i Commands – Part I

Context

[Tree] (config>subscr-mgmt>acct-plcy>cr>ref-queue i-counters)

[Tree] (config>subscr-mgmt>acct-plcy>cr>queue i-counters)

Full Context

configure subscriber-mgmt radius-accounting-policy custom-record ref-queue i-counters

configure subscriber-mgmt radius-accounting-policy custom-record queue i-counters

Description

This command configures ingress counter parameters for this custom record.

The no form of this command reverts to the default.

Parameters

all

Includes all counters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>log>acct-policy>cr>ref-policer i-counters)

[Tree] (config>log>acct-policy>cr>ref-queue i-counters)

[Tree] (config>log>acct-policy>cr>queue i-counters)

[Tree] (config>log>acct-policy>cr>policer i-counters)

Full Context

configure log accounting-policy custom-record ref-policer i-counters

configure log accounting-policy custom-record ref-queue i-counters

configure log accounting-policy custom-record queue i-counters

configure log accounting-policy custom-record policer i-counters

Description

This command configures ingress counter parameters for this custom record.

The no form of this command reverts all ingress counters to their default value.

Default

i-counters

Parameters

all

Specifies that all ingress counters should be included.

Platforms

All

Context

[Tree] (debug>oam>build-packet>packet>field-override>header>pbb i-sid)

[Tree] (config>test-oam>build-packet>header>pbb i-sid)

Full Context

debug oam build-packet packet field-override header pbb i-sid

configure test-oam build-packet header pbb i-sid

Description

This command defines the iSID value to be used in the test PBB header.

The no form of this command reverts to the default value.

Default

i-sid 0

Parameters

i-sid

Specifies the iSID value to be used in the test PBB header.

Values

0 to 16777215

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>service>ies>sub-if>wlan-gw>pool-manager>dhcp6-client ia-na)

[Tree] (config>service>vprn>sub-if>wlan-gw>pool-manager>dhcp6-client ia-na)

Full Context

configure service ies subscriber-interface wlan-gw pool-manager dhcpv6-client ia-na

configure service vprn subscriber-interface wlan-gw pool-manager dhcpv6-client ia-na

Description

This command configures the IA-NA for the DHCPv6 client.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vprn>bgp ibgp-multipath)

Full Context

configure service vprn bgp ibgp-multipath

Description

This command defines the type of IBGP multipath to use when adding BGP routes to the route table if the route resolving the BGP nexthop offers multiple next-hops.

The no form of this command disables the IBGP multipath load balancing feature.

Platforms

All

Context

[Tree] (config>router>bgp ibgp-multipath)

Full Context

configure router bgp ibgp-multipath

Description

This command enables IBGP multipath load balancing when adding BGP routes to the route table if the route resolving the BGP nexthop offers multiple next-hops.

The no form of this command disables the IBGP multipath load balancing feature.

Default

no ibgp-multipath

Platforms

All

Context

[Tree] (config>service>vprn>nw-if icmp)

[Tree] (config>service>ies>if icmp)

[Tree] (config>service>vprn>if icmp)

[Tree] (config>service>ies>sub-if>grp-if icmp)

Full Context

configure service vprn network-interface icmp

configure service ies interface icmp

configure service vprn interface icmp

configure service ies subscriber-interface group-interface icmp

Description

Commands in this context configure Internet Control Message Protocol (ICMP) parameters on a service.

Platforms

All

• configure service ies interface icmp
• configure service vprn network-interface icmp
• configure service vprn interface icmp

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

• configure service ies subscriber-interface group-interface icmp

Context

[Tree] (config>subscr-mgmt>git>ipv4 icmp)

Full Context

configure subscriber-mgmt group-interface-template ipv4 icmp

Description

Commands in this context configure IPv4 Internet Control Message Protocol (ICMP) parameters.

Default

icmp

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>router>if icmp)

Full Context

configure router interface icmp

Description

This command enables access to the context to configure Internet Control Message Protocol (ICMP) parameters on a network IP interface. ICMP is a message control and error reporting protocol that also provides information relevant to IP packet processing.

Platforms

All

Context

[Tree] (debug>router>ip icmp)

Full Context

debug router ip icmp

Description

This command enables ICMP debugging.

Platforms

All

Context

[Tree] (config>sys>security>cpu-protection>ip>included-protocols icmp)

Full Context

configure system security cpu-protection ip-src-monitoring included-protocols icmp

Description

This command includes the extracted IPv4 ICMP packets for ip-src-monitoring. IPv4 ICMP packets will be subject to the per-source-rate of CPU protection policies.

Default

no icmp

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS

Context

[Tree] (config>test-oam icmp)

Full Context

configure test-oam icmp

Description

Commands in this context configure test ICMP OAM parameters.

Platforms

All

Context

[Tree] (config>filter>ipv6-exception>entry>match icmp-code)

[Tree] (config>filter>ip-filter>entry>match icmp-code)

[Tree] (config>filter>ip-exception>entry>match icmp-code)

[Tree] (config>filter>ipv6-filter>entry>match icmp-code)

Full Context

configure filter ipv6-exception entry match icmp-code

configure filter ip-filter entry match icmp-code

configure filter ip-exception entry match icmp-code

configure filter ipv6-filter entry match icmp-code

Description

Configures matching on /ICMPv6 code field in the /ICMPv6 header of an IPv4 or IPv6 packet as a filter match criterion or configures matching on the ICMP code field in the ICMP header of an IPv4 packet as an exception filter match criterion. An entry containing Layer 4 non-zero match criteria will not match non-initial (for example, 2nd, 3rd) fragments of a fragmented packet because only the first fragment contains the Layer 4 information. Similarly an entry containing " icmp-code 0" match criterion, may match non-initial fragments when the Layer 4 header is not present in a packet fragment and other match criteria are also met.

The no form of the command removes the criterion from the match entry.

Default

no icmp-code

Parameters

icmp-code

Specifies the /ICMPv6 code value that must be present to match. Value can be expressed as a decimal integer, as well as in hexadecimal or binary format, or even using keywords. The following value shows decimal integer only.

Values

0 to 255

Platforms

VSR

• configure filter ip-exception entry match icmp-code
• configure filter ipv6-exception entry match icmp-code

All

• configure filter ip-filter entry match icmp-code
• configure filter ipv6-filter entry match icmp-code

Context

[Tree] (config>subscr-mgmt>cat-map>category>exh-lvl>ingr-ipv6>entry>match icmp-code)

[Tree] (config>subscr-mgmt>cat-map>category>exh-lvl>egr-ipv6>entry>match icmp-code)

[Tree] (config>subscr-mgmt>cat-map>category>exh-lvl>egr-ip>entry>match icmp-code)

[Tree] (config>subscr-mgmt>cat-map>category>exh-lvl>ingr-ip>entry>match icmp-code)

Full Context

configure subscriber-mgmt category-map category exhausted-credit-service-level ingress-ipv6-filter-entries entry match icmp-code

configure subscriber-mgmt category-map category exhausted-credit-service-level egress-ipv6-filter-entries entry match icmp-code

configure subscriber-mgmt category-map category exhausted-credit-service-level egress-ip-filter-entries entry match icmp-code

configure subscriber-mgmt category-map category exhausted-credit-service-level ingress-ip-filter-entries entry match icmp-code

Description

This command configures the ICMP code match condition.

The no form of this command reverts to the default.

Parameters

icmp-code

Specifies the ICMP code numbers accepted in DHB.

Values

[0 to 255]D, [0X0..0XFF]H, [0b0..0b11111111]B

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (cfg>sys>sec>cpm>ip-filter>entry>match icmp-code)

[Tree] (cfg>sys>sec>cpm>ipv6-filter>entry>match icmp-code)

Full Context

configure system security cpm-filter ip-filter entry match icmp-code

configure system security cpm-filter ipv6-filter entry match icmp-code

Description

This command configures matching on ICMP code field in the ICMP header of an IP packet as an IP filter match criterion.

The behavior of the icmp-code value is dependent on the configured icmp-type value, therefore, a configuration with only an icmp-code value specified will have no effect. To match on the icmp-code, an associated icmp-type must also be specified.

The no form of this command removes the criterion from the match entry.

Default

no icmp-code

Parameters

icmp-code

Specifies the ICMP code values that must be present to match.

Values

0 to 255

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>service>vprn>nat>outside>pool icmp-echo-reply)

[Tree] (config>router>nat>outside>pool icmp-echo-reply)

Full Context

configure service vprn nat outside pool icmp-echo-reply

configure router nat outside pool icmp-echo-reply

Description

IPv4 addresses in a NAT pool can be configured to respond to ICMP Echo Requests (PINGs). The configuration can be toggled online while the pool is in use.

In L2-aware NAT when port-block-extensions is disabled, the reply from an outside IP address is generated only when this IP address has at least one host (binding) behind it.

In L2-aware NAT when port-block-extensions is enabled, the reply from an outside IP address is generated regardless if a binding is present.

In LSN, the reply from an outside IP address is generated regardless if a binding is present.

The no form of the command disables ICMP echo replies.

Default

no icmp-echo-reply

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vprn>if>sap>ip-tunnel icmp-generation)

[Tree] (config>ipsec>tunnel-template icmp-generation)

[Tree] (config>router>if>ipsec>ipsec-tunnel icmp-generation)

[Tree] (config>service>ies>if>sap>ip-tunnel icmp-generation)

[Tree] (config>service>vprn>if>sap>ipsec-tunnel icmp-generation)

Full Context

configure service vprn interface sap ip-tunnel icmp-generation

configure ipsec tunnel-template icmp-generation

configure router interface ipsec ipsec-tunnel icmp-generation

configure service ies interface sap ip-tunnel icmp-generation

configure service vprn interface sap ipsec-tunnel icmp-generation

Description

This command enables the context to configure ICMP generation information.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

• configure ipsec tunnel-template icmp-generation
• configure service vprn interface sap ip-tunnel icmp-generation
• configure service ies interface sap ip-tunnel icmp-generation
• configure service vprn interface sap ipsec-tunnel icmp-generation

VSR

• configure router interface ipsec ipsec-tunnel icmp-generation

Context

[Tree] (config>saa>test>type icmp-ping)

Full Context

configure saa test type icmp-ping

Description

This command configures an ICMP traceroute test.

Parameters

ip-address | dns-name

Specifies the far-end IP address or DNS name to which to send the svc-ping request message in dotted-decimal notation.

Values

ipv4-address:	a.b.c.d
ipv6-address:	x:x:x:x:x:x:x:x
	x:x:x:x:x:x:d.d.d.d
	x:	[0 to FFFF]H
	d:	[0 to 255]D
	interface	up to 32 characters. This is mandatory for link local addresses.
dns-name	up to 128 characters

bypass-routing

Specifies whether to send the ping request to a host on a directly attached network bypassing the routing table.

interface-name

Specifies the name used to refer to the interface, up to 32 characters. The name must already exist in the config>router>interface context.

next-hop ip-address

Displays only static routes with the specified next-hop IP address.

Values

ipv4-address:	a.b.c.d (host bits must be 0)
ipv6-address:	x:x:x:x:x:x:x:x (eight 16-bit pieces)
	x:x:x:x:x:x:d.d.d.d
	x:	[0 to FFFF]H
	d:	[0 to 255]D

requests

Specifies the number of times to perform an OAM ping probe operation. Each OAM echo message request must either time out or receive a reply before the next message request is sent.

Values

1 to 100000

Default

5

do-not-fragment

Sets the DF (Do Not Fragment) bit in the ICMP ping packet (does not apply to ICMPv6).

fc-name

Specifies the forwarding class of the SAA.

Values

be, l2, af, l1, h2, ef, h1, nc

Default

nc

interval {centisecs | secs}

Specifies the minimum amount of time, in seconds, that must expire before the next message request is sent. If the rapid parameter is configured, this value is measured in centiseconds (hundredths of a second) instead of seconds.

Values

1 to 10000

Default

1

pattern

Specifies the date portion in a ping packet is filled with the pattern value specified. If not specified, a system-generated sequential pattern is used.

Values

0 to 65535

rapid

Configures the interval parameter to use centiseconds (hundredths of a second) instead of seconds.

router-or-service

Specifies the numerical reference to the router instance or service. Well known router names "Base", "management", "vpm-vr-name”, and " vpls-management" are allowed for convenience, but are mapped numerically.

Values

{router-name | vprn-svc-id}

router-name:	Base, management, cmp-vr-name, vpls-management
vprn-svc-id:	1 to 2147483647
cpm-vr-name:	Up to 32 characters

The parameter router-instance is preferred for specifying the router or service.

Default

Base

router-instance

Specifies the preferred method for entering a service name. Stored as the service name. Only the service linking function is allowed for both mixed-mode and model-driven configuration modes.

Values

router-name, vprn-svc-name

router-name: Base, management, vpls-management, cpm-vr-name

vprn-svc-name: up to 64 characters

cpm-vr-name: up to 32 characters

service-name

Specifies the alias function that allows the service name to be used, converted and stored as a service ID, up to 64 characters.

The router-instance parameter is preferred for specifying the router or service.

bytes

Specifies the request packet size in bytes, expressed as a decimal integer.

Values

0 to 16384

Default

56

source ip-address

Specifies the IP address to be used.

Values

ipv4-address:	a.b.c.d
ipv6-address:	x:x:x:x:x:x:x:x
	x:x:x:x:x:x:d.d.d.d
	x:	[0 to FFFF]H
	d:	[0 to 255]D

timeout

Specifies the override time that the router waits for a message reply after sending the last probe for a specific test. Upon the expiration of the time out, the test is marked complete and no more packets are processed for any of those request probes.

Values

1 to 10

Default

5

type-of-service

Specifies the service type.

Values

0 to 255

Default

0

time-to-live

Specifies the TTL value for the MPLS label, expressed as a decimal integer.

Values

1 to 128

Default

64

Platforms

All

Context

[Tree] (config>service>nat>nat-policy>timeouts icmp-query)

[Tree] (config>service>nat>up-nat-policy>timeouts icmp-query)

Full Context

configure service nat nat-policy timeouts icmp-query

configure service nat up-nat-policy timeouts icmp-query

Description

This command configures the timeout applied to an ICMP query session.

Default

icmp-query min 1

Parameters

min minutes

Specifies the timeout, in minutes, applied to an ICMP query session.

Values

1 to 4

Default

1

sec seconds

Specifies the timeout, in seconds, applied to an ICMP query session.

Values

1 to 59

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>saa>test>type icmp-trace)

Full Context

configure saa test type icmp-trace

Description

This command configures an ICMP traceroute test.

Parameters

ip-address

Specifies the far-end IP address to which to send the svc-ping request message in dotted-decimal notation.

Values

ipv4-address:	a.b.c.d
ipv6-address:	x:x:x:x:x:x:x:x
	x:x:x:x:x:x:d.d.d.d
	x:	[0 to FFFF]H
	d:	[0 to 255]D
dns-name	up to 63 characters

dns-name

Specifies the DNS name of the far-end device to which to send the svc-ping request message, up to 63 characters.

router-instance

Specifies the preferred method for entering a service name. Stored as the service name. Only the service linking function is allowed for both mixed-mode and model-driven configuration modes.

Values

{router-name | vprn-svc-name}

router-name: Base, management, vpls-management, cpm-vr-name

vprn-svc-name: up to 64 characters

cpm-vr-name: up to 32 characters

Default

Base

router-or-service

Specifies the numerical reference to the router instance or service. Well known router names "Base", "management" and " vpls-management" are allowed for convenience, but are mapped numerically.

Values

{router-name | vprn-svc-id}

router-name:	Base, management, vpls-management
vprn-svc-id:	1 to 2147483647

The parameter router-instance is preferred for specifying the router or service.

Default

Base

service-name

Specifies the alias function that allows the service name to be used, converted and stored as service ID, up to 64 characters.

The parameter router-instance is preferred for specifying the router or service.

source ip-address

Specifies the IP address to be used.

Values

ipv4-address:	a.b.c.d
ipv6-address:	x:x:x:x:x:x:x:x
	x:x:x:x:x:x:d.d.d.d
	x:	[0 to FFFF]H
	d:	[0 to 255]D

type-of-service

Specifies the service type.

Values

0 to 255

Default

0

ttl

Specifies the TTL value for the MPLS label, expressed as a decimal integer.

Values

1 to 255

Default

30

milliseconds

Specifies the time, in milliseconds, to wait for a response to a probe, expressed as a decimal integer.

Values

10 to 60000

Default

5000

Platforms

All

Context

[Tree] (config>router icmp-tunneling)

Full Context

configure router icmp-tunneling

Description

This command enables the tunneling of ICMP reply packets over MPLS LSP at a LSR node as per RFC 3032.

The LSR part of this feature consists of crafting the reply ICMP packet of type=11- 'time exceeded', with a source address set to a local address of the LSR node, and appending the IP header and leading payload octets of the original datagram. The system skips the lookup of the source address of the sender of the label TTL expiry packet, which becomes the destination address of the ICMP reply packet. Instead, CPM injects the ICMP reply packet in the forward direction of the MPLS LSP the label TTL expiry packet was received from. The TTL of pushed labels should be set to 255.

The source address of the ICMP reply packet is determined as follows. The LSR uses the address of the outgoing interface for the MPLS LSP. With LDP LSP or BGP LSP multiple ECMP next-hops can exist and in such a case the first outgoing interface is selected. If that interface does not have an address of the same family (IPv4 or IPv6) as the ICMP packet, then the system address of the same family is selected. If one is not configured, the packet is dropped.

When the packet is received by the egress LER, it performs a regular user packet lookup in the data path in the GRT context for BGP shortcut, 6PE, and BGP label route prefixes, or in VPRN context for VPRN and 6VPE prefixes. It then forwards it to the destination, which is the sender of the original packet which TTL expired at the LSR.

If the egress LER does not have a route to the destination of the ICMP packet, it drops the packets.

The rate of the tunneled ICMP replies at the LSR can be directly or indirectly controlled by the existing IOM level and CPM levels mechanisms. Specifically, the rate of the incoming UDP traceroute packets received with a label stack can be controlled at ingress IOM using the distributed CPU protection feature. The rate of the ICMP replies by CPM can also be directly controlled by configuring a system wide rate limit for packets ICMP replies to MPLS expired packets which are successfully forwarded to CPM using the command 'configure system security vprn-network-exceptions'. While this command's name refers to VPRN service, this feature rate limits ICMP replies for packets received with any label stack, including VPRN and shortcuts.

The 7450 ESS, 7750 SR, and 7950 XRS implementation supports appending to the ICMP reply of type Time Exceeded the MPLS label stack object defined in RFC 4950. It does not include it in the ICMP reply type of Destination unreachable.

The new MPLS Label Stack object permits an LSR to include label stack information including label value, EXP, and TTL field values, from the encapsulation header of the packet that expired at the LSR node. The ICMP message continues to include the IP header and leading payload octets of the original datagram.

In order to include the MPLS Label Stack object, SR OS implementation adds support of RFC 4884 which defines extensions for a multi-part ICMPv4/v6 message of type Time Exceeded.

The no form of command disables the tunneling of ICMP reply packets over MPLS LSP at a LSR node.

Default

no icmp-tunneling

Platforms

All

Context

[Tree] (config>filter>ipv6-exception>entry>match icmp-type)

[Tree] (config>filter>ipv6-filter>entry>match icmp-type)

[Tree] (config>filter>ip-exception>entry>match icmp-type)

[Tree] (config>filter>ip-filter>entry>match icmp-type)

Full Context

configure filter ipv6-exception entry match icmp-type

configure filter ipv6-filter entry match icmp-type

configure filter ip-exception entry match icmp-type

configure filter ip-filter entry match icmp-type

Description

This command configures matching on the /ICMPv6 type field in the /ICMPv6 header of an IPv4 or IPv6 packet as a filter match criterion or configures matching on the ICMP type field in the ICMP header of an IPv4 packet as an exception filter match criterion. An entry containing Layer 4 non-zero match criteria will not match non-initial (2nd, 3rd, etc.) fragments of a fragmented packet because only the first fragment contains the Layer 4 information. Similarly an entry containing " icmp-type 0" match criterion, may match non-initial fragments when the Layer 4 header is not present in a packet fragment and other match criteria are also met.

The no form of the command removes the criterion from the match entry.

Default

no icmp-type

Parameters

icmp-type

Specifies the /ICMPv6 type value that must be present to match. Value can be expressed as a decimal integer, as well as in hexadecimal or binary format, or even using keywords. The following value shows decimal integer only.

Values

0 to 255

Platforms

VSR

• configure filter ip-exception entry match icmp-type
• configure filter ipv6-exception entry match icmp-type

All

• configure filter ip-filter entry match icmp-type
• configure filter ipv6-filter entry match icmp-type

Context

[Tree] (config>subscr-mgmt>cat-map>category>exh-lvl>egr-ipv6>entry>match icmp-type)

[Tree] (config>subscr-mgmt>cat-map>category>exh-lvl>ingr-ipv6>entry>match icmp-type)

[Tree] (config>subscr-mgmt>cat-map>category>exh-lvl>ingr-ip>entry>match icmp-type)

[Tree] (config>subscr-mgmt>cat-map>category>exh-lvl>egr-ip>entry>match icmp-type)

Full Context

configure subscriber-mgmt category-map category exhausted-credit-service-level egress-ipv6-filter-entries entry match icmp-type

configure subscriber-mgmt category-map category exhausted-credit-service-level ingress-ipv6-filter-entries entry match icmp-type

configure subscriber-mgmt category-map category exhausted-credit-service-level ingress-ip-filter-entries entry match icmp-type

configure subscriber-mgmt category-map category exhausted-credit-service-level egress-ip-filter-entries entry match icmp-type

Description

This command configures the ICMP type match condition.

The no form of this command reverts to the default.

Parameters

icmp-type

Specifies the ICMP type numbers accepted in DHB.

Values

[0 to 255]D, [0X0..0XFF]H, [0b0..0b11111111]B

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>qos>network>egress>ipv6-criteria>entry>match icmp-type)

[Tree] (config>qos>network>egress>ip-criteria>entry>match icmp-type)

Full Context

configure qos network egress ipv6-criteria entry match icmp-type

configure qos network egress ip-criteria entry match icmp-type

Description

This command configures matching on the ICMP or ICMPv6 type field in the ICMP or ICMPv6 header of an IPv4 or IPv6 packet as a network QoS match criterion.

An entry containing Layer 4 non-zero match criteria will not match non-initial (2nd, 3rd, etc.) fragments of a fragmented packet since only the first fragment contains the Layer 4 information. Similarly, an entry containing " icmp-type 0" match criterion, may match non-initial fragments when the Layer 4 header is not present in a packet fragment and other match criteria are also met.

The no form of the command removes the criterion from the match entry.

Default

no icmp-type

Parameters

icmp-type

Specifies the ICMP or ICMPv6 type value that must be present to match. Value can be expressed as a decimal integer, or in hexadecimal or binary format, or even using keywords.

Values

0 to 255 (Decimal)

0 to FF (Hexadecimal)

0 to 11111111 (Binary)

Platforms

All

Context

[Tree] (cfg>sys>sec>cpm>ipv6-filter>entry>match icmp-type)

[Tree] (cfg>sys>sec>cpm>ip-filter>entry>match icmp-type)

Full Context

configure system security cpm-filter ipv6-filter entry match icmp-type

configure system security cpm-filter ip-filter entry match icmp-type

Description

This command configures matching on ICMP type field in the ICMP header of an IP packet as an IP filter match criterion.

The no form of this command removes the criterion from the match entry.

Default

no icmp-type

Parameters

icmp-type

Specifies the ICMP type values that must be present to match.

Values

0 to 255

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>service>vprn>if>ipv6 icmp6)

[Tree] (config>service>ies>if>ipv6 icmp6)

Full Context

configure service vprn interface ipv6 icmp6

configure service ies interface ipv6 icmp6

Description

This command configures ICMPv6 parameters for the interface.

Platforms

All

Context

[Tree] (config>router>if>ipv6 icmp6)

Full Context

configure router interface ipv6 icmp6

Description

Commands in this context configure ICMPv6 parameters for the interface.

Platforms

All

Context

[Tree] (debug>router>ip icmp6)

Full Context

debug router ip icmp6

Description

This command enables ICMPv6 debugging.

Platforms

All

Context

[Tree] (config>service>vprn>if>sap>ip-tunnel icmp6-generation)

[Tree] (config>ipsec>tnl-temp icmp6-generation)

[Tree] (config>service>vprn>if>ipsec>ipsec-tunnel icmp6-generation)

[Tree] (config>service>ies>if>ipsec>ipsec-tunnel icmp6-generation)

[Tree] (config>router>if>ipsec>ipsec-tunnel>dyn icmp6-generation)

[Tree] (config>router>if>ipsec>ipsec-tunnel icmp6-generation)

[Tree] (config>service>ies>if>sap>ip-tunnel icmp6-generation)

[Tree] (config>service>vprn>if>sap>ipsec-tun icmp6-generation)

Full Context

configure service vprn interface sap ip-tunnel icmp6-generation

configure ipsec tunnel-template icmp6-generation

configure service vprn interface ipsec ipsec-tunnel icmp6-generation

configure service ies interface ipsec ipsec-tunnel icmp6-generation

configure router interface ipsec ipsec-tunnel dyn icmp6-generation

configure router interface ipsec ipsec-tunnel icmp6-generation

configure service ies interface sap ip-tunnel icmp6-generation

configure service vprn interface sap ipsec-tunnel icmp6-generation

Description

This command enables the ICMPv6 packet generation configuration context.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

• configure service vprn interface sap ip-tunnel icmp6-generation
• configure service ies interface sap ip-tunnel icmp6-generation
• configure ipsec tunnel-template icmp6-generation
• configure service vprn interface sap ipsec-tunnel icmp6-generation

VSR

• configure service vprn interface ipsec ipsec-tunnel icmp6-generation
• configure router interface ipsec ipsec-tunnel icmp6-generation
• configure service ies interface ipsec ipsec-tunnel icmp6-generation

Context

[Tree] (config>service>nat>firewall-policy>timeouts icmp6-query)

Full Context

configure service nat firewall-policy timeouts icmp6-query

Description

This command configures the timeout interval for ICMPv6 query mappings.

The no form of the command reverts the timeout interval to the default of 1 minute.

Default

icmp6-query min 1

Parameters

minutes

Specifies the number of minutes in the ICMP query mapping timeout interval.

Values

1 to 4

seconds

Specifies the number of seconds in the ICMP query mapping timeout interval.

Values

0 to 59

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (debug>service id)

Full Context

debug service id

Description

This command enables debugging for the specified service ID.

The no form of this command disables the debugging.

Parameters

service-id

The ID that uniquely identifies a service.

Values

service-id: 1 to 214748364

svc-name: A string up to 64 characters in length

Platforms

All

Context

[Tree] (cfg>eth-cfm>domain>assoc>bridge id-permission)

Full Context

configure eth-cfm domain association bridge-identifier id-permission

Description

This command allows the operator to include the sender-id TLV information that was specified under the config>eth>system>sender-id configuration for service MEPs and MIPs. When this option is present under the maintenance association, the specific MPs in the association includes the sender-id TLV information in ETH-CFM PDUs. MEPs include the sender-id TLV for CCM (not sub second CCM enabled MEPs), LBM/LBR, and LTM/LTR. MIPs includes this value in the LBR and LTR PDUs.

Parameters

chassis

Sends the configured chassis information defined under in the eth-cfm>system>sender-id context.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>eth-cfm>default-domain>bridge-identifier id-permission)

Full Context

configure eth-cfm default-domain bridge-identifier id-permission

Description

This command enables the inclusion of the Sender ID TLV information specified under the config> eth>system>sender-id command for installed MEPs and MIPs. The inclusion of the Sender ID TLV is based on the configured value. The Sender ID TLV is supported for ETH-CC, ETH-LB, and ETH-LB PDUs.

Note: LBR functions reflect back all TLVs received in the LBM, unchanged, including the Sender ID TLV. Transmission of the Management Domain and Management Address fields are not supported in this TLV.

The no form of this command disables the inclusion of the Sender ID TLV.

Default

id-permission defer (config>eth-cfm>default-domain>bridge-identifier)

no id-permission (config>eth-cfm>domain>association>bridge)

Parameters

chassis

Keyword to include the Sender ID TLV with a value equal to the sender-id configured under the eth-cfm>system context.

defer

Keyword to specify that id-permission will inherit the value from the global read-only system values.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>subscr-mgmt>loc-user-db>ppp>host identification-strings)

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host identification-strings)

Full Context

configure subscriber-mgmt local-user-db ppp host identification-strings

configure subscriber-mgmt local-user-db ipoe host identification-strings

Description

This command specifies identification strings for the subscriber. This is useful when the server is centralized with Enhanced Subscriber Management (ESM) in a lower level in the network. These strings are parsed by a downstream Python script or they can be used literally if the strings-from-option option in the config>subscr-mgmt>sub-ident-policy context is set to this option number. In this case, the option number may be set to any allowed number (between 224 and 254 is suggested, as these are not dedicated to specific purposes). If the option number is not given, a default value of 254 is used. For PPPoE only, if the local user database is attached to the PPPoE node under the group interface and not to a local DHCP server, the strings are used internally so the option number is not used.

The no form of this command returns to the default.

Parameters

option-number

Specifies identification strings for the subscriber.

Values

1 to 254

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>system>bluetooth>module identifier)

Full Context

configure system bluetooth module identifier

Description

This command configures an identifier string used to advertise the Bluetooth module during pairing operations.

If no identifier is specified by the user, the default is derived from the platform type, the CPM slot, and the serial number of the chassis.

For example, a device with a platform field of 7750, SR-12 chassis, and a CPM serial number of NS23456 would have a Bluetooth identifier of "7750-SR-12-CPM-A-NS23456." for the CPM in slot A.

The no form of this command resets the identifier back to the default.

Parameters

identifier

Specifies string, up to 32 characters, using the values in the range 0-9, a-z, or A-Z.

Platforms

7750 SR-1, 7750 SR-s, 7950 XRS-20e

Context

[Tree] (config>ipsec>client-db>client>client-id idi)

Full Context

configure ipsec client-db client client-identification idi

Description

This command specifies a match criteria that uses the peer’s identification initiator (IDi) as the input, only one IDi criteria can be configured for a given client entry. This command supports the following matching methods:

• idi any: Matches any type of IDi with any value.

• idi ipv4-prefix: Matches an IDi with the type ID_IPV4_ADDR. If the any parameter is specified, then it will match any IPv4 address. If an IPv4 prefix is specified, then it will match an IPv4 address that is within the specified prefix.

• idi ipv6-prefix: Matches an IDi with the type ID_IPV6_ADDR. If the any parameter is specified, then it will match any IPv6 address. If an IPv6 prefix is specified, then it will match an IPv6 address that is within the specified prefix.

• idi string-type: Supports following type of IDi:

  • FQDN: Either a full match or a suffix match

  • RFC822: Either a full match or a suffix match

The no form of this command reverts to the default.

Default

no idi

Parameters

any

Matches any type of IDi with any value.

ipv4-prefix/ipv4-prefix-length

Matches any IPv4 address and prefix.

ipv6-prefix/ipv6-prefix-length

Matches any IPv6 address and prefix.

string-type

Matches the type of IDi value for this IPsec client entry.

Values

fqdn, fqdn-suffix, rfc822, rfc822-suffix

string-value

Matches the IDi value within the client ID for this IPsec client entry up to 256 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>ipsec>client-db>match-list idi)

Full Context

configure ipsec client-db match-list idi

Description

This command enables the Identification Initiator (IDi) type in the IPsec client matching process.

The no form of this command disables the IDi matching process.

Default

no idi

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>port>tdm>e3 idle-cycle-flag)

[Tree] (config>port>tdm>ds3 idle-cycle-flag)

Full Context

configure port tdm e3 idle-cycle-flag

configure port tdm ds3 idle-cycle-flag

Description

This command configures the value that the HDLC TDM DS-0, E-3, or DS-3 interface transmits during idle cycles. For ATM ports/channels/channel-groups, the configuration does not apply and only the no form is accepted.

The no form of this command reverts the idle cycle flag to the default value.

Default

flags (0x7E)

no flags (ATM)

Parameters

flags

Specifies that 0x7E is used as the idle cycle flag.

ones

Specifies that 0xFF is used as the idle cycle flag.

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e

Context

[Tree] (config>service>vpls>gsmp>group idle-filter)

[Tree] (config>service>vprn>gsmp>group idle-filter)

Full Context

configure service vpls gsmp group idle-filter

configure service vprn gsmp group idle-filter

Description

This command when applied will filter out new incoming ANCP messages while the subscriber DSL-line-state is idle. The command takes effect at the time that it is applied. Existing subscribers already in idle state are not purged from the database.

The no form of this command reverts to the default.

Platforms

All

Context

[Tree] (config>service>vpls>gsmp idle-filter)

Full Context

configure service vpls gsmp idle-filter

Description

This command when applied will filter out new subscriber’s ANCP messages from subscriber with "DSL-line-state” IDLE.

Default

no idle-filter

Platforms

All

Context

[Tree] (config>service>vprn>gsmp idle-filter)

Full Context

configure service vprn gsmp idle-filter

Description

This command when applied will filter out new subscriber’s ANCP messages from subscriber with "DSL-line-state” IDLE.

Default

no idle-filter

Platforms

All

Context

[Tree] (config>port>tdm>ds1>channel-group idle-payload-fill)

[Tree] (config>port>tdm>e1>channel-group idle-payload-fill)

Full Context

configure port tdm ds1 channel-group idle-payload-fill

configure port tdm e1 channel-group idle-payload-fill

Description

This command defines the data pattern to be transmitted when the circuit emulation service is not operational or temporarily experiences under-run conditions. This command is only valid for cesopsn and cesopsn-cas circuit emulation services. It is blocked with a warning for unstructured (satop) circuit emulation services.

Default

idle-payload-fill all-ones

Parameters

all-ones

Defines the 8 bit value to be transmitted as 11111111.

pattern

Transmits a user-defined pattern.

Values

0 to 255, accepted in decimal, hex or binary

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e

Context

[Tree] (config>port>tdm>e1>channel-group idle-signal-fill)

[Tree] (config>port>tdm>ds1>channel-group idle-signal-fill)

Full Context

configure port tdm e1 channel-group idle-signal-fill

configure port tdm ds1 channel-group idle-signal-fill

Description

This command defines the signaling pattern to be transmitted when the circuit emulation service is not operational or temporarily experiences under-run conditions. This command is only valid for cesopsn-cas circuit emulation services. It is blocked with a warning for unstructured (satop) and basic cesopsn circuit emulation services.

Default

idle-signal-fill all-ones

Parameters

all-ones

Defines the 8 bit value to be transmitted as 11111111.

pattern

Transmits a user-defined pattern.

Values

0 to 15, accepted in decimal, hex or binary

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e

Context

[Tree] (config>system>grpc-tunnel>destination-group>tcp-keepalive idle-time)

[Tree] (config>system>telemetry>destination-group>tcp-keepalive idle-time)

[Tree] (config>system>grpc>tcp-keepalive idle-time)

Full Context

configure system grpc-tunnel destination-group tcp-keepalive idle-time

configure system telemetry destination-group tcp-keepalive idle-time

configure system grpc tcp-keepalive idle-time

Description

This command configures the amount of time, in seconds, that the connection must remain idle before TCP keepalive probes are sent.

The no form of this command reverts to the default value.

Default

idle-time 600

Parameters

idle

Specifies the number of seconds before the first TCP keepalive probe is sent.

Values

1 to 100000

Default

600

Platforms

All

Context

[Tree] (config>router>l2tp>group idle-timeout)

[Tree] (config>router>l2tp>group>tunnel idle-timeout)

[Tree] (config>service>vprn>l2tp>group idle-timeout)

[Tree] (config>service>vprn>l2tp idle-timeout)

[Tree] (config>service>vprn>l2tp>group>tunnel idle-timeout)

Full Context

configure router l2tp group idle-timeout

configure router l2tp group tunnel idle-timeout

configure service vprn l2tp group idle-timeout

configure service vprn l2tp idle-timeout

configure service vprn l2tp group tunnel idle-timeout

Description

This command configures the period of time that an established tunnel with no active sessions persists before being disconnected.

Enter the no form of this command to maintain a persistent tunnel.

The no form of this command removes the idle timeout from the configuration.

Default

no idle-timeout

Parameters

idle-timeout

Specifies the idle timeout value, in seconds until the group is removed.

Default

no idle-timeout

Values

0 to 3600

infinite

Specifies that the tunnel is not closed when idle.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>sla-prof>cat-map>category idle-timeout)

Full Context

configure subscriber-mgmt sla-profile category-map category idle-timeout

Description

This command defines the idle-timeout value.

The no form of this command reverts to the default.

Parameters

timeout

Specifies the idle-timeout, in seconds.

Values

60 to 15552000

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range idle-timeout)

[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range idle-timeout)

Full Context

configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range idle-timeout

configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range idle-timeout

Description

This command specifies idle-timeout behavior for DSM UEs and UEs undergoing (ISA-based) portal authentication. This knob only specifies the desired action, idle-timeout is activated by RADIUS on a per-UE basis.

The no form of this command resets the idle-timeout to its default.

Default

idle-timeout action remove

Parameters

action

Specifies which action to perform when the idle-timeout timer goes off.

Values

remove, shcv

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>system>login-control idle-timeout)

Full Context

configure system login-control idle-timeout

Description

This command configures the idle timeout for console, FTP, Telnet, and SSH sessions before the session is terminated by the system.

By default, each idle console, FTP, Telnet, and SSH session times out after 30 minutes of inactivity.

The no form of this command reverts to the default value.

Default

idle-timeout 30

Parameters

minutes

Specifies the idle timeout in minutes. Allowed values are 1 to 1440.

Values

1 to 1440

disable

When the disable option is specified, a session will never timeout. To re-enable idle timeout, enter the command without the disable option.

Platforms

All

Context

[Tree] (config>subscr-mgmt>sla-prof>cat-map>category idle-timeout-action)

Full Context

configure subscriber-mgmt sla-profile category-map category idle-timeout-action

Description

This command defines the action to be executed when the idle-timeout is reached. The action is performed for all hosts associated with the sla-profile instance.

The no form of this command reverts to the default.

Default

idle-timeout-action terminate

Parameters

shcv-check

Performs a subscriber host connectivity verification check (IPoE hosts only).

Note:

Host connectivity verification must be enabled on the group-interface where the host is connected.

If the check is successful, the hosts are not disconnected and the idle-timeout timer is reset.

If the check fails, the hosts are deleted, similar as for idle-timeout-action terminate.

terminate

Deletes the subscriber host from the system: for PPP hosts, a terminate request is send; for IPoE hosts a DHCP release is send to the DHCP server.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service ies)

Full Context

configure service ies

Description

This command creates or edits an IES service instance.

The ies command creates or maintains an Internet Ethernet Service (IES). If the service-id does not exist, a context for the service is created. If the service-id exists, the context for editing the service is entered.

IES services allow the creation of customer facing IP interfaces in the same routing instance used for service network core routing connectivity. IES services require that the IP addressing scheme used by the subscriber must be unique between it and other addressing schemes used by the provider and potentially the entire Internet.

IP interfaces defined within the context of an IES service ID must have a SAP created as the access point to the subscriber network. This allows a combination of bridging and IP routing for redundancy purposes.

When a service is created, the customer keyword and customer-id must be specified and associates the service with a customer. The customer-id must already exist having been created using the customer command in the service context. Once a service has been created with a customer association, it is not possible to edit the customer association. The service must be deleted and recreated with a new customer association.

Once a service is created, the use of the customer customer-id is optional for navigating into the service configuration context. Attempting to edit a service with the incorrect customer-id specified results in an error.

Multiple IES services are created to separate customer owned IP interfaces. More than one IES service may be created for a single customer ID. More than one IP interface may be created within a single IES service ID. All IP interfaces created within an IES service ID belongs to the same customer.

By default, no IES service instances exist until they are explicitly created.

The no form of this command deletes the IES service instance with the specified service-id. The service cannot be deleted until all the IP interfaces defined within the service ID have been shut down and deleted.

Parameters

service-id

Specifies the unique service identification number identifying the service in the service domain. This ID must be unique to this service and may not be used for any other service of any type. The service-id must be the same number used for every router on which this service is defined.

Values

service-id: 1 to 214748364

svc-name: A string up to 64 characters

customer-id

Specifies the customer ID number to be associated with the service. This parameter is required on service creation and optional for service editing or deleting.

Values

1 to 2147483647

vpn-id

Specifies the VPN ID number used to identify virtual private networks (VPNs) by a VPN identification number.

Values

1 to 2147483647

Default

null (0)

create

Keyword used to create the service ID. The create keyword requirement can be enabled or disabled in the environment>create context.

name

This parameter configures an optional service name, up to 64 characters, which adds a name identifier to a given service to then use that service name in configuration references as well as display and use service names in show commands throughout the system. This helps the service provider or administrator to identify and manage services within the SR OS platforms.

All services are required to assign a service ID to initially create a service. However, either the service ID or the service name can be used to identify and reference a given service once it is initially created.

If a name is not specified at creation time, then SR OS assigns a string version of the service-id as the name.

Service names may not begin with an integer (0 to 9).

Values

name: up to 64 characters

Platforms

All

Context

[Tree] (config>cflowd>collector>exp-filter>if-list>svc ies)

Full Context

configure cflowd collector export-filter interface-list service ies

Description

This command configures the IES service interface flow data sent to this collector.

The no form of this command removes the values from the configuration.

Parameters

service-id

Specifies the unique service ID number or string identifying the service in the service domain. This ID must be unique to this service and may not be used for any other service of any type. The service-id must be the same number for every SR OS on which this service is defined.

Values

service-id: 1 to 2147483647

svc-name: 64 characters maximum

interface ip-int-name

Specifies the name of the IP interface. Interface names must be unique within the group of defined IP interfaces for configure router interface and configure service ies interface commands. An interface name cannot be in the form of an IP address. Interface names can be from 1 to 32 alphanumeric characters and must start with a letter. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes.

subscriber-interface ip-int-name

Specifies the interface name of a subscriber interface. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes and must start with a letter.

group-interface ip-int-name

Specifies the interface name of a group interface. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes and must start with a letter.

ingress

Keyword to specify that ingress flows are sent to the associated Cflowd Collector.

Default

both

egress

Keyword to specify that egress flows are sent to the associated Cflowd Collector.

Default

both

both

Keyword to specify that both ingress and egress flows are sent to the associated Cflowd Collector.

Default

both

Platforms

All

Context

[Tree] (config>subscr-mgmt>msap-policy ies-vprn-only-sap-parameters)

Full Context

configure subscriber-mgmt msap-policy ies-vprn-only-sap-parameters

Description

Commands in this context configure managed SAP IES and VPRN properties. VPRN services are supported on the 7750 SR only.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vprn>interface if-attribute)

[Tree] (config>router if-attribute)

[Tree] (config>service>ies>interface if-attribute)

[Tree] (config>router>interface if-attribute)

Full Context

configure service vprn interface if-attribute

configure router if-attribute

configure service ies interface if-attribute

configure router interface if-attribute

Description

This command creates the context to configure or apply IP interface attributes such as administrative group (admin-group) or Shared Risk Loss Group (SRLG).

Platforms

All

Context

[Tree] (config>router>mpls>if>mpls-tp-mep if-num)

Full Context

configure router mpls interface mpls-tp-mep if-num

Description

This command configures the MPLS-TP interface number for the MPLS interface. This is a 32-bit unsigned integer that is node-wide unique.

Parameters

if-num

Specifies a 32-bit value that is unique to the node.

Values

1 to 4294967295

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>router>mpls>if>mpls-tp-mep if-num-validation)

Full Context

configure router mpls interface mpls-tp-mep if-num-validation

Description

The if-num-validation command is used to enable or disable validation of the if-num in LSP Trace packet against the locally configured if-num for the interface over which the LSP Trace packet was received at the egress LER. This is because some third-party implementations may not perform interface validation for unnumbered MPLS-TP interfaces and instead set the if-num in the DSMAP TLV to 0. If the value is enable, the node performs the validation of the ingress and egress if-nums received in the LSP echo request messages that ingress on this MPLS-interface. It validates that the message arrives on the interface as identified by the ingress if-num, and is forwarded on the interface as identified by the egress if-num.

If the value is disable, no validation is performed for the ingress and egress if-nums received in the LSP echo request messages that ingress on this MPLS-interface.

Default

if-num-validation enable

Parameters

enable

Enables interface number validation.

disable

Disables interface number validation.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>subscr-mgmt>msap-policy>vpls-only>igmp-snp>mcac if-policy)

Full Context

configure subscriber-mgmt msap-policy vpls-only-sap-parameters igmp-snooping mcac if-policy

Description

This command assigns an existing MCAC interface policy to this MSAP policy.

The no form of this command removes the MCAC interface policy association.

Parameters

mcac-if-policy-name

Specifies an existing MCAC interface policy up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vpls>mesh-sdp>igmp-snooping>mcac if-policy)

[Tree] (config>service>vpls>spoke-sdp>mld-snooping>mcac if-policy)

[Tree] (config>service>vpls>mesh-sdp>mld-snooping>mcac if-policy)

[Tree] (config>service>vpls>sap>mld-snooping>mcac if-policy)

[Tree] (config>service>vpls>spoke-sdp>igmp-snooping>mcac if-policy)

[Tree] (config>service>vpls>sap>igmp-snooping>mcac if-policy)

Full Context

configure service vpls mesh-sdp igmp-snooping mcac if-policy

configure service vpls spoke-sdp mld-snooping mcac if-policy

configure service vpls mesh-sdp mld-snooping mcac if-policy

configure service vpls sap mld-snooping mcac if-policy

configure service vpls spoke-sdp igmp-snooping mcac if-policy

configure service vpls sap igmp-snooping mcac if-policy

Description

This command assigns existing MCAC interface policy to this interface. MCAC interface policy is not supported with MLD-snooping, therefore executing the command in the mld-snooping contexts will return an error.

The no form of this command removes the MCAC interface policy association.

Default

no if-policy

Parameters

mcac-if-policy-name

Specifies an existing MCAC interface policy

Platforms

All

Context

[Tree] (config>service>vprn>igmp>grp-if>mcac if-policy)

[Tree] (config>service>vprn>pim>if>mcac if-policy)

[Tree] (config>service>vprn>mld>if>mcac if-policy)

[Tree] (config>service>vprn>mld>grp-if>mcac if-policy)

[Tree] (config>service>vprn>igmp>if>mcac if-policy)

Full Context

configure service vprn igmp group-interface mcac if-policy

configure service vprn pim interface mcac if-policy

configure service vprn mld interface mcac if-policy

configure service vprn mld group-interface mcac if-policy

configure service vprn igmp interface mcac if-policy

Description

This command assigns existing an MCAC interface policy to this interface.

The no form of this command removes the MCAC interface policy association.

Default

no if-policy

Parameters

if-policy-name

Specifies an existing MCAC interface policy, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

• configure service vprn mld group-interface mcac if-policy
• configure service vprn igmp group-interface mcac if-policy

All

• configure service vprn mld interface mcac if-policy
• configure service vprn pim interface mcac if-policy
• configure service vprn igmp interface mcac if-policy

Context

[Tree] (config>router>pim>if>mcac if-policy)

[Tree] (config>router>igmp>grp-if>mcac if-policy)

[Tree] (config>router>igmp>if>mcac if-policy)

[Tree] (config>router>mld>if>mcac if-policy)

[Tree] (config>router>mld>grp-if>mcac if-policy)

Full Context

configure router pim interface mcac if-policy

configure router igmp group-interface mcac if-policy

configure router igmp interface mcac if-policy

configure router mld interface mcac if-policy

configure router mld group-interface mcac if-policy

Description

This command assigns an existing MCAC interface policy to the interface.

The no form removes the MCAC interface policy association.

Default

no if-policy

Parameters

if-policy-name

Specifies an existing MCAC interface policy, up to 32 characters.

Platforms

All

• configure router igmp interface mcac if-policy
• configure router pim interface mcac if-policy
• configure router mld interface mcac if-policy

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

• configure router mld group-interface mcac if-policy
• configure router igmp group-interface mcac if-policy

Context

[Tree] (config>router>mcac if-policy)

Full Context

configure router mcac if-policy

Description

This command creates an MCAC interface policy and enables the context to configure parameters for the policy.

The no form of this command deletes the MCAC interface policy.

Parameters

if-policy-name

Specifies the name of the MCAC interface policy, up to 32 characters.

Platforms

All

Context

[Tree] (config>oam-pm>streaming>delay-template ifdv-avg)

Full Context

configure oam-pm streaming delay-template ifdv-avg

Description

This command specifies the sending of average inter-frame delay variation for a specified direction.

The no form of this command deletes the specified average direction.

Parameters

forward

Specifies the measurement in the forward direction.

backward

Specifies the measurement in the backward direction.

round-trip

Specifies the measurement for the round trip.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (debug>mcast-mgmt>mcast-rprt-dest igmp)

Full Context

debug mcast-management mcast-reporting-dest igmp

Description

This command sets mcast reporting dest debug filtering options.

Platforms

All

Context

[Tree] (config>redundancy>multi-chassis>peer>sync igmp)

Full Context

configure redundancy multi-chassis peer sync igmp

Description

This command specifies whether IGMP protocol information should be synchronized with the multi-chassis peer.

Default

no igmp

Platforms

All

Context

[Tree] (config>service>vprn igmp)

Full Context

configure service vprn igmp

Description

Commands in this context configure IGMP parameters.

The no form of this command disables IGMP.

Default

no igmp

Platforms

All

Context

[Tree] (config>router igmp)

Full Context

configure router igmp

Description

This command enables the Internet Group Management Protocol (IGMP) context. When the context is created, the IGMP protocol is enabled.

The Internet Group Management Protocol (IGMP) is used by IPv4 systems (hosts and routers) to report their IP multicast group memberships to neighboring multicast routers. An IP multicast router can be a member of one or more multicast groups, in which case it performs both the "multicast router part” of the protocol which collects the membership information needed by its multicast routing protocol, and the "group member part” of the protocol which informs itself and other neighboring multicast routers of its memberships.

The no form of the command disables the IGMP instance. To start or suspend execution of IGMP without affecting the configuration, use the no shutdown command.

Platforms

All

Context

[Tree] (config>sys>security>cpu-protection>ip>included-protocols igmp)

Full Context

configure system security cpu-protection ip-src-monitoring included-protocols igmp

Description

This command includes the extracted IPv4 IGMP packets for ip-src-monitoring. IPv4 IGMP packets will be subject to the per-source-rate of CPU protection policies.

Default

no igmp

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS

Context

[Tree] (config>subscr-mgmt>msap-policy igmp-host-tracking)

Full Context

configure subscriber-mgmt msap-policy igmp-host-tracking

Description

Commands in this context configure IGMP host tracking parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vprn>sub-if>grp-if>sap igmp-host-tracking)

Full Context

configure service vprn subscriber-interface group-interface sap igmp-host-tracking

Description

Commands in this context configure IGMP host tracking parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vpls>sap igmp-host-tracking)

[Tree] (config>service>vpls igmp-host-tracking)

Full Context

configure service vpls sap igmp-host-tracking

configure service vpls igmp-host-tracking

Description

Commands in this context configure IGMP host tracking parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>ies>sub-if>grp-if>sap igmp-host-tracking)

[Tree] (config>service>ies igmp-host-tracking)

Full Context

configure service ies subscriber-interface group-interface sap igmp-host-tracking

configure service ies igmp-host-tracking

Description

Commands in this context configure IGMP host tracking parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vprn>sap igmp-host-tracking)

[Tree] (config>service>vprn igmp-host-tracking)

Full Context

configure service vprn sap igmp-host-tracking

configure service vprn igmp-host-tracking

Description

Commands in this context configure IGMP host tracking parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt igmp-policy)

Full Context

configure subscriber-mgmt igmp-policy

Description

This command configures an IGMP policy.

The no form of this command reverts to the default value.

Parameters

policy-name

Specifies the policy name up to 32 characters.

create

Keyword used to create the IGMP policy. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>sub-prof igmp-policy)

Full Context

configure subscriber-mgmt sub-profile igmp-policy

Description

This command will enable IGMP processing per subscriber host. Without this command IGMP states will not be maintained per subscriber hosts. The referenced policy is defined under the configure>subscr-mgmt context and can be only applied via the sub-profile.

The referenced policy contains entries such as:

• description statement

• import statement — IGMP filters

• egress-rate-modify statement—HQoS Adjustment

• mcast-redirection statement—redirection to alternate interface

• static statement—definition of static IGMP groups

• version statement —IGMP version

• fast-leave statement

• max-num-groups statement—the maximum number of multicast groups allowed

The no form of this command reverts to the default.

Parameters

policy-name

Specifies the name of the IGMP policy for the subscriber. The policy itself is defined under the configure>sub-mgmt context.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vpls>spoke-sdp igmp-snooping)

[Tree] (config>service>vpls>sap igmp-snooping)

[Tree] (config>service>vpls igmp-snooping)

[Tree] (config>service>vpls>mesh-sdp igmp-snooping)

[Tree] (config>service>vpls>allow-ip-int-bind igmp-snooping)

Full Context

configure service vpls spoke-sdp igmp-snooping

configure service vpls sap igmp-snooping

configure service vpls igmp-snooping

configure service vpls mesh-sdp igmp-snooping

configure service vpls allow-ip-int-bind igmp-snooping

Description

This command enables the Internet Group Management Protocol (IGMP) snooping context.

Platforms

All

Context

[Tree] (config>subscr-mgmt>msap-policy>vpls-only igmp-snooping)

Full Context

configure subscriber-mgmt msap-policy vpls-only-sap-parameters igmp-snooping

Description

Commands in this context configure Internet Group Management Protocol (IGMP) snooping parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>redundancy>multi-chassis>peer>sync igmp-snooping)

Full Context

configure redundancy multi-chassis peer sync igmp-snooping

Description

This command specifies whether IGMP snooping information should be synchronized with the multi-chassis peer.

Default

no igmp-snooping

Platforms

All

Context

[Tree] (config>service>vpls>vxlan igmp-snooping)

Full Context

configure service vpls vxlan igmp-snooping

Description

This command enables the Internet Group Management Protocol (IGMP) snooping context.

Platforms

All

Context

[Tree] (config>service>vpls>pbb>bvpls>sap igmp-snooping)

[Tree] (config>service>vpls>pbb>bvpls igmp-snooping)

[Tree] (config>service>vpls>pbb>bvpls>sdp igmp-snooping)

Full Context

configure service vpls pbb backbone-vpls sap igmp-snooping

configure service vpls pbb backbone-vpls igmp-snooping

configure service vpls pbb backbone-vpls sdp igmp-snooping

Description

This command configures IGMP snooping attributes for I-VPLS.

Platforms

All

Context

[Tree] (debug>service>id igmp-snooping)

Full Context

debug service id igmp-snooping

Description

This command enables and configures IGMP-snooping debugging.

Platforms

All

Context

[Tree] (config>service>pw-template igmp-snooping)

Full Context

configure service pw-template igmp-snooping

Description

This command enables the Internet Group Management Protocol (IGMP) snooping context.

Platforms

All

Context

[Tree] (config>subscr-mgmt>http-redirect-policy ignore-app-profile)

Full Context

configure subscriber-mgmt http-redirect-policy ignore-app-profile

Description

When enabled, the Alc-App-Prof-Str VSA is ignored in a RADIUS Accept that enables portal redirection using this redirect policy. AA functionality is disabled during portal authentication.

The no form of this command allows an Alc-App-Prof-Str to be present and enables Application Assurance during portal authentication. In this case redirection rules defined in this policy are bypassed and it is assumed the AA function is configured for portal redirection.

Default

no ignore-app-profile

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vprn>isis ignore-attached-bit)

Full Context

configure service vprn isis ignore-attached-bit

Description

This command configures IS-IS to ignore the attached bit on received Level 1 LSPs to disable installation of default routes.

Platforms

All

Context

[Tree] (config>router>isis ignore-attached-bit)

Full Context

configure router isis ignore-attached-bit

Description

This command configures IS-IS to ignore the attached bit on received Level 1 LSPs to disable installation of default routes.

Platforms

All

Context

[Tree] (config>router>l2tp ignore-avps)

[Tree] (config>service>vprn>l2tp ignore-avps)

Full Context

configure router l2tp ignore-avps

configure service vprn l2tp ignore-avps

Description

This command specifies the L2TP AVPs that should be ignored in L2TP session control.

The no form of this command reverts to the default.

Parameters

sequencing-required

Ignores the [39] Sequencing Required AVP on LNS when present in the L2TP ICCN message received from LAC. By default, the session at LNS would be disconnected, in this case with the Call Disconnect Notify (CDN) error code unknownMandatoryReceive(8). Note that when configured, to ignore the Sequencing Required AVP there is no Sequence Numbers inserted into the data channel.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vprn>sub-if>grp-if ignore-default)

[Tree] (config>service>ies>sub-if>grp-if ignore-default)

[Tree] (config>service>ies>if>ipv6 ignore-default)

[Tree] (config>service>ies>if ignore-default)

[Tree] (config>service>ies>sub-if>grp-if>ipv6 ignore-default)

Full Context

configure service vprn subscriber-interface group-interface ignore-default

configure service ies subscriber-interface group-interface ignore-default

configure service ies interface ipv6 ignore-default

configure service ies interface ignore-default

configure service ies subscriber-interface group-interface ipv6 ignore-default

Description

This command enables the default route when performing a uRPF check.

The no form of this command disables the default route.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

• configure service ies subscriber-interface group-interface ignore-default
• configure service vprn subscriber-interface group-interface ignore-default
• configure service ies subscriber-interface group-interface ipv6 ignore-default

All

• configure service ies interface ipv6 ignore-default
• configure service ies interface ignore-default

Context

[Tree] (config>router>if>urpf-check ignore-default)

[Tree] (config>router>if>ipv6>urpf-check ignore-default)

Full Context

configure router interface urpf-check ignore-default

configure router interface ipv6 urpf-check ignore-default

Description

This command configures the uRPF check (if enabled) to ignore default routes for purposes of determining the validity of incoming packets. By default, default routes are considered eligible.

Platforms

All

Context

[Tree] (config>subscr-mgmt>loc-user-db>ppp>host ignore-df-bit)

Full Context

configure subscriber-mgmt local-user-db ppp host ignore-df-bit

Description

When this command is enabled for a subscriber host, the do-not-fragment (DF) bit in the IPv4 header for frames egressing the subscriber interface is ignored, the frames are fragmented according the applicable egress MTU. The DF bit is reset for frames that are fragmented.

This command applies to PPPoE PTA and L2TP LNS frames only. It is not applicable for L2TP LAC frames.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>ies>sub-if>grp-if ignore-df-bit)

[Tree] (config>service>vprn>sub-if>grp-if ignore-df-bit)

Full Context

configure service ies subscriber-interface group-interface ignore-df-bit

configure service vprn subscriber-interface group-interface ignore-df-bit

Description

This command enables the ignore-df-bit flag that ignores the do-not-fragment (DF) bit for frames egressing the WLAN-GW group interface and fragments the frame according to the applicable egress MTU. The DF bit is reset for the frames that are fragmented.

The no form of this command causes the router to fragment a packet larger than the MTU if the DF bit is set to 0 and drops the packet if the DF bit is set to 1.

Default

no ignore-df-bit

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vprn>ospf ignore-dn-bit)

[Tree] (config>service>vprn>ospf3 ignore-dn-bit)

Full Context

configure service vprn ospf ignore-dn-bit

configure service vprn ospf3 ignore-dn-bit

Description

This command specifies whether to ignore the DN bit for OSPF LSA packets for this instance of OSPF on the router. When enabled, the DN bit for OSPF LSA packets are ignored.

The no form of this command does not ignore the DN bit for OSPF LSA packets.

Default

no ignore-dn-bit

Platforms

All

Context

[Tree] (config>port>ethernet>efm-oam ignore-efm-state)

Full Context

configure port ethernet efm-oam ignore-efm-state

Description

When the ignore-efm-state command is configured, any failure in the protocol state machine (discovery, configuration, timeout, loops, and so on) does not impact the state of the port. There is only a protocol warning message on the port. If this optional command is not configured, the port state is affected by any existing EFM-OAM protocol fault condition.

Default

no ignore-efm-state

Platforms

All

Context

[Tree] (config>service>epipe ignore-l2vpn-mtu-mismatch)

Full Context

configure service epipe ignore-l2vpn-mtu-mismatch

Description

This command enables the router to bring up a BGP-VPWS service regardless of any MTU mismatch. The router does not check the value of the Layer 2 MTU in the Layer2 Info Extended Community received in a BGP update message against the local service MTU or locally signaled MTU.

The no form of this command disables the functionality. When this command is disabled, the router does not bring up a BGP-VPWS service if an MTU mismatch occurs.

Default

no ignore-l2vpn-mtu-mismatch

Platforms

All

Context

[Tree] (config>service>vpls ignore-l2vpn-mtu-mismatch)

Full Context

configure service vpls ignore-l2vpn-mtu-mismatch

Description

This command enables the router to bring up a VPLS service, regardless of any MTU mismatch. The router does not check the value of the Layer 2 MTU in the Layer 2 Info Extended Community received in a BGP update message or the value of the MTU interface parameter received in a LDP label mapping message against the local service MTU or locally signaled MTU.

The no form of this command disables the functionality. When this functionality is disabled, the router does not bring up a VPLS service if an MTU mismatch occurs.

Default

no ignore-l2vpn-mtu-mismatch

Platforms

All

Context

[Tree] (config>service>vprn>isis ignore-lsp-errors)

[Tree] (config>router>isis ignore-lsp-errors)

Full Context

configure service vprn isis ignore-lsp-errors

configure router isis ignore-lsp-errors

Description

This command specifies that for this VPRN instance, ISIS will ignore LSP packets with errors. When enabled, IS-IS LSP errors will be ignored and the associated record will not be purged.

This command enables ISIS to ignore the ATT bit and therefore suppress the installation of default routes.

The no form of this command specifies that ISIS will not ignore LSP errors.

Platforms

All

Context

[Tree] (config>filter>ipv6-filter>entry>action ignore-match)

[Tree] (config>filter>ip-filter>entry>action ignore-match)

[Tree] (config>filter>mac-filter>entry>action ignore-match)

Full Context

configure filter ipv6-filter entry action ignore-match

configure filter ip-filter entry action ignore-match

configure filter mac-filter entry action ignore-match

Description

This command sets the filter entry action to ignore-match, as a result this filter entry is ignored and not programmed in hardware.

Platforms

All

Context

[Tree] (config>service>vprn>dhcp>server>failover ignore-mclt-on-takeover)

[Tree] (config>router>dhcp6>server>failover ignore-mclt-on-takeover)

[Tree] (config>service>vprn>dhcp6>server>failover ignore-mclt-on-takeover)

[Tree] (config>router>dhcp>server>pool>failover ignore-mclt-on-takeover)

[Tree] (config>router>dhcp>server>failover ignore-mclt-on-takeover)

[Tree] (config>router>dhcp6>server>pool>failover ignore-mclt-on-takeover)

[Tree] (config>service>vprn>dhcp>server>pool>failover ignore-mclt-on-takeover)

[Tree] (config>service>vprn>dhcp6>server>pool>failover ignore-mclt-on-takeover)

Full Context

configure service vprn dhcp local-dhcp-server failover ignore-mclt-on-takeover

configure router dhcp6 local-dhcp-server failover ignore-mclt-on-takeover

configure service vprn dhcp6 local-dhcp-server failover ignore-mclt-on-takeover

configure router dhcp server pool failover ignore-mclt-on-takeover

configure router dhcp local-dhcp-server failover ignore-mclt-on-takeover

configure router dhcp6 server pool failover ignore-mclt-on-takeover

configure service vprn dhcp local-dhcp-server pool failover ignore-mclt-on-takeover

configure service vprn dhcp6 local-dhcp-server pool failover ignore-mclt-on-takeover

Description

With this flag enabled, the remote IP address or prefix can be taken over immediately upon entering the PARTNER-DOWN state of the intercommunication link, without having to wait for the Maximum Client Lead Time (MCLT) to expire. By setting this flag, the lease times of the existing DHCP clients, while the intercommunication link is in the PARTNER-DOWN state, will still be reduced to the MCLT over time and all new lease times are set to MCLT. This behavior remains the same as originally intended for MCLT.

Some deployments require that the remote IP address/prefix range starts delegating new IP addresses and prefixes upon the failure of the intercommunication link, without waiting for the intercommunication link to transition from the COMM-INT state into the PARTNER-DOWN state and the MCLT to expire while in PARTNER-DOWN state.

This can be achieved by enabling the ignore-mclt-on-takeover flag and by configuring the partner-down-delay to 0.

Enabling this functionality must be exercised with caution. One needs to keep in mind that the partner-down-delay and MCLT timers were originally introduced to prevent IP address duplication in cases where DHCP redundant nodes transition out-of-sync due to the failure of intercommunication link. These timers ( partner-down-delay and MCLT) would ensure that during their duration, the new IP addresses and prefixes are delegated only from one node, the one with local IP address-range/prefix. This causes the new IP address delegation to be delayed and the service is impacted.

If it can be assured that the intercommunication link is always available, then the DHCP nodes would stay in sync and the two timers would not be needed. Therefore, it is important that in this mode of operation, the intercommunication link is well protected by providing multiple paths between the two DHCP nodes. The only event that should cause intercommunication link to fail is the entire nodal failure. This failure is acceptable since in this case only one DHCP node is available to provide new IP addresses and prefixes.

The no form of this command reverts to the default.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vpls>bgp-evpn ignore-mtu-mismatch)

Full Context

configure service vpls bgp-evpn ignore-mtu-mismatch

Description

This command enables the system to ignore the received Layer 2 MTU in the L2 attributes extended community of the IMET route for a peer.

The no form of this command configures the system to compare the local service MTU against the received Layer 2 MTU and if there is a mismatch, keep the EVPN destination to the peer with operational state down.

Default

no ignore-mtu-mismatch

Platforms

All

Context

[Tree] (config>service>vprn>isis ignore-narrow-metric)

Full Context

configure service vprn isis ignore-narrow-metric

Description

This command specifies that IS-IS ignores links with narrow metrics when wide-metrics support has been enabled.

The no form of this command specifies that IS-IS does not ignore these links.

Platforms

All

Context

[Tree] (config>router>isis ignore-narrow-metric)

Full Context

configure router isis ignore-narrow-metric

Description

This command specifies that IS-IS will ignore links with narrow metrics when wide-metrics support has been enabled.

The no form of this command specifies that IS-IS will not ignore these links.

Platforms

All

Context

[Tree] (config>service>vprn ignore-nh-metric)

[Tree] (config>router>bgp>best-path-selection ignore-nh-metric)

[Tree] (config>service>vprn>bgp>best-path-selection ignore-nh-metric)

Full Context

configure service vprn ignore-nh-metric

configure router bgp best-path-selection ignore-nh-metric

configure service vprn bgp best-path-selection ignore-nh-metric

Description

This command instructs BGP to disregard the resolved distance to the BGP next-hop in its decision process for selecting the best route to a destination. When configured in the config>router>bgp>best-path-selection context, this command applies to the comparison of two BGP routes with the same NLRI learned from base router BGP peers. When configured in the config>service>vprn context, this command applies to the comparison of two BGP-VPN routes for the same IP prefix imported into the VPRN from the base router BGP instance. When configured in the config>service>vprn>bgp>best-path-selection context, this command applies to the comparison of two BGP routes for the same IP prefix learned from VPRN BGP peers.

The no form of this command (no ignore-nh-metric) restores the default behavior whereby BGP factors distance to the next-hop into its decision process.

Default

no ignore-nh-metric

Platforms

All

Context

[Tree] (config>service>epipe>sap ignore-oper-down)

Full Context

configure service epipe sap ignore-oper-down

Description

This command enables the ability to ignore the operationally down status for service oper state calculation. An Epipe service does not transition to Oper State: Down when a SAP fails and when this optional command is configured under that specific SAP. Only a single SAP in an Epipe may have this optional command included. The command can be used in Epipes with or without EVPN enabled.

The no form of this command disables whether a service ignores the operationally down state of the SAP.

Default

no ignore-oper-down

Platforms

All

Context

[Tree] (config>router>dhcp6>server ignore-rapid-commit)

[Tree] (config>service>vprn>dhcp6>server ignore-rapid-commit)

Full Context

configure router dhcp6 local-dhcp-server ignore-rapid-commit

configure service vprn dhcp6 local-dhcp-server ignore-rapid-commit

Description

This command enables the Rapid Commit Option for DHCP6.

The no form of this command disables the Rapid Commit Option.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>router>bgp>srv6>family ignore-received-srv6-tlvs)

Full Context

configure router bgp segment-routing-v6 family ignore-received-srv6-tlvs

Description

This command specifies that SRv6 TLVs are ignored when present in received routes of the associated family. In this case the route resolution is only based on the BGP next hop.

The no form of this command specifies that the SRv6 TLV is processed when a route of the family is received with a prefix SID attribute carrying an SRv6 TLV. In this case, a route is resolved only if both its BGP next hop and the locator prefix are reachable. The datapath programming and IGP cost to reach the next hop (used by the BGP decision process) is based on the route to the locator prefix.

Default

ignore-received-srv6-tlvs

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

Context

[Tree] (config>service>vprn>bgp>best-path-selection ignore-router-id)

[Tree] (config>router>bgp>best-path-selection ignore-router-id)

Full Context

configure service vprn bgp best-path-selection ignore-router-id

configure router bgp best-path-selection ignore-router-id

Description

When the ignore-router-id command is present, and the current best path to a destination was learned from EBGP peer X with BGP identifier x and a new path is received from EBGP peer Y with BGP identifier y, the best path remains unchanged if the new path is equivalent to the current best path up to the BGP identifier comparison – even if y is less than x.

The no form of this command restores the default behavior of selecting the route with the lowest BGP identifier (y) as best.

Default

no ignore-router-id

Parameters

family

Specifies up to two internal families to be included in this configuration.

Values

mvpn-ipv4, mvpn-ipv6

include-internal

Specifies to ignore the router ID value even when comparing two IGBP paths or an EBGP and an IBGP path.

Platforms

All

Context

[Tree] (config>service>vpls>spoke-sdp ignore-standby-signaling)

[Tree] (config>service>vpls>endpoint ignore-standby-signaling)

Full Context

configure service vpls spoke-sdp ignore-standby-signaling

configure service vpls endpoint ignore-standby-signaling

Description

When this command is enabled, the node ignores the standby-bit received from the TLDP peers for the specific spoke-SDP and performs internal tasks without taking it into account.

This command is present at the endpoint level and the spoke-SDP level. If the spoke-SDP is part of the explicit-endpoint, this setting cannot be changed at the spoke-SDP level. The existing spoke-SDP will become part of the explicit-endpoint only if the setting is not conflicting. The newly created spoke-SDP, which is a part of the specified explicit-endpoint, will inherit this setting from the endpoint configuration.

Default

no ignore-standby-signaling

Platforms

All

Context

[Tree] (config>router>nat>inside>nat64 ignore-tos)

[Tree] (config>service>vprn>nat>inside>nat64 ignore-tos)

Full Context

configure router nat inside nat64 ignore-tos

configure service vprn nat inside nat64 ignore-tos

Description

This command specifies whether the IPv4 ToS is ignored and the IPv6 traffic class bits set to zero.

When disabled, the system copies the IPv4 ToS into the IPv6 traffic class.

The no form of the command recognizes the IPv4 ToS.

Default

disabled

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>oam-pm>session>ip>tunnel>mpls>sr-ospf igp-instance)

[Tree] (config>oam-pm>session>ip>tunnel>mpls>sr-isis igp-instance)

[Tree] (config>oam-pm>session>ip>tunnel>mpls>sr-ospf3 igp-instance)

Full Context

configure oam-pm session ip tunnel mpls sr-ospf igp-instance

configure oam-pm session ip tunnel mpls sr-isis igp-instance

configure oam-pm session ip tunnel mpls sr-ospf3 igp-instance

Description

This command configures the IGP instance to tunnel IP packets for the session test.

Default

igp-instance 0

Parameters

igp-instance

Specifies the IGP instance used to tunnel packets for the session.

Values

isis-inst	0 to 127
ospf-inst	0 to 31
ospf3-inst	0 to 31,64 to 95

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>anysec>tnl-enc>enc-grp>peer-tnl-attrs igp-instance-id)

Full Context

configure anysec tunnel-encryption encryption-group peer-tunnel-attributes igp-instance-id

Description

This command configures the IGP instance ID. This ID must be a match for the outgoing tunnel. This IGP instance ID should match the IGP instance the LSP is being signaled on in order for ANYsec to encrypt the LSP.

Default

igp-instance-id 0

Parameters

igp-instance

Specifies the IGP instance used to tunnel packets for the session.

Values

isis-inst	0 to 127
ospf-inst	0 to 31
ospf3-inst	64 to 95

Platforms

7750 SR-1-24D, 7750 SR-1-46S, 7750 SR-1-48D, 7750 SR-1-92S, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-1se

Context

[Tree] (config>anysec>tnl-enc>sec-term-pol igp-instance-id)

Full Context

configure anysec tunnel-encryption security-termination-policy igp-instance-id

Description

This command configures the IGP instance ID. This IGP instance ID must match the IGP instance that the incoming encrypted LSP was signaled on.

Default

igp-instance-id 0

Parameters

igp-instance

Specifies the IGP instance used to tunnel packets for the session.

Values

isis-inst	0 to 127
ospf-inst	0 to 31
ospf3-inst	64 to 95

Platforms

7750 SR-1-24D, 7750 SR-1-46S, 7750 SR-1-48D, 7750 SR-1-92S, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-1se

Context

[Tree] (config>router>mpls>lsp-template igp-shortcut)

[Tree] (config>router>mpls>lsp igp-shortcut)

Full Context

configure router mpls lsp-template igp-shortcut

configure router mpls lsp igp-shortcut

Description

This command enables the use of a specific RSVP LSP by IS-IS and OSPF routing protocols as a shortcut or as a forwarding adjacency for resolving IGP routes.

When the igp-shortcut or the advertise-tunnel-link option is enabled at the IGP instance level, all RSVP LSPs originating on this node are eligible by default as long as the destination address of the LSP, as configured in config>router>mpls>lsp>to, corresponds to a router-id of a remote node.

The lfa-protect option allows an LSP to be included in both the main SPF and the Loop-Free Alternate (LFA) SPF. For a given prefix, the LSP can be used either as a primary next-hop or as an LFA next-hop, but not both. If the main SPF computation selected a tunneled primary next-hop for a prefix, the LFA SPF will not select an LFA next-hop for this prefix and the protection of this prefix will rely on the RSVP LSP FRR protection. If the main SPF computation selected a direct primary next-hop, then the LFA SPF will select an LFA next-hop for this prefix but will prefer a direct LFA next-hop over a tunneled LFA next-hop.

The lfa-only option allows an LSP to be included in the LFA SPF only such that the introduction of IGP shortcuts does not impact the main SPF decision. For a given prefix, the main SPF always selects a direct primary next-hop. The LFA SPF selects an LFA next-hop for this prefix but will prefer a direct LFA next-hop over a tunneled LFA next-hop.

When the relative-metric option is enabled, IGP will apply the shortest IGP cost between the endpoints of the LSP plus the value of the offset (instead of the LSP operational metric) when computing the cost of a prefix which is resolved to the LSP. The offset value is optional and it defaults to zero. The minimum net cost for a prefix is one (1) after applying the offset. The TTM continues the show the LSP operational metric as provided by MPLS. In other words, applications such as LDP-over-RSVP (when IGP shortcut is disabled) and BGP and static route shortcuts will continue to use the LSP operational metric.

The relative-metric option is mutually exclusive with the lfa-protect or the lfa-only options. In other words, an LSP with the relative-metric option enabled cannot be included in the LFA SPF, and vice-versa, when the igp-shortcut option is enabled in the IGP.

Finally, the relative-metric option is ignored when forwarding adjacency is enabled in IS-IS or OSPF. In this case, IGP advertises the LSP as a point-to-point unnumbered link along with the LSP operational metric as returned by MPLS and capped to maximum link metric allowed in that IGP. Both the main SPF and the LFA SPFs will use the local IGP database to resolve the routes.

When the router performs local SPF, the SR-TE LSP is used as an eligible IGP shortcut for SRv4 or SRv6 only if the LSP is explicitly allowed using the allow-sr-over-srte option when the top SID in the SR-TE LSP is an adjacency SID.

The no form of this command disables the use of a specific RSVP LSP by IS-IS and OSPF routing protocols as a shortcut or a forwarding adjacency for resolving IGP routes.

Default

igp-shortcut. All RSVP LSPs originating on this node are eligible by default as long as the destination address of the LSP corresponds to a router-id of a remote node.

Parameters

lfa-protect

Specifies an LSP is included in both the main SPF and the LFA SPF.

lfa-only

Specifies an LSP is included in the LFA SPF only.

relative-metric [offset]

Specifies the shortest IGP cost between the endpoints of the LSP plus the configured offset, instead of the LSP operational metric returned by MPLS, is used when calculating the cost of prefix resolved to this LSP. The offset parameter is an integer and is optional. An offset value of zero is used when the relative-metric option is enabled without specifying the offset parameter value.

Values

[-10, +10]

allow-sr-over-srte

Specifies that the LSP or LSP template is eligible as an IGP shortcut.

Platforms

All

Context

[Tree] (config>router>isis igp-shortcut)

Full Context

configure router isis igp-shortcut

Description

This command enables the use of an RSVP-TE or SR-TE shortcut for resolving IGP routes by OSPF or IS-IS routing protocols.

This command instructs IGP to include RSVP LSPs and SR-TE LSPs originating on this node and terminating on the router ID of a remote node as direct links with a metric equal to the metric provided by MPLS.

During the IP reach calculation to determine the reachability of nodes and prefixes, LSPs are overlaid and the LSP metric is used to determine the subset of paths that are equal lowest cost to reach a node or a prefix. If the user enabled the relative-metric option for this LSP, IGP will apply the shortest IGP cost between the endpoints of the LSP plus the value of the offset, instead of the LSP operational metric, when computing the cost of a prefix that is resolved to the LSP.

When a prefix is resolved to a tunnel next-hop, the packet is sent labeled with the label stack corresponding to the NHLFE of the RSVP-TE or SR-TE LSP, as well as the explicit-null IPv6 label at the bottom of the stack in the case of an IPv6 prefix. Any network event causing one or more IGP shortcuts to go down will trigger a full SPF computation, which may result in installing a new route over an updated set of tunnel next-hops and IP next-hops.

When igp-shortcut is enabled at the IGP instance level, all RSVP-TE and SR-TE LSPs originating on this node are eligible by default as long as the destination address of the LSP, as configured in config>router>mpls>lsp>to, corresponds to a router ID of a remote node. LSPs with a destination corresponding to an interface address or any other loopback interface address of a remote node are automatically not considered by IGP. The user can, however, exclude a specific RSVP-TE or SR-TE LSP from being used as a shortcut for resolving IGP routes by entering the config>router>mpls>lsp>no igp-shortcut command.

The SPF in IGP only uses RSVP LSPs as forwarding adjacencies, IGP shortcuts, or as endpoints for LDP-over-RSVP. These applications of RSVP LSPs are mutually exclusive at the IGP instance level. If two or more options are enabled in the same IGP instance, then forwarding adjacency takes precedence over the shortcut application, which takes precedence over the LDP-over-RSVP application.

The SPF in IGP uses SR-TE LSPs as IGP shortcuts only.

When ECMP is enabled on the system and multiple equal-cost paths exist for a prefix, the following selection criteria are used to pick up the set of tunnel and IP next-hops to program in the data path.

• Where a destination is a tunnel-endpoint (including external prefixes with tunnel-endpoint as the next-hop), the tunnel with lowest tunnel-index is selected (the IP next-hop is never used in this case).

• Where a destination is not a tunnel-endpoint:

  • LSPs with metric higher than underlying IGP cost between the endpoint of the LSP are excluded

  • Tunnel next-hops are preferred over IP next-hops

  • Within tunnel next-hops, the following priority applies to selection:

    1. The lowest endpoint-to-destination cost is selected

    2. If the endpoint-to-destination costs are the same, the lowest endpoint node router ID is selected

    3. If the router IDs are the same, the lowest tunnel index is selected

  • Within IP next-hops, the following priority applies to selection:

    1. The lowest downstream router ID is selected

    2. If the downstream router IDs are the same, the lowest interface-index is selected

When both RSVP-TE and SR-TE IGP shortcuts are available, the IP reach calculation, in the unicast routing table, will first follow the above ECMP tunnel and IP next-hop selection rules when resolving a prefix over IGP shortcuts. After the set of ECMP tunnel and IP next-hops have been selected, the preference of tunnel type is then applied based on the user setting for prefix family resolution. If the user enabled resolution of the prefix family to both RSVP-TE and SR-TE tunnel types, the TTM tunnel preference value is used to select one type for the prefix. In other words, an RSVP-TE LSP type is preferred to an SR-TE LSP type on a per-prefix basis.

The ingress IOM sprays the packets for this prefix over the set of tunnel next-hops and IP next-hops based on the hashing routine currently supported for IPv4 packets.

This feature provides IGP with the capability to populate the multicast RTM with the prefix IP next-hop when both the igp-shortcut and the multicast-import options are enabled in IGP. The unicast RTM can still use the tunnel next-hop for the same prefix. The SPF keeps track of both the direct first hop and the tunneled first hop of a node, which is added to the Dijkstra tree.

Platforms

All

Context

[Tree] (config>router>ospf igp-shortcut)

[Tree] (config>router>ospf3 igp-shortcut)

Full Context

configure router ospf igp-shortcut

configure router ospf3 igp-shortcut

Description

This command enables the use of an RSVP-TE or SR-TE shortcut for resolving IGP routes by OSPF or IS-IS routing protocols.

This command instructs IGP to include RSVP LSPs and SR-TE LSPs originating on this node and terminating on the router ID of a remote node as direct links with a metric equal to the metric provided by MPLS.

During the IP reach calculation to determine the reachability of nodes and prefixes, LSPs are overlaid and the LSP metric is used to determine the subset of paths that are equal lowest cost to reach a node or a prefix. If the user enabled the relative-metric option for this LSP, IGP will apply the shortest IGP cost between the endpoints of the LSP plus the value of the offset, instead of the LSP operational metric, when computing the cost of a prefix that is resolved to the LSP.

When a prefix is resolved to a tunnel next hop, the packet is sent labeled with the label stack corresponding to the NHLFE of the RSVP-TE or SR-TE LSP, as well as the explicit-null IPv6 label at the bottom of the stack in the case of an IPv6 prefix. Any network event causing one or more IGP shortcuts to go down will trigger a full SPF computation, which may result in installing a new route over an updated set of tunnel next-hops and IP next-hops.

When igp-shortcut is enabled at the IGP instance level, all RSVP-TE and SR-TE LSPs originating on this node are eligible by default as long as the destination address of the LSP, as configured in config>router>mpls>lsp>to, corresponds to a router ID of a remote node. LSPs with a destination corresponding to an interface address or any other loopback interface address of a remote node are automatically not considered by IGP. The user can, however, exclude a specific RSVP-TE or SR-TE LSP from being used as a shortcut for resolving IGP routes by entering the config>router>mpls>lsp>no igp-shortcut command.

The SPF in IGP only uses RSVP LSPs as forwarding adjacencies, IGP shortcuts, or as endpoints for LDP-over-RSVP. These applications of RSVP LSPs are mutually exclusive at the IGP instance level. If two or more options are enabled in the same IGP instance, then forwarding adjacency takes precedence over the shortcut application, which takes precedence over the LDP-over-RSVP application.

The SPF in IGP uses SR-TE LSPs as IGP shortcuts only.

When ECMP is enabled on the system and multiple equal-cost paths exist for a prefix, the following selection criteria are used to pick up the set of tunnel and IP next-hops to program in the data path.

• Where a destination is a tunnel-endpoint (including external prefixes with tunnel-endpoint as the next hop), the tunnel with lowest tunnel-index is selected (the IP next hop is never used in this case).

• Where a destination is not a tunnel-endpoint:

  • LSPs with metric higher than underlying IGP cost between the endpoint of the LSP are excluded

  • Tunnel next-hops are preferred over IP next-hops

  • Within tunnel next-hops:

    1. The lowest endpoint-to-destination cost is selected

    2. If the endpoint-to-destination costs are the same, the lowest endpoint node router ID is selected

    3. If the router IDs are the same, the lowest tunnel index is selected

  • Within IP next-hops:

    1. The lowest downstream router ID is selected

    2. If the downstream router IDs are the same, the lowest interface-index is selected

When both RSVP-TE and SR-TE IGP shortcuts are available, the IP reach calculation, in the unicast routing table, will first follow the above ECMP tunnel and IP next hop selection rules when resolving a prefix over IGP shortcuts. After the set of ECMP tunnel and IP next-hops have been selected, the preference of tunnel type is then applied based on the user setting of the resolution of the family of the prefix. If the user enabled resolution of the prefix family to both RSVP-TE and SR-TE tunnel types, the TTM tunnel preference value is used to select one type for the prefix. In other words, the RSVP-TE LSP type is preferred to an SR-TE LSP type on a per-prefix basis.

The ingress IOM sprays the packets for this prefix over the set of tunnel next-hops and IP next-hops based on the hashing routine currently supported for IPv4 packets.

This feature provides IGP with the capability to populate the multicast RTM with the prefix IP next hop when both the igp-shortcut and the multicast-import options are enabled in IGP. The unicast RTM can still make use of the tunnel next hop for the same prefix. This change is made possible with the enhancement by which SPF keeps track of both the direct first hop and the tunneled first hop of a node which is added to the Dijkstra tree.

Platforms

All

Context

[Tree] (config>service>vprn>isis iid-tlv-enable)

Full Context

configure service vprn isis iid-tlv-enable

Description

This command enables IS-IS multi-instance (MI) as described in draft-ietf-isis-mi-02. Multiple instances allow instance-specific adjacencies to be formed that support multiple network topologies on the same physical interfaces. Each instance has an LSDB, and each PDU contains a TLV identifying the instance and the topology to which the PDU belongs.

The iid-tlv-enable (based on draft-ietf-isis-mi-02) and standard-multi-instance (based on draft-ginsberg-isis-mi-bis-01) commands cannot be configured in the same instance, because the MAC addresses and PDUs in each standard are incompatible.

Default

no iid-tlv-enable

Platforms

All

Context

[Tree] (config>router>isis iid-tlv-enable)

Full Context

configure router isis iid-tlv-enable

Description

This command enables IS-IS multi-instance (MI) as described in draft-ietf-isis-mi-02. Multiple instances allows the formation of instance-specific adjacencies that support multiple network topologies on the same physical interfaces. Each instance has an LSDB, and each PDU contains a TLV that identifies the instance and the topology to which the PDU belongs.

The iid-tlv-enable (based on draft-ietf-isis-mi-02) and standard-multi-instance (based on draft-ginsberg-isis-mi-bis-01) commands cannot be configured in the same instance, because the MAC addresses and PDUs in each standard are incompatible.

The no form of this command disables IS-IS MI.

Platforms

All

Context

[Tree] (config>ipsec>ike-transform ike-auth-algorithm)

Full Context

configure ipsec ike-transform ike-auth-algorithm

Description

This command specifies the IKE authentication algorithm for the IKE transform

Default

ike-auth-algorithm sha1

Parameters

auth-algorithm

Specifies the values used to identify the hashing algorithm

Values

md5 — Configures the use of the hmac-md5 algorithm for authentication

sha1 — Configures the use of the hmac-sha1 algorithm for authentication

sha256 — Configures the use of the hmac-sha256 algorithm for authentication.

sha384 — Configures the use of the hmac-sha384 algorithm for authentication

sha512 — Configures the use of the hmac-sha512 algorithm for authentication.

aes-xcbc — Configures the use of aes-xcbc (RFC 3566, The AES-XCBC-MAC-96 Algorithm and Its Use With IPsec) algorithm for authentication.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>ipsec>ike-transform ike-encryption-algorithm)

Full Context

configure ipsec ike-transform ike-encryption-algorithm

Description

This command specifies the IKE encryption algorithm to be used in the IKE transform instance.

Default

ike-encryption-algorithm aes128

Parameters

encryption-algorithm

Specifies the IKE encryption algorithm.

Values

des — Configures the 56-bit des algorithm for encryption. This is an older algorithm with relatively weak security. While better than nothing, it should only be used where a strong algorithm is not available on both ends at an acceptable performance level.

3des — Configures the 3-des algorithm for encryption. This is a modified application of the des algorithm which uses multiple des operations to make information more secure.

aes128 — Configures the aes algorithm with a block size of 128 bits. This is a mandatory implementation size for aes. This is a very strong algorithm choice.

aes192 — Configures the aes algorithm with a block size of 192 bits. This is a stronger version of aes.

aes256 — Configures the aes algorithm with a block size of 256 bits. This is the strongest available version of aes.

aes128-gcm8 - Configures ESP to use aes-gcm with a 128-bit key size and an 8-byte ICV for encryption and authentication.

aes128-gcm16 - Configures ESP to use aes-gcm with a 128-bit key size and a 16-byte ICV for encryption and authentication.

aes256-gcm8 - Configures ESP to use aes-gcm with a 256-bit key size and an 8-byte ICV for encryption and authentication.

aes256-gcm16 - This parameter configures ESP to use aes-gcm with a 256-bit key size and a 16-byte ICV for encryption and authentication.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>ipsec>ike-policy ike-mode)

Full Context

configure ipsec ike-policy ike-mode

Description

This command specifies one of either two modes of operation. IKE version 1 can support main mode and aggressive mode. The difference lies in the number of messages used to establish the session.

The no form of this command reverts to the default.

Default

no ike-mode

Parameters

main

Specifies identity protection for the hosts initiating the IPsec session. This mode takes slightly longer to complete.

aggressive

Specifies that the aggressive mode provides no identity protection but is faster.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>ipsec ike-policy)

Full Context

configure ipsec ike-policy

Description

Commands in this context configure an IKE policy.

The no form of this command

Parameters

ike-policy-id

Specifies a policy ID value to identify the IKE policy.

Values

1 to 2048

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>router>if>ipsec>ipsec-tunnel>dyn ike-policy)

[Tree] (config>service>ies>if>ipsec>ipsec-tunnel>dyn ike-policy)

[Tree] (config>service>vprn>if>ipsec>ipsec-tunnel>dyn ike-policy)

[Tree] (config>service>ies>if>sap>ipsec-gw ike-policy)

[Tree] (config>service>vprn>if>sap>ipsec-gw ike-policy)

[Tree] (config>ipsec>trans-mode-prof>dyn ike-policy)

Full Context

configure router interface ipsec ipsec-tunnel dynamic-keying ike-policy

configure service ies interface ipsec ipsec-tunnel dynamic-keying ike-policy

configure service vprn interface ipsec ipsec-tunnel dynamic-keying ike-policy

configure service ies interface sap ipsec-gw ike-policy

configure service vprn interface sap ipsec-gw ike-policy

configure ipsec ipsec-transport-mode-profile dynamic-keying ike-policy

Description

This command specifies the ID of the IKE policy used for IKE negotiation.

The no form of this command removes the IKE policy ID from the configuration.

Parameters

ike-policy-id

Specifies the IKE policy ID.

Values

1 to 2048

Platforms

VSR

• configure service vprn interface ipsec ipsec-tunnel dynamic-keying ike-policy
• configure router interface ipsec ipsec-tunnel dynamic-keying ike-policy
• configure service ies interface ipsec ipsec-tunnel dynamic-keying ike-policy

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

• configure ipsec ipsec-transport-mode-profile dynamic-keying ike-policy
• configure service ies interface sap ipsec-gw ike-policy
• configure service vprn interface sap ipsec-gw ike-policy

Context

[Tree] (config>ipsec>ike-transform ike-prf-algorithm)

Full Context

configure ipsec ike-transform ike-prf-algorithm

Description

This command specifies the PRF algorithm to use for IKE security association.

Default

ike-prf-algorithm same-as-auth

Parameters

md5

This parameter configures IKE to use the hmac-md5 algorithm for PRF.

sha1

This parameter configures IKE to use the hmac-sha1 algorithm for PRF.

sha256

This parameter configures IKE to use the hmac-sha256 algorithm for PRF.

sha384

This parameter configures IKE to use the hmac-sha384 algorithm for PRF.

sha512

This parameter configures IKE to use the hmac-sha512 algorithm for PRF.

aes-xcbc

This parameter configures IKE to use the aes128-xcbc algorithm for PRF.

same-as-auth

This parameter configures the same algorithm as IKE authentication algorithm.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>ipsec>ike-policy ike-transform)

Full Context

configure ipsec ike-policy ike-transform

Description

This command specifies the IKE transform to be used in the IKE policy. Up to four IKE transforms can be specified. If multiple IDs are specified, the system selects an IKE transform based on the peer's proposal. If the system is a tunnel initiator, it uses the configured IKE transform to generate the SA payload.

Default

no ike-transform

Parameters

ike-transform-id

Specifies up to four existing IKE transform instances to be associated with this IKE policy.

Values

1 to 4096

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>ipsec ike-transform)

Full Context

configure ipsec ike-transform

Description

This commands creates a new or enters an existing IKE transform instance. The IKE transform include following configuration for IKE SA:

• DH Group

• IKE authentication algorithm

• IKE encryption algorithm

• IKE SA lifetime

The ike-transform-id is referenced in the ike-policy configuration.

Parameters

ike-transform

Specifies a number used to uniquely identify an IKE transform instance.

Values

1 to 4096

create

Keyword used to create the ike-transform instance. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>ipsec>ike-policy ike-version)

Full Context

configure ipsec ike-policy ike-version

Description

This command sets the IKE version (1 or 2) that the ike-policy will use.

Default

ike-version 1

Parameters

1 | 2

Specifies the version of IKE protocol.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>ipsec>ike-policy ikev1-ph1-responder-delete-notify)

Full Context

configure ipsec ike-policy ikev1-ph1-responder-delete-notify

Description

This command specifies the system, when deleting an IKEv1 phase 1 SA for which it was the responder, to send a delete notification to the peer. This command only applies when the configured ike-version 1. This command is ignored with IKE version 2.

The no form of this command reverts to the default.

Default

ikev1-ph1-responder-delete-notify

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>ipsec>ike-policy ikev2-fragment)

Full Context

configure ipsec ike-policy ikev2-fragment

Description

This command enables IKEv2 protocol level fragmentation (RFC 7383). The specified MTU is the maximum size of IKEv2 packet.

Default

no ikev2-fragment

Parameters

octets

Specifies the MTU for IKEv2 messages.

Values

512 to 9000

seconds

Specifies the timeout for reassembly.

Values

1 to 5

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (admin>system>security image-digital-signature-validate)

Full Context

admin system security image-digital-signature-validate

Description

This command validates the digital signature of the following software image files located at the specified URL: cpm.tim, both.tim, iom.tim, boot.ldr, support.tim, kernel.tim, hypervisor.tim, isa-aa.tim.

The signatures.txt file must be present in the same folder as the preceding files. To ensure the signatures.txt file is present on both the active and standby CF, see "DS upgrade procedure" in the 7450 ESS, 7750 SR, 7950 XRS, and VSR Basic System Configuration Guide.

Parameters

file-url

Specifies the URL of the software image location, up to 256 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>subscr-mgmt>auth-plcy>include-radius-attribute imei)

[Tree] (config>subscr-mgmt>acct-plcy>include-radius-attribute imei)

Full Context

configure subscriber-mgmt authentication-policy include-radius-attribute imei

configure subscriber-mgmt radius-accounting-policy include-radius-attribute imei

Description

This command enables the inclusion of the IMEI in AA protocols as signaled in the incoming GTP setup message.

The no form of this command disables the inclusion of the attribute.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>diam-appl-plcy>nasreq>include-avp imei)

Full Context

configure subscriber-mgmt diameter-application-policy nasreq include-avp imei

Description

This command enables the inclusion of the IMEI AVP, as signaled in the incoming GTP setup message.

The no form of this command disables the inclusion of the AVP.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>auto-sub-id-key implicit-generation)

Full Context

configure subscriber-mgmt auto-sub-id-key implicit-generation

Description

By default, the system automatically generates a subscriber identifier, using the characters A to Z and 0 to 9, that is used when a subscriber ID is not provided during the authentication of a subscriber host or session and when no explicit default def-sub-id is configured at the SAP or in the MSAP policy.

A subscriber ID obtained from authentication sources can conflict with the format of an implicit, automatically generated subscriber ID. When this happens, the subscriber host or session setup fails and generates the following message: "Non auto-generated sub-id 4574233754 with an auto sub-id format not allowed”. Therefore, when implicit subscriber ID generation is enabled (the default behavior), a 10-character string containing characters A to Z and 0 to 9 should not be returned from authentication sources.

The no form of this command disables the implicit automatic generation of subscriber IDs. When a subscriber ID is not provided in authentication and no explicit def-sub-id is configured, then the host or session setup fails and generates the following message: "Missing subscriber id”. A 10-character (A to Z and 0 to 9) subscriber ID format can be returned from authentication sources without the risk of conflicts.

Disabling the implicit automatic generation of subscriber IDs fail when there are active subscribers with an implicit automatically generated subscriber ID.

Enabling the implicit automatic generation of subscriber IDs fails when there are active subscribers.

Default

implicit-generation

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>router>ldp implicit-null-label)

Full Context

configure router ldp implicit-null-label

Description

This command enables the use of the implicit null label. Use this command to signal the implicit null option for all LDP FECs for which this node is the egress LER.

The no form of this command disables the signaling of the implicit null label.

Default

no implicit-null-label

Platforms

All

Context

[Tree] (config>router>rsvp implicit-null-label)

Full Context

configure router rsvp implicit-null-label

Description

This command enables the use of the implicit null label.

Signaling the IMPLICIT NULL label value for all RSVP LSPs can be enabled for which this node is the egress LER. RSVP must be shut down before being able to change this configuration option.

The egress LER does not signal the implicit null label value on P2MP RSVP LSPs. However, the Penultimate Hop Popping (PHP) node can honor a Resv message with the label value set to the implicit null.

The no form of this command disables the signaling of the implicit null label.

Default

no implicit-null-label

Platforms

All

Context

[Tree] (config>router>rsvp>interface implicit-null-label)

Full Context

configure router rsvp interface implicit-null-label

Description

This command enables the use of the implicit null label over a specific RSVP interface.

All LSPs for which this node is the egress LER and for which the path message is received from the previous hop node over this RSVP interface will signal the implicit null label. This means that if the egress LER is also the merge-point (MP) node, then the incoming interface for the path refresh message over the bypass dictates if the packet will use the implicit null label or not. The same for a 1-to-1 detour LSP.

The user must shut down the RSVP interface before being able to change the implicit null configuration option.

The no form of this command returns the RSVP interface to use the RSVP level configuration value.

Default

no implicit-null-label

Parameters

enable

Enables the implicit null label.

disable

Disables the implicit null label.

Platforms

All

Context

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host>mld-parameters import)

[Tree] (config>subscr-mgmt>loc-user-db>ppp>host>mld-parameters import)

Full Context

configure subscriber-mgmt local-user-db ipoe host mld-parameters import

configure subscriber-mgmt local-user-db ppp host mld-parameters import

Description

This command configures an MLD import policy.

The LUDB allows a list of up to 14 MLD import policies per host. The MLD policy also allows the configuration of an additional import policy, providing a total of 15 MLD import policies per host. The import policy inside the MLD policy is always applied last, which determines if the list is a black list or a white list. To configure an MLD white list, the import policies in the LUDB should all be allowed or forward entries and the import policy in the MLD policy should have a default action to deny all. To configure a black list, the import policies inside the LUDB should drop entries and the MLD policy import policy default action should be to forward all. The 15 import policies can be configured to be a mixed white and black list. Since it is difficult to control the order of the import policies within the LUDB, it is recommended to provision the import policy inside the MLD policy first for deterministic behavior.

The no form of this command removes the specified import policy.

Parameters

policy-name

Specifies the MLD import policy, up to 32 characters, used to control the multicast group accessible for the subscriber host.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vpls>mesh-sdp>igmp-snooping import)

[Tree] (config>service>vpls>spoke-sdp>mld-snooping import)

[Tree] (config>service>vpls>spoke-sdp>igmp-snooping import)

[Tree] (config>service>vpls>mesh-sdp>mld-snooping import)

[Tree] (config>service>vpls>sap>igmp-snooping import)

[Tree] (config>service>vpls>sap>mld-snooping import)

Full Context

configure service vpls mesh-sdp igmp-snooping import

configure service vpls spoke-sdp mld-snooping import

configure service vpls spoke-sdp igmp-snooping import

configure service vpls mesh-sdp mld-snooping import

configure service vpls sap igmp-snooping import

configure service vpls sap mld-snooping import

Description

This command specifies the import routing policy to be used for IGMP packets to be used on this SAP or SDP. Only a single policy can be imported on a SAP at any time.

The no form of this command removes the policy association from the SAP or SDP.

Default

no import

Parameters

policy-name

Specifies the routing policy name. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters excluding double quotes. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes. Routing policies are configured in the config>router>policy-options context The router policy must be defined before it can be imported.

Platforms

All

Context

[Tree] (config>subscr-mgmt>bgp-prng-plcy import)

Full Context

configure subscriber-mgmt bgp-peering-policy import

Description

This command specifies the import policies to be used to control routes advertised to BGP neighbors. Route policies are configured in the config>router>policy-options context. When multiple policy names are specified, the policies are evaluated in the order they are specified. The first policy that matches is applied.

The no form of this command removes all route policy names from the import list.

Default

no import — BGP accepts all routes from configured BGP neighbors. Import policies can be used to limit or modify the routes accepted and their corresponding parameters and metrics.

Parameters

policy

Specifies route policy statement name, up to 32 characters. Up to five policies can be specified.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>igmp-policy import)

Full Context

configure subscriber-mgmt igmp-policy import

Description

This command specifies the import policy to filter IGMP packets.

The no form of this command reverts to the default value.

Parameters

policy-name

Specifies the policy name up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>msap-policy>igmp-host-tracking import)

Full Context

configure subscriber-mgmt msap-policy igmp-host-tracking import

Description

This command specifies the import routing policy to be used for IGMP packets to be used on this SAP or SDP. Only a single policy can be imported on a single SAP at any time.

The no form of this command removes the policy association from the SAP or SDP.

Parameters

policy-name

Specifies the routing policy name, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>msap-policy>vpls-only>igmp-snp import)

Full Context

configure subscriber-mgmt msap-policy vpls-only-sap-parameters igmp-snooping import

Description

This command specifies the import routing policy to be used for IGMP packets to be used on this SAP or SDP. Only a single policy can be imported on a single SAP at any time.

The no form of this command removes the policy association from the SAP or SDP.

Parameters

policy-name

Specifies the routing policy name. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters excluding double quotes. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes. Routing policies are configured in the config>router>policy-options context The router policy must be defined before it can be imported.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>mld-policy import)

Full Context

configure subscriber-mgmt mld-policy import

Description

This command specifies the import routing policy to be used. Only a single policy can be imported at a time.

The no form of this command removes the policy association.

Parameters

policy-name

Specifies the import policy name. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes. Routing policies are configured in the config>router>policy-options context The router policy must be defined before it can be imported.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vprn>sub-if>grp-if>sap>igmp-trk import)

Full Context

configure service vprn subscriber-interface group-interface sap igmp-host-tracking import

Description

This command specifies the import routing policy to be used for IGMP packets on this SAP or SDP. Only a single policy can be imported on a single SAP at any time.

The no form of this command removes the policy association from the SAP or SDP.

Parameters

policy-name

Specifies the routing policy name. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters excluding double quotes. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes. Routing policies are configured in the configure router policy-options context. The router policy must be defined before it can be imported.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vpls>sap>igmp-host-tracking import)

Full Context

configure service vpls sap igmp-host-tracking import

Description

This command associates an import policy to filter IGMP packets.

The no form of this command removes the values from the configuration.

Default

no import

Parameters

policy-name

Specifies the import policy name

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>ies>sub-if>grp-if>sap>igmp-host-tracking import)

Full Context

configure service ies subscriber-interface group-interface sap igmp-host-tracking import

Description

This command specifies the import routing policy to be used for IGMP packets to be used on this SAP. Only a single policy can be imported on a single SAP at any time.

The no form of this command removes the policy association from the SAP.

Default

no import — No import policy is specified.

Parameters

policy-name

Specifies the import policy name. Values can be string up to 32 characters long of printable, 7-bit ASCII characters. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes. These policies are configured in the config>router> policy-options context. The router policy must be defined before it can be imported.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vprn>bgp>group import)

[Tree] (config>service>vprn>bgp import)

[Tree] (config>service>vprn>bgp>group>neighbor import)

Full Context

configure service vprn bgp group import

configure service vprn bgp import

configure service vprn bgp group neighbor import

Description

This command is used to specify route policies that control the handling of inbound routes received from certain peers. Route policies are configured in the config>router>policy-options context.

This configuration parameter can be set at three levels: global level (applies to all peers), group level (applies to all peers in a peer-group) or neighbor level (only applies to the specified peer). The most specific level is used

The import command can reference up to 15 objects, where each object is either a policy logical expression or the name of a single policy. The objects are evaluated in the specified order to determine the modifications of each route and the final action to accept or reject the route.

Only one of the 15 objects referenced by the import command can be a policy logical expression consisting of policy names (enclosed in square brackets) and logical operators (AND, OR, NOT). The first of the 15 objects has a maximum length of 255 characters while the remaining 14 objects have a maximum length of 64 characters each.

When multiple import commands are issued, the last command entered overrides the previous command.

When an import policy is not specified, BGP routes are accepted by default.

The no form of this command removes the policy association.

Default

no import

Parameters

plcy-or-long-expr

Specifies the route policy name (up to 64 characters) or a policy logical expression (up to 255 characters).

plcy-or-expr

Specifies the route policy name (up to 64 characters) or a policy logical expression (up to 255 characters).

Platforms

All

Context

[Tree] (config>service>vprn>igmp>grp-if import)

[Tree] (config>service>vprn>igmp>if import)

Full Context

configure service vprn igmp group-interface import

configure service vprn igmp interface import

Description

This command imports a policy to filter IGMP packets.

The no form of this command removes the policy association from the IGMP instance.

Default

no import — No import policy specified.

Parameters

policy-name

Specifies the import route policy name. Allowed values are any string up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, ?, space), the entire string must be enclosed between double quotes.

The specified name(s) must already be defined.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

• configure service vprn igmp group-interface import

All

• configure service vprn igmp interface import

Context

[Tree] (config>service>vprn>isis import)

Full Context

configure service vprn isis import

Description

This command applies one or more (up to five) route polices as IS-IS import policies.

When a prefix received in an IS-IS LSP is accepted by an entry in an IS-IS import policy, it is installed in the routing table, if it is the most preferred route to the destination.

When a prefix received in an IS-IS LSP is rejected by an entry in an IS-IS import policy, it is not installed in the routing table, even if it has the lowest preference value among all the routes to that destination.

The flooding of LSPs is unaffected by IS-IS import policy actions.

The no form of this command removes all policies from the configuration.

Default

no import

Parameters

policy-name

Identifies the export route policy name. Allowed values are any string up to 32 characters, composed of printable, 7-bit ASCII characters. If the string contains special characters (#, ?, space), the entire string must be enclosed between double quotes. The specified name(s) must already be defined.

Platforms

All

Context

[Tree] (config>service>vprn>mld>if import)

Full Context

configure service vprn mld interface import

Description

This command specifies the import route policy to be used for determining which membership reports are accepted by the router. Route policies are configured in the config>router>policy-options context.

When an import policy is not specified, all the MLD reports are accepted.

The no form of this command removes the policy association from the MLD instance.

Default

no import

Parameters

policy-name

Specifies the route policy name. Allowed values are any string up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, ?, space), the entire string must be enclosed between double quotes. Route policies are configured in the config>router>policy-options context.

Platforms

All

Context

[Tree] (config>service>vprn>msdp>group>peer import)

[Tree] (config>service>vprn>msdp>peer import)

[Tree] (config>service>vprn>msdp>group import)

[Tree] (config>service>vprn>msdp import)

Full Context

configure service vprn msdp group peer import

configure service vprn msdp peer import

configure service vprn msdp group import

configure service vprn msdp import

Description

This command specifies the policies to import source active state from Multicast Source Discovery Protocol (MSDP) into source active list.

If multiple policy names are specified, the policies are evaluated in the order they are specified. The first policy that matches is applied. If multiple import commands are issued, the last command entered will override the previous command. A maximum of five policy names can be specified.

If you configure an import policy at the global level, each individual peer inherits the global policy.

If you configure an import policy at the group level, each individual peer in a group inherits the group’s policy.

If you configure an import policy at the peer level, then policy only applies to the peer where it is configured.

The no form of this command removes all policies from the configuration.

Default

no import

Parameters

policy-name

Specifies the import policy name. Up to five policy-name arguments can be specified.

Platforms

All

Context

[Tree] (config>service>vprn>mvpn>vrf-target import)

Full Context

configure service vprn mvpn vrf-target import

Description

This command specifies communities to be accepted from peers.

Parameters

unicast

Specifies to use unicast vrf-target ext-community for the multicast VPN.

ext-comm

An extended BGP community in the type:x:y format. The value x can be an integer or IP address. The type can be the target or origin. x and y are 16-bit integers.

Values

target:{ip-address:comm-val | 2byte-asnumber:ext-comm-val | 4byte-asnumber:comm-val}
	ip-address:	a.b.c.d
	comm-val:	0 to 65535
	2byte-asnumber:	1 to 65535
	4byte-asnumber	0 to 4294967295

Platforms

All

Context

[Tree] (config>service>vprn>ospf>area import)

[Tree] (config>service>vprn>ospf3>area import)

Full Context

configure service vprn ospf area import

configure service vprn ospf3 area import

Description

This command configures ABR import policies to filter OSPFv2 Type 3 Summary-LSAs or OSPFv3 Inter-Area-Prefix-LSA between areas, to only permit the specified routes from being imported into an area.

This command cannot be used in OSPF area 0.

The no form of this command reverts to the default value.

Default

no import

Parameters

policy-name

Specifies the export route policy name. A maximum of five policy names can be specified. Allowed values are any string up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes.

The specified policy names must be predefined and already exist in the system.

Platforms

All

Context

[Tree] (config>service>vprn>ospf3 import)

[Tree] (config>service>vprn>ospf import)

Full Context

configure service vprn ospf3 import

configure service vprn ospf import

Description

This command applies one or more (up to five) route polices as OSPF import policies. When a prefix received in an OSPF LSA is accepted by an entry in an OSPF import policy it is installed in the routing table if it is the most preferred route to the destination. When a prefix received in an OSPF LSA is rejected by an entry in an OSPF import policy it is not installed in the routing table, even if it has the lowest preference value among all the routes to that destination. The flooding of LSAs is unaffected by OSPF import policy actions. This command only applies to the 7750 SR.

Default

If an OSPF route has the lowest preference value among all routes to a destination it is installed in the routing table.

Parameters

policy-name

Specifies the import route policy name. A maximum of five policy names can be specified. Allowed values are any string up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, ?, space), the entire string must be enclosed between double quotes.

The specified policy name(s) must be predefined and already exist in the system.

Platforms

All

Context

[Tree] (config>service>vprn>pim import)

Full Context

configure service vprn pim import

Description

This command specifies the import route policy to be used for determining which routes are accepted from peers. Route policies are configured in the config>router>policy-options context. When an import policy is not specified, BGP routes are accepted by default.

The no form of this command removes the policy association from the IGMP instance.

Default

no import join-policy

no import register-policy

Parameters

join-policy

Use this command to filter PIM join messages which prevents unwanted multicast streams from traversing the network.

register-policy

This keyword filters register messages. PIM register filters prevent register messages from being processed by the RP. This filter can only be defined on an RP. When a match is found, the RP immediately sends back a register-stop message.

policy-name

Specifies the route policy name. Allowed values are any string up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, ?, space), the entire string must be enclosed between double quotes. Route policies are configured in the config>router>policy-options context.

Platforms

All

Context

[Tree] (config>service>vprn>ripng>group>neighbor import)

[Tree] (config>service>vprn>rip import)

[Tree] (config>service>vprn>ripng>group import)

[Tree] (config>service>vprn>ripng import)

[Tree] (config>service>vprn>rip>group import)

[Tree] (config>service>vprn>rip>group>neighbor import)

Full Context

configure service vprn ripng group neighbor import

configure service vprn rip import

configure service vprn ripng group import

configure service vprn ripng import

configure service vprn rip group import

configure service vprn rip group neighbor import

Description

This command configures import route policies to determine routes that will be accepted from RIP neighbors. If no import policy is specified, RIP accepts all routes from configured RIP neighbors. Import policies can be used to limit or modify the routes accepted and their corresponding parameters and metrics.

If multiple policy names are specified, the policies are evaluated in the order that they are specified. The first policy that matches is applied. If multiple import commands are issued, the last command entered will override the previous command. A maximum of five policy names can be specified.

The no form of this command removes all policies from the configuration.

Default

no import

Parameters

policy-name

The import route policy name. Allowed values are any string up to 32 characters in length and composed of printable, 7-bit ASCII characters. If the string contains special characters (#, ?, space), the entire string must be enclosed between double quotes. The specified names must already be defined.

Platforms

All

Context

[Tree] (config>router>ldp import)

Full Context

configure router ldp import

Description

This command configures import route policies to determine which label bindings (FECs) are accepted from LDP neighbors. Policies are configured in the config>router>policy-options context.

If no import policy is specified, LDP accepts all label bindings from configured LDP neighbors. Import policies can be used to limit or modify the routes accepted and their corresponding parameters and metrics.

If multiple policy names are specified, the policies are evaluated in the order they are specified. The first policy that matches is applied. If multiple import commands are issued, the last command entered will override the previous command. A maximum of five policy names can be specified.

The no form of this command removes all policies from the configuration.

Default

no import

Parameters

policy-name

Specifies up to five import route policy names, up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes.

The specified name(s) must already be defined.

Platforms

All

Context

[Tree] (config>router>igmp>group-interface import)

[Tree] (config>router>igmp>if import)

Full Context

configure router igmp group-interface import

configure router igmp interface import

Description

This command applies the referenced IGMP policy (filter) to an interface subscriber or a group-interface. An IGMP filter is also known as a black/white list and it is defined under the config>router>policy-options.

When redirection is applied, only the import policy from the subscriber will be in effect. The import policy under the group interface is applicable only for IGMP states received directly on the SAP (AN in IGMP proxy mode).

The no form of the command removes the policy association from the IGMP instance.

Default

no import

Parameters

policy-name

The route policy name. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes. Route policies are configured in the config>router>policy-options context.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

• configure router igmp group-interface import

All

• configure router igmp interface import

Context

[Tree] (config>router>mld>group-interface import)

[Tree] (config>router>mld>if import)

Full Context

configure router mld group-interface import

configure router mld interface import

Description

This command specifies the import route policy to determine which membership reports are accepted by the router. Route policies are configured in the config>router>policy-options context.

When an import policy is not specified, all the MLD reports are accepted.

The no form of this command removes the policy association from the MLD instance.

Default

no import

Parameters

policy-name

Specifies the route policy name. Allowed values are any string up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes. Route policies are configured in the config>router>policy-options context.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

• configure router mld group-interface import

All

• configure router mld interface import

Context

[Tree] (config>router>msdp import)

[Tree] (config>router>msdp>group>peer import)

[Tree] (config>router>msdp>group import)

[Tree] (config>router>msdp>peer import)

Full Context

configure router msdp import

configure router msdp group peer import

configure router msdp group import

configure router msdp peer import

Description

This command specifies the policies to import SA states from MSDP into the SA list.

If multiple policy names are specified, the router evaluates the policies in the order they are specified, and applies the first policy that matches. If multiple import commands are issued, the last command entered overrides the previous command.

If an import policy is configured at the global level, each individual peer inherits the global policy. If an import policy is configured at the group level, each individual peer in a group inherits the group’s policy. If an import policy is configured at the peer level, then policy only applies to the peer where it is configured.

The no form of this command applies no import policies and all SA messages are allowed.

Default

no import

Parameters

policy-name

Specifies the import policy name, up to 32 characters. A maximum of five policy names can be specified.

Platforms

All

Context

[Tree] (config>router>pim import)

Full Context

configure router pim import

Description

This command specifies the import route policy to be used. Route policies are configured in the config>router>policy-options context.

When an import policy is not specified, BGP routes are accepted by default. Up to five import policy names can be specified.

The no form of this command removes the policy association from the instance.

Default

no import

Parameters

join-policy

Filters PIM join messages which prevents unwanted multicast streams from traversing the network.

register-policy

Filters register messages. PIM register filters prevent register messages from being processed by the RP. This filter can only be defined on an RP. When a match is found, the RP immediately sends back a register-stop message.

policy-name

Specifies the route policy name, up to 32 characters. Route policies are configured in the config>router>policy-options context.

Platforms

All

Context

[Tree] (config>service>pw-template>igmp-snooping import)

Full Context

configure service pw-template igmp-snooping import

Description

This command specifies the import routing policy to be used for IGMP packets. Only a single policy can be imported at a time.

The no form of the command removes the policy association.

Default

no import

Parameters

policy-name

Specifies the import policy name. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes. Routing policies are configured in the config>router>policy-options context The router policy must be defined before it can be imported.

Platforms

All

Context

[Tree] (admin>certificate import)

Full Context

admin certificate import

Description

This command converts an input file (key/certificate/CRL) to a system format file. The following list summarizes the formats supported by this command:

• Certificate

  • PKCS #12

  • PKCS #7 PEM encoded

  • PKCS #7 DER encoded

  • PEM

  • DER

• Key

  • PKCS #12

  • PEM

  • DER

• CRL

  • PKCS #7 PEM encoded

  • PKCS #7 DER encoded

  • PEM

  • DER

Parameters

input url-string

Specifies the URL for the input file. This URL could be either a local CF card URL file or a FP URL to download the input file.

Values

url-string	<local-url> up to 99 characters
local-url	<cflash-id>/<file-path>
cflash-id	cf1:| cf2:| cf3:

output filename

Specifies the name of output file up to 95 characters. The output directory depends on the file type like following:

• Key: cf3:\system-pki\key

• Cert: cf3:\system-pki\cert

• CRL: cf3:\system-pki\CRL

type

The type of input file.

Values

cert, key, crl

format

Specifies the format of input file.

Values

pkcs12, pkcs7-der, pkcs7-pem, pem, der

password

Specifies the password to decrypt the input file in case that it is an encrypted PKCS#12 file.

Platforms

All

Context

[Tree] (config>router>bgp>group>neighbor import)

[Tree] (config>router>bgp>group import)

[Tree] (config>router>bgp import)

Full Context

configure router bgp group neighbor import

configure router bgp group import

configure router bgp import

Description

This command specifies route policies that control the handling of inbound routes received from certain peers. Route policies are configured in the config>router>policy-options context.

This configuration parameter can be set at three levels: global level (applies to all peers), group level (applies to all peers in peer-group) or neighbor level (only applies to specified peer). The most specific level is used.

The import command can reference up to 15 objects, where each object is either a policy logical expression or the name of a single policy. The objects are evaluated in the specified order to determine the modifications of each route and the final action to accept or reject the route.

Only one of the 15 objects referenced by the import command is allowed to be a policy logical expression consisting of policy names (enclosed in square brackets) and logical operators (AND, OR, NOT). The first of the 15 objects has a maximum length of 255 characters; the remaining 14 objects have a maximum length of 64 characters each.

When multiple import commands are issued, the last command entered overrides the previous command.

When an import policy is not specified, BGP routes are accepted by default.

The no form of this command removes the policy association.

Default

no import

Parameters

plcy-or-long-expr

Specifies the route policy name (up to 64 characters long) or a policy logical expression (up to 255 characters long). Allowed values are any string up to 255 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes.

plcy-or-expr

Specifies the route policy name (up to 64 characters long) or a policy logical expression (up to 64 characters long). Allowed values are any string up to 64 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes.

Platforms

All

Context

[Tree] (config>router>isis import)

Full Context

configure router isis import

Description

This command specifies up to five route polices as IS-IS import policies.

When a prefix received in an IS-IS LSP is accepted by an entry in an IS-IS import policy, it is installed in the routing table, if it is the most preferred route to the destination.

When a prefix received in an IS-IS LSP is rejected by an entry in an IS-IS import policy, it is not installed in the routing table, even if it has the lowest preference value among all the routes to that destination.

The flooding of LSPs is unaffected by IS-IS import policy actions.

The no form of this command removes all policies from the configuration.

Default

no import

Parameters

policy-name

Specifies the import route policy name. Allowed values are any string up to 32 characters, composed of printable, 7-bit ASCII characters. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes. The specified names must already be defined.

Platforms

All

Context

[Tree] (config>router>ospf3 import)

[Tree] (config>router>ospf import)

Full Context

configure router ospf3 import

configure router ospf import

Description

This command applies one or more (up to 5) route polices as OSPF import policies. When a prefix received in an OSPF LSA is accepted by an entry in an OSPF import policy, it is installed in the routing table if it is the most preferred route to the destination. When a prefix received in an OSPF LSA is rejected by an entry in an OSPF import policy, it is not installed in the routing table, even if it has the lowest preference value among all the routes to that destination. The flooding of LSAs is unaffected by OSPF import policy actions. The no form of this command removes all policies from the configuration.

Default

no import

Parameters

policy-name

Specifies up to 5 export route policy names. Allowed values are any string up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes. The specified names must already be defined.

Platforms

All

Context

[Tree] (config>router>ospf>area import)

[Tree] (config>router>ospf3>area import)

Full Context

configure router ospf area import

configure router ospf3 area import

Description

This command configures ABR import policies to filter OSPFv2 Type 3 Summary-LSAs or OSPFv3 Inter-Area-Prefix-LSA between areas, in order to only permit the specified routes from being imported into an area.

This command cannot be used in OSPF area 0.

The no form of this command reverts to the default value.

Default

no import

Parameters

policy-name

Specifies up to five import route policy names. Allowed values are any string up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes. The specified names must already be defined.

Platforms

All

Context

[Tree] (config>router>ripng import)

[Tree] (config>router>ripng>group>neighbor import)

[Tree] (config>router>rip import)

[Tree] (config>router>rip>group import)

[Tree] (config>router>rip>group>neighbor import)

[Tree] (config>router>ripng>group import)

Full Context

configure router ripng import

configure router ripng group neighbor import

configure router rip import

configure router rip group import

configure router rip group neighbor import

configure router ripng group import

Description

This command configures import route policies to determine which routes are accepted from RIP neighbors. If no import policy is specified, RIP accepts all routes from configured RIP neighbors. Import policies can be used to limit or modify the routes accepted and their corresponding parameters and metrics.

If multiple policy names are specified, the policies are evaluated in the order they are specified. The first policy that matches is applied. If multiple import commands are issued, the last command entered will override the previous command. A maximum of five policy names can be specified.

The no form of the command removes all policies from the configuration.

Default

no import

Parameters

policy-name

Specifies up to five import route policy names. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes.

The specified names must already be defined.

Platforms

All

Context

[Tree] (config>service>vprn>bgp-ipvpn>attribute-set import)

Full Context

configure service vprn bgp-ipvpn attribute-set import

Description

This command configures the reception behavior for ATTR_SETs in received VPN-IP routes.

Default

import ignore

Parameters

accept

Keyword to configure BGP to accept and process ATTR_SETs in received unicast VPN-IP routes (MPLS or SRv6) when they are imported into the VPRN. The path attributes contained inside the ATTR_SET are used for best-path selection within the VPRN, instead of the outer-path attributes attached to the imported VPN-IP route. The path attributes inside the ATTR_SET determine the path attributes of BGP routes advertised to PE-CE peers of the VPRN. However, the ATTR_SET is removed at the time of advertisement. VPRN BGP routes with attributes derived from accept processing are only advertised to EBGP peers and IBGP route reflector client peers. VPRN BGP routes are not advertised to BGP confederation peers. If the origin AS in the ATTR_SET attribute does not match the configured ASN, VPRN BGP routes with attributes derived from accept processing are advertised to IBGP peers that are not covered by a cluster configuration.

drop

Keyword to configure BGP to ignore and silently discard ATTR_SETs in received VPN-IP routes when they are imported into the VPRN. The path attributes contained inside the ATTR_SET are not used for best path selection within the VPRN. If a VPRN is not involved in an independent domain Layer 3 VPN service, Nokia recommends configuring the import command to drop.

ignore

Keyword to configure BGP to ignore ATTR_SETs in received VPN-IP routes when they are imported into the VPRN. The path attributes contained inside the ATTR_SET are not used for best-path selection within the VPRN. With the ignore parameter, the ATTR_SET attribute is transmitted unchanged to the CE. Nokia does not recommend configuring the import command to ignore in most deployments.

Platforms

All

Context

[Tree] (config>service>vprn>grt import-grt)

Full Context

configure service vprn grt-lookup import-grt

Description

This command associates policies to control the leaking of GRT routes into the associated VPRN.

The GRT route must have first been leaked by a leak-export policy defined under the config>router context. Then the route must match a route entry in the specified import-grt policy with an accept action. Refer to the IP Router Configuration Command Reference section in the 7750 SR Extensible Routing System Virtualized Service Router.

The no form of this command removes route leaking policy associations and disables the leaking of GRT routes into the local VPRN.

Parameters

plcy-or-long-expr

Specifies route policy names, up to 64 characters, or a policy logical expression, up to 255 characters.

Values

plcy-or-long-expr: policy-name | long-expr

policy-name: up to 64 characters

long-expr: up to 255 characters

plcy-or-expr

Specifies up to four route policy names, up to 64 characters, or a policy logical expression, up to 64 characters.

Values

plcy-or-expr: policy-name | expr

policy-name: up to 64 characters

expr: up to 64 characters

Platforms

All

Context

[Tree] (config>router>ldp import-mcast-policy)

Full Context

configure router ldp import-mcast-policy

Description

This command configures an import policy for mLDP FECs arriving on the node. This command does not work for self-generated mLDP FECs. The action of the policy will accept or reject the FEC. If the FEC is rejected, it will be kept but is not resolved.

The no form of this command removes all policies from the configuration.

Default

no import-mcast-policy

Parameters

policy-name

Specifies up to five import route policy names, up to 32 characters, to be assigned to mLDP. The specified name(s) must already be defined.

Platforms

All

Context

[Tree] (config>router>ldp import-pmsi-routes)

Full Context

configure router ldp import-pmsi-routes

Description

Commands in this context configure import-pmsi-routes.

For option B, the leafs or ABR/ASBR that are not directly connected to the root have no visibility of the root. As such, for LDP to build the recursive FEC it needs to cache the MVPN PMSI AD routes, this command gives the user the ability to manually enable caching of MVPN PMSI AD routes internally in LDP for EVPN or MVPN inter-as or mvpn_no_export_community intra-as.

Platforms

All

Context

[Tree] (config>router>ldp>session-params>peer import-prefixes)

Full Context

configure router ldp session-parameters peer import-prefixes

Description

This command configures the import FEC prefix policy to determine which prefixes received from this LDP peer are imported and installed by LDP on this node. If resolved these FEC prefixes are then re-distributed to other LDP and T-LDP peers. A FEC prefix that is filtered out (deny) will not be imported. A FEC prefix that is filtered in (accept) will be imported.

If no import policy is specified, the node will import all prefixes received from this LDP/T-LDP peer. This policy is applied in addition to the global LDP policy and targeted session policy.

Policies are configured in the config>router>policy-options context. A maximum of five policy names can be specified. Peer address has to be the peer LSR-ID address.

The no form of the command removes the policy from the configuration.

Default

no import-prefixes - no import route policy is specified

Parameters

policy-name

Specifies up to five import-prefix route policy names. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters excluding double quotes. If the string contains spaces, use double quotes to delimit the start and end of the string. The specified name(s) must already be defined.

Platforms

All

Context

[Tree] (config>router>ldp>targeted-session import-prefixes)

Full Context

configure router ldp targeted-session import-prefixes

Description

This command configures the import route policy to determine which FEC prefix label bindings are accepted from targeted LDP neighbors into this node. A label binding that is filtered out (deny) will not be imported. A route that is filtered in (accept) will be imported.

If no import policy is specified, this node session will accept all bindings from configured targeted LDP neighbors. This policy is applied in addition to the global LDP policy.

Policies are configured in the config>router>policy-options context. A maximum of five policy names can be specified.

The no form of this command removes the policy from the configuration.

Parameters

policy-name

Specifies up to five import policy names. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes.

Platforms

All

Context

[Tree] (config>router>ldp import-tunnel-table)

Full Context

configure router ldp import-tunnel-table

Description

This command controls the import, in the tunnel table, of LDP tunnels to non-host prefixes. This command is only intended for importing tunnels; it cannot be used for preventing the import of any specific prefix and only non-host prefixes will be considered when evaluating this policy in this context. The LDP tunnels to these non-host prefixes must be created before they can be imported.

This command does not affect the automatic import of LDP tunnels to host prefixes.

The no version of this command removes all of the import policies and, by consequence, any tunnels to non-host prefixes from the tunnel table. If a non-host prefix tunnel is currently being used for forwarding, disabling this command may be service-impacting.

Default

no import-tunnel-table

Parameters

policy-name

Specifies up to five import route policy names. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes.

The specified policy names must already be defined.

Platforms

All

Context

[Tree] (config>system>security>pki imported-format)

Full Context

configure system security pki imported-format

Description

This command specifies the allowed format of imported certificates or keys in the cf3:/system-pki directory.

Default

imported-format any

Parameters

any

Allows any imported format.

secure

Only allows enhanced secure imported formats.

Platforms

All

Context

[Tree] (config>service>vprn>mvpn>pt>inclusive>pim improved-assert)

Full Context

configure service vprn mvpn provider-tunnel inclusive pim improved-assert

Description

This command enables improved assert procedure on the PIM inclusive provider tunnel.

The no form of this command disables improved assert procedure.

Default

enabled

Platforms

All

Context

[Tree] (config>service>vprn>pim>if improved-assert)

Full Context

configure service vprn pim interface improved-assert

Description

This command enables improved assert processing on this interface. The PIM assert process establishes a forwarder for a LAN and requires interaction between the control and forwarding planes.

The assert process is started when data is received on an outgoing interface. This could impact performance if data is continuously received on an outgoing interface.

When enabled, the PIM assert process is done entirely on the control-plane with no interaction between the control and forwarding plane.

Default

improved-assert

Platforms

All

Context

[Tree] (config>router>pim>interface improved-assert)

Full Context

configure router pim interface improved-assert

Description

This command enables improved assert processing. The PIM assert process establishes a forwarder for a LAN and requires interaction between the control and forwarding planes. The assert process is started when data is received on an outgoing interface meaning that duplicate traffic is forwarded to the LAN until the forwarder is negotiated among the routers.

When the improved-assert command is enabled, the PIM assert process is done entirely in the control plane. The advantages are that it eliminates duplicate traffic forwarding to the LAN. It also improves performance since it removes the required interaction between the control and data planes.

Default

improved-assert

Platforms

All