l Commands – Part II

Context

[Tree] (config>service>vprn>isis>if lfa-policy-map)

Full Context

configure service vprn isis interface lfa-policy-map

Description

This command applies a route next-hop policy template to the IS-IS interface for the VPRN instance.

When a route next-hop policy template is applied to an interface in IS-IS, it is applied in both level 1 and level 2. When a route next-hop policy template is applied to an interface in OSPF, it is applied in all areas. However, the command in an OSPF interface context can only be executed under the area in which the specified interface is primary and then applied in that area and in all other areas where the interface is secondary. If the user attempts to apply it to an area where the interface is secondary, the command fails.

If the user excluded the interface from LFA using the command loopfree-alternate-exclude, the LFA policy, if applied to the interface, has no effect.

Finally, if the user applied a route next-hop policy template to a loopback interface or to the system interface, the command will not be rejected, but it will result in no action being taken.

The no form deletes the mapping of a route next-hop policy template to an OSPF or IS-IS interface.

Parameters

template-name

Specifies the name of the template, up to 32 characters.

Platforms

All

Context

[Tree] (config>router>ospf3>area>if lfa-policy-map)

[Tree] (config>router>ospf>area>if lfa-policy-map)

[Tree] (config>router>isis>if lfa-policy-map)

[Tree] (config>service>vprn>ospf>area>if lfa-policy-map)

[Tree] (config>service>vprn>ospf3>area>if lfa-policy-map)

Full Context

configure router ospf3 area interface lfa-policy-map

configure router ospf area interface lfa-policy-map

configure router isis interface lfa-policy-map

configure service vprn ospf area interface lfa-policy-map

configure service vprn ospf3 area interface lfa-policy-map

Description

This command applies a route next-hop policy template to an OSPF or IS-IS interface.

When a route next-hop policy template is applied to an interface in IS-IS, it is applied in both level 1 and level 2. When a route next-hop policy template is applied to an interface in OSPF, it is applied in all areas. However, the command in an OSPF interface context can only be executed under the area in which the specified interface is primary and then applied in that area and in all other areas where the interface is secondary. If the user attempts to apply it to an area where the interface is secondary, the command fails.

If the user excluded the interface from LFA using the command loopfree-alternate-exclude, the LFA policy, if applied to the interface, has no effect.

Finally, if the user applied a route next-hop policy template to a loopback interface or to the system interface, the command will not be rejected, but it results in no action being taken.

The no form deletes the mapping of a route next-hop policy template to an OSPF or IS-IS interface.

Default

no lfa-policy-map

Parameters

template-name

Specifies the name of the template, up to 32 characters.

Platforms

All

Context

[Tree] (config li)

Full Context

configure li

Description

Commands in this context configure lawful intercept (LI) parameters.

Platforms

All

Context

[Tree] (config>system>security>profile li)

Full Context

configure system security profile li

Description

This command enables the Lawful Intercept (LI) profile identifier.

The no form of this command disables the LI profile identifier.

Platforms

All

Context

[Tree] (config>li li-filter)

Full Context

configure li li-filter

Description

Commands in this context configure the li-filter branch to create LI filter lists and entries.

Platforms

All

Context

[Tree] (config>li li-filter-associations)

Full Context

configure li li-filter-associations

Description

Commands in this context configure the LI filter associations entries that are inserted into normal filters.

Platforms

All

Context

[Tree] (config>li li-filter-block-reservation)

Full Context

configure li li-filter-block-reservation

Description

This command enable the LI filter block reservation branch to configure lawful intercept filter reservations.

Platforms

All

Context

[Tree] (config>li li-filter-lock-state)

Full Context

configure li li-filter-lock-state

Description

This command configures the lock state of the filters used by LI. With the configurable filter lock for LI feature an LI user can control the behavior of filters when they are used for LI.

Prior to Release 12.0.R1, when a filter entry was used as a Lawful Intercept (LI) mirror source criteria, all subsequent attempts to modify the filter were then blocked to avoid having the LI session impacted by a non-LI user.

The no form of this command reverts to the default.

Default

li-filter-lock-state locked

Parameters

locked

When an li-source criteria is configured that references any entry of filter Y, then filter Y can no longer be changed (until there are no longer any li-source references to entries of filter Y).

unlocked-for-li-users

Filters can continue to be edited by LI users only even when an li-source references an entry in that filter.

unlocked-for-all-users

Filters can continue to be edited by all users even when an li-source references an entry in that filter.

Platforms

All

Context

[Tree] (config>li>x-interfaces>x3 li-group)

Full Context

configure li x-interfaces x3 li-group

Description

This command configures the ISA group used for the X3 interface.

The no form of this command reverts to the default.

Parameters

isa-group-id

Specifies the ISA group ID.

Values

1 to 4

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>li>li-filter li-ip-filter)

Full Context

configure li li-filter li-ip-filter

Description

This command creates a Lawful Interception (LI) IPv4 filter list, or enters the CLI context for a LI IPv4 filter list. LI IPv4 filters are used as a manner to create confidential IPv4 filter based li-source entries. The LI IPv4 filter entries are inserted/merged into normal IPv4 filters as configured with the li-filter-associations and li-filter-block-reservation commands, but the LI IPv4 filter entries are not visible to users without LI permissions.

The no form of this command removes the LI IPv4 filter name from the configuration.

Parameters

li-filter-name

Specifies the name of the IPv4 address filter. Filter names cannot start with an underscore character (for example, "_my-filter”) and cannot use the name "default”.

Platforms

All

Context

[Tree] (config>li>li-filter-assoc li-ip-filter)

Full Context

configure li li-filter-associations li-ip-filter

Description

Specifies the li-ip-filter that will have its entries inserted into a list of normal IP filters.

The no form of this command removes the LI filter name from the configuration.

Parameters

li-filter-name

Specifies an existing li-ip-filter, up to 32 characters.

Platforms

All

Context

[Tree] (config>li>li-source li-ip-filter)

Full Context

configure li li-source li-ip-filter

Description

This command enables lawful interception (LI) of packets that match specific entries in an existing LI IP filter that has been associated with a normal IP filter. The specification of an li-ip-filter entry as an li-source means that packets matching the li-ip-filter entry will be intercepted on all interfaces/saps/and so on where the associated normal ip-filter(s) are applied.

Parameters

li-filter-name

Specifies the name of the li-ip-filter, up to 32 characters.

li-entry-id

Specifies the entry ID in the li-ip-filter that is to be used as an li-source criteria.

Values

1 to 65535

intercept-id

Specifies the intercept-id that is inserted into the packet header for all mirrored packets of the associated li-source entry. This intercept ID can be used (for example by a downstream LI gateway) to identify the particular LI session to which the packet belongs. For all types of li-source entries (filter, nat, sap, subscriber), when the mirror service is configured with ip-udp-shim routable encap, an intercept-id field (as part of the routable encap) is always present in the mirrored packets. If there is no intercept-id configured for an li-source entry, then the default value will be inserted. When the mirror service is configured with ip-gre or ip-udp-shim-sampled routable encap, no intercept ID is inserted and none can be specified against the li-source entries.

session-id

Specifies the session-id that is inserted into the packet header for all mirrored packets of the associated li-source entry. This session-id can be used (for example by a downstream LI Gateway) to identify the particular LI session to which the packet belongs. The session-id is only valid and used for mirror services that are configured with ip-udp-shim routable encap (config>mirror>mirror-dest>encap>ip-udp-shim). For all types of li-source entries (filter, nat, sap, or subscriber), when the mirror service is configured with ip-udp-shim routable encap, a session-id field (as part of the routable encap) is always present in the mirrored packets. If there is no session-id configured for an li-source entry, then the default value will be inserted. When a mirror service is configured with ip-gre or ip-udp-shim-sampled routable encap, no session-id is inserted and none can be specified against the li-source entries.

Platforms

All

Context

[Tree] (config>li>li-filter li-ipv6-filter)

Full Context

configure li li-filter li-ipv6-filter

Description

This command creates a Lawful Interception (LI) IPv6 filter list, or enters the CLI context for a LI IPv6 filter list. LI IPv6 filters are used as a manner to create confidential IPv6 filter based li-source entries. The LI IPv6 filter entries are inserted or merged into normal IPv6 filters as configured with the li-filter-associations and li-filter-block-reservation commands, but the LI IPv6 filter entries are not visible to users without LI permissions.

The no form of this command removes the LI IPv6 filter name from the configuration.

Parameters

li-filter-name

Specifies the name of the IPv6 address filter. Filter names cannot start with an underscore character (for example, "_my-filter”) and cannot use the name "default”.

create

creates a LI IPv6 filter.

Platforms

All

Context

[Tree] (config>li>li-filter-assoc li-ipv6-filter)

Full Context

configure li li-filter-associations li-ipv6-filter

Description

This command specifies the li-ipv6-filter that will have its entries inserted into a list of normal IPv6 filters.

The no form of this command removes the filter name from the configuration.

Parameters

li-filter-name

Specifies an existing li-ipv6-filter up to 32 characters.

Platforms

All

Context

[Tree] (config>li>li-source li-ipv6-filter)

Full Context

configure li li-source li-ipv6-filter

Description

This command enables lawful interception (LI) of packets that match specific entries in an existing LI IPv6 filter that has been associated with a normal IPv6 filter. The specification of an li-ipv6-filter entry as an li-source means that packets matching the li-ipv6-filter entry will be intercepted on all interfaces/saps/and so on, where the associated normal ip-filter(s) are applied.

Parameters

li-filter-name

Specifies the name of the li-ipv6-filter up to 32 characters.

li-entry-id

Specifies the entry ID in the li-ipv6-filter that is to be used as an LI source criteria.

Values

1 to 65535

intercept-id

Specifies the intercept ID that is inserted into the packet header for all mirrored packets of the associated li-source entry. This intercept-id can be used (for example by a downstream LI gateway) to identify the particular LI session to which the packet belongs. For all types of li-source entries (filter, nat, sap, or subscriber), when the mirror service is configured with ip-udp-shim routable encap, an intercept-id field (as part of the routable encapsulation) is always present in the mirrored packets. If there is no intercept-id configured for an li-source entry, then the default value will be inserted. When the mirror service is configured with ip-gre or ip-udp-shim-sampled routable encap, no intercept ID is inserted and none can be specified against the LI source entries.

session-id

Specifies the session ID that is inserted into the packet header for all mirrored packets of the associated li-source entry. This session-id can be used (for example, by a downstream LI gateway) to identify the particular LI session to which the packet belongs. The session-id is only valid and used for mirror services that are configured with ip-udp-shim routable encap (config>mirror>mirror-dest>encap>ip-udp-shim). For all types of li-source entries (filter, nat, sap, subscriber), when the mirror service is configured with ip-udp-shim routable encap, a session-id field (as part of the routable encap) is always present in the mirrored packets. If there is no session ID configured for an li-source entry, then the default value is inserted. When a mirror service is configured with ip-gre or ip-udp-shim-sampled routable encap, no session ID is inserted and none can be specified against the li-source entries.

Platforms

All

Context

[Tree] (bof li-local-save)

Full Context

bof li-local-save

Description

This command specifies whether or not lawful intercept (LI) configuration is allowed to be saved to a local file. Modifying this command will not take effect until the system is rebooted.

Default

li-local-save

Platforms

All

Context

[Tree] (config>li>li-filter li-mac-filter)

Full Context

configure li li-filter li-mac-filter

Description

This command creates a Lawful Interception (LI) MAC filter list, or enters the CLI context for a LI MAC filter list. LI MAC filters are used as a manner to create confidential MAC filter based li-source entries. The LI MAC filter entries are inserted/merged into normal MAC filters as configured via the li-filter-associations and li-filter-block-reservation commands, but the LI MAC filter entries are not visible to users without LI permissions.

The no form of this command removes the MAC LI filter name from the configuration.

Parameters

li-filter-name

Specifies the name of the MAC filter. Filter names cannot start with an underscore character (for example, "_my-filter”) and cannot use the name "default”.

Platforms

All

Context

[Tree] (config>li>li-filter-assoc li-mac-filter)

Full Context

configure li li-filter-associations li-mac-filter

Description

Specifies the li-mac-filter that will have its entries inserted into a list of normal mac filters.

Parameters

li-filter-name

Specifies the name of the LI MAC filter, up to 32 characters. Filter names cannot start with an underscore character (for example, "_my-filter”) and cannot use the name "default”.

Platforms

All

Context

[Tree] (config>li>li-source li-mac-filter)

Full Context

configure li li-source li-mac-filter

Description

This command enables lawful interception (LI) of packets that match specific entries in an existing LI MAC filter that has been associated with a normal MAC filter. The specification of an li-mac-filter entry as an li-source means that packets matching the li-mac-filter entry will be intercepted on all interfaces, saps and so on where the associated normal mac-filter(s) are applied.

Parameters

li-filter-name

Specifies the name of the li-mac-filter, up to 32 characters.

li-entry-id

Specifies the entry id in the li-mac-filter that is to be used as an li-source criteria.

Values

1 to 65535

intercept-id

Specifies the intercept ID that is inserted into the packet header for all mirrored packets of the associated li-source entry. This intercept ID can be used (for example, by a downstream LI gateway) to identify the particular LI session to which the packet belongs. For all types of li-source entries (filter, nat, sap, subscriber), when the mirror service is configured with ip-udp-shim routable encap, an intercept-id field (as part of the routable encap) is always present in the mirrored packets. If there is no intercept-id configured for an li-source entry, then the default value will be inserted. When the mirror service is configured with ip-gre or ip-udp-shim-sampled routable encap, no intercept-id is inserted and none can be specified against the li-source entries.

session-id

Specifies the session-id that is inserted into the packet header for all mirrored packets of the associated li-source entry. This session-id can be used (for example by a downstream LI gateway) to identify the particular LI session to which the packet belongs. The session-id is only valid and used for mirror services that are configured with ip-udp-shim routable encap (config>mirror>mirror-dest>encap>ip-udp-shim). For all types of li-source entries (filter, nat, sap, subscriber), when the mirror service is configured with ip-udp-shim routable encap, a session-id field (as part of the routable encap) is always present in the mirrored packets. If there is no session-id configured for an li-source entry, then the default value will be inserted. When a mirror service is configured with ip-gre or ip-udp-shim-sampled routable encap, no session-id is inserted and none can be specified against the li-source entries.

Platforms

All

Context

[Tree] (config>li>li-filter-block-reservation li-reserved-block)

Full Context

configure li li-filter-block-reservation li-reserved-block

Description

This command creates or edits an LI reserved block. An LI reserved block allows an operator to define where entries from an LI filter should be inserted into a normal filter. The block reserves a configurable number of entries in the normal filter that can only be used for entries inserted from associated LI filters. The LI filter entries that get inserted into the reserved block in each normal filter are not visible to non-LI operators. The block also defines to which normal filters the reservation is applied.

The no form of this command removes the block name from the configuration.

Parameters

block-name

Specifies the name of the MAC filter. Block names cannot start with an underscore character (for example, "_my-filter”) and cannot use the name "default”.

Platforms

All

Context

[Tree] (bof li-separate)

Full Context

bof li-separate

Description

This command specifies whether or not a non-LI user has access to lawful intercept (LI) information. When this command is enabled, a user who does not have LI access will not be allowed to access CLI or SNMP objects in the li context. Modifying this command will not take effect until the system is rebooted.

When the no li-separate command is set (the default mode), those who are allowed access to the config>system>security>profile context and user command nodes are allowed to modify the configuration of the LI parameters. In this mode, a user that has a profile allowing access to the config>li and/or show>li command contexts can enter and use the commands under those nodes.

When the li-separate command is configured, only users that have the LI access capabilities set in the config>system>security>user>access li context are allowed to access the config>li and/or show>li command contexts. A user who does not have LI access is not allowed to enter the config>li and show>li contexts even though they have a profile that allows access to these nodes. When in the li-separate mode, only users with config>system>security>user>access li set in their user account have the ability modify the setting LI parameters in either their own or other profiles and user configurations.

