e Commands – Part II

Context

[Tree] (config>service>vpls>mrp>mvrp endstation-vid-group)

Full Context

configure service vpls mrp mvrp endstation-vid-group

Description

This command specifies the range of VLAN IDs that are controlled by MVRP on the port associated with the parent SAP. When the command is present under a certain SAP, the MVRP will treat the associated virtual port as an end-station.

MVRP endstation behavior means that configuration of a new data SAP with the outer tag in the configured endstation-vid-group will generate down that virtual port a MVRP declaration for the new [outer] VLAN attribute. Also registration received for the VLAN attribute in the range will be accepted but not propagated in the rest of MVRP context.

VPLS-groups are not allowed under the associated Management VPLS (M-VPLS) when the endstation is configured under one SAP. VPLS-groups can be supported in the chassis using a different M-VPLS.

The no form of this command removes the specified group id.

Default

no endstation-vid-group

Parameters

id

Specifies the range index

Values

1 to 4094

startvid-endvid

Specifies the range of VLANs to be controlled by MVRP

Values

1 to 4094

Platforms

All

Context

[Tree] (config>service>sdp>class-forwarding enforce-diffserv-lsp-fc)

Full Context

configure service sdp class-forwarding enforce-diffserv-lsp-fc

Description

This command enables checking by RSVP that a Forwarding Class (FC) mapping to an LSP under the SDP configuration is compatible with the Diff-Serv Class Type (CT) configuration for this LSP.

When the user enables this option, the service manager inquires with RSVP if the FC is supported by the LSP. RSVP checks if the FC maps to the CT of the LSP, for example, the default class-type value or the class-type value entered at the LSP configuration level.

If RSVP did not validate the FC, then the service manager will return an error and the check has failed. In this case, packets matching this FC will be forwarded over the default LSP. Any addition of an LSP to an SDP that will not satisfy the FC check will also be rejected.

The service manager does not validate the default-lsp FC-to-CT mapping. Whether or not the FC is validated, the default-lsp will always end up being used in this case.

RSVP will not allow the user to change the CT of the LSP until no SDP with class-based forwarding enabled and the enforce-diffserv-lsp-fc option enabled is using this LSP. All other SDPs using this LSP are not concerned by this rule.

The SDP will continue to enforce the mapping of a single LSP per FC. However, when enforce-diffserv-lsp-fc enabled, RSVP will also enforce the use of a single CT per FC as per the user configured mapping in RSVP.

If class-forwarding is enabled but enforce-diffserv-lsp-fc is disabled, forwarding of the service packets will continue to be based on the user entered mapping of FC to LSP name without further validation as per the existing implementation. The CT of the LSP does not matter in this case.

If class-forwarding is not enabled on the SDP, forwarding of the service packets will continue to be based on the ECMP/LAG hash routine. The CT of the LSP does not matter in this case.

The no form of this command reverts to the default value which is to use the user entered mapping of FC to LSP name.

Default

no enforce-diffserv-lsp-fc

Platforms

All

Context

[Tree] (config>service>vprn>bgp enforce-first-as)

[Tree] (config>service>vprn>bgp>group enforce-first-as)

[Tree] (config>service>vprn>bgp>group>neighbor enforce-first-as)

Full Context

configure service vprn bgp enforce-first-as

configure service vprn bgp group enforce-first-as

configure service vprn bgp group neighbor enforce-first-as

Description

When this command is configured so that it applies to an EBGP session, all routes (belonging to all address families) that are received from the EBGP peer are checked to ensure that the most recent autonomous system number (ASN) in the AS_PATH attribute of each route matches the configured peer-as of the session; if it does not match, then either the session is reset (if update-fault-tolerance is not enabled) or the session is left up but the route is treated as withdrawn (if update-fault-tolerance is enabled).

Enabling or disabling this command on a session that is already up does not flap the session. When enforce-first-as is enabled, previously received routes are not checked for compliance with the rule. Enforcement applies only to routes received after the command is enabled and stops when the command is disabled.

Platforms

All

Context

[Tree] (config>router>bgp>group>neighbor enforce-first-as)

[Tree] (config>router>bgp>group enforce-first-as)

[Tree] (config>router>bgp enforce-first-as)

Full Context

configure router bgp group neighbor enforce-first-as

configure router bgp group enforce-first-as

configure router bgp enforce-first-as

Description

When this command is configured so that it applies to an EBGP session, all routes (belonging to all address families) that are received from the EBGP peer are checked to ensure that the most recent autonomous system number (ASN) in the AS_PATH attribute of each route matches the configured peer-as of the session; if it does not match, then either the session is reset (if update-fault-tolerance is not enabled) or the session is left up but the route is treated as withdrawn (if update-fault-tolerance is enabled).

Enabling or disabling this command on a session that is already up does not flap the session. When enforce-first-as is enabled, previously received routes are not checked for compliance with the rule. Enforcement applies only to routes received after the command is enabled and stops when the command is disabled.

Platforms

All

Context

[Tree] (config>service>vprn>bgp-evpn>mpls>auto-bind-tunnel enforce-strict-tunnel-tagging)

[Tree] (config>service>vpls>bgp-evpn>mpls>auto-bind-tunnel enforce-strict-tunnel-tagging)

[Tree] (config>service>epipe>bgp-evpn>mpls>auto-bind-tunnel enforce-strict-tunnel-tagging)

Full Context

configure service vprn bgp-evpn mpls auto-bind-tunnel enforce-strict-tunnel-tagging

configure service vpls bgp-evpn mpls auto-bind-tunnel enforce-strict-tunnel-tagging

configure service epipe bgp-evpn mpls auto-bind-tunnel enforce-strict-tunnel-tagging

Description

This command forces the system to only consider LSPs marked with an admin tag for next hop resolution. Untagged LSPs are not considered.

The no form of this command reverts to default value. While tagged RSVP and SR-TE LSPs are considered first, the system can fall back to using untagged LSPs of other types and does not exclude them depending on the auto-bind-tunnel configuration.

Default

no enforce-strict-tunnel-tagging

Platforms

All

Context

[Tree] (config>router>bgp>next-hop-resolution>shortcut-tunn>family enforce-strict-tunnel-tagging)

[Tree] (config>router>bgp>next-hop-resolution>labeled-routes>transport-tunnel>family enforce-strict-tunnel-tagging)

Full Context

configure router bgp next-hop-resolution shortcut-tunnel family enforce-strict-tunnel-tagging

configure router bgp next-hop-resolution labeled-routes transport-tunnel family enforce-strict-tunnel-tagging

Description

This command forces the system to only consider LSPs marked with an admin-tag for next-hop resolution. Untagged LSPs are not be considered.

The no form of this command reverts to the default behavior. While tagged RSVP and SR-TE LSPs will be considered first, the system can fall back to using tagged LSPs that are not explicitly excluded by a route admin tag policy and untagged LSPs of other types and not exclude them.

Default

no enforce-strict-tunnel-tagging

Platforms

All

Context

[Tree] (config>service>vprn>auto-bind-tunnel enforce-strict-tunnel-tagging)

Full Context

configure service vprn auto-bind-tunnel enforce-strict-tunnel-tagging

Description

Platforms

All

Context

[Tree] (config>test-oam>twamp>server enforce-test-session-start-time)

Full Context

configure test-oam twamp server enforce-test-session-start-time

Description

This command configures the router to check the signalled test-session start time against the server time and discard TWAMP test packets that arrive before the negotiated test-session start time.

The no form of this command configures the router to process all TWAMP test packets without checking the test-session start time against the server time.

Default

enforce-test-session-start-time

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>system>ip enforce-unique-if-index)

Full Context

configure system ip enforce-unique-if-index

Description

This command enables the options to force the creation of IP interface indexes so that they are globally unique across all routing contexts. In addition, the command ensures that any interface created using SNMP also has a system-wide unique IP interface index.

If this command is issued but the system has previously existing interface indexes that conflict, the command will be rejected until all the conflicts are removed. Pre-existing persistency tables should also be removed before enabling this system option.

The no form of the command disables this option and returns the system to the default behavior.

Default

no enforce-unique-if-index

Platforms

All

Context

[Tree] (config>router>bgp>next-hop-res>lbl-routes>transport-tunn>family enforce-untagged-route)

Full Context

configure router bgp next-hop-resolution labeled-routes transport-tunnel family enforce-untagged-route

Description

This command configures the enforcement of BGP routes with no administrative tag policy applied by modifying the next-hop resolution behavior for autobind services.

Default

enforce-untagged-route none

Parameters

none

Keyword to specify that untagged routes can bind to tagged or untagged LSPs.

untagged-tunnel

Keyword to specify that untagged routes can only bind to LSPs with no administrative tags configured. If both tagged and untagged tunnels to the next hop exist, the system only considers untagged tunnels. If no untagged tunnels to the next hop exist, the resolution of untagged routes also fails. This keyword may be used in combination with the enforce-strict-tunnel-tagging command, in which case tagged routes resolve to tagged LSPs and untagged routes only resolve to untagged LSPs.

Platforms

All

Context

[Tree] (config>router>bgp>next-hop-res>shortcut-tunn>family enforce-untagged-route)

Full Context

configure router bgp next-hop-resolution shortcut-tunnel family enforce-untagged-route

Description

This command configures the enforcement of BGP routes with no administrative tag policy applied by modifying the next-hop resolution behavior for autobind services.

Default

enforce-untagged-route none

Parameters

none

Keyword to specify that untagged routes can bind to tagged or untagged LSPs.

untagged-tunnel

Keyword to specify that untagged routes can only bind to LSPs with no administrative tags configured. If both tagged and untagged tunnels to the next hop exist, the system only considers untagged tunnels. If no untagged tunnels to the next hop exist, the resolution of untagged routes also fails. This keyword may be used in combination with the enforce-strict-tunnel-tagging command, in which case tagged routes resolve to tagged LSPs and untagged routes only resolve to untagged LSPs.

Platforms

All

Context

[Tree] (config>service>epipe>bgp-evpn>mpls>auto-bind-tunnel enforce-untagged-route)

Full Context

configure service epipe bgp-evpn mpls auto-bind-tunnel enforce-untagged-route

Description

This command configures the enforcement of BGP routes with no administrative tag policy applied by modifying the next-hop resolution behavior for autobind services.

Default

enforce-untagged-route none

Parameters

none

Keyword to specify that untagged routes can bind to tagged or untagged LSPs.

untagged-tunnel

Keyword to specify that untagged routes can only bind to LSPs with no administrative tags configured. If both tagged and untagged tunnels to the next hop exist, the system only considers untagged tunnels. If no untagged tunnels to the next hop exist, the resolution of untagged routes also fails. This keyword may be used in combination with the enforce-strict-tunnel-tagging command, in which case tagged routes resolve to tagged LSPs and untagged routes only resolve to untagged LSPs.

Platforms

All

Context

[Tree] (config>service>vpls>bgp-evpn>mpls>auto-bind-tunnel enforce-untagged-route)

Full Context

configure service vpls bgp-evpn mpls auto-bind-tunnel enforce-untagged-route

Description

This command configures the enforcement of BGP routes with no administrative tag policy applied by modifying the next-hop resolution behavior for autobind services.

Default

enforce-untagged-route none

Parameters

none

Keyword to specify that untagged routes can bind to tagged or untagged LSPs.

untagged-tunnel

Keyword to specify that untagged routes can only bind to LSPs with no administrative tags configured. If both tagged and untagged tunnels to the next hop exist, the system only considers untagged tunnels. If no untagged tunnels to the next hop exist, the resolution of untagged routes also fails. This keyword may be used in combination with the enforce-strict-tunnel-tagging command, in which case tagged routes resolve to tagged LSPs and untagged routes only resolve to untagged LSPs.

Platforms

All

Context

[Tree] (config>service>vprn>bgp-evpn>mpls>auto-bind-tunnel enforce-untagged-route)

Full Context

configure service vprn bgp-evpn mpls auto-bind-tunnel enforce-untagged-route

Description

This command configures the enforcement of BGP routes with no administrative tag policy applied by modifying the next-hop resolution behavior for autobind services.

Default

enforce-untagged-route none

Parameters

none

Keyword to specify that untagged routes can bind to tagged or untagged LSPs.

untagged-tunnel

Keyword to specify that untagged routes can only bind to LSPs with no administrative tags configured. If both tagged and untagged tunnels to the next hop exist, the system only considers untagged tunnels. If no untagged tunnels to the next hop exist, the resolution of untagged routes also fails. This keyword may be used in combination with the enforce-strict-tunnel-tagging command, in which case tagged routes resolve to tagged LSPs and untagged routes only resolve to untagged LSPs.

Platforms

All

Context

[Tree] (config>service>vprn>bgp-ipvpn>mpls>auto-bind-tunnel enforce-untagged-route)

Full Context

configure service vprn bgp-ipvpn mpls auto-bind-tunnel enforce-untagged-route

Description

This command configures the enforcement of BGP routes with no administrative tag policy applied by modifying the next-hop resolution behavior for autobind services.

Default

enforce-untagged-route none

Parameters

none

Keyword to specify that untagged routes can bind to tagged or untagged LSPs.

untagged-tunnel

Keyword to specify that untagged routes can only bind to LSPs with no administrative tags configured. If both tagged and untagged tunnels to the next hop exist, the system only considers untagged tunnels. If no untagged tunnels to the next hop exist, the resolution of untagged routes also fails. This keyword may be used in combination with the enforce-strict-tunnel-tagging command, in which case tagged routes resolve to tagged LSPs and untagged routes only resolve to untagged LSPs.

Platforms

All

Context

[Tree] (config>sys>security>dist-cpu-protection>policy>protocol enforcement)

Full Context

configure system security dist-cpu-protection policy protocol enforcement

Description

This command configures the enforcement method for the protocol.

Default

enforcement dynamic local-mon-bypass

Parameters

static

Specifies that the protocol is always enforced using a static-policer. Multiple protocols can reference the same static-policer. Packets of protocols that are statically enforced bypass any local monitors.

policer name

Specifies which static-policer to use.

dynamic

Specifies that a specific enforcement policer for this protocol for this SAP/object is instantiated when the associated local-monitoring-policer is determined to be in a nonconforming state (at the end of a minimum monitoring time of 60 seconds to reduce thrashing).

mon-policer-name

Specifies which local-monitoring-policer to use.

local-mon-bypass

This parameter is used to not include packets from this protocol in the local monitoring function, and when the local-monitor "trips”, do not instantiate a dynamic enforcement policer for this protocol.

Platforms

All

Context

[Tree] (config>system>snmp engineID)

Full Context

configure system snmp engineID

Description

This command sets the SNMP engine ID that uniquely identifies the SNMPv3 node.If unconfigured, the system uses an engine ID based on the information from the system backplane.If the SNMP engine ID is changed, the current configuration must be saved and a reboot must be executed. Otherwise, the previously configured SNMP communities and logger trap-target notify communities will not be valid for the new engine ID.

When replacing a chassis, configure the new router to use the same engine ID as the previous router. This preserves SNMPv3 security keys and allows management stations to use their existing authentication keys for the new router.

Ensure that the engine ID of each router is unique. A management domain can only maintain one instance of a specific engine ID.

The no form of the command configures the router to use the default value.

Parameters

engine-id

Specifies an identifier from 10 to 64 hexadecimal digits (5 to 32 octet number), uniquely identifying this SNMPv3 node. This string is used to access this node from a remote host with SNMPv3.

