n Commands
n393
n393
Syntax
n393 [value]
no n393
Context
[Tree] (config>port>ethernet>elmi n393)
Full Context
configure port ethernet elmi n393
Description
This command configures the monitored count of consecutive errors.
Parameters
- value
-
Specifies the monitored count of consecutive errors.
Platforms
All
nak-non-matching-subnet
nak-non-matching-subnet
Syntax
[no] nak-non-matching-subnet
Context
[Tree] (config>service>vprn>dhcp>server>pool nak-non-matching-subnet)
[Tree] (config>router>dhcp>server>pool nak-non-matching-subnet)
Full Context
configure service vprn dhcp local-dhcp-server pool nak-non-matching-subnet
configure router dhcp local-dhcp-server pool nak-non-matching-subnet
Description
When this command is enabled, if the local DHCPv4 server receives a DHCP request with option 50 (client requested a previously allocated message as described in section 3.2 of RFC 2131, Dynamic Host Configuration Protocol) and the address allocation algorithm uses a pool that does not have option 50, the system returns a DHCP NAK. Otherwise, the system drops the DHCP packet.
The no form of this command reverts to the default.
Default
no nak-non-matching-subnet
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
name
name
Syntax
name header-name
Context
[Tree] (config>app-assure>group>http-enrich>field name)
Full Context
configure application-assurance group http-enrich field name
Description
This command configures an HTTP enrichment template field header name.
The no form of this command removes the http enrichment template field header name from the configuration.
Parameters
- header-name
-
Specifies the name of the http enrichment policy that is inserted before the actual field name (for example, x-subId = subscriberID).
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
name
Syntax
name system-name
no name
Context
[Tree] (config>system name)
Full Context
configure system name
Description
This command creates a system name string for the device.
For example, system-name parameter ALA-1 for the name command configures the device name as ALA-1.
ABC>config>system# name "ALA-1"
ALA-1>config>system#
Only one system name can be configured. If multiple system names are configured, the last one encountered overwrites the previous entry.
The no form of the command reverts to the default value.
Default
no name
Parameters
- system-name
-
Specifies the system name as a character string. The string may be up to 64 characters. Any printable, seven-bit ASCII characters can be used within the string. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes.
Platforms
All
name
Syntax
name name-string value value-string
name name-string address ip-address
name name-string decimal decimal
name name-string number value-number
name name-string prefix ip-prefix/ip-prefix-length
no name name-string
Context
[Tree] (config>router>policy-options>global-variables name)
[Tree] (config>router>policy-options>policy-statement>entry>from>policy-variables name)
Full Context
configure router policy-options global-variables name
configure router policy-options policy-statement entry from policy-variables name
Description
This command configures routing policies that are often reused across BGP peers of a common type (transit, peer, customer, and so on). Using global variables allows a user to have a single variable that is consistent across all peers of a type, while retaining the flexibility to reference different policy functions (prefixes, prefix-lists, community lists, and so on) with unique names.
Depending on the parameter referenced, specify the correct type as follows:
-
value-string: as-path, as-path-group, community, prefix-list, damping
-
ip-address: next-hop
-
value-number: aigp-metric, as-path-prepend, local-preference, metric, origin, origin-validation, preference, tag, type
The no form of this command removes the global variable.
Parameters
- name-string
-
Specifies the name of the global variable, with the variable delimited by at-signs (@) at the beginning and the end of the name. Allowed values are any string up to 32 characters, composed of printable, 7-bit ASCII characters. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes.
- value-string
-
The value of the policy variable. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes.
- value-number
-
Specifies the numerical value of the policy variable.
- ip-address
-
Specifies the IP address of the policy variable.
- decimal
-
Specifies the decimal value of the policy variable.
- ip-prefix/ip-prefix-length
-
Specifies the IP prefix and prefix length of the policy variable.
Platforms
All
named-display
named-display
Syntax
[no] named-display
Context
[Tree] (config>eth-cfm>system named-display)
Full Context
configure eth-cfm system named-display
Description
This command configures name-based display on the system for show eth-cfm CLI outputs. By default, the CLI outputs only display the values for the domain md-index, association ma-index, and bridge-identifier bridge-number. When this command is enabled, the outputs also display the administrative names for domains, associations, and bridge-identifiers in addition to the numerical values.
The no form of this command disables name-based display for show eth-cfm CLI outputs.
Default
no named-display
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
named-pool-policy
named-pool-policy
Syntax
named-pool-policy src-name dst-name [ overwrite]
Context
[Tree] (config>qos>copy named-pool-policy)
Full Context
configure qos copy named-pool-policy
Description
This command copies an existing named-pool-policy to another named-pool-policy. The copy command is a configuration level maintenance tool used to create new entries using an existing profile ID. If overwrite is not specified, an error occurs if the destination policy exists.
Parameters
- src-name
-
Specifies the existing source named-pool-policy, up to 32 characters, from which the copy command attempts to copy.
- dst-name
-
Specifies the destination named-pool-policy dst-name, up to 32 characters, to which the copy command attempts to copy.
- overwrite
-
Use this parameter when the named-pool-policy dst-name already exists. If it does, everything in the existing destination named-pool-policy dst-name is completely overwritten with the contents of the named-pool-policy src-name. The overwrite parameter must be specified or else the following error message is returned:
MINOR: CLI use {overwrite}; destination named-pool-policy "test" exists.
If overwrite is specified, the function of copying from source to destination occurs in a "break before make” manner and therefore should be handled with care.
Platforms
All
nas-identifier
nas-identifier
Syntax
[no] nas-identifier
Context
[Tree] (config>aaa>l2tp-acct-plcy>include-radius-attribute nas-identifier)
Full Context
configure aaa l2tp-accounting-policy include-radius-attribute nas-identifier
Description
This command enables the generation of the nas-identifier RADIUS attribute.
The no form of this command reverts to the default.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
nas-identifier
Syntax
[no] nas-identifier
Context
[Tree] (config>subscr-mgmt>acct-plcy>include-radius-attribute nas-identifier)
[Tree] (config>subscr-mgmt>auth-policy>include-radius-attribute nas-identifier)
Full Context
configure subscriber-mgmt radius-accounting-policy include-radius-attribute nas-identifier
configure subscriber-mgmt authentication-policy include-radius-attribute nas-identifier
Description
This command enables the generation of the nas-identifier RADIUS attribute.
The no form of this command disables the generation of the nas-identifier RADIUS attribute.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
nas-identifier
Syntax
[no] nas-identifier
Context
[Tree] (config>ipsec>rad-auth-plcy>include nas-identifier)
[Tree] (config>ipsec>rad-acct-plcy>include nas-identifier)
Full Context
configure ipsec radius-authentication-policy include-radius-attribute nas-identifier
configure ipsec radius-accounting-policy include-radius-attribute nas-identifier
Description
This command enables the generation of the nas-identifier RADIUS attribute.
Default
no nas-identifier
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
nas-identifier
Syntax
[no] nas-identifier
Context
[Tree] (config>aaa>isa-radius-plcy>auth-include-attributes nas-identifier)
[Tree] (config>aaa>isa-radius-plcy>acct-include-attributes nas-identifier)
Full Context
configure aaa isa-radius-policy auth-include-attributes nas-identifier
configure aaa isa-radius-policy acct-include-attributes nas-identifier
Description
This command enables the inclusion of the NAS-Identifier attributes.
The no form of the command excludes NAS-Identifier attributes.
Default
no nas-identifier
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
nas-ip-addr
nas-ip-addr
Syntax
[no] nas-ip-addr
Context
[Tree] (config>ipsec>rad-auth-plcy>include nas-ip-addr)
[Tree] (config>ipsec>rad-acct-plcy>include nas-ip-addr)
Full Context
configure ipsec radius-authentication-policy include-radius-attribute nas-ip-addr
configure ipsec radius-accounting-policy include-radius-attribute nas-ip-addr
Description
This command enables the generation of the NAS IP address attribute.
Default
no nas-ip-addr
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
nas-ip-address
nas-ip-address
Syntax
[no] nas-ip-address
Context
[Tree] (config>aaa>isa-radius-plcy>acct-include-attributes nas-ip-address)
[Tree] (config>aaa>isa-radius-plcy>auth-include-attributes nas-ip-address)
Full Context
configure aaa isa-radius-policy acct-include-attributes nas-ip-address
configure aaa isa-radius-policy auth-include-attributes nas-ip-address
Description
This command enables the generation of the NAS-IP-Address RADIUS attribute.
Default
no nas-ip-address
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
nas-ip-address-origin
nas-ip-address-origin
Syntax
nas-ip-address-origin {isa-ip | system-ip}
no nas-ip-address-origin
Context
[Tree] (config>aaa>isa-radius-plcy nas-ip-address-origin)
Full Context
configure aaa isa-radius-policy nas-ip-address-origin
Description
This command specifies the RADIUS NAS-IP-Address attribute.
The no form of the command reverts to the default.
Default
nas-ip-address-origin system-ip
Parameters
- system-ip
-
Specifies that the value of the object TIMETRA-VRTR-MIB::vRiaIpAddress.1.1.1 is used.
- isa-ip
-
Specifies that a value in the range specified by tmnxRadIsaPlcySrvSrcAddrStart and tmnxRadIsaPlcySrvSrcAddrEnd is used that corresponds to the ISA card that transmits the Access-Request packet or the Accounting-Request packet.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
nas-ipv6-address
nas-ipv6-address
Syntax
[no] nas-ipv6-address
Context
[Tree] (config>aaa>isa-radius-plcy>acct-include-attributes nas-ipv6-address)
Full Context
configure aaa isa-radius-policy acct-include-attributes nas-ipv6-address
Description
This command configures the router to include the NAS-IPv6-Address attribute in RADIUS accounting messages using the address specified in the configure aaa isa-radius-policy nas-ip-address-origin command. The NAS-IPv6-Address attribute is included in both IPv4 and IPv6 RADIUS connections.
The no form of this command configures the router to exclude the NAS-IPv6-Address attribute from RADIUS accounting messages.
Default
nas-ipv6-address
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
nas-ipv6-address
Syntax
[no] nas-ipv6-address
Context
[Tree] (config>aaa>isa-radius-plcy>auth-include-attributes nas-ipv6-address)
Full Context
configure aaa isa-radius-policy auth-include-attributes nas-ipv6-address
Description
This command configures the router to include the NAS-IPv6-Address attribute in RADIUS authentication messages using the address specified in the configure aaa isa-radius-policy nas-ip-address-origin command. The NAS-IPv6-Address attribute is included in both IPv4 and IPv6 RADIUS connections.
The no form of this command configures the router to exclude the NAS-IPv6-Address attribute from RADIUS authentication messages.
Default
nas-ipv6-address
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
nas-port
nas-port
Syntax
[no] nas-port binary-spec
Context
[Tree] (config>aaa>l2tp-acct-plcy>include-radius-attribute nas-port)
Full Context
configure aaa l2tp-accounting-policy include-radius-attribute nas-port
Description
This command enables the generation of the nas-port RADIUS attribute. Enter decimal representation of a 32-bit string that indicates the port information. This 32-bit string can be compiled based on different information from the port (data types). Using number-of-bits data-type syntax indicates the number of bits from the 32 bits that are used for the specific data type. These data types can be combined up to 32 bits. In between the different data types 0s and 1s as bits can be added.
The no form of this command disables the nas-port configuration.
Parameters
- binary-spec
-
Specifies the NAS port attribute.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
Output
The following output shows an example.
Output Example*12o*12i00*2s*2m*2p => oooo oooo oooo iiii iiii iiii 00ss mmpp
If outer vlan = 0 & inner vlan = 1 & slot = 3 & mda = 1 & port = 1
=> 0000 0000 0000 0000 0000 0001 0011 0101 => nas-port = 309
nas-port
Syntax
nas-port binary-spec
no nas-port
Context
[Tree] (config>subscr-mgmt>acct-plcy>include-radius-attribute nas-port)
[Tree] (config>subscr-mgmt>auth-policy>include-radius-attribute nas-port)
Full Context
configure subscriber-mgmt radius-accounting-policy include-radius-attribute nas-port
configure subscriber-mgmt authentication-policy include-radius-attribute nas-port
Description
This command enables the generation of the nas-port RADIUS attribute. You enter decimal representation of a 32-bit string that indicates your port information. This 32-bit string can be compiled based on different information from the port (data types). By using syntax number-of-bits data-type you indicate how many bits from the 32 bits are used for the specific data type. These data types can be combined up to 32 bits. In between the different data types 0's and/or 1's as bits can be added.
The no form of this command disables the nas-port configuration.
Parameters
- binary-spec
-
Specifies the NAS port attribute.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
Output
The following is an example of binary spec information.
Output Example*12o*12i00*2s*2m*2p => oooo oooo oooo iiii iiii iiii 00ss mmpp
If outer vlan = 0 & inner vlan = 1 & slot = 3 & mda = 1 & port = 1
=> 0000 0000 0000 0000 0000 0001 0011 0101 => nas-port = 309
nas-port
Syntax
nas-port binary-spec
no nas-port
Context
[Tree] (config>subscr-mgmt>diam-appl-plcy>nasreq>include-avp nas-port)
[Tree] (config>subscr-mgmt>diam-appl-plcy>gx>include-avp nas-port)
Full Context
configure subscriber-mgmt diameter-application-policy nasreq include-avp nas-port
configure subscriber-mgmt diameter-application-policy gx include-avp nas-port
Description
This command specifies the format of the 32 bit string used as value for the Nas-Port AVP.
Parameters
- binary-spec
-
Specifies the NAS-Port AVP format.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
nas-port
Syntax
[no] nas-port
Context
[Tree] (config>aaa>isa-radius-plcy>acct-include-attributes nas-port)
[Tree] (config>aaa>isa-radius-plcy>auth-include-attributes nas-port)
Full Context
configure aaa isa-radius-policy acct-include-attributes nas-port
configure aaa isa-radius-policy auth-include-attributes nas-port
Description
This command enables the generation of the NAS-Port RADIUS attribute.