Default

no li-separate

Platforms

All

Context

[Tree] (config>li li-source)

Full Context

configure li li-source

Description

This command configures a lawful intercept (LI) mirror source.

Parameters

mirror-service-id

Specifies the service ID in the service domain. This ID is unique to this service and cannot be used by any other service, regardless of service type. The same service ID must be configured on every router that this particular service is defined on.

Values

service-id:1 to 2147483647

svc-name: up to 64 characters

Platforms

All

Context

[Tree] (config>li>x-interfaces>lics lic)

Full Context

configure li x-interfaces lics lic

Description

This command configures the parameters to communicate with a specific LIC.

The no form of this command removes the LIC name.

Parameters

lic-name

Specifies the LIC name to be used as a reference, up to 32 characters.

create

Mandatory keyword to create this entry.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>li>x-interfaces>lics>lic lic-identifier)

Full Context

configure li x-interfaces lics lic lic-identifier

Description

This command configures the string that identifies this LIC.

The no form of this command reverts to the default.

Parameters

identifier

Specifies the LIC identifying string, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (admin>system license)

Full Context

admin system license

Description

Enters a context for administrative commands related to licensing.

Platforms

All

Context

[Tree] (bof license-file)

Full Context

bof license-file

Description

This command configures the license location and file name.

The no form of this command removes the file URL from the configuration.

Parameters

file-url

Specifies the file-url.

Values

file-url	{local-url | remote-url} (up to 180 characters)
local-url	[cflash-id/][file-path]
remote-url	[{ftp://| tftp://} login:pswd@remote-locn/][file-path]
cflash-id	cf1:, cf1-A:, cf1-B:, cf2:, cf2-A:, cf2-B:, cf3:, cf3-A:, cf3-B:

Platforms

All

Context

[Tree] (config>li>x-interfaces lics)

Full Context

configure li x-interfaces lics

Description

Commands in this context configure the Network Element to communicate with LI Centers (LICs).

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>service>nat>pcp-server-policy lifetime)

Full Context

configure service nat pcp-server-policy lifetime

Description

This command configures the lifetime of explicit mappings made by the PCP servers.

Default

lifetime minimum 120 maximum 86400

Parameters

minimum

Specifies the minimum lifetime of explicit mappings made by the PCP servers using this PCP policy, in seconds.

Values

60 to 86399

maximum

Specifies the maximum lifetime of explicit mappings made by the PCP servers using this PCP policy, in seconds.

Values

61 to 86400

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>system>script-control>script-policy lifetime)

Full Context

configure system script-control script-policy lifetime

Description

This command is used to configure the maximum amount of time that a script may run.

Default

lifetime 3600

Parameters

seconds

Specifies the maximum amount of time that a script may run, in seconds.

Values

0 to 21474836

Default

3600 (1 hour)

forever

Specifies to allow a script to run indefinitely.

Platforms

All

Context

[Tree] (debug>app-assure>group>traffic-capture>record limit)

Full Context

debug application-assurance group traffic-capture record limit

Description

This command records limit conditions.

Parameters

all-packet-matches

Records all the packets matching the condition.

first-session-match

Records only the first session matching the condition.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>ipsec>ike-policy limit-init-exchange)

Full Context

configure ipsec ike-policy limit-init-exchange

Description

This command limits the number of ongoing IKEv2 initial exchanges per tunnel to 1. When the system receives a new IKEv2 IKE_SA_INIT request when there is an ongoing IKEv2 initial exchange from same peer, then system reduces the timeout value of the existing exchange to the specified reduced-max-exchange-timeout. If the reduced-max-exchange-timeout is disabled, then the system does not reduce the timeout value.

The no form of this command reverts to the default value.

Default

limit-init-exchange reduced-max-exchange-timeout 2

Parameters

seconds

Specifies the maximum timeout for the in-progress initial IKE exchange.

Values

2 to 60, disabled

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vpls>spoke-sdp limit-mac-move)

[Tree] (config>service>vpls>sap limit-mac-move)

Full Context

configure service vpls spoke-sdp limit-mac-move

configure service vpls sap limit-mac-move

Description

This command indicates whether or not the mac-move agent, when enabled using config>service>vpls>mac-move or config>service>epipe>mac-move, limits the MAC re-learn (move) rate on this SAP.

Default

limit-mac-move blockable

Parameters

blockable

Specifies that the agent monitors the MAC re-learn rate on the SAP, and it blocks it when the re-learn rate is exceeded.

non-blockable

Specifies that this SAP is not blocked, and another blockable SAP is blocked instead.

Platforms

All

Context

[Tree] (config>service>pw-template limit-mac-move)

Full Context

configure service pw-template limit-mac-move

Description

This command indicates whether or not the mac-move agent will limit the MAC re-learn (move) rate.

Default

limit-mac-move blockable

Parameters

blockable

The agent will monitor the MAC re-learn rate, and it will block it when the re-learn rate is exceeded.

non-blockable

When specified, a SAP will not be blocked, and another blockable SAP will be blocked instead.

Platforms

All

Context

[Tree] (config>qos>adv-config-policy>child-control>bandwidth-distribution limit-pir-zero-drain)

Full Context

configure qos adv-config-policy child-control bandwidth-distribution limit-pir-zero-drain

Description

This command is used to configure the system to use the minimum configurable PIR instead of an H-QoS derived zero operational PIR. The default behavior is to allow the operational PIR of the queue to remain the last configured value while setting the queue MBS to zero (preventing queuing of newly arriving packets). Retaining the previous PIR value may cause a momentary burst above an aggregate rate associated with the queue as it drains. Using the limit-pir-zero-drain command causes the queue to drain at the lowest rate possible (typically 1 kb/s) that limits overrun situations.

The no form of this command reverts to default behavior.

Platforms

All

Context

[Tree] (config>port>ethernet>network>egr>qgrp>agg-rate limit-unused-bandwidth)

[Tree] (config>port>ethernet>access>egr>qgrp>agg-rate limit-unused-bandwidth)

[Tree] (config>service>vprn>sub-if>grp-if>sap>egress limit-unused-bandwidth)

[Tree] (config>port>ethernet>access>egress>vport limit-unused-bandwidth)

Full Context

configure port ethernet network egress queue-group agg-rate limit-unused-bandwidth

configure port ethernet access egress queue-group agg-rate limit-unused-bandwidth

configure service vprn subscriber-interface group-interface sap egress limit-unused-bandwidth

configure port ethernet access egress vport limit-unused-bandwidth

Description

This command specifies to limit the unused bandwidth and allow a tighter control in allocation of bandwidth by HQoS. When enabled, HQoS algorithm distributes any unused aggregate bandwidth between queues operating below their fair share rates. This allows a simplified aggregate rate protection while allocating bandwidth by HQoS.

The no form of this command reverts to the default.

Platforms

All

• configure port ethernet access egress vport limit-unused-bandwidth
• configure port ethernet access egress queue-group agg-rate limit-unused-bandwidth
• configure port ethernet network egress queue-group agg-rate limit-unused-bandwidth

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

• configure service vprn subscriber-interface group-interface sap egress limit-unused-bandwidth

Context

[Tree] (config>service>vprn>sub-if>grp-if>sap>egress>agg-rate limit-unused-bandwidth)

[Tree] (config>service>ies>if>sap>egress>agg-rate limit-unused-bandwidth)

[Tree] (config>service>ies>sub-if>grp-if>sap>egress>agg-rate limit-unused-bandwidth)

Full Context

configure service vprn subscriber-interface group-interface sap egress agg-rate limit-unused-bandwidth

configure service ies interface sap egress agg-rate limit-unused-bandwidth

configure service ies subscriber-interface group-interface sap egress agg-rate limit-unused-bandwidth

Description

This command enables aggregate rate overrun protection.

The no form of this command reverts to the default.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

• configure service ies subscriber-interface group-interface sap egress agg-rate limit-unused-bandwidth
• configure service vprn subscriber-interface group-interface sap egress agg-rate limit-unused-bandwidth

All

• configure service ies interface sap egress agg-rate limit-unused-bandwidth

Context

[Tree] (config>service>cpipe>sap>egress>agg-rate limit-unused-bandwidth)

[Tree] (config>service>epipe>sap>egress>agg-rate limit-unused-bandwidth)

[Tree] (config>service>ipipe>sap>egress>agg-rate limit-unused-bandwidth)

Full Context

configure service cpipe sap egress agg-rate limit-unused-bandwidth

configure service epipe sap egress agg-rate limit-unused-bandwidth

configure service ipipe sap egress agg-rate limit-unused-bandwidth

Description

This command is used to enable (or disable) aggregate rate overrun protection on the agg-rate context.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

• configure service cpipe sap egress agg-rate limit-unused-bandwidth

All

• configure service epipe sap egress agg-rate limit-unused-bandwidth
• configure service ipipe sap egress agg-rate limit-unused-bandwidth

Context

[Tree] (config>service>vpls>sap>egress>encap-defined-qos>encap-group>agg-rate limit-unused-bandwidth)

[Tree] (config>service>template>vpls-sap-template>egress>agg-rate limit-unused-bandwidth)

[Tree] (config>service>vpls>sap>egress>agg-rate limit-unused-bandwidth)

Full Context

configure service vpls sap egress encap-defined-qos encap-group agg-rate limit-unused-bandwidth

configure service template vpls-sap-template egress agg-rate limit-unused-bandwidth

configure service vpls sap egress agg-rate limit-unused-bandwidth

Description

This command is used to enable aggregate rate overrun protection on the agg-rate context.

The no form of this command disables the overrun protection.

Platforms

All

Context

[Tree] (config>service>vprn>if>sap>egress>agg-rate limit-unused-bandwidth)

Full Context

configure service vprn interface sap egress agg-rate limit-unused-bandwidth

Description

This command is used to enable (or disable) aggregate rate overrun protection on the agg-rate context.

Platforms

All

Context

[Tree] (config>qos>scheduler-policy>tier>scheduler limit-unused-bandwidth)

Full Context

configure qos scheduler-policy tier scheduler limit-unused-bandwidth

Description

This command is used to enable (or disable) aggregate rate overrun protection on the agg-rate context.

Platforms

All

Context

[Tree] (config>service>cust>multi-service-site>egress>agg-rate limit-unused-bandwidth)

Full Context

configure service customer multi-service-site egress agg-rate limit-unused-bandwidth

Description

This command is used to enable aggregate rate overrun protection.

The no form of the command disables aggregate rate overrun protection.

Default

no limit-unused-bandwidth

Platforms

All

Context

[Tree] (config>system>sync-if-timing>bits>output line-length)

Full Context

configure system sync-if-timing bits output line-length

Description

This command configures the line-length parameter of the BITS output, This is the distance in feet between the network element and the office clock (BITS/SSU). There are two possible BITS-out interfaces, one for each CPM. They are configured together, but they are displayed separately in the show command. This command is only applicable when the interface-type is DS1.

Default

line-length 110

Parameters

110

Specifies that the distance is from 0 to 110 feet.

220

Specifies that the distance is from 110 to 220 feet.

330

Specifies that the distance is from 220 to 330 feet.

440

Specifies that the distance is from 330 to 440 feet.

550

Specifies that the distance is from 440 to 550 feet.

660

Specifies that the distance is from 550 to 660 feet.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>lag>link-map-profile link)

Full Context

configure lag link-map-profile link

Description

This command designates one of the configured ports of the LAG to be used on egress as either a primary or secondary link (based on the option selected) by all SAPs and network interfaces that use this LAG link map profile.

Links are part of a profile When a link is added or deleted, all SAPs and network interfaces that use this link-map-profile may be re-hashed if required.

The no form of this command deletes the link from this LAG link mapping profile. A port must be deleted from all LAG link profiles if it is to be deleted from the LAG.

Parameters

port-id

Specifies a physical port ID that is an existing member of this LAG.

port-id	slot/mda/port[.channel]
	eth-sat-id	esat-id/slot/port
		esat	keyword
		id	1 to 20
	pxc-id	pxc-id.sub-port
		pxc	keyword
		id	1 to 64
		sub-port	a, b

primary

Designates one of the configured ports of the LAG to be used on egress as a primary link by SAPs/network interfaces that use this LAG link map profile.

secondary

Designates one of the configured ports of the LAG to be used on egress as a secondary link by SAPs/network interfaces that use this LAG link map profile.

Platforms

All

Context

[Tree] (config>test-oam>link-meas>template>ret-path link)

Full Context

configure test-oam link-measurement measurement-template twamp-light return-path link

Description

This command includes a return path sub-TLV link. The link sub-tlv instructs a Session-Reflector configured for type stamp to use the receiving logical IP interface for the transmission of the response packet from the reflector to the session-sender. The destination of the reflected packet must be installed in the forwarding table and reachable out the IP interface or the packet is dropped by the Session-Reflector. When there are parallel non-equal cost return paths between the Session-Reflector and the Session-Sender the response packet can only be returned on the lowest cost path.

Default

no link

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>service>vprn>sub-if>wlan-gw>pool-manager>dhcp6-client>slaac link-addr)

[Tree] (config>service>vprn>sub-if>wlan-gw>pool-manager>dhcp6-client>dhcpv4-nat link-addr)

[Tree] (config>service>ies>sub-if>wlan-gw>pool-manager>dhcp6-client>slaac link-addr)

[Tree] (config>service>ies>sub-if>wlan-gw>pool-manager>dhcp6-client>ia-na link-addr)

[Tree] (config>service>vprn>sub-if>wlan-gw>pool-manager>dhcp6-client>ia-na link-addr)

[Tree] (config>service>ies>sub-if>wlan-gw>pool-manager>dhcp6-client>dhcpv4-nat link-addr)

Full Context

configure service vprn subscriber-interface wlan-gw pool-manager dhcpv6-client slaac link-addr

configure service vprn subscriber-interface wlan-gw pool-manager dhcpv6-client dhcpv4-nat link-addr

configure service ies subscriber-interface wlan-gw pool-manager dhcpv6-client slaac link-addr

configure service ies subscriber-interface wlan-gw pool-manager dhcpv6-client ia-na link-addr

configure service vprn subscriber-interface wlan-gw pool-manager dhcpv6-client ia-na link-addr

configure service ies subscriber-interface wlan-gw pool-manager dhcpv6-client dhcpv4-nat link-addr

Description

This command specifies the ipv6-address that should be included in the link-address field of the relay header. This can be used for pool selection by the DHCPv6 server.

The no form of this command falls back to the default.

Parameters

ipv6-address

Specifies the IPv6 address up to 32 characters.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vprn>sub-if>grp-if>ipv6>dhcp6>relay link-address)

[Tree] (config>service>ies>if>ipv6>dhcp6-relay link-address)

[Tree] (config>service>ies>sub-if>grp-if>ipv6>dhcp6>relay link-address)

[Tree] (config>service>vprn>if>ipv6>dhcp6-relay link-address)

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host link-address)

[Tree] (config>service>vprn>sub-if>ipv6>dhcp6>relay link-address)

[Tree] (config>service>ies>sub-if>ipv6>dhcp6>relay link-address)

Full Context

configure service vprn subscriber-interface group-interface ipv6 dhcp6 relay link-address

configure service ies interface ipv6 dhcp6-relay link-address

configure service ies subscriber-interface group-interface ipv6 dhcp6 relay link-address

configure service vprn interface ipv6 dhcp6-relay link-address

configure subscriber-mgmt local-user-db ipoe host link-address

configure service vprn subscriber-interface ipv6 dhcp6 relay link-address

configure service ies subscriber-interface ipv6 dhcp6 relay link-address

Description

This command configures the link address used for prefix selection at the DHCP server.

The link-address is a field in DHCP6 Relay-Forward message that is used in DHCP6 server to select the IPv6 address (IA-NA) or IPv6 prefix (IA-PD) from a pool with configured prefix range covering the link-address. The selection scope is the pool or a prefix range within the pool.

The no form of this command reverts to the default.

Default

no link-address

Parameters

ipv6-address

Specifies the link-address.