Platforms

All

Context

[Tree] (config>cflowd enhanced-distribution)

Full Context

configure cflowd enhanced-distribution

Description

This command enables the inclusion of the ingress port ID into the hash algorithm used to distribute cflowd sample traffic to cflowd processes running on the 7950 XRS CPM. By including this new attribute, cflowd may see better distribution of flows across processing tasks if there is a limited number of IP interfaces on which sampling is performed, but those interfaces use LAGs with a large number of port members.

By enabling this option, the same flow may be captured multiple times if packets are received on multiple ingress ports.

This command is only applicable to cflowd running on a 7950 XRS platform.

The no form of this command removes the command from the configuration and disables the inclusion of the ingress port ID in the cflowd hash algorithm.

Default

no enhanced-distribution

Platforms

7750 SR-2se, 7750 SR-7s, 7750 SR-14s, 7950 XRS

Context

[Tree] (config>qos>adv-config-policy>child-control>bandwidth-distribution enqueue-on-pir-zero)

Full Context

configure qos adv-config-policy child-control bandwidth-distribution enqueue-on-pir-zero

Description

This command is used to enable queuing of new packets when H-QoS determines that a queue should stop forwarding (operational PIR set to zero). The default behavior is to allow the queue to continue to use the previously determined operational PIR and set the queue’s MBS (Maximum Burst Size) to zero. This prevents new packets from being admitted to the queue until the PIR zero case terminates. The new behavior when enqueue-on-pir-zero is enabled is to set the operational PIR to zero and leave the queue’s MBS set to the normal value.

This command overrides the limit-pir-zero-drain command.

The no form of this command reverts to default behavior.

Platforms

All

Context

[Tree] (admin>certificate>est enroll)

Full Context

admin certificate est enroll

Description

This command enrolls a new certificate with Certificate Authority (CA) by the EST protocol specified with the est-profile name parameter with a imported private key specified by the key key-filename parameter.

The est-profile name specifies the authentication between the system and EST server.

The hash-alg hash-algorithm, subject-dn subject-dn, domain-name domain-names, and ip-addr ip-address parameters are used to generate the Certificate Signing Request (CSR) in the EST request message. The domain-name domain-names and ip-addr ip-address parameters are used as subject alternative names.

If validate-cert-chain is specified, the system validates the certificate’s chain of result certificate before importing it. The "certificate chain” is the chain of all the certificates from the result certificate to the issuing CA. The "result certificate” is the new certificate returned by EST server.

The result certificate is imported and saved with the filename specified by the output output-cert-filename. If force is specified, the system overwrites the existing file with same name as the output-cert-filename.

Parameters

name

Specifies EST profile name, up to 32 characters

key-filename

Specifies the filename of a key, up to 95 characters

output-cert-filename

Specifies the output certificate filename, up to 200 characters

hash-algorithm

Specifies the hash algorithm used in a certificate request.

Values

sha1, sha224, sha256, sha384, sha512

subject-dn

Specifies the distinguish name, up to 256 characters, used as the subject in a certificate request, including:

• C-Country

• ST-State

• O-Organization name

• OU-Organization Unit name

• CN-common name

This parameter is formatted as a text string including any of the preceding attributes. The attribute and its value is linked by using "=”, and ",” is used to separate different attributes.

For example: C=US,ST=CA,O=ALU,CN=SR12

Values

attr1=val1,attr2=val2

where: attrN={C | ST | O | OU | CN}, up to 256 characters

domain-names

Specifies domain names, up to 512 characters, separated by commas

ip-address

Specifies an IPv4 or IPv6 address string, up to 64 characters

validate-cert-chain

Specifies that the system validates the certificate’s chain of result certificate before importing it

force

Specifies that the system overwrites the existing file with same output-cert-filename

Platforms

All

Context

[Tree] (config>system>management-interface>cli>md-cli>environment>command-completion enter)

Full Context

configure system management-interface cli md-cli environment command-completion enter

Description

This command enables completion on the enter character.

The no form of this command reverts to the default value.

Default

enter

Platforms

All

Context

[Tree] (config>service>vpls>bgp-evpn>mpls entropy-label)

[Tree] (config>service>pw-template entropy-label)

[Tree] (config>service>vpls>mesh-sdp entropy-label)

[Tree] (config>service>vpls>spoke-sdp entropy-label)

[Tree] (config>service>epipe>spoke-sdp entropy-label)

[Tree] (config>service>ipipe>spoke-sdp entropy-label)

[Tree] (config>service>epipe>bgp-evpn>mpls entropy-label)

Full Context

configure service vpls bgp-evpn mpls entropy-label

configure service pw-template entropy-label

configure service vpls mesh-sdp entropy-label

configure service vpls spoke-sdp entropy-label

configure service epipe spoke-sdp entropy-label

configure service ipipe spoke-sdp entropy-label

configure service epipe bgp-evpn mpls entropy-label

Description

This command enables or disables the use of entropy labels for spoke SDPs.

If entropy-label is configured, the entropy label and ELI are inserted in packets for which at least one LSP in the stack for the far-end of the tunnel used by the service has advertised entropy-label-capability. If the tunnel is RSVP type, entropy-label can also be controlled under the config>router>mpls or config>router>mpls>lsp contexts.

The entropy label and hash label features are mutually exclusive. The entropy label cannot be configured on a spoke SDP or service where the hash label feature has already been configured.

Default

no entropy-label

Platforms

All

Context

[Tree] (config>service>ies>if>spoke-sdp entropy-label)

Full Context

configure service ies interface spoke-sdp entropy-label

Description

This command enables the use of entropy labels on a spoke-SDP bound to an IES interface.

If entropy-label is configured, the entropy label and ELI are inserted in packets for which at least one LSP in the stack for the far-end of the tunnel used by the service has advertised entropy-label-capability. If the tunnel is RSVP, entropy-label can also be controlled under the config>router>mpls or config>router>mpls>lsp contexts.

The entropy label and hash label features are mutually exclusive. The entropy label cannot be configured on a spoke-sdp or service where the hash label feature has already been configured.

Default

no entropy-label

Platforms

All

Context

[Tree] (config>service>vprn>if>spoke-sdp entropy-label)

[Tree] (config>service>vprn entropy-label)

Full Context

configure service vprn interface spoke-sdp entropy-label

configure service vprn entropy-label

Description

This command enables or disables the use of entropy labels for spoke SDPs on a VPRN.

If entropy-label is configured, the entropy label and ELI are inserted in packets for which at least one LSP in the stack for the far-end of the tunnel used by the service has advertised entropy-label-capability. If the tunnel is RSVP type, entropy-label can also be controlled under the config>router>mpls or config>router>mpls>lsp contexts.

The entropy label and the hash label features are mutually exclusive. The entropy label cannot be configured on a spoke SDP or service where the hash label feature has already been configured.

Default

no entropy-label

Platforms

All

Context

[Tree] (config>service>sdp>binding>pw-port entropy-label)

Full Context

configure service sdp binding pw-port entropy-label

Description

This command enables entropy label insertion on the PW port.

If this command is configured, the entropy label and ELI are inserted in packets for which at least one LSP in the stack for the far-end of the tunnel used by the service has advertised entropy label capability.

• If the tunnel is of type RSVP or SR-TE, the entropy-label must be enabled under the config>router>mpls or config>router>mpls>lsp contexts.

• If the tunnel is of type SR-ISIS, SR-OSPF or SR-TE, the override-tunnel-elc command must be configured under the config>router>isis or config>router>ospf contexts.

• If the tunnel is LDP, the entropy-level capability is configured under the configure>router>ldp context.

The entropy label is only applicable to PW ports bound to a static port, and not to ports using an FPE.

The no form of this command disables the entropy label insertion on the PW port.

Default

no entropy-label

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>router>mpls entropy-label)

Full Context

configure router mpls entropy-label

Description

This command configures the use of entropy labels for MPLS.

The entropy label (EL) and entropy label indicator (ELI) require the insertion of two additional labels in the label stack. In some cases, this may result in an unsupported label stack depth or large changes in the label stack depth during the lifetime of an LSP (for example, due to switching from a primary path with ELC enabled to a secondary path for which the far end has not signaled ELC).

This command provides control at the head end of an RSVP LSP or SR-TE LSP as to whether an EL is inserted on an LSP by ignoring the ELC signaled from the far-end LER, and to control how the additional label stack depth is accounted for.

By default, regardless of the value set for entropy label capability at the egress node, the ingress LER considers the EL and ELI in the label stack while sending the information to the TTM and NHLFE. The application using the LSP does not insert an EL and ELI in the label stack unless the far-end signals ELC and the application is configured to insert an entropy label.

When entropy-label is set to force-disable, the ingress LER does not consider EL and ELC in the label stack when sending the information to the TTM and NHLFE. Therefore, the system marks the TTM and NHLFE as ELC not supported, and applications do not insert an EL or ELI.

The entropy-label command value changes at either the MPLS level or the LSP level. The new operational value does not take effect until the LSP is re-signaled. A shutdown and no shutdown of the LSP is required to enable the new value.

The user can use the clear command or bounce MPLS itself (shutdown/no shutdown) to force the new value to take effect for a large numbers of LSPs.

Default

entropy-label rsvp-te enable

Parameters

rsvp-te

Applies the entropy-label command to RSVP LSPs.

sr-te

Applies the entropy-label command applies to SR-TE LSPs.

force-disable

Specifies that the ingress LER will not consider the EL and ELI in the label stack while sending the information to the TTM and NHLFE. The system marks the TTM and NHLFE as ELC not supported, and applications do not insert an EL or ELI in the label stack.

enable

Specifies that the ingress LER will consider what is signaled from the egress node for ELC for marking the NHLFE, while the TTM is always marked. Although applications only insert the entropy label if the far end signals ELC, the additional two labels of the EL and ELI are always accounted for.

Platforms

All

Context

[Tree] (config>router>mpls>lsp-template entropy-label)

[Tree] (config>router>mpls>lsp entropy-label)

Full Context

configure router mpls lsp-template entropy-label

configure router mpls lsp entropy-label

Description

This command configures the use of entropy labels for an LSP.

The entropy label (EL) and entropy label indicator (ELI) require the insertion of two additional labels in the label stack. In some cases, this may result in an unsupported label stack depth or large changes in the label stack depth during the lifetime of an LSP (for example, due to switching from a primary path with ELC enabled to a secondary path for which the far end has not signaled ELC).

This command provides control at the head end of an RSVP LSP or SR-TE LSP over whether an entropy label is inserted on an LSP by overriding the ELC signaled from the far-end LER, and control over how the additional label stack depth is accounted for.

By default, the value of entropy-label is inherited from the MPLS level. The command under the LSP context provides a means to override the default MPLS behavior on a per-LSP basis. For auto-LSPs, it can only be configured in LSP templates of type one-hope-p2p and mesh-p2p.

Under the LSP context, when the value of entropy-label is set to enable, the ingress LER will take into consideration what is signaled from the egress node for ELC when marking the NHLFE as entropy-label-capable. Since the value of entropy-label is set to enable at the LSP level, the system will always mark it in the TTM as entropy-label-capable regardless of the signaled value, in order to ensure that the potential additional label stack depth is accounted for. In this scenario, the TTM and NHLFE can be out of synchronization based on what is configured at the egress node. That is, the application will always account for the entropy label and ELI in the label stack without taking into consideration the signaled value of ELC.

When entropy-label is set to force-disable, the ingress LER will not consider EL and ELI in the label stack while sending the information to the TTM and NHLFE, regardless of what the far end signals. Therefore, the system will mark the TTM and NHLFE as ELC not supported, and applications will not insert an EL or ELI.

When the value of entropy-label changes at either the MPLS level or the LSP level, the new operational value will not take effect until the LSP is re-signaled. A shutdown and no shutdown of the LSP is required to enable the new value.

The user can use the clear command or bounce MPLS itself (shutdown and no shutdown) to force the new value to take effect for a large numbers of LSPs.

Default

entropy-label inherit

Parameters

force-disable

Indicates that the ingress LER will not consider the entropy label and ELI in the label stack while sending the information to the TTM and NHLFE. The system will mark the TTM and NHLFE as ELC not supported, and applications will not insert an EL or ELI in the label stack.

enable

Indicates that the ingress LER will take into consideration what is signaled from the egress node for ELC for marking the NHLFE, while the TTM is always marked. Therefore, although applications will only insert the entropy label if the far end signals ELC, the additional two labels of the entropy label EL and ELI are always accounted for.

inherit

Indicates that the value of entropy-label is inherited from the setting in the MPLS context.

Platforms

All

Context

[Tree] (config>router entropy-label)

Full Context

configure router entropy-label

Description

If entropy-label is configured, the Entropy label and Entropy Label Indicator is inserted on packets for which at least one LSP in the stack for the far-end of the LDP or RSVP tunnel used by an IGP or BGP shortcut has advertised entropy-label-capability. If the tunnel is of type RSVP, then entropy-label must also have been enabled under config>router>mpls or config>router>mpls>lsp.

This configuration will result in other traffic that is forwarded over an LDP or RSVP LSP for which this router is the LER, and for which there is no explicit service endpoint on this router, to have the EL/ELI enabled, subject to the LSP far-end advertising entropy-label-capability. An example of such traffic includes packets arriving on a stitched LDP LSP forwarded over an RSVP LSP.

Default

no entropy-label

Platforms

All

Context

[Tree] (config>router>ospf entropy-label)

[Tree] (config>router>isis entropy-label)

Full Context

configure router ospf entropy-label

configure router isis entropy-label

Description

Commands in this context configure entropy label capabilities for the routing protocol.

Platforms

All

Context

[Tree] (config>router>isis>segm-rtng entropy-label)

[Tree] (config>router>ospf>segm-rtng entropy-label)

Full Context

configure router isis segment-routing entropy-label

configure router ospf segment-routing entropy-label

Description

This command instructs the system to ignore any received IGP advertisements of entropy label capability relating to remote nodes in the network. It also prevents a user from configuring override-tunnel-elc for the IGP instance.

The no version of this command enables the processing of any received IGP advertisements of entropy label capability.

Default

entropy-label enable

Parameters

force-disable

Forces the system to ignore any received entropy label capability signaled in the IGP.

enable

Enables the system to process any received entropy label capability signaled in the IGP.

Platforms

All

Context

[Tree] (config>router>ldp entropy-label-capability)

[Tree] (config>router>rsvp entropy-label-capability)

Full Context

configure router ldp entropy-label-capability

configure router rsvp entropy-label-capability

Description

This command enables or disables ELC for RSV.

If entropy-label-capability is configured, then the system will signal (using the procedures specified in RFC 6790) that it is capable of receiving and processing the entropy label and ELI on incoming packets of RSVP and LDP LSPs.

If no entropy-label-capability is configured, then the system will not signal ELC. If an ELI is exposed on a packet where the tunnel label is popped at the termination of that LSP, and an entropy label is not configured, then the packet will be dropped.

Default

no entropy-label-capability

Platforms

All

Context

[Tree] (config>filter>dhcp6-filter entry)

[Tree] (config>filter>dhcp-filter entry)

Full Context

configure filter dhcp6-filter entry

configure filter dhcp-filter entry

Description

This command configures DHCP filter entries.

The no form of this command removes the entry from the configuration.

Parameters

entry-id

Specifies the entry ID.