Default
no nas-port
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
nas-port-id
nas-port-id
Syntax
nas-port-id
nas-port-id [prefix-string string] [ suffix suffix-option]
no nas-port-id
Context
[Tree] (config>aaa>l2tp-acct-plcy>include-radius-attribute nas-port-id)
Full Context
configure aaa l2tp-accounting-policy include-radius-attribute nas-port-id
Description
This command enables the generation of the nas-port-id RADIUS attribute. Optionally, the value of this attribute (the SAP ID) can be prefixed by a fixed string and suffixed by the circuit-id or the remote-id of the client connection. If a suffix is configured, but no corresponding data is available, the suffix used is 0/0/0/0/0/0.
The no form of this command reverts to the default.
Parameters
- string
-
Specifies that a user configurable string be added to the RADIUS NAS port attribute, up to 8 characters.
- suffix-option
-
Specifies the suffix type to be added to the RADIUS NAS port attribute.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
nas-port-id
Syntax
[no] nas-port-id [prefix-string string] [suffix suffix-option]
Context
[Tree] (config>subscr-mgmt>acct-plcy>include-radius-attribute nas-port-id)
[Tree] (config>subscr-mgmt>auth-policy>include-radius-attribute nas-port-id)
Full Context
configure subscriber-mgmt radius-accounting-policy include-radius-attribute nas-port-id
configure subscriber-mgmt authentication-policy include-radius-attribute nas-port-id
Description
This command enables the generation of the nas-port-id RADIUS attribute. Optionally, the value of this attribute (the SAP ID) can be prefixed by a fixed string and suffixed by the circuit-id or the remote-id of the client connection. If a suffix is configured, but no corresponding data is available, the suffix used is 0/0/0/0/0/0.
The no form of this command disables the generation of the nas-port-id RADIUS attribute.
Parameters
- string
-
Specifies that a user configurable string is added to the RADIUS NAS port attribute, up to 8 characters.
- suffix-option
-
Specifies the suffix type to be added to the RADIUS NAS port attribute.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
nas-port-id
Syntax
nas-port-id [prefix-type {none | user-string}] [ prefix-string prefix-string] [suffix-type {circuit-id | none | remote-id | user-string}] [suffix-string suffix-string]
no nas-port-id
Context
[Tree] (config>subscr-mgmt>diam-appl-plcy>nasreq>include-avp nas-port-id)
[Tree] (config>subscr-mgmt>diam-appl-plcy>gx>include-avp nas-port-id)
Full Context
configure subscriber-mgmt diameter-application-policy nasreq include-avp nas-port-id
configure subscriber-mgmt diameter-application-policy gx include-avp nas-port-id
Description
This command includes the Nas-Port-Id AVP.
Parameters
- prefix-type
-
Specifies what type of prefix is added to the NAS-Port-Id attribute if included in Nas-Port-Id AVP messages.
- prefix-string
-
Specifies the user configurable string up to 8 characters, to be added as a prefix.
- suffix-type}
-
Specifies the suffix to be added to the NAS-Port attribute NAS-Port AVP.
- suffix-string
-
Specifies the string, up to 64 characters, to be added as suffix.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
nas-port-id
Syntax
[no] nas-port-id
Context
[Tree] (config>ipsec>rad-acct-plcy>include nas-port-id)
[Tree] (config>ipsec>rad-auth-plcy>include nas-port-id)
Full Context
configure ipsec radius-accounting-policy include-radius-attribute nas-port-id
configure ipsec radius-authentication-policy include-radius-attribute nas-port-id
Description
This command enables the generation of the nas-port-id RADIUS attribute. Optionally, the value of this attribute (the SAP-id) can be prefixed by a fixed string and suffixed by the circuit-id or the remote-id of the client connection. If a suffix is configured, but no corresponding data is available, the suffix used will be 0/0/0/0/0/0.
Default
no nas-port-id
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
nas-port-id
Syntax
[no] nas-port-id
Context
[Tree] (config>aaa>isa-radius-plcy>acct-include-attributes nas-port-id)
[Tree] (config>aaa>isa-radius-plcy>auth-include-attributes nas-port-id)
Full Context
configure aaa isa-radius-policy acct-include-attributes nas-port-id
configure aaa isa-radius-policy auth-include-attributes nas-port-id
Description
This command enables the generation of the nas-port-id RADIUS attribute. Optionally, the value of this attribute (the SAP-id) can be prefixed by a fixed string and suffixed by the circuit-id or the remote-id of the client connection. If a suffix is configured, but no corresponding data is available, the suffix used will be 0/0/0/0/0/0.
Default
no nas-port-id
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
nas-port-type
nas-port-type
Syntax
nas-port-type
nas-port-type [type]
no nas-port-type
Context
[Tree] (config>aaa>l2tp-acct-plcy>include-radius-attribute nas-port-type)
Full Context
configure aaa l2tp-accounting-policy include-radius-attribute nas-port-type
Description
This command enables the generation of the nas-port-type RADIUS attribute. If set to nas-port-type, the following values are sent: 32 (null-encap), 33 (dot1q), 34 (qinq), 15 (DHCP hosts). The nas-port-type can also be set as a specified value, with an integer from 0 to 255.
The no form of this command reverts to the default.
Parameters
- type
-
Specifies an enumerated integer that specifies the value that is put in the RADIUS nas-port-type attribute.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
nas-port-type
Syntax
nas-port-type
nas-port-type value
no nas-port-type
Context
[Tree] (config>subscr-mgmt>acct-plcy>include-radius-attribute nas-port-type)
[Tree] (config>subscr-mgmt>auth-plcy>include-radius-attribute nas-port-type)
Full Context
configure subscriber-mgmt radius-accounting-policy include-radius-attribute nas-port-type
configure subscriber-mgmt authentication-policy include-radius-attribute nas-port-type
Description
This command enables the generation of the nas-port-type RADIUS attribute. If set to nas-port-type, the following values are sent: 32 (null-encap), 33 (dot1q), 34 (qinq), 15 (DHCP hosts). The nas-port-type can also be set as a specified value, with an integer from 0 to 255.
The no form of this command disables the generation of the nas-port-type RADIUS attribute
Parameters
- value
-
Specifies an enumerated integer that specifies the value that is put in the RADIUS nas-port-type attribute.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
nas-port-type
Syntax
nas-port-type
nas-port-type [type]
no nas-port-type
Context
[Tree] (config>subscr-mgmt>diam-appl-plcy>gx>include-avp nas-port-type)
[Tree] (config>subscr-mgmt>diam-appl-plcy>nasreq>include-avp nas-port-type)
Full Context
configure subscriber-mgmt diameter-application-policy gx include-avp nas-port-type
configure subscriber-mgmt diameter-application-policy nasreq include-avp nas-port-type
Description
This command includes the Nas-Port-Type AVP.
Parameters
- none
-
Specifies values as defined in RFC 2865, Remote Authentication Dial-In User Service (RADIUS), and RFC 4603, Additional Values for the NAS-Port-Type Attribute.
- type
-
Specifies the integer value for the Nas-Port-Type AVP.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
nas-port-type
Syntax
[no] nas-port-type
Context
[Tree] (config>aaa>isa-radius-plcy>acct-include-attributes nas-port-type)
[Tree] (config>aaa>isa-radius-plcy>auth-include-attributes nas-port-type)
Full Context
configure aaa isa-radius-policy acct-include-attributes nas-port-type
configure aaa isa-radius-policy auth-include-attributes nas-port-type
Description
This command enables the generation of the NAS-Port-Type RADIUS attribute.
The no form of the command disables the generation.
Default
no nas-port-type
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
nasreq
nasreq
Syntax
nasreq
Context
[Tree] (config>subscr-mgmt>diam-appl-plcy nasreq)
Full Context
configure subscriber-mgmt diameter-application-policy nasreq
Description
Commands in this context configure NASREQ application-specific attributes.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
nat
nat
Syntax
nat
Context
[Tree] (config>isa>wlan-gw-group nat)
Full Context
configure isa wlan-gw-group nat
Description
Commands in this context configure NAT parameters under wlan-gw-group.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
nat
Syntax
[no] nat
Context
[Tree] (config>redundancy>multi-chassis>peer>sync nat)
Full Context
configure redundancy multi-chassis peer sync nat
Description
Commands in this context synchronize NAT groups.
The no form of this command disables the feature.
Default
nat
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
nat
Syntax
[no] nat
Context
[Tree] (config>service>vprn nat)
[Tree] (config>router nat)
Full Context
configure service vprn nat
configure router nat
Description
This command enables a NAT instance for the specified router or service.
The no form of this command disables the NAT instance.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
nat
Syntax
nat
Context
[Tree] (config>li>li-source nat)
Full Context
configure li li-source nat
Description
Commands in this context configure LI NAT parameters.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
nat
Syntax
nat
Context
[Tree] (config>subscriber-mgmt>pfcp-association nat)
Full Context
configure subscriber-mgmt pfcp-association nat
Description
Commands in this context configure NAT groups for BNG CUPS PFCP association (see the nat-group command in the config>subscriber-mgmt>pfcp-association>nat context).
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
nat
Syntax
nat [nat-policy nat-policy-name]
Context
[Tree] (config>filter>ip-filter>entry>action nat)
Full Context
configure filter ip-filter entry action nat
Description
This command enables NAT traffic diversion based on IPv4 filters (LSN44) or IPv6 filters (DS-Lite, NAT64). The filter contains a matching condition based on any combination of the 5 tuple. Traffic is diverted to NAT based on such defined matching condition. Filter fields outside of the 5 tuples are not valid and it will be ignored in filter based traffic diversion to NAT.
The pool selection for the outside IP address and port along with other mapping characteristics can be specified by the means on the NAT policy.
Parameters
- nat-type
-
Specifies the NAT type.
- nat-policy-name
-
Specifies the NAT policy name, up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
nat
Syntax
nat nat-type nat-type [nat-policy nat-policy-name]
Context
[Tree] (config>filter>ipv6-filter>entry>action nat)
Full Context
configure filter ipv6-filter entry action nat
Description
This command enables NAT traffic diversion based on IPv4 filters (LSN44) or IPv6 filters (DS-Lite, NAT64). The filter contains a matching condition based on any combination of the 5 tuple. Traffic is diverted to NAT based on such defined matching condition. Filter fields outside of the 5 tuples are not valid and it will be ignored in filter based traffic diversion to NAT.
The pool selection for the outside IP address and port along with other mapping characteristics can be specified by the means on the NAT policy.
Parameters
- nat-type
-
Specifies the NAT type.
- nat-policy-name
-
Specifies the NAT policy name, up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
nat
Syntax
nat
Context
[Tree] (admin nat)
Full Context
admin nat
Description
This command performs NAT operations.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
nat-access-mode
nat-access-mode
Syntax
nat-access-mode access-mode
Context
[Tree] (config>subscr-mgmt>sub-profile nat-access-mode)
Full Context
configure subscriber-mgmt sub-profile nat-access-mode
Description
This command configures the NAT access mode.
Access mode in L2-Aware NAT environment is a reflection of supported home set up (bridged or routed) in relation to the configured anti-spoof setting.
This configuration option is only applicable to L2-Aware NAT subscribers. It determines which home model is supported with L2-Aware NAT:
-
Bridged RG with mac-ip anti-spoof
-
Bridged RG with nh-mac anti-spoof
-
Routed RG with NAT and mac-ip anti-spoof
-
Routed RG with NAT and nh-mac anti-spoof
-
Routed RG without NAT and nh-mac anti-spoof
Default
nat-access-mode auto
Parameters
- access-mode
-
Specifies the NAT access mode.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
nat-allow-bypass
nat-allow-bypass
Syntax
[no] nat-allow-bypass
Context
[Tree] (config>subscr-mgmt>sub-prof nat-allow-bypass)
Full Context
configure subscriber-mgmt sub-profile nat-allow-bypass
Description
This command enables L2-Aware NAT host for selective bypass. L2-aware NAT subscribers eligible for NAT bypass must be explicitly enabled with this command. Once enabled, the ip-filter configuration applied in sub-profile determines whether the traffic is bypassed.
The no form of this command causes traffic received from subscribers associated with this profile to not bypass the Layer-2-Aware NAT.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
nat-classifier
nat-classifier
Syntax
nat-classifier nat-classifier-name
no nat-classifier
Context
[Tree] (config>service>nat>nat-policy>dnat nat-classifier)
Full Context
configure service nat nat-policy dnat nat-classifier
Description
This command when configured within the nat-policy, references a nat-classifier and consequently activates DNAT functionality. Unless this command is provisioned, the destination IP address translation will not take place. The nat-classifier identifies the traffic (in a filter-like fashion) that is subjected to DNAT.
The no form of this command removes the nat-classifier-name from the configuration.
Parameters
- nat-classifier-name
-
Specifies the name, up to 32 characters, of the NAT classifier.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
nat-classifier
Syntax
nat-classifier nat-classifier-name [create]
no nat-classifier
Context
[Tree] (config>service>nat nat-classifier)
Full Context
configure service nat nat-classifier
Description
This command creates a nat-classifier. Traffic can be identified in nat-classifier based on the protocol type and destination ports. Once the traffic is identified, an action associated with identified traffic, such as destination NAT (DNAT), can be taken.
The no form of the command removes the nat-classifier-name from the configuration.
Parameters
- nat-classifier-name
-
Specifies the name, up to 32 characters, of the referenced NAT classifier.
- create
-
Keyword used to create the NAT classifier.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
nat-group
nat-group
Syntax
nat-group nat-group-id [create]
no nat-group nat-group-id
Context
[Tree] (config>router>isa-svc-chain nat-group)
Full Context
configure router isa-service-chaining nat-group
Description
This command allows service chaining to be enabled for subscribers whose NAT flows are established on the set of ISAs in the specified NAT group.
The no form of this command removes the NAT group from the configuration.
Parameters
- nat-group-id
-
Specifies the NAT group identifier.
- create
-
Keyword used to create the NAT group instance. The create keyword requirement can be enabled or disabled in the environment>create context.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
nat-group
Syntax
nat-group nat-group-id sync-tag tag
no nat-group nat-group-id
Context
[Tree] (config>redundancy>multi-chassis>peer>sync>nat nat-group)
Full Context
configure redundancy multi-chassis peer sync nat nat-group
Description
This command enables MCS for NAT. NAT group health information is exchanged between the pair of redundant NAT nodes. The system elects one of the nodes as the active node for the NAT group, while the other node becomes a standby node.