Values

ipv6-address	x:x:x:x:x:x:x:x (eight 16-bit pieces)
	x:x:x:x:x:x:d.d.d.d
	x - [0 to FFFF]H
	d - [0 to 255]D

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

• configure service vprn subscriber-interface group-interface ipv6 dhcp6 relay link-address
• configure service ies subscriber-interface group-interface ipv6 dhcp6 relay link-address
• configure service ies subscriber-interface ipv6 dhcp6 relay link-address
• configure subscriber-mgmt local-user-db ipoe host link-address
• configure service vprn subscriber-interface ipv6 dhcp6 relay link-address

All

• configure service vprn interface ipv6 dhcp6-relay link-address
• configure service ies interface ipv6 dhcp6-relay link-address

Context

[Tree] (config>service>ies>if>sap>ipsec-gw>dhcp6 link-address)

[Tree] (config>service>vprn>if>sap>ipsec-gw>dhcp6 link-address)

Full Context

configure service ies interface sap ipsec-gw dhcp6 link-address

configure service vprn interface sap ipsec-gw dhcp6 link-address

Description

This command specifies the link address of the relayed DHCPv6 packets sent by the system.

Default

no link-address

Parameters

ipv6-address

Specifies a global unicast IPv6 address.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vprn>bgp>group link-bandwidth)

[Tree] (config>service>vprn>bgp>group>neighbor link-bandwidth)

Full Context

configure service vprn bgp group link-bandwidth

configure service vprn bgp group neighbor link-bandwidth

Description

This command enables the configuration context for handling the link-bandwidth extended community attached to specific BGP routes.

When all used multipaths of an IP prefix correspond to BGP routes with a link-bandwidth extended community, the datapath is programmed to do weighted ECMP across the BGP next-hops in proportion to the bandwidth values.

Platforms

All

Context

[Tree] (config>router>bgp>group link-bandwidth)

[Tree] (config>router>bgp>group>neighbor link-bandwidth)

Full Context

configure router bgp group link-bandwidth

configure router bgp group neighbor link-bandwidth

Description

This command enables the configuration context for handling the link-bandwidth extended community attached to specific BGP routes.

When all used multipaths of an IP prefix correspond to BGP routes with a link-bandwidth extended community, the datapath is programmed to do weighted ECMP across the BGP next-hops in proportion to the bandwidth values.

Platforms

All

Context

[Tree] (config>port>ethernet>efm-oam>peer-rdi-rx link-fault)

Full Context

configure port ethernet efm-oam peer-rdi-rx link-fault

Description

This command defines how to react to the reception of a link fault flag set in the informational PDU from a peer.

Default

link-fault local-port-action out-of-service

Parameters

local-port-action

Defines whether or not the local port will be affected when a link fault is received from a peer.

log-only

Keyword that prevents the port from being affected when the local peer receives a link fault. The dying gasp will be logged but the port will remain operational.

out-of-service

Keyword that causes the port to enter a non-operation down state with a port state of link up. The error will be logged upon reception of link fault event. The port will not be available to service data but will continue to carry Link OAM traffic to ensure the link is monitored.

Platforms

All

Context

[Tree] (config>service>vprn>isis link-group)

Full Context

configure service vprn isis link-group

Description

This command configures a link-group for the router or VPRN instance.

The no form of this command removes the specified link-group.

Parameters

link-group-name

Name of the link-group to be added or removed from the router or VPRN service.

Platforms

All

Context

[Tree] (config>router>isis link-group)

Full Context

configure router isis link-group

Description

This command specifies the IS-IS link group associated with this particular level of the interface.

Default

no link-group

Parameters

link-group-name

Specifies an IS-IS link group name, up to 32 characters in length, on the system.

Platforms

All

Context

[Tree] (config>router>if>ipv6 link-local-address)

[Tree] (config>service>ies>if>ipv6 link-local-address)

[Tree] (config>service>vprn>sub-if>ipv6 link-local-address)

[Tree] (config>service>ies>sub-if>ipv6 link-local-address)

[Tree] (config>service>vprn>if>ipv6 link-local-address)

Full Context

configure router interface ipv6 link-local-address

configure service ies interface ipv6 link-local-address

configure service vprn subscriber-interface ipv6 link-local-address

configure service ies subscriber-interface ipv6 link-local-address

configure service vprn interface ipv6 link-local-address

Description

This command configures the IPv6 Link Local address that is used as a virtual SRRP IPv6 address by the Master SRRP node. This address is sent in the Router Advertisements initiated by the Master SRRP node. Clients use this address as IPv6 default-gateway. Both SRRP nodes, Master and Backup, must be configured with the same Link Local address.

Only one link-local-address is allowed per interface.

The no form of this command reverts to the default.

Parameters

ipv6-address

Specifies the IPv6 address in the form:

Values

ipv6-address:	x:x:x:x:x:x:x:x
	x:x:x:x:x:x:d.d.d.d
	x - [0..FFFF]H
	d - [0..255]D

dad-disable

Disables Duplicate Address Detection (DAD) and sets the address to preferred, even if there is a duplicated address.

Platforms

All

• configure service ies interface ipv6 link-local-address
• configure router interface ipv6 link-local-address
• configure service vprn interface ipv6 link-local-address

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

• configure service vprn subscriber-interface ipv6 link-local-address
• configure service ies subscriber-interface ipv6 link-local-address

Context

[Tree] (config>service>ies>if>ipv6>secure-nd link-local-modifier)

Full Context

configure service ies interface ipv6 secure-nd link-local-modifier

Description

This command configures the Cryptographically Generated Address (CGA) modifier for link-local addresses.

Parameters

modifier

Specifies the modifier in 32 hexadecimal nibbles.

Values

0x0 to 0xFFFFFFFF

Platforms

All

Context

[Tree] (config>service>vprn>if>send link-local-modifier)

Full Context

configure service vprn interface ipv6 secure-nd link-local-modifier

Description

This command configures the Cryptographically Generated Address (CGA) modifier for link-local addresses.

Parameters

modifier

Specifies the modifier in 32 hexadecimal nibbles.

Values

0x0–0xFFFFFFFF

Platforms

All

Context

[Tree] (config>router>if>ipv6>secure-nd link-local-modifier)

Full Context

configure router interface ipv6 secure-nd link-local-modifier

Description

This command configures the Cryptographically Generated Address (CGA) modifier for link-local addresses.

Parameters

modifier

Specifies the modifier in 32 hexadecimal nibbles.

Values

0x0 to 0xFFFFFFFF

Platforms

All

Context

[Tree] (config>lag link-map-profile)

Full Context

configure lag link-map-profile

Description

This command creates the link map profile that can control which LAG ports are to be used on egress or enables the configuration context for previously created link map profile. link map profiles are not created by default.

The no form of this command, deletes the specified link map profile.

Parameters

link-map-profile-id

An integer from 1 to 64 that defines a unique LAG link map profile on this LAG.

Platforms

All

Context

[Tree] (config>test-oam link-measurement)

Full Context

configure test-oam link-measurement

Description

Commands in this context configure various link measurement template attributes that are inherited on associated IP interfaces for delay reporting to the routing engine.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>port>ethernet>efm-oam>discovery>advertise-capabilities link-monitoring)

Full Context

configure port ethernet efm-oam discovery advertise-capabilities link-monitoring

Description

When the link monitoring function is in a no shutdown state, the Link Monitoring capability (EV) is advertised to the peer through the EFM OAM protocol. This may not be desired if the remote peer does not support the Link Monitoring functionality.

The no version of this command suppresses the advertisement of capabilities.

Default

link-monitoring

Platforms

All

Context

[Tree] (config>port>ethernet>efm-oam link-monitoring)

Full Context

configure port ethernet efm-oam link-monitoring

Description

This context contains link monitoring specific options defining the various local thresholds, port interaction and peer notification methods. In order to activate Link monitoring function, this context must be configured with the no shutdown option. Shutting down link monitoring will clear all historical link monitoring counters. If the port was removed from service and placed in a non-operational down state and a port state of link up because a signal failure threshold was crossed and link monitoring is shutdown, the port will be returned to service assuming no underlying conditions prevent this return to service.

When the link monitoring function is in a no shutdown state, the Link Monitoring capability (EV) is advertised to the peer through the EFM OAM protocol. This may not be desired if the remote peer does not support the Link Monitoring functionality.

Platforms

All

Context

[Tree] (config>sys>security>cpu-protection link-specific-rate)

Full Context

configure system security cpu-protection link-specific-rate

Description

This command configures a link-specific rate for CPU protection. This limit is applied to all ports within the system. The CPU will receive no more than the configured packet rate for all link level protocols such as LACP from any one port. The measurement is cleared each second and is based on the ingress port.

Default

link-specific-rate 15000

Parameters

packet-rate-limit

Specifies a packet arrival rate limit, in packets per second, for link level protocols.

Values

1 to 65535, max (no limit)

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS

Context

[Tree] (config>router>bgp link-state-export-enable)

Full Context

configure router bgp link-state-export-enable

Description

This command enables the export of link-state information from the BGP-LS address family into the local Traffic Engineering Database (TED).

The no form of this command disables the export of link state information into the TED.

Default

no link-state-export-enable

Platforms

All

Context

[Tree] (config>router>bgp link-state-import-enable)

Full Context

configure router bgp link-state-import-enable

Description

This command enables the import of link-state information into the BGP-LS address family for advertisement to other BGP neighbors.

The no form of this command disables the import of link state information into the BGP-LS address family.

Default

no link-state-import-enable

Platforms

All

Context

[Tree] (config>service>vpls>sap>stp link-type)

[Tree] (config>service>template>vpls-sap-template>stp link-type)

[Tree] (config>service>vpls>spoke-sdp>stp link-type)

Full Context

configure service vpls sap stp link-type

configure service template vpls-sap-template stp link-type

configure service vpls spoke-sdp stp link-type

Description

This command instructs STP on the maximum number of bridges behind this SAP or spoke-SDP. If there is only a single bridge, transitioning to forwarding state will be based on handshaking (fast transitions). If more than two bridges are connected via a shared media, their SAP or spoke-SDPs should all be configured as shared, and timer-based transitions are used.

The no form of this command returns the link type to the default value.

Default

link-type pt-pt

Platforms

All

Context

[Tree] (config>service>pw-template>stp link-type)

Full Context

configure service pw-template stp link-type

Description

This command instructs STP on the maximum number of bridges behind this SAP or spoke SDP. If there is only a single bridge, transitioning to forwarding state will be based on handshaking (fast transitions). If more than two bridges are connected via a shared media, their SAP or spoke SDPs should all be configured as shared, and timer-based transitions are used.

The no form of this command returns the link type to the default value.

Default

link-type pt-pt

Platforms

All

Context

[Tree] (oam>eth-cfm linktrace)

Full Context

oam eth-cfm linktrace

Description

The command initiates a linktrace test.

Parameters

mac-address

Specifies a unicast MAC address destination.

Values

xx:xx:xx:xx:xx:xx or xx-xx-xx-xx-xx-xx

remote-mepid mep-id

Specifies the remote MEP ID of the peer within the association. The domain and association information are derived from the source mep for the session. The Layer 2 IEEE MAC address is resolved from previously-learned remote MAC addressing, derived from the reception and processing of the ETH-CC PDU. The local MEP must be administratively enabled.

Values

1 to 8191

mep mep-id

Specifies the local MEP ID.

Values

1 to 8191

md-index

Specifies the MD index.

Values

1 to 4294967295

ma-index

Specifies the MA index.

Values

1 to 4294967295

ttl-value

Specifies the TTL for a returned linktrace.

Values

0 to 255

Default

64

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>system>netconf listen)

Full Context

configure system netconf listen

Description

Commands in this context configure NETCONF listening parameters.

Platforms

All

Context

[Tree] (config>system>grpc listening-port)

Full Context

configure system grpc listening-port

Description

This command configures the listening port for the gRPC server.

The no form of this command reverts to the default.

Default

listening-port 57400

Parameters

port

Specifies the port number.

Values

1024 to 49151, 57400

Default

57400

Platforms

All

Context

[Tree] (config>system>security>ssh listening-port)

Full Context

configure system security ssh listening-port

Description

This command configures the default SSH port for SSH connections arriving in VPRN or base routing.

The no form of this command configures the default SSH port to 22.

Default

no listening-port

Parameters

port

Specifies the port number.

Values

1024 to 49151

Platforms

All

Context

[Tree] (config>system>security>telnet listening-port)

Full Context

configure system security telnet listening-port

Description

This command configures the default Telnet port for Telnet connections arriving in VPRN or base routing.

The no form of this command configures the default Telnet port to 23.

Default

no listening-port

Parameters

port

Specifies the port number.

Values

1024 to 49151

Platforms

All

Context

[Tree] (config>call-trace>trace-profile live-output)

Full Context

configure call-trace trace-profile live-output

Description

This command specifies a live output destination for this trace. When configured, captures will not be stored locally but sent (over UDP) to the server in the specified routing context. The destination can be specified as either an IP address or a DNS FQDN. The live-output and debug-output commands are mutually exclusive.

The no form of this command disables live output streaming.

Parameters

ip-address

Specifies the IPv4 or IPv6 address of the server to stream to.

fqdn

Specifies the FQDN that represents the server in DNS, up to 255 characters.

port

Specifies the UDP port on which the server is listening.

Values

1 to 65535

Default

29770

router-instance

Specifies the router instance in which the live output is forwarded.

service-name

Specifies the name of the Layer 3 service in which the live output is forwarded.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>port>ethernet lldp)

Full Context

configure port ethernet lldp

Description

Commands in this context configure Link Layer Discovery Protocol (LLDP) parameters on the specified port.

Platforms

All

Context

[Tree] (config>port>ethernet lldp)

Full Context

configure port ethernet lldp

Description

Commands in this context configure Link Layer Discovery Protocol (LLDP) parameters on the specified port.

Platforms

All

Context

[Tree] (config>system lldp)

Full Context

configure system lldp

Description

Commands in this context configure system-wide Link Layer Discovery Protocol parameters.

Platforms

All

Context

[Tree] (config>lag lldp-member-template)

Full Context

configure lag lldp-member-template

Description

Commands in this context configure the LLDP parameters for member ports.

Platforms

All

Context

[Tree] (config>service>epipe>sap>ethernet llf)

Full Context

configure service epipe sap ethernet llf

Description

This command enables Link Loss Forwarding (LLF) on an Ethernet port. This feature provides an end-to-end OAM fault notification for Ethernet VLL service. It brings down the Ethernet port (Ethernet LLF) or sends a SONET/SDH Path AIS (ATM LLF) toward the attached CE when there is a local fault on the Pseudowire or service, or a remote fault on the SAP or pseudowire, signaled with label withdrawal or T-LDP status bits. It ceases when the fault disappears.

The Ethernet port must be configured for null encapsulation.

This feature is also supported in Epipes with BGP-EVPN enabled. In this case, upon removal of the EVPN destination, the port is brought oper-down with flag LinkLossFwd, however the AD per-EVI route for the SAP is still advertised (the SAP is kept oper-up).

The no form of this command disables LLF on an Ethernet port.

Default

no llf

Platforms

All

Context

[Tree] (config>oam-pm>session>ethernet lmm)

Full Context

configure oam-pm session ethernet lmm

Description

This command configures the LMM test ID to be assigned to the Tx and Rx counter-based loss test and creates the individual test. LMM does not carry this test ID in the PDU; the value is of local significance.

The no form of this command removes the LMM test function from the PM Session.

Parameters

test-id

Specifies the value to be placed in the 4-byte test ID field of an ETH-DMM PDU.

Values

0 to 2147483647 | auto

auto - automatically assigns a test-id

create

Creates the test.