Values

1 to 65535

create

This keyword is required when first creating the DHCP filter entry. Once the context is created, it is possible to navigate into the context without the create keyword.

Platforms

All

Context

[Tree] (config>subscr-mgmt>isa-svc-chain>vas-filter entry)

Full Context

configure subscriber-mgmt isa-service-chaining vas-filter entry

Description

This command configures an entry in the VAS filter.

The no form of this command removes the entry ID from the configuration.

Parameters

id

Specified an entry in the VAS filter.

Values

0 to 4294967295

create

Keyword used to create the entry ID instance. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>ancp>static-map entry)

Full Context

configure subscriber-mgmt ancp ancp-static-map entry

Description

This command configures an ANCP name. When ANCP is configured to provide rate adaptation without the use of enhanced subscriber management, this command will define how to map an ANCP key (usually the circuit-id of the DSLAM port) to either a SAP and a scheduler name (when a Multi-Service Site (MSS) is not used) or a customer, site and scheduler name when MSS is used.

Different ANCP names may be used with the same SAPs or customer ID/MSS combinations to allow schedulers within the policy to be mapped to the ANCP names. An ANCP string and SAP combination may reference only one ancp-policy. An ANCP string and customer and site-name combination may reference a single ancp-policy.

The no form of this command reverts to the default.

Parameters

ancp-string

Specifies the ASCII representation of the DSLAM circuit-id name, up to 63 characters.

customer-id

Specifies the associated existing customer ID.

Values

1 to 2147483647

customer-site-name

Specifies the associated customer’s configured MSS name, up to 32 characters.

policy-name

Specifies an existing ANCP policy name, up to 32 characters.

sap-id

Specifies the physical port identifier portion of the SAP definition.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>cat-map>category>exh-lvl>egr-ip entry)

[Tree] (config>subscr-mgmt>cat-map>category>exh-lvl>egr-ipv6 entry)

[Tree] (config>subscr-mgmt>cat-map>category>exh-lvl>ingr-ipv6 entry)

[Tree] (config>subscr-mgmt>cat-map>category>exh-lvl>ingr-ip entry)

Full Context

configure subscriber-mgmt category-map category exhausted-credit-service-level egress-ip-filter-entries entry

configure subscriber-mgmt category-map category exhausted-credit-service-level egress-ipv6-filter-entries entry

configure subscriber-mgmt category-map category exhausted-credit-service-level ingress-ipv6-filter-entries entry

configure subscriber-mgmt category-map category exhausted-credit-service-level ingress-ip-filter-entries entry

Description

This command configures the IP filter entry.

The no form of this command reverts to the default.

Parameters

entry-id

Specifies the entry ID.

Values

1 to 65535

create

Keyword used to create an entry. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>explicit-sub-map entry)

Full Context

configure subscriber-mgmt explicit-subscriber-map entry

Description

This command configures a subscriber identification string.

The no form of this command reverts to the default.

Parameters

sub-ident-string

Specifies the profile string, up to 32 characters.

sub-profile-name

Specifies an existing subscriber profile name, up to 32 characters.

sub-alias-string

Specifies an alias for the subscriber identification string, up to 64 characters.

sla-profile-name

Specifies an existing SLA profile, up to 32 characters.

app-profile-name

Specifies an app profile name up to 256 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>sub-ident-pol>app-profile-map entry)

Full Context

configure subscriber-mgmt sub-ident-policy app-profile-map entry

Description

This command configures an application profile string.

The no form of this command removes the values from the configuration.

Parameters

app-profile-string

Specifies the application profile string up to 16 characters.

app-profile-name

Specifies the application profile name up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>sub-ident-pol>sla-profile-map entry)

[Tree] (config>subscr-mgmt>sub-prof>sla-profile-map entry)

Full Context

configure subscriber-mgmt sub-ident-policy sla-profile-map entry

configure subscriber-mgmt sub-profile sla-profile-map entry

Description

This command configures an SLA profile string. Each subscriber identification string can be provisioned into a subscriber mapping table providing an explicit mapping of the string to a specific subscriber profile. This allows certain subscribers to be directly mapped to the appropriate subscriber profile in the event that the default mappings are not desired for the subscriber.

An explicit mapping of a subscriber identification string to a subscriber profile cannot be defined with the subscriber profile name default. It is possible for the subscriber identification string to be entered in the mapping table without a defined subscriber profile which can result in the explicitly defined subscriber to be associated with the subscriber profile named default.

Explicitly mapping a subscriber identification string to a subscriber profile will cause an existing active subscriber associated with the string to be reassigned to the newly mapped subscriber profile. An explicit mapping overrides all default subscriber profile definitions.

Attempting to delete a subscriber profile that is currently defined as in an explicit subscriber identification string mapping will fail.

The system will fail the removal attempt of an explicit subscriber identification string mapping to a subscriber profile definition when an active subscriber is using the mapping and cannot be reassigned to a defined default non-provisioned subscriber profile.

The no form of this command reverts to the default.

Parameters

sla-profile-string

Identifies the SLA profile string, up to 32 characters.

sla-profile-name

Identifies the SLA profile name, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>sub-ident-pol>sub-profile-map entry)

Full Context

configure subscriber-mgmt sub-ident-policy sub-profile-map entry

Description

This command configures a subscriber profile string.

The no form of this command reverts to the default.

Parameters

sub-profile-string

Specifies the subscriber profile string, up to 32 characters.

sub-profile-name

Specifies the subscriber profile name, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>accu-stats-policy entry)

Full Context

configure subscriber-mgmt accu-stats-policy entry

Description

This command defines the direction of the policer or queue to the stored and accumulated policy.

The no form of this command removes the entry.

Parameters

direction

Specifies the direction of the queue or policer.

Values

egress, ingress

type

Specifies whether the entry is for a queue or policer.

Values

queue, policer

id

Specifies the queue or policer ID.

Values

1 to 63

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>isa-filter entry)

[Tree] (config>subscr-mgmt>isa-filter>ipv6 entry)

Full Context

configure subscriber-mgmt isa-filter entry

configure subscriber-mgmt isa-filter ipv6 entry

Description

This command creates a new entry for this filter. When processing a packet, entries are matched in order, starting with the lowest entry-id. A maximum of 128 IPv4 and 128 IPv6 DSM filter entries are allowed.

The no form of this command removes the specified entry from the ISA filter.

Parameters

entry-id

Specifies the numeric identifier for the filter entry.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>router>radius-proxy>server>attribute-matching entry)

[Tree] (config>service>vprn>radius-proxy>server>attribute-matching entry)

Full Context

configure router radius-proxy server attribute-matching entry

configure service vprn radius-proxy server attribute-matching entry

Description

This command matches the specified prefix or suffix string with the selected accounting server policy or authentication server policy.

Parameters

entry

Specifies an entry ID.

Values

1 to 32

prefix-string

Specifies the prefix string for matching up to 128 characters. If the suffix-string is also used, the combined length cannot exceed 126 characters.

suffix-string

Specifies the suffix string for matching up to 126 characters. If the prefix-string is also used, the combined length cannot exceed 126 characters.

policy-name

Specifies the RADIUS accounting or authentication policy up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>mrp>mrp-policy entry)

Full Context

configure service mrp mrp-policy entry

Description

This command creates or edits an mrp-policy entry. Multiple entries can be created using unique entry-id numbers within the policy. The implementation exits the policy on the first match found and executes the actions in accordance with the accompanying action command. For this reason, entries must be sequenced correctly from most to least explicit. An entry may not have any match criteria defined (in which case, everything matches) but must have at least the keyword action for it to be considered complete. Entries without the action keyword will be considered incomplete and therefore will be rendered inactive.

The no form of this command removes the specified entry from the mrp-policy. Entries removed from the mrp-policy are immediately removed from all services where the policy is applied.

Parameters

entry-id

An entry-id uniquely identifies a match criteria and the corresponding action. It is recommended that multiple entries be given entry-ids in staggered increments. This allows users to insert a new entry in an existing policy without requiring renumbering of all the existing entries.

Values

1 to 65535

create

Keyword; required when first creating the configuration context. When the context is created, one can navigate into the context without the create keyword.

Platforms

All

Context

[Tree] (config>service>vpls>isid-policy entry)

Full Context

configure service vpls isid-policy entry

Description

This command creates or edits an ISID policy entry. Multiple entries can be created using unique entry-id numbers within the ISID policy.

entry-id — Specifies an entry-id uniquely identifies a ISID range and the corresponding actions. This allows users to insert a new entry in an existing policy without requiring renumbering of all the existing entries.

The following rules govern the usage of multiple entry statements:

• overlapping values are allowed:

  • isid from 301 to 310

  • isid from 305 to 315

  • isid 316

• the minimum and maximum values from overlapping ranges are considered and displayed. The above entries will be equivalent with "isid from 301 to 316” statement.

• there is no consistency check with the content of ISID statements from other entries. The entries will be evaluated in the order of their IDs and the first match will cause the implementation to execute the associated action for that entry.

no isid - removes all the previous statements under one entry.

no isid value | from value to higher-value - removes a specific ISID value or range. Must match a previously used positive statement: for example, if the command "isid 16 to 100” was used using "no isid 16 to 50”, it will not work but "no isid 16 to 100 will be successful.

Values 1 to 65535

Default

no entry

Parameters

range-entry-id

Specifies the ID of the ISID policy to be created or edited

Values

1 to 8191

create

Required when first creating the configuration context. Once the context is created, one can navigate into the context without the create keyword.

Platforms

All

Context

[Tree] (config>service>vprn>log>filter entry)

Full Context

configure service vprn log filter entry

Description

This command is used to create or edit an event filter entry. Multiple entries may be created using unique entry-id values. The SR OS implementation exits the filter on the first match found and executes the action in accordance with the action command.

Comparisons are performed in an ascending entry ID order. When entries are created, they should be arranged sequentially from the most explicit entry to the least explicit. Matching ceases when a packet matches an entry. The entry action is performed on the packet, either drop or forward. To be considered a match, the packet must meet all the conditions defined in the entry.

An entry may not have any match criteria defined (in which case, everything matches) but must have at least the keyword action for it to be considered complete. Entries without the action keyword will be considered incomplete and are rendered inactive.

By default, no filter entries are defined. Entries must be explicitly configured.

The no form of this command removes the specified entry from the event filter. Entries removed from the event filter are immediately removed from all log-id’s where the filter is applied.

Default

No event filter entries are defined. An entry must be explicitly configured.

Parameters

entry-id

The entry ID uniquely identifies a set of match criteria corresponding action within a filter. Entry ID values should be configured in staggered increments so you can insert a new entry in an existing policy without renumbering the existing entries.

Values

1 to 999

name entry-name

Configures an optional entry name for the event filter, up to 64 characters, that can be used to refer to the entry after it is created.

Platforms

All

Context

[Tree] (config>app-assure>group>policy>app-filter entry)

Full Context

configure application-assurance group policy app-filter entry

Description

This command creates an application filter entry.

App filter entries are an ordered list, the lowest numerical entry that matches the flow defines the application for that flow.

An application filter entry or entries configures match attributes of an application.

The no form of this command deletes the specified application filter entry.

Parameters

entry-id

Specifies an integer that identifies an app-filter entry.

Values

1 to 65535

create

Keyword used to create the entry.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>app-assure>group>policy>aqp entry)

Full Context

configure application-assurance group policy app-qos-policy entry

Description

This command creates an application QoS policy entry. A flow that matches multiple Application QoS policies (AQP) entries will have multiple AQP entries actions applied. When a conflict occurs for two or more actions, the action from the AQP entry with the lowest numerical value takes precedence.

The no form of this command deletes the specified application QoS policy entry.

Parameters

entry-id

An integer identifying the AQP entry.

Values

1 to 65535

create

Mandatory keyword creates the entry. The create keyword requirement can be enabled/disabled in the environment>create context.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>app-assure>group>sess-fltr entry)

Full Context

configure application-assurance group session-filter entry

Description

This command configures a particular Application-Assurance session filter match entry. Every session filter can have zero or more session filter match entries. An application filter entry or entries configures match attributes of an application.

The no form of this command deletes the specified entry.

Parameters

entry-id

Specifies an integer that identifies the entry.

Values

1 to 65535

create

Keyword used to create the entry.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>app-assure>group>statistics>tca>gtp-fltr>msg entry)

Full Context

configure application-assurance group statistics threshold-crossing-alert gtp-filter message-type entry

Description

This command configures a TCA for the counter capturing hits for the specified GTP filter entry. A GTP filter entry TCA can be created for traffic generated from the subscriber side of AA (from-sub) or for traffic generated from the network toward the AA subscriber (to-sub). The create keyword is mandatory when creating a default action TCA.

Parameters

entry-id

Specifies the GTP filter message-type entry identifier.

Values

1 to 255

direction

Specifies the traffic direction.

Values

from-sub, to-sub

create

Keyword used to create the TCA.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>app-assure>group>statistics>tca>gtp-fltr>msg-gtpv2 entry)

Full Context

configure application-assurance group statistics threshold-crossing-alert gtp-filter message-type-gtpv2 entry

Description

This command configures a TCA for the counter capturing hits for the specified GTPv2 message type filter entry. A GTP filter entry TCA can be created for traffic generated from the subscriber side of AA (from-sub) or for traffic generated from the network toward the AA subscriber (to-sub). The create keyword is mandatory when creating an entry TCA.

Parameters

entry-id

Specifies the GTP filter message-type-gtpv2 entry identifier.

Values

516 to 770

direction

Specifies the traffic direction.

Values

from-sub, to-sub

create

Keyword used to create the TCA.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>app-assure>group>stats>tca>gtp-fltr>imsi-apn-filter entry)

Full Context

configure application-assurance group statistics threshold-crossing-alert gtp-filter imsi-apn-filter entry

Description

This command configures a TCA for the counter capturing hits for the specified IMSI-APN filter entry. A GTP IMSI-APN filter entry TCA can be created for traffic generated from the subscriber side of AA (from-sub) or for traffic generated from the network toward the AA subscriber (to-sub). The create keyword is mandatory when creating an entry TCA.

Parameters

entry-id

Specifies the identifier for the IMSI-APN filter entry.

Values

1031 to 2030

direction

Specifies the traffic direction.

Values

from-sub, to-sub

create

Keyword used to create the TCA.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>app-assure>group>statistics>tca>sctp-fltr>ppid entry)

Full Context

configure application-assurance group statistics threshold-crossing-alert sctp-filter ppid entry

Description

This command configures a TCA for the counter capturing hits for the specified SCTP filter PPID entry. An SCTP filter entry TCA can be created for traffic generated from the subscriber side of AA (from-sub) or for traffic generated from the network toward the AA subscriber (to-sub). The create keyword is mandatory when creating a TCA.

Parameters

entry-id

Specifies the SCTP filter PPID entry identifier.

Values

1 to 255

direction

Specifies the traffic direction.

Values

from-sub, to-sub

create

Keyword used to create the TCA.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>app-assure>group>statistics>tca>session-filter entry)

Full Context

configure application-assurance group statistics threshold-crossing-alert session-filter entry

Description

This command configures a TCA for the counter capturing hits for the specified session filter entry. A session filter entry TCA can be created for traffic generated from the subscriber side of AA (from-sub) or for traffic generated from the network toward the AA subscriber (to-sub). The create keyword is mandatory when creating a TCA.

Parameters

entry-id

Specifies the SCTP filter PPID entry identifier.

Values

1 to 65535

direction

Specifies the traffic direction.

Values

from-sub, to-sub

create

Keyword used to create the TCA.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>app-assure>group>gtp>gtp-fltr>imsi-apn-fltr entry)

Full Context

configure application-assurance group gtp gtp-filter imsi-apn-filter entry

Description

This command configures an entry within the IMSI-APN filter to allow for IMSI-APN match and action configuration.

Parameters

entry-id

Specifies the index into the IMSI-APN list that defines a custom filtering action.

Values

1031 to 2030

create

Keyword used to create the entry.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>app-assure>group>gtp>gtp-fltr>msg entry)

Full Context

configure application-assurance group gtp gtp-filter message-type entry

Description

This command configures an entry for a specific GTPv1 message type value.

Parameters

entry-id

Specifies the index into the GTP message value list that defines a custom message-type action.

Values

1 to 255

gtp-message-value

Specifies the GTPv1 message type, either as a numeric value or as a string.

Values

1 to 255 or 256 characters {echo-request, echo-response, error-indication, g-pdu, supported-extension-headers-notification}

permit | deny

Specifies the action to take for packets that match this GTP filter message entry.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>app-assure>group>gtp>gtp-fltr>msg-gtpv2 entry)

Full Context

configure application-assurance group gtp gtp-filter message-type-gtpv2 entry

Description

This command configures an entry for a specific GTPv2 message type value.

Default

entry permit

Parameters

entry-id

Specifies the index into the GTP message value list that defines a custom message-type action.

Values

516 to 770

gtpv2-message-value

Specifies the GTPv2 message type, either as a numeric value or as a string.

Values

1 to 255 or 256 characters (such as: echo-request, echo-response, create-session-request, modify-bearer-request, change-notification-request, change-notification-response, modify-bearer-response, create-session-response, delete-session-request, delete-session-response, remote-ue-report-notification, remote-ue-report-acknowledge)

permit | deny

Specifies the action to take for packets that match this GTP filter message entry.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>app-assure>group>sctp-fltr>ppid entry)

Full Context

configure application-assurance group sctp-filter ppid entry

Description

This command specifies if an SCTP PPID value is allowed or not.

The no form of this command removes this PPID. In which case, the default action for the sctp-filter>ppid is applied.

Parameters

entry-id

Specifies the SCTP filter PPID entry identifier.

ppid-value

Specifies the PPID value, either as numeric value or as a string.

Values

0 to 4294967295 D, 256 chars max

action {permit | deny}

Specifies to allow or deny the configured PPID.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>app-assure>group>transit-prefix-policy entry)

Full Context

configure application-assurance group transit-prefix-policy entry

Description

This command configures the index to a specific entry of a transit prefix policy.

The no form of this command removes the entry ID from the transit prefix policy configuration.

Parameters

entry-id

Specifies a transit prefix policy entry.

Values

1 to 4294967295

create

Keyword used when creating an entry.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>ipsec>cert-profile entry)

Full Context

configure ipsec cert-profile entry

Description

This command configures the certificate profile entry information

The no form of this command removes the entry-id value from the cert-profile configuration.

Parameters

entry-id

Specifies the entry ID.

Values

1 to 8

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>ipsec>ts-list>remote entry)

[Tree] (config>ipsec>ts-list>local entry)

Full Context

configure ipsec ts-list remote entry

configure ipsec ts-list local entry

Description

This command creates a new TS-list entry or enables the context to configure an existing TS-list entry.

The no form of this command removes the entry from the local or remote configuration.

Parameters

entry-id

Specifies the entry ID

Values

1 to 32

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>router>ipsec>sec-plcy entry)

[Tree] (config>service>vprn>ipsec>sec-plcy entry)

Full Context

configure router ipsec security-policy entry

configure service vprn ipsec security-policy entry

Description

This command configures an IPsec security policy entry.

Parameters

entry-id

Specifies the IPsec security policy entry.

Values

1 to 16

create

Keyword used to create the security policy entry instance. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

VSR

• configure router ipsec security-policy entry

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

• configure service vprn ipsec security-policy entry

Context

[Tree] (config>service>nat>nat-classifier entry)

Full Context

configure service nat nat-classifier entry

Description

This command creates or edits a nat-classifier entry. Multiple entries can be created using unique entry-id numbers within the nat-classifier. Entries must be sequenced from most to least explicit. An entry may not have any match criteria defined, in which case all UDP traffic will be matched. In case that the action is not explicitly configured, a default-action will be applied.

The no form of the command removes the specified entry from the filter. Entries removed from the nat-classifier are immediately removed from all entities to which the nat-classifier is applied.

Parameters

entry-id

Specifies an entry-id that uniquely identifies a match criteria and the corresponding action. It is recommended that multiple entries be given entry-ids in staggered increments. This allows users to insert a new entry in an existing policy without requiring renumbering of all the existing entries.

Values

1 to 1000

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>li>li-filter>li-ipv6-filter entry)

[Tree] (config>li>li-filter>li-ip-filter entry)

[Tree] (config>li>li-filter>li-mac-filter entry)

Full Context

configure li li-filter li-ipv6-filter entry

configure li li-filter li-ip-filter entry

configure li li-filter li-mac-filter entry

Description

This command creates or edits a Lawful Interception filter entry. Multiple entries can be created using unique entry-id numbers within the filter.

An entry in an LI filter always has an implicit action of "forward”.

The no form of this command removes the specified entry from the filter. Entries removed from the filter are immediately removed from all services or network ports where the associated filter is applied.

LI filter entries can be used as li-source entries.

The entry numbers for LI filters serve purely as keys for managing the entries (deleting entries, and so on). The order of LI filter entries is not guaranteed to match the entry numbers and the software may reorder entries. Operators must use LI entries in a manner such that relative order of the LI entries amongst themselves is not important.

The no form of this command removes the LI entry ID from the configuration.

Parameters

li-entry-id

Identifies the Lawful Interception filter entry.

Values

1 to 65536

Platforms

All

Context

[Tree] (config>qos>sap-ingress>ipv6-criteria entry)

[Tree] (config>qos>sap-egress>ipv6-criteria entry)

[Tree] (config>qos>sap-ingress>mac-criteria entry)

[Tree] (config>qos>sap-ingress>ip-criteria entry)

[Tree] (config>qos>sap-egress>ip-criteria entry)

Full Context

configure qos sap-ingress ipv6-criteria entry

configure qos sap-egress ipv6-criteria entry

configure qos sap-ingress mac-criteria entry

configure qos sap-ingress ip-criteria entry

configure qos sap-egress ip-criteria entry

Description

This command is used to create or edit an IP, IPv6, or MAC criteria entry for the policy. Multiple entries can be created using unique entry-id numbers.

The list of flow criteria is evaluated in a top-down manner with the lowest entry ID at the top and the highest entry ID at the bottom. If the defined match criteria for an entry within the list matches the information in the egress packet, the system stops matching the packet against the list and performs the matching entries reclassification actions. If none of the entries match the packet, the IP flow reclassification list has no effect on the packet.

An entry is not populated in the list unless the action command is executed for the entry. An entry that is not populated in the list has no effect on egress packets. If the action command is executed without any explicit reclassification actions specified, the entry is populated in the list allowing packets matching the entry to exit the list, preventing them from matching entries lower in the list. Since this is the only flow reclassification entry that the packet matched and this entry explicitly states that no reclassification action is to be performed, the matching packet will not be reclassified.

The no form of this command removes the specified entry from the policy. Entries removed from the policy are immediately removed from all services where that policy is applied.

Parameters

entry-id

The entry-id, expressed as an integer, uniquely identifies a match criterion and the corresponding action. It is recommended that multiple entries be given entry-ids in staggered increments. This allows users to insert a new entry in an existing policy without requiring renumbering of all the existing entries.

An entry cannot have any match criteria defined (in which case, everything matches) but must have at least the keyword action fc fc-name for it to be considered complete. Entries without the action keyword will be considered incomplete and, therefore, will be rendered inactive.

Values

1 to 65535

create

Required parameter when creating a flow entry when the system is configured to require the explicit use of the keyword to prevent accidental object creation. Objects may be accidentally created when this protection is disabled and an object name is mistyped when attempting to edit the object. This keyword is not required when the protection is disabled. The keyword is ignored when the flow entry already exists.

Platforms

All

Context

[Tree] (config>qos>network>egress>ip-criteria entry)

[Tree] (config>qos>network>ingress>ip-criteria entry)

[Tree] (config>qos>network>ingress>ipv6-criteria entry)

[Tree] (config>qos>network>egress>ipv6-criteria entry)

Full Context

configure qos network egress ip-criteria entry

configure qos network ingress ip-criteria entry

configure qos network ingress ipv6-criteria entry

configure qos network egress ipv6-criteria entry

Description

This command is used to create or edit an IP or IPv6 criteria entry for the policy. Multiple entries can be created using unique entry numbers.

The list of flow criteria is evaluated in a top-down manner with the lowest entry ID at the top and the highest entry ID at the bottom. If the defined match criteria for an entry within the list matches the information in the packet, the system stops matching the packet against the list and performs the matching entries reclassification actions. If none of the entries match the packet, the IP flow reclassification list has no effect on the packet.

An entry is not populated in the list unless the action command is executed for the entry. An entry that is not populated in the list has no effect on ingress packets. If the action command is executed without any explicit reclassification actions specified, the entry is populated in the list allowing packets matching the entry to exit the list, preventing them from matching entries lower in the list. Since this is the only flow reclassification entry that the packet matched, and this entry explicitly states that no reclassification action is to be performed, the matching packet will not be reclassified.

The configuration of egress prec/DSCP classification and the configuration of an egress IP criteria or IPv6 criteria entry statement within a network QoS policy are mutually exclusive.

Network QoS policies containing egress ip-criteria or ipv6-criteria entry statements are only applicable to network interfaces. Configuration of ip-criteria or ipv6-criteria entry statements in a network egress QoS policy and the application of the policy on any object other than a GRT network interface are mutually exclusive.

The no form of this command removes the specified entry from the policy. Entries removed from the policy are immediately removed from all services to which that policy is applied.

Parameters

entry-id

The entry identifier, expressed as an integer, uniquely identifies a match criterion and the corresponding action. It is recommended that multiple entries be given entry identifiers in staggered increments. This allows users to insert a new entry in an existing policy without requiring renumbering of all the existing entries.

An entry cannot have any match criteria defined (in which case, everything matches) but must have at least the keyword action fc fc-name profile profile for it to be considered complete. Entries without the action keyword will be considered incomplete and will be rendered inactive.

Values

1 to 65535

create

Required parameter when creating a flow entry when the system is configured to require the explicit use of the keyword to prevent accidental object creation. Objects may be accidentally created when this protection is disabled, and an object name is mistyped when attempting to edit the object. This keyword is not required when the protection is disabled. The keyword is ignored when the flow entry already exists.

Platforms

All

Context

[Tree] (config>filter>ipv6-exception entry)

[Tree] (config>filter>ip-filter entry)

[Tree] (config>filter>ipv6-filter entry)

[Tree] (config>filter>mac-filter entry)

[Tree] (config>filter>ip-exception entry)

Full Context

configure filter ipv6-exception entry

configure filter ip-filter entry

configure filter ipv6-filter entry

configure filter mac-filter entry

configure filter ip-exception entry

Description

This command creates or edits an IPv4, IPv6, MAC, IP exception filter, or IPv6 exception filter entry. Multiple entries can be created using unique entry-id numbers within the filter. Entries must be sequenced from most to least explicit.

An entry may not have any match criteria defined (in which case everything matches) but must have at least the keyword action for it to be considered complete. Entries without the action keyword will be considered incomplete and hence will be rendered inactive.

The no form of the command removes the specified entry from the filter. Entries removed from the filter are immediately removed from all services or network ports where that filter is applied.

Parameters

entry-id

Uniquely identifies a match criteria and the corresponding action. It is recommended that multiple entries be given entry-id in staggered increments. This allows users to insert a new entry in an existing policy without requiring to renumbering all the existing entries. The parameter is expressed as a decimal integer.

Values

1 to 2097151

create

This keyword is required to create the configuration context. Once the context is created, the user can enable the context with or without the create keyword.

Platforms

VSR

• configure filter ipv6-exception entry
• configure filter ip-exception entry

All

• configure filter ipv6-filter entry
• configure filter ip-filter entry
• configure filter mac-filter entry

Context

[Tree] (config>log>filter entry)

Full Context

configure log filter entry

Description

This command creates or edits an event filter entry. Multiple entries can be created using unique entry-id values. The SR OS implementation exits the filter on the first match found and executes the action in accordance with the action command.

Comparisons are performed in an ascending entry ID order. When entries are created, they should be arranged sequentially from the most explicit entry to the least explicit. Matching ceases when a packet matches an entry. The entry action is performed on the packet, either drop or forward. To be considered a match, the packet must meet all the conditions defined in the entry.

An entry may not have any match criteria defined (in which case, everything matches) but must have at least the keyword action for it to be considered complete. Entries without the action keyword will be considered incomplete and are rendered inactive.

By default, no filter entries are defined. Entries must be explicitly configured.

The no form of this command removes the specified entry from the event filter. Entries removed from the event filter are immediately removed from all log-id’s where the filter is applied.

Parameters

entry-id

The entry ID uniquely identifies a set of match criteria corresponding action within a filter. Entry ID values should be configured in staggered increments so you can insert a new entry in an existing policy without renumbering the existing entries.

Values

1 to 999

name entry-name

Configures an optional entry name for the event filter, up to 64 characters, that can be used to refer to the entry after it is created.

Platforms

All

Context

[Tree] (config>log>event-handling>handler>action-list entry)

Full Context

configure log event-handling handler action-list entry

Description

This command configures an EHS handler action-list entry. A handler can have multiple actions where each action, for example, could request the execution of a different script. When the handler is triggered it will walk through the list of configured actions.

The no form of this command removes the specified EHS handler action-list entry.

Parameters

entry-id

Specifies the identifier of the EHS handler entry.

Values

1 to 1500

Platforms

All

Context

[Tree] (config>system>security>mgmt-access-filter>ipv6-filter entry)

[Tree] (config>system>security>mgmt-access-filter>ip-filter entry)

[Tree] (config>system>security>mgmt-access-filter>mac-filter entry)

Full Context

configure system security management-access-filter ipv6-filter entry

configure system security management-access-filter ip-filter entry

configure system security management-access-filter mac-filter entry

Description

This command is used to create or edit a management access IP(v4), IPv6, or MAC filter entry. Multiple entries can be created with unique entry-id numbers. The OS exits the filter upon the first match found and executes the actions according to the respective action command. For this reason, entries must be sequenced correctly from most to least explicit.

An entry may not have any match criteria defined (in which case, everything matches) but must have at least the keyword action defined to be considered complete. Entries without the action keyword are considered incomplete and inactive.

The no form of this command removes the specified entry from the management access filter.

Parameters

entry-id

Specifies an entry ID uniquely identifies a match criteria and the corresponding action. It is recommended that entries are numbered in staggered increments. This allows users to insert a new entry in an existing policy without having to renumber the existing entries.

Values

1 to 9999

Platforms

All

Context

[Tree] (config>sys>sec>cpm>ip-filter entry)

[Tree] (config>sys>sec>cpm>ipv6-filter entry)

[Tree] (config>sys>sec>cpm>mac-filter entry)

Full Context

configure system security cpm-filter ip-filter entry

configure system security cpm-filter ipv6-filter entry

configure system security cpm-filter mac-filter entry

Description

This command specifies a particular CPM filter match entry. Every CPM filter must have at least one filter match entry. Entries are created and deleted by user.

The default match criteria is match none.

Parameters

entry-id

Identifies a CPM filter entry as configured on this system.

Values

1 to 131072

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>sys>security>cpu-protection>policy>eth-cfm entry)

Full Context

configure system security cpu-protection policy eth-cfm entry

Description

Builds the specific match and rate criteria. Up to ten entries may exist in up to four CPU protection policies.

The no form of this command reverses the match and rate criteria configured.

Default

no entry

Parameters

rate

Specifies a packet rate limit in frames per second, where a "0” means drop all.

Values

1 to 100

level

Specifies a domain level.

Values

all: Wildcard entry level

range: 0 to 7: within specified range, multiple ranges allowed

number: 0 to 7: specific level number, may be combined with range

opcode

Specifies an operational code that identifies the application.

Values

range: 0 to 255: within specified range, multiple ranges allowed

number: 0 to 255: specific level number, may be combined with range

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS

Context

[Tree] (config>system>security>profile entry)

Full Context

configure system security profile entry

Description

This command is used to create a user profile entry.

More than one entry can be created with unique entry-id numbers. Exits when the first match is found and executes the actions according to the accompanying action command. Entries should be sequenced from most explicit to least explicit.

An entry may not have any match criteria defined (in which case, everything matches) but must have at least the keyword action for it to be considered complete.

The no form of this command removes the specified entry from the user profile.

Parameters

entry-id

Specifies an entry-id that uniquely identifies a user profile command match criteria and a corresponding action. If more than one entry is configured, the entry-ids should be numbered in staggered increments to allow users to insert a new entry without requiring renumbering of the existing entries.

Values

1 to 9999

Platforms

All

Context

[Tree] (config>system>security>keychain>direction>uni>send entry)

[Tree] (config>system>security>keychain>direction>uni>receive entry)

[Tree] (config>system>security>keychain>direction>bi entry)

Full Context

configure system security keychain direction uni send entry

configure system security keychain direction uni receive entry

configure system security keychain direction bi entry

Description

This command defines a particular key in the keychain. Entries are defined by an entry ID. A keychain must have valid entries for the TCP Enhanced Authentication mechanism to work.

If the entry is the active entry for sending, then this causes a new active key to be selected (if one is available using the youngest key rule). If it is the only possible key to send, then the system rejects the command with an error indicating the configured key is the only available send key.

If the key is one of the eligible keys for receiving, it will be removed. If the key is the only possible eligible key, then the command is accepted, and an error indicating that this is the only eligible key will be generated.

The no form of this command removes the entry from the keychain.

Parameters

entry-id

Specifies an entry that represents a key configuration to be applied to a keychain.

Values

0 to 63, null-key

key

Specifies a key ID which is used along with keychain-name and direction to uniquely identify this particular key entry.

authentication-key

Specifies the authentication-key that is used by the encryption algorithm. The key is used to sign and authenticate a protocol packet.

The authentication-key can be any combination of letters or numbers.

Values

A key must be 160 bits for algorithm hmac-sha-1-96 and must be 128 bits for algorithm aes-128-cmac-96. If the key given with the entry command amounts to less than this number of bits, then it is padded internally with zero bits up to the correct length.

algorithm

Specifies an enumerated integer that indicates the encryption algorithm to be used by the key defined in the keychain.

Values

aes-128-cmac-96 — Specifies an algorithm based on the AES standard for TCP authentication as described in RFC 4494 for BGP and LDP.

aes-128-cmac-128 — Specifies an algorithm based on the AES standard as described in RFC 4493 for NTP.

aes-128-gcm-16 — Specifies an algorithm used for MCS.

hmac-sha-1-96 — Specifies an algorithm based on SHA-1 for RSVP-TE and TCP authentication.

message-digest — MD5 hash used for TCP authentication.

hmac-md5 — MD5 hash used for IS-IS and RSVP-TE.

password – Specifies a simple password authentication for OSPF, IS-IS, and RSVP-TE.

hmac-sha-1 — Specifies the sha-1 algorithm for OSPF, IS-IS, and RSVP-TE.

hmac-sha-256 — Specifies the sha-256 algorithm for OSPF and IS-IS.

hash-key | hash2-key | custom-key

Specifies the hash key. The key can be any combination of ASCII characters up to 33 for the hash-key and 96 characters for the hash2-key (encrypted). If spaces are used in the string, enclose the entire string in quotation marks (" ”).

This is useful when a user must configure the parameter, but, for security purposes, the actual unencrypted key value is not provided.

hash

Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

hash2

Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

custom

Specifies a custom hash version is used while saving the configuration files.

Platforms

All

Context

[Tree] (config>system>security>tls>cert-profile entry)

Full Context

configure system security tls cert-profile entry

Description

This command configures an entry for the TLS certificate profile. A certificate profile may have up to eight entries. Currently, TLS uses the entry with the smallest ID number when responding to server requests.

The no form of the command deletes the specified entry.

Parameters

entry-id

Specifies the identification number of the TLS certificate profile entry.

Values

1 to 8

create

Keyword used to create the TLS certificate profile entry.

Platforms

All

Context

[Tree] (config>router>policy-options>as-path-group entry)

Full Context

configure router policy-options as-path-group entry

Description

This command creates the context to edit route policy entries within an autonomous system path group.

Multiple entries can be created using unique entries. The router exits the filter when the first match is found and executes the action specified. For this reason, entries must be sequenced correctly from most to least explicit.

An entry does not require matching criteria defined (in which case, everything matches) but must at least define an action in order to be considered complete. Entries without an action are considered incomplete and will be rendered inactive.

The no form of this command removes the specified entry from the autonomous system path group.

Parameters

entry-id

Specifies the entry ID expressed as a decimal integer. An entry-id uniquely identifies match criteria and the corresponding action. Nokia recommends that multiple entries be given entry-ids in staggered increments. This allows users to insert a new entry in an existing policy without requiring renumbering of all the existing entries.

Values

1 to 128

regular-expression

Specifies the AS path group regular expression. Allowed values are any string up to 255 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes.

An AS path in a BGP route matches an AS path group, if the pattern of the path matches the concatenation of all regular expressions in the group. A regular expression incorporates terms and operators that use the terms. An individual AS number is an elementary term in the AS path regular expression. More complex terms can be built from elementary terms. The following are key operators supported by SR OS:

• .

• *

• ?

• {n}

• {m,n}

• {m, }

To reverse the match criteria when specifying a list of ranges or single values using square brackets, use the non-match operator (^) before the elements within the square brackets.

Platforms

All

Context

[Tree] (config>router>policy-options>policy-statement entry)

Full Context

configure router policy-options policy-statement entry

Description

This command creates the context to edit route policy entries within the route policy statement.

Multiple entries can be created using unique entries. The router exits the filter when the first match is found and executes the action specified. For this reason, entries must be sequenced correctly from most to least explicit.

An entry does not require matching criteria defined (in which case, everything matches) but must have at least define an action in order to be considered complete. Entries without an action are considered incomplete and will be rendered inactive.

The no form of this command removes the specified entry from the route policy statement.

Parameters

entry-id

Specifies the entry ID expressed as a decimal integer. An entry-id uniquely identifies match criteria and the corresponding action. It is recommended that multiple entries be given entry-ids in staggered increments. This allows users to insert a new entry in an existing policy without requiring renumbering of all the existing entries.

Values

1 to 128

Platforms

All

Context

[Tree] (config>app-assure>group>url-filter>web-service>classification-overrides entry)

Full Context

configure application-assurance group url-filter web-service classification-overrides entry

Description

This command creates a classification override, manually setting the category of a hostname.

The no form of this command removes the classification override entry.

Default

no entry

Parameters

entry-id

Specifies the classification of the override entry.

Values

1 to 65535

hostname

Specifies the hostname of the configured override category, up to 255 characters.

category

Specifies the override category, up to 256 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>app-assure>group>policy>charging-filter entry)

Full Context

configure application-assurance group policy charging-filter entry

Description

This command configures a charging filter entry. Charging filter entries are an ordered list; the lowest numerical entry that matches the flow, defines the charging filter for this flow.

The no form of this command removes the specified entry.

Default

no entry

Parameters

entry-id

Specifies the entry identifier.

Values

1 to 65535

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>python>py-policy>cache entry-size)

Full Context

configure python python-policy cache entry-size

Description

This command configures the maximum size of the data structure that can be stored in a single Python cache entry which includes both a value and key.

When requesting to store a data structure, the size of the serialized object is compared with the value specified. If larger, the object will not be stored and Python will return exception.

The no form of this command reverts to the default.

Default

entry-size 256

Parameters

size

Configures the maximum accepted size of a single cache entry.

Values

32 to 2048

Platforms

All

Context

[Tree] (environment)

Full Context

environment

Description

Commands in this context configure classic CLI session environment parameters.

Platforms

All

Context

[Tree] (config>system>management-interface>cli>md-cli environment)

Full Context

configure system management-interface cli md-cli environment

Description

Commands in this context configure MD-CLI session environment parameters.

Platforms

All

Context

[Tree] (config>service epipe)

Full Context

configure service epipe

Description

This command configures an Epipe service instance. This command is used to configure a point-to-point epipe service. An Epipe connects two endpoints defined as Service Access Points (SAPs). Both SAPs may be defined in one 7450 ESS, 7750 SR, or 7950 XRS or they may be defined in separate devices connected over the service provider network. When the endpoint SAPs are separated by the service provider network, the far end SAP is generalized into a service destination point (SDP). This SDP describes a destination and the encapsulation method used to reach it.

No MAC learning or filtering is provided on an Epipe.

When creating a service, you must enter the customer keyword and specify a customer-id to associate the service with a customer. The customer-id must already exist, having been created using the customer command in the service context. After a service has been created with a customer association, it is not possible to edit the customer association. The service must be deleted and re-created with a new customer association.

After a service is created, the use of the customer customer-id is optional for navigating into the service configuration context. Attempting to edit a service with the incorrect customer-id specified will result in an error.

By default, no epipe services exist until they are explicitly created with this command.

The no form of this command deletes the epipe service instance with the specified service-id. The service cannot be deleted until the service has been shut down.

Cpipe services are enabled on the 7450 ESS.

Parameters

service-id

The unique service identification number or string identifying the service in the service domain. This ID must be unique to this service and may not be used for any other service of any type. The service-id must be the same number used for every 7450 ESS, 7750 SR, or 7950 XRS on which this service is defined.

Values

service-id: 1 to 2147483647

svc-name: up to 64 characters

customer-id

Specifies the customer ID number to be associated with the service. This parameter is required on service creation and optional for service editing or deleting.

Values

1 to 2147483647

vpn vpn-id

Specifies the VPN ID number which allows you to identify virtual private networks (VPNs) by a VPN ID. If this parameter is not specified, the VPN ID uses the same service ID number.

Values

1 to 2147483647

Default

null (0)

vc-switching

Specifies if the pseudowire switching signaling is used for the spoke SDPs configured in this service.

test

Specifies a unique test service type for the service context which will contain only a SAP configuration. The test service can be used to test the throughput and performance of a path for MPLS-TP PWs. This parameter applies to the 7450 ESS and 7750 SR only.

create

Keyword used to create the service instance. The create keyword requirement can be enabled/disabled in the environment>create context.

name name

Configures an optional service name identifier, up to 64 characters, to a given service. This service name can then be used in configuration references, display, and show commands throughout the system. A defined service name can help the service provider or administrator to identify and manage services within the SR OS platforms.

To create a service, you must assign a service ID; however, after it is created, either the service ID or the service name can be used to identify and reference a service.

If a name is not specified at creation time, then SR OS assigns a string version of the service-id as the name.

Values

name: up to 64 characters

flexible-cross-connect

Keyword to specify the Flexible Cross Connect (FXC) mode, which allows the configuration of two or more SAPs on the same Epipe.

Platforms

All

Context

[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>l2-access-points>l2-ap epipe-sap-template)

[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>l2-access-points>l2-ap epipe-sap-template)

Full Context

configure service vprn subscriber-interface group-interface wlan-gw l2-access-points l2-ap epipe-sap-template

configure service ies subscriber-interface group-interface wlan-gw l2-access-points l2-ap epipe-sap-template

Description

This command specifies which SAP parameter template should be applied to the l2-ap SAP. This can only be changed when the l2-ap is shut down.

The no form of this command removes the template, the SAP will use default parameters.

Parameters

name

Specifies the name of the template to use

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>template epipe-sap-template)

Full Context

configure service template epipe-sap-template

Description

This command specifies which SAP parameter template should be applied to the l2-ap SAP. This can only be changed when the l2-ap is shutdown.

The no form of this command removes the template, the SAP will use default parameters.

Parameters

name

Specifies the SAP template name associated with this template.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (debug>router>rip error)

Full Context

debug router rip error

Description

This command enables debugging for RIP errors.

Parameters

ip-int-name | ip-address

Debugs the RIP errors sent on the neighbor IP address or interface.

Platforms

All

Context

[Tree] (debug>router>ripng error)

Full Context

debug router ripng error

Description

This command enables debugging for RIPng errors.

Parameters

ip-int-name| ipv6-address

Debugs the RIPng errors sent on the neighbor IP address or interface.

Platforms

All

Context

[Tree] (debug>router>pcep>pcc>conn error)

[Tree] (debug>router>pcep>pcc error)

Full Context

debug router pcep pcc connection error

debug router pcep pcc error

Description

This command enables debugging for PCC or connection errors.

The no form of this command disables debugging.

Platforms

All

Context

[Tree] (debug>router>pcep>pce error)

[Tree] (debug>router>pcep>pce>conn error)

Full Context

debug router pcep pce error

debug router pcep pce connection error

Description

This command enables debugging for PCE or connection errors.

The no form of this command disables debugging.

Platforms

VSR-NRC

Context

[Tree] (debug>open-flow error)

Full Context

debug open-flow error

Description

This command enables debugging of OpenFlow errors.

The no form of this command disables debugging of OpenFlow errors.

Platforms

VSR

Context

[Tree] (debug>open-flow>of-switch error)

Full Context

debug open-flow of-switch error

Description

This command enables debugging of OpenFlow switch-specific errors.

The no form of this command disables debugging of OpenFlow switch-specific errors.

Platforms

VSR

Context

[Tree] (config>app-assure>group>http-error-redirect error-code)

Full Context

configure application-assurance group http-error-redirect error-code

Description

This command refers to which HTTP status codes a redirect action is applied. Only messages with sizes less than that configured here (custom-msg-size) are eligible for redirect action.

The no form of this command removes the parameters from the configuration.

Parameters

error-code

Specifies the error code for an HTTP error redirect.

Values

0 to 4294967295, of which 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, 421, 422, 423, 424, 425, 426, 427, 428, 429, 430, 431, 451, 500, 501, 502, 503, 504, 505, 506, 507, 508, 509, 510, 511, 730, 731, and 735 are supported for redirect

custom-msg-size

Specifies the maximum message size above which redirect will not be done.

Values

0 to 4294967295

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>app-assure>group>policy>aqp>entry>action error-drop)

Full Context

configure application-assurance group policy app-qos-policy entry action error-drop

Description

This command configures a drop action for error flows (bad IP checksums, tcp/udp port 0, and so on).

Default

no error-drop

Parameters

event-log-name

Specifies the event log name, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>app-assure>group>statistics>tca error-drop)

Full Context

configure application-assurance group statistics threshold-crossing-alert error-drop

Description

This command configures a TCA for the counter capturing error drops. An error drop TCA can be created for traffic generated from the subscriber side of AA (from-sub) or for traffic generated from the network toward the AA subscriber (to-sub). The create keyword is mandatory when creating an error-drop TCA.

Parameters

direction

Specifies the traffic direction.

Values

from-sub, to-sub

create

Keyword used to create the error drop TCA.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vprn>bgp error-handling)

[Tree] (config>service>vprn>bgp>group>neighbor error-handling)

[Tree] (config>service>vprn>bgp>group error-handling)

Full Context

configure service vprn bgp error-handling

configure service vprn bgp group neighbor error-handling

configure service vprn bgp group error-handling

Description

This command specifies whether the error handling mechanism for optional transitive path attributes is enabled for this peer group.

Platforms

All

Context

[Tree] (config>router>bgp>group>neighbor error-handling)

[Tree] (config>router>bgp>group error-handling)

[Tree] (config>router>bgp error-handling)

Full Context

configure router bgp group neighbor error-handling

configure router bgp group error-handling

configure router bgp error-handling

Description

This command specifies whether updated BGP error handling procedures should be applied.

Platforms

All

Context

[Tree] (config>subscr-mgmt>credit-control-policy error-handling-action)

Full Context

configure subscriber-mgmt credit-control-policy error-handling-action

Description

This command configures the error handling action for the policy.

The no form of this command reverts to the default.

Default

error-handling-action continue

Parameters

continue

Specifies to continue when an error occurs in the CC determination.

block

Specifies to block when an error occurs in the CC determination.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (debug>router>rpki-session>packet error-report)

Full Context

debug router rpki-session packet error-report

Description

This command enables debugging for error report RPKI packets.

The no form of this command disables debugging for error report RPKI packets.

Platforms

All

Context

[Tree] (config>port>ethernet>efm-oam>link-monitoring errored-frame)

Full Context

configure port ethernet efm-oam link-monitoring errored-frame

Description

The context used to define errored frame parameters including thresholds, and windows of time to which the error count will be compared. An errored frame is counted when there is any frame error detected by the Ethernet physical layer. This excludes jumbo frames above 9192 bytes which are dropped prior to this function.

Platforms

All

Context

[Tree] (config>port>ethernet>efm-oam>link-monitoring errored-frame-period)

Full Context

configure port ethernet efm-oam link-monitoring errored-frame-period

Description

The context used to define errored frame parameters including thresholds, and windows of received packets to which the error count will be compared. An errored frame is counted when there is any frame error detected by the Ethernet physical layer. This excludes jumbo frames above 9192 bytes which are dropped prior to this function. The received packet count will be checked every one second to see if the window has been reached.

Platforms

All

Context

[Tree] (config>port>ethernet>efm-oam>link-monitoring errored-frame-seconds)

Full Context

configure port ethernet efm-oam link-monitoring errored-frame-seconds

Description

This command defines the errored frame seconds parameters including thresholds, and windows of time to which the error count will be compared. An errored second is any second in which a single frame error occurred. An errored frame is counted when there is any frame error detected by the Ethernet physical layer. This excludes jumbo frames above 9192 bytes that are dropped prior to this function.

Platforms

All

Context

[Tree] (config>port>ethernet>efm-oam>link-monitoring errored-symbols)

Full Context

configure port ethernet efm-oam link-monitoring errored-symbols

Description

This command defines the symbol error parameters including thresholds, and windows of time (converted to symbols in that time) to which the error count will be compared. A symbol error occurs when any encoded symbol is in error and independent of frame counters.

Platforms

All

Context

[Tree] (debug>dynsvc>scripts>inst>event errors)

[Tree] (debug>dynsvc>scripts>event errors)

[Tree] (debug>dynsvc>scripts>script>event errors)

Full Context

debug dynamic-services scripts instance event errors

debug dynamic-services scripts event errors

debug dynamic-services scripts script event errors

Description

This command enables/disables the generation of a specific dynamic data service script debugging event output: errors.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>system>bgp-evpn>eth-seg es-activation-timer)

Full Context

configure service system bgp-evpn ethernet-segment es-activation-timer

Description

This command configures the Ethernet Segment activation timer for a specified Ethernet Segment. The es-activation-timer delays the activation of a specified ethernet-segment on a specified PE that has been elected as DF (Designated Forwarder). Only when the es-activation-timer has expired, the SAP/SDP-binding associated to an ethernet-segment can be activated (in case of single-active multi-homing) or added to the default-multicast-list (in case of all-active multi-homing).

If no es-activation-timer is configured, the system uses the value configured in the config>redundancy>bgp-evpn-multi-homing>es-activation-timer context, if configured. Otherwise the system uses a default value of 3 seconds.

Default

no es-activation-timer

Parameters

seconds

Specifies the number of seconds for the es-activation-timer.

Values

0 to 100

Default

3

Platforms

All

Context

[Tree] (config>redundancy>bgp-evpn-multi-homing es-activation-timer)

Full Context

configure redundancy bgp-evpn-multi-homing es-activation-timer

Description

This command configures the global Ethernet-Segment activation timer. The es-activation-timer delays the activation of a specified Ethernet-Segment on a specified PE that has been elected as DF (Designated Forwarder). Only when the es-activation-timer has expired, the SAP/SDP-binding associated to an Ethernet-Segment can be activated (in case of single-active multi-homing) or added to the default-multicast-list (in case of all-active multi-homing).

The es-activation-timer configured at the Ethernet-Segment level supersedes this global es-activation-timer.

Default

es-activation-timer 3

Parameters

seconds

Specifies the number of seconds for the es-activation-timer.

Values

0 to 100

Platforms

All

Context

[Tree] (config>service>system>bgp-evpn>eth-seg es-orig-ip)

Full Context

configure service system bgp-evpn ethernet-segment es-orig-ip

Description

This command modifies the Originating IP field advertised in the ES route for a given Ethernet Segment. By default, the Originating IP is the system-ip of the PE. However, this value can be changed to the IPv4 or IPv6 address configured with this command.

With the es-orig-ip configured, ES shutdown is required, for the following cases:

• When adding Local ES routes, the command changes how the ES routes are added to the candidate list; the configured IP address is added, instead of the system-ip.

• When advertising local ES routes, the configured IP address is used for the orig-ip of the route.

The no form of the command changes the originating IP address back to the system-ip.

Default

no es-orig-ip

Parameters

ip-address

Specifies an IPv4 or IPv6 address.

Values

{ip-address | ipv6-address}

Platforms

All

Context

[Tree] (config esa)

Full Context

configure esa

Description

This command configures or creates an ESA instance with an identifier.

The no form of this command removes the ESA from the system.

Parameters

esa-id

Specifies the ESA identifier.

Values

1 to 16

create

Mandatory keyword used when creating an ESA instance in the config context.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s

Context

[Tree] (config>isa>tunnel-group esa-vm)

Full Context

configure isa tunnel-group esa-vm

Description

This command configures the tunnel ESA-VM for the tunnel group. The ISA and ESA-VM cannot coexist in the same tunnel group.

The no form of this command removes the ESA-VM from the tunnel group.

Parameters

esa-id

Specifies the ESA id.

Values

1 to 16

vm-id

Specifies the VM id.

Values

1 to 4

1..1000

Specifies the ESA-VM weight.

Values

1 to 1000

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s

Context

[Tree] (config>isa>tunnel-mem-pool esa-vm)

Full Context

configure isa tunnel-member-pool esa-vm

Description

This command configures the tunnel ESA-VM for the tunnel member pool. The ISA and ESA-VM cannot coexist in the same tunnel member group.

The no form of this command removes the ESA-VM from the tunnel member pool.

Parameters

esa-id

Specifies the ESA ID.

Values

1 to 16

vm-id

Specifies the VM ID.

Values

1 to 4

1..1000

Specifies the ESA-VM weight.

Values

1 to 1000

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s

Context

[Tree] (config>isa>lns-group esa-vm)

Full Context

configure isa lns-group esa-vm

Description

This command specifies the ISA and ESA VM to be used in the LNS group.

Parameters

vapp-id

Displays the ID of the configured ESA and ESA VM.

Values

vapp-id:	esa-id/vm-id
	esa-id	1 to 16
	vm-id	1 to 4

drain

Specifies the draining of the ESA VM. The drain function gracefully redirects subscribers to other ESA VMs as it does not allow new subscribers to use the ESA VM. Eventually, the ESA VM will not service any subscriber and can be decommissioned gracefully.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s

Context

[Tree] (config>isa>wlan-gw-group esa-vm)

Full Context

configure isa wlan-gw-group esa-vm

Description

This command configures the ESA VM for the WLAN-GW group. It requires group redundancy to be configured in MDA mode.

Parameters

vapp-id

Specifies the ID of the ESA and ESA VM to configure.

Values

vapp-id:	esa-id/vm-id
	esa-id	1 to 16
	vm-id	1 to 4

Platforms

7750 SR, 7750 SR-e, 7750 SR-s

Context

[Tree] (config>isa>nat-group esa-vm)

Full Context

configure isa nat-group esa-vm

Description

This command assigns an ESA-VM to a NAT group.

Parameters

vapp-id

Specifies the ESA and VM identifying a provisioned BB ISA.

Values

vapp-id:	esa-id/vm-id
	esa-id	1 to 16
	vm-id	1 to 4

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s

Context

[Tree] (config>isa>video-group esa-vm)

Full Context

configure isa video-group esa-vm

Description

This command assigns an ESA-VM to a video group.

The no form of this command removes the specified ESA-VM from the video group.

Default

no esa-vm

Parameters

vapp-id

Specifies the ESA and VM ID of the configured ESA-VM.

Values

vapp-id:	esa-id/vm-id
	esa-id	1 to 16
	vm-id	1 to 4

Platforms

7750 SR, 7750 SR-s

Context

[Tree] (config>isa>map-t-group esa-vm)

Full Context

configure isa map-t-group esa-vm

Description

This command associates an ESA-VM with the MAP-T group.

The no form of this command removes the association.

Parameters

vapp-id

Specifies the ESA used by the ISA NAT MAP-T group.

Values

vapp-id:	esa-id/vm-id
	esa-id	1 to 16
	vm-id	1 to 4

Platforms

7750 SR-1-24D, 7750 SR-1-46S, 7750 SR-1-48D, 7750 SR-1-92S, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-1se, 7750 SR-2se, 7750 SR-7s, 7750 SR-14s

Context

[Tree] (config>service>system>bgp-evpn>eth-seg esi)

Full Context

configure service system bgp-evpn ethernet-segment esi

Description

This command configures the 10-byte Ethernet Segment identifier (ESI) associated to the Ethernet-Segment that will be signaled in the BGP-EVPN routes. The ESI value cannot be changed unless the Ethernet-Segment is shutdown. Reserved esi values (0 and MAX-ESI) are not allowed.

Default

no esi

Parameters

value

Specifies the 10-byte esi.

Values

00-11-22-33-44-55-66-77-88-99

Using any of these separators ('-',':')

Platforms

All

Context

[Tree] (config>subscr-mgmt>wlan-gw>tunnel-query>ue-state esm)

Full Context

configure subscriber-mgmt wlan-gw tunnel-query ue-state esm

Description

This command enables matching on ESM UEs.

The no form of this command disables matching on DSM UEs, unless UE state matching is disabled altogether.

Default

no esm

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>wlan-gw>ue-query>state esm)

Full Context

configure subscriber-mgmt wlan-gw ue-query state esm

Description

This command enables matching on UEs in an ESM state.

The no form of this command disables matching on UEs in an ESM state, unless all state matching is disabled.

Default

no esm

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>port>ethernet>ssm esmc-tunnel)

Full Context

configure port ethernet ssm esmc-tunnel

Description

This command allows ESMC frames that are received into the Ethernet port to be tunneled in an Epipe or VPLS service. This is not recommended because it breaks the concepts inherent in Synchronous Ethernet, however it is required for compliance to MEF 6.1.1 EPL Option 2.

The no form of this command extracts the ESMC frames upon reception by the port. The ESMC frames are not tunneled through the service.

Default

no esmc-tunnel

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>ipsec>transform esp-auth-algorithm)

Full Context

configure ipsec ipsec-transform esp-auth-algorithm

Description

This command specifies which hashing algorithm should be used for the authentication function Encapsulating Security Payload (ESP). Both ends of a manually configured tunnel must share the same configuration parameters for the IPsec tunnel to enter the operational state.

The no form of this command disables the authentication.

Default

esp-auth-algorithm sha1

Parameters

null

This is a very fast algorithm specified in RFC 2410, which provides no authentication.

md5

This parameter configures ESP to use the hmac-md5 algorithm for authentication.

sha1

This parameter configures ESP to use the hmac-sha1 algorithm for authentication.

sha256

This parameter configures ESP to use the sha256 algorithm for authentication.

sha384

This parameter configures ESP to use the sha384 algorithm for authentication.

sha512

This parameter configures ESP to use the sha512 algorithm for authentication.

aes-xcbc

Specifies the aes-xcbc algorithm for authentication.

auth-encryption

This parameter must be configured when esp-encryption-algorithm is either aes-gcm or aes-gmac.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>grp-encryp>encryp-keygrp esp-auth-algorithm)

Full Context

configure group-encryption encryption-keygroup esp-auth-algorithm

Description

This command specifies the hashing algorithm used to perform authentication on the Encapsulating Security Payload (ESP) within NGE packets for services configured using this key group. All SPI entries must be deleted before the no form of the command may be entered or the esp-auth-algorithm value changed from its current value.

The no form of the command reverts to the default value.

Default

esp-auth-algorithm sha256

Parameters

sha256

Configures the ESP to use the HMAC-SHA-256 algorithm for authentication.

sha512

Configures the ESP to use the HMAC-SHA-512 algorithm for authentication.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>ipsec>ipsec-transform esp-encryption-algorithm)

Full Context

configure ipsec ipsec-transform esp-encryption-algorithm

Description

This command specifies the encryption algorithm to use for the IPsec session. Encryption only applies to esp configurations. If encryption is not defined, esp will not be used.

For IPsec tunnels to come up, both ends need to be configured with the same encryption algorithm.

The no form of this command removes the specified encryption algorithm.

Default

esp-encryption-algorithm aes128

Parameters

null

This parameter configures the high-speed null algorithm, which does nothing. This is the same as not having encryption turned on.

des

This parameter configures the 56-bit des algorithm for encryption. This is an older algorithm, with relatively weak security. Although slightly better than no encryption, it should only be used where a strong algorithm is not available on both ends at an acceptable performance level.

3des

This parameter configures the 3-des algorithm for encryption. This is a modified application of the des algorithm which uses multiple des operations to make things more secure.

aes128

This parameter configures the aes algorithm with a block size of 128 bits. This is the mandatory implementation size for aes. As of today, this is a very strong algorithm choice.

aes192

This parameter configures the aes algorithm with a block size of 192 bits. This is a stronger version of aes.

aes256

This parameter configures the aes algorithm with a block size of 256 bits. This is the strongest available version of aes.

aes128-gcm8

Configures ESP to use aes-gcm with a 128-bit key size and an 8-byte ICV for encryption and authentication.

aes128-gcm12

Configures ESP to use aes-gcm with a 128-bit key size and a 12-byte ICV for encryption and authentication.

aes128-gcm16

Configures ESP to use aes-gcm with a 128-bit key size and a 16-byte ICV for encryption and authentication.

aes192-gcm8

Configures ESP to use aes-gcm with a 192-bit key size and an 8-byte ICV for encryption and authentication.

aes192-gcm12

Configures ESP to use aes-gcm with a 192-bit key size and a 12-byte ICV for encryption and authentication.

aes192-gcm16

Configures ESP to use aes-gcm with a 192-bit key size and a 16-byte ICV for encryption and authentication.

aes256-gcm8

Configures ESP to use aes-gcm with a 256-bit key size and an 8-byte ICV for encryption and authentication.

aes256-gcm12

Configures ESP to use aes-gcm with a 256-bit key size and a 12-byte ICV for encryption and authentication.

aes128-gcm16

Configures ESP to use aes-gcm with a 256-bit key size and a 16-byte ICV for encryption and authentication.

null-aes128gmac

Configures ESP to use aes-gmac with a 128-bit key size for authentication only.

null-aes192gmac

Configures ESP to use aes-gmac with a 192-bit key size for authentication only.

null-aes256gmac

Configures ESP to use aes-gmac with a 256-bit key size for authentication only.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>grp-encryp>encryp-keygrp esp-encryption-algorithm)

Full Context

configure group-encryption encryption-keygroup esp-encryption-algorithm

Description

This command specifies the encryption algorithm used to perform encryption on the Encapsulating Security Payload (ESP) within NGE packets for services configured using this key group. All SPI entries must be deleted before the no form of the command may be entered or the esp-encryption-algorithm value changed from its current value.

The no form of the command resets the parameter to the default value.

Default

esp-encryption-algorithm aes128

Parameters

aes128

Configures the AES algorithm with a block size of 128 bits—a very strong algorithm choice.

aes256

Configures the AES algorithm with a block size of 256 bits—the strongest available version of AES.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>filter>ipv6-filter>entry>match esp-ext-hdr)

Full Context

configure filter ipv6-filter entry match esp-ext-hdr

Description

This command enables match on existence of ESP Extension Header in the IPv6 filter policy.

The no form of this command ignores ESP Extension Header presence/absence in a packet when evaluating match criteria of a given filter policy entry.

Default

no esp-ext-hdr

Parameters

true

Matches a packet with an ESP Extension Header.

false

Matches a packet without an ESP Extension Header.

Platforms

All

Context

[Tree] (bof ess-system-type)

Full Context

bof ess-system-type

Description

This command allows a new RoHS compliant 7750 SR-12 or 7750 SR-7 chassis to operate as an 7450 ESS-12 or 7450 ESS-7 system.

After entering this command, the system must be rebooted for the change to take effect.

If the RoHS compliant 7750 SR-12 or 7750 SR-7 chassis is operating as an 7450 ESS system, it can operate with either the 7750 SR or 7450 ESS CPM (subject to SR OS support) but both should always be the same type. See the SR OS release notes for information about the cards supported in 7750 SR and 7450 ESS.

In addition, the system can operate with supported 7450 ESS or 7750 SR IOMs, MDAs, and IMMs.

The no form of this command disables this mode of operation and returns the system to a 7750 SR chassis type operation on the next reboot.

Default

no ess-system-type

Platforms

7750 SR-7/12

Context

[Tree] (admin>certificate est)

Full Context

admin certificate est

Description

Commands in this context configure Enrollment over Secure Transport (EST) parameters.

Platforms

All

Context

[Tree] (config>port>ethernet>eth-cfm>mep eth-bn)

Full Context

configure port ethernet eth-cfm mep eth-bn

Description

Commands in this context configure Ethernet Bandwidth Notification (ETH-BN) message handling.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>port>ethernet eth-bn-egress-rate-changes)

Full Context

configure port ethernet eth-bn-egress-rate-changes

Description

This command allows rate changes received in ETH-BN messages on a port-based MEP to update the egress rate used on the port. The egress rate is capped by the minimum of the configured egress-rate and the maximum port rate, and the minimum egress rate is 1 kb/s. The no form of this command returns the value to the default.

Default

no eth-bn-egress-rate-changes

Platforms

All

Context

[Tree] (config>eth-tunnel>path eth-cfm)

Full Context

configure eth-tunnel path eth-cfm

Description

Commands in this context configure ETH-CFM parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>port>ethernet eth-cfm)

[Tree] (config>lag eth-cfm)

Full Context

configure port ethernet eth-cfm

configure lag eth-cfm

Description

Commands in this context configure 802.1ag CFM parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>service>epipe>spoke-sdp eth-cfm)

[Tree] (config>service>epipe>sap eth-cfm)

[Tree] (config>service>epipe eth-cfm)

[Tree] (config>service>ipipe>sap eth-cfm)

Full Context

configure service epipe spoke-sdp eth-cfm

configure service epipe sap eth-cfm

configure service epipe eth-cfm

configure service ipipe sap eth-cfm

Description

Commands in this context configure ETH-CFM parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>service>vpls>sap eth-cfm)

[Tree] (config>service>vpls eth-cfm)

[Tree] (config>service>vpls>spoke-sdp eth-cfm)

[Tree] (config>service>vpls>mesh-sdp eth-cfm)

Full Context

configure service vpls sap eth-cfm

configure service vpls eth-cfm

configure service vpls spoke-sdp eth-cfm

configure service vpls mesh-sdp eth-cfm

Description

Commands in this context configure ETH-CFM parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>service>ies>sub-if>grp-if>sap eth-cfm)

[Tree] (config>service>ies>if>sap eth-cfm)

[Tree] (config>service>ies eth-cfm)

[Tree] (config>service>ies>if>spoke-sdp eth-cfm)

Full Context

configure service ies subscriber-interface group-interface sap eth-cfm

configure service ies interface sap eth-cfm

configure service ies eth-cfm

configure service ies interface spoke-sdp eth-cfm

Description

Commands in this context configure ETH-CFM parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s

• configure service ies subscriber-interface group-interface sap eth-cfm

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

• configure service ies interface sap eth-cfm
• configure service ies interface spoke-sdp eth-cfm
• configure service ies eth-cfm

Context

[Tree] (config>service>vprn>if>spoke-sdp eth-cfm)

[Tree] (config>service>vprn eth-cfm)

[Tree] (config>service>vprn>sub-if>grp-if>sap eth-cfm)

[Tree] (config>service>vprn>if>sap eth-cfm)

Full Context

configure service vprn interface spoke-sdp eth-cfm

configure service vprn eth-cfm

configure service vprn subscriber-interface group-interface sap eth-cfm

configure service vprn interface sap eth-cfm

Description

Commands in this context configure ETH-CFM parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

• configure service vprn eth-cfm
• configure service vprn interface spoke-sdp eth-cfm
• configure service vprn interface sap eth-cfm

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s

• configure service vprn subscriber-interface group-interface sap eth-cfm

Context

[Tree] (debug eth-cfm)

Full Context

debug eth-cfm

Description

Commands in this context configure ETH-CFM debugging functions.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>router>if eth-cfm)

Full Context

configure router interface eth-cfm

Description

Commands in this context configure ETH-CFM parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>eth-ring>path eth-cfm)

Full Context

configure eth-ring path eth-cfm

Description

Commands in this context configure ETH-CFM parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config eth-cfm)

Full Context

configure eth-cfm

Description

Commands in this context configure 802.1ag CFM parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>sys>security>cpu-protection>policy eth-cfm)

Full Context

configure system security cpu-protection policy eth-cfm

Description

Provides the construct under which the different entries within CPU policy can define the match criteria and overall arrival rate of the Ethernet Configuration and Fault Management (ETH-CFM) packets at the CPU.

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS

Context

[Tree] (config>test-oam>sath>svc-test>svc-stream>frm-payl>eth eth-cfm)

Full Context

configure test-oam service-activation-testhead service-test service-stream frame-payload ethernet eth-cfm

Description

Commands in this context configure the ETH-CFM source MEP for the service activation test stream.

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS

Context

[Tree] (config>saa>test>type eth-cfm-linktrace)

Full Context

configure saa test type eth-cfm-linktrace

Description

This command configures a CFM linktrace test in SAA.

Parameters

mac-address

Specifies the Layer 2 unicast MAC address of the destination MEP.

Values

xx:xx:xx:xx:xx:xx or xx-xx-xx-xx-xx-xx

remote-mepid mep-id

Specifies the remote MEP ID as an alternative to the static mac-address. When the remote-mepid parameter is used in place of the mac-address, the domain and association information of the source mep for the test is used to check for a locally-stored unicast MAC address for the peer. The local MEP must be administratively enabled.

Values

1 to 8191

mep mep-id

Specifies the local MEP ID.

Values

1 to 8191

md-index

Specifies the MD index.

Values

1 to 4294967295

ma-index

Specifies the MA index.

Values

1 to 4294967295

ttl-value

Specifies the maximum number of hops traversed in the linktrace.

Values

1 to 255

Default

64

fc-name

Specifies the forwarding class of the MPLS echo request packets. The actual forwarding class encoding is controlled by the network egress LSP-EXP mappings.

Values

be, l2, af, l1, h2, ef, h1, nc

Default

nc

profile {in | out}

Specifies the profile state of the MPLS echo request encapsulation.

Default

in

send-count

Specifies the number of messages to send, expressed as a decimal integer. The count parameter is used to override the default number of message requests sent. Each message request must either time out or receive a reply before the next message request is sent. The message interval value must be expired before the next message request is sent.

Values

1 to 10

Default

1

timeout

Specifies the time, to override the default timeout value and is the amount of time that the router waits for a message reply after sending the last probe for a specific test. Upon the expiration of the time out, the test is marked complete and no more packets are processed for any of those request probes.

Values

1 to 10

Default

5

interval

Specifies the time, in seconds, to override the default request message send interval and defines the minimum amount of time that must expire before the next message request is sent.

Values

1 to 10

Default

5

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>saa>test>type eth-cfm-loopback)

Full Context

configure saa test type eth-cfm-loopback

Description

This command configures an Ethernet CFM loopback test in SAA.

Parameters

mac-address

Specifies the Layer 2 unicast MAC address of the destination MEP.

Values

xx:xx:xx:xx:xx:xx or xx-xx-xx-xx-xx-xx

remote-mepid mep-id

Specifies the remote MEP ID as an alternative to the static mac-address. When the remote-mepid parameter is used in place of the mac-address, the domain and association information of the source mep for the test is used to check for a locally-stored unicast MAC address for the peer. The local MEP must be administratively enabled.

Values

1 to 8191

mep mep-id

Specifies the local MEP ID.

Values

1 to 8191

md-index

Specifies the MD index.

Values

1 to 4294967295

ma-index

Specifies the MA index.

Values

1 to 4294967295

data-size

This is the size of the data portion of the data TLV. If 0 is specified, no data TLV is added to the packet.

Values

0 to 1500

Default

0

fc-name

Specifies the fc parameter that is used to indicate the forwarding class of the MPLS echo request packets. The actual forwarding class encoding is controlled by the network egress LSP-EXP mappings.

Values

be, l2, af, l1, h2, ef, h1, nc

Default

nc

profile {in | out}

Specifies the profile state of the MPLS echo request encapsulation.

Default

in

send-count

Specifies the number of messages to send, expressed as a decimal integer. The count parameter is used to override the default number of message requests sent. Each message request must either time out or receive a reply before the next message request is sent. The message interval value must be expired before the next message request is sent.

Values

1 to 100

Default

1

timeout

Specifies the time, in seconds, used to override the default timeout value and is the amount of time that the router waits for a message reply after sending the last probe for a specific test. Upon the expiration of time out, the test is marked complete and no more packets are processed for any of those request probes.

Values

1 to 10

Default

5

interval

Specifies the time, in seconds, used to override the default request message send interval and defines the minimum amount of time that must expire before the next message request is sent.

Values

1 to 10

Default

5

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>saa>test>type eth-cfm-two-way-delay)

Full Context

configure saa test type eth-cfm-two-way-delay

Description

This command configures an Ethernet CFM two-way delay test in SAA.

Parameters

mac-address

Specifies the Layer 2 unicast MAC address of the destination MEP.

Values

xx:xx:xx:xx:xx:xx or xx-xx-xx-xx-xx-xx

remote-mepid mep-id

Specifies the remote MEP ID as an alternative to the static mac-address. When the remote-mepid parameter is used in place of the mac-address, the domain and association information of the source mep for the test is used to check for a locally-stored unicast MAC address for the peer. The local MEP must be administratively enabled.

Values

1 to 8191

mep mep-id

Specifies the local MEP ID.

Values

1 to 8191

md-index

Specifies the MD index.

Values

1 to 4294967295

ma-index

Specifies the MA index.

Values

1 to 4294967295

fc-name

Specifies the fc parameter that is used to indicate the forwarding class of the MPLS echo request packets. The actual forwarding class encoding is controlled by the network egress LSP-EXP mappings.

Values

be, l2, af, l1, h2, ef, h1, nc

Default

nc

send-count

Specifies the number of messages to send, expressed as a decimal integer. The count parameter is used to override the default number of message requests sent. The message interval value must be expired before the next message request is sent.

Values

1 to 100

Default

1

timeout

Specifies the time, in seconds, used to override the default timeout value and is the amount of time that the router waits for a message reply after sending the last probe for a specific test. Upon the expiration of time out, the test is marked complete and no more packets are processed for any of those request probes.

Values

1 to 10

Default

5

interval

Specifies the time, in seconds, expressed as a decimal integer. This parameter is used to configure the spacing between probes within a test run.

Values

0.1 to 0.9, 1 to 10

Default

5

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>saa>test>type eth-cfm-two-way-slm)

Full Context

configure saa test type eth-cfm-two-way-slm

Description

This command configures an Ethernet CFM two-way SLM test in SAA.

Parameters

mac-address

Specifies the Layer 2 unicast MAC address of the destination MEP.

Values

xx:xx:xx:xx:xx:xx or xx-xx-xx-xx-xx-xx

remote-mepid mep-id

Specifies the remote MEP ID as an alternative to the static mac-address. When the remote-mepid parameter is used in place of the mac-address, the domain and association information of the source mep for the test is used to check for a locally-stored unicast MAC address for the peer. The local MEP must be administratively enabled.

Values

1 to 8191

mep mep-id

Specifies the local MEP ID.

Values

1 to 8191

md-index

Specifies the MD index.

Values

1 to 4294967295

ma-index

Specifies the MA index.

Values

1 to 4294967295

fc-name

Specifies the fc parameter that is to indicate the forwarding class of the MPLS echo request packets. The actual forwarding class encoding is controlled by the network egress LSP-EXP mappings.

Values

be, l2, af, l1, h2, ef, h1, nc

Default

nc

profile {in | out}

The profile state of the MPLS echo request encapsulation.

Default

in

send-count

Specifies the number of messages to send, expressed as a decimal integer. The count parameter is used to override the default number of message requests sent. The message interval value must be expired before the next message request is sent.

Values

1 to 1000

Default

1

data-size

Specifies the size of the data portion of the data TLV. If 0 is specified, no data TLV is added to the packet.

Values

0 to 1500

Default

0

timeout

Specifies the time, in seconds, used to override the default timeout value and is the amount of time that the router waits for a message reply after sending the last probe for a specific test. Upon the expiration of the time out, the test is marked complete and no more packets are processed for any of those request probes.

Values

1 to 10

Default

5

interval

Specifies the time, in seconds, used to configure the spacing between probes within a test run.

Values

0.1 to 0.9, 1 to 10

Default

5

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>port>ethernet>eth-cfm>mep>grace eth-ed)

[Tree] (config>eth-tunnel>path>eth-cfm>mep>grace eth-ed)

[Tree] (config>eth-ring>path>eth-cfm>mep>grace eth-ed)

[Tree] (config>lag>eth-cfm>mep>grace eth-ed)

Full Context

configure port ethernet eth-cfm mep grace eth-ed

configure eth-tunnel path eth-cfm mep grace eth-ed

configure eth-ring path eth-cfm mep grace eth-ed

configure lag eth-cfm mep grace eth-ed

Description

Commands in this context configure ITU-T Y.1731 ETH-ED expected defect functional parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>service>epipe>spoke-sdp>eth-cfm>mep>grace eth-ed)

[Tree] (config>service>epipe>sap>eth-cfm>mep>grace eth-ed)

[Tree] (config>service>ipipe>sap>eth-cfm>mep>grace eth-ed)

Full Context

configure service epipe spoke-sdp eth-cfm mep grace eth-ed

configure service epipe sap eth-cfm mep grace eth-ed

configure service ipipe sap eth-cfm mep grace eth-ed

Description

Commands in this context configure ITU-T Y.1731 ETH-ED expected defect functional parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>service>vpls>sap>eth-cfm>mep>grace eth-ed)

[Tree] (config>service>vpls>mesh-sdp>eth-cfm>mep>grace eth-ed)

[Tree] (config>service>vpls>spoke-sdp>eth-cfm>mep>grace eth-ed)

[Tree] (config>service>vpls>eth-cfm>mep>grace eth-ed)

Full Context

configure service vpls sap eth-cfm mep grace eth-ed

configure service vpls mesh-sdp eth-cfm mep grace eth-ed

configure service vpls spoke-sdp eth-cfm mep grace eth-ed

configure service vpls eth-cfm mep grace eth-ed

Description

Commands in this context configure ITU-T Y.1731 ETH-ED expected defect functional parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>service>ies>if>sap>eth-cfm>mep>grace eth-ed)

[Tree] (config>service>ies>sub-if>grp-if>sap>eth-cfm>mep>grace eth-ed)

[Tree] (config>service>ies>if>spoke-sdp>eth-cfm>mep>grace eth-ed)

Full Context

configure service ies interface sap eth-cfm mep grace eth-ed

configure service ies subscriber-interface group-interface sap eth-cfm mep grace eth-ed

configure service ies interface spoke-sdp eth-cfm mep grace eth-ed

Description

Commands in this context configure ITU-T Y.1731 ETH-ED expected defect functional parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

• configure service ies interface spoke-sdp eth-cfm mep grace eth-ed
• configure service ies interface sap eth-cfm mep grace eth-ed

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s

• configure service ies subscriber-interface group-interface sap eth-cfm mep grace eth-ed

Context

[Tree] (config>service>vprn>if>sap>eth-cfm>mep>grace eth-ed)

[Tree] (config>service>vprn>if>spoke-sdp>eth-cfm>mep>grace eth-ed)

[Tree] (config>service>vprn>sub-if>grp-if>sap>eth-cfm>mep>grace eth-ed)

Full Context

configure service vprn interface sap eth-cfm mep grace eth-ed

configure service vprn interface spoke-sdp eth-cfm mep grace eth-ed

configure service vprn subscriber-interface group-interface sap eth-cfm mep grace eth-ed

Description

Commands in this context configure ITU-T Y.1731 ETH-ED expected defect functional parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

• configure service vprn interface sap eth-cfm mep grace eth-ed
• configure service vprn interface spoke-sdp eth-cfm mep grace eth-ed

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s

• configure service vprn subscriber-interface group-interface sap eth-cfm mep grace eth-ed

Context

[Tree] (config>router>if>eth-cfm>mep>grace eth-ed)

Full Context

configure router interface eth-cfm mep grace eth-ed

Description

Commands in this context configure ITU-T Y.1731 ETH-ED expected defect functional parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>service>vpls eth-ring)

Full Context

configure service vpls eth-ring

Description

This command configures a VPLS SAP to be associated with an Ethernet ring. The SAP port ID is associated with the corresponding Ethernet ring path configured on the same port ID. The encapsulation type must be compatible with the Ethernet ring path encapsulation.

The no form of this command removes the Ethernet ring association from this SAP.

Default

no eth-ring

Parameters

ring-id

Specifies the ring ID.

Values

1 to 128

Platforms

All

Context

[Tree] (config eth-ring)

Full Context

configure eth-ring

Description

This command configures a G.8032 protected Ethernet ring. G.8032 Rings may be configured as major rings with two paths (a&b) or as sub-rings with two paths, or in the case of an interconnection node a single path.

The no form of this command deletes the Ethernet ring specified by the ring-id.

Default

no eth-ring

Parameters

ring-index

Specifies the ring ID.

Values

1 to 128

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>system>satellite eth-sat)

Full Context

configure system satellite eth-sat

Description

This command enables the specified Ethernet satellite configuration context.

The no form of the command deletes the specified Ethernet satellite.

Parameters

sat-id

Specifies the satellite ID for the associated Ethernet satellite.

Values

1 to 20

create

Creates a new Ethernet satellite context.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (admin>satellite eth-sat)

Full Context

admin satellite eth-sat

Description

This command can be used to perform administrative functions on the specified Ethernet-satellite chassis.

Parameters

sat-id

Specifies the Ethernet-satellite chassis.

Values

1 to 20

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>service>epipe>bgp-evpn>remote-attachment-circuit eth-tag)

[Tree] (config>service>epipe>bgp-evpn>local-attachment-circuit eth-tag)

Full Context

configure service epipe bgp-evpn remote-attachment-circuit eth-tag

configure service epipe bgp-evpn local-attachment-circuit eth-tag

Description

This command configures the Ethernet tag value. When configured in the local-attachment-circuit context, the system uses the value in the advertised AD per-EVI route sent for the attachment circuit. When configured in the remote-attachment-circuit context the system compares that value with the eth-tag value of the imported AD per-EVI routes for the service. If there is a match, the system creates an EVPN destination for the Epipe.

Parameters

tag-value

Specifies the Ethernet tag value of the attachment circuit.

Values

1 to 16777215

Platforms

All

Context

[Tree] (oam>eth-cfm eth-test)

Full Context

oam eth-cfm eth-test

Description

This command initiates an ETH-CFM test. The implementation supports a single ETH-TST PDU to check unidirectional reachability, launched from a source MEP and terminated on the remote MEP with no response PDU toward the source.

Parameters

mac-address

Specifies a unicast destination MAC address.

Values

xx:xx:xx:xx:xx:xx or xx-xx-xx-xx-xx-xx

remote-mepid mep-id

Specifies the remote MEP ID of the peer within the association. The domain and association information are derived from the source mep for the session. The Layer 2 IEEE MAC address is resolved from previously-learned remote MAC addressing, derived from the reception and processing of the ETH-CC PDU. The local MEP must be administratively enabled.

Values

1 to 8191

mep mep-id

Specifies the local MEP ID.

Values

1 to 8191

md-index

Specifies the MD index.

Values

1 to 4294967295

ma-index

Specifies the MA index.

Values

1 to 4294967295

priority

Specifies the priority of the frame. The priority can be manipulated by QoS policies.

Values

0 to 7

Default

7

data-length

Specifies the size of the padding to be added to the frame.

Values

64 to 1500

Default

64

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>eth-tunnel>path>eth-cfm>mep eth-test-enable)

Full Context

configure eth-tunnel path eth-cfm mep eth-test-enable

Description

This command enables eth-test functionality on MEP. For this test to work, operators need to configure ETH-test parameters on both sender and receiver nodes. The ETH-test is then performed using the following OAM commands:

oam eth-cfm eth-test mac-address mep mep-id domain md-index association ma-index [priority priority] [data-length data-length]

A check is done for both the provisioning and test to ensure the MEP is an Y.1731 MEP (MEP provisioned with domain format none, association format icc-based). If not, the operation fails. An error message in the CLI and SNMP will indicate the problem.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>port>ethernet>eth-cfm>mep eth-test-enable)

[Tree] (config>lag>eth-cfm>mep eth-test-enable)

[Tree] (config>router>if>eth-cfm>mep eth-test-enable)

Full Context

configure port ethernet eth-cfm mep eth-test-enable

configure lag eth-cfm mep eth-test-enable

configure router interface eth-cfm mep eth-test-enable

Description

For this test to work, operators need to configure ETH-test parameters on both sender and receiver nodes. The ETH-test is then performed using the following OAM commands:

oam eth-cfm eth-test mac-address mep mep-id domain md-index association ma-index [priority priority] [data-length data-length]

The no form of this command disables eth-test capabilities.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>service>ipipe>sap>eth-cfm>mep eth-test-enable)

[Tree] (config>service>epipe>sap>eth-cfm>mep eth-test-enable)

[Tree] (config>service>epipe>spoke-sdp>eth-cfm>mep eth-test-enable)

Full Context

configure service ipipe sap eth-cfm mep eth-test-enable

configure service epipe sap eth-cfm mep eth-test-enable

configure service epipe spoke-sdp eth-cfm mep eth-test-enable

Description

For this test to work, operators need to configure ETH-test parameters on both sender and receiver nodes. The ETH-test is then performed using the following OAM commands:

oam eth-cfm eth-test mac-address mep mep-id domain md-index association ma-index [priority priority] [data-length data-length]

A check is performed for both the provisioning and test to ensure the MEP is an Y.1731 MEP (MEP provisioned with domain format none, association format icc-based). If not, the operation fails. An error message in the CLI and SNMP indicates the problem.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>service>vpls>mesh-sdp>eth-cfm>mep eth-test-enable)

[Tree] (config>service>vpls>sap>eth-cfm>mep eth-test-enable)

[Tree] (config>service>vpls>spoke-sdp>eth-cfm>mep eth-test-enable)

Full Context

configure service vpls mesh-sdp eth-cfm mep eth-test-enable

configure service vpls sap eth-cfm mep eth-test-enable

configure service vpls spoke-sdp eth-cfm mep eth-test-enable

Description

For ETH-test to work, operators need to configure ETH-test parameters on both sender and receiver nodes. The ETH-test is then performed using the following OAM commands:

oam eth-cfm eth-test mac-address mep mep-id domain md-index association ma-index [priority priority] [data-length data-length]

A check is done for both the provisioning and test to ensure the MEP is an Y.1731 MEP (MEP provisioned with domain format none, association format icc-based). If not, the operation fails. An error message in the CLI and SNMP will indicate the problem.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>service>ies>sub-if>grp-if>sap>eth-cfm>mep eth-test-enable)

[Tree] (config>service>ies>if>spoke-sdp>eth-cfm>mep eth-test-enable)

[Tree] (config>service>ies>if>sap>eth-cfm>mep eth-test-enable)

Full Context

configure service ies subscriber-interface group-interface sap eth-cfm mep eth-test-enable

configure service ies interface spoke-sdp eth-cfm mep eth-test-enable

configure service ies interface sap eth-cfm mep eth-test-enable

Description

For ETH-test to work, operators need to configure ETH-test parameters on both sender and receiver nodes. The ETH-test is then performed using the following OAM commands:

oam eth-cfm eth-test mac-address mep mep-id domain md-index association ma-index [priority priority] [data-length data-length]

A check is done for both the provisioning and test to ensure the MEP is an Y.1731 MEP (MEP provisioned with domain format none, association format icc-based). If not, the operation fails. An error message in the CLI and SNMP will indicate the problem.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s

• configure service ies subscriber-interface group-interface sap eth-cfm mep eth-test-enable

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

• configure service ies interface spoke-sdp eth-cfm mep eth-test-enable
• configure service ies interface sap eth-cfm mep eth-test-enable

Context

[Tree] (config>service>vprn>if>sap>eth-cfm>mep eth-test-enable)

[Tree] (config>service>vprn>sub-if>grp-if>sap>eth-cfm eth-test-enable)

[Tree] (config>service>vprn>if>spoke-sdp>eth-cfm>mep eth-test-enable)

Full Context

configure service vprn interface sap eth-cfm mep eth-test-enable

configure service vprn subscriber-interface group-interface sap eth-cfm eth-test-enable

configure service vprn interface spoke-sdp eth-cfm mep eth-test-enable

Description

This command enables eth-test functionality on MEP. For this test to work, operators need to configure ETH-test parameters on both sender and receiver nodes. The ETH-test is then performed using the following OAM commands:

oam eth-cfm eth-test mac-address mep mep-id domain md-index association ma-index [priority priority] [data-length data-length]

A check is done for both the provisioning and test to ensure the MEP is an Y.1731 MEP (MEP provisioned with domain format none, association format icc-based). If not, the operation fails. An error message in the CLI and SNMP will indicate the problem.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

• configure service vprn interface spoke-sdp eth-cfm mep eth-test-enable
• configure service vprn interface sap eth-cfm mep eth-test-enable

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s

• configure service vprn subscriber-interface group-interface sap eth-cfm eth-test-enable

Context

[Tree] (config>eth-ring>path>eth-cfm>mep eth-test-enable)

Full Context

configure eth-ring path eth-cfm mep eth-test-enable

Description

This command enables eth-test functionality on MEP. For this test to work, operators need to configure ETH-test parameters on both sender and receiver nodes. The ETH-test is then performed using the following OAM commands:

oam eth-cfm eth-test mac-address mep mep-id domain md-index association ma-index [priority priority] [data-length data-length]

A check is done for both the provisioning and test to ensure the MEP is an Y.1731 MEP (MEP provisioned with domain format none, association format icc-based). If not, the operation fails. An error message in the CLI and SNMP will indicate the problem.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>router>l2tp eth-tunnel)

[Tree] (config>service>vprn>l2tp>group eth-tunnel)

[Tree] (config>router>l2tp>group eth-tunnel)

[Tree] (config>service>vprn>l2tp eth-tunnel)

Full Context

configure router l2tp eth-tunnel

configure service vprn l2tp group eth-tunnel

configure router l2tp group eth-tunnel

configure service vprn l2tp eth-tunnel

Description

Commands in this context configure Ethernet tunnel client parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config eth-tunnel)

Full Context

configure eth-tunnel

Description

This command configures a G.8031 protected Ethernet tunnel.

The no form of this command deletes the Ethernet tunnel specified by the tunnel-id.

Parameters

tunnel-index

Specifies the tunnel index.

Values

1 to 1024

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>service>vpls eth-tunnel)

Full Context

configure service vpls eth-tunnel

Description

This command associates a BVPLS SAP with the global Ethernet tunnel object specified by tunnel-id. Only one-to-one mapping between SAP and Ethernet tunnel is supported in the initial implementation. The global eth-tunnel tunnel-id with at least a member port must be configured in advance for the command to be successful. A SAP will be instantiated using the active path components (member port and control-tag) for VPLS forwarding. The last member port in the Ethernet tunnel cannot be deleted if there is a SAP configured on that eth-tunnel. This command is only available in the BVPLS context.