The no form of this command disables multi-chassis synchronization for a NAT group.
Default
no nat-group
Parameters
- nat-group-id
-
Specifies the NAT group that is synchronized.
- tag
-
Specifies the synchronization tag that must be the same on both nodes of the NAT group. It is mandatory and must match its counterpart on the peering node for the NAT group that is being synchronized, up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
nat-group
Syntax
nat-group nat-group-id [create]
no nat-group nat-group-id
Context
[Tree] (config>isa nat-group)
Full Context
configure isa nat-group
Description
This command configures an ISA NAT group.
The no form of the command removes the ID from the configuration.
Parameters
- nat-group-id
-
Specifies the ISA NAT group ID.
- create
-
Keyword used to create the NAT group.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
nat-group
Syntax
nat-group nat-group-id
no nat-group
Context
[Tree] (config>subscriber-mgmt>pfcp-association>nat nat-group)
Full Context
configure subscriber-mgmt pfcp-association nat nat-group
Description
This command configures a NAT group participating in NAT on BNG CUPS. ISAs in the NAT group are enabled for operation in BNG CUPS, but are not limited to BNG CUPS deployment. They can be used simultaneously with other versions of NAT in BNG, outside of the CUPS functionality.
The no version of this command deletes the NAT group.
Parameters
- nat-group-id
-
Specifies the NAT group ID.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
nat-import
nat-import
Syntax
nat-import policy-name [policy-name]
no nat-import
Context
[Tree] (config>router>nat>inside nat-import)
[Tree] (config>service>vprn>nat>inside nat-import)
Full Context
configure router nat inside nat-import
configure service vprn nat inside nat-import
Description
This command references an import-policy to determine the routes that should be installed in the routing table as NAT routes, which are used to steer traffic to NAT.
A dynamic route obtained by BGP-VPN can be imported into an inside (private side) routing context in NAT environment. This route is associated with a NAT policy that maps traffic destined into a NAT pool and outside routing context. If the NAT policy is not explicitly configured in the import route policy, the imported NAT route is, by default, associated with the default NAT policy defined in the NAT inside routing context.
All BGP-VPN routes that are destined to be imported into NAT inside routing context must be configured with action-type accept in the route policy.
Parameters
- policy-name
-
Specifies up to five NAT import policy names, up to 64 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
nat-import
Syntax
nat-import all [inside-router router-instance]
nat-import route ipv4-address [inside-router router-instance]
no nat-import all [inside-router router-instance]
no nat-import route ipv4-address [inside-router router-instance]
Context
[Tree] (debug>nat nat-import)
Full Context
debug nat nat-import
Description
This command enables debugging for routes dynamically imported into NAT from BGP.
The events related to dynamic routes in NAT can be filtered by a specific route and inside routing context.
Only events related to dynamic imports are dispayed. Events related to static route configurations are not shown.
Typical debug output displays the following information:
-
18 2021/06/15 09:29:54.436 UTC MINOR: DEBUG #2001 vprn550 NAT_IMPORT
This entry represents the debug event, the inside service in which the event occurred, and the process related to the event. For this particular log, the event ID is 2001 which occurred in the inside service vprn 550 and was related to a dynamic route importing into NAT.
-
dest-prefix 10.10.10.0/24 nat-policy ls-outPolicy service 500 : start import : ACCEPT by policy-statement evaluation
This entry represents the description of the event. The destination prefix 10.10.10.0/24 is associated with nat-policy ls-outPolicy and was successfully imported from the outside vprn 500 (into the inside vprn 550 identified by the first entry).
The no form of the command disables debugging of the specified parameters.
Parameters
- all
-
Specifies to debug all routes dynamically imported into NAT from BGP.
- router-instance
-
Specifies filtering based on specific inside routing context.
- ipv4-address
-
Specifies filtering based on the specific route.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
nat-outside
nat-outside
Syntax
nat-outside nat-group-id [create]
no nat-outside nat-group-id
Context
[Tree] (config>service>epipe nat-outside)
Full Context
configure service epipe nat-outside
Description
This command binds an Epipe to a NAT context running on an ISA-BB, allowing the Epipe to act as the outside service for the NAT or firewall. When nat-outside is enabled, one end of the Epipe is implicitly tied to ISA BB forwarding, leaving one remaining SAP, spoke, or similar available to be configured.
The no version of this command removes the Epipe binding to a NAT context.
Parameters
- nat-group-id
-
The NAT group ID where the PPPoE client is applied.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
nat-policy
nat-policy
Syntax
nat-policy policy-name
no nat-policy
Context
[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range nat-policy)
[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range nat-policy)
Full Context
configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range nat-policy
configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range nat-policy
Description
This command specifies the NAT policy for WLAN-GW ISA subscribers.
The no form of this command reverts to the default.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
nat-policy
Syntax
nat-policy nat-policy-name
no nat-policy
Context
[Tree] (config>router>policy-options>policy-statement>entry>action nat-policy)
[Tree] (config>service>vprn>nat>inside nat-policy)
[Tree] (config>router>nat>inside nat-policy)
Full Context
configure router policy-options policy-statement entry action nat-policy
configure service vprn nat inside nat-policy
configure router nat inside nat-policy
Description
This command configures the NAT policy that is used for large-scale NAT in this service. If a nat-policy is not configured, then the default nat-policy is used.
The no form of the command removes the policy name from the configuration.
Parameters
- nat-policy-name
-
Specifies the NAT policy name, up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
nat-policy
Syntax
nat-policy nat-policy-name
no nat-policy
Context
[Tree] (config>router>policy-options>policy-statement>default-action nat-policy)
Full Context
configure router policy-options policy-statement default-action nat-policy
Description
This command assigns a NAT policy to the matched routes that do not have a more specific nat-policy configured under action.
A dynamic route obtained by BGP-VPN can be imported into an inside (private side) routing context in NAT environment. This route must be associated with a NAT policy that maps traffic destined to it into a NAT pool and outside routing context. If the NAT policy is not specified within the route policy, the imported NAT route, by default, is associated with the default NAT policy defined in the NAT inside routing context.
All BGP-VPN routes that are destined to be imported into NAT inside routing context must have action-type set to accept, regardless of whether the NAT policy is configured in the action.
The no form of the command removes the policy name from the configuration.
Parameters
- nat-policy-name
-
Specifies the NAT policy name, up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
nat-policy
Syntax
nat-policy nat-policy-name [create]
no nat-policy nat-policy-name
Context
[Tree] (config>service>nat nat-policy)
Full Context
configure service nat nat-policy
Description
This command configures a NAT policy.
Parameters
- nat-policy-name
-
Specifies the NAT policy name, up to 32 characters.
- create
-
Keyword used to create the NAT policy.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
nat-policy
Syntax
nat-policy policy-name
no nat-policy
Context
[Tree] (config>subscr-mgmt>sub-profile nat-policy)
Full Context
configure subscriber-mgmt sub-profile nat-policy
Description
This command configures the NAT policy to be used for subscribers associated with this subscriber profile.
Parameters
- policy-name
-
Specifies the policy name, up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
nat-policy
Syntax
[no] nat-policy nat-policy-name
Context
[Tree] (config>router>nat>inside>spf-policy nat-policy)
[Tree] (config>service>vprn>nat>inside>spf-policy nat-policy)
Full Context
configure router nat inside spf-policy nat-policy
configure service vprn nat inside spf-policy nat-policy
Description
- when assigning SPF to NAT subscribers in pools that differ from the ones to which their corresponding source prefixes are mapped
- when the source prefixes are not configured for the NAT subscriber
The no form of this command removes the policy name from the configuration.
Parameters
- nat-policy-name
-
Specifies the NAT policy name, up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
nat-policy-name
nat-policy-name
Syntax
[no] nat-policy-name
Context
[Tree] (config>service>nat>syslog>syslog-export-policy>include nat-policy-name)
Full Context
configure service nat syslog syslog-export-policy include nat-policy-name
Description
This command includes the NAT policy name in the flow log.
The no form of the command disables the feature.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
nat-port-forwarding
nat-port-forwarding
Syntax
nat-port-forwarding
Context
[Tree] (config>system>persistence nat-port-forwarding)
Full Context
configure system persistence nat-port-forwarding
Description
This command configures NAT port forwarding persistence parameters.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
nat-port-range
nat-port-range
Syntax
[no] nat-port-range
Context
[Tree] (config>subscr-mgmt>acct-plcy>include-radius-attribute nat-port-range)
Full Context
configure subscriber-mgmt radius-accounting-policy include-radius-attribute nat-port-range
Description
This command enables the generation of the of nat-port-range attribute.
The no form of this command disables the generation of the nat-port-range attribute.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
nat-prefix-list
nat-prefix-list
Syntax
nat-prefix-list name
no nat-prefix-list name
Context
[Tree] (config>subscr-mgmt>sub-prof nat-prefix-list)
Full Context
configure subscriber-mgmt sub-profile nat-prefix-list
Description
This command specifies the nat-prefix-list referenced within the subscriber-profile is used to associate L2-aware subscriber traffic with additional nat-policies based on the destination IPv4 address of the traffic.
The no form of the command removes the prefix list name from the configuration.
Parameters
- name
-
Specifies the nat prefix list name. Allowed values are any string up to 32 characters long composed of printable,7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
nat-prefix-list
Syntax
nat-prefix-list name [create] [application application-choice]
no nat-prefix-list name
Context
[Tree] (config>service>nat nat-prefix-list)
Full Context
configure service nat nat-prefix-list
Description
This command is used to create configuration context for:
-
IP prefixes that are used select multiple nat-policies per subscriber in L2-aware NAT.
-
Inside IP prefixes in DNAT-only scenario. The inside IP prefixes are then setup as downstream routes used to steer the return (downstream) traffic to the proper MS-ISA.
The no form of the command removes the prefix list name from the configuration.
Parameters
- name
-
Specifies the nat prefix list name. Allowed values are any string up to 32 characters long composed of printable,7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes.
- application application-choice
-
Specifies how this NAT prefix list is to be applied.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
nat-subscriber-string
nat-subscriber-string
Syntax
[no] nat-subscriber-string
Context
[Tree] (config>aaa>isa-radius-plcy>acct-include-attributes nat-subscriber-string)
Full Context
configure aaa isa-radius-policy acct-include-attributes nat-subscriber-string
Description
This command enables the inclusion of the NAT subscriber string attributes.
The no form of the command excludes NAT subscriber string attributes.
Default
no nat-subscriber-string
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
nat-traversal
nat-traversal
Syntax
nat-traversal [force] [keep-alive-interval keep-alive-interval] [force-keep-alive]
no nat-traversal
Context
[Tree] (config>ipsec>ike-policy nat-traversal)
Full Context
configure ipsec ike-policy nat-traversal
Description
This command specifies whether NAT-T (Network Address Translation Traversal) is enabled, disabled or in forced mode.
The no form of this command reverts the parameters to the default.
Default
no nat-traversal
Parameters
- force
-
Forces to enable NAT-T
- keep-alive-interval keep-alive-interval
-
Specifies the keep-alive interval in seconds.
- force-keep-alive
-
When specified, the keep-alive does not expire.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
nat64
nat64
Syntax
[no] nat64
Context
[Tree] (config>router>nat>inside nat64)
[Tree] (config>service>vprn>nat>inside nat64)
Full Context
configure router nat inside nat64
configure service vprn nat inside nat64
Description
Commands in this context configure NAT64 parameters.
The no form of the command disables NAT64.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
nat64-lsn-sub
nat64-lsn-sub
Syntax
[no] nat64-lsn-sub router router-instance ip ipv6-prefix
Context
[Tree] (config>li>li-source>nat nat64-lsn-sub)
Full Context
configure li li-source nat nat64-lsn-sub
Description
This command configures a NAT64 LSN subscriber source.
Parameters
- router-instance
-
Specifies the routing instance into which to inject the mirrored packets.
- ipv6-prefix
-
Specifies the IPv6 address.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
national-bits
national-bits
Syntax
national-bits sa4 sa5 sa6 sa7 sa8
no national-bits
Context
[Tree] (config>port>tdm>e1 national-bits)
Full Context
configure port tdm e1 national-bits
Description
This command configures the national use bits.
Parameters
- sa-bits
-
Disables or enables SA bits.
Platforms
7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e
nbr
nbr
Syntax
nbr [detail]
no nbr
Context
[Tree] (debug>router>rsvp>event nbr)
Full Context
debug router rsvp event nbr
Description
This command debugs neighbor events.
The no form of the command disables the debugging.
Parameters
- detail
-
Displays detailed information about neighbor events.
Platforms
All
ncp-renegotiation
ncp-renegotiation
Syntax
ncp-renegotiation {ignore | terminate-session}
no ncp-renegotiation
Context
[Tree] (config>subscr-mgmt>ppp-policy ncp-renegotiation)
Full Context
configure subscriber-mgmt ppp-policy ncp-renegotiation
Description
This command configures the NCP renegotiation.
The no form of the command reverts to the default value.
Default
ncp-renegotiation terminate-session
Parameters
- ignore
-
Specifies that BNG ignore subsequent renegotiation messages after successful IPCP negotiation.
- terminate-session
-
Specifies that the PPP session be terminated.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
nd
nd
Syntax
nd
Context
[Tree] (config>service>ies>sub-if>grp-if>ipv6 nd)
[Tree] (config>service>vprn>sub-if>grp-if>ipv6 nd)
Full Context
configure service ies subscriber-interface group-interface ipv6 nd
configure service vprn subscriber-interface group-interface ipv6 nd
Description
Commands in this context configure neighbor discovery (ND) parameters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
nd
nd-host-route
nd-host-route
Syntax
nd-host-route
Context
[Tree] (config>service>vprn>if>ipv6 nd-host-route)
Full Context
configure service vprn interface ipv6 nd-host-route
Description
Commands in this context populate ND host route entries.
Platforms
All
nd-learn-unsolicited
nd-learn-unsolicited
Syntax
nd-learn-unsolicited {global | link-local | both}
no nd-learn-unsolicited
Context
[Tree] (config>service>ies>if>ipv6 nd-learn-unsolicited)
Full Context
configure service ies interface ipv6 nd-learn-unsolicited
Description
This command enables the ability to learn neighbor entries out of received unsolicited Neighbor Advertisement messages with or without the solicited flag set. The command can be enabled for global addresses, link-local addresses, or for both.
The no form of this command makes the router use standard RFC 4861 behavior, as described below, for learning of neighbor entries.
-
If an unsolicited NA, regardless of the S flag, is received from a neighbor that is not yet in the ND cache, the NA is ignored.
-
If an NS, RS, RA, or Redirect message with a Link Layer Address (MAC) is received from a neighbor that is not yet in the ND cache, a new neighbor entry is created in the cache to store the received Link Layer MAC. The neighbor is put in the stale state.
Parameters
- global
-
Learns global neighbor entries out of received unsolicited Neighbor Advertisement messages.
- link-local
-
Learns link local neighbor entries out of received unsolicited Neighbor Advertisement messages.
- both
-
Learns both global and link local neighbor entries out of received unsolicited Neighbor Advertisement messages.
Platforms
All
nd-learn-unsolicited
Syntax
nd-learn-unsolicited {global | link-local | both}
no nd-learn-unsolicited
Context
[Tree] (config>service>vprn>if>ipv6 nd-learn-unsolicited)
Full Context
configure service vprn interface ipv6 nd-learn-unsolicited
Description
This command enables the ability to learn neighbor entries out of received unsolicited Neighbor Advertisement messages, with or without the solicited flag set. The command can be enabled for global addresses, link-local addresses, or for both.
The no form of this command makes the router follow standard RFC 4861 behavior for learning of neighbor entries.
-
If an unsolicited NA (regardless of the S flag) is received from a neighbor that is not yet in the ND cache, the NA is ignored in line with RFC 4861.
-
If an NS, RS, RA, or Redirect message with a Link Layer Address (MAC) is received from a neighbor that is not yet in the ND cache, a new neighbor entry is created in the cache to store the received Link Layer MAC. The neighbor is put in the STALE state. This is the standard RFC behavior.
Parameters
- global
-
Learns global neighbor entries out of received unsolicited Neighbor Advertisement messages.
- link-local
-
Learns link local neighbor entries out of received unsolicited Neighbor Advertisement messages.
- both
-
Learns both global and link local neighbor entries out of received unsolicited Neighbor Advertisement messages.
Platforms
All
nd-learn-unsolicited
Syntax
nd-learn-unsolicited {global | link-local | both}
no nd-learn-unsolicited
Context
[Tree] (config>router>if>ipv6 nd-learn-unsolicited)
Full Context
configure router interface ipv6 nd-learn-unsolicited
Description
This command enables the ability to learn neighbor entries out of received unsolicited Neighbor Advertisement messages, with or without the solicited flag set. The command can be enabled for global addresses, link-local addresses, or for both.
The no form of this command makes the router follow standard RFC 4861 behavior for learning of neighbor entries.
-
If an unsolicited NA (regardless of the S flag) is received from a neighbor that is not yet in the ND cache, the NA is ignored in line with RFC 4861.
-
If an NS, RS, RA, or Redirect message with a Link Layer Address (MAC) is received from a neighbor that is not yet in the ND cache, a new neighbor entry is created in the cache to store the received Link Layer MAC. The neighbor is put in the STALE state. This is the standard RFC behavior.
Parameters
- global
-
Learns global neighbor entries out of received unsolicited Neighbor Advertisement messages. This parameter is relevant only to global IPv6 addresses.
- link-local
-
Learns link local neighbor entries out of received unsolicited Neighbor Advertisement messages.
- both
-
Learns both global and link local neighbor entries out of received unsolicited Neighbor Advertisement messages.
Platforms
All
nd-populate-host-route
nd-populate-host-route
Syntax
[no] nd-populate-host-route
Context
[Tree] (config>service>ies>interface>ipv6 nd-populate-host-route)
Full Context
configure service ies interface ipv6 nd-populate-host-route
Description
This command enables the addition or deletion of host routes in the route-table derived from neighbor entries in the neighbor cache. To enable this command, the interface must be shut down. The command triggers the population of host routes in the route table out of their corresponding static, dynamic, or EVPN types in the neighbor table. Neighbor entries installed by subscriber management, local interfaces, and others, do not create host-routes.
Only reachable entries are added to the route table (entries are created from solicited NA messages). Entries created as stale — from Neighbor Solicitation (NS), unsolicited Neighbor Advertisements (NA), Router Solicitation (RS), Router Advertisement (RA), and Redirect messages — are not added to the route table because the neighbor is not confirmed as two-way.
-
RA, RS, NS, and Redirect messages with a link layer address are added as STALE cache entries. Unsolicited NAs are added as STALE if nd-learn-unsolicited is configured.
-
To speed up the addition of host routes to the route table for neighbors created as STALE, the following procedure is used:
-
If nd-populate-host-route is configured, the router sends an NS (unicast Neighbor Unreachability Detection (NUD) message) to the neighbor created as STALE. Only one NUD message is sent.
-
If nd-populate-host-route is not configured, no confirmation message is sent and regular procedures apply.
-
-
When the solicited NA for the neighbor is received, the entry becomes reachable and is then added to the route-table.
The no form of this command disables the creation of host routes from the neighbor cache.
Platforms
All
nd-proactive-refresh
nd-proactive-refresh
Syntax
nd-proactive-refresh {global | link-local | both}
no nd-proactive-refresh
Context
[Tree] (config>service>ies>if>ipv6 nd-proactive-refresh)
Full Context
configure service ies interface ipv6 nd-proactive-refresh
Description
This command enables a proactive refresh of the neighbor entries. When enabled, at the stale timer expiration, the router sends a NUD message to the host (regardless of the existence of traffic to the IP address on the IOM), so the entry can be refreshed or removed.
This behavior is different from ARP, where the refresh is sent 30 seconds prior to the entry’s age out time. The refresh can be optionally enabled for global addresses, link-local addresses, or both.
The no form of this command disables the proactive behavior and the router only refreshes an entry if there is traffic that needs to be sent to the IP address.
Parameters
- global
-
Refreshes global neighbor entries.
- link-local
-
Refreshes link local neighbor entries.
- both
-
Refreshes both global and link local neighbor entries.
Platforms
All
nd-proactive-refresh
Syntax
nd-proactive-refresh {global | link-local | both}
no nd-proactive-refresh
Context
[Tree] (config>service>vprn>if>ipv6 nd-proactive-refresh)
Full Context
configure service vprn interface ipv6 nd-proactive-refresh
Description
This command enables a proactive refresh of the neighbor entries. When enabled, at the stale timer expiration, the router sends an NUD message to the host (regardless of the existence of traffic to the IP address on the IOM), so the entry can be refreshed or removed.
This behavior is different from ARP, where the refresh is sent 30 seconds prior to the entry’s age out time. The refresh can be optionally enabled for global addresses, link-local addresses, or both.
The no form of this command disables the proactive behavior and the router only refreshes an entry if there is traffic that needs to be sent to the IP address.
Parameters
- global
-
Refreshes global neighbor entries. This parameter is relevant only to global IPv6 addresses.
- link-local
-
Refreshes link local neighbor entries. This parameter is relevant only to global IPv6 addresses.
- both
-
Refreshes both global and link local neighbor entries. This parameter is relevant only to global IPv6 addresses.
Platforms
All
nd-proactive-refresh
Syntax
nd-proactive-refresh {global | link-local | both}
no nd-proactive-refresh
Context
[Tree] (config>router>if>ipv6 nd-proactive-refresh)
Full Context
configure router interface ipv6 nd-proactive-refresh
Description
This command enables a proactive refresh of the neighbor entries. When enabled, at the stale timer expiration, the router sends an NUD message to the host (regardless of the existence of traffic to the IP address on the IOM), so the entry can be refreshed or removed.
This behavior is different from ARP, where the refresh is sent 30 seconds prior to the entry’s age out time. The refresh can be optionally enabled for global addresses, link-local addresses, or both.
The no form of this command disables the proactive behavior and the router only refreshes an entry if there is traffic that needs to be sent to the IP address.
Parameters
- global
-
Refreshes global neighbor entries. This parameter is relevant only to global IPv6 addresses.
- link-local
-
Refreshes link local neighbor entries. This parameter is relevant only to global IPv6 addresses.
- both
-
Refreshes both global and link local neighbor entries. This parameter is relevant only to global IPv6 addresses.
Platforms
All
nd-route-tag
nd-route-tag
Syntax
nd-route-tag tag
no nd-route-tag
Context
[Tree] (config>service>ies>if>ipv6 nd-route-tag)
Full Context
configure service ies interface ipv6 nd-route-tag
Description
This command adds a route tag to the ARP-ND host routes generated out of the neighbor entries in the interface. As any other route tag, it can be used to match ARP-ND routes in BGP export policies.
The no form of this command removes the route tag for the ARP-ND host routes.
Parameters
- tag
-
Specifies the route tag to be added when the proxy ND entries are advertised to EVPN.
Platforms
All
nd-router-preference
nd-router-preference
Syntax
nd-router-preference {medium | high | low}
no nd-router-preference
Context
[Tree] (config>service>vprn>router-advert>if nd-router-preference)
[Tree] (config>router>router-advert>if nd-router-preference)
Full Context
configure service vprn router-advertisement interface nd-router-preference
configure router router-advertisement interface nd-router-preference
Description
This command configures the default router preference for Router Advertisement (RA) and allows IPv6 hosts to discover and select a default gateway address by listening to RAs.
This feature provides basic traffic engineering functionality for host devices. When this command is applied, the router advertises the respective router preference to the connected host to assist in its selection of the most appropriate default gateway on a link.
This extension is backward compatible, both for routers (setting the router preference bits) and hosts (interpreting the router preference bits). These bits are ignored by hosts that do not implement the RFC 4191 functionality by configuring this command. Similarly, hosts that do not implement the RFC 4191 functionality interpret the values sent by devices that do not implement the RFC 4191 extension with the medium preference option.
The no form of this command configures this command to the default value.
Default
nd-router-preference medium
Parameters
- medium
-
Specifies the router advertises a medium default gateway preference.
- high
-
Specifies the router advertises a high default gateway preference.
- low
-
Specifies the router advertises a low default gateway preference.
Platforms
All
neid
neid
Syntax
neid hex-string
no neid
Context
[Tree] (config>system>ned>profile neid)
Full Context
configure system network-element-discovery profile neid
Description
This command configures the NEID for this profile.
The no form of this command deletes the NEID for this profile.
Parameters
- hex-string
-
A hexadecimal string that consists of a subnet ID and basic ID. The first 8 high-order bits indicate the subnet ID and range from 0x1 to 0xFE. The 16 low-order bits indicate the basic ID and ranges from 0x0001 to 0xFFFE. The NEID cannot be configured as 0x90006 to 0x9FF06 or 0x9bff0.
Platforms
All
neighbor
neighbor
Syntax
neighbor ip-address [create]
no neighbor ip-address
Context
[Tree] (config>service>vpls>gsmp>group neighbor)
[Tree] (config>service>vprn>gsmp>group neighbor)
Full Context
configure service vpls gsmp group neighbor
configure service vprn gsmp group neighbor
Description
Commands in this context configure a GSMP ANCP neighbor parameters.
The no form of this command reverts to the default.
Parameters
- ip-address
-
Specifies the IP address of the GSMP ANCP neighbor.
- create
-
Keyword used to create the neighbor instance. The create keyword requirement can be enabled or disabled in the environment>create context.
Platforms
All
neighbor
Syntax
[no] neighbor ip-address [ create]
Context
[Tree] (config>service>vprn>gsmp>group neighbor)
Full Context
configure service vprn gsmp group neighbor
Description
This command adds a neighbor in the GSMP group.
The no form of this command removes the neighbor from the GSMP group.
Parameters
- ip-address
-
Specifies the IP address in dotted decimal notation.
- create
-
This keyword is mandatory when creating a GSMP group name. The create keyword requirement can be enabled/disabled in the environment>create context.
Platforms
All
neighbor
Syntax
[no] neighbor ip-int-name
Context
[Tree] (config>router>rip>group neighbor)
[Tree] (config>router>ripng>group neighbor)
[Tree] (config>service>vprn>rip>group neighbor)
Full Context
configure router rip group neighbor
configure router ripng group neighbor
configure service vprn rip group neighbor
Description
This command creates a context for configuring a RIP neighbor interface. By default, group interfaces are not activated with RIP, unless explicitly configured. The BNG only learns RIP routes from IPv4 host on the group interface. The RIP neighbor group interface defaults to none. The send operation is unchangeable for group-interface.
The no form of this command deletes the RIP interface configuration for this group interface. The shutdown command in the config>router>rip>group group-name>neighbor context can be used to disable an interface without removing the configuration for the interface.
Default
no neighbor
Parameters
- ip-int-name
-
Specifies the IP interface name. Interface names must be unique within the group of defined IP interfaces for config router interface and config service ies interface commands. An interface name cannot be in the form of an IP address. Interface names can be any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes.
If the IP interface name does not exist or does not have an IP address configured, an error message will be returned.
Platforms
All
neighbor
Syntax
neighbor ipv6-address mac-address
no neighbor ipv6-address
Context
[Tree] (config>service>ies>if>ipv6 neighbor)
Full Context
configure service ies interface ipv6 neighbor
Description
This command configures IPv6-to-MAC address mapping on the IES interface.
Parameters
- ipv6-address
-
The IPv6 address of the interface for which to display information.
- mac-address
-
Specifies the 48-bit MAC address for the IPv6-to-MAC address mapping in the form aa:bb:cc:dd:ee:ff or aa-bb-cc-dd-ee-ff where aa, bb, cc, dd, ee and ff are hexadecimal numbers. Allowed values are any non-broadcast, non-multicast MAC and non-IEEE reserved MAC addresses.
Platforms
All
neighbor
Syntax
neighbor ip-address
no neighbor
Context
[Tree] (config>port>aps neighbor)
Full Context
configure port aps neighbor
Description
This command specifies the neighbor's IP address only on a multi-chassis APS where the working and protect circuits are configured on different routers. When the value the neighbor IP address is set to 0.0.0.0, this implies that the APS group is configured as a single-chassis APS group.
The route to the neighbor must not traverse the multi-chassis APS member (working or protect) circuits. It is recommended that the neighbor IP address configured is on a shared network between the routers that own the working and protect circuits.
By default no neighbor address is configured and both the working and protect circuits should be configured on the same router (i.e., single-chassis APS). APS is assumed to be configured wholly on a single chassis.
Parameters
- ip-address
-
Specifies the neighbor's IP address only on a multi-chassis APS where the working and protect circuits are configured on different routers. The node should be connected with a direct interface to ensure optimum fail-over time.
Platforms
7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e
neighbor
Syntax
[no] neighbor ip-address
Context
[Tree] (config>router>bgp>group neighbor)
Full Context
configure router bgp group neighbor
Description
This command creates a BGP peer/neighbor instance within the context of the BGP group.
This command can be issued repeatedly to create multiple peers and their associated configuration.
The no form of this command is used to remove the specified neighbor and the entire configuration associated with the neighbor. The neighbor must be administratively shutdown before attempting to delete it. If the neighbor is not shutdown, the command will not result in any action except a warning message on the console indicating that neighbor is still administratively up.
Default
no neighbor
Parameters
- ip-address
-
Specifies the IP address of the BGP peer router in dotted decimal notation.
Platforms
All
neighbor
Syntax
[no] neighbor ip-address
Context
[Tree] (config>service>vprn>bgp>group neighbor)
Full Context
configure service vprn bgp group neighbor
Description
This command creates a BGP peer/neighbor instance within the context of the BGP group.
This command can be issued repeatedly to create multiple peers and their associated configuration.
The no form of this command is used to remove the specified neighbor and the entire configuration associated with the neighbor. The neighbor must be administratively shutdown before attempting to delete it. If the neighbor is not shut down, the command will not result in any action except a warning message on the console indicating that neighbor is still administratively up.
Parameters
- ip-address
-
The IP address of the BGP peer router in dotted decimal notation.
Platforms
All
neighbor
Syntax
neighbor ipv6-address mac-address
no neighbor ipv6-address
Context
[Tree] (config>service>vprn>if>ipv6 neighbor)
Full Context
configure service vprn interface ipv6 neighbor
Description
This command configures IPv6-to-MAC address mapping on the interface.
Parameters
- ipv6-address
-
Specifies the IPv6 address on the interface.
- mac-address
-
Specifies the 48-bit MAC address for the static ARP in the form aa:bb: cc:dd:ee:ff or aa-bb-cc -dd-ee-ff where aa, bb, cc, dd, ee and ff are hexadecimal numbers. Allowed values are any non-broadcast, non-multicast MAC and non-IEEE reserved MAC addresses.
Platforms
All
neighbor
Syntax
[no] neighbor ip-address
Context
[Tree] (config>service>vprn>ospf>area>if neighbor)
[Tree] (config>service>vprn>ospf3>area>if neighbor)
Full Context
configure service vprn ospf area interface neighbor
configure service vprn ospf3 area interface neighbor
Description
This command configures an OSPF non-broadcast multi-access (NBMA) neighbor. The OSPF interface must be configured as an NBMA interface with the interface-type non-broadcast command. An NBMA network has no broadcast or multicast capabilities, so the router cannot discover its neighbors dynamically. All neighbors must be configured statically with the neighbor command.
In addition to configuring the OSPF NBMA neighbor’s IP address, the neighbor’s MAC address may need to be configured with the config>service>vprn>interface>static-arp command for OSPFv2 neighbors using its IPv4 address, and the config>service>vprn>interface>ipv6>neighbor command for OSPFv3 neighbors using its IPv6 link-local address.
The no form of this command removes the neighbor configuration.
Default
No OSPF NBMA neighbors are configured.
Parameters
- ip-address
-
Specifies the OSPFv2 neighbor’s IPv4 address or the OSPFv3 neighbor’s IPv6 link-local address.
Platforms
All
neighbor
Syntax
neighbor ipv6-address mac-address
no neighbor ipv6-address
Context
[Tree] (config>router>if>ipv6 neighbor)
Full Context
configure router interface ipv6 neighbor
Description
This command configures an IPv6-to-MAC address mapping on the interface. Use this command if a directly attached IPv6 node does not support ICMPv6 neighbor discovery, or for some reason, a static address must be used. This command can only be used on Ethernet media.
The ipv6-address must be on the subnet that was configured from the IPv6 address command or a link-local address.
Parameters
- ipv6-address
-
The IPv6 address assigned to a router interface.
- mac-address
-
Specifies the MAC address for the neighbor in the form of xx:xx:xx:xx:xx:xx or xx-xx-xx-xx-xx-xx.
Platforms
All
neighbor
Syntax
neighbor [ip-int-name]
no neighbor
Context
[Tree] (debug>router>ip neighbor)
Full Context
debug router ip neighbor
Description
This command enables IPv6 neighbor debugging.
Parameters
- ip-int-name
-
Specifies the IP interface name.
Platforms
All
neighbor
Syntax
[no] neighbor ipv4-address
[no] neighbor ipv6-address
Context
[Tree] (config>router>ospf3>area>interface neighbor)
[Tree] (config>router>ospf>area>interface neighbor)
Full Context
configure router ospf3 area interface neighbor
configure router ospf area interface neighbor
Description
This command configures an OSPF non-broadcast multi-access (NBMA) neighbor. The OSPF interface must be configured as an NBMA interface with the interface-type non-broadcast command. An NBMA network has no broadcast or multicast capabilities, so the router cannot discover its neighbors dynamically. All neighbors must be configured statically with the neighbor command.
In addition to configuring the IP address of the OSPF NBMA neighbor, the MAC address of the neighbor may need to be configured with the config>router>interface>static-arp command for OSPFv2 neighbors using its IPv4 address, and the config>router>interface>ipv6>neighbor command for OSPFv3 neighbors using its IPv6 link-local address.
The no form of this command removes the neighbor configuration.
Default
no neighbor
Parameters
- ipv4-address
-
Specifies the IPv4 address of the OSPFv2 neighbor.
- ipv6-address
-
Specifies the IPv6 link-local address of the OSPFv3 neighbor.
Platforms
All
neighbor
Syntax
neighbor [ip-int-name | ip-address]
neighbor [ip-int-name] [router-id]
no neighbor
Context
[Tree] (debug>router>ospf3 neighbor)
[Tree] (debug>router>ospf neighbor)
Full Context
debug router ospf3 neighbor
debug router ospf neighbor
Description
This command enables debugging for an OSPF or OSPF3 neighbor.
Parameters
- ip-int-name
-
Specifies the neighbor interface name.
- ip-address
-
Specifies neighbor information for the neighbor identified by the specified IP address, in the debug>router>ospf context.
- router-id
-
Specifies neighbor information for the neighbor identified by the specified router ID, in the debug>router>ospf3 context.
Platforms
All
neighbor
Syntax
neighbor {ip-address | prefix-list name}
no neighbor
Context
[Tree] (config>router>policy-options>policy-statement>entry>to neighbor)
[Tree] (config>router>policy-options>policy-statement>entry>from neighbor)
Full Context
configure router policy-options policy-statement entry to neighbor
configure router policy-options policy-statement entry from neighbor
Description
This command specifies the neighbor address as found in the source address of the actual join and prune message as a filter criterion. If no neighbor is specified, any neighbor is considered a match.
The no form of the of the command removes the neighbor IP match criterion from the configuration.
Default
no neighbor
Parameters
- ip-address
-
Specifies the neighbor IP address in dotted decimal notation.
- prefix-list name
-
Specifies the prefix-list name. Allowed values are any string up to 64 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes.
The name specified must already be defined.
Platforms
All
neighbor-limit
neighbor-limit
Syntax
neighbor-limit [value]
no neighbor-limit
Context
[Tree] (config>service>vprn>sub-if>grp-if>ipv6>nd neighbor-limit)
[Tree] (config>service>ies>sub-if>grp-if>ipv6>nd neighbor-limit)
Full Context
configure service vprn subscriber-interface group-interface ipv6 nd neighbor-limit
configure service ies subscriber-interface group-interface ipv6 nd neighbor-limit
Description
This command configures the maximum number of neighbors learned for a single host by doing neighbor discovery.
The no form of this command reverts to the default.
Default
neighbor-limit 1
Parameters
- value
-
Specifies the maximum number of neighbors learned.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
neighbor-limit
Syntax
neighbor-limit limit [log-only] [ threshold percent]
no neighbor-limit
Context
[Tree] (config>service>ies>if>ipv6 neighbor-limit)
Full Context
configure service ies interface ipv6 neighbor-limit
Description
This command configures the maximum amount of dynamic IPv6 neighbor entries that can be learned on an IP interface.
When the number of dynamic neighbor entries reaches the configured percentage of this limit, an SNMP trap is sent. When the limit is exceeded, no new entries are learned until an entry expires and traffic to these destinations is dropped. Entries that have already been learned is refreshed.
The no form of this command removes the neighbor-limit.
Default
no neighbor-limit
Parameters
- log-only
-
Enables the warning message to be sent at the specified threshold percentage, and also when the limit is exceeded. However, entries above the limit is learned.
- percent
-
The threshold value (as a percentage) that triggers a warning message to be sent.
- limit
-
The number of entries that can be learned on an IP interface expressed as a decimal integer. If the limit is set to 0, dynamic neighbor learning is disabled and no dynamic neighbor entries are learned.
Platforms
All
neighbor-limit
Syntax
neighbor-limit limit [log-only] [ threshold percent]
no neighbor-limit
Context
[Tree] (config>service>vprn>if>ipv6 neighbor-limit)
Full Context
configure service vprn interface ipv6 neighbor-limit
Description
This command configures the maximum amount of dynamic IPv6 neighbor entries that can be learned on an IP interface.
When the number of dynamic neighbor entries reaches the configured percentage of this limit, an SNMP trap is sent. When the limit is exceeded, no new entries are learned until an entry expires and traffic to these destinations will be dropped. Entries that have already been learned will be refreshed.
The no form of this command removes the neighbor-limit.
Default
neighbor-limit 90
Parameters
- log-only
-
Enables the warning message to be sent at the specified threshold percentage, and also when the limit is exceeded. However, entries above the limit will be learned.
- percent
-
The threshold value (as a percentage) that triggers a warning message to be sent.
- limit
-
The number of entries that can be learned on an IP interface expressed as a decimal integer. If the limit is set to 0, dynamic neighbor learning is disabled and no dynamic neighbor entries are learned.
Platforms
All
neighbor-limit
Syntax
neighbor-limit limit [log-only] [ threshold percent]
no neighbor-limit
Context
[Tree] (config>router>if>ipv6 neighbor-limit)
Full Context
configure router interface ipv6 neighbor-limit
Description
This command configures the maximum amount of dynamic IPv6 neighbor entries that can be learned on an IP interface.
When the number of dynamic neighbor entries reaches the configured percentage of this limit, an SNMP trap is sent. When the limit is exceeded, no new entries are learned until an entry expires and traffic to these destinations will be dropped. Entries that have already been learned will be refreshed.
The no form of this command removes the neighbor-limit.
Default
no neighbor-limit
Parameters
- limit
-
The number of entries that can be learned on an IP interface expressed as a decimal integer. If the limit is set to 0, dynamic neighbor learning is disabled and no dynamic neighbor entries are learned.
- log-only
-
Enables the warning message to be sent at the specified threshold percentage, and also when the limit is exceeded. However, entries above the limit will be learned.
- percent
-
The threshold value (as a percentage) that triggers a warning message to be sent.
Platforms
All
neighbor-liveness-time
neighbor-liveness-time
Syntax
neighbor-liveness-time interval
no neighbor-liveness-time
Context
[Tree] (config>router>ldp>graceful-restart neighbor-liveness-time)
Full Context
configure router ldp graceful-restart neighbor-liveness-time
Description
This command configures the neighbor liveness time.
The no form of this command returns the default value.
Default
no neighbor-liveness (which equals a value of 120 seconds)
Parameters
- interval
-
Specifies the length of time in seconds.
Platforms
All
neighbor-resolution
neighbor-resolution
Syntax
[no] neighbor-resolution
Context
[Tree] (config>service>vprn>if>ipv6>dhcp6-relay neighbor-resolution)
[Tree] (config>service>ies>if>ipv6>dhcp6-relay neighbor-resolution)
Full Context
configure service vprn interface ipv6 dhcp6-relay neighbor-resolution
configure service ies interface ipv6 dhcp6-relay neighbor-resolution
Description
This command enables neighbor resolution with DHCPv6 relay.
The no form of this command disables neighbor resolution.
Platforms
All
neighbor-solicitation
neighbor-solicitation
Syntax
[no] neighbor-solicitation
Context
[Tree] (config>service>vprn>sub-if>grp-if>ipv6>auto-reply neighbor-solicitation)
[Tree] (config>service>ies>sub-if>grp-if>ipv6>auto-reply neighbor-solicitation)
Full Context
configure service vprn subscriber-interface group-interface ipv6 auto-reply neighbor-solicitation
configure service ies subscriber-interface group-interface ipv6 auto-reply neighbor-solicitation
Description
This command enables auto-reply for neighbor solicitation.
The no form of this command disables auto-reply neighbor solicitation.
Default
neighbor-solicitation
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
neighbor-trust
neighbor-trust
Syntax
neighbor-trust [vpn-ipv4] [vpn-ipv6] [evpn]
no neighbor-trust
Context
[Tree] (config>router>bgp neighbor-trust)
Full Context
configure router bgp neighbor-trust
Description
This command enables a label security feature for prefixes of a VPN family at an inter-AS boundary.
This label security feature allows the configuration of a router, acting in a PE, ASBR, or both roles, to accept packets of VPN-IP or EVPN prefixes only from direct EBGP neighbors to which it advertised a service label.
The untrusted state identifies the participating interfaces. The router supports a maximum of 15 network interfaces that can participate in this feature.
At a high level, BGP tracks each direct EBGP neighbor over an untrusted interface to which it sent a prefix label. For each of those prefixes, BGP programs a bitmap in the ILM record that indicates, on per-untrusted interface basis, whether the matching received packets must be forwarded or dropped.
The no form of this command disables the inter-AS security feature for the VPN family.
Parameters
- vpn-ipv4
-
Keyword to enable the inter-AS label security for VPN IPv4 family.
- vpn-ipv6
-
Keyword to enable the inter-AS label security for VPN IPv6 family.
- evpn
-
Keyword to enable the inter-AS label security for EVPN family.
Platforms
All
neip
neip
Syntax
neip
Context
[Tree] (config>system>ned>profile neip)
Full Context
configure system network-element-discovery profile neip
Description
Commands in this context configure the NEIP.
Platforms
All
netbios-name-server
netbios-name-server
Syntax
netbios-name-server ip-address [ip-address]
no netbios-name-server
Context
[Tree] (config>subscr-mgmt>loc-user-db>ppp>host>options netbios-name-server)
[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host>options netbios-name-server)
[Tree] (config>router>dhcp>server>pool>options netbios-name-server)
[Tree] (config>service>vprn>dhcp>server>pool>options netbios-name-server)
Full Context
configure subscriber-mgmt local-user-db ppp host options netbios-name-server
configure subscriber-mgmt local-user-db ipoe host options netbios-name-server
configure router dhcp local-dhcp-server pool options netbios-name-server
configure service vprn dhcp local-dhcp-server pool options netbios-name-server
Description
This command configures up to four Network Basic Input/Output System (NetBIOS) name server IP addresses for a DHCP client.
The no form of this command removes the IP address from the netbios-name-server configuration.
Parameters
- ip-address
-
Specifies up to four NetBIOS name server IP addresses. The address must be unique within the subnet and specified in dotted decimal notation. Allowed values are IP addresses in the range 1.0.0.0 – 223.255.255.255 (with support of /31 subnets).
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
netbios-node-type
netbios-node-type
Syntax
netbios-node-type netbios-node-type
no netbios-node-type
Context
[Tree] (config>service>vprn>dhcp>server>pool>options netbios-node-type)
[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host>options netbios-node-type)
[Tree] (config>router>dhcp>server>pool>options netbios-node-type)
Full Context
configure service vprn dhcp local-dhcp-server pool options netbios-node-type
configure subscriber-mgmt local-user-db ipoe host options netbios-node-type
configure router dhcp local-dhcp-server pool options netbios-node-type
Description
This command configures the Network Basic Input/Output System (NetBIOS) node type.
The no form of this command removes the NetBIOS node type parameters from the configuration.
Parameters
- netbios-node-type
-
Specifies the netbios node type.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
netconf
netconf
Syntax
netconf
Context
[Tree] (debug>system netconf)
Full Context
debug system netconf
Description
Commands in this context debug NETCONF.
Platforms
All
netconf
Syntax
netconf
Context
[Tree] (config>system>security>profile netconf)
Full Context
configure system security profile netconf
Description
This command authorizes various netconf capabilities for the user.
Platforms
All
netconf
Syntax
netconf
Context
[Tree] (config>system>security>management-interface netconf)
Full Context
configure system security management-interface netconf
Description
Commands in this context configure hash-control for the Netconf interface.
Platforms
All
netconf-stream
netconf-stream
Syntax
netconf-stream stream-name
no netconf-stream
Context
[Tree] (config>li>log>log-id netconf-stream)
Full Context
configure li log log-id netconf-stream
Description
This command is used to associate a NETCONF stream name with a Lawful Intercept log ID. The NETCONF stream name must be unique in the Lawful Intercept context of the SR OS device. For the same Lawful Intercept log ID, the to netconf command must be configured for a subscription to that NETCONF stream name to be accepted. If the NETCONF stream is changed, active subscriptions to the changed stream name are terminated by SR OS.
The no form of this command removes a NETCONF stream name from a Lawful Intercept log ID. Active subscriptions to the removed stream name are terminated by SR OS.
Parameters
- stream-name
-
Specifies a NETCONF stream name, up to 32 characters.
Platforms
All
netconf-stream
Syntax
netconf-stream stream-name
no netconf-steam
Context
[Tree] (config>log>log-id netconf-stream)
Full Context
configure log log-id netconf-stream
Description
This command is used to associate a NETCONF stream name with a log ID. The NETCONF stream name must be unique per SR OS device. For the same log ID, to netconf must be configured for a subscription to that NETCONF stream name to be accepted. A netconf-stream cannot be set to "NETCONF” as "NETCONF” is reserved for log-id 101. If a netconf-stream is changed, active subscriptions to the changed stream name are terminated by SR OS.
The no form of this command removes a NETCONF stream name from a log ID. Active subscriptions to the removed stream name are terminated by SR OS.
Parameters
- stream-name
-
Specifies a NETCONF stream name, up to 32 characters.
Platforms
All
network
network
Syntax
network next-hop ip-address [router router-instance]
network next-hop ip-address [service-name service-name]
no network
Context
[Tree] (config>subscr-mgmt>steering-profile network)
Full Context
configure subscriber-mgmt steering-profile network
Description
This command specifies the downstream next-hop IP address and an optional routing instance to be used as a network VAS router in the steering profile.
The no form of this command removes the specified next-hop IP address and the router instance if specified.
Parameters
- ip-address
-
Specifies the IP address to be used as the downstream next-hop IP address in dotted decimal notation.
- router-instance
-
Specifies the router instance to be used as an access VAS router.
- service-name
-
Specifies the service name, up to 64 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
network
Syntax
[no] network
Context
[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>vrgw>lanext network)
[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>vrgw>lanext network)
Full Context
configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range vrgw lanext network
configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range vrgw lanext network
Description
Commands in this context configure network side attributes.
The no form of this command resets the network parameters to the default values.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
network
Syntax
network
Context
[Tree] (config>port network)
[Tree] (config>card>mda network)
Full Context
configure port network
configure card mda network
Description
This command enables the network context to configure egress and ingress pool policy parameters.
On the MDA level, network egress pools are only allocated on channelized MDAs.
Platforms
All
network
Syntax
network
Context
[Tree] (config>card>fp>ingress network)
Full Context
configure card fp ingress network
Description
This command specifies the CLI node that contains the network forwarding-plane parameters.
Platforms
All
network
Syntax
network
Context
[Tree] (config>port>tdm>e1>channel-group network)
[Tree] (config>port>tdm>ds1>channel-group network)
Full Context
configure port tdm e1 channel-group network
configure port tdm ds1 channel-group network
Description
Commands in this context configure network channel group parameters.
Platforms
7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e
network
Syntax
network
Context
[Tree] (config>port>sonet-sdh>path network)
[Tree] (config>port>tdm>ds1 network)
[Tree] (config>port>tdm>e1 network)
[Tree] (config>port>tdm>e3 network)
[Tree] (config>port>ethernet network)
[Tree] (config>port>tdm>ds3 network)
Full Context
configure port sonet-sdh path network
configure port tdm ds1 network
configure port tdm e1 network
configure port tdm e3 network
configure port ethernet network
configure port tdm ds3 network
Description
This command enables access to the context to configure network port parameters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
- configure port sonet-sdh path network
7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e
- configure port tdm ds1 network
- configure port tdm e3 network
- configure port tdm e1 network
- configure port tdm ds3 network
All
- configure port ethernet network
network
Syntax
network
Context
[Tree] (config>service>vpls>vxlan network)
Full Context
configure service vpls vxlan network
Description
Commands in this context configure network parameters for the VPLS VXLAN service.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
network
Syntax
network
Context
[Tree] (config>service>vprn network)
Full Context
configure service vprn network
Description
Commands in this context configure network parameters for the VPRN service.
Platforms
All
network
Syntax
network network-policy-id [create] [name name]
no network network-policy-id
Context
[Tree] (config>qos network)
Full Context
configure qos network
Description
This command creates or edits a QoS network policy. The network policy defines the treatment that IP or MPLS packets receive as they ingress and egress the network port.
The QoS network policy consists of an ingress and egress component. The ingress component of the policy defines how DiffServ code points and MPLS EXP bits are mapped to internal forwarding class and profile state. The forwarding class and profile state define the Per Hop Behavior (PHB) or the QoS treatment through the router. The mapping on each network interface defaults to the mappings defined in the default network QoS policy until an explicit policy is defined for the network interface.
The egress component of the network QoS policy defines the queuing parameters associated with each forwarding class. Each of the forwarding classes defined within the system automatically creates a queue on each network interface. This queue gets all the parameters defined within the default network QoS policy 1 until an explicit policy is defined for the network interface access uplink port. If the egressing packet originated on an ingress SAP, or the remarking parameter is defined for the egress interface, the egress QoS policy also defines the IP DSCP, dot1p/DE, or MPLS EXP bit marking based on the forwarding class and the profile state.
Network policy-id 1 exists as the default policy that is applied to all network interfaces by default. The network policy-id 1 cannot be modified or deleted. It defines the default DSCP-to-FC mapping and MPLS EXP-to-FC mapping for the ingress. For the egress, it defines six forwarding classes that represent individual queues and the packet marking criteria.
Network policy-id 1 exists as the default policy that is applied to all network ports by default. This default policy cannot be modified or deleted. It defines the default DSCP-to-FC mapping and default unicast meters for ingress IP traffic. For the egress, it defines the forwarding class to dot1p and DSCP values and the packet marking criteria.
If a new network policy is created (for instance, policy-id 3), only the default action and egress forwarding class parameters are identical to the default policy. A new network policy does not contain the default DSCP-to-FC and MPLS-EXP-to-FC mapping for network QoS policy of type ip-interface or the DSCP-to-FC mapping (for network QoS policy of type port). The default network policy can be copied (use the copy command) to create a new network policy that includes the default ingress DSCP-to-FC and MPLS EXP-to-FC mapping (as appropriate). Parameters can be modified, or the no form of this command can be used to remove an object from the configuration.
Any changes made to an existing policy, using any of the sub-commands, will be applied immediately to all network interfaces where this policy is applied. For this reason, when many changes are required on a policy, it is highly recommended that the policy be copied to a work area policy-id. That work-in-progress policy can be modified until complete, then written over the original policy-id. Use the config qos copy command to maintain policies in this manner.
The no form of this command deletes the network policy. A policy cannot be deleted until it is removed from all entities where it is applied. The default network policy policy-id 1 cannot be deleted.
Default
network 1 — System Default Network Policy 1
Parameters
- network-policy-id
-
The policy-id uniquely identifies the policy on the router.
- create
-
Required parameter when creating a QoS network policy.
- name name
-
A name that is saved as part of the configuration data. If a name is not specified at creation time, then SR OS assigns a string version of the network policy identifier as the name.
Platforms
All
network
Syntax
network src-pol dst-pol [overwrite]
Context
[Tree] (config>qos>copy network)
Full Context
configure qos copy network
Description
This command copies existing QoS policy entries for a QoS policy-id to another QoS policy-id.
The copy command is used to create new policies using existing policies and also allows bulk modifications to an existing policy with the use of the overwrite keyword.
Parameters
- src-pol dst-pol
-
Indicates that the source and destination policies are network policy IDs. Specify the source policy that the copy command will copy and specify the destination policy to which the command will duplicate the policy to a new or different policy ID.
- overwrite
-
Specifies to replace the existing destination policy. Everything in the existing destination policy will be overwritten with the contents of the source policy. If overwrite is not specified, the following error occurs if the destination policy ID exists.
SR>config>qos# copy network 1 427 MINOR: CLI Destination "427" exists use {overwrite}. SR>config>qos# copy network 1 427 overwrite
Platforms
All
network
Syntax
network
Context
[Tree] (cfg>service>vprn>vxlan>instance network)
Full Context
configure service vprn vxlan instance network
Description
Commands in this context configure network parameters for the VPRN VXLAN service.
Platforms
7750 SR-1, 7750 SR-s
network-address
network-address
Syntax
network-address {eq | neq} ip-address
network-address {eq | neq} ip-prefix-list ip-prefix-list-name
no network-address
Context
[Tree] (config>app-assure>group>policy>app-filter>entry network-address)
Full Context
configure application-assurance group policy app-filter entry network-address
Description
This command configures the network address to use in application definition. The network address will match the destination IP address in a from-sub flow or the source IP address in a to-sub flow.
The no form of this command restores the default (removes the network address from application criteria defined by this entry).
Default
no network-address
Parameters
- eq
-
Specifies a comparison operator indicating that the value configured and the value in the flow are equal.
- neq
-
Specifies a comparison operator indicating that the value configured differs from the value in the flow.
- ip-address
-
Specifies a valid unicast address.
- ip-prefix-list-name
-
Specifies the name of an IP prefix list, up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
network-domain
network-domain
Syntax
[no] network-domain network-domain-name
Context
[Tree] (config>router>network-domains network-domain)
Full Context
configure router network-domains network-domain
Description
This command creates network-domains that can be associated with individual interfaces and SDPs.
Default
network-domain "default”
Parameters
- network-domain-name
-
Specifies the network domain name, up to 32 characters.
Platforms
All
network-domain
Syntax
[no] network-domain network-domain-name
Context
[Tree] (config>router>if network-domain)
Full Context
configure router interface network-domain
Description
This command assigns a given interface to a given network-domain. The network-domain is then taken into account during sap-ingress queue allocation for VPLS SAP.
The network-domain association can only be done in a base-routing context. Associating a network domain with an loop-back or system interface will be rejected. Associating a network-domain with an interface that has no physical port specified will be accepted, but will have no effect as long as a corresponding port, or LAG, is defined.
Single interfaces can be associated with multiple network-domains.
Default
network-domain "default”
Platforms
All
network-domain
Syntax
network-domain network-domain-name
no network-domain
Context
[Tree] (config>service>sdp network-domain)
Full Context
configure service sdp network-domain
Description
This command assigns a given SDP to a given network-domain. The network-domain is then taken into account during sap-ingress queue allocation for VPLS SAP.
The network-domain association can only be done in a base-routing context. Associating a network domain with an loop-back or system interface will be rejected. Associating a network-domain with an interface that has no physical port specified will be accepted, but will have no effect as long as a corresponding port, or LAG, is undefined.
A single SDP can only be associated with a single network-domain.
Default
network-domain "default"
Platforms
All
network-domains
network-domains
Syntax
network-domains
Context
[Tree] (config>router network-domains)
Full Context
configure router network-domains
Description
This command opens context for defining network-domains. This command is applicable only in the base routing context.
Platforms
All
network-element-discovery
network-element-discovery
Syntax
network-element-discovery
Context
[Tree] (config>system network-element-discovery)
Full Context
configure system network-element-discovery
Description
Commands in this context configure the network-element discovery parameters and MIB table generation.
Platforms
All
network-interconnect-vxlan
network-interconnect-vxlan
Syntax
network-interconnect-vxlan instance
no network-interconnect-vxlan
Context
[Tree] (config>service>system>bgp-evpn>eth-seg network-interconnect-vxlan)
Full Context
configure service system bgp-evpn ethernet-segment network-interconnect-vxlan
Description
This command associates the VXLAN instance with the virtual Ethernet Segment. The association of the virtual ES is based on the VXLAN instance and range of services where the VXLAN instance is configured.
The no form of this command removes the VXLAN instance from the Ethernet Segment association.
Parameters
- instance
-
Specifies the VXLAN instance that is to be associated with the virtual ES.
Platforms
All
network-interface
network-interface
Syntax
network-interface interface-name [create]
no network-interface interface-name
Context
[Tree] (config>service>vprn network-interface)
Full Context
configure service vprn network-interface
Description
This command configures a network interface in a VPRN that acts as a CSC interface to a CSC-CE in a Carrier Supporting Carrier IP VPN deployment model.
Parameters
- interface-name
-
Specifies the name of the interface to be added.
- create
-
Keyword used to create the network interface.
Platforms
All
network-ip
network-ip
Syntax
network-ip ip-address[/mask]
no network-ip
Context
[Tree] (config>app-assure>group>transit-prefix-policy>entry>match network-ip)
Full Context
configure application-assurance group transit-prefix-policy entry match network-ip
Description
This command configures an entry for an address of prefix transit aa-sub and is used when the site is a remote site on the same opposite side of the system as the parent SAP. The network IP addresses represents the dest-IP in the from-SAP direction and src-IP in the to-SAP direction.
The no form of this command removes the network IP address/mask from the match criteria.
Parameters
- ip-address[/mask]
-
specifies the network address prefix and length associated with this transit prefix policy entry.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
network-queue
network-queue
Syntax
network-queue policy-name [create]
no network-queue policy-name
Context
[Tree] (config>qos network-queue)
Full Context
configure qos network-queue
Description
This command creates a context to configure a network queue policy. Network queue policies define the ingress network queuing at the FP network node level and on the Ethernet port and SONET/SDH path level to define network egress queuing.
Default
network-queue "default”
Parameters
- policy-name
-
The name of the network queue policy.
- create
-
Required keyword when creating a network queue policy.
Platforms
All
network-queue
Syntax
network-queue src-name dst-name [overwrite]
Context
[Tree] (config>qos>copy network-queue)
Full Context
configure qos copy network-queue
Description
This command copies or overwrites existing network queue QoS policies to another network queue policy ID.
The copy command is a configuration-level maintenance tool used to create new policies using existing policies. It also allows bulk modifications to an existing policy with the use of the overwrite keyword.
Parameters
- network-queue
-
Indicates that the source policy ID and the destination policy ID are network-queue policy IDs. Specify the source policy ID that the copy command will attempt to copy from and specify the destination policy ID to which the command will copy a duplicate of the policy.
- overwrite
-
Specifies to replace the existing destination policy. Everything in the existing destination policy will be overwritten with the contents of the source policy. If overwrite is not specified, the following message is generated indicating that the destination policy ID exists.
- Example:
-
— SR7>config>qos# copy network-queue nq1 nq2
— MINOR: CLI Destination "nq2" exists - use {overwrite}.
— SR7>config>qos# copy network-queue nq1 nq2 overwrite
Platforms
All
network-rtt-threshold
network-rtt-threshold
Syntax
network-rtt-threshold network-rtt-threshold
no network-rtt-threshold
Context
[Tree] (config>app-assure>group>tcp-optimizer network-rtt-threshold)
Full Context
configure application-assurance group tcp-optimizer network-rtt-threshold
Description
This command configures the threshold of the Route Trip Time (RTT) delay of the network side (between AA and the content provider) above which TCP Optimization (TCPO) is performed. This enables the operator to disable optimization for content that is served from a location close to the TCP optimizer.
Default
no network-rtt-threshold
Parameters
- network-rtt-threshold
-
Specifies the network side RTT delay threshold, inmilliseconds.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
network-type
network-type
Syntax
network-type {sdh | sonet}
Context
[Tree] (config>system>ptp network-type)
Full Context
configure system ptp network-type
Description
This command configures the codeset to be used for the encoding of QL values into PTP clockClass values and vice versa when the profile is configured for G.8265.1 or G.8275.2.
This setting only applies to the range of values observed in the clockClass values transmitted out of the node in Announce messages. The router supports the reception of any valid value in Table 1/G.8265.1 and Table2/G.8275.2.
Default
network-type sdh
Parameters
- sdh
-
Specifies the values used on a G.781 Option 1 compliant network.
- sonet
-
Specifies the values used on a G.781 Option 2 compliant network.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
new-password-at-login
new-password-at-login
Syntax
[no] new-password-at-login
Context
[Tree] (config>system>security>user>console new-password-at-login)
Full Context
configure system security user console new-password-at-login
Description
This command forces the user to change a password at the next console login. The new password applies to FTP but the change can be enforced only by the console, SSH, or Telnet login.
The no form of this command does not force the user to change passwords.
Default
no new-password-at-login
Platforms
All
new-qinq-untagged-sap
new-qinq-untagged-sap
Syntax
[no] new-qinq-untagged-sap
Context
[Tree] (config>system>ethernet new-qinq-untagged-sap)
Full Context
configure system ethernet new-qinq-untagged-sap
Description
This command controls the behavior of QinQ SAP y.0 (for example, 1/1/1:3000.0). If the flag is not enabled (no new-qinq-untagged-sap), the y.0 SAP works the same as the y.* SAP (for example, 1/1/1:3000.*); all frames tagged with outer VLAN y and no inner VLANs or inner VLAN x where inner VLAN x is not specified in a SAP y.x configured on the same port (for example, 1/1/1:3000.10).
If the flag is enabled, then the following new behavior immediately applies to all existing and future y.0 SAPs: the y.0 SAP maps all the ingress frames tagged with outer tag VLAN-id of y (qinq-etype) and no inner tag or with inner tag of VLAN-id of zero (0). When the flag is disabled, there is no disruption for existing usage of this SAP type.
Default
no new-qinq-untagged-sap
Platforms
7450 ESS, 7750 SR-1, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e, VSR
new-session-id
new-session-id
Syntax
[no] new-session-id
Context
[Tree] (config>subscr-mgmt>diam-appl-plcy>gy>efh new-session-id)
Full Context
configure subscriber-mgmt diameter-application-policy gy extended-failure-handling new-session-id
Description
This command determines the Diameter session ID when Extended Failure Handling (EFH) is active and an attempt is made to establish a new Diameter Gy session with the Online Charging Server (OCS). An attempt to establish a new Diameter Gy session is made when the allocated interim credit is used or the validity time expires for a rating group of a Diameter Gy session. The first attempt always uses a new Diameter session ID. This command controls the behavior for each subsequent attempt. The behavior is as follows:
-
no new-session-id (default) — The same Diameter session ID is used for each subsequent attempt.
-
new-session-id — A new Diameter session ID is used for each attempt.
The no form of this command reverts to the default.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
newline
newline
Syntax
[no] newline
Context
[Tree] (config>system>management-interface>cli>md-cli>environment>prompt newline)
Full Context
configure system management-interface cli md-cli environment prompt newline
Description
This command displays a new line before the first prompt line.
The no form of this command suppresses the new line before the first prompt line.
Default
newline
Platforms
All
next
next
Syntax
[no] next
Context
[Tree] (config>service>nat>pcp-server-policy>option next)
Full Context
configure service nat pcp-server-policy option next
Description
This command enables support for the next option.
The no form of this command reverts to the default.
Default
no next
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
next-attempt
next-attempt
Syntax
next-attempt {same-preference-level | next-preference-level}
no next-attempt
Context
[Tree] (config>service>vprn>l2tp next-attempt)
[Tree] (config>router>l2tp next-attempt)
Full Context
configure service vprn l2tp next-attempt
configure router l2tp next-attempt
Description
This command enables tunnel selection algorithm based on the tunnel preference level.
The no form of this command reverts to the default.
Default
next-attempt next-preference-level
Parameters
- same-preference-level
-
If the tunnel-spec selection algorithm evaluates into a tunnel that is currently unavailable (for example, a tunnel in a denylist) then the next elected tunnel, if available, is chosen within the same preference-level as the last attempted tunnel. Only when all tunnels within the same preference level are exhausted, the tunnel selection algorithm moves to the next preference level.
In case that a new session setup request is received while all tunnels on the same preference level are denylisted, the L2TP session tries to be established on denylisted tunnels before the tunnel selection moves to the next preference level.
- next-preference-level
-
If the tunnel-spec selection algorithm evaluates into a tunnel that is currently unavailable (for example tunnel in a denylist) then the selection algorithm tries to select the tunnel from the next preference level, even though the tunnels on the same preference level might be available for selection.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
next-header
next-header
Syntax
next-header next-header
no next-header
Context
[Tree] (config>system>security>mgmt-access-filter>ipv6-filter>entry next-header)
Full Context
configure system security management-access-filter ipv6-filter entry next-header
Description
This command specifies the next header to match. The protocol type such as TCP, UDP or OSPF is identified by its respective protocol number. Well-known protocol numbers include ICMP(1), TCP(6), UDP(17). IPv6 Extension headers are identified by the next header IPv6 numbers as per RFC 2460. This command only applies to the 7750 SR and 7950 XRS.
Parameters
- next-header
-
Specifies for IPv4 MAF the IP protocol field, and for IPv6 the next header type to be used in the match criteria for this Management Access Filter Entry.
Platforms
All
next-hop
next-hop
Syntax
next-hop {ip-address | ip-int-name | ipv6 address}
Context
[Tree] (config>service>vprn>static-route-entry next-hop)
Full Context
configure service vprn static-route-entry next-hop
Description
This command specifies the directly connected next hop IP address or interface used to reach the destination. If the next hop is over an unnumbered interface or a point-to-point interface, the ip-int-name of the unnumbered or point-to-point interface (on this node) can be configured.
If the next hop is over an unnumbered interface in the 7450 ESS router, the ip-int-name of the unnumbered interface (on this node) can be configured.
The configured ip-address can be either on the network side or the access side on this node. The address must be associated with a network directly connected to a network configured on this node.
Default
no next-hop
Parameters
- ip-int-name, ipv4-address, ipv6-address
-
the IP-INT, IPv4, and IPv6 addresses
Platforms
All
next-hop
Syntax
next-hop ip-address
no next-hop
Context
[Tree] (config>router>mpls>fwd-policies>fwd-policy>nh-grp>pri next-hop)
[Tree] (config>router>mpls>fwd-policies>fwd-policy>nh-grp>bkup next-hop)
Full Context
configure router mpls forwarding-policies forwarding-policy next-hop-group primary-next-hop next-hop
configure router mpls forwarding-policies forwarding-policy next-hop-group backup-next-hop next-hop
Description
This command configures the address of primary or backup next hop of an NHG entry in a forwarding policy.
The no form of this command removes the address of primary or backup next hop of an NHG entry in a forwarding policy.
Parameters
- ip-address
-
Specifies the destination IPv4 or IPv6 address.
Platforms
All
next-hop
Syntax
next-hop {ip-int-name | ip-address | ipv6-address}
Context
[Tree] (config>router>static-route-entry next-hop)
Full Context
configure router static-route-entry next-hop
Description
This command specifies the directly connected next hop IP address or interface used to reach the destination. If the next hop is over a point-to-point unnumbered interface, the ip-int-name of the unnumbered point-to-point interface (on this node) can be configured.
If the next hop is over an unnumbered interface in the 7450 ESS router, the ip-int-name of the unnumbered interface (on this node) can be configured.
The configured ip-address can be either on the network side or the access side on this node. The address must be associated with a network directly connected to a network configured on this node.
Default
no next-hop
Parameters
- ip-int-name | ip-address | ipv6-address
-
Specifies the interface or IPv4/IPv6 address of the next hop.
Platforms
All
next-hop
Syntax
[no] next-hop ip-address
Context
[Tree] (config>vrrp>policy>priority-event>route-unknown next-hop)
Full Context
configure vrrp policy priority-event route-unknown next-hop
Description
This command enables an allowed next hop IP address to match the IP route prefix for a route-unknown priority control event.
If the next-hop IP address does not match one of the defined ip-address, the match is considered unsuccessful and the route-unknown event transitions to the set state.
The next-hop command is optional. If no next-hop ip-address commands are configured, the comparison between the RTM prefix return and the route-unknown IP route prefix are not included in the next hop information.
When more than one next hop IP addresses are eligible for matching, a next-hop command must be executed for each IP address. Defining the same IP address multiple times has no effect after the first instance.
The no form of the command removes the ip-address from the list of acceptable next hops when looking up the route-unknown prefix. If this ip-address is the last next hop defined on the route-unknown event, the returned next hop information is ignored when testing the match criteria. If the ip-address does not exist, the no next-hop command returns a warning error, but continues to execute if part of an exec script.
Default
no next-hop — No next hop IP address for the route unknown priority control event is defined.
Parameters
- ip-address
-
The IP address for an acceptable next hop IP address for a returned route prefix from the RTM when looking up the route-unknown route prefix.
Platforms
All
next-hop
Syntax
next-hop ip-address
next-hop prefix-list name
no next-hop
Context
[Tree] (config>router>policy-options>policy-statement>entry>from next-hop)
Full Context
configure router policy-options policy-statement entry from next-hop
Description
This command enables BGP routes to be matched based on the BGP next-hop address. The match condition is evaluated against the IPv4 or IPv6 address in the NEXT_HOP or MP_REACH_NLRI attribute.