Platforms

All

Context

[Tree] (config>service>vprn>l2tp>group lns-group)

[Tree] (config>router>l2tp>group lns-group)

[Tree] (config>service>vprn>l2tp>group>tunnel lns-group)

[Tree] (config>router>l2tp>group>tunnel lns-group)

Full Context

configure service vprn l2tp group lns-group

configure router l2tp group lns-group

configure service vprn l2tp group tunnel lns-group

configure router l2tp group tunnel lns-group

Description

This command configures the ISA LNS group for the L2TP group.

The no form of this command removes the LNS group ID from the configuration.

Default

no lns-group

Parameters

lns-group-id

Specifies the LNS group ID.

Values

1 to 4

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>isa lns-group)

Full Context

configure isa lns-group

Description

This command configures an LNS group.

The no form of the command removes the LNS group ID from the configuration.

Parameters

lns-group-id

Specifies the LNS group identifier.

Values

1 to 4

create

Mandatory keyword used when creating tunnel group in the ISA context. The create keyword requirement can be enabled/disabled in the environment>create context.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (candidate load)

Full Context

candidate load

Description

This command loads a previously saved candidate configuration into the current candidate. The edit point will be set to the end of the loaded configuration lines. The candidate configuration cannot be modified while a load is in progress.

Default

If the candidate is empty then a load without any of the optional parameters (such as overwrite, and so on) will load the file-url into the candidate. If the candidate is not empty then one of the options, such as overwrite, insert, and so on, must be specified.

Parameters

file-url

Specifies the directory and filename to load.

overwrite

Discards the contents of the current candidate and replace it with the contents of the file.

insert

Inserts the contents of the file at the current edit point.

append

Inserts the contents of the file at the end of the current candidate.

Platforms

All

Context

[Tree] (config>service>vprn>radius-proxy>server load-balance-key)

[Tree] (config>router>radius-proxy>server load-balance-key)

Full Context

configure service vprn radius-proxy server load-balance-key

configure router radius-proxy server load-balance-key

Description

This command specifies the key used in calculating a hash to select an external RADIUS server from the pool of configured servers.

The key can be the source IP and source UDP port tuple, or the specified RADIUS attribute in RADIUS packets.

The no form of this command removes the parameters from the configuration.

Parameters

vendor-id

Specifies the vendor-id of vendor-specific attribute.

Values

0 to 16777215

attribute-type

Specifies that the key is constructed with the attributes in the RADIUS message.

Values

1 to 255

source-ip-udp

Specifies that the key consists of the source IP address and source UDP port of the RADIUS message.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vprn>l2tp>group load-balance-method)

[Tree] (config>router>l2tp>group>tunnel load-balance-method)

[Tree] (config>service>vprn>l2tp>group>tunnel load-balance-method)

[Tree] (config>router>l2tp>group load-balance-method)

Full Context

configure service vprn l2tp group load-balance-method

configure router l2tp group tunnel load-balance-method

configure service vprn l2tp group tunnel load-balance-method

configure router l2tp group load-balance-method

Description

This command is applicable only to LNS. By default traffic load balancing between the BB-ISAs is based on sessions. Each session is individually assigned to an BB-ISA during session establishment phase.

By introducing MLPPPoX, all sessions of a bundle must be terminated on the same LNS BB-ISA. This is necessary for two reasons:

• QoS in the carrier IOM has a uniform view of the subscriber

• a single BB-ISA is responsible for MLPPPoX encapsulation/fragmentation for a given bundle.

Therefore, if fragmentation is enabled, load-balancing per tunnel must be configured. In the per tunnel load-balancing mode, all sessions within the same tunnel are terminated on the same LNS BB-ISA.

In the case that we have MLPPPoX sessions with a single member link, both load-balancing methods are valid.

The no form of this command reverts to the default.

Default

load-balance-method per-session

Parameters

per-session

Specifies that the traffic load balancing between the LNS BB-ISAs is based on individual PPPoE sessions.

per-tunnel

Specifies that the traffic load balancing between the LNS BB-ISAs is based on tunnels.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>epipe load-balancing)

Full Context

configure service epipe load-balancing

Description

This command enables the load-balancing context to configure interface per-flow load balancing options that will apply to traffic entering this interface and egressing over a LAG/ECMP on system-egress. This is a per interface setting. For load-balancing options that can also be enabled on the system level, the options enabled on the interface level overwrite system level configurations.

Default

not applicable

Platforms

All

Context

[Tree] (config>service>vpls load-balancing)

[Tree] (config>service>template>vpls-template load-balancing)

Full Context

configure service vpls load-balancing

configure service template vpls-template load-balancing

Description

This command enables the load-balancing context to configure interface per-flow load balancing options that will apply to traffic entering this interface and egressing over a LAG/ECMP on system-egress. This is a per interface setting. For load-balancing options that can also be enabled on the system level, the options enabled on the interface level overwrite system level configurations.

Platforms

All

Context

[Tree] (config>service>ies>if load-balancing)

Full Context

configure service ies interface load-balancing

Description

This command enables the load-balancing context to configure interface per-flow load balancing options that will apply to traffic entering this interface and egressing over a LAG/ECMP on system-egress. This is a per interface setting. For load balancing options that can also be enabled on the system level, the options enabled on the interface level overwrite system level configurations.

Platforms

All

Context

[Tree] (config>service>vprn>nw-if load-balancing)

Full Context

configure service vprn network-interface load-balancing

Description

This command enables the load-balancing context to configure interface per-flow load balancing options that will apply to traffic entering this interface and egressing over a LAG/ECMP on system-egress. This is a per interface setting. For load-balancing options that can also be enabled on the system level, the options enabled on the interface level overwrite system level configurations.

Platforms

All

Context

[Tree] (config>router>if load-balancing)

Full Context

configure router interface load-balancing

Description

This command enables the load-balancing context to configure interface per-flow load balancing options that will apply to traffic entering this interface and egressing over a LAG/ECMP on system-egress. This is a per interface setting. For load-balancing options that can also be enabled on the system level, the options enabled on the interface level overwrite system level configurations.

Platforms

All

Context

[Tree] (config>system load-balancing)

Full Context

configure system load-balancing

Description

This command enables the load-balancing context to configure the interface per-flow load balancing options that will apply to traffic entering this interface and egressing over a LAG/ECMP on system-egress. This is a per interface setting. For load-balancing options that can also be enabled on the system level, the options enabled on the interface level overwrite system level configurations.

Platforms

All

Context

[Tree] (config>port>ethernet load-balancing-algorithm)

[Tree] (config>port>tdm>e3 load-balancing-algorithm)

[Tree] (config>port>sonet-sdh>path load-balancing-algorithm)

[Tree] (config>port>tdm>ds3 load-balancing-algorithm)

[Tree] (config>port>tdm>ds1>channel-group load-balancing-algorithm)

[Tree] (config>port>tdm>e1>channel-group load-balancing-algorithm)

Full Context

configure port ethernet load-balancing-algorithm

configure port tdm e3 load-balancing-algorithm

configure port sonet-sdh path load-balancing-algorithm

configure port tdm ds3 load-balancing-algorithm

configure port tdm ds1 channel-group load-balancing-algorithm

configure port tdm e1 channel-group load-balancing-algorithm

Description

This command specifies the load balancing algorithm to be used on this port.

In the default mode, no load-balancing-algorithm, the port inherits the global settings. The value is not applicable for ports that do not pass any traffic.

The configuration of load-balancing-algorithm at logical port level has three possible values:

• include-l4 — Enables inherits system-wide settings including Layer 4 source and destination port value in hashing algorithm.

• exclude-l4 — Layer 4 source and destination port value will not be included in hashing.

• no load-balancing-algorithm — Inherits system-wide settings.

The hashing algorithm addresses finer spraying granularity where many hosts are connected to the network. To address more efficient traffic distribution between network links (forming a LAG group), a hashing algorithm extension takes into account Layer 4 information (src/dst L4-protocol port). The hashing index can be calculated according to the following algorithm:

If [(TCP or UDP traffic) & enabled]

hash (<TCP/UDP ports>, <IP addresses>)

else if (IP traffic)

hash (<IP addresses>)

else

hash (<MAC addresses>)

endif

This algorithm will be used in all cases where IP information in per-packet hashing is included (refer to "Traffic Load Balancing Options” in the 7450 ESS, 7750 SR, 7950 XRS, and VSR Interface Configuration Guide). However the Layer 4 information (TCP/UDP ports) will not be used in the following cases:

• fragmented packets

Default

no load-balancing-algorithm

Parameters

option

Specifies the load balancing algorithm to be used on this port.

Values

include-l4 — Specifies that the source and destination ports are used in the hashing algorithm.exclude-l4 — Specifies that the source and destination ports are not used in the hashing algorithm.

Platforms

All

• configure port ethernet load-balancing-algorithm

7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e

• configure port tdm ds3 load-balancing-algorithm
• configure port tdm e1 channel-group load-balancing-algorithm
• configure port tdm ds1 channel-group load-balancing-algorithm
• configure port tdm e3 load-balancing-algorithm

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

• configure port sonet-sdh path load-balancing-algorithm

Context

[Tree] (config>service>vprn>static-route-entry>next-hop load-balancing-weight)

Full Context

configure service vprn static-route-entry next-hop load-balancing-weight

Description

This command configures a weighted ECMP load-balancing weight for a static route next-hop.

If all of the ECMP next-hops of a static route have a configured load-balancing-weight then packets matching the route are sprayed according to the relative weights. In other words, the next-hop interface with the largest load-balancing weight should receive the most forwarded traffic if weighted ECMP is applicable.

The no form of this command disables weighted ECMP for the interface and effectively disables weighted ECMP for the entire static route.

Parameters

value

Specifies the cost metric value.

Values

0 to 4294967295

Platforms

All

Context

[Tree] (config>service>vprn>ospf3>area>if load-balancing-weight)

[Tree] (config>service>vprn>ospf>area>if load-balancing-weight)

Full Context

configure service vprn ospf3 area interface load-balancing-weight

configure service vprn ospf area interface load-balancing-weight

Description

This command configures the weighted ECMP load-balancing weight for an IS-IS, OSPF, and OSPF3 interface. If the interface becomes an ECMP next hop for an IPv4 or IPv6 route, and all the other ECMP next hops are interfaces with configured (non-zero) load-balancing weights, then the traffic distribution over the ECMP interfaces is proportional to the weights. This means that the interface with the largest load-balancing weight receives the most forwarded traffic if weighted ECMP is applicable.

The no form of this command disables weighted ECMP for the interface which effectively disables weighted ECMP for any IP prefix that has this interface as a next hop.

Default

no load-balancing-weight

Parameters

weight

Specifies the load balancing weight.

Values

1 to 4294967295

Platforms

All

Context

[Tree] (config>service>vprn>isis>if load-balancing-weight)

Full Context

configure service vprn isis interface load-balancing-weight

Description

This command configures the weighted ECMP load-balancing weight for an IS-IS interface of the VPRN. If the interface becomes an ECMP next-hop for IPv4 or IPv6 route and all the other ECMP next-hops are interfaces with configured (non-zero) load-balancing weights, then the traffic distribution over the ECMP interfaces is proportional to the weights. In other words, the interface with the largest load-balancing-weight should receive the most forwarded traffic if weighted ECMP is applicable.

The no form of this command disables weighted ECMP for the interface and, therefore, effectively disables weighted ECMP for any IP prefix that has this interface as a next-hop.

Default

no load-balancing-weight

Parameters

weight

Specifies the load balancing weight.

Values

0 to 4294967295

Platforms

All

Context

[Tree] (config>router>ldp>if-params>if load-balancing-weight)

Full Context

configure router ldp interface-parameters interface load-balancing-weight

Description

This command configures the load balancing weight for the LDP interface. The load balancing weight, normalized to 64, is used for weighted ECMP of LDP labeled packets over direct network IP interfaces.

If the interface becomes an ECMP next hop for an LDP FEC, and all the other ECMP next hops are interfaces with configured (non-zero) load-balancing weights, then the traffic distribution over the ECMP interfaces is proportional to the normalized weight with a granularity of 64.

If one or more of the LDP interfaces in the ECMP set does not have a configured load-balancing weight, then the system falls back to ECMP.

The no form of this command removes the load balancing weight for the LDP interface.

Parameters

weight

Specifies the load balancing weight value.

Values

0 to 4294967295

Platforms

All

Context

[Tree] (config>router>mpls>lsp load-balancing-weight)

Full Context

configure router mpls lsp load-balancing-weight

Description

This command assigns a weight to an MPLS LSP for use in the weighted load-balancing, or weighted ECMP, over MPLS feature.

Parameters

weight

Specifies a 32-bit integer representing the weight of the LSP.

Values

0 to 4294967295

Platforms

All

Context

[Tree] (config>router>mpls>fwd-policies>fwd-policy>nh-grp load-balancing-weight)

Full Context

configure router mpls forwarding-policies forwarding-policy next-hop-group load-balancing-weight

Description

This command configures the load balancing weight of an NHG entry in a forwarding policy.

A weight for each NHG of a policy must be assigned to the weighted ECMP forwarding to operate over the set of NHGs of the policy.

The no form of this command removes the load balancing weight from an NHG entry in a forwarding policy.

Parameters

weight

Specifies the load balancing weight value.

Values

1 to 4294967295

Platforms

All

Context

[Tree] (config>router>static-route-entry>next-hop load-balancing-weight)

Full Context

configure router static-route-entry next-hop load-balancing-weight

Description

This command configures a weighted ECMP load-balancing weight for a static route next-hop.

If all of the ECMP next-hops of a static route have a configured load-balancing-weight then packets matching the route are sprayed according to the relative weights. In other words, the next-hop interface with the largest load-balancing weight should receive the most forwarded traffic if weighted ECMP is applicable.

The no form of this command disables weighted ECMP for the interface and effectively disables weighted ECMP for the entire static route.

Parameters

value

Specifies the load balancing weight value.

Values

0 to 4294967295

Platforms

All

Context

[Tree] (config>router>isis>interface load-balancing-weight)

Full Context

configure router isis interface load-balancing-weight

Description

This command configures the weighted ECMP load-balancing weight for an IS-IS interface. If the interface becomes an ECMP next hop for an IPv4 or IPv6 route, and all the other ECMP next hops are interfaces with configured (non-zero) load-balancing weights, then the traffic distribution over the ECMP interfaces is proportional to the weights. In other words, the interface with the largest load-balancing weight should receive the most forwarded traffic if weighted ECMP is applicable.

The no form of this command disables weighted ECMP for the interface and therefore effectively disables weighted ECMP for any IP prefix that has this interface as a next hop.

Default

no load-balancing-weight

Parameters

value

0 to 4294967295

Platforms

All

Context

[Tree] (config>router>ospf3>area>if load-balancing-weight)

[Tree] (config>router>ospf>area>if load-balancing-weight)

Full Context

configure router ospf3 area interface load-balancing-weight

configure router ospf area interface load-balancing-weight

Description

This command configures the weighted ECMP load-balancing weight for an OSPF or OSPF3 interface. If the interface becomes an ECMP next hop for an IPv4 or IPv6 route, and all the other ECMP next hops are interfaces with configured (non-zero) load-balancing weights, then the traffic distribution over the ECMP interfaces is proportional to the weights. This means that the interface with the largest load-balancing weight receives the most forwarded traffic if weighted ECMP is applicable.

The no form of this command disables weighted ECMP for the interface which effectively disables weighted ECMP for any IP prefix that has this interface as a next hop.

Default

no load-balancing-weight

Parameters

weight

Specifies the load balancing weight.

Values

1 to 4294967295

Platforms

All

Context

[Tree] (config>subscr-mgmt>sla-profile>control local)

Full Context

configure subscriber-mgmt sla-profile control local

Description

This command enables a session that is set up with local control plane handling to use this SLA profile. This command cannot be disabled.

Default

local

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>sub-profile>control local)

Full Context

configure subscriber-mgmt sub-profile control local

Description

This command enables a session that is set up with local control plane handling to use this subscriber profile. This command cannot be disabled.

Default

local

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vprn>ttl-propagate local)

Full Context

configure service vprn ttl-propagate local

Description

This command overrides the global configuration of the TTL propagation for locally generated packets which are forwarded over a MPLS LSPs in a given VPRN service context.

The global configuration is performed under config>router>ttl-propagate>vprn-local.

The default behavior for a given VPRN instance is to inherit the global configuration for the same command. The user can explicitly set the default behavior by configuring the inherit value

Default

local inherit

Parameters

inherit

Specifies the TTL propagation behavior is inherited from the global configuration under config>router>ttl-propagate>vprn-local.

none

Specifies the TTL of the IP packet is not propagated into the VC label or labels in the transport label stack.

vc-only

Specifies the TTL of the IP packet is propagated into the VC label and not into the labels in the transport label stack.

all

Specifies the TTL of the IP packet is propagated into the VC label and all labels in the transport label stack.

Platforms

All

Context

[Tree] (config>ipsec>ts-list local)

Full Context

configure ipsec ts-list local

Description

Commands in this context configure local TS-list parameters. The TS-list is the traffic selector of the local system, such as TSr, when the system acts as an IKEv2 responder.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vprn>l2tp local-address)

[Tree] (config>router>l2tp>group>tunnel local-address)

[Tree] (config>service>vprn>l2tp>group>tunnel local-address)

[Tree] (config>router>l2tp>group local-address)

[Tree] (config>router>l2tp local-address)

[Tree] (config>service>vprn>l2tp>group local-address)

Full Context

configure service vprn l2tp local-address

configure router l2tp group tunnel local-address

configure service vprn l2tp group tunnel local-address

configure router l2tp group local-address

configure router l2tp local-address

configure service vprn l2tp group local-address

Description

This command configures the local address.

The no form of this command removes the local IP address from the configuration.

Default

no local-address

Parameters

ip-address

Specifies the IP address used during L2TP authentication.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>bgp-prng-plcy local-address)

Full Context

configure subscriber-mgmt bgp-peering-policy local-address

Description

This command configures the local IP address used by the group or neighbor when communicating with BGP peers.

Outgoing connections use the local-address as the source of the TCP connection when initiating connections with a peer.

When a local address is not specified, the 7750 SR OS uses the system IP address when communicating with IBGP peers and uses the interface address for directly connected EBGP peers. This command is used at the neighbor level to revert to the value defined under the group level.

The no form of this command removes the configured local-address for BGP.

The no form of this command used at the group level reverts to the value defined at the global level.

The no form of this command used at the neighbor level reverts to the value defined at the group level.

Parameters

ip-address

Specifies the IPv4 or IPv6 address of the local address.

For IPv4, the local address is expressed in dotted decimal notation. Allowed values are a valid routable IP address on the router, either an interface or system IP address.

For IPv6, the local address is expressed in semi-colon hexadecimal notation. Allowed values is an interface or a system IP address.

Values

ipv4-address:	a.b.c.d
ipv6-address:	x:x:x:x:x:x:x:x (eight 16-bit pieces)
	x:x:x:x:x:x:d.d.d.d
	x - [0 to FFFF]H
	d - [0 to 255]D

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vpls>gsmp>group>neighbor local-address)

[Tree] (config>service>vprn>gsmp>group>neighbor local-address)

Full Context

configure service vpls gsmp group neighbor local-address

configure service vprn gsmp group neighbor local-address

Description

This command configures the source ip-address used in the connection towards the neighbor. The local address is optional. If specified the node will accept connections only for that address in the service running ANCP. The address may be created after the reference but connections will not be accepted until it is created. If the local address is not used, the system accepts connections on any interface within the routing context.

The no form of this command reverts to the default.

Parameters

ip-address

Specifies the source IP address to be used in the connection toward the neighbor.

Values

ip-address: a.b.c.d. (unicast address only)

Platforms

All

Context

[Tree] (config>subscr-mgmt>wlan-gw>tunnel-query local-address)

Full Context

configure subscriber-mgmt wlan-gw tunnel-query local-address

Description

This command enables matching on tunnels that are terminated by the specified IP address on the WLAN-GW.

The no form of this command disables matching on the local IP address.

Default

no local-address

Parameters

ip-address

Specifies the IPv4 or IPv6 address.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vprn>bgp>group local-address)

[Tree] (config>service>vprn>bgp>group>neighbor local-address)

Full Context

configure service vprn bgp group local-address

configure service vprn bgp group neighbor local-address

Description

Configures the local IP address used by the group or neighbor when communicating with BGP peers.

Outgoing connections use the local-address as the source of the TCP connection when initiating connections with a peer.

When a local address is not specified, the OS uses the system IP address when communicating with IBGP peers and uses the interface address for directly connected EBGP peers. This command is used at the neighbor level to revert to the value defined under the group level.

The no form of this command removes the configured local-address for BGP.

The no form of this command used at the group level reverts to the value defined at the global level.

The no form of this command used at the neighbor level reverts to the value defined at the group level.

Parameters

no local-address

The router ID is used when communicating with IBGP peers and the interface address is used for directly connected EBGP peers.

ip-address

The local address expressed in dotted decimal notation. Allowed values are a valid routable IP address on the router, either an interface or system IP address.

Platforms

All

Context

[Tree] (config>service>vprn>msdp local-address)

[Tree] (config>service>vprn>msdp>peer local-address)

[Tree] (config>service>vprn>msdp>group>peer local-address)

[Tree] (config>service>vprn>msdp>group local-address)

Full Context

configure service vprn msdp local-address

configure service vprn msdp peer local-address

configure service vprn msdp group peer local-address

configure service vprn msdp group local-address

Description

This command configures the local end of a Multicast Source Discovery Protocol (MSDP) session. For MSDP to function, at least one peer must be configured. When configuring a peer, you must include this local-address command to configure the local end of the MSDP session. This address must be present on the node and is used to validate incoming connections to the peer and to establish connections to the remote peer.

If the user enters this command, then the address provided is validated and will be used as the local address for MSDP peers from that point. If a subsequent local-address command is entered, it will replace the existing configuration and existing sessions will be terminated.

Similarly, when the no form of this command is entered, the existing local address will be removed from the configuration and the existing sessions will be terminated.

Whenever a session is terminated, all information pertaining to and learned from that peer will be removed.

Whenever a new peering session is created or a peering session is lost, an event message should be generated.

The no form of this command removes the local address from the configuration.

Default

no local-address

Parameters

ip-address

Specifies an existing address on the node.

Platforms

All

Context

[Tree] (config>router>pcep>pce local-address)

[Tree] (config>router>pcep>pcc local-address)

Full Context

configure router pcep pce local-address

configure router pcep pcc local-address

Description

This command configures the local IPv4 address of the PCEP speaker.

The PCEP protocol operates over TCP using destination TCP port 4189. The PCE client (PCC) always initiates the connection. After the user configures the PCEP local IPv4 address and the peer IPv4 address on the PCC, the latter initiates a TCP connection to the PCE. If both a local IPv4 and a local IPv6 address are configured, the connection uses the local address that is the same family as the peer address. When the connection is established, the PCC and PCE exchange OPEN messages, which initializes the PCEP session and exchanges the session parameters to be negotiated.

By default, the PCC attempts to reach the remote PCE address out of band using the management port. If it cannot, it attempts to reach the remote PCE address in band. The user can change the configuration of the peer to attempt connecting in band only or out of band only. When the session comes up out of band, the management IP address is used as the local address. The local IPv4 address configured by the user is only used for in-band sessions and is otherwise ignored.

The no form of the command removes the configured local address of the PCEP speaker.

Parameters

ip-address

Specifies the IP address of the PCEP speaker to be used for in-band sessions.

Platforms

VSR-NRC

• configure router pcep pce local-address

All

• configure router pcep pcc local-address

Context

[Tree] (config>router>msdp>peer local-address)

[Tree] (config>router>msdp local-address)

[Tree] (config>router>msdp>group local-address)

[Tree] (config>router>msdp>group>peer local-address)

Full Context

configure router msdp peer local-address

configure router msdp local-address

configure router msdp group local-address

configure router msdp group peer local-address

Description

This command configures the local end address of an MSDP session. For MSDP to function, at least one peer must be configured, and the peer must have a local address configured. This address must be present on the node and is used to validate incoming connections to the peer and to establish connections to the remote peer.

The specified IP address is validated and used as the local address for MSDP peers from that point. If a subsequent address is configured, it replaces the existing configuration and terminate any existing sessions.

When a session is terminated, all information pertaining to and learned from that peer is removed.

When a new peering session is created or a peering session is lost, an event message is generated.

The no form of this command removes the local address from the configuration. Removing the local address terminates any existing sessions.

Default

no local-address

Parameters

ip-address

Specifies an existing address on the node.

Platforms

All

Context

[Tree] (config>router>origin-validation>rpki-session local-address)

Full Context

configure router origin-validation rpki-session local-address

Description

This command configures the local address to use for setting up the TCP connection used by an RPKI-Router session. The default local-address is the outgoing interface IPv4 or IPv6 address. The local-address cannot be changed without first shutting down the session.

Default

no local-address

Parameters

ip-address

Specifies an IPv4 address or an IPv6 address.

Platforms

All

Context

[Tree] (config>router>bgp>group>neighbor local-address)

[Tree] (config>router>bgp>group local-address)

Full Context

configure router bgp group neighbor local-address

configure router bgp group local-address

Description

This command configures the local IP address used by the group or neighbor when communicating with BGP peers.

Outgoing connections use the local-address as the source of the TCP connection when initiating connections with a peer.

When a local address is not specified, the router uses the system IP address when communicating with IBGP peers and uses the interface address for directly connected EBGP peers. This command is used at the neighbor level to revert to the value defined under the group level.

When set to a router interface, the local-address inherits the primary IPv4 or IPv6 address of the router interface depending on whether BGP is configured for IPv4 or IPv6. If the corresponding IPv4 or IPv6 address is not configured on the router interface, the BGP sessions that have this interface set as the local-address are kept down until an interface address is configured on the router interface.

The no form of this command removes the configured local-address for BGP.

The no form of this command used at the group level returns the configuration to the value defined at the global level.

The no form of this command used at the neighbor level returns the configuration to the value defined at the group level.

Default

no local-address

Parameters

ip-address

Specifies the local address expressed in dotted decimal notation. Allowed value is a valid routable IP address on the router, either an interface or system IP address.

Values

ipv4-address:

• a.b.c.d (host bits must be 0)

ipv6-address

Specifies the local address expressed in dotted decimal notation. Allowed value is a valid routable IPv6 address on the router, either an interface or system IPv6 address.

Values

ipv6-address:

• x:x:x:x:x:x:x:x (eight 16-bit pieces)

• x:x:x:x:x:x:d.d.d.d

• x: [0 to FFFF]H

• d: [0 to 255]D

ip-int-name

Specifies the IP interface name whose address the local address will inherit. The interface can be any network interface configured on the system.

Platforms

All

Context

[Tree] (config>bmp>station>connection local-address)

Full Context

configure bmp station connection local-address

Description

This command configures the local IP address used by the local router when communicating with the BMP monitoring station. This configuration is optional.

Outgoing connections use the local-address as the source of the TCP connection when initiating connections with a monitoring station.

The BMP session may flap when this parameter is changed. Shut down the BMP session before changing the values.

The no form of this command removes the configured local-address for the BMP session. The default is to use the system IP address.

Default

local-address ip-address (system IP address)

Parameters

ip-address

Specifies the local address expressed in dotted decimal notation. Allowed value is a valid routable IP address on the router, either an interface or system IP address.

Values

ipv4-address:

• a.b.c.d (host bits must be 0)

ipv6-address

Specifies the local address expressed in dotted decimal notation. Allowed value is a valid routable IPv6 address on the router, either an interface or system IPv6 address.

Values

ipv6-address:

• x:x:x:x:x:x:x:x (eight 16-bit pieces)

• x:x:x:x:x:x:d.d.d.d

• x: [0 to FFFF]H

• d: [0 to 255]D

Platforms

All

Context

[Tree] (config>anysec>tnl-enc>sec-term-pol local-address)

Full Context

configure anysec tunnel-encryption security-termination-policy local-address

Description

This command configures the local IPv4 or IPv6 address for the system IP or loopback node SID. This is used to program the FP5 label stack to match the incoming ANYsec tunnel and decryption of the tunnel.

The no form of this command removes the IP address that is associated with ANYsec decryption.

Parameters

ip-address

Specifies the IPv4 or IPv6 address of the local address.

Values

ipv4-address:	a.b.c.d
ipv6-address:	x:x:x:x:x:x:x:x (eight 16-bit pieces)
	x:x:x:x:x:x:d.d.d.d
	x - [0 to FFFF]H
	d - [0 to 255]D

Platforms

7750 SR-1-24D, 7750 SR-1-46S, 7750 SR-1-48D, 7750 SR-1-92S, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-1se

Context

[Tree] (config>service>vprn>sub-if>grp-if local-address-assignment)

[Tree] (config>service>ies>sub-if>grp-if local-address-assignment)

[Tree] (config>service>ies>sub-if local-address-assignment)

[Tree] (config>service>vprn>sub-if local-address-assignment)

Full Context

configure service vprn subscriber-interface group-interface local-address-assignment

configure service ies subscriber-interface group-interface local-address-assignment

configure service ies subscriber-interface local-address-assignment

configure service vprn subscriber-interface local-address-assignment

Description

Commands in this context configure local address assignment parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (debug>service>id>ppp>event local-address-assignment)

Full Context

debug service id ppp event local-address-assignment

Description

This command enables debugging for local-address-assignment events.

The no form of this command disables debugging.

Parameters

terminate-only

Enables debugging for local address assignment.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vprn>if>sap>ipsec-gw local-address-assignment)

[Tree] (config>service>ies>if>sap>ipsec-gw local-address-assignment)

Full Context

configure service vprn interface sap ipsec-gw local-address-assignment

configure service ies interface sap ipsec-gw local-address-assignment

Description

Commands in this context configure local address assignments for the IPsec gateway.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>router>pcep>pce local-address-ipv6)

[Tree] (config>router>pcep>pcc local-address-ipv6)

Full Context

configure router pcep pce local-address-ipv6

configure router pcep pcc local-address-ipv6

Description

This command configures the local IPv6 address of the PCEP speaker.

The PCEP protocol operates over TCP using destination TCP port 4189. The PCE client (PCC) always initiates the connection. After the user configures the PCEP local IPv6 address and the peer IPv6 address on the PCC, the latter initiates a TCP connection to the PCE. If both a local IPv4 and a local IPv6 address are configured, the connection uses the local address that is the same family as the peer address. When the connection is established, the PCC and PCE exchange OPEN messages, which initializes the PCEP session and exchanges the session parameters to be negotiated.

By default, the PCC attempts to reach the remote PCE address out of band using the management port. If it cannot, it attempts to reach the remote PCE address in-band. The user can change the configuration of the peer to attempt connecting in band only or out of band only. When the session comes up out of band, the management IP address is used as the local address. The local IPv6 address configured by the user is only used for in-band sessions and is otherwise ignored.

The no form of the command removes the configured local address of the PCEP speaker.

Parameters

ipv6-address

Specifies the IP address of the PCEP speaker to be used for in-band sessions.

Platforms

VSR-NRC

• configure router pcep pce local-address-ipv6

All

• configure router pcep pcc local-address-ipv6

Context

[Tree] (config>service>template>vpls-template local-age)

[Tree] (config>service>vpls local-age)

Full Context

configure service template vpls-template local-age

configure service vpls local-age

Description

Specifies the aging time for locally learned MAC addresses in the forwarding database (FDB) for the Virtual Private LAN Service (VPLS) instance. In a VPLS service, MAC addresses are associated with a Service Access Point (SAP) or with a service destination point (SDP). MACs associated with a SAP are classified as local MACs, and MACs associated with an SDP are remote MACs.

Like in a Layer 2 switch, learned MACs can be aged out if no packets are sourced from the MAC address for a period of time (the aging time). In each VPLS service instance, there are independent aging timers for local learned MAC and remote learned MAC entries in the FDB. The local-age timer specifies the aging time for local learned MAC addresses.

The no form of this command returns the local aging timer to the default value.

Default

local age 300 — Local MACs aged after 300 seconds.

Parameters

aging-timer

Specifies the aging time for local MACs expressed in seconds

Values

60 to 86400

Platforms

All

Context

[Tree] (config>subscr-mgmt>bgp-prng-plcy local-as)

Full Context

configure subscriber-mgmt bgp-peering-policy local-as

Description

This command configures a BGP virtual autonomous system (AS) number.

In addition to the AS number configured for BGP in the config>router>autonomous-system context, a virtual (local) AS number is configured. The virtual AS number is added to the as-path message before the router’s AS number makes the virtual AS the second AS in the as-path.

This configuration parameter can be set at three levels: global level (applies to all peers), group level (applies to all peers in peer-group) or neighbor level (only applies to specified peer). Thus, by specifying this at each neighbor level, it is possible to have a separate as-number per EBGP session.

When a command is entered multiple times for the same AS, the last command entered is used in the configuration. The private attribute can be added or removed dynamically by reissuing the command.

Changing the local AS at the global level in an active BGP instance causes the BGP instance to restart with the new local AS number. Changing the local AS at the global level in an active BGP instance causes BGP to re-establish the peer relationships with all peers in the group with the new local AS number. Changing the local AS at the neighbor level in an active BGP instance causes BGP to re-establish the peer relationship with the new local AS number.

This is an optional command and can be used in the following circumstance:

Provider router P is moved from AS1 to AS2. The customer router that is connected to P, however, is configured to belong to AS1. To avoid reconfiguring the customer router, the local-as value on router P can be set to AS1. Thus, router P adds AS1 to the as-path message for routes it advertises to the customer router.

The no form of this command used at the global level will remove any virtual AS number configured.

The no form of this command used at the group level reverts to the value defined at the global level.

The no form of this command used at the neighbor level reverts to the value defined at the group level.

Parameters

as-number

Specifies the virtual autonomous system number, expressed as a decimal integer.

Values

1 to 4294967295

private

Specifies that the local-as number is hidden in paths learned from the peering.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vprn>bgp local-as)

[Tree] (config>service>vprn>bgp>group>neighbor local-as)

[Tree] (config>service>vprn>bgp>group local-as)

Full Context

configure service vprn bgp local-as

configure service vprn bgp group neighbor local-as

configure service vprn bgp group local-as

Description

This command configures a BGP virtual autonomous system (AS) number.

In addition to the global AS number configured for BGP in the config>router>autonomous-system context, a virtual (local) AS number can be configured to support various AS number migration scenarios. The local AS number is added to the to the beginning the as-path attribute ahead of the router’s AS number.

This configuration parameter can be set at three levels: global level (applies to all EBGP peers), group level (applies to all EBGP peers in peer-group) or neighbor level (only applies to EBGP specified peer). Thus, by specifying this at each neighbor level, it is possible to have a separate local-as per EBGP session. The local-as command is not supported for IBGP sessions. When the optional private keyword is specified in the command the local-as number is not added to inbound routes from the EBGP peer that has local-as in effect.

When a command is entered multiple times for the same AS, the last command entered is used in the configuration. The private attribute can be added or removed dynamically by reissuing the command.

Changing the local AS at the global level in an active BGP instance causes the BGP instance to restart with the new local AS number. Changing the local AS at the global level in an active BGP instance causes BGP to re-establish the peer relationships with all peers in the group with the new local AS number. Changing the local AS at the neighbor level in an active BGP instance causes BGP to re-establish the peer relationship with the new local AS number.

This is an optional command and can be used in the following circumstance:

Provider router P is moved from AS1 to AS2. The customer router that is connected to P, however, is configured to belong to AS1. To avoid reconfiguring the customer router, the local-as value on router P can be set to AS1. Thus, router P adds AS1 to the as-path message for routes it advertises to the customer router.

The no form of this command used at the global level removes any virtual AS number configured.

The no form of this command used at the group level reverts to the value defined at the global level.

The no form of this command used at the neighbor level reverts to the value defined at the group level.

Default

no local-as

Parameters

as-number

The virtual autonomous system number, expressed as a decimal integer.

Values

1 to 65535

private

Specifies the local-as is hidden in paths learned from the peering.

no-prepend-global-as

Specifies that the global-as is hidden in paths announced to the EBGP peer.

Platforms

All

Context

[Tree] (config>router>bgp>group>neighbor local-as)

[Tree] (config>router>bgp local-as)

[Tree] (config>router>bgp>group local-as)

Full Context

configure router bgp group neighbor local-as

configure router bgp local-as

configure router bgp group local-as

Description

This command configures a BGP local autonomous system (AS) number. In addition to the global AS number configured for BGP using the autonomous-system command, a local AS number can be configured to support various AS number migration scenarios.

When the local-as command is applied to a BGP neighbor and the local-as is different from the peer-as, the session comes up as EBGP and by default the global-AS number and then (in that order) the local-as number are prepended to the AS_PATH attribute in outbound routes sent to the peer. In received routes from the EBGP peer, the local AS is prepended to the AS path by default, but this can be disabled with the private option.

When the local-as command is applied to a BGP neighbor and the local-as is the same as the peer-as, the session comes up as IBGP, and by default, the global-AS number is prepended to the AS_PATH attribute in outbound routes sent to the peer.

This configuration parameter can be set at three levels: global level (applies to all BGP peers), group level (applies to all BGP peers in group) or neighbor level (only applies to one specific BGP neighbor). By specifying this at the neighbor level, it is possible to have a separate local-as for each BGP session.

When the optional no-prepend-global-as command is configured, the global-as number is not added in outbound routes sent to an IBGP or EBGP peer.

When a command is entered multiple times for the same AS, the last command entered is used in the configuration. The private option can be added or removed dynamically by reissuing the command. Changing the local AS at the global level in an active BGP instance causes the BGP instance to restart with the new local AS number. Changing the local AS at the global level in an active BGP instance causes BGP to re-establish the peer relationships with all peers in the group with the new local AS number. Changing the local AS at the neighbor level in an active BGP instance causes BGP to re-establish the peer relationship with the new local AS number.

The no form of this command used at the group level reverts to the value defined at the global level.

The no form of this command used at the neighbor level reverts to the value defined at the group level.

Default

no local-as

Parameters

as-number

Specifies the virtual autonomous system number expressed as a decimal integer.

Values

1 to 4294967295

private

Specifies the local-as is hidden in paths learned from the peering.

no-prepend-global-as

Specifies that the global-as is hidden in paths announced to the BGP peer.

Platforms

All

Context

[Tree] (config>service>epipe>bgp-evpn local-attachment-circuit)

Full Context

configure service epipe bgp-evpn local-attachment-circuit

Description

This command configures a local attachment circuit (AC) in which the local Ethernet tag can be configured.

The no form of this command disables the context.

Default

no local-attachment-circuit

Parameters

ac-name

Specifies the name of the local attachment circuit, up to 32 characters.

endpoint-name

Specifies the name of the endpoint, up to 32 characters.

bgp-instance

Specifies the BGP instance ID.

Values

1 to 2

Default

1

create

Keyword used to create the local AC.

Platforms

All

Context

[Tree] (config>service>dynsvc>policy>auth local-auth-db)

Full Context

configure service dynamic-services dynamic-services-policy authentication local-auth-db

Description

This command configures the local authentication database to be used for local authentication of data-triggered dynamic services.

Local authentication and RADIUS authentication are mutually exclusive.

The no form of this command removes the local authentication database from the configuration and disables local authentication.

Parameters

name

local authentication database name, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>dynsvc local-auth-db)

Full Context

configure service dynamic-services local-auth-db

Description

This command creates a local authentication database that can be used for local authentication of data-triggered dynamic services.

The no form of this command removes the local authentication database from the configuration.

Parameters

name

Specifies a local authentication database name, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>router>dhcp local-dhcp-server)

[Tree] (config>service>vprn>dhcp local-dhcp-server)

Full Context

configure router dhcp local-dhcp-server

configure service vprn dhcp local-dhcp-server

Description

This command instantiates a local DHCP server. A local DHCP server can serve multiple interfaces but is limited to the routing context it was which it was created.

The no form of this command reverts to the default.

Parameters

server-name

Specifies the name of local DHCP server, up to 32 characters.

create

Keyword used to create the local DHCP server. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>router>dhcp6 local-dhcp-server)

Full Context

configure router dhcp6 local-dhcp-server

Description

This command instantiates a DHCP6 server. A local DHCP6 server can serve multiple interfaces but is limited to the routing context it was which it was created.

The no form of this command reverts to the default.

Parameters

server-name

Specifies the name of local DHCP6 server, up to 32 characters.

create

Keyword used to create the local DHCP or DHCP6 server. The create keyword requirement can be enabled or disabled in the environment>create context.

auto-provisioned

Specifies the auto provisioning mode. This parameter only applies to DHCP6 creation to configure DHCP6 default values.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (debug>router local-dhcp-server)

Full Context

debug router local-dhcp-server

Description

This command enables, disables or configures debugging for a local DHCP server.

Parameters

server-name

Specifies an existing local DHCP server name.

ip-prefix[/prefix-length]

Specifies the IP prefix and prefix length of the subnet.

Values

ip-prefix — a.b.c.d (host bits must be 0)

length — 0 to 32

ieee-address

Specifies that the provisioned MAC address for the local DHCP server.

ipv6z-address

Specifies the IPv6z address.

ipv6-address:	x:x:x:x:x:x:x:x [-interface]
	x:x:x:x:x:x:d.d.d.d [-interface]
	x: [0 to FFFF]H
	d: [0 to 255]D
interface	up to 32 characters, mandatory for link local addresses

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>redundancy>multi-chassis>peer>sync local-dhcp-server)

Full Context

configure redundancy multi-chassis peer sync local-dhcp-server

Description

This command synchronizes DHCP server information.

Default

no local-dhcp-server

Platforms

All

Context

[Tree] (config>service>vprn>if>ipv6 local-dhcp-server)

[Tree] (config>service>ies>if local-dhcp-server)

Full Context

configure service vprn interface ipv6 local-dhcp-server

configure service ies interface local-dhcp-server

Description

This command assigns a DHCP server to the interface.

Parameters

local-server-name

Specifies an existing local server name.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>router>if local-dhcp-server)

[Tree] (config>router>if>ipv6 local-dhcp-server)

Full Context

configure router interface local-dhcp-server

configure router interface ipv6 local-dhcp-server

Description

This command instantiates a local DHCP server. A local DHCP server can serve multiple interfaces but is limited to the routing context in which it was created.

The no form of this command reverts to the default value.

Default

no local-dhcp-server

Parameters

local-server-name

Specifies the name of local DHCP server, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>epipe>sap>cem local-ecid)

Full Context

configure service epipe sap cem local-ecid

Description

This command defines the Emulated Circuit Identifiers (ECID) to be used for the local (source) end of the circuit emulation service.

The no form of this command removes the ECID from the configuration.

Default

local-ecid 65535

Parameters

emulated circuit identifier

Specifies the value to be used as the local (source) ECID for the circuit emulation service. On CES packet reception, the ECID in the packet will be compared to the configured local-ecid value. These must match for the packet payload to be used for the TDM circuit. The remote-ecid value is inserted into the MEF-8 CES packet to be transmitted.

Values

0 to 1048575

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e

Context

[Tree] (config>service>sdp local-end)

Full Context

configure service sdp local-end

Description

This command configures the local-end address of the following SDP encapsulation types:

• IPv6 address of the termination point of a SDP of encapsulation l2tpv3 (L2TP v3 tunnel).

• IPv4/IPv6 source address of a SDP of encapsulation eth-gre-bridged (L2oGRE SDP).

• IPv4 source address of a SDP of encapsulation gre (GRE SDP).

A change to the value of the local-end parameter requires that the SDP be shut down.

When used as the source address of a SDP of encapsulation gre (GRE SDP), the primary IPv4 address of any local network IP interface, loopback or otherwise, may be used.

The address of the following interfaces are not supported:

• unnumbered network IP interface

• IES interface

• VPRN interface

• CSC VPRN interface

The local-end parameter value adheres to the following rules:

• A maximum of 15 distinct address values can be configured for all GRE SDPs under the config>service>sdp>local-end context, and all L2oGRE SDPs under the config>service>system>gre-eth-bridged>tunnel-termination context.

• The same source address cannot be used in both contexts since an address configured for a L2oGRE SDP matches an internally created interface that is not available to other applications.

• The local-end address of a GRE SDP, when different from system, need not match the primary address of an interface that has the MPLS-over-GRE termination subnet configured, unless a GRE SDP or tunnel from the far-end router terminates on this address.

The no form of the command removes the address from the local-end configuration.

Parameters

ip-address | ipv6-address

Specifies a IPv4 or IPv6 address for local-end of an SDP in dotted decimal notation.

Values

	ip-address	a.b.c.d
	ipv6-address	x:x:x:x:x:x:x:x (eight 16-bit pieces)
		x:x:x:x:x:x:d.d.d.d
		x - [0..FFFF]H
		d - [0..255]D

Platforms

All

Context

[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>channel>video local-fcc-port)

[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>video local-fcc-port)

[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>channel>source-override>video local-fcc-port)

Full Context

configure mcast-management multicast-info-policy bundle channel video local-fcc-port

configure mcast-management multicast-info-policy bundle video local-fcc-port

configure mcast-management multicast-info-policy bundle channel source-override video local-fcc-port

Description

This command configures the local port on which Fast Channel Change (FCC) requests are received. The value of this object can only be set for the default bundle and will be used by all bundles and channels.

The local-fcc-port port value is the only configuration parameter in the bundle "default” context.

The no form of the command removes the port from the video configuration.

Parameters

port

Specifies a local port for FCC requests.

Values

1024 to 5999, 6251 to 65535

Platforms

7450 ESS, 7750 SR, 7750 SR-s

Context

[Tree] (config>app-assure>group>url-filter local-filtering)

Full Context

configure application-assurance group url-filter local-filtering

Description

This command configures a URL filter policy for local filtering in order to filter traffic based on a list of URLs located on a file stored in the router compact flash.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>system>satellite local-forward)

Full Context

configure system satellite local-forward

Description

This command creates a local-forward instance.

A local-forward instance creates a traffic bypass within the Ethernet satellite, which allows traffic to be forwarded between satellite client ports.

The no form of this command deletes the specified local-forward instance.

Parameters

local-forward-id

Specifies the ID number for the local-forward instance.

Values

1 to 10240

create

Creates a new local-forward instance.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>router>if>ipsec>ipsec-tunnel local-gateway-address)

[Tree] (config>service>ies>if>ipsec>ipsec-tunnel local-gateway-address)

Full Context

configure router interface ipsec ipsec-tunnel local-gateway-address

configure service ies interface ipsec ipsec-tunnel local-gateway-address

Description

This command configures local gateway address of the IPsec gateway.

Parameters

ip-address

Specifies a unicast IPv4 address, up to 64 characters.

ipv6-address

Specifies a unicast global unicast IPv6 address, up to 64 characters.

Platforms

VSR

Context

[Tree] (config>service>ies>if>sap>ipsec-gw local-gateway-address)

[Tree] (config>service>vprn>if>sap>ipsec-gw local-gateway-address)

Full Context

configure service ies interface sap ipsec-gw local-gateway-address

configure service vprn interface sap ipsec-gw local-gateway-address

Description

This command configures local gateway address of the IPsec gateway.

Parameters

ip-address

Specifies a unicast IPv4 address or a global unicast IPv6 address. This address must be within the subnet of the public interface.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vprn>if>sap>ipsec-tunnel local-gateway-address)

Full Context

configure service vprn interface sap ipsec-tunnel local-gateway-address

Description

This command specifies the local gateway address used for the tunnel and the address of the remote security gateway at the other end of the tunnel remote peer IP address to use.

Default

no local-gateway-address

Parameters

ip-address

IP address of the local end of the tunnel.

delivery-service service-id

The ID of the IES or VPRN (front-door) delivery service of this tunnel. Use this service-id to find the VPRN used for delivery.

Values

service-id: 1 to 2147483648

svc-name: Specifies an existing service name up to 64 characters in length.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vprn>if>sap>ipsec-gw local-id)

[Tree] (config>service>ies>if>ipsec>ipsec-tunnel>dyn local-id)

[Tree] (config>ipsec>trans-mode-prof>dyn local-id)

[Tree] (config>service>vprn>if>ipsec>ipsec-tunnel>dyn local-id)

[Tree] (config>service>vprn>if>sap>ipsec-tun>dyn local-id)

[Tree] (config>router>if>ipsec>ipsec-tunnel>dyn local-id)

[Tree] (config>service>ies>if>sap>ipsec-gw local-id)

Full Context

configure service vprn interface sap ipsec-gw local-id

configure service ies interface ipsec ipsec-tunnel dynamic-keying local-id

configure ipsec ipsec-transport-mode-profile dynamic-keying local-id

configure service vprn interface ipsec ipsec-tunnel dynamic-keying local-id

configure service vprn interface sap ipsec-tunnel dynamic-keying local-id

configure router interface ipsec ipsec-tunnel dynamic-keying local-id

configure service ies interface sap ipsec-gw local-id

Description

This command specifies the local ID used for IDi or IDr for IKEv2 negotiation.

The default behavior depends on the local-auth-method as follows:

• Psk: local tunnel IP address

• Cert-auth: subject of the local certificate

The no form of this command removes the parameters from the configuration.

Default

no local-id

Parameters

type

Specifies the type of local ID payload, which could be IPv4 or IPv6 address or FQDN domain name or distinguish the name of the subject in the X.509 certificate.

Values

ipv4 — Specifies to use IPv4 as the local ID type; the default value is the local tunnel end-point address.

ipv6 — Specifies to use IPv6 as the local ID type; the default value is the local tunnel end-point address.

fq1dn — Specifies to use FQDN as the local ID type. The value must be configured.

value

Specifies the data type as an enumerated integer that describes the local identifier type used for IDi or IDr for IKEv2, up to 255 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

• configure ipsec ipsec-transport-mode-profile dynamic-keying local-id
• configure service vprn interface sap ipsec-gw local-id
• configure service ies interface sap ipsec-gw local-id
• configure service vprn interface sap ipsec-tunnel dynamic-keying local-id

VSR

• configure service vprn interface ipsec ipsec-tunnel dynamic-keying local-id
• configure router interface ipsec ipsec-tunnel dynamic-keying local-id
• configure service ies interface ipsec ipsec-tunnel dynamic-keying local-id

Context

[Tree] (config>service>vprn>ipsec>sec-plcy>entry local-ip)

[Tree] (config>router>ipsec>sec-plcy>entry local-ip)

Full Context

configure service vprn ipsec security-policy entry local-ip

configure router ipsec security-policy entry local-ip

Description

This command configures the local (from the VPN) IP prefix/mask for the policy parameter entry.

Only one entry is necessary to describe a potential flow. The local-ip and remote-ip commands can be defined only once. The system evaluates:

• the local IP as the source IP when traffic is examined in the direction of the flows from private to public and as the destination IP when traffic flows from public to private

• the remote IP as the source IP when traffic flows public to private and as the destination IP when traffic flows from private to public

Parameters

ip-prefix

The destination address of the aggregate route in dotted decimal notation

Values

a.b.c.d (host bits must be 0)

prefix-length 1 to 32

netmask

The subnet mask in dotted decimal notation

any

keyword to specify that it can be any address

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

• configure service vprn ipsec security-policy entry local-ip

VSR

• configure router ipsec security-policy entry local-ip

Context

[Tree] (config>lag>bfd>family local-ip-address)

Full Context

configure lag bfd family local-ip-address

Description

This command is used to specify the IPv4 or IPv6 address of the BFD source.

The no form of this command removes this address from the configuration.

Default

no local-ip-address

Parameters

ip-address

Specifies the IP address.

Values

ipv4-address:	a.b.c.d
ipv6-address:	x:x:x:x:x:x:x:x (eight 16-bit pieces)
	x:x:x:x:x:x:d.d.d.d
	x:-[0 to FFFF]H
	d: [0 to 255]D

Platforms

All

Context

[Tree] (config>isa>nat-group>inter-chassis-redundancy local-ip-range-start)

Full Context

configure isa nat-group inter-chassis-redundancy local-ip-range-start

Description

This command configures the first IP address that is assigned to a first member ISA in the nat-group. The remaining member ISAs in the nat-group are automatically assigned the consecutive IP addresses, starting from the first IP address. These IP addresses are used to communicate between the ISAs on redundant nodes for the purpose of flow synchronization. Traffic from the first local IP address (member ISA), is sent to the first IP address from the remote IP range.

The no form of this command reverts to the default.

Default

no local-ip-range-start

Parameters

ip-address

Specifies the first IP address from the range assigned to the first member ISA in the form of a.b.c.d

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>router>ldp>if-params>if>ipv4 local-lsr-id)

[Tree] (config>router>ldp>if-params>if>ipv6 local-lsr-id)

Full Context

configure router ldp interface-parameters interface ipv4 local-lsr-id

configure router ldp interface-parameters interface ipv6 local-lsr-id

Description

This command enables the use of the address of the local LDP interface, or any other network interface configured on the system, as the LSR-ID to establish link LDP Hello adjacency and LDP session with directly connected LDP peers. The network interface can be a loopback or not.

Link LDP sessions to all peers discovered over a given LDP interface share the same local LSR-ID. However, LDP sessions on different LDP interfaces can use different network interface addresses as their local LSR-ID.

By default, the LDP session to a peer uses the system interface address as the LSR-ID unless explicitly configured using this command. The system interface must always be configured on the router, or the LDP protocol will not come up on the node. There is no requirement to include the system interface in any routing protocol.

At initial configuration, the LDP session to a peer will remain down while the network interface used as LSR-ID is down. LDP will not try to bring it up using the system interface.

If the network IP interface used as LSR-ID goes down, the LDP sessions to all discovered peers using this LSR-ID go down.

When an interface other than the system is used as the LSR-ID, the transport connection (TCP) for the link LDP session will also use the address of that interface as the transport address. If the system or interface value is configured in the config>router>ldp>if-params>if>ipv4 or config>router>ldp>if-params>if>ipv6> transport-address context, it will be overridden with the address of the LSR-ID interface.

When the local-lsr-id command is enabled with the 32bit-format option, an SR OS LSR will be able to establish an LDP IPv6 Hello adjacency and an LDP IPv6 session with an RFC 7552 compliant peer LSR. The LSR uses a 32-bit LSR-ID set to the value of the IPv4 address of the specified local LSR-ID interface and a 128-bit transport address set to the value of the IPv6 address of the specified local LSR-ID interface.

If the user enables the 32bit-format option in the IPv6 context of a running LDP interface, the already established LDP IPv6 Hello adjacency and LDP IPv6 session will be brought down and re-established with the new 32-bit LSR-ID value.

If the user changes the LSR-ID value between system, interface, and interface-name, or enables the 32bit-format option while the LDP session is up, LDP will immediately tear down all sessions using this LSR-ID and will attempt to re-establish them using the new LSR-ID.

The no form of this command returns to the default behavior, in which case the system interface address is used as the LSR-ID.

Default

no local-lsr-id

Parameters

system

Specifies the use of the address of the system interface as the value of the LSR-ID of this LDP LSR.

interface

Specifies the use of the address of the local LDP interface as the value of the LSR-ID of this LDP LSR.

interface-name interface-name

Specifies the name, up to 32 character, of the network IP interface (which address is used as the LSR-ID of this LDP LSP). An interface name cannot be in the form of an IP address. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes.

32bit-format

Specifies the use of the IPv4 address of the local LSR-ID interface as the LSR-ID of this LDP LSR.

Platforms

All

Context

[Tree] (config>router>ldp>targ-session>peer-template local-lsr-id)

[Tree] (config>router>ldp>targ-session>peer local-lsr-id)

Full Context

configure router ldp targeted-session peer-template local-lsr-id

configure router ldp targeted-session peer local-lsr-id

Description

This command enables the use of the address of any network interface configured on the system, as the LSR-ID to establish a targeted LDP Hello adjacency and a targeted LDP session with an LDP peer. The network interface can be a loopback or not.

By default, the targeted LDP session to a peer uses the system interface address as the LSR-ID and as the transport address, unless explicitly configured using this command. The system interface must always be configured on the router, or the LDP protocol will not come up on the node. There is no requirement to include the system interface in any routing protocol.

When the local-lsr-id command is enabled with the 32bit-format option, an SR OS LSR will be able to establish a targeted LDP IPv6 Hello adjacency and a targeted LDP IPv6 session with an RFC 7552 compliant peer LSR. The LSR uses a 32-bit LSR-ID set to the value of the IPv4 address of the specified local LSR-ID interface and a 128-bit transport address set to the value of the IPv6 address of the specified local LSR-ID interface.

If the user enables the 32bit-format option in the IPv6 context of a running targeted LDP peer, the already established targeted LDP IPv6 Hello adjacency and targeted LDP IPv6 session will be brought down and re-established with the new 32-bit LSR-ID value.

If the user changes the local LSR-ID value or enables/disables the 32bit-format option, while the targeted LDP session is up, LDP will immediately tear down the targeted session using this LSR-ID and will attempt to re-establish it using the new LSR-ID.

The no form of this command returns to the default behavior, in which case the system interface address is used as the LSR-ID.

Default

no local-lsr-id

Parameters

interface-name

Specifies the name, up to 32 characters, of the network IP interface (which address is used as the LSR-ID of this LDP LSP). An interface name cannot be in the form of an IP address. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes.

32bit-format

Specifies the use of the IPv4 address of the local LSR-ID interface as the LSR-ID of this LDP LSR.

Platforms

All

Context

[Tree] (config>system>rollback local-max-checkpoints)

Full Context

configure system rollback local-max-checkpoints

Description

This command configures the maximum number of rollback checkpoint files when the rollback-location is on local compact flash.

Default

no local-max-checkpoints

Parameters

number of files

Specifies the maximum rollback files on a compact flash.

Values

1 to 50

Platforms

All

Context

[Tree] (config>sys>security>dist-cpu-protection>policy local-monitoring-policer)

Full Context

configure system security dist-cpu-protection policy local-monitoring-policer

Description

This command configures a monitoring policer that is used to monitor the aggregate rate of several protocols arriving on an object (for example, SAP). When the local-monitoring-policer is determined to be in a nonconforming state (at the end of a minimum monitoring time of 60 seconds) then the system will attempt to allocate dynamic policers for the particular object for any protocols associated with the local monitor (for example, using the protocol name enforcement dynamic policer-name CLI command).

If the system cannot allocate all the dynamic policers within 150 seconds, it will stop attempting to allocate dynamic policers, raise a LocMonExcdAllDynAlloc log event, and go back to using the local monitor. The local monitor may then detect exceeded packets again and make another attempt at allocating dynamic policers.

Once this policer-name is referenced by a protocol then this policer will be instantiated for each "object” that is created and references this DDoS policy. If there is no policer free then the object will be blocked from being created.

Parameters

policy-name

Specifies name of the policy, up to 32 characters.

Platforms

All

Context

[Tree] (config>router>l2tp local-name)

[Tree] (config>service>vprn>l2tp local-name)

[Tree] (config>router>l2tp>group local-name)

[Tree] (config>service>vprn>l2tp>group>tunnel local-name)

[Tree] (config>service>vprn>l2tp>group local-name)

[Tree] (config>router>l2tp>group>tunnel local-name)

Full Context

configure router l2tp local-name

configure service vprn l2tp local-name

configure router l2tp group local-name

configure service vprn l2tp group tunnel local-name

configure service vprn l2tp group local-name

configure router l2tp group tunnel local-name

Description

This command creates the local host name used by this system for the tunnels in this L2TP group during the authentication phase of tunnel establishment. It can be used to distinguish tunnels.

The no form of this command removes the host name from the configuration.

Default

no local-name

Parameters

host-name

Specifies the host name, up to 64 characters in length, that the router will use to identify itself during L2TP authentication.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>port>ethernet>efm-oam>link-mon>local-sf-action local-port-action)

Full Context

configure port ethernet efm-oam link-monitoring local-sf-action local-port-action

Description

This command configures the parameters that define if and how the local port will be affected when the local signal failure threshold (sf-threshold) has been reached within the configured window.

Interactions: The signal failure threshold will trigger these actions.

Default

local-port-action out-of-service

Parameters

log-only

Keyword that prevents the port from being affected when the configured signal failure threshold is reach within the window. The event will be logged but the port will remain operational.

out-of-service

Keyword that causes the port to enter a non-operation down state with a port state of link up. The error will be logged when the configured signal failure threshold (sf-threshold) is reached within the window. The port will not be available to service data but will continue to carry Link OAM traffic to ensure the link is monitored.

Platforms

All

Context

[Tree] (config>subscr-mgmt>bgp-prng-plcy local-preference)

Full Context

configure subscriber-mgmt bgp-peering-policy local-preference

Description

This command enables setting the BGP local-preference attribute in incoming routes if not specified and configures the default value for the attribute. This value is used if the BGP route arrives from a BGP peer without the local-preference integer set.

The specified value can be overridden by any value set via a route policy.

The no form of this command at the global level specifies that incoming routes with local-preference set are not overridden and routes arriving without local-preference set are interpreted as if the route had local-preference value of 100.

Parameters

local-preference

The local preference value to be used as the override value, expressed as a decimal integer.

Values

0 to 4294967295

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vprn>bgp local-preference)

[Tree] (config>service>vprn>bgp>group local-preference)

[Tree] (config>service>vprn>bgp>group>neighbor local-preference)

Full Context

configure service vprn bgp local-preference

configure service vprn bgp group local-preference

configure service vprn bgp group neighbor local-preference

Description

This command enables setting the BGP local-preference attribute in incoming routes if not specified and configures the default value for the attribute. This value is used if the BGP route arrives from a BGP peer without the local-preference integer set.

The specified value can be overridden by any value set via a route policy. This configuration parameter can be set at three levels: global level (applies to all peers), group level (applies to all peers in peer-group) or neighbor level (only applies to specified peer). The most specific value is used.

The no form of this command at the global level specifies that incoming routes with local-preference set are not overridden and routes arriving without local-preference set are interpreted as if the route had local-preference value of 100.

The no form of this command used at the group level reverts to the value defined at the global level.

The no form of this command used at the neighbor level reverts to the value defined at the group level.

Default

no local-preference - Does not override the local-preference value set in arriving routes and analyze routes without local preference with value of 100.

Parameters

local-preference

The local preference value to be used as the override value, expressed as a decimal integer.

Values

0 to 4294967295

Platforms

All

Context

[Tree] (config>router>bgp>group local-preference)

[Tree] (config>router>bgp>group>neighbor local-preference)

[Tree] (config>router>bgp local-preference)

Full Context

configure router bgp group local-preference

configure router bgp group neighbor local-preference

configure router bgp local-preference

Description

This command enables setting the BGP local-preference attribute in incoming routes if not specified and configures the default value for the attribute.

This value is used if the BGP route arrives from a BGP peer without the local-preference integer set.

The specified value can be overridden by any value set via a route policy. This configuration parameter can be set at three levels: global level (applies to all peers), group level (applies to all peers in peer-group) or neighbor level (only applies to the specified peer). The most specific value is used.

The no form of this command at the global level specifies that incoming routes with local-preference set are not overridden and routes arriving without local-preference set are interpreted as if the route had local-preference value of 100.

The no form of this command used at the group level reverts to the value defined at the global level.

The no form of this command used at the neighbor level reverts to the value defined at the group level.

Default

no local-preference

Parameters

local-preference

Specifies the local preference value to be used as the override value expressed as a decimal integer.

Values

0 to 4294967295

Platforms

All

Context

[Tree] (config>router>policy-options>policy-statement>entry>from local-preference)

Full Context

configure router policy-options policy-statement entry from local-preference

Description

This command matches BGP routes based on local preference (the value in the LOCAL_PREF attribute).

If no comparison qualifiers are present (equal, or-higher, or-lower), then equal is the implied default.

A non-BGP route does not match a policy entry if it contains the local-preference command.

Default

no local-preference

Parameters

preference

Specifies the local preference value.

Values

0 to 4294967295, or a parameter name delimited by starting and ending at-sign (@) characters

equal

Specifies that matched routes should have the same local preference as the value specified.

or-higher

Specifies that matched routes should have the same or a greater local preference as the value specified.

or-lower

Specifies that matched routes should have the same or a lower local preference as the value specified.

Platforms

All

Context

[Tree] (config>router>policy-options>policy-statement>default-action local-preference)

[Tree] (config>router>policy-options>policy-statement>entry local-preference)

Full Context

configure router policy-options policy-statement default-action local-preference

configure router policy-options policy-statement entry local-preference

Description

This command assigns a BGP local preference to routes matching a route policy statement entry.

If no local preference is specified, the BGP configured local preference is used.

The no form of this command disables assigning a local preference in the route policy entry.

Default

no local-preference

Parameters

preference

Specifies the local preference expressed as a decimal integer.

Values

0 to 4294967295 name — Specifies the local preference parameter variable name. Allowed values are any string up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes. Policy parameters must start and end with at-signs (@); for example, "@variable@”.

Platforms

All

Context

[Tree] (config>service>pw-routing local-prefix)

Full Context

configure service pw-routing local-prefix

Description

This command configures one or more node prefix values to be used for MS-PW routing. At least one prefix must be configured on each node that is an S-PE or a T-PE.

The no form of this command removes a previously configured prefix, and will cause the corresponding route to be withdrawn if it has been advertised in BGP.

Default

no local-prefix

Parameters

local-prefix

Specifies a 32 bit prefix for the AII. One or more prefix values, up to a maximum of 16, may be assigned to the 7450 ESS, 7750 SR, or 7950 XRS node. The global ID can contain the 2-octet or 4-octet value of the provider's Autonomous System Number (ASN). The presence of a global ID based on the provider's ASN ensures that the AII for spoke-SDPs configured on the node will be globally unique.

Values

<global-id>:<ip-addr>| <raw-prefix>

ip-addr	a.b.c.d
raw-prefix	1 to 4294967295
global-id	1 to 4294967295

Platforms

All

Context

[Tree] (config>service>vprn>ptp>peer local-priority)

Full Context

configure service vprn ptp peer local-priority

Description

This command configures the local priority used to choose between PTP TimeTransmitters in the best TimeTransmitter clock algorithm (BTCA).

The value 1 is the highest priority and 255 is the lowest priority.

If the PTP profile is ieee1588-2008, the priority of a peer cannot be configured.

If the PTP profile is g8265dot1-2010, this parameter configures the priority used to choose between TimeTransmitter clocks with the same quality. Refer to the G.8265.1 standard for more information

If the PTP profile is g8275dot1-2014 or g8275dot2-2016, this parameter sets the value of the localPriority associated with the Announce messages received from the external clocks (ptp>peer or ptp>port), or the local clock (PTP). Refer to the ITU-T G.8275.1/G.8275.2 standard for detailed information

Default

local-priority 128

Parameters

local-priority

Specifies the value of the local priority.

Values

1 to 255

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>system>ptp local-priority)

[Tree] (config>system>ptp>peer local-priority)

[Tree] (config>system>ptp>port local-priority)

Full Context

configure system ptp local-priority

configure system ptp peer local-priority

configure system ptp port local-priority

Description

This command configures the local priority used to choose between PTP TimeTransmitters in the best TimeTransmitter clock algorithm (BTCA).

The value 1 is the highest priority and 255 is the lowest priority.

If the PTP profile is ieee1588-2008, the priority of a peer cannot be configured.

If the PTP profile is g8265dot1-2010, this parameter configures the priority used to choose between TimeTransmitter clocks with the same quality. Refer to the G.8265.1 standard for more information

If the PTP profile is g8275dot1-2014 or g8275dot2-2016, this parameter sets the value of the localPriority associated with the Announce messages received from the external clocks (ptp>peer or ptp>port), or the local clock (PTP). Refer to the ITU-T G.8275.1/G.8275.2 standard for detailed information

Default

local-priority 128

Parameters

priority

Specifies the value of the local priority.

Values

1 to 255

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>service>vprn>sub-if>grp-if local-proxy-arp)

[Tree] (config>service>ies>if local-proxy-arp)

[Tree] (config>service>vprn>if local-proxy-arp)

[Tree] (config>service>ies>sub-if>grp-if local-proxy-arp)

Full Context

configure service vprn subscriber-interface group-interface local-proxy-arp

configure service ies interface local-proxy-arp

configure service vprn interface local-proxy-arp

configure service ies subscriber-interface group-interface local-proxy-arp

Description

This command enables local proxy ARP. When local proxy ARP is enabled on an IP interface, the system responds to all ARP requests for IP addresses belonging to the subnet with its own MAC address, and thus becomes the forwarding point for all traffic between hosts in that subnet.

When local-proxy-arp is enabled, ICMP redirects on the ports associated with the service are automatically blocked.

The no form of this command reverts to the default.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

• configure service vprn subscriber-interface group-interface local-proxy-arp
• configure service ies subscriber-interface group-interface local-proxy-arp

All

• configure service vprn interface local-proxy-arp
• configure service ies interface local-proxy-arp

Context

[Tree] (config>router>if local-proxy-arp)

Full Context

configure router interface local-proxy-arp

Description

This command enables local proxy ARP on the interface.

Default

no local-proxy-arp

Platforms

All

Context

[Tree] (config>service>vprn>if>ipv6 local-proxy-nd)

[Tree] (config>service>ies>if>ipv6 local-proxy-nd)

Full Context

configure service vprn interface ipv6 local-proxy-nd

configure service ies interface ipv6 local-proxy-nd

Description

This command enables local proxy neighbor discovery on the interface.

When this command is enabled, the interface replies to neighbor solicitation requests when both the hosts are on the same subnet. In this case, ICMP redirects are disabled. When this command is disabled, the interface does not reply to neighbor solicitation requests if both the hosts are on the same subnet.

The no form of this command reverts to the default.

Platforms

All

Context

[Tree] (config>router>if>ipv6 local-proxy-nd)

Full Context

configure router interface ipv6 local-proxy-nd

Description

This command enables local proxy neighbor discovery on the interface.

The no form of this command disables local proxy neighbor discovery.

Platforms

All

Context

[Tree] (config>service>vprn local-routes-domain-id)

Full Context

configure service vprn local-routes-domain-id

Description

This command specifies the domain ID that is used in the D-PATH attribute for local routes before those routes are exported to a BGP neighbor using BGP-IPVPN, EVPN-IFF, EVPN-IFL or PE-CE BGP. A local route is a non-BGP route installed in the VPRN route table and learned using static route or an IGP.

The domain IDs are used in the D-PATH attribute, in accordance with draft-ietf-bess-evpn-ipvpn-interworking. The D-PATH attribute is modified by gateway routers, where a gateway is defined as a PE where a VPRN is instantiated, and that VPRN advertises or receives routes from multiple BGP owners (for example, EVPN-IFL and BGP-IPVPN).

The D-PATH attribute is used on gateways to detect loops (for received routes where the D-PATH contains a local domain ID) and to make BGP best path selection decisions based on the D-PATH length (shorter D-PATH is preferred).

The no form of this command removes the domain ID for local routes.

Default

no local-routes-domain-id

Parameters

global-field:local-field

Specifies the domain ID for local routes.

Values

4byte-GlobalAdminValue:2byte-LocalAdminValue
	4byte-GlobalAdminValue:	0 to 4294967295
	2byte-LocalAdminValue	0 to 65535

Platforms

All

Context

[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>channel>source-override>video local-rt-port)

[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>channel>video local-rt-port)

[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>video local-rt-port)

Full Context

configure mcast-management multicast-info-policy bundle channel source-override video local-rt-port

configure mcast-management multicast-info-policy bundle channel video local-rt-port

configure mcast-management multicast-info-policy bundle video local-rt-port

Description

This command configures the local port on which retransmission (RET) requests are received. The value of this object can only be set for the default bundle and will be used by all channels.

The local-rt-port port value is the only configuration parameter in the bundle "default” context.

The no form of the command removes the port from the video configuration.

Parameters

port

Specifies a local port for RT requests.

Values

1024 to 5999, 6251 to 65535

Platforms

7450 ESS, 7750 SR, 7750 SR-s

Context

[Tree] (config>isa>video-group local-rt-server)

Full Context

configure isa video-group local-rt-server

Description

This command enables the local RET server for the group. A local RET server cannot be enabled if an FCC server or ad insertion is enabled.

The no form of the command disables the server.

Default

no local-rt-server

Platforms

7450 ESS, 7750 SR, 7750 SR-s

Context

[Tree] (config>mcast-mgmt>mcast-info-plcy>video-policy>video-if>sd local-rt-server)

[Tree] (config>mcast-mgmt>mcast-info-plcy>video-policy>video-if>hd local-rt-server)

[Tree] (config>mcast-mgmt>mcast-info-plcy>video-policy>video-if>pip local-rt-server)

Full Context

configure mcast-management multicast-info-policy video-policy video-interface sd local-rt-server

configure mcast-management multicast-info-policy video-policy video-interface hd local-rt-server

configure mcast-management multicast-info-policy video-policy video-interface pip local-rt-server

Description

This command enables the local retransmission server function for requests directed to the IP address.

The no form of the command disables the retransmission server.

Default

no local-rt-server

Platforms

7450 ESS, 7750 SR, 7750 SR-s

Context

[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>video local-rt-server)

[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>channel>video local-rt-server)

[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>channel>source-override>video local-rt-server)

Full Context

configure mcast-management multicast-info-policy bundle video local-rt-server

configure mcast-management multicast-info-policy bundle channel video local-rt-server

configure mcast-management multicast-info-policy bundle channel source-override video local-rt-server

Description

This command enables the local retransmission server capability on the ISA video group.

RET server parameters can be configured in a multicast information policy or a service, but the parameters will have no effect if the RET server is disabled or if the video group is administratively disabled (shutdown).

The no form of the command returns the parameter to the default value where the RET server is disabled on the video group.

Default

no local-rt-server

Parameters

disable

Specifies to disable the RET server.

Platforms

7450 ESS, 7750 SR, 7750 SR-s

Context

[Tree] (config>port>ethernet>efm-oam>link-monitoring local-sf-action)

Full Context

configure port ethernet efm-oam link-monitoring local-sf-action

Description

This command defines how crossing the local signal failure threshold (sf-threshold) will be handled. This includes local actions and if and how to notify the peer that the threshold has been crossed.

Platforms

All

Context

[Tree] (config>system>telemetry>persistent>subscription local-source-address)

Full Context

configure system telemetry persistent-subscriptions subscription local-source-address

Description

This command is used to assign a source IP address in the respective persistent subscription context for use when packets are sent out.

The no form of this command removes this address from the configuration.

Parameters

ip-int-name

Specifies the source IP address name, up to 64 characters.

ip-address

Specifies the source IP address.

Values

ipv4-address:	a.b.c.d
ipv6-address:	x:x:x:x:x:x:x:x (eight 16-bit pieces)
	x:x:x:x:x:x:d.d.d.d
	x:-[0 to FFFF]H
	d: [0 to 255]D

Platforms

All

Context

[Tree] (config>system>grpc-tunnel>destination-group>destination local-source-address)

Full Context

configure system grpc-tunnel destination-group destination local-source-address

Description

This command configures a local source IP address in the destination group context for use when packets are sent out.

The no form of this command removes this address from the configuration.

Default

no local-source-address

Parameters

ip-int-name

Specifies the source IP address name, up to 64 characters.

ip-address

Specifies the source IPv4 address (in dotted decimal notation) or IPv6 address.

Values

ipv4-address:	a.b.c.d
ipv6-address:	x:x:x:x:x:x:x:x (eight 16-bit pieces)
	x:x:x:x:x:x:d.d.d.d
	x:-[0 to FFFF]H
	d: [0 to 255]D

Platforms

All

Context

[Tree] (config>router>mpls>lsp local-sr-protection)

[Tree] (config>router>mpls>lsp-template local-sr-protection)

Full Context

configure router mpls lsp local-sr-protection

configure router mpls lsp-template local-sr-protection

Description

This command configures the SR LFA protection needed for the adjacencies used in the path computation of an SR-TE LSP by the local CSPF.

The default value of the command is preferred. The local CSPF will prefer a protected adjacency over an unprotected adjacency whenever both exist for a TE link. However, the entire computed path can combine both types of adjacencies.

When the user enables the mandatory value, CSPF uses it as an additional path constraint and selects protected adjacencies exclusively in computing the path of the SR-TE LSP. CSPF will return no path if all candidate paths that otherwise satisfy all other LSP path constraints do not have an unprotected SID for each of their TE links.

Similarly, if the user enables the value none, CSPF uses it as an additional path constraint and selects unprotected adjacencies exclusively in computing the path of the SR-TE LSP. CSPF will return no path if all candidate paths that otherwise satisfy all other LSP path constraints do not have a protected SID for each of their TE links.

The no form of this command returns the command to its default value.

Default

no local-sr-protection

Parameters

local-sr-protection

Specifies the local-sr-protection for LSPs.

Values

none — Selects unprotected adjacencies only in the SR-TE LSP path computation.

preferred — Prefers protected adjacencies in the SR-TE LSP path computation.

mandatory — Selects protected adjacencies only in the SR-TE LSP path computation.

Platforms

All

Context

[Tree] (config>bfd>seamless-bfd>reflector local-state)

Full Context

configure bfd seamless-bfd reflector local-state

Description

This command specifies the setting of the local state field in reflected seamless BFD control packets.

The no form of this command means that the field is not explicitly set by the reflector.

Default

local-state up

Parameters

admin-down

Specifies that the local state of the reflected seamless BFD control packets is administratively down.

up

Specifies that the local state of the reflected seamless BFD control packets is up.

Platforms

All

Context

[Tree] (config>service>epipe>pbb local-switching-service-state)

Full Context

configure service epipe pbb local-switching-service-state

Description

In a PBB Epipe with two SAPs and a PBB tunnel, this command controls whether the operational status of the PBB-Epipe service depends on the status of the PBB tunnel only.

Default

local-switching-service-state sap

Parameters

pbb-tunnel

Specifies that the operational state of the PBB-Epipe service is up if the PBB tunnel is operationally up, irrespective of the operational state of the two SAPs.

sap

Specifies that the operational state of the PBB-Epipe service is up, if two of the three endpoints (PBB tunnel and two SAPs) are up. This option implies that at least one of the SAPs must be up for the PBB-Epipe service to be operationally up.

Platforms

All

Context

[Tree] (config>subscr-mgmt local-user-db)

Full Context

configure subscriber-mgmt local-user-db

Description

Commands in this context configure a local user database.

The no form of this command reverts to the default.

Parameters

local-user-db-name

Specifies the name of a local user database, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vprn>ipsec>sec-plcy>entry local-v6-ip)

[Tree] (config>router>ipsec>sec-plcy>entry local-v6-ip)

Full Context

configure service vprn ipsec security-policy entry local-v6-ip

configure router ipsec security-policy entry local-v6-ip

Description

This command specifies the local v6 prefix for the security-policy entry.

Parameters

ipv6-prefix/prefix-length

Specifies the local v6 prefix and length

Values

ipv6-address/prefix: ipv6-address	x:x:x:x:x:x:x:x (eight 16-bit pieces)
	x:x:x:x:x:x:d.d.d.d
	x [0 to FFFF]H
	d [0 to 255]D
	host bits must be 0
	:: not allowed
	prefix-length [1 to 128]