request.

HTTP traffic that does not match this port, is not redirected.

The no form of this command reverts to the default.

Default

dst-port 80

Parameters

tcp-port

Specifies the TCP port.

Values

1 to 65535

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>app-assure>group>policy>aqp>entry>match dst-port)

Full Context

configure application-assurance group policy app-qos-policy entry match dst-port

Description

This command specifies a destination TCP/UDP port, destination port list, or destination range to use as match criteria.

The no form of this command removes the parameters from the configuration.

Default

no dst-port

Parameters

eq

Specifies that a successful match occurs when the flow matches the specified port.

neq

Specifies that a successful match occurs when the flow does not match the specified port.

port-num

Specifies the destination port number.

Values

0 to 65535

start-port-num end-port-num

Specifies the start or end destination port number.

Values

0 to 65535

port-list-name

Specifies a named port-list, up to 32 characters, containing a set of ports or ranges of ports.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>app-assure>group>sess-fltr>entry>match dst-port)

Full Context

configure application-assurance group session-filter entry match dst-port

Description

This command specifies a destination TCP/UDP port, destination port list, or destination range to use as match criteria.

The no form of this command removes the parameters from the configuration.

Default

no dst-port

Parameters

eq

Specifies that a successful match occurs when the flow matches the specified port.

gt

Specifies all port numbers greater than the port-number match.

lt

Specifies all port numbers less than the port-number match.

port-num

Specifies the destination port number.

Values

0 to 65535

start-port-num end-port-num

Specifies the start or end destination port number.

Values

0 to 65535

port-list-name

Specifies a named port-list, up to 32 characters, containing a set of ports or ranges of ports.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (debug>app-assure>group>traffic-capture>match dst-port)

Full Context

debug application-assurance group traffic-capture match dst-port

Description

This command configures debugging on a destination port.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>li>li-filter>li-ip-filter>entry>match dst-port)

[Tree] (config>li>li-filter>li-ipv6-filter>entry>match dst-port)

Full Context

configure li li-filter li-ip-filter entry match dst-port

configure li li-filter li-ipv6-filter entry match dst-port

Description

This command configures a destination TCP or UDP port number or port range for an IP LI filter match criterion. Note that an entry containing Layer 4 match criteria will not match non-initial (second, third, and so on) fragments of a fragmented packet since only the first fragment contains the Layer 4 information.

The no form of this command removes the destination port match criterion.

Parameters

lt

Specifies all port numbers less than dst-port-number match.

gt

Specifies all port numbers greater than dst-port-number match.

eq

Specifies that dst-port-number must be an exact match.

dst-port-number

Specifies an inclusive range of port numbers to be used as a match criteria. The destination port numbers start-port and end-port are expressed as decimal integers.

Values

[0..65535]D

[0x0..0xFFFF]H

[0b0..0b1111111111111111]B

Platforms

All

Context

[Tree] (config>qos>sap-egress>ip-criteria>entry>match dst-port)

[Tree] (config>qos>sap-ingress>ip-criteria>entry>match dst-port)

[Tree] (config>qos>sap-egress>ipv6-criteria>entry>match dst-port)

[Tree] (config>qos>sap-ingress>ipv6-criteria>entry>match dst-port)

Full Context

configure qos sap-egress ip-criteria entry match dst-port

configure qos sap-ingress ip-criteria entry match dst-port

configure qos sap-egress ipv6-criteria entry match dst-port

configure qos sap-ingress ipv6-criteria entry match dst-port

Description

This command configures a destination TCP or UDP port number or port range for a SAP QoS policy match criterion.

The no form of this command removes the destination port match criterion.

Default

no dst-port

Parameters

{lt | gt | eq} dst-port-number

The TCP or UDP port numbers to match, specified as less than (lt), greater than (gt), or equal to (eq) to the destination port value, specified as a decimal integer.

Values

1 to 65535 (decimal)

range startend

The range of TCP or UDP port values to match, specified as between the start and end destination port values inclusive.

Values

1 to 65535 (decimal)

Platforms

All

Context

[Tree] (config>qos>network>ingress>ip-criteria>entry>match dst-port)

[Tree] (config>qos>network>ingress>ipv6-criteria>entry>match dst-port)

[Tree] (config>qos>network>egress>ipv6-criteria>entry>match dst-port)

[Tree] (config>qos>network>egress>ip-criteria>entry>match dst-port)

Full Context

configure qos network ingress ip-criteria entry match dst-port

configure qos network ingress ipv6-criteria entry match dst-port

configure qos network egress ipv6-criteria entry match dst-port

configure qos network egress ip-criteria entry match dst-port

Description

This command configures a destination TCP or UDP port number, port range, or a port list for a network QoS policy match criterion.

The no form of this command removes the destination port match criterion.

Parameters

lt

Keyword used to specify TCP or UDP port numbers to match that are less than the destination port value.

gt

Keyword used to specify TCP or UDP port numbers to match that are greater than the destination port value.

eq

Keyword used to specify TCP or UDP port numbers to match that are equal to the destination port value.

dst-port-number

Specifies the TCP or UDP port numbers to match, specified as less than (lt), greater than (gt), or equal to (eq) the destination port value, specified as a decimal integer.

Values

1 to 65535

port-list-name

Specifies a port list name, up to 32 characters of printable ASCII characters. If special characters are used, the string must be enclosed within double quotes.

start

Specifies the starting range of TCP or UDP port values to match.

Values

1 to 65535

end

Specifies the end range of TCP or UDP port values to match.

Values

1 to 65535

Platforms

All

Context

[Tree] (config>filter>ip-filter>entry>match dst-port)

[Tree] (config>filter>ipv6-exception>entry>match dst-port)

[Tree] (config>filter>ipv6-filter>entry>match dst-port)

[Tree] (config>filter>ip-exception>entry>match dst-port)

Full Context

configure filter ip-filter entry match dst-port

configure filter ipv6-exception entry match dst-port

configure filter ipv6-filter entry match dst-port

configure filter ip-exception entry match dst-port

Description

This command configures a destination TCP, UDP, or SCTP port number or port range for an IP filter or IP exception match criterion. An entry containing Layer 4 non-zero match criteria will not match non-initial (2nd, 3rd, etc) fragments of a fragmented packet since only the first fragment contains the Layer 4 information. Similarly an entry containing the "dst-port eq 0” match criterion, may match non-initial fragments when the destination port value is not present in a packet fragment and other match criteria are also met.

The no form of the command removes the destination port match criterion.

Default

no dst-port

Parameters

lt

Specifies that all port numbers less than the dst-port-number match.

gt

Specifies that all port numbers greater than the dst-port-number match.

eq

Specifies that the dst-port-number must be an exact match.

dst-port-number

Specifies the destination port number to be used as a match criteria expressed as a decimal integer, as well as in hexadecimal or binary format. The following value is for decimal integer format only.

Values

0 to 65535

port-list-name

Specifies to use a list of ports referred to by port-list-name, which is a string of up to 32 characters of printable ASCII characters. If special characters are used, the string must be enclosed within double quotes.

dst-port-number dst-port-number

Specifies inclusive port range between two dst-port-number values.

Platforms

All

• configure filter ipv6-filter entry match dst-port
• configure filter ip-filter entry match dst-port

VSR

• configure filter ip-exception entry match dst-port
• configure filter ipv6-exception entry match dst-port

Context

[Tree] (config>system>security>mgmt-access-filter>ipv6-filter>entry dst-port)

[Tree] (config>system>security>mgmt-access-filter>ip-filter>entry dst-port)

Full Context

configure system security management-access-filter ipv6-filter entry dst-port

configure system security management-access-filter ip-filter entry dst-port

Description

This command configures a destination TCP or UDP port number or port range for a management access filter match criterion.

The no form of this command removes the destination port match criterion.

Parameters

value

Specifies the destination TCP or UDP port number as match criteria.

Values

1 to 65535 (decimal)

mask

Specifies the mask used to specify a range of destination port numbers as the match criterion.

This 16 bit mask can be configured using the formats described in Format Styles to Configure Mask:

Table 8. Format Styles to Configure Mask

Format Style	Format Syntax	Example
Decimal	DDDDD	63488
Hexadecimal	0xHHHH	0xF800
Binary	0bBBBBBBBBBBBBBBBB	0b1111100000000000

To select a range from 1024 up to 2047, specify 1024 0xFC00 for value and mask.

Default

65535 (exact match)

Values

1 to 65535 (decimal)

Platforms

All

Context

[Tree] (cfg>sys>sec>cpm>ipv6-filter>entry>match dst-port)

[Tree] (cfg>sys>sec>cpm>ip-filter>entry>match dst-port)

Full Context

configure system security cpm-filter ipv6-filter entry match dst-port

configure system security cpm-filter ip-filter entry match dst-port

Description

This command specifies the TCP/UDP port or port name to match the destination-port of the packet.

The no form of this command removes the destination port match criterion.

Default

no dst-port

Parameters

tcp/udp port-number

Specifies the destination port number to be used as a match criteria expressed as a decimal integer.

Values

0 to 65535 (accepted in decimal hex or binary)

port-list-name

Specifies the port list name to be used as a match criteria for the destination port.

mask

Specifies the 16 bit mask to be applied when matching the destination port.

Values

[0x0000 to 0xFFFF] | [0 to 65535] | [0b0000000000000000 to 0b1111111111111111]

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>service>nat>nat-classifier>entry>match dst-port-range)

Full Context

configure service nat nat-classifier entry match dst-port-range

Description

This command configures a destination TCP or UDP port number or port range.

Note that an entry containing Layer 4 match criteria will not match non-initial (2nd, 3rd,etc) fragments of a fragmented packet since only the first fragment contains the Layer 4 information.

The no form of the command removes the destination port match criterion.

Default

dst-port-range start 0 end 65535

Parameters

start port-number

Specifies the start of the port range expressed as a decimal integer.

Values

0 to 65535

end port-number

Specifies the end of the port range expressed as a decimal integer.

Values

0 to 65535

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>test-oam>build-packet>header>tcp dst-tcp-port)

Full Context

configure test-oam build-packet header tcp dst-tcp-port

Description

This command defines the destination TCP port to be used in the test TCP header.

The no form of this command reverts to the default.

Default

dst-tcp-port 0

Parameters

tcp-port

Specifies the destination TCP port to be used in the test TCP header.

Values

0 to 65535

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (debug>oam>build-packet>packet>field-override>header>tcp dst-tcp-port)

Full Context

debug oam build-packet packet field-override header tcp dst-tcp-port

Description

This command defines the destination TCP port to be used in the TCP header.

The no form of this command reverts to the default.

Default

no override

Parameters

tcp-port

Specifies the destination TCP port to be used in the TCP header.

Values

0 to 65535

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>test-oam>build-packet>header>udp dst-udp-port)

Full Context

configure test-oam build-packet header udp dst-udp-port

Description

This command defines the destination TCP port to be used in the test TCP header.

The no form of this command reverts to the default.

Default

dst-udp-port 0

Parameters

udp-port

Specifies the destination UDP port to be used in the test UDP header.

Values

0 to 65535

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (debug>oam>build-packet>packet>field-override>header>udp dst-udp-port)

Full Context

debug oam build-packet packet field-override header udp dst-udp-port

Description

This command defines the destination TCP port to be used in the TCP header.

The no form of this command reverts to the default.

Default

no override

Parameters

udp-port

Specifies the destination UDP port to be used in the UDP header.

Values

0 to 65535

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>system>time dst-zone)

Full Context

configure system time dst-zone

Description

This command configures the start and end dates and offset for summer time or daylight savings time to override system defaults or for user defined time zones.

When configured, the time is adjusted by adding the configured offset when summer time starts and subtracting the configured offset when summer time ends.

If the time zone configured is listed in the Time Zones section, then the starting and ending parameters and offset do not need to be configured with this command unless it is necessary to override the system defaults. The command returns an error if the start and ending dates and times are not available either the Time Zones section on or entered as optional parameters in this command.

Up to five summer time zones may be configured, for example, for five successive years or for five different time zones. Configuring a sixth entry will return an error message. If no summer (daylight savings) time is supplied, it is assumed no summer time adjustment is required.

The no form of the command removes a configured summer (daylight savings) time entry.

Parameters

std-zone-name

Specifies the standard time zone name. The standard name must be a system-defined zone in the Time Zones section. For zone names in the table that have an implicit summer time setting, for example MDT for Mountain Daylight Saving Time, the remaining start-date, end-date and offset parameters need to be provided unless it is necessary to override the system defaults for the time zone.

Values

ADT, NDT, AKDT, CDT, CEST, EDT, EEST, MDT, NZDT, PDT, WEST

non-std-zone-name

Specifies the non-standard time zone name. Create a user-defined name created using the zone. The name can be a maximum of 5 characters in length.

Platforms

All

Context

[Tree] (config>service>vprn>nat dual-stack-lite)

[Tree] (config>router>nat>inside dual-stack-lite)

Full Context

configure service vprn nat dual-stack-lite

configure router nat inside dual-stack-lite

Description

Commands in this context configure Dual-Stack Lite (DS-Lite) NAT parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>router>pcp-server>server dual-stack-lite-address)

Full Context

configure router pcp-server server dual-stack-lite-address

Description

This command configures the inside dual stack lite AFTR address.

The no form of this command reverts to the default value.

Default

no dual-stack-lite-address

Parameters

ipv6-address

Specifies the IPv6 address.

Values

ipv6-address	x:x:x:x:x:x:x:x (eight 16-bit pieces)
	x:x:x:x:x:x:d.d.d.d
	x [0 to FFFF]H
	d [0 to 255]D

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>ies>if>ipv6>dhcp6>pfx-delegate>prefix duid)

Full Context

configure service ies interface ipv6 dhcp6-server prefix-delegation prefix duid

Description

This command configures the DHCP Unique Identifier (DUID) of the DHCP client.

The no form of this command reverts to the default.

Default

duid 2

Parameters

duid

Specifies the ID of the requesting router, up to a maximum of 128 hex values. If set to a non-zero value the prefix defined will only be delegated to this router. If set to zero, the prefix is delegated to any requesting router.

iaid

Specifies the identity association identification (IAID) from the requesting router that needs to match to delegate the prefix defined in this row. If set to 0 no match on the received IAID is done.

Values

1 to 4294967295

Platforms

All

Context

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host>host-ident duid-en)

Full Context

configure subscriber-mgmt local-user-db ipoe host host-identification duid-en

Description

This command configures the hexadecimal value for use in matching against the concatenation of enterprise number and identifier fields of DHCPv6 option CLIENTID (1) with DUID type = 2 (assigned by the vendor based on the enterprise number) in the DHCPv6 client message.

The no form of this command removes the client ID type duid-en from the configuration.

Default

no duid-en

Parameters

hex-string

Specifies the string in hexadecimal format, up to 254 hex nibbles.

Values

0x0 to 0xFFFFFFFF

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host>host-ident duid-ll-llt)

Full Context

configure subscriber-mgmt local-user-db ipoe host host-identification duid-ll-llt

Description

This command configures the value for use in matching against the link-layer address field of DHCPv6 option CLIENTID (1) with DUID type = 3 (based on link-layer address) or DUID type = 1 (based on link-layer address plus time) and hardware type = 1 (Ethernet) in the DHCPv6 client message. For DUID type = 1, the time field is ignored.

The no form of this command removes the client ID type duid-ll-llt from the configuration.

Default

no duid-ll-llt

Parameters

ieee-address

Specifies the unicast MAC address of the client ID. This value cannot be all zeros.

Values

xx:xx:xx:xx:xx:xx or xx-xx-xx-xx-xx-xx

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR