e Commands – Part I

Context

[Tree] (config>subscr-mgmt>acct-plcy>cr>ref-queue e-counters)

[Tree] (config>subscr-mgmt>acct-plcy>cr>queue e-counters)

Full Context

configure subscriber-mgmt radius-accounting-policy custom-record ref-queue e-counters

configure subscriber-mgmt radius-accounting-policy custom-record queue e-counters

Description

Commands in this context configure egress counter parameters for this custom record.

The no form of this command reverts to the default.

Parameters

all

Includes all counters

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>log>acct-policy>cr>ref-queue e-counters)

[Tree] (config>log>acct-policy>cr>policer e-counters)

[Tree] (config>log>acct-policy>cr>queue e-counters)

[Tree] (config>log>acct-policy>cr>ref-policer e-counters)

Full Context

configure log accounting-policy custom-record ref-queue e-counters

configure log accounting-policy custom-record policer e-counters

configure log accounting-policy custom-record queue e-counters

configure log accounting-policy custom-record ref-policer e-counters

Description

This command configures egress counter parameters for this custom record.

The no form of this command reverts all egress counters to their default value.

Default

e-counters

Parameters

all

Specifies that all egress counters should be included.

Platforms

All

Context

[Tree] (config>port>tdm e1)

Full Context

configure port tdm e1

Description

Commands in this context configure E-1 parameters. E-1 is a basic time division multiplexing scheme used to carry digital circuits. It is also a standard WAN digital communication format designed to operate over copper facilities at a rate of 2.048 Mb/s.

North America uses the T-Carrier system while Europe uses the E-Carrier system of transmission, using multiples of the DS system. Digital signals are carried inside the carrier systems.

The no form of this command disables E-1 capabilities.

Parameters

e1-id

Specifies the E-1 channel being created.

Values

E1: 1 to 21, e1-sonet-sdh-index

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e

Context

[Tree] (config>port>tdm e3)

Full Context

configure port tdm e3

Description

Commands in this context configure E-3 parameters. E-3 lines provide a speed of 44.736 Mb/s and is also frequently used by service providers. E-3 lines carry 16 E-1 signals with a data rate of 34.368 Mb/s.

An E-3 connection typically supports data rates of about 43 Mb/s. An E-3 line actually consists of 672 individual channels, each supporting 64 kb/s. E-3 lines are used mainly by Service Providers to connect to the Internet backbone and for the backbone itself.

Depending on the MDA type, the E-3 parameters must be disabled if clear channel is enabled by default (for example, on the m12-ds3e3 MDA). Clear channel is a channel that uses out-of-band signaling, not in-band signaling, so the channel's entire bit rate is available. Channelization must be explicitly specified. Note that if E-3 nodes are provisioned on the channelized SONET/SDH MDA you must provision the parent STS-1 SONET/STM0 SDH path first.

North America uses the T-Carrier system while Europe uses the E-Carrier system of transmission, using multiples of the DS system. Digital signals are carried inside the carrier systems.

The no form of this command disables E-3 capabilities.

Parameters

sonet-sdh-index

Specifies the components making up the specified SONET/SDH Path. Depending on the type of SONET/SDH port the sonet-sdh-index must specify more path indexes to specify the payload location of the path. The sonet-sdh-index differs for SONET and SDH ports.

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e

Context

[Tree] (config>service>nat>map-domain>mapping-rule ea-length)

Full Context

configure service nat map-domain mapping-rule ea-length

Description

This command configures the length of EA bits in the MAP rule. The no ea-length statement sets the ea-length to 0.

Default

no ea-length

Parameters

ea-bits-length

Specifies the length of the EA bits.

Values

1 to 48

Platforms

7750 SR-1-24D, 7750 SR-1-46S, 7750 SR-1-48D, 7750 SR-1-92S, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-1se, 7750 SR-2se, 7750 SR-7s, 7750 SR-14s, VSR

Context

[Tree] (config>port>ethernet>dot1x>macsec>sub-port eapol-destination-address)

Full Context

configure port ethernet dot1x macsec sub-port eapol-destination-address

Description

The EAPoL destination MAC address uses a destination multicast MAC address of 01:80:C2:00:00:03. Some networks cannot tunnel this packet over the network and consume these packets, causing the MKA session to fail. This command can change the destination MAC of the EAPoL to the unicast address of the MACsec peer, and as such, the EAPoL and MKA signaling will be unicasted between two peers.

The no form of this command returns the value to the default.

Default

no eapol-destination-address

Parameters

mac

Specifies the desired destination MAC address to be used by the EAPOL MKA packets of this sub-port.

Values

aa:bb:cc:dd:ee:ff where aa, bb, cc, dd, ee and ff are hexadecimal numbers.

Platforms

All

Context

[Tree] (config>service>vprn>bgp>group>neighbor ebgp-default-reject-policy)

[Tree] (config>service>vprn>bgp ebgp-default-reject-policy)

[Tree] (config>service>vprn>bgp>group ebgp-default-reject-policy)

Full Context

configure service vprn bgp group neighbor ebgp-default-reject-policy

configure service vprn bgp ebgp-default-reject-policy

configure service vprn bgp group ebgp-default-reject-policy

Description

This command configures the default import and export policy behavior for EBGP neighbors.

The no form of this command removes the default import and export policy behavior.

Default

no ebgp-default-reject-policy

Parameters

import

Specifies the default reject import policy for EBGP neighbors.

export

Specifies the default reject export policy for EBGP neighbors.

Platforms

All

Context

[Tree] (config>router>bgp>group ebgp-default-reject-policy)

[Tree] (config>router>bgp>group>neighbor ebgp-default-reject-policy)

[Tree] (config>router>bgp ebgp-default-reject-policy)

Full Context

configure router bgp group ebgp-default-reject-policy

configure router bgp group neighbor ebgp-default-reject-policy

configure router bgp ebgp-default-reject-policy

Description

This command configures the default import and export policy behavior for EBGP neighbors.

The no form of this command removes the default import and export policy behavior.

Default

no ebgp-default-reject-policy

Parameters

import

Specifies the default reject import policy for EBGP neighbors.

export

Specifies the default reject export policy for EBGP neighbors.

Platforms

All

Context

[Tree] (config>service>vprn>bgp>best-path-selection ebgp-ibgp-equal)

Full Context

configure service vprn bgp best-path-selection ebgp-ibgp-equal

Description

This command instructs the BGP decision process to ignore the difference between EBGP and IBGP routes in selecting the best path and eligible multipaths (if multipath and ECMP are enabled). The result is a form of EIBGP load-balancing in a multipath scenario.

The operator can apply the behavior selectively to only certain types of routes by specifying one or more address family names in the command.

The no form of this command configures the router in the BGP decision process to prefer an EBGP learned route over an IBGP learned route.

Default

no ebgp-ibgp-equal

Parameters

ipv4

Specifies that the command should be applied to unlabeled unicast IPv4 routes.

ipv6

Specifies that the command should be applied to unlabeled unicast IPv6 routes.

label-ipv4

Specifies that the command should be applied to labeled IPv4 routes.

label-ipv6

Specifies that the command should be applied to labeled IPv6 routes.

Platforms

All

Context

[Tree] (config>router>bgp>best-path-selection ebgp-ibgp-equal)

Full Context

configure router bgp best-path-selection ebgp-ibgp-equal

Description

This command instructs the BGP decision process to ignore the difference between EBGP and IBGP routes in selecting the best path and eligible multipaths (if multipath and ECMP are enabled). The result is a form of EIBGP load balancing in a multipath scenario.

The behavior can be applied selectively to only certain types of routes by specifying one or more address family names in the command. If no families are specified, this command applies to IPv4, IPv6, label-IPv4, label-IPv6, VPN-IPv4, VPN-IPv6, and EVPN routes.

The no form of this command configures the router in the BGP decision process to prefer an EBGP learned route over an IBGP learned route.

Default

no ebgp-ibgp-equal

Parameters

ipv4

Specifies that the command should be applied to unlabeled unicast IPv4 routes.

ipv6

Specifies that the command should be applied to unlabeled unicast IPv6 routes.

label-ipv4

Specifies that the command should be applied to labeled unicast IPv4 routes.

label-ipv6

Specifies that the command should be applied to labeled unicast IPv6 routes.

vpn-ipv4

Specifies that the command should be applied to IPv4 VPN routes.

vpn-ipv6

Specifies that the command should be applied to IPv6 VPN routes.

evpn

Specifies that the command should be applied to EVPN routes.

Platforms

All

Context

[Tree] (config>system>security>user>public-keys ecdsa)

Full Context

configure system security user public-keys ecdsa

Description

This command allows the user to enter the context to configure ECDSA public keys.

Platforms

All

Context

[Tree] (config>system>security>user>public-keys>ecdsa ecdsa-key)

Full Context

configure system security user public-keys ecdsa ecdsa-key

Description

This command creates an ECDSA public key and associates it with the username. Multiple public keys can be associated with the user. The key ID is used to identify these keys for the user.

Parameters

create

Keyword used to create an ECDSA key. The create keyword requirement can be enabled/disabled in the environment>create context.

key-id

Specifies the key identifier.

Values

1 to 32

Platforms

All

Context

[Tree] (echo)

Full Context

echo

Description

This command echoes arguments on the command line. The primary use of this command is to allow messages to be displayed to the screen in files executed with the exec command.

Parameters

text-to-echo

Specifies a text string to be echoed, up to 256 characters.

extra-text-to-echo

Specifies more text to be echoed, up to 256 characters.

more-text

Specifies more text to be echoed, up to 256 characters.

Platforms

All

Context

[Tree] (config>open-flow>of-switch echo-interval)

Full Context

configure open-flow of-switch echo-interval

Description

This command configures the Echo Request interval for monitoring the OpenFlow control channels to the controllers for this OpenFlow switch instance.

The no form of this command restores default value.

Default

echo-interval 10

Parameters

seconds

Specifies an interval, in seconds.

Values

1 to 3600

Platforms

VSR

Context

[Tree] (config>open-flow>of-switch echo-multiple)

Full Context

configure open-flow of-switch echo-multiple

Description

This command configures the number of consecutive Echo Reply messages that must be lost to declare OF control channel down.

The no form of this command restores default value.

Default

echo-multiple 3

Parameters

value

Specifies the threshold value for the number of consecutive Echo Rely messages lost.

Values

3 to 100

Platforms

VSR

Context

[Tree] (config>router>bfd>bfd-template echo-receive)

Full Context

configure router bfd bfd-template echo-receive

Description

This command sets the minimum echo receive interval, in milliseconds, for a session. This is not used by a BFD session for MPLS-TP.

The no form of this command reverts to the default value.

Default

echo-receive 100

Parameters

echo-interval

Specifies the echo receive interval.

Values

100 ms to 100,000 ms in 1 ms increments

Default

100

Platforms

All

Context

[Tree] (config>service>epipe>bgp-evpn>vxlan ecmp)

[Tree] (config>service>epipe>bgp-evpn>mpls>auto-bind-tunnel ecmp)

[Tree] (config>service>epipe>bgp-evpn>mpls ecmp)

[Tree] (config>service>vpls>bgp-evpn>mpls>auto-bind-tunnel ecmp)

[Tree] (config>service>epipe>bgp-evpn>srv6 ecmp)

[Tree] (config>service>vpls>bgp-evpn>srv6 ecmp)

[Tree] (config>service>vpls>bgp-evpn>mpls ecmp)

[Tree] (config>service>vpls>bgp-evpn>vxlan ecmp)

Full Context

configure service epipe bgp-evpn vxlan ecmp

configure service epipe bgp-evpn mpls auto-bind-tunnel ecmp

configure service epipe bgp-evpn mpls ecmp

configure service vpls bgp-evpn mpls auto-bind-tunnel ecmp

configure service epipe bgp-evpn segment-routing-v6 ecmp

configure service vpls bgp-evpn segment-routing-v6 ecmp

configure service vpls bgp-evpn mpls ecmp

configure service vpls bgp-evpn vxlan ecmp

Description

When configured in a VPLS service, this command controls the number of paths that are allowed to reach a specified MAC address when that MAC in the FDB is associated to a remote all-active multi-homed ES.

The configuration of two or more ECMP paths to a specified MAC enables the aliasing function described in RFC 7432.

When used in an Epipe service, this command controls the number of paths that are allowed to reach a specified remote Ethernet tag that is associated to an ES destination.

Default

ecmp 1

Parameters

max-ecmp-routes

Specifies the number of paths allowed to the same multi-homed MAC address or Ethernet tag.

Values

1 to 32

Platforms

All

• configure service epipe bgp-evpn vxlan ecmp
• configure service vpls bgp-evpn mpls ecmp
• configure service vpls bgp-evpn vxlan ecmp
• configure service epipe bgp-evpn mpls ecmp
• configure service epipe bgp-evpn mpls auto-bind-tunnel ecmp
• configure service vpls bgp-evpn mpls auto-bind-tunnel ecmp

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

• configure service epipe bgp-evpn segment-routing-v6 ecmp
• configure service vpls bgp-evpn segment-routing-v6 ecmp

Context

[Tree] (config>service>vprn>bgp-ipvpn>mpls>auto-bind-tunnel ecmp)

[Tree] (config>service>vprn>bgp-evpn>mpls>auto-bind-tunnel ecmp)

Full Context

configure service vprn bgp-ipvpn mpls auto-bind-tunnel ecmp

configure service vprn bgp-evpn mpls auto-bind-tunnel ecmp

Description

This command configures the maximum number of tunnels that may be used as ECMP next-hops for the VPRN. This value overrides any values that are configured using the config>service>vprn>ecmp command.

The no form of this command removes the configured overriding value, and the value configured using the config>service>vprn>ecmp command is used.

Default

ecmp 1

Parameters

max-ecmp-routes

Specifies the maximum number of tunnels that may be used as ECMP next-hops for the VPRN.

Values

1 to 32

Default

1

Platforms

All

Context

[Tree] (config>router ecmp)

Full Context

configure router ecmp

Description

This command enables ECMP and configures the number of routes for path sharing; for example, the value 2 means two equal cost routes are used for cost sharing.

ECMP can be used only for routes with the same preference and same protocol.

If available ECMP routes at the best preference exceed the maximum ECMP routes allowed, the system selects using the following criteria:

1. The system selects the lowest next hop router ID.
2. If the next hop goes to the same neighbor, the system selects the next hop with the lowest interface index.

The no form of this command disables ECMP path sharing. If ECMP is disabled and multiple routes are available at the best preference and equal cost, the route with the lowest next-hop IP address is used.

Default

no ecmp

Parameters

max-ecmp-routes

Specifies the maximum number of equal cost routes allowed on this routing table instance, expressed as a decimal integer. Setting ECMP max-ecmp-routes to 1 yields the same result as entering no ecmp.

Values

1 to 64

Platforms

All

Context

[Tree] (config>service>vprn ecmp)

Full Context

configure service vprn ecmp

Description

This command enables equal-cost multipath (ECMP) and configures the number of routes for path sharing. For example, the value of 2 means that 2 equal cost routes are used for cost sharing.

ECMP groups form when the system routes to the same destination with equal cost values. Routing table entries can be entered manually (as static routes), or they can be formed when neighbors are discovered and routing table information is exchanged by routing protocols. The system can balance traffic across the groups with equal costs.

ECMP can only be used for routes learned with the same preference and same protocol.

If available ECMP routes at the best preference exceed the maximum ECMP routes allowed, the system selects using the following criteria:

1. The system selects the lowest next hop router ID.
2. If the next hop goes to the same neighbor, the system selects the next hop with the lowest interface index.

The no form of this command disables ECMP path sharing. If ECMP is disabled and multiple routes are available at the best preference and equal cost, the newly updated route is used.

Default

no ecmp

Parameters

max-ecmp-routes

Specifies the maximum number of routes for path sharing.

Values

1 to 64

Platforms

All

Context

[Tree] (config>service>vprn>auto-bind-tunnel ecmp)

Full Context

configure service vprn auto-bind-tunnel ecmp

Description

Platforms

All

Context

[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle ecmp-opt-threshold)

Full Context

configure mcast-management multicast-info-policy bundle ecmp-opt-threshold

Description

This command defines the preference level threshold where multicast ECMP path management can dynamically optimize channels based on topology or bandwidth events. If the channels preference is equal to or less than the ecmp-opt-threshold, ECMP can move the channel between ECMP paths when bandwidth distribution events happen. Channels with a preference level higher than the threshold are moved during these events.

The default ECMP optimization limit threshold is 7. This means that multicast channels with a preference level of 0 to 7 (all channels) are allowed to move between ECMP paths. The ecmp-opt-threshold command can be used to change the default threshold.

Changing the threshold causes all channels ECMP optimization eligibility to be reevaluated.

The no form of this command restores the default ECMP optimization preference threshold value.

Default

ecmp-opt-threshold 7

Parameters

preference-level

The preference-level parameter is required when specifying the ecmp-opt-threshold. An integer value from 0 to 7 must be specified.

Values

0 to 7

Platforms

All

Context

[Tree] (config>service>vprn ecmp-unequal-cost)

Full Context

configure service vprn ecmp-unequal-cost

Description

This command relaxes the constraint that ECMP multipaths must have the same IGP cost to reach the BGP next-hop. When VPN routes for the same IP prefix are imported into a VPRN service, they are eligible to be used as multipaths. The resulting route is programmed as an ECMP IP route.

The BGP best path selection algorithm is the basis for choosing the set of imported VPN routes that can be combined to form an ECMP route. Normally (unless an ignore-nh-metric command is configured), the BGP decision process gives higher preference to VPN routes with a lower next-hop cost if other, more significant criteria, are tied. In these circumstances, a VPN route cannot be an eligible multipath if it does not have the same next-hop cost as the best VPN route. Configuring this command removes this restriction and allows the multipaths to have different (meaning lower) next-hop costs than the best route. This broadens the applicability of multipath and can result in better load balancing in the network.

This command applies only to the following types of routes imported by a VPRN.

• vpn-ipv4

• vpn-ipv6

• mcast-vpn-ipv4

• mcast-vpn-ipv6

The no form of this command restores the default behavior that requires next-hop costs of multipaths to be equal, unless the next-hop cost is completely removed from the BGP decision process.

Default

ecmp-unequal-cost

Platforms

All

Context

[Tree] (config>service>vpls>spb>level ect-algorithm)

Full Context

configure service vpls spb level ect-algorithm

Description

This command configures the ect-algorithm associated with a FID. Names are:

• low-path-id

• high-path-id

The algorithm for low-path-id chooses the path with the lowest metric and uses the sum of each Bridge-ID to break-ties (in this case preferring the lowest bridge identifiers).

The algorithm for high-path-id choose the path with the lowest metric and the sum of each Bridge-ID (after each one is modified by the algorithm mask) to break-ties (in this case preferring the highest bridge identifiers).

A Forwarding Identifier (FID) is an abstraction of the IEEE 802.1 SPB Base VID and represents the VLAN (B-VPLS) in IS-IS LSPs. B-VPLS services with the same FID share B-MACs and I-SIDs. (the SAP encapsulation VLAN tag may be set to the same value as the FID or to any other valid VLAN tag). One or more FIDs can be associated with an ECT-algorithm by using the FID range. User B-VPLS services may share the same FID as the control B-VPLS or use independent FIDs where each FID has an assigned ect-algorithm. B-VPLS services with i-vpls services must have an independent FID. B-VPLS services with only PBB Epipes may share FIDs with other B-VPLS services including the control B-VPLS service.

The ect-algorithm is associated with the FID and can only be changed only when there are no VPLS, SAPs or SDP bindings associated with the FID. The FID must be independent from the FID assigned to other services.

Default

ect-algorithm fid-range 1-4095 low-path-id

Parameters

name

low-path-id, high-path-id.

fid-range

Range of Forwarding Identifier values.

Values

1 to 4095

Platforms

All

Context

[Tree] (config>service>vpls>spoke-sdp>stp edge-port)

[Tree] (config>service>template>vpls-sap-template>stp edge-port)

[Tree] (config>service>vpls>sap>stp edge-port)

Full Context

configure service vpls spoke-sdp stp edge-port

configure service template vpls-sap-template stp edge-port

configure service vpls sap stp edge-port

Description

This command configures the SAP or SDP as an edge or non-edge port. If auto-edge is enabled for the SAP, this value will be used only as the initial value.

RSTP, however, can detect that the actual situation is different from what edge-port may indicate.

Initially, the value of the SAP or spoke-SDP parameter is set to edge-port. This value will change if:

• A BPDU is received on that port. This means that after all there is another bridge connected to this port. Then the edge-port becomes disabled.

• If auto-edge is configured and no BPDU is received within a certain period of time, RSTP concludes that it is on an edge and enables the edge-port.

The no form of this command returns the edge port setting to the default value.

Default

no edge-port

Platforms

All

Context

[Tree] (config>service>pw-template>stp edge-port)

Full Context

configure service pw-template stp edge-port

Description

This command configures the SAP or SDP as an edge or non-edge port. If auto-edge is enabled for the SAP, this value will be used only as the initial value.

RSTP, however, can detect that the actual situation is different from what edge-port may indicate.

Initially, the value of the SAP or spoke SDP parameter is set to edge-port. This value will change if:

• A BPDU is received on that port. This means that after all there is another bridge connected to this port. Then the edge-port becomes disabled.

• If auto-edge is configured and no BPDU is received within a certain period of time, RSTP concludes that it is on an edge and enables the edge-port.

The no form of this command returns the edge port setting to the default value.

Default

no edge-port

Platforms

All

Context

[Tree] (candidate edit)

Full Context

candidate edit

Description

This command enables the edit-cfg mode where changes can be made to the candidate configuration and sets the edit-point to the end of the candidate. In edit-cfg mode the CLI prompt contains edit-cfg near the root of the prompt. Commands in the candidate CLI branch, except candidate edit, are available only when in edit-cfg mode.

Parameters

exclusive

Allows a user to exclusively create a candidate configuration by blocking other users (and other sessions of the same user) from entering edit-cfg mode. Exclusive edit-cfg mode can only be entered if the candidate configuration is empty and no user is in edit-cfg mode. Once a user is in exclusive edit-cfg mode no other users/sessions are allowed in edit-cfg mode. The user must either commit or discard the exclusive candidate before leaving exclusive edit-cfg mode. If the CLI session times out while a user is in exclusive edit-cfg mode then the contents of the candidate are discarded. The admin disconnect command can be used to force a user to disconnect (and to clear the contents of the candidate) if they have the candidate locked.

Platforms

All

Context

[Tree] (configure>system>security>profile>netconf>base-op-authorization edit-config)

Full Context

configure system security profile netconf base-op-authorization edit-config

Description

This command enables the NETCONF <edit-config> RPC.

The no form of this command disables the RPC.

Default

no edit-config

Platforms

All

Context

[Tree] (config>system>security>tls>server-tls-profile>status-verify ee-revocation)

[Tree] (config>system>security>tls>client-tls-profile>status-verify ee-revocation)

Full Context

configure system security tls server-tls-profile status-verify ee-revocation

configure system security tls client-tls-profile status-verify ee-revocation

Description

This command configures the method used to verify the revocation status of the TLS end-entity (EE) certificate.

Parameters

primary

Specifies the primary method.

Values

ocsp, crl

Default

crl

secondary

Specifies the secondary method.

Values

ocsp, crl, none

Default

none

Platforms

All

Context

[Tree] (oam efm)

Full Context

oam efm

Description

This command enables Ethernet in the First Mile (EFM) OAM tests loopback tests on the specified port. The EFM OAM remote loopback OAMPDU is sent to the peering device to trigger remote loopback.

When EFM OAM is disabled or shutdown on a port, the dying gasp flag for the OAMPDU is set for the OAMPDUs sent to the peer. This speeds up the peer loss detection time.

Parameters

port-id

Specifies the port ID.

Note:

On the 7950 XRS, The XMA ID takes the place of the MDA.

port-id	slot/mda/port [.channel]
	eth-sat-id	esat-id/slot/port
		esat	keyword
		id	1 to 20
	pxc-id	pxc-id.sub-port
		pxc	keyword
		id	1 to 64
		sub-port	a, b

local-loopback {start | stop}

Specifies whether to start or stop local loopback tests on the specified port.

remote-loopback {start | stop}

Specifies whether to start or stop remote Ethernet in the First Mile (EFM) OAM loopback tests on the specified port. The EFM OAM remote loopback OAMPDU is sent to the peering device to trigger remote loopback.

For EFM OAM tunneling to function properly, EFM OAM tunneling should be configured for VLL services or a VPLS service with two SAPs only.

Platforms

All

Context

[Tree] (config>port>ethernet efm-oam)

Full Context

configure port ethernet efm-oam

Description

This command configures EFM-OAM attributes.

Platforms

All

Context

[Tree] (config>service>ies>if>load-balancing egr-ip-load-balancing)

Full Context

configure service ies interface load-balancing egr-ip-load-balancing

Description

This command specifies whether to include the source address or destination address or both in the LAG/ECMP hash on IP interfaces. Additionally, when l4-load-balancing is enabled, the command also applies to the inclusion of source/destination port in the hash inputs.

The no form of this command includes both source and destination parameters.

Default

no egr-ip-load-balancing

Parameters

source

Specifies using the source address and, if l4-load balancing is enabled, the source port in the hash, ignore destination address/port.

destination

Specifies using the destination address and, if l4-load balancing is enabled, the destination port in the hash, ignore source address/port.

inner-ip

Specifies using the inner IP header parameters instead of the outer IP header parameters in the LAG/ECMP hash for IPv4 encapsulated traffic.

Platforms

All

Context

[Tree] (config>service>vprn>if>nw-if>load-balancing egr-ip-load-balancing)

[Tree] (config>service>vprn>if>load-balancing egr-ip-load-balancing)

Full Context

configure service vprn interface nw-if load-balancing egr-ip-load-balancing

configure service vprn interface load-balancing egr-ip-load-balancing

Description

This command specifies whether to include the source address or destination address or both in the LAG/ECMP hash on IP interfaces. Additionally, when l4-load-balancing is enabled, the command also applies to the inclusion of source/destination port in the hash inputs.

The no form of this command includes both source and destination parameters.

Default

no egr-ip-load-balancing

Parameters

source

Specifies using the source address and (if l4-load balancing is enabled) source port in the hash, ignore destination address/port.

destination

Specifies using the destination address and (if l4-load balancing is enabled) destination port in the hash, ignore source address/port.

inner-ip

Specifies use of the inner IP header parameters instead of outer IP header parameters in LAG/ECMP hash for IPv4 encapsulated traffic.

Platforms

All

Context

[Tree] (config>router>if>load-balancing egr-ip-load-balancing)

Full Context

configure router interface load-balancing egr-ip-load-balancing

Description

This command specifies whether to include source address or destination address or both in LAG/ECMP hash on IP interfaces. Additionally, when l4-load-balancing is enabled the command applies also to inclusion of source/destination port in the hash inputs.

The no form of this command includes both source and destination parameters.

Default

no egr-ip-load-balancing

Parameters

source

Specifies using source address and (if l4-load balancing is enabled) source port in the hash, ignore destination address/port

destination

Specifies using destination address and (if l4-load balancing is enabled) destination port in the hash, ignore source address/port.

inner-ip

Specifies use of the inner IP header parameters instead of outer IP header parameters in LAG/ECMP hash for IPv4 encapsulated traffic.

Platforms

All

Context

[Tree] (config>port>modify-buffer-allocation-rate egr-percentage-of-rate)

Full Context

configure port modify-buffer-allocation-rate egr-percentage-of-rate

Description

The egr-percentage-of-rate command increases or decreases the active bandwidth associated with the egress port that affects the amount of egress buffer space managed by the port. Changing a ports active bandwidth using the egr-percentage-of-rate command is an effective means of artificially lowering the buffers managed by one egress port and giving them to other egress ports on the same MDA.

The egr-percentage-of-rate command accepts a percentage value that increases or decreases the active bandwidth based on the defined percentage. A value of 50% causes the active bandwidth to be reduced by 50%. A value of 150% causes the active bandwidth to be increased by 50%. Values from 1 to 1000 percent are supported.

A value of 100 (the default value) is equivalent to executing the no egr-percentage-of-rate command and restores the egress active rate to the normal value.

The no form of this command removes any artificial increase or decrease of the egress active bandwidth used for egress buffer space allocation to the port. The no egr-percentage-of-rate command sets the egress rate percentage to 100%.

Parameters

egr-rate-percentage

The egr-rate-percentage parameter is required and specifies the percentage value used to modify the current egress active bandwidth of the port. This does not actually change the bandwidth available on the port in any way. The defined egr-rate-percentage parameter is multiplied by the egress active bandwidth of the port. A value of 150 results in an increase of 50% (1.5 x Rate).

Values

1 to 1000

Default

100 (no change to active rate)

Platforms

All

Context

[Tree] (config>service>epipe>vxlan egr-vtep)

[Tree] (config>service>vpls>vxlan egr-vtep)

Full Context

configure service epipe vxlan egr-vtep

configure service vpls vxlan egr-vtep

Description

This command configures the static destination VTEP IP used when originating VXLAN packets for the service.

Parameters

ip-address

Specifies the IPv4 address used as the destination VTEP when originating VXLAN packets for the service.

ipv6-address

Specifies the IPv6 address used as the destination VTEP when originating VXLAN packets for the service.

Platforms

All

• configure service epipe vxlan egr-vtep

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

• configure service vpls vxlan egr-vtep

Context

[Tree] (config>port>hybrid-buffer-allocation egr-weight)

Full Context

configure port hybrid-buffer-allocation egr-weight

Description

This command configures the sharing of the egress buffers allocated to a hybrid port among the access and network contexts. By default, it is split equally between network and access.

The no form of this command reverts to the default values for the egress access and network weights.

Parameters

access-weight

Specifies the access weight as an integer.

Values

0 to 100

Default

50

network-weight

Specifies the network weight as an integer.

Values

0 to 100

Default

50

Platforms

All

Context

[Tree] (config>subscr-mgmt>ancp>ancp-policy egress)

Full Context

configure subscriber-mgmt ancp ancp-policy egress

Description

Commands in this context configure egress ANCP policy parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>msap-policy>ies-vprn egress)

[Tree] (config>subscr-mgmt>msap-policy>vpls-only egress)

Full Context

configure subscriber-mgmt msap-policy ies-vprn-only-sap-parameters egress

configure subscriber-mgmt msap-policy vpls-only-sap-parameters egress

Description

Commands in this context configure egress policies for Managed SAPs (MSAPs).

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>sla-prof>aggregate-qos-stats egress)

Full Context

configure subscriber-mgmt sla-profile aggregate-qos-stats egress

Description

Commands in this context configure which types of egress QoS objects are used to calculate the total egress aggregate statistics.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>sla-prof>csg egress)

Full Context

configure subscriber-mgmt sla-profile custom-statistics-group egress

Description

Commands in this context configure the types of egress QoS object statistics that are used to calculate the custom statistics. This can include static queues and policers that are configured in a QoS SAP-egress policy, and dynamic queues and policers that are created on demand, according to the needs of the session.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vprn>if>spoke-sdp egress)

[Tree] (config>service>vprn>red-if>spoke-sdp egress)

Full Context

configure service vprn interface spoke-sdp egress

configure service vprn redundant-interface spoke-sdp egress

Description

This command configures egress SDP parameters.

Platforms

All

• configure service vprn interface spoke-sdp egress

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

• configure service vprn redundant-interface spoke-sdp egress

Context

[Tree] (config>subscr-mgmt>sla-profile egress)

Full Context

configure subscriber-mgmt sla-profile egress

Description

Commands in this context configure egress parameters for the SLA profile.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vprn>sub-if>grp-if>sap egress)

[Tree] (config>service>ies>sub-if>grp-if>sap egress)

[Tree] (config>service>ies>if>sap egress)

[Tree] (config>service>vpls>sap egress)

Full Context

configure service vprn subscriber-interface group-interface sap egress

configure service ies subscriber-interface group-interface sap egress

configure service ies interface sap egress

configure service vpls sap egress

Description

Commands in this context configure egress Quality of Service (QoS) policies and filter policies.

If no QoS policy is defined, the system default QoS policy is used for egress processing. If no egress filter is defined, no filtering is performed.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

• configure service ies subscriber-interface group-interface sap egress
• configure service vprn subscriber-interface group-interface sap egress

All

• configure service ies interface sap egress
• configure service vpls sap egress

Context

[Tree] (config>service>vpls>sap egress)

Full Context

configure service vpls sap egress

Description

Commands in this context configure egress filter policies.

If no sap-egress QoS policy is defined, the system default sap-egress QoS policy is used for egress processing. If no egress filter is defined, no filtering is performed.

Platforms

All

Context

[Tree] (config>service>vpls>spoke-sdp egress)

[Tree] (config>service>ies>if>spoke-sdp egress)

[Tree] (config>service>vpls>mesh-sdp egress)

[Tree] (config>service>ies>red-if>spoke-sdp egress)

Full Context

configure service vpls spoke-sdp egress

configure service ies interface spoke-sdp egress

configure service vpls mesh-sdp egress

configure service ies redundant-interface spoke-sdp egress

Description

Commands in this context configure egress SDP parameters.

Platforms

All

• configure service vpls spoke-sdp egress
• configure service vpls mesh-sdp egress
• configure service ies interface spoke-sdp egress

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

• configure service ies redundant-interface spoke-sdp egress

Context

[Tree] (config>port>ethernet>access egress)

[Tree] (config>port>ethernet>network egress)

Full Context

configure port ethernet access egress

configure port ethernet network egress

Description

This command configures Ethernet access egress port parameters.

Platforms

All

Context

[Tree] (config>service>ies>sub-if>grp-if>wlan-gw egress)

Full Context

configure service ies subscriber-interface group-interface wlan-gw egress

Description

Commands in this context configure egress QoS parameters for wlan-gw tunnels.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>port>network egress)

[Tree] (config>card>mda>network egress)

[Tree] (config>port>access egress)

[Tree] (config>card>mda>access egress)

Full Context

configure port network egress

configure card mda network egress

configure port access egress

configure card mda access egress

Description

Commands in this context configure egress buffer pool parameters which define the percentage of the pool buffers that are used for CBS calculations and specify the slope policy that is configured in the config>qos>slope-policy context.

On the MDA level, network and access egress pools are only allocated on channelized MDAs.

Platforms

All

Context

[Tree] (config>card>fp egress)

Full Context

configure card fp egress

Description

This command enables access to the egress fp CLI context.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>port>ethernet egress)

Full Context

configure port ethernet egress

Description

This command configures Ethernet egress port parameters.

Platforms

All

Context

[Tree] (config>service>sdp>binding>pw-port egress)

Full Context

configure service sdp binding pw-port egress

Description

Commands in this context configure PW port egress side parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>service>cpipe>sap egress)

[Tree] (config>service>ipipe>sap egress)

[Tree] (config>service>epipe>sap egress)

Full Context

configure service cpipe sap egress

configure service ipipe sap egress

configure service epipe sap egress

Description

Commands in this context configure egress SAP parameters.

If no sap-egress QoS policy is defined, the system default sap-egress QoS policy is used for egress processing.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

• configure service cpipe sap egress

All

• configure service ipipe sap egress
• configure service epipe sap egress

Context

[Tree] (config>service>cpipe>spoke-sdp egress)

[Tree] (config>service>epipe>spoke-sdp egress)

[Tree] (config>service>ipipe>spoke-sdp egress)

Full Context

configure service cpipe spoke-sdp egress

configure service epipe spoke-sdp egress

configure service ipipe spoke-sdp egress

Description

This command configures the egress SDP context.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

• configure service cpipe spoke-sdp egress

All

• configure service ipipe spoke-sdp egress
• configure service epipe spoke-sdp egress

Context

[Tree] (config>service>epipe>pw-port egress)

Full Context

configure service epipe pw-port egress

Description

Commands in this context configure PW-port egress-side parameters

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>service>template>epipe-sap-template egress)

Full Context

configure service template epipe-sap-template egress

Description

Commands in this context configure egress filter policies.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>ies>aarp-interface>spoke-sdp egress)

Full Context

configure service ies aarp-interface spoke-sdp egress

Description

Commands in this context configure the egress for a spoke SDP.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>ies>if>vpls egress)

Full Context

configure service ies interface vpls egress

Description

The egress node under the vpls binding is used to define the optional sap-egress QoS policy that will be used for reclassifying the egress forwarding class or profile for routed packets associated with the IP interface on the attached VPLS or I-VPLS service context.

Platforms

All

Context

[Tree] (config>service>vprn>aarp-interface>spoke-sdp egress)

Full Context

configure service vprn aarp-interface spoke-sdp egress

Description

Commands in this context configure the egress for a spoke SDP.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vprn>nw-if egress)

Full Context

configure service vprn network-interface egress

Description

Commands in this context configure egress network filter policies for the interface.

Platforms

All

Context

[Tree] (config>service>vprn>if>sap egress)

Full Context

configure service vprn interface sap egress

Description

Commands in this context configure egress SAP Quality of Service (QoS) policies and filter policies.

If no sap-egress QoS policy is defined, the system default sap-egress QoS policy is used for egress processing. If no egress filter is defined, no filtering is performed.

Platforms

All

Context

[Tree] (config>service>vprn>if>vpls egress)

Full Context

configure service vprn interface vpls egress

Description

The egress node under the vpls binding is used to define the optional sap-egress QoS policy that will be used for reclassifying the egress forwarding class or profile for routed packets associated with the IP interface on the attached VPLS service context.

Platforms

All

Context

[Tree] (config>service>vprn>network-interface egress)

Full Context

configure service vprn network-interface egress

Description

Commands in this context configure egress network filter policies for the interface.

Platforms

All

Context

[Tree] (config>service>ies>aa-interface>sap egress)

[Tree] (config>service>vprn>aa-interface>sap egress)

Full Context

configure service ies aa-interface sap egress

configure service vprn aa-interface sap egress

Description

Commands in this context configure egress parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>isa>aa-grp>qos egress)

Full Context

configure isa application-assurance-group qos egress

Description

Commands in this context configure IOM port-level Quality of Service for this application assurance group in the egress direction (traffic entering an application assurance engine).

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>ies>video-interface>video-sap egress)

[Tree] (config>service>vprn>video-interface>video-sap egress)

Full Context

configure service ies video-interface video-sap egress

configure service vprn video-interface video-sap egress

Description

Commands in this context configure egress parameters for the service’s video SAP.

Platforms

7450 ESS, 7750 SR, 7750 SR-s

Context

[Tree] (config>mirror>mirror-dest>spoke-sdp egress)

[Tree] (config>mirror>mirror-dest>remote-src>spoke-sdp egress)

Full Context

configure mirror mirror-dest spoke-sdp egress

configure mirror mirror-dest remote-source spoke-sdp egress

Description

Commands in this context configure spoke SDP egress parameters.

Platforms

All

Context

[Tree] (config>mirror>mirror-dest>sap egress)

Full Context

configure mirror mirror-dest sap egress

Description

This command enables access to the context to associate an egress SAP Quality of Service (QoS) policy with a mirror destination SAP.

If no QoS policy is defined, the system default SAP egress QoS policy is used for egress processing.

Platforms

All

Context

[Tree] (config>qos>network egress)

Full Context

configure qos network egress

Description

This command is used to enter the CLI node that creates or edits egress policy entries that specify the forwarding class queues to be instantiated when this policy is applied to the network port.

The forwarding class and profile state mapping to in- and out-of-profile DiffServ Code Points (DSCPs), dot1p, and MPLS EXP bits mapping for all labeled packets are also defined in this context.

All service packets are aggregated into DiffServ-based egress queues on the network interface. The service packets are transported either with IP GRE encapsulation or over a MPLS LSP. The exception is with the IES service. In this case, the actual customer IP header has the DSCP field mapped.

All out-of-profile service packets are marked with the corresponding out-of-profile DSCP, dot1p, or the EXP bit value at network egress. All the in-profile service ingress packets are marked with the corresponding in-profile DSCP, dot1p, or EXP bit value based on the forwarding class to which they belong. The exceed-profile traffic is marked with the same value as out-of-profile traffic and the inplus-profile traffic is marked with the same value as in-profile traffic.

Platforms

All

Context

[Tree] (config>qos>queue-group-templates egress)

Full Context

configure qos queue-group-templates egress

Description

Commands in this context configure QoS egress queue groups. Egress queue group templates can be applied to egress Ethernet ports to create an egress queue group.

Platforms

All

Context

[Tree] (config>router>if egress)

Full Context

configure router interface egress

Description

This command enables access to the context to configure egress network filter policies for the IP interface. If an egress filter is not defined, no filtering is performed.

Platforms

All

Context

[Tree] (config>service>cust>multi-service-site egress)

Full Context

configure service customer multi-service-site egress

Description

Commands in this context configure the egress node associate an existing scheduler policy name with the customer site. The egress node is an entity to associate commands that complement the association.

Platforms

All

Context

[Tree] (config>service>pw-template egress)

Full Context

configure service pw-template egress

Description

Commands in this context configure spoke SDP binding egress filter parameters.

Platforms

All

Context

[Tree] (config>subscr-mgmt>sub-prof egress)

Full Context

configure subscriber-mgmt sub-profile egress

Description

Commands in this context configure subscriber profile egress setting parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (configure>port>transceiver>optical-line-system egress-amplifier-gain)

Full Context

configure port transceiver optical-line-system egress-amplifier-gain

Description

This command configures the gain for the egress amplifier.

The no form of this command sets the gain for the egress amplifier to the default.

Default

no egress-amplifier-gain

Parameters

egress-amplifier-gain

Specifies the gain for the amplifier in decibels.

Values

0 to 25.00 dB

Default

25.00 dB

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>sflow egress-counter-map)

Full Context

configure sflow egress-counter-map

Description

This command configures the egress counter map for sFlow. The map must be configured so sFlow agent understands how to interpret data collected against SAP queues and policers. Multiple queues and policers can be mapped to the same traffic-type using separate line entries.

The no form of this command deletes a SAP policy queue/policer from the map.

Parameters

policer-id

Specifies the policer ID in a SAP egress QoS policy. If the SAP policy does not have a policer with the specified ID, the map entry will be ignored for this SAP.

Values

1 to 8

queue-id

Specifies the queue ID in a SAP egress QoS policy. If the SAP policy does not have a queue with the specified ID, the map entry will be ignored for this SAP.

Values

1 to 8

Platforms

7750 SR, 7750 SR-s, 7950 XRS

Context

[Tree] (config>router>bgp>group egress-engineering)

[Tree] (config>router>bgp>group>neighbor egress-engineering)

Full Context

configure router bgp group egress-engineering

configure router bgp group neighbor egress-engineering

Description

Commands in this context configure egress engineering on a specific neighbor or all neighbors in a BGP group.

If egress engineering is not configured in the neighbor context, the configuration is inherited from the group context.

The no form of this command removes the egress engineering configuration.

Default

no egress-engineering

Platforms

All

Context

[Tree] (config>qos>sap-ingress>fc egress-fc)

Full Context

configure qos sap-ingress fc egress-fc

Description

This command configures the forwarding class to be used by the egress QoS processing. It overrides the forwarding class determined by ingress classification but not the QoS Policy Propagation via BGP.

The forwarding class or forwarding subclass can be overridden.

The new egress forwarding class is applicable to both SAP egress and network egress.

Default

no egress-fc

Parameters

fc-name

Specifies the forwarding class name to be used by the egress QoS processing.

Values

be, l2, af, l1, h2, ef, h1, nc

Platforms

All

Context

[Tree] (config>subscr-mgmt>cat-map>category>exh-lvl egress-ip-filter-entries)

Full Context

configure subscriber-mgmt category-map category exhausted-credit-service-level egress-ip-filter-entries

Description

Commands in this context configure the egress IP filter parameters.

The no form of this command reverts to the default.

Default

egress-ip-filter-entries

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>cat-map>category>exh-lvl egress-ipv6-filter-entries)

Full Context

configure subscriber-mgmt category-map category exhausted-credit-service-level egress-ipv6-filter-entries

Description

Commands in this context configure the egress IPv6 filter parameters.

The no form of this command reverts to the default.

Default

egress-ipv6-filter-entries

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>filter>ip-filter>entry egress-pbr)

[Tree] (config>filter>ipv6-filter>entry egress-pbr)

Full Context

configure filter ip-filter entry egress-pbr

configure filter ipv6-filter entry egress-pbr

Description

This command specifies that the configured PBR action is applicable to egress processing. The command should only be enabled in ACL policies used by residential subscribers. Enabling egress-pbr on filters not deployed for residential subscribers is not blocked but may lead to unexpected behavior and should be avoided.

The no form of this command removes the egress-pbr designation of the filter entry's action.

Default

no egress-pbr

Parameters

default-load-balancing

Sets load-balancing to the default (hash based on SA/DA of the packet).

l4-load-balancing

Includes TCP/UDP port (if available) in the hash.

Platforms

All

Context

[Tree] (config>router>bgp egress-peer-engineering)

Full Context

configure router bgp egress-peer-engineering

Description

Commands in this context configure EPE parameters in BGP.

The no form of this command removes the EPE parameters from the BGP context.

Default

no egress-peer-engineering

Platforms

All

Context

[Tree] (config>router>bgp>group>neighbor egress-peer-engineering-label-unicast)

[Tree] (config>router>bgp>group egress-peer-engineering-label-unicast)

Full Context

configure router bgp group neighbor egress-peer-engineering-label-unicast

configure router bgp group egress-peer-engineering-label-unicast

Description

This command enables the generation of a label-unicast route for each /32 or /128 prefix that corresponds to the BGP neighbor or group address in the scope of the command. These routes can be advertised to other routers to recursively resolve unlabeled BGP routes for AS external destinations. They support the Egress Peer Engineering (EPE) use case.

The no form of this command disables the generation of EPE label-unicast routes.

Default

no egress-peer-engineering-label-unicast

Platforms

All

Context

[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>dsm egress-policer)

[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>dsm egress-policer)

Full Context

configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range distributed-sub-mgmt egress-policer

configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range distributed-sub-mgmt egress-policer

Description

This command specifies the egress policer applied to all UEs corresponding to default vlan-range (such as, group-interface) or the specified vlan-range. The policer can be created in the config>subscr-mgmt>isa-policer context. The egress policer can be overridden per UE from RADIUS via access-accept or COA.

The no form of this command reverts to the default.

Parameters

policer-name

Specifies the identifier of the distributed-sub-mgmt policer for egress traffic up to 256 characters.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>port>ethernet>network egress-port-queue-overrides)

Full Context

configure port ethernet network egress-port-queue-overrides

Description

Commands in this context configure Ethernet network egress port queue override parameters.

Platforms

All

Context

[Tree] (config>port>ethernet egress-rate)

Full Context

configure port ethernet egress-rate

Description

This command configures the rate of traffic leaving the network. The configured sub-rate uses packet-based accounting. An event log is generated each time the egress rate is modified unless the port is part of a LAG.

The no form of this command returns the value to the default.

Default

no egress-rate

Parameters

sub-rate

Specifies the egress rate in kb/s.

Values

1 to 100000000

Platforms

All

Context

[Tree] (config>subscr-mgmt>trk-plcy egress-rate-modify)

Full Context

configure subscriber-mgmt host-tracking-policy egress-rate-modify

Description

This command specifies the egress-rate modification that is to be applied.

The no form of this command reverts to the default value.

Parameters

agg-rate-limit

Specifies to use the egress rate limit.

scheduler-name

Specifies the scheduler name up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>igmp-policy egress-rate-modify)

Full Context

configure subscriber-mgmt igmp-policy egress-rate-modify

Description

This command is used to apply HQoS Adjustment to a subscriber. HQoS Adjustment is needed when multicast traffic flow for the subscriber is dissociated from subscriber host queues. Multicast redirection is typical such case although it can be applied in direct IPoE subscriber per-sap replication mode.

The channel bandwidth definition policy is defined in the mcac policy under the config>router>mcac>policy context. The policy is applied under the redirected interface or under the group-interface.

In order for HQoS Adjustment to take effect, sub-mcac-policy must be in a no shutdown mode and applied under the sub-profile even if mcac is not deployed.

The no form of this command reverts to the default value.

Parameters

agg-rate-limit

Specifies the aggregate14 rate modification to be applied. The subscriber’s bandwidth is capped via the agg-rate-limit command in the sub-profile or with a Change of Authorization (CoA) request. This bandwidth cap is dynamically adjusted according to the multicast channel definition and channel association with the host via IGMP.

scheduler-name

Specifies the schedule name. The subscriber’s bandwidth is capped via the scheduling-policy in the sub-profile or with a Change of Authorization (CoA) request. HQoS Adjustment will modify the rate of the scheduler defined in the scheduling policy or configured via CoA.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>mld-policy egress-rate-modify)

Full Context

configure subscriber-mgmt mld-policy egress-rate-modify

Description

This command configures the egress rate modification.

The no form of this command removes the values from the configuration.

Parameters

agg-rate-limit

Specifies that the maximum total rate for all subscriber egress queues for each subscriber associated with the policy.

scheduler-name

Specifies the scheduler to be applied for egress rate modification.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>port>ethernet>access>egress>vport egress-rate-modify)

Full Context

configure port ethernet access egress vport egress-rate-modify

Description

This command applies HQoS Adjustment to a Vport. HQoS Adjustment refers to the dynamic adjustment of the rate limit at an QoS enforcement point within a Nokia router when the multicast traffic stream is disjointed from the unicast traffic stream. This QoS enforcement point within the router represents the physical point further down in the access part of the network where the two streams join each other and potentially can cause congestion.

An example would be a PON port which is shared amongst subscriber’s multicast traffic (single copy of each channel) and subscriber’s unicast traffic. The bandwidth control point for this PON port resides in the upstream Nokia BNG node in the form of a Vport. In the case where the multicast delivery method of the BNG utilizes redirection, the multicast traffic in the BNG will flow outside of the subscriber or the Vport context and thus will bypass any bandwidth enforcement in the Nokia router. To correct this, a Vport bandwidth adjustment is necessary in the router that will account for the multicast bandwidth consumption that is bypassing Vport in the router but is present in the PON port whose bandwidth is controlled by Vport.

An estimate of the multicast bandwidth consumption on the PON port can be made at the Vport level based on the IGMP messages sourced from the subscribers behind the PON port. This process is called HQoS Adjustment.

A multicast channel bandwidth is subtracted from or added to the Vport rate limit according to the received IGMP Join/Leave messages and the channel bandwidth definition policy associated with the Vport (indirectly through a group-interface). Since the multicast traffic on the PON port is shared amongst subscribers behind this PON port, only the first IGMP Join or the last IGMP Leave per multicast channel is tracked for the purpose of the Vport bandwidth modification.

The Vport rate that will be affected by this functionality depends on the configuration:

• In case the agg-rate within the Vport is configured, its value will be modified based on the IGMP activity associated with the subscriber under this Vport.

• In case the port-scheduler-policy within the Vport is referenced, the max-rate defined in the corresponding port-scheduler-policy will be modified based on the IGMP activity associated with the subscriber under this Vport.

The channel bandwidth definition policy is defined in the mcac policy in the config>router>mcac>policy context. The policy is applied under the group-interface or in case of redirection under the redirected-interface.

The rates in effect can be displayed with the following two commands:

show port 1/1/5 vport name
qos scheduler-hierarchy port port-id vport vport-name

The configuration of a scheduler policy under a Vport, which is only applicable to Ethernet interfaces, is mutually exclusive with the configuration of the egress-rate-modify parameter.

Context: HQoS Adjustment for Vport is disabled.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>port>tdm>e1>channel-group egress-scheduler-override)

[Tree] (config>port>ethernet egress-scheduler-override)

[Tree] (config>port>tdm>ds1>channel-group egress-scheduler-override)

[Tree] (config>port>sonet-sdh>path egress-scheduler-override)

[Tree] (config>port>tdm>ds3 egress-scheduler-override)

[Tree] (config>port>tdm>e3 egress-scheduler-override)

Full Context

configure port tdm e1 channel-group egress-scheduler-override

configure port ethernet egress-scheduler-override

configure port tdm ds1 channel-group egress-scheduler-override

configure port sonet-sdh path egress-scheduler-override

configure port tdm ds3 egress-scheduler-override

configure port tdm e3 egress-scheduler-override

Description

This command applies egress scheduler overrides. When a port scheduler is associated with an egress port, it is possible to override the following parameters:

• The max-rate allowed for the scheduler.

• The maximum rate for each priority level 8 through 1.

• The CIR associated with each priority level 8 through 1.

See the 7450 ESS, 7750 SR, 7950 XRS, and VSR Quality of Service Guide for command syntax and usage for the port-scheduler-policy command.

The no form of this command removes all override parameters from the egress port or channel scheduler context. Once removed, the port scheduler reverts all rate parameters back to the parameters defined on the port-scheduler-policy associated with the port.

Parameters

create

Mandatory while creating an entry.

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e

• configure port tdm e3 egress-scheduler-override
• configure port tdm e1 channel-group egress-scheduler-override
• configure port tdm ds3 egress-scheduler-override
• configure port tdm ds1 channel-group egress-scheduler-override

All

• configure port ethernet egress-scheduler-override

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

• configure port sonet-sdh path egress-scheduler-override

Context

[Tree] (config>port-policy egress-scheduler-policy)

Full Context

configure port-policy egress-scheduler-policy

Description

This command references a port scheduler policy that is defined under the config>qos>port-scheduler-policy> hierarchy. Port schedulers are instantiated on carrier IOMs towards all ISAs that are part of the lns-group.

The no form of the command removes the port scheduler policy from the configuration.

Default

no egress-scheduler-policy

Parameters

port-sched-plcy

Specifies the egress scheduler policy, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>port>ethernet egress-scheduler-policy)

[Tree] (config>port>tdm>ds1>channel-group egress-scheduler-policy)

[Tree] (config>port>sonet-sdh>path egress-scheduler-policy)

[Tree] (config>port>tdm>e1>channel-group egress-scheduler-policy)

[Tree] (config>port>tdm>ds3 egress-scheduler-policy)

[Tree] (config>port>tdm>e3 egress-scheduler-policy)

Full Context

configure port ethernet egress-scheduler-policy

configure port tdm ds1 channel-group egress-scheduler-policy

configure port sonet-sdh path egress-scheduler-policy

configure port tdm e1 channel-group egress-scheduler-policy

configure port tdm ds3 egress-scheduler-policy

configure port tdm e3 egress-scheduler-policy

Description

This command enables the provisioning of an existing port-scheduler-policy to a port or channel.

The egress-scheduler-override node allows for the definition of the scheduler overrides for a specific port or channel.

When a port scheduler is active on a port or channel, all queues and intermediate service schedulers on the port are subject to receiving bandwidth from the scheduler. Any policers, queues, or schedulers with port-parent associations are mapped to the appropriate port priority levels based on the port-parent command parameters. Any policers, queues, or schedulers that do not have a port-parent or valid intermediate scheduler parent defined are treated as orphaned and are handled based on the port scheduler policies default or explicit orphan behavior.

The port scheduler maximum rate and priority level rate parameters may be overridden to allow unique values separate from the port-scheduler-policy-name attached to the port or channel. Use the egress-scheduler-override command to specify the port or channel specific scheduling parameters.

The no form of this command removes a port scheduler policy from an egress port or channel. Once the scheduler policy is removed, all orphaned policers, queues, and schedulers revert to a free running state governed only by the local queue or scheduler parameters. This includes any queues or schedulers with a port-parent association.

Parameters

port-scheduler-policy-name

Specifies an existing port-scheduler-policy configured in the config>qos context. The name can be up to 32 characters.

Platforms

All

• configure port ethernet egress-scheduler-policy

7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e

• configure port tdm ds1 channel-group egress-scheduler-policy
• configure port tdm e1 channel-group egress-scheduler-policy
• configure port tdm ds3 egress-scheduler-policy
• configure port tdm e3 egress-scheduler-policy

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

• configure port sonet-sdh path egress-scheduler-policy

Context

[Tree] (config>router>ldp egress-statistics)

Full Context

configure router ldp egress-statistics

Description

Commands in this context enter the LDP FEC prefix for the purpose of enabling egress data path statistics at the ingress LER for this FEC.

Platforms

All

Context

[Tree] (config>router>mpls>lsp-template egress-statistics)

[Tree] (config>router>mpls>lsp egress-statistics)

Full Context

configure router mpls lsp-template egress-statistics

configure router mpls lsp egress-statistics

Description

This command configures statistics in the egress data path of an originating LSP at a head-end node. The user must execute the no shutdown for this command to effectively enable statistics.

The same set of counters is updated for packets forwarded over any path of the RSVP-TE LSP and over the lifetime of the LSP. In steady state, the counters are updated for packets forwarded over the active path of the LSP. The active path can be the primary path, one of the secondary paths, the FRR detour path, or the FRR bypass path when the head-end node is also the PLR.

For SR-TE LSPs, egress statistics are collected independently for each path (primary, backup standby or not), and are preserved on switchover (except for non-standby).

LSP egress statistics are collected if the head-end node is also the Penultimate-Popping Hop (PHP) node for a single-hop LSP using an implicit null egress label.

RSVP-TE LSP statistics are not collected on a dynamic or a static bypass tunnel itself.

Statistics collection on two labels of the stack is possible. Please refer to config>system>ip>mpls>label-stack-statistics-count.

The no form of this command disables the statistics in the egress data path and removes the accounting policy association from the LSP.

Default

no egress-statistics

Platforms

All

Context

[Tree] (config>router>mpls>fwd-policies>fwd-policy egress-statistics)

Full Context

configure router mpls forwarding-policies forwarding-policy egress-statistics

Description

This command configures egress statistics in an MPLS forwarding policy.

The no form of this command removes any egress statistics in a forwarding policy.

Default

no egress-statistics

Platforms

All

Context

[Tree] (config>router>ospf>segm-rtng egress-statistics)

[Tree] (config>router>isis>segm-rtng egress-statistics)

[Tree] (config>router>ospf3>segm-rtng egress-statistics)

Full Context

configure router ospf segment-routing egress-statistics

configure router isis segment-routing egress-statistics

configure router ospf3 segment-routing egress-statistics

Description

Commands in this context configure the egress statistics for IGP SIDs.

Platforms

All

Context

[Tree] (config>router>segment-routing>sr-policies egress-statistics)

Full Context

configure router segment-routing sr-policies egress-statistics

Description

This command administratively enables the collection of egress traffic statistics for all segment routing policies.

The no form of this command disables egress traffic statistics collection for all segment routing policies.

Default

no egress-statistics

Platforms

All

Context

[Tree] (config>router>policy-options>policy-statement>default-action egress-statistics)

[Tree] (config>router>policy-options>policy-statement>entry>action egress-statistics)

Full Context

configure router policy-options policy-statement default-action egress-statistics

configure router policy-options policy-statement entry action egress-statistics

Description

This command enables the allocation of statistical indexes to BGP-LU route entries that are programmed on an egress data path.

The no form of this command disables the allocation of statistical indexes to BGP-LU entries.

Default

no egress-statistics

Platforms

All

Context

[Tree] (config>card>mda egress-xpl)

Full Context

configure card mda egress-xpl

Description

Commands in this context configure egress-xpl settings used by the fail-on-error feature.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>service>vprn>bgp eibgp-loadbalance)

Full Context

configure service vprn bgp eibgp-loadbalance

Description

This command enables eiBGP load sharing so routes with both MP-BGP and IPv4 next-hops can be used simultaneously.

In order for this command to be effective, the ecmp and multipath commands for the associated VPRN instance must also be configured to allow for multiple routes to the same destination.

The no form of this command used at the global level reverts to default values.

Default

no eibgp-loadbalance

Platforms

All

Context

[Tree] (config>system>load-balancing eler-enh-load-balancing)

Full Context

configure system load-balancing eler-enh-load-balancing

Description

This command enables load balancing of non-IP traffic ingressing at the eLER based on the outer MPLS label stack. When this command is enabled, the eLER load-balances the incoming traffic using one of the following options:

• the entropy label if EL/ELI is present
• the hash label (BoS) if the hash label is present in the MPLS label stack

If both the hash label and EL/ELI are present, the eLER load-balances the incoming traffic using the hash label in the MPLS label stack.

The no form of this command disables load balancing based on the outer MPLS label stack.

Default

no eler-enh-load-balancing

Platforms

All

Context

[Tree] (config>port>gnss elevation-mask-angle)

Full Context

configure port gnss elevation-mask-angle

Description

This command configures the elevation mask angle, which provides a method of filtering satellites used by the system. This command is supported on platforms that have one or more embedded GNSS receivers.

Satellites with low elevation may provide degraded accuracy because of the long signal path through the atmosphere. Signals from satellites below the configured minimum satellite elevation are not used.

Default

10

Parameters

degrees

Specifies the elevation mask angle in degrees from the horizon.

Values

0 to 89

Platforms

7750 SR-1-24D, 7750 SR-1-46S, 7750 SR-1-48D, 7750 SR-1-92S, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-1se, 7750 SR-2se

Context

[Tree] (config>port>ethernet elmi)

Full Context

configure port ethernet elmi

Description

This command configures Ethernet Local Management Interface (E-LMI) parameters for the Ethernet port. E-LMI is only supported on Ethernet access ports with Dot1q encapsulation type.

Platforms

All

Context

[Tree] (config>filter>ip-filter embed-filter)

[Tree] (config>filter>ipv6-filter embed-filter)

Full Context

configure filter ip-filter embed-filter

configure filter ipv6-filter embed-filter

Description

This command embeds a previously defined IPv4, IPv6, or MAC embedded filter policy or Hybrid OpenFlow switch instance into this exclusive, template, or system filter policy at the specified offset value. Rules derived from the BGP FlowSpec can also be embedded into template filter policies only.

The embed-filter open-flow ofs-name form of this command enables OpenFlow (OF) in GRT either by embedding the specified OpenFlow switch (OFS) instance with switch-defined-cookie disabled, or by embedding rules with sros-cookie:type "grt-cookie”, value 0, from the specified OFS instance with switch-defined-cookie enabled. The embedding filter can only be deployed in GRT context or be unassigned.

The embed-filter open-flow ofs-name system form of this command enables OF in system filters by embedding rules with sros-cookie:type "system-cookie”, value 0, from the specified OFS instance with switch-defined-cookie enabled. The embedding filter can only be of scope system.

The embed-filter open-flow ofs-name service {service-id | service-name} form of this command enables OF in VPRN/VPLS filters by embedding rules with sros-cookie:type "service-cookie”, value service-id, from the specified OFS instance with switch-defined-cookie enabled—per service rules. The embedding filter can only be deployed in the specified VPRN/VPLS service. A single VPLS service can only support OF rules per SAP or per service.

The embed-filter open-flow ofs-name sap sap-id form of this command enables OF in VPLS SAP filters by embedding rules with sros-cookie:type "service-cookie”, value service-id and flow match conditions specifying the sap-id from the specified OFS instance with switch-defined-cookie enabled—per SAP OF rules. The embedding filter must be of type exclusive and can only be deployed on the specified SAP in the context of the specified VPLS service. A single VPLS service can only support OF rules per SAP or per service.

The no embed-filter open-flow ofs-name form of this command removes the OF embedding for the GRT context.

The embed-filter flowspec form of this command enables the embedding of rules derived from BGP FlowSpec routes into the filter policy that is being configured. The optional group parameter specifies that only FlowSpec routes tagged with an interface-set extended community containing this group ID should be selected for embedding. The optional router parameter specifies the routing instance source of the BGP FlowSpec routes; if the parameter is not specified, the routing instance is derived automatically from the context in which the filter policy is applied.

The no embed-filter flowspec form of this command removes the FlowSpec filter embedding from this filter policy.

The no embed-filter filter-id form of this command removes the embedding from this filter policy.

See the description of embedded filter policies in this guide for further operational details.

Parameters

ip-filter-id

Specifies a previously defined IPv4 policy for embedding in this filter.

ipv6-filter-id

Specifies a previously defined IPv6 policy for embedding in this filter.

offset

Specifies that an embedded filter entry X will have an entry X + offset in the embedding filter.

Values

0 to 2097151

Default

0

active

Specifies that embedded filter entries are to be included in this embedding filter policy and activated on applicable line cards—default if no keyword is specified and omitted from info command output (but not info detail), or when saving the configuration.

inactive

Specifies that no embedded filter policy entries are to be included in this embedding filter policy. The embedding is configured but will not do anything.

flowspec

This keyword indicates that rules derived from BGP FlowSpec routes should be embedded into (or removed from, in case of the no form) the filter.

group-id

Specifies that only FlowSpec routes with an interface-set extended community with this value of group-id should be selected for embedding.

Values

0 to 16383

router-instance

Specifies a router instance.

vprn-service-name

Specifies the VPRN service name used for embedding FlowSpec rules.

open-flow

Indicates that rules derived from OpenFlow should be embedded into (or removed from, in case of the no form) the filter.

ofs-name

Specifies the name of the currently configured Hybrid OpenFlow Switch (OFS) instance.

Not including the system, service or sap parameters will specify OF in a GRT instance context by default. This allows embedding of OF rules into filters deployed in GRT instances from OFS with switch-defined-cookie disabled, or embedding rules from OFS with switch-defined-cookie enabled, when the FlowTable cookie encodes sros-cookie:type "grt-cookie”.

system

Used for OF control of system filters. Allows embedding of OF rules into system filters from OFS with switch-defined-cookie enabled. Only the rules with cookie value encoding "system-cookie” are embedded.

service-id

Specifies an existing VPRN or VPLS service ID that the embedding filter can be used for.

service-name — Specifies an existing VPRN or VPLS service name that the embedding filter can be used for.

Values

1 to 2147483647

service-name

Specifies an existing VPRN or VPLS service name up to 64 characters that the embedding filter can be used for.

sap-id

Used for OF control of VPLS services when a PortID and VLAN ID match is required. Allows embedding of OF rules with a PortID and VLAN ID match into exclusive VPLS SAP filters. Only the rules with cookie value encoding the VPLS service, and flow table match encoding the specified SAP, are embedded into the filter. The embedding filter can only be deployed in the context of the specified SAP.

sap-id — Specifies an existing SAP that the embedding filter can be used for.

Platforms

All

Context

[Tree] (config>service>vprn>pim>rp>ipv6 embedded-rp)

Full Context

configure service vprn pim rp ipv6 embedded-rp

Description

This command enables context to configure IPv6 embedded RP parameters.

Platforms

All

Context

[Tree] (config>router>pim>rp>ipv6 embedded-rp)

Full Context

configure router pim rp ipv6 embedded-rp

Description

Commands in this context configure embedded RP parameters.

Embedded RP is required to support IPv6 inter-domain multicast because there is no MSDP equivalent in IPv6.

The detailed protocol specification is defined in RFC 3956, Embedding the Rendezvous Point (RP) Address in an IPv6 Multicast Address. This RFC describes a multicast address allocation policy in which the address of the RP is encoded in the IPv6 multicast group address, and specifies a PIM-SM group-to-RP mapping to use the encoding, leveraging, and extending unicast-prefix-based addressing. This mechanism not only provides a simple solution for IPv6 inter-domain ASM but can be used as a simple solution for IPv6 intra-domain ASM with scoped multicast addresses as well. It can also be used as an automatic RP discovery mechanism in those deployment scenarios that would have previously used the Bootstrap Router protocol (BSR).

The no form of this command disables embedded RP.

Platforms

All

Context

[Tree] (config>service>vprn>sub-if>ipv6>dhcp6>proxy emulated-server)

[Tree] (config>service>ies>if>dhcp>proxy-server emulated-server)

[Tree] (config>service>vprn>sub-if>grp-if>dhcp>proxy-server emulated-server)

[Tree] (config>service>vprn>sub-if>grp-if>ipv6>dhcp6>proxy-server emulated-server)

[Tree] (config>subscr-mgmt>msap-policy>vpls-only>dhcp>proxy emulated-server)

[Tree] (config>service>vpls>sap>dhcp>proxy-server emulated-server)

[Tree] (config>service>ies>sub-if>grp-if>dhcp>proxy-server emulated-server)

[Tree] (config>service>vprn>if>dhcp>proxy-server emulated-server)

Full Context

configure service vprn subscriber-interface ipv6 dhcp6 proxy emulated-server

configure service ies interface dhcp proxy-server emulated-server

configure service vprn subscriber-interface group-interface dhcp proxy-server emulated-server

configure service vprn subscriber-interface group-interface ipv6 dhcp6 proxy-server emulated-server

configure subscriber-mgmt msap-policy vpls-only-sap-parameters dhcp proxy-server emulated-server

configure service vpls sap dhcp proxy-server emulated-server

configure service ies subscriber-interface group-interface dhcp proxy-server emulated-server

configure service vprn interface dhcp proxy-server emulated-server

Description

This command configures the IP address which is used as the DHCP server address in the context of the SAP. Typically, the configured address should be in the context of the subnet represented by the service.

The no form of this command reverts to the default setting. The local proxy server will not become operational without the emulated-server address being specified.

The no form of this command reverts to the default.

Parameters

ip-address

Specifies the emulated server’s IP address. This address must be unique within the subnet and specified in dotted decimal notation. Allowed values are IP addresses in the range 1.0.0.0 – 223.255.255.255 (with support of /31 subnets).

Platforms

All

• configure service vprn interface dhcp proxy-server emulated-server
• configure service vpls sap dhcp proxy-server emulated-server
• configure service ies interface dhcp proxy-server emulated-server

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

• configure subscriber-mgmt msap-policy vpls-only-sap-parameters dhcp proxy-server emulated-server
• configure service ies subscriber-interface group-interface dhcp proxy-server emulated-server
• configure service vprn subscriber-interface group-interface ipv6 dhcp6 proxy-server emulated-server
• configure service vprn subscriber-interface group-interface dhcp proxy-server emulated-server

Context

[Tree] (config>port>access>ingress>pool>monitor-depth enable)

[Tree] (config>card>fp>ingress>network>pool>monitor-depth enable)

[Tree] (config>port>access>egress>pool>monitor-depth enable)

[Tree] (config>port>network>egress>pool>monitor-depth enable)

Full Context

configure port access ingress pool monitor-pool-depth enable

configure card fp ingress network pool monitor-pool-depth enable

configure port access egress pool monitor-pool-depth enable

configure port network egress pool monitor-pool-depth enable

Description

This command enables buffer pool monitoring.

The no form of this command disables buffer pool monitoring.

Default

no enable

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>app-assure>group>ip-id-asst>pos-app-id enable)

Full Context

configure application-assurance group ip-identification-assist positive-app-id enable

Description

This command configures the router to use the positive application identification mechanism. This mechanism causes the router to add the IP addresses of the global applications learned through AA analysis into the IP identification assist cache. The router uses the harvested IP addresses to build its internal application-IP database.

The no form of this command configures the router to use only DNS to harvest IP addresses.

Default

enable

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (enable-admin)

Full Context

enable-admin

Description

See the description for the admin-password command. If the admin-password is configured in the config>system>security>password context, then any user can enter a special administrative mode by entering the enable-admin command.

enable-admin is in the default profile. By default, all users are given access to this command.

Once the enable-admin command is entered, the user is prompted for a password. If the password matches, the user is given unrestricted access to all the commands.

The minimum length of the password is determined by the minimum-length command. The complexity requirements for the password are determined by the complexity command.

The following shows a password configuration example:

A:ALA-1>config>system>security# info
----------------------------------------------
...
            password
                aging 365
                minimum-length 8
                attempts 5 time 5 lockout 20
                admin-password "rUYUz9XMo6I" hash
            exit
...
----------------------------------------------
A:ALA-1>config>system>security#

There are two ways to verify that a user is in the enable-admin mode:

• show users — administrator can know which users are in this mode

• Enter the enable-admin command again at the root prompt and an error message will be returned.

*A:node-1# show users
===============================================================================
User                             Type      Login time           Idle time
  Session ID   From
===============================================================================
                                 Console         --             3d 10:16:12 --
  6            --
admin                            SSHv2     12OCT2018 20:44:15   0d 00:00:00 A-
 #83           192.168.0.10
admin                            SSHv2     12OCT2018 21:09:25   0d 00:05:10 --
  84           192.168.0.10
-------------------------------------------------------------------------------
Number of users: 2
'#' indicates the current active session
'A' indicates user is in admin mode
===============================================================================
*A:node-1# enable-admin
MINOR: CLI Already in admin mode.
*A:node-1#

Platforms

All

Context

[Tree] (config>system>security>password enable-admin-control)

Full Context

configure system security password enable-admin-control

Description

Enable the user to become a system administrator.

Platforms

All

Context

[Tree] (config>service>vprn>mvpn>pt>selective enable-asm-mdt)

Full Context

configure service vprn mvpn provider-tunnel selective enable-asm-mdt

Description

This command enables Data MDT with PIM-ASM mode on the receiver PE node. PIM-ASM or PIM-SSM operation mode is derived based on the locally configured SSM range on the node.

If asm-mode is disabled using this command, then PIM-SSM mode is enabled for all groups, independent of the configured SSM range on the node.

Platforms

All

Context

[Tree] (config>service>vprn>mvpn>pt>inclusive>rsvp enable-bfd-leaf)

Full Context

configure service vprn mvpn provider-tunnel inclusive rsvp enable-bfd-leaf

Description

This command enables unidirectional multi-point BFD session on a receiver (leaf) PE node for upstream fast failure detection over RSVP-TE P2MP LSP.

Platforms

All

Context

[Tree] (configure>service>vprn>mvpn>provider-tunnel>inclusive>p2mp-sr enable-bfd-leaf)

Full Context

configure service vprn mvpn provider-tunnel inclusive p2mp-sr enable-bfd-leaf

Description

This command enables unidirectional multipoint BFD sessions on a receiver (leaf) PE node for upstream fast failure detection over P2MP SR tree LSP.

The no form of this command disables unidirectional multipoint BFD sessions.

Default

no enable-bfd-leaf

Platforms

All

Context

[Tree] (config>service>vprn>mvpn>pt>inclusive>rsvp enable-bfd-root)

Full Context

configure service vprn mvpn provider-tunnel inclusive rsvp enable-bfd-root

Description

This command enables unidirectional multi-point BFD session on a sender (Root) PE node for upstream fast failure detection over RSVP-TE P2MP LSP.

Parameters

transmit-interval

Sets the transmit interval, in milliseconds.

Values

10 to 100000

Default

100

multiplier

Sets the multiplier for the BFD session.

Values

3 to 20

Default

3

Platforms

All

Context

[Tree] (configure>service>vprn>mvpn>pt>inclusive>p2mp-sr enable-bfd-root)

Full Context

configure service vprn mvpn provider-tunnel inclusive p2mp-sr enable-bfd-root

Description

This command enables a unidirectional multi-point BFD session on a sender (Root) PE node for upstream fast failure detection over P2MP SR tree LSP. The node uses the multiplier and the transmit interval parameters to calculate the detection time, which is the period of time without receiving BFD packets after which the session failure is determined.

Default

no enable-bfd-root

Parameters

transmit-interval

Sets the transmit interval, in milliseconds.

Values

10 to 100000

Default

300

multiplier

Sets the multiplier for the transmit interval of the BFD session.

Values

3 to 20

Default

3

Platforms

All

Context

[Tree] (config>service>vprn enable-bgp-vpn-backup)

Full Context

configure service vprn enable-bgp-vpn-backup

Description

This command allows BGP-VPN routes imported into the VPRN to be used as backup paths for IPv4 or IPv6 BGP-learned prefixes.

Parameters

ipv4

Allows BGP-VPN routes to be used as backup paths for IPv4 prefixes.

ipv6

Allows BGP-VPN routes to be used as backup paths for IPv6 prefixes.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>system>satellite>eth-sat enable-console-access)

Full Context

configure system satellite eth-sat enable-console-access

Description

This command enables access to a satellite console interface for additional debugging purposes.

When configured through the 7750 SR, 7450 ESS, and 7950 XRS host CLI, the 7210 SAS console port is enabled to perform the debug function. Console commands are limited to specific show commands and no configuration or operational changes can be made using the 7210 console.

The no form of this command disables satellite console interface access.

Default

no enable-console-access

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>qos>sap-egress>policer enable-dscp-prec-remarking)

Full Context

configure qos sap-egress policer enable-dscp-prec-remarking

Description

This command enables DSCP/precedence remarking based on the profile state of a packet being forwarded by a SAP or subscriber egress policer. The DSCP/precedence can be remarked to a value independent of, or separately based on, the packet's profile, if the packet has an exceed, in-profile, or out-of-profile state.

Default

no enable-dscp-prec-remarking

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

Context

[Tree] (enable-dynamic-services-config)

Full Context

enable-dynamic-services-config

Description

If the dynsvc-password is configured in the config>system>security>password context, then any user can enter a special dynamic services configuration mode by entering the enable-dynamic-services-config command.

The enable-dynamic-services-config command is not in the default profile. To give access to this command, the user must belong to the administrative profile or a new profile should be created.

Once the enable-dynamic-services-config command is entered, the user is prompted for a password. If the password matches, the user is given access to the dynamic services configuration. Access to static configuration is in this case prohibited.

To verify that a user is in the enable-dynamic-services-config mode, use the show users command. Users in the enable-dynamic-services-config mode lists the letter "D” next to the user’s CLI session.

The no form of this command disables the dynamic services configuration mode for this user.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>qos>sap-egress>policer enable-exceed-pir)

Full Context

configure qos sap-egress policer enable-exceed-pir

Description

This command enables the forwarding of packets with an exceed-profile state and traffic exceeding the PIR for a SAP egress or a network egress queue group (configured in the egress queue group template) policer. This traffic is forwarded as exceed-profile instead of being dropped. This parameter is not supported when policers-hqos-manageable is configured in the SAP egress QoS policy.

Default

no enable-exceed-pir

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

Context

[Tree] (cfg>qos>qgrps>egr>qgrp>policer enable-exceed-pir)

Full Context

configure qos queue-group-templates egress queue-group policer enable-exceed-pir

Description

This command enables the forwarding of traffic exceeding the PIR for a SAP egress or a network egress queue group (configured in the egress queue group template) policer. This traffic is forwarded as exceed-profile instead of being dropped.

Default

no enable-exceed-pir

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

Context

[Tree] (config>oam-pm>session>ethernet>lmm enable-fc-collection)

Full Context

configure oam-pm session ethernet lmm enable-fc-collection

Description

This command enables the ETH-LMM test within the OAM-PM session to collect per-FC counters. This command must be used in combination with the collect-lmm-fc-stats command for the entity over which the source MEP is defined. The config>oam-pm>session>ethernet>priority value must match the numerical value that represents the FC name (7 = NC, 6 = H1, 5 = EF, 4 = H2, 3 = L1, 2 = AF, 1 = L2, 0 = BE).

The OAM-PM infrastructure does not validate that the proper counting mode has been configured on the entity that is linked to the source MEP, and does not validate that the FC and priority have been configured. The show>eth-cfm>collect-lmm-fc-stats command may be used to display the entities and the FCs on those entities that have established individual FC counters.

Sessions that launch from the same source MEP must use the same counting model; either collect-lmm-fc-stats for individual counters for the defined FCs, or collect-lmm-stats for a single all-encompassing counter.

Individual OAM-PM sessions must be configured if multiple Ethernet LMM tests are required for different FCs. Cross-session validation occurs to ensure that a source MEP does not include multiple tests that are using the same priority.

The no form of this command removes all previously defined FCs and stops counting for those FCs.

Platforms

All

Context

[Tree] (config>system>login-control>telnet enable-graceful-shutdown)

Full Context

configure system login-control telnet enable-graceful-shutdown

Description

This command enables graceful shutdown of telnet sessions.

The no form of this command disables graceful shutdown of telnet sessions.

Platforms

All

Context

[Tree] (config>service>vprn>grt-lookup enable-grt)

Full Context

configure service vprn grt-lookup enable-grt

Description

This command enables the functions required for looking up routes in the Global Route Table (GRT) when the lookup in the local VRF fails. If this command is enabled without the use of a static-route option (as subcommand to this parent), a lookup in the local VRF is preferred over the GRT. When the local VRF returns no route table lookup matches, the result from the GRT is preferred.

The no form of this command disables the lookup in the GRT when the lookup in the local VRF fails.

Default

no enable-grt

Platforms

All

Context

[Tree] (config>system enable-icmp-vse)

Full Context

configure system enable-icmp-vse

Description

This command enables vendor specific extensions to ICMP.

Default

no enable-icmp-vse

Platforms

All

Context

[Tree] (config>router>if enable-ingress-stats)

[Tree] (config>service>vprn>sub-if>grp-if enable-ingress-stats)

[Tree] (config>service>ies>if enable-ingress-stats)

[Tree] (config>service>vprn>if enable-ingress-stats)

[Tree] (config>service>vprn>nw-if enable-ingress-stats)

[Tree] (config>service>ies>sub-if>grp-if enable-ingress-stats)

Full Context

configure router interface enable-ingress-stats

configure service vprn subscriber-interface group-interface enable-ingress-stats

configure service ies interface enable-ingress-stats

configure service vprn interface enable-ingress-stats

configure service vprn network-interface enable-ingress-stats

configure service ies subscriber-interface group-interface enable-ingress-stats

Description

This command enables the collection of ingress interface IP statistics for the associated interface. This command is only applicable to IP statistics, and not to uRPF statistics.

If enabled, the following statistics are collected:

• IPv4 offered packets

• IPv4 offered octets

• IPv6 offered packets

• IPv6 offered octets

The no form of this command disables the collection of ingress interface IP statistics for the associated interface. When disabled, the "in-packets" statistics field in the statistics command output is always 0.

Default

no enable-ingress-stats

Platforms

All

• configure service ies interface enable-ingress-stats
• configure service vprn network-interface enable-ingress-stats
• configure router interface enable-ingress-stats
• configure service vprn interface enable-ingress-stats

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

• configure service vprn subscriber-interface group-interface enable-ingress-stats
• configure service ies subscriber-interface group-interface enable-ingress-stats

Context

[Tree] (config>router>bgp enable-inter-as-vpn)

Full Context

configure router bgp enable-inter-as-vpn

Description

This command specifies whether VPNs can exchange routes across autonomous system boundaries, providing model B connectivity.

The no form of this command disallows ASBRs to advertise VPRN routes to their peers in other autonomous systems.

Default

no enable-inter-as-vpn

Platforms

All

Context

[Tree] (config>service>ies>if enable-mac-accounting)

Full Context

configure service ies interface enable-mac-accounting

Description

This command enables MAC accounting functionality on this interface.

The no form of this command disables MAC accounting functionality on this interface.

Platforms

All

Context

[Tree] (config>service>vprn>if enable-mac-accounting)

Full Context

configure service vprn interface enable-mac-accounting

Description

This command enables MAC accounting functionality on this interface.

The no form of this command disables MAC accounting functionality on this interface.

Platforms

All

Context

[Tree] (config>router>if enable-mac-accounting)

Full Context

configure router interface enable-mac-accounting

Description

This command enables MAC Accounting functionality for the interface.

Default

no enable-mac-accounting

Platforms

All

Context

[Tree] (config>router>pim enable-mdt-spt)

Full Context

configure router pim enable-mdt-spt

Description

This command enables SPT switchover for default MDT. On enable, PIM instance resets all MDTs and re-initiate setup.

The no form of this command disables SPT switchover for default MDT. On disable, PIM instance resets all MDTs and re-initiate setup.

Default

no enable-mdt-spt

Platforms

All

Context

[Tree] (config>service>vprn>bgp>group>neighbor>graceful-restart enable-notification)

[Tree] (config>service>vprn>bgp>group>graceful-restart enable-notification)

[Tree] (config>service>vprn>bgp>graceful-restart enable-notification)

Full Context

configure service vprn bgp group neighbor graceful-restart enable-notification

configure service vprn bgp group graceful-restart enable-notification

configure service vprn bgp graceful-restart enable-notification

Description

When this command is present, the graceful restart capability sent by this router indicates support for NOTIFICATION messages. If the peer also supports this capability then the session can be restarted gracefully (while preserving forwarding) if either peer sends a NOTIFICATION message due to some type of event or error.

Default

no enable-notification

Platforms

All

Context

[Tree] (config>router>bgp>group>graceful-restart enable-notification)

[Tree] (config>router>bgp>graceful-restart enable-notification)

[Tree] (config>router>bgp>group>neighbor>graceful-restart enable-notification)

Full Context

configure router bgp group graceful-restart enable-notification

configure router bgp graceful-restart enable-notification

configure router bgp group neighbor graceful-restart enable-notification

Description

When this command is present, the graceful restart capability sent by this router indicates support for NOTIFICATION messages. If the peer also supports this capability, then the session can be restarted gracefully (while preserving forwarding) if either peer needs to send a NOTIFICATION message due to some type of event or error.

Default

no enable-notification

Platforms

All

Context

[Tree] (config>service>vprn>bgp>group enable-origin-validation)

[Tree] (config>service>vprn>bgp>group>neighbor enable-origin-validation)

Full Context

configure service vprn bgp group enable-origin-validation

configure service vprn bgp group neighbor enable-origin-validation

Description

When this command is added to the configuration of a group or neighbor, it causes every inbound IPv4, IPv6, and label-IPv4 route from that peer to be marked with one of the following origin validation states:

• Valid (0)

• Not-Found (1)

• Invalid (2)

By default (when no family parameter is present in the command) or when all the family options are specified, all unicast IPv4 (AFI1/SAFI1), label-IPv4 (AFI1/SAFI4), and unicast IPv6 (AFI2/SAFI1) routes are evaluated to determine their origin validation states. When only a subset of the family options are present, then only the corresponding address family routes are evaluated.

This command applies to all types of VPRN BGP peers, generally, it should only be applied to EBGP peers and groups that contain only EBGP peers.

The no form of this command disables the inspection of received routes from the peer to determine origin validation state.

Default

no enable-origin-validation

Parameters

ipv4

Enables origin validation processing for unlabeled unicast IPv4 routes.

ipv6

Enables origin validation processing for unlabeled unicast IPv6 routes.

label-ipv4

Enables origin validation processing for labeled IPv4 routes.

Platforms

All

Context

[Tree] (config>router>bgp>group>neighbor enable-origin-validation)

[Tree] (config>router>bgp>group enable-origin-validation)

Full Context

configure router bgp group neighbor enable-origin-validation

configure router bgp group enable-origin-validation

Description

When the enable-origin-validation command is added to the configuration of a group or neighbor, it causes every inbound IPv4 or IPv6 route from that peer to be marked with one of the following origin validation states:

• Valid (0)

• Not-Found (1)

• Invalid (2)

By default (when neither the ipv4 or ipv6 option is present in the command) or when both the ipv4 and ipv6 options are specified, all unicast IPv4 (AFI1/SAFI1), label-IPv4 (AFI1/SAFI4), unicast IPv6 (AFI2/SAFI1), and label-IPv6 (AFI2/SAFI4) routes are evaluated to determine their origin validation states. When only the ipv4 or ipv6 option is present, only the corresponding address family routes (unlabeled and labeled) are evaluated.

The enable-origin-validation command applies to all types of BGP peers, but as a general rule, it should only be applied to EBGP peers and groups that contain only EBGP peers.

Default

no enable-origin-validation

Parameters

ipv4

Enables origin validation processing for unlabeled unicast IPv4 routes.

ipv6

Enables origin validation processing for unlabeled unicast IPv6 routes.

label-ipv4

Enables origin validation processing for labeled IPv4 routes.

label-ipv6

Enables origin validation processing for labeled IPv6 routes.

Platforms

All

Context

[Tree] (config>service>vprn>bgp>group>neighbor enable-peer-tracking)

[Tree] (config>service>vprn>bgp enable-peer-tracking)

[Tree] (config>service>vprn>bgp>group enable-peer-tracking)

Full Context

configure service vprn bgp group neighbor enable-peer-tracking

configure service vprn bgp enable-peer-tracking

configure service vprn bgp group enable-peer-tracking

Description

This command enables BGP peer tracking.

Default

no enable-peer-tracking

Platforms

All

Context

[Tree] (config>router>bgp>group>neighbor enable-peer-tracking)

[Tree] (config>router>bgp enable-peer-tracking)

[Tree] (config>router>bgp>group enable-peer-tracking)

Full Context

configure router bgp group neighbor enable-peer-tracking

configure router bgp enable-peer-tracking

configure router bgp group enable-peer-tracking

Description

This command enables BGP peer tracking. BGP peer tracking allows a BGP peer to be dropped immediately if the route used to resolve the BGP peer address is removed from the IP routing table and there is no alternative available. The BGP peer will not wait for the holdtimer to expire; therefore, the BGP re-convergence process is accelerated.

The no form of this command disables peer tracking.

Default

no enable-peer-tracking

Platforms

All

Context

[Tree] (config>router>bgp enable-rr-vpn-forwarding)

Full Context

configure router bgp enable-rr-vpn-forwarding

Description

When this command is configured all received VPN-IP routes, regardless of route target, are imported into the dummy VRF, where the BGP next-hops are resolved. The label-route-transport-tunnel under config>router>bgp>next-hop-resolution determines what types of tunnels are eligible to resolve the next-hops. If a received VPN-IP route from IBGP peer X is resolved and selected as best so that it can be re-advertised to an IBGP peer Y, and the BGP next-hop is modified towards peer Y (by using the next-hop-self command in Y’s group or neighbor context or by using a next-hop action in an export policy applied to Y) then BGP allocates a new VPRN service label value for the route, signals that new label value to Y and programs the IOM to do the corresponding label swap operation. The supported combinations of X and Y are outlined below:

• from X (client) to Y (client)

• from X (client) to Y (non-client)

• from X (non-client) to Y (client)

The no form of this command causes the re-advertisement of a VPN-IP route between one IBGP peer and another IBGP peer does not cause a new VPRN service label value to be signaled and programmed even if the BGP next-hop is changed through group/neighbor configuration or policy.

Nokia recommends leaving this command disabled for scaling and convergence reasons.

Default

no enable-rr-vpn-forwarding

Platforms

All

Context

[Tree] (config>service>nat>map-domain>mapping-rule enable-statistics)

Full Context

configure service nat map-domain mapping-rule enable-statistics

Description

This commnd enables detailed statistics collection per MAP rule.

This command must be enabled for each rule requiring detailed statistics tracking.

The no form of this command disables detailed statistics collection.

Default

no enable-statistics

Platforms

7750 SR-1-24D, 7750 SR-1-46S, 7750 SR-1-48D, 7750 SR-1-92S, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-1se, 7750 SR-2se, 7750 SR-7s, 7750 SR-14s, VSR

Context

[Tree] (config>router>bgp enable-subconfed-vpn-forwarding)

Full Context

configure router bgp enable-subconfed-vpn-forwarding

Description

This command configures BGP to keep VPN-IPv4 and VPN-IPv6 routes within a subconfederation and allow a next-hop-self command to create label swap forwarding entries.

When this is enabled, the base router BGP instance retains all received VPN-IPv4 and VPN-IPv6 routes, even those with route targets not matching any VRF import policy of any locally configured VPRN. In addition, when this leaf is enabled and base router BGP is configured to apply a next-hop-self command to a peer of any type (EBGP, IBGP, or confed-EBGP), the VPN-IPv4 and VPN-IPv6 routes are advertised to the peer with a new BGP label and next-hop, and a label-swap forwarding entry is programmed.The preceding behaviors are applied when the enable-inter-as-vpn or the enable-rr-vpn-forwarding commands, both under the configure router bgp context, are also enabled in the same BGP instance and regardless of whether the base router has a confederation configuration.

The no form of this command disables subconfederation VPN forwarding.

Default

no enable-subconfed-vpn-forwarding

Platforms

All

Context

[Tree] (admin enable-tech)

Full Context

admin enable-tech

Description

This command enables the shell and kernel commands.

Platforms

All

Context

[Tree] (config>service>vprn>sub-if>grp-if>wpp enable-triggered-hosts)

[Tree] (config>service>ies>sub-if>grp-if>wpp enable-triggered-hosts)

Full Context

configure service vprn subscriber-interface group-interface wpp enable-triggered-hosts

configure service ies subscriber-interface group-interface wpp enable-triggered-hosts

Description

This command enables system to auto creates ESM hosts upon successful WPP authentication. The default host must be configured under SAP on the subscriber SAP to redirect unauthenticated client traffic to the web portal.

The no form of this command reverts to the default.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>mirror>mirror-dest encap)

Full Context

configure mirror mirror-dest encap

Description

Commands in this context configure encapsulation options for the mirrored traffic. Note that the use of encap is mutually exclusive with SAP or spoke SDP options in the same mirror destination. Only one type of encapsulation can be specified for a single mirror destination. Slicing and encap are mutually exclusive in the same mirror-dest context.

Platforms

All

Context

[Tree] (config>service>vpls>sap>egress encap-defined-qos)

Full Context

configure service vpls sap egress encap-defined-qos

Description

This command creates a new QoS sub-context in B-VPLS SAP egress context. The user can define encapsulation groups, referred to as encap-group, based on the ISID value in the packet’s encapsulation and assign a QoS policy and a scheduler policy or aggregate rate limit to the group.

Platforms

All

Context

[Tree] (config>service>vpls>sap>egress>encap-defined-qos encap-group)

Full Context

configure service vpls sap egress encap-defined-qos encap-group

Description

This command defines an encapsulation group which consists of a group of ISID values. All packets forwarded on the egress of a B-VPLS SAP which payload header matches one of the ISID value in the encap-group will use the same QoS policy instance and scheduler policy or aggregate rate limit instance.

The user adds or removes members to the encap-group one at a time or as a range of contiguous values using the member command. However, when the qos-per-member option is enabled, members must be added or removed one at a time. These members are also referred to as ISID contexts.

The user can configure one or more encap-groups in the egress context of the same B-SAP, therefore defining different ISID values and applying each a different SAP egress QoS policy, and optionally a different scheduler policy/agg-rate. ISID values are unique within the context of a B-SAP. The same ISID value cannot be re-used in another encap-group under the same B-SAP but can be re-used in an encap-group under a different B-SAP. Finally, if the user adds to an encap-group an ISID value which is already a member of this encap-group, the command causes no effect. The same if the user attempts to remove an ISID value which is not a member of this encap-group.

Once a group is created, the user will assign a SAP egress QoS policy, and optionally a scheduler policy or aggregate rate limit, using the following commands:

config>service>vpls>sap>egress>encap-defined-qos>encap-group>qos sap-egress-policy-id

config>service>vpls>sap>egress>encap-defined-qos>encap-group>scheduler-policy scheduler-policy-name

config>service>vpls>sap>egress>encap-defined-qos>encap-group>agg-rate kilobits-per-second

A SAP egress QoS policy must first be assigned to the created encap group before the user can add members to this group. Conversely, the user cannot perform the no qos command until all members are deleted from the encap-group.

An explicit or the default SAP egress QoS policy continues to be applied to the entire B-SAP but this will serve to create the set of egress queues which are used to store and forward a packet which does not match any of the defined ISID values in any of the encap-groups for this SAP.

Only the queue definition and fc-to-queue mapping from the encap-group SAP egress QoS policy is applied to the ISID members. All other parameters configurable in a SAP egress QoS policy must be inherited from egress QoS policy applied to the B-SAP.

Furthermore, any other CLI option configured in the egress context of the B-SAP continues to apply to packets matching a member of any encap-group defined in this B-SAP.

The keyword qos-per-member allows the user to specify that a separate queue set instance and scheduler/agg-rate instance will be created for each ISID value in the encap-group. By default, shared instances will be created for the entire encap-group.

When the B-SAP is configured on a LAG port, the ISID queue instances defined by all the encap-groups applied to the egress context of the SAP will be replicated on each member link of the LAG. The set of scheduler/agg-rate instances will be replicated per link or per IOM or XMA depending if the adapt-qos option is set to link/port-fair mode or distribute mode. This is the same behavior as that applied to the entire B-SAP in the current implementation.

The no form of this command deletes the encap-group.

Parameters

group-name

Specifies the name of the encap-group and can be up to 32 ASCII characters in length

type

Specifies the type of the encapsulation ID used by this encap-group

Values

isid

qos-per-member

Specifies that a separate queue set instance and scheduler/agg-rate instance will be created for each ISID value in the encap-group

Platforms

All

Context

[Tree] (config>port>ethernet>dot1x>macsec>sub-port encap-match)

Full Context

configure port ethernet dot1x macsec sub-port encap-match

Description

This command defines the sub-set of traffic on this port affected by this MACsec sub-port.

In order to establish an end-to-end communication between the remote MACsec peers encrypting VLAN-tagged traffic, the MKA packets have to be able to travel over the network following the same path as the encrypted traffic. MKA packets are generated with specific tags depending on the traffic match criteria configured, as shown in MKA Packet Generation .

The no form of this command removes all traffic sub-set definitions from the MACsec sub-port.

Default

encap-match all-encap

Parameters

all-encap

Specifies that all traffic patterns are matched including untagged, single-tag or double-tag, and all will be encrypted.

untagged

Specifies that only untagged traffic are matched and encrypted.

single-tag

Specifies that only dot1q traffic are matched. Either all single tag traffic can be matched, by using *, or a specific dot1q tag can be matched.

double-tag

Specifies that only qinq traffic are matched. The service tag can be specifically matched or a wild card match (*.*) can be used.

encap-value

Specifies the type and value of the packet encapsulation to match for this MACsec sub-port.

Type	Parameter
all-encap	—
untagged	—
dot1q	[*| s] (s = 0..4094)
qinq	[*.*| s.*| s.c] (s and c = 0..4094)

where:

• S = service tag

• C = customer tag

Platforms

All

Context

[Tree] (config>subscr-mgmt>sub-profile>egress encap-offset)

Full Context

configure subscriber-mgmt sub-profile egress encap-offset

Description

This command enables the adjustment of the queue and subscriber aggregate rate based on the last mile Ethernet or ATM encapsulation.

The data path computes the adjusted frame size real-time for each serviced packet from a queue by adding the actual packet size to the fixed offset provided by CPM for this queue and variable AAL5 padding.

When this command is enabled, the fixed packet offset is derived from the encapsulation type value signaled in the Access-loop-encapsulation sub-TLV in the Vendor-Specific PPPoE Tags or DHCP Relay Options as per RFC 4679. If the user specifies an encapsulation type with the command, this value is used as the default value for all hosts of this subscriber until a host session signaled a valid value. The signaled value is applied to this host only and the remaining hosts of this subscriber continue to use the user entered default type value if configured, or no offset is applied. However, hosts of the same subscriber using the same SLA profile and which are on the same SAP will share the same instance of FC queues. In this case, the last valid encapsulation value signaled by a host of that same instance of the SAP egress QoS policy will override any previous signaled or configured value.

If the user manually applied a constant byte offset to each packet serviced by the queue by configuring the packet-byte-offset, it will have no effect on the net offset computed for the packet. This net offset is stored in the subscriber host table.

The procedures for handling signaling changes or configuration changes affecting the subscriber profile are as follows:

The avg-frame-size parameter in the subscriber profile is ignored.

If the user specifies an encapsulation type with the command, this value is used as the default value for all hosts of this subscriber until a host session signaled a valid value. The signaled value is applied to this host and other hosts of the same subscriber sharing the same SLA profile and which are on the same SAP. The remaining hosts of this subscriber continue to use the user entered default type value if configured, or no offset is applied.

If the user enables/disables the encap-offset option, or changes the parameter value of the encap-offset option, CPM immediately triggers a re-evaluation of subscribers hosts using the corresponding subscriber profile and an update the IOM with the new fixed offset value.

If a subscriber has a static host or an ARP host, the subscriber host continues to use the user-configured default encapsulation type value or the last valid encapsulation value signaled in the PPPoE tags or DHCP relay options by other hosts of the same subscriber which use the same SLA profile instance. If none was signaled or configured, then no rate adjustment is applied.

When the encap-offset option is configured in the subscriber profile, the subscriber host queue rates, that is, CLI and operational PIR and CIR as well as queue bucket updates, the queue statistics, that is, forwarded, dropped, and HQoS offered counters use the last-mile frame-over-the-wire format. The scheduler policy CLI and operational rates also use LM-FoW format. The port scheduler max-rate and the priority level rates and weights, if a Weighted Scheduler Group is used, are always entered in CLI and interpreted as local port frame-over-the-wire rates. The same is true for an agg-rate-limit applied to a Vport. Finally the subscriber agg-rate-limit is entered in CLI as last-mile frame-over-the-wire rate. The system maintains a running average frame expansion ratio for each queue to convert queue rates between these two formats.

The no form of this command reverts to the default.

Parameters

type

The name of the default encapsulation used for all host queues of a subscriber in the absence of a valid value signaled in the PPPoE tags.

Values

pppoa-llc, pppoa-null, pppoeoa-llc, pppoeoa-llc-fcs, pppoeoa-llc-tagged, pppoeoa-llc-tagged-fcs, pppoeoa-null, pppoeoa-null-fcs, pppoeoa-null-tagged, pppoeoa-null-tagged-fcs, ipoa-llc, ipoa-null, ipoeoa-llc, ipoeoa-llc-fcs, ipoeoa-llc-tagged, ipoeoa-llc-tagged-fcs, ipoeoa-null, ipoeoa-null-fcs, ipoeoa-null-tagged, ipoeoa-null-tagged-fcs, pppoe, pppoe-tagged, ipoe, ipoe-tagged

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>loc-user-db>ppp>host>access-loop-encapsulation encap-offset)

Full Context

configure subscriber-mgmt local-user-db ppp host access-loop-encapsulation encap-offset

Description

This command is applicable within the LAC/LNS context. It provides the last mile link encapsulation information that is needed for proper (shaping) rate calculations and interleaving delay in the last mile.

The encapsulation value will be taken from the following sources in the order of priority:

• Statically provisioned value in local user database (LUDB).

• RADIUS

• PPPoE tags on LAC or ICRQ message (RFC 5515) on LNS

In case that the encapsulation information is not provided by any of the existing means (LUDB, RADIUS, AVP signaling, PPPoE Tags), then by default pppoea-null encapsulation will be in effect.

The following values are supported encapsulation values on LNS in the 7750 SR.

encap-type:

The values are not supported encapsulation values on LNS in the 7750 SR.

Default

no encap-offset

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s

Context

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host>host-ident encap-tag-range)

[Tree] (config>subscr-mgmt>loc-user-db>ppp>host>host-ident encap-tag-range)

Full Context

configure subscriber-mgmt local-user-db ipoe host host-identification encap-tag-range

configure subscriber-mgmt local-user-db ppp host host-identification encap-tag-range

Description

This command specifies a range of encapsulation tags as the host identifications. The encapsulation tag is dot1q or qinq on Ethernet port.

For dot1q, the start/end-tag is single number, range from 0-4094; for QinQ, the start/end-tag format is x.y, x or y could be "*”, which means ignore inner or outer tag.

The no form of this command removes the encapsulation tag range from the configuration.

Parameters

start-tag start-tag

Specifies the value of the start label in the range of SAPs allowed on this host.

Values

start-tag	dot1q	qtag1
	qinq	(qtag1.qtag2 | qtag1.* | *.qtag2)

end-tag end-tag

Specifies the value of the end label in the range of SAPs allowed on this host.

Values

end-tag	dot1q	qtag1
	qinq	(qtag1.qtag2 | qtag1.* | *.qtag2)

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host>host-ident encap-tag-separate-range)

[Tree] (config>subscr-mgmt>loc-user-db>ppp>host>host-ident encap-tag-separate-range)

Full Context

configure subscriber-mgmt local-user-db ipoe host host-identification encap-tag-separate-range

configure subscriber-mgmt local-user-db ppp host host-identification encap-tag-separate-range

Description

This command specifies a range of encapsulation tags as the host identifications.

The no form of this command removes the range of encapsulation tags from the configuration.

Default

no encap-tag-separate-range

Parameters

outer-encap-range

Specifies the value of the outer encapsulation tag range.

Values

start-qtag - end-qtag

start-qtag: 0 to 4094

end-qtag: 0 to 4094

inner-encap-range

Specifies the value of the inner encapsulation tag range.

Values

start-qtag - end-qtag

start-qtag: 0 to 4094

end-qtag: 0 to 4094

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>l2-access-points>l2-ap encap-type)

[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>l2-access-points>l2-ap encap-type)

Full Context

configure service ies subscriber-interface group-interface wlan-gw l2-access-points l2-ap encap-type

configure service vprn subscriber-interface group-interface wlan-gw l2-access-points l2-ap encap-type

Description

If different from default, this command overrides the value specified by l2-ap-encap-type on wlan-gw level. See the description of l2-ap-encap-type for more detail. This value can only be changed while the l2-ap is shut down.

The no form of this command sets the default value.

Default

encap-type default

Parameters

default

Specifies to use the value specified by l2-ap-encap-type.

null

Specifies to use both the SAP and the AP are not VLAN-tagged.

dot1q

Specifies to use either the AP or the SAP uses one VLAN tag.

qinq

Up to two VLAN tags are used by the AP or SAP.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>port>ethernet encap-type)

Full Context

configure port ethernet encap-type

Description

This command configures the encapsulation method used to distinguish customer traffic on an Ethernet access port, or different VLANs on a network port.

The no form of this command restores the default.

Default

encap-type null

Parameters

dot1q

Ingress frames carry 802.1Q tags where each tag signifies a different service.

null

Ingress frames will not use any tags to delineate a service. As a result, only one service can be configured on a port with a null encapsulation type.

qinq

Specifies QinQ encapsulation.

Platforms

All

Context

[Tree] (config>port>tdm>ds3 encap-type)

[Tree] (config>port>tdm>e3 encap-type)

[Tree] (config>port>tdm>e1>channel-group encap-type)

[Tree] (config>port>tdm>ds1>channel-group encap-type)

Full Context

configure port tdm ds3 encap-type

configure port tdm e3 encap-type

configure port tdm e1 channel-group encap-type

configure port tdm ds1 channel-group encap-type

Description

This command configures the encapsulation method used to on the specified port, path, or channel. This parameter can be set on both access and network ports.

The no form of this command restores the default.

Default

encap-type bcp-null

Parameters

cem

Specifies that on circuit emulation MDAs, only the cem encap-type is supported. All other values are blocked with an appropriate warning. The cem encap-type is not supported on other MDAs and are blocked with an appropriate warning.

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e

Context

[Tree] (config>lag encap-type)

Full Context

configure lag encap-type

Description

This command configures the encapsulation method used to distinguish customer traffic on a LAG. The encapsulation type is configurable on a LAG port. The LAG port and the port member encapsulation types must match when adding a port member.

If the encapsulation type of the LAG port is changed, the encapsulation type on all the port members will also change. The encapsulation type can be changed on the LAG port only if there is no interface associated with it. If the MTU is set to a non-default value, it will be reset to the default value when the encap type is changed.

The no form of this command restores the default.

Default

encap-type null — All traffic on the port belongs to a single service or VLAN.

Parameters

dot1q

Ingress frames carry 802.1Q tags where each tag signifies a different service.

null

Ingress frames will not use any tags to delineate a service. As a result, only one service can be configured on a port with a null encapsulation type.

qinq

Specifies QinQ encapsulation.

Platforms

All

Context

[Tree] (config>eth-tunnel>ethernet encap-type)

Full Context

configure eth-tunnel ethernet encap-type

Description

This command configures the encapsulation method used to distinguish customer traffic on a LAG. The encapsulation type is configurable on a LAG port. The LAG port and the port member encapsulation types must match when adding a port member.

If the encapsulation type of the LAG port is changed, the encapsulation type on all the port members will also change. The encapsulation type can be changed on the LAG port only if there is no interface associated with it. If the MTU is set to a non-default value, it will be reset to the default value when the encap type is changed.

The no form of this command reverts to the default.

Default

encap-type dot1q

Parameters

dot1q

Specifies that frames carry 802.1Q tags where each tag signifies a different service.

qinq

Specifies the qinq encapsulation method.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>pw-port encap-type)

Full Context

configure pw-port encap-type

Description

This command configures the encapsulation type on a PW port. Customer Ethernet frames can be single-tagged or double-tagged, and this command determines the number of tags that the SR OS will check (and strip) on PW-SAP ingress and insert on PW-SAP egress.

The no form of this command removes the configuration.

Parameters

dot1q

Specifies that the encapsulation type is dot1q; used when the customer's Ethernet frame is single-tagged.

qinq

Specifies that the encapsulation type is qinq; used when the customer's Ethernet frame is double-tagged.

Default

dot1q

Platforms

All

Context

[Tree] (config>service>vprn>if>ipsec>ipsec-tunnel encapsulated-ip-mtu)

[Tree] (config>ipsec>tnl-temp encapsulated-ip-mtu)

[Tree] (config>service>vprn>if>sap>ip-tunnel encapsulated-ip-mtu)

[Tree] (config>router>if>ipsec>ipsec-tunnel encapsulated-ip-mtu)

[Tree] (config>service>vprn>if>sap>ipsec-tun encapsulated-ip-mtu)

[Tree] (config>service>ies>if>sap>ip-tunnel encapsulated-ip-mtu)

[Tree] (config>service>ies>if>ipsec>ipsec-tunnel encapsulated-ip-mtu)

Full Context

configure service vprn interface ipsec ipsec-tunnel encapsulated-ip-mtu

configure ipsec tunnel-template encapsulated-ip-mtu

configure service vprn interface sap ip-tunnel encapsulated-ip-mtu

configure router interface ipsec ipsec-tunnel encapsulated-ip-mtu

configure service vprn interface sap ipsec-tunnel encapsulated-ip-mtu

configure service ies interface sap ip-tunnel encapsulated-ip-mtu

configure service ies interface ipsec ipsec-tunnel encapsulated-ip-mtu

Description

This command specifies the maximum size of encapsulated tunnel packet for the ipsec-tunnel, ip-tunnel, or the dynamic tunnels terminated on the ipsec-gw. If the encapsulated IPv4 or IPv6 tunnel packet exceeds the encapsulated-ip-mtu, then the system fragments the packet against the encapsulated-ip-mtu.

The no form of this command reverts to the default.

Default

no encapsulated-ip-mtu

Parameters

bytes

Specifies the maximum size in bytes.

Values

512 to 9000

Platforms

VSR

• configure router interface ipsec ipsec-tunnel encapsulated-ip-mtu
• configure service vprn interface ipsec ipsec-tunnel encapsulated-ip-mtu
• configure service ies interface ipsec ipsec-tunnel encapsulated-ip-mtu

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

• configure service ies interface sap ip-tunnel encapsulated-ip-mtu
• configure service vprn interface sap ipsec-tunnel encapsulated-ip-mtu
• configure ipsec tunnel-template encapsulated-ip-mtu
• configure service vprn interface sap ip-tunnel encapsulated-ip-mtu

Context

[Tree] (config>service>vprn>if>sap>ip-tunnel encapsulated-ip-mtu)

Full Context

configure service vprn interface sap ip-tunnel encapsulated-ip-mtu

Description

This command configures the tunnel encapsulated IP MTU.

The no form of this command reverts to the default.

Parameters

octets

Specifies the tunnel encapsulated IP MTU in octets.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>app-assure>group>http-enrich>field encode)

Full Context

configure application-assurance group http-enrich field encode

Description

This command configures the encoding applied to the HTTP header enrichment field.

The no form of this command removes the encoding.

Default

no encode

Parameters

type

Specifies whether the parameters are hashed with MD5, encrypted with RC4 or AES using the configured key, or if certificate-based encryption is used with RSA.

Values

md5, rc4, certificate, cert-base64, rc4md5-base64, aes128, aes256, aes128cbc, aes256cbc

key

Specifies the key string, 64 characters maximum.

hash-key

Specifies the first hashed key.

hash-key2

Specifies the second hashed key.

hash

Specifies that the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

hash2

Specifies that the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

custom

Specifies the custom encryption to management interface.

cert-profile-name

Specifies the name of the certificate profile to use. This profile must have already been created using the certificate-profile command.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>system>telemetry>persistent-subscriptions>subscription encoding)

Full Context

configure system telemetry persistent-subscriptions subscription encoding

Description

This command configures the encoding type that is used for telemetry notifications in accordance with the definitions in the gNMI OpenConfig standard.

Default

encoding json

Parameters

encoding

Specifies the encoding type.

Values

json, bytes, proto

Platforms

All

Context

[Tree] (bof encrypt)

Full Context

bof encrypt

Description

This command enables and disables encryption of the BOF using AES256 and SHA256.

When the BOF is encrypted on the compact flash, it is still reachable using the BOF interactive menu during node startup, and fields can be modified using the BOF interactive menu.

Default

encrypt off

Parameters

on

Enables BOF encryption

off

Disables BOF encryption

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>anysec>tnl-enc encryption-group)

Full Context

configure anysec tunnel-encryption encryption-group

Description

This command creates an encryption group.

An encryption group is a group of LSPs that use the same CA and preshared keys (PSK). For ease of PSK management, SR OS allows a group of LSPs to use the same CA with same PSKs. The PSK is used to secure the SAK for distribution to other PEERs.

The no form of this command removes the encryption group.

Parameters

group-name

Specifies the encryption group name, up to 32 characters.

create

Keyword used to create an encryption group.

Platforms

7750 SR-1-24D, 7750 SR-1-46S, 7750 SR-1-48D, 7750 SR-1-92S, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-1se

Context

[Tree] (debug>anysec encryption-group)

Full Context

debug anysec encryption-group

Description

This command debugs ANYsec encryption groups.

Parameters

group-name

Specifies the encryption group name, up to 32 characters.

ip-address

Specifies a peer IP address.

Values

ipv4-address: a.b.c.d

ipv6-address:

• x:x:x:x:x:x:x:x (eight 16-bit pieces)

• x:x:x:x:x:x:d.d.d.d

• x: [0 to FFFF] H

• d: [0 to 255] D

detail

Keyword used to specify detailed information.

Platforms

7750 SR-1-24D, 7750 SR-1-46S, 7750 SR-1-48D, 7750 SR-1-92S, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-1se

Context

[Tree] (bof encryption-key)

Full Context

bof encryption-key

Description

This command creates a key to be used by AES256 and SHA256 for configuration file encryption and hashing. This key is used for all configuration files (primary, secondary, and tertiary).

After creating or deleting a key, use the admin save command to save the configuration file with the current encryption key state.

The no form of this command deletes the encryption key.

Default

no encryption-key

Parameters

key

Specifies the encryption key.

If the hash, hash2, or custom parameter is not configured, the key is entered in plaintext and the key length must be between 8 and 32 characters. A plaintext key cannot contain embedded nulls or end with " hash”, " hash2”, or " custom”.

If the hash, hash2, or custom parameter is configured, the key is hashed and the key length must be between 1 and 64 characters.

hash

Keyword to specify that the key is entered in an encrypted form.

hash2

Keyword to specify that the key is entered in a more complex encrypted form. The hash2 encryption scheme is node-specific and the key cannot be transferred between nodes.

custom

Keyword to specify that the key uses custom encryption.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>log encryption-key)

Full Context

configure log encryption-key

Description

This command specifies the encryption key used by AES-256-CTR for log file encryption. The encryption key is used for all local log files on the system.

The no form of this command deletes the encryption key.

Default

no encryption-key

Parameters

key

Specifies the encryption key.

If the hash, hash2, or custom parameter is not configured, the key is entered in plaintext and the key length must be between 8 and 32 characters. A plaintext key cannot contain embedded nulls or end with " hash”, " hash2”, or " custom”.

If the hash, hash2, or custom parameter is configured, the key is hashed and the key length must be between 1 and 64 characters.

hash

Keyword to specify that the key is entered in an encrypted form.

hash2

Keyword to specify that the key is entered in a more complex encrypted form. The hash2 encryption scheme is node-specific and the key cannot be transferred between nodes.

custom

Keyword to specify that the key uses custom encryption.

Platforms

All

Context

[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>group-encryption encryption-keygroup)

[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>group-encryption encryption-keygroup)

Full Context

configure service ies subscriber-interface group-interface wlan-gw group-encryption encryption-keygroup

configure service vprn subscriber-interface group-interface wlan-gw group-encryption encryption-keygroup

Description

This command binds an encryption key-group to a WLAN-GW soft-GRE group interface. When configured in the inbound direction, received packets must be encrypted using one of the valid security-associations configured for the key-group. When configured in the outbound direction, L2oMPLSoGRE packets egressing the node use the "active-outbound-sa” associated with the key-group configured.

The no form of this command removes the encryption keygroup from the inbound or outbound group interface.

Parameters

keygroup-id

Specifies the ID number or name of the keygroup.

Values

1 to 127, keygroup-name up to 64 characters

direction

Applies the keygroup to the inbound or outbound direction of a service.

Values

inbound | outbound

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>router>if>group-encryption encryption-keygroup)

Full Context

configure router interface group-encryption encryption-keygroup

Description

This command is used to bind a key group to a router interface for inbound or outbound packet processing. When configured in the outbound direction, packets egressing the router use the active-outbound-sa associated with the configured key group. When configured in the inbound direction, received packets must be encrypted using one of the valid security associations configured for the key group.

The no form of this command removes the key group from the router interface in the specified direction.

Default

no encryption-keygroup direction inbound

no encryption-keygroup direction outbound

Parameters

keygroup-id

The ID number of the key group being configured.

Values

1 to 127, keygroup-name (64 characters maximum)

inbound

Binds the key group in the inbound direction.

outbound

Binds the key group in the outbound direction.

Platforms

VSR

Context

[Tree] (config>grp-encryp encryption-keygroup)

Full Context

configure group-encryption encryption-keygroup

Description

This command is used to create a key group. Once the key group is created, use the command to enter the key group context or delete a key group.

The no form of the command removes the key group. Before using the no form, the key group association must be deleted from all services that are using this key group.

Parameters

keygroup-id

The number or name of the key group being referenced.

Values

1 to 15, or keygroup-name (up to 64 characters)

create

Creates a key group.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vprn encryption-keygroup)

[Tree] (config>service>sdp encryption-keygroup)

[Tree] (config>service>pw-template encryption-keygroup)

Full Context

configure service vprn encryption-keygroup

configure service sdp encryption-keygroup

configure service pw-template encryption-keygroup

Description

This command is used to bind a key group to an SDP, VPRN service, or PW template for inbound or outbound packet processing. When configured in the outbound direction, packets egressing the node use the active-outbound-sa associated with the key group configured. When configured in the inbound direction, received packets must be encrypted using one of the valid security associations configured for the key group. Services using the SDP will be encrypted.

The encryption (enabled or disabled) configured on an SDP used to terminate a Layer 3 spoke SDP of a VPRN always overrides any VPRN-level configuration for encryption.

Encryption is enabled after the outbound direction is configured.

For PW template changes, the following tools command must be executed after the configuration changes are made: tools>perform>service>eval-pw-template>allow-service-impact. This command applies the changes to services that use the PW template.

The no form of the command removes the key group from the SDP or service in the specified direction (inbound or outbound).

Parameters

keygroup-id

Specifies the number of the key group being configured.

Values

1 to 15 or keygroup-name (up to 64 characters)

direction {inbound | outbound}

Specifies the direction of the service that the key group will be bound to.

Platforms

VSR

Context

[Tree] (config>anysec>tnl-enc>enc-grp encryption-label)

Full Context

configure anysec tunnel-encryption encryption-group encryption-label

Description

This command creates an encryption group label ID.

The encryption SID uniquely identifies the encrypting node within a network to avoid double encryption scenarios. The encryption SID can be assigned per encryption group. However, all encryption groups can have the same encryption SID. To save label space, Nokia recommends limiting the number of encryption SIDs within a network. To configure the encryption SID, a reserved-label-block command must be configured under the anysec context. The encryption SID is programmed at the bottom of the stack with S bit set.

The no form of this command removes the encryption group label.

Parameters

label

Specifies the encryption group label ID.

Values

0 to 1048575

Platforms

7750 SR-1-24D, 7750 SR-1-46S, 7750 SR-1-48D, 7750 SR-1-92S, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-1se

Context

[Tree] (config>macsec>connectivity-association encryption-offset)

Full Context

configure macsec connectivity-association encryption-offset

Description

This command specifies the offset of the encryption in MACsec packet.

The encryption-offset is distributed by MKA (Key-server) to all parties.

It is signaled via MACsec capabilities. There are four basic settings for this. MACsec Basic Settings breaks down the settings.

Note:

1. SR OS supports setting (3) Integrity without confidentiality and Integrity and confidentiality with a confidentiality offset of 0, 30, or 50.

The no form of this command rejects all arriving traffic whether MACsec is secured or not.

Default

encryption-offset 0

Parameters

encryption-offset

Specifies the encryption.

Values

0 — encrypt the entire payload

30 — leave the IPv4 header in clear

50 — leave the IPv6 header in clear

Platforms

All

Context

[Tree] (config>system>time>dst-zone end)

Full Context

configure system time dst-zone end

Description

This command configures start of summer time settings.

Default

end first sunday january 00:00

Parameters

end-week

Specifies the starting week of the month when the summer time ends.

Values

first, second, third, fourth, last

Default

first

end-day

Specifies the starting day of the week when the summer time ends.

Values

sunday, monday, tuesday, wednesday, thursday, friday, saturday

Default

sunday

end-month

Specifies the starting month of the year when the summer time takes effect.

Values

january, february, march, april, may, june, july, august, september, october, november, december

Default

january

hours-minutes

Specifies the time at which the summer time ends, in hh:mm format.

Values

hours: 00 to 23

minutes: 00 to 59

Default

00:00

Platforms

All

Context

[Tree] (config>router>segment-routing>srv6>inst>loc>func end)

Full Context

configure router segment-routing segment-routing-v6 base-routing-instance locator function end

Description

Commands in this context configure the value and attributes of SRv6 End SID function of a locator. The End SID function encodes the basic behavior of a prefix or a node SID.

The End SID function for each SRH mode must be statically allocated. The value is not automatically allocated by default.

The no form of this command removes the specified End function.

Parameters

function-value

Specifies an SRv6 End SID function value. Up to eight values can be configured per locator. Statically allocated functions of all SID types in a locator have their value upper range limited by parameter locator function-length static-function max-entries.

Values

1 to 1048575

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

Context

[Tree] (config>service>vpls>srv6>locator>function end-dt2m)

Full Context

configure service vpls segment-routing-v6 locator function end-dt2m

Description

This command configures the SRv6 End.DT2M behavior and function value that is associated to the SRv6 instance in the service. This means that decapsulation and table lookup for IPv6 prefixes occurs in the VPLS service.

The no form of this command removes the function behavior and value from the configuration.

Default

no end-dt2m

Parameters

function-value

Specifies the optional static function value that is associated to the function behavior. Statically allocated functions of all SID types in a locator have their value upper range limited by parameter locator function-length static-function max-entries. If not configured, the system allocates a value dynamically. Auto-allocated service function values have an upper range limited by the maximum service function length of 20-bits that is used in the datapath lookup for service functions.

Values

1 to 1048575

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

Context

[Tree] (config>service>vpls>srv6>locator>function end-dt2u)

Full Context

configure service vpls segment-routing-v6 locator function end-dt2u

Description

This command configures the SRv6 End.DT2U behavior and function value that is associated to the SRv6 instance in the service. This means that decapsulation and table lookup for IPv6 prefixes occurs in the VPLS service.

The no form of this command removes the function behavior and value from the configuration.

Default

no end-dt2m

Parameters

function-value

Specifies the optional static function value that is associated to the function behavior. Statically allocated functions of all SID types in a locator have their value upper range limited by parameter locator function-length static-function max-entries. If not configured, the system allocates a value dynamically. Auto-allocated service function values have an upper range limited by the maximum service function length of 20-bits that is used in the datapath lookup for service functions.

Values

1 to 1048575

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

Context

[Tree] (config>service>vprn>srv6>locator>function end-dt4)

Full Context

configure service vprn segment-routing-v6 locator function end-dt4

Description

This command configures the SRv6 End.DT4 behavior and function value that is associated to the SRv6 instance in the service. This implies decapsulation and table lookup for IPv4 prefixes in the VPRN.

The no form of this command removes the function behavior and value from the configuration.

Default

no end-dt4

Parameters

function-value

Specifies the optional static function value that is associated to the function behavior. Statically allocated functions of all SID types in a locator have their value upper range limited by parameter locator function-length static-function max-entries. If not configured, the system allocates a value dynamically. Auto-allocated service function values have an upper range limited by the maximum service function length of 20 bits that is used in the datapath lookup for service functions.

Values

1 to 1048575

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

Context

[Tree] (config>router>segment-routing>srv6>inst>loc>func end-dt4)

Full Context

configure router segment-routing segment-routing-v6 base-routing-instance locator function end-dt4

Description

This command configures the SRv6 End.DT4 behavior and function value associated with the base routing instance. This implies decapsulation and table lookup for IPv4 prefixes in the base routing table. These prefixes can be static routes or routes advertised in BGP.

The no form of this command removes the function behavior and value from the configuration.

Default

no end-dt4

Parameters

function-value

Specifies the SRv6 End.DT4 function value. Statically allocated functions of all SID types in a locator have their value upper range limited by parameter locator function-length static-function max-entries. Auto-allocated service function values have an upper range limited by the maximum service function length of 20-bits that is used in the datapath lookup for service functions.

Values

1 to 1048575

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

Context

[Tree] (config>service>vprn>srv6>locator>function end-dt46)

Full Context

configure service vprn segment-routing-v6 locator function end-dt46

Description

This command configures the SRv6 End.DT46 behavior and function value that is associated to the SRv6 instance in the service. This means that decapsulation and table lookup for IPv4 and IPv6 prefixes occurs in the VPRN service.

The no form of this command removes the function behavior and value from the configuration.

Default

no end-dt46

Parameters

function-value

Specifies the optional static function value that is associated to the function behavior. Statically allocated functions of all SID types in a locator have their value upper range limited by parameter locator function-length static-function max-entries. If not configured, the system allocates a value dynamically. Auto-allocated service function values have an upper range limited by the maximum service function length of 20-bits that is used in the datapath lookup for service functions.

Values

1 to 1048575

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

Context

[Tree] (config>router>segment-routing>srv6>inst>loc>func end-dt46)

Full Context

configure router segment-routing segment-routing-v6 base-routing-instance locator function end-dt46

Description

This command configured the SRv6 End.DT46 function behavior and value associated with the base routing instance. This implies decapsulation and table lookup for IPv4 and IPv6 prefixes in the base routing table. These prefixes can be static routes or routes advertised in BGP.

The no form of this command removes the function behavior and value from the configuration.

Default

no end-dt46

Parameters

function-value

Specifies the SRv6 End.DT46 function value. Statically allocated functions of all SID types in a locator have their value upper range limited by parameter locator function-length static-function max-entries. Auto-allocated service function values have an upper range limited by the maximum service function length of 20-bits that is used in the datapath lookup for service functions.

Values

1 to 1048575

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

Context

[Tree] (config>service>vprn>srv6>locator>function end-dt6)

Full Context

configure service vprn segment-routing-v6 locator function end-dt6

Description

This command configures the SRv6 End.DT6 behavior and function value that is associated to the SRv6 instance in the service. This means that decapsulation and table lookup for IPv6 prefixes occurs in the VPRN service.

The no form of this command removes the function behavior and value from the configuration.

Default

no end-dt6

Parameters

function-value

Specifies the optional static function value that is associated to the function behavior. Statically allocated functions of all SID types in a locator have their value upper range limited by parameter locator function-length static-function max-entries. If not configured, the system allocates a value dynamically. Auto-allocated service function values have an upper range limited by the maximum service function length of 20-bits that is used in the datapath lookup for service functions.

Values

1 to 1048575

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

Context

[Tree] (config>router>segment-routing>srv6>inst>loc>func end-dt6)

Full Context

configure router segment-routing segment-routing-v6 base-routing-instance locator function end-dt6

Description

This command configures the SRv6 End.DT6 function behavior and value associated with the base routing instance. This means that decapsulation and table lookup for IPv6 prefixes occurs in the base routing table. These prefixes can be static routes or routes advertised in BGP.

The no form of this command removes the function behavior and value from the configuration.

Default

no end-dt6

Parameters

function-value

Specifies the SRv6 End.DT6 function value. Statically allocated functions of all SID types in a locator have their value upper range limited by parameter locator function-length static-function max-entries. Auto-allocated service function values have an upper range limited by the maximum service function length of 20-bits that is used in the datapath lookup for service functions.

Values

1 to 1048575

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

Context

[Tree] (config>service>epipe>srv6>locator>function end-dx2)

Full Context

configure service epipe segment-routing-v6 locator function end-dx2

Description

This command configures the SRv6 End.DX2 behavior and function value that is associated with the SRv6 instance in the service, which means that decapsulation and cross-connect to the egress SAP occurs in the Epipe service.

The no form of this command removes the function behavior and value from the configuration.

Default

no end-dx2

Parameters

function-value

Specifies the optional static function value that is associated with the function behavior. Statically allocated functions of all SID types in a locator have their upper range limited by the config>router>segment-routing>srv6>loc>static-function max-entries. If not configured, the system allocates a value dynamically. Auto-allocated service function values have an upper range limited by the maximum service function length of 20 bits that is used in the datapath lookup for service functions.

Values

1 to 1048575

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

Context