When the next-hop match is applied to VPN-IP routes, the Route Distinguisher (RD) is ignored.
A non-BGP route does not match a policy entry if it contains the next-hop command.
Default
no next-hop
Parameters
- ip-address
-
An IPv4 or IPv6 address.
- name
-
Specifies the name of a prefix-list (up to 64 characters).
- prefix-list
-
Specifies that the BGP next hop should be matched against a prefix-list instead of an individual IP address.
Platforms
All
next-hop
Syntax
next-hop {ip-address | peer-address}
no next-hop
Context
[Tree] (config>router>policy-options>policy-statement>default-action next-hop)
[Tree] (config>router>policy-options>policy-statement>entry>action next-hop)
Full Context
configure router policy-options policy-statement default-action next-hop
configure router policy-options policy-statement entry action next-hop
Description
This command assigns the specified next hop IP address to routes matching the policy statement entry.
If a next-hop IP address is not specified, the next-hop attribute is not changed.
The no form of this command disables assigning a next hop address in the route policy entry.
Default
no next-hop
Parameters
- ip-address
-
Specifies the next hop IP address in dotted decimal notation.
- peer-address
-
Set the next-hop IP address to the peer’s IP address.
Platforms
All
next-hop
Syntax
next-hop {frr}
no next-hop
Context
[Tree] (config>service>vprn>bgp-ipvpn>srv6>upa-trigger next-hop)
[Tree] (conf>rtr>bgp>srv6>family>upa-trigger next-hop)
Full Context
configure service vprn bgp-ipvpn segment-routing-v6 upa-trigger next-hop
configure router bgp segment-routing-v6 family upa-trigger next-hop
Description
This command activates BGP to check the Network Layer Reachability Information (NLRI) next hop in the routing table for a matching UPA entry using the longest prefix match (LPM).
The no form of this command reverts to the default.
Default
no next-hop
Parameters
- frr
-
Keyword to enable BGP Fast Reroute (FRR) when UPA is received.
Platforms
7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR
next-hop
Syntax
[no] next-hop
Context
[Tree] (debug>router>p2mp-sr-tree>segment-routing-mpls>replication-segment next-hop)
Full Context
debug router p2mp-sr-tree segment-routing-mpls replication-segment next-hop
Description
This command traces replication segment events for all next hops.
The no form of this command disables the tracing.
Default
no next-hop
Platforms
7750 SR-a, 7750 SR-e
next-hop-address
next-hop-address
Syntax
next-hop-address ip-address
no next-hop-address
Context
[Tree] (config>router>p2mp-sr-tree>replication-segment>sr-mpls>downstream-nodes next-hop-address)
Full Context
configure router p2mp-sr-tree replication-segment segment-routing-mpls downstream-nodes next-hop-address
Description
This command configures the IP address of the next hop for the P2MP SR tree replication segment.
The no form of this command removes the next hop address.
Default
no next-hop-address
Parameters
- ip-address
-
Specifies the IPv4 or IPv6 address.
Platforms
All
next-hop-group
next-hop-group
Syntax
next-hop-group index [resolution-type { direct | indirect}]
no next-hop-group index
Context
[Tree] (config>router>mpls>fwd-policies>fwd-policy next-hop-group)
Full Context
configure router mpls forwarding-policies forwarding-policy next-hop-group
Description
This command configures an NHG entry in an MPLS forwarding policy.
Each NHG can have primary and backup next hops of the same type.
The no form of this command removes the NHG from the MPLS forwarding policy.
Parameters
- index
-
Specifies the index value.
- direct
-
Specifies the direct resolution type.
- indirect
-
Specifies the indirect resolution type.
Platforms
All
next-hop-interface-name
next-hop-interface-name
Syntax
next-hop-interface-name interface-name
no next-hop-interface-name
Context
[Tree] (config>router>p2mp-sr-tree>replication-segment>sr-mpls>downstream-nodes next-hop-interface-name)
Full Context
configure router p2mp-sr-tree replication-segment segment-routing-mpls downstream-nodes next-hop-interface-name
Description
This command configures the outgoing interface name for the P2MP SR tree replication segment.
The no form of this command removes the outgoing interface name.
Default
no next-hop-interface-name
Parameters
- interface-name
-
Specifies the name of the outgoing interface, up to 32 characters.
Platforms
All
next-hop-reachability
next-hop-reachability
Syntax
[no] next-hop-reachability
Context
[Tree] (configure>service>vprn>bgp>group>bfd-strict-mode next-hop-reachability)
[Tree] (configure>service>vprn>bgp>bfd-strict-mode next-hop-reachability)
[Tree] (configure>router>bgp>bfd-strict-mode next-hop-reachability)
[Tree] (configure>service>vprn>bgp>group>neighbor>bfd-strict-mode next-hop-reachability)
[Tree] (configure>router>bgp>group>bfd-strict-mode next-hop-reachability)
[Tree] (configure>router>bgp>group>neighbor>bfd-strict-mode next-hop-reachability)
Full Context
configure service vprn bgp group bfd-strict-mode next-hop-reachability
configure service vprn bgp bfd-strict-mode next-hop-reachability
configure router bgp bfd-strict-mode next-hop-reachability
configure service vprn bgp group neighbor bfd-strict-mode next-hop-reachability
configure router bgp group bfd-strict-mode next-hop-reachability
configure router bgp group neighbor bfd-strict-mode next-hop-reachability
Description
This command configures the router to consider next-hop self routes belonging to specific address families received from a peer within scope of this command as having an unresolved next hop, provided that the following requirements are met:
-
The BFD session to the peer is in a down state.
-
There is a valid interface BFD configuration that applies to the peer.
-
There is a valid BFD liveness configuration that applies to the peer.
The unresolved state is maintained until the BFD session state changes to up or administratively down, even if there is a resolving route or tunnel that matches the BGP next-hop address.
Routes received from one peer with a BGP next-hop address equal to the address of another peer are not affected by the BFD session to the other peer.
The behavior of the router when this command is enabled does not depend on whether Strict-BFD is used, as both features are independent.
Enabling this command only affects routes belonging to the following address families:
-
IPv4
-
IPv6
-
IPv4 VPN
-
IPv6 VPN
-
labeled unicast IPv4
-
labeled unicast IPv6
-
EVPN
-
IPv4 multicast
-
IPv6 multicast
-
IPv4 VPN multicast
-
IPv6 VPN multicast
The no form of this command prevents the router from considering next-hop self routes belonging to the preceding address families as having an unresolved next hop if the BFD session goes down.
Default
no next-hop-reachability
Platforms
All
next-hop-resolution
next-hop-resolution
Syntax
next-hop-resolution
Context
[Tree] (config>service>vprn>bgp next-hop-resolution)
Full Context
configure service vprn bgp next-hop-resolution
Description
Commands in this context configure next-hop resolution parameters.
Platforms
All
next-hop-resolution
Syntax
next-hop-resolution
Context
[Tree] (config>router>bgp next-hop-resolution)
Full Context
configure router bgp next-hop-resolution
Description
Commands in this context configure next-hop resolution parameters.
Platforms
All
next-hop-self
next-hop-self
Syntax
[no] next-hop-self
Context
[Tree] (config>subscr-mgmt>bgp-prng-plcy next-hop-self)
Full Context
configure subscriber-mgmt bgp-peering-policy next-hop-self
Description
This command configures the neighbor to always set the NEXTHOP path attribute to its own physical interface when advertising to a peer.
The no form of this command disables the command.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
next-hop-self
Syntax
[no] next-hop-self
Context
[Tree] (config>service>vprn>bgp>group next-hop-self)
[Tree] (config>service>vprn>bgp>group>neighbor next-hop-self)
Full Context
configure service vprn bgp group next-hop-self
configure service vprn bgp group neighbor next-hop-self
Description
This command configures the group or neighbor to always set the NEXTHOP path attribute to its own physical interface when advertising to a peer.
This is primarily used to avoid third-party route advertisements when connected to a multi-access network.
The no form of this command used at the group level allows third-party route advertisements in a multi-access network.
The no form of this command used at the neighbor level reverts to the value defined at the group level.
Default
no next-hop-self — Third-party route advertisements are allowed.
Platforms
All
next-hop-self
Syntax
[no] next-hop-self
Context
[Tree] (config>router>bgp>group>neighbor next-hop-self)
[Tree] (config>router>bgp>group next-hop-self)
Full Context
configure router bgp group neighbor next-hop-self
configure router bgp group next-hop-self
Description
This command enables BGP to advertise routes to members of a group or to a specific neighbor using a local address of the BGP instance as the BGP next-hop address. Note that next-hop-self is set without exception, regardless of the route source (EBGP or IBGP) or its family. When used with VPN-IPv4 and VPN-IPv6 routes the enable-rr-vpn-forwarding command should also be configured.
The no form of this command uses protocol standard behavior to decide whether or not to set next-hop-self in advertised routes.
Default
no next-hop-self
Platforms
All
next-hop-self
Syntax
[no] next-hop-self
Context
[Tree] (config>router>policy-options>policy-statement>default-action next-hop-self)
[Tree] (config>router>policy-options>policy-statement>entry>action next-hop-self)
Full Context
configure router policy-options policy-statement default-action next-hop-self
configure router policy-options policy-statement entry action next-hop-self
Description
This command configures BGP to advertise routes that match a policy entry (or that match no other policy entry and, therefore, to which the default action applies) using a local address of the BGP instance as the BGP next-hop address. The command applies to IPv4, IPv6, label-IPv4, and label-IPv6 routes. It also applies to VPN-IPv4 and VPN-IPv6 routes, but only when used in conjunction with the enable-rr-vpn-forwarding command.
This command affects how routes are advertised to IBGP peers, regardless of whether or not they were learned from an IBGP or EBGP peer
The no form of this command uses protocol standard behavior to decide whether or not to set next-hop-self in advertised routes.
Default
no next-hop-self
Platforms
All
next-hop-unchanged
next-hop-unchanged
Syntax
next-hop-unchanged [label-ipv4] [label-ipv6] [vpn-ipv4] [vpn-ipv6] [ evpn]
no next-hop-unchanged
Context
[Tree] (config>router>bgp>group>neighbor next-hop-unchanged)
[Tree] (config>router>bgp>group next-hop-unchanged)
Full Context
configure router bgp group neighbor next-hop-unchanged
configure router bgp group next-hop-unchanged
Description
This command enables unchanged BGP next-hops when sending BGP routes to peers in this group or neighbor.
The no form of this command disables unchanged BGP next-hops.
Default
no next-hop-unchanged
Parameters
- evpn
-
Specifies BGP next hops are unchanged for the evpn address family.
- label-ipv4
-
Specifies BGP next hops are unchanged for the label-ipv4 address family.
- label-ipv6
-
Specifies BGP next hops are unchanged for the label-ipv6 address family.
- vpn-ipv4
-
Specifies BGP next hops are unchanged for the vpn-ipv4 address family.
- vpn-ipv6
-
Specifies BGP next hops are unchanged for the vpn-ipv6 address family.
Platforms
All
nh-type
nh-type
Syntax
nh-type {ip | tunnel}
no nh-type
Context
[Tree] (config>router>route-next-hop-policy>template nh-type)
Full Context
configure router route-next-hop-policy template nh-type
Description
This command configures the next-hop type constraint into the route next-hop policy template.
The user can select if tunnel backup next-hop or IP backup next-hop is preferred. The default in SR OS implementation is to prefer IP next-hop over tunnel next-hop. The implementation will fall back to the other type if no LFA next-hop of the preferred type is found.
When the route next-hop policy template is applied to an IP interface, all prefixes using this interface as a primary next-hop will follow the next-hop type preference specified in the template.
The no form deletes the next-hop type constraint from the route next-hop policy template.
Default
nh-type ip
Parameters
- {ip | tunnel}
-
Specifies the two possible values for the next-hop type.
Platforms
All
nmda
nmda
Syntax
nmda
Context
[Tree] (config>system>management-interface>yang-modules nmda)
Full Context
configure system management-interface yang-modules nmda
Description
Commands in this context configure the attributes for the Network Management Datastores Architecture (NMDA).
Platforms
All
nmda-support
nmda-support
Syntax
[no] nmda-support
Context
[Tree] (config>system>management-interface>yang-modules>nmda nmda-support)
Full Context
configure system management-interface yang-modules nmda nmda-support
Description
This command enables the advertisement of NMDA support over NETCONF through the use of YANG library 1.1.
The no form of this command disables NMDA advertisement over NETCONF and YANG library 1.0 is used.
Default
no nmda-support
Platforms
All
no-match-action
no-match-action
Syntax
no-match-action action
no no-match-action
Context
[Tree] (config>open-flow>of-switch>flowtable no-match-action)
Full Context
configure open-flow of-switch flowtable no-match-action
Description
This command configures the action for the flow table when a packet does not match any entry for the controller.
The no form of this command restores the default action.
Default
no-match-action fall-through
Parameters
- action
-
Specifies the action for the flow table.
Platforms
VSR
node
node
Syntax
node origin-host-string [destination-realm destination-realm-string]
no diameter-node
Context
[Tree] (config>aaa>diam node)
Full Context
configure aaa diameter node
Description
This command creates a Diameter client node in the SR OS. Multiple Diameter client nodes with their own peer definitions are simultaneously supported in SR OS.
Each such node is defined by a unique DiameterIdentity (the origin host and realm names).
The no form of this command removes the origin host string from the configuration.
Parameters
- origin-host-string
-
Specifies the origin host name, up to 80 characters, is a mandatory parameter that translates to an Origin-Host AVP that is carried in all Diameter messages. The origin host and origin realm form a Diameter Identity that must be unique within the Diameter network in which they participate.
- destination-realm-string
-
Specifies the destination realm name, up to 80 characters, is an optional parameter that translates to an Origin-Realm AVP that is carried in all Diameter messages. The destination host and destination realm form a Diameter Identity that must be unique within the Diameter network in which they participate
If the realm name is not configured, it will be extracted from the host parameter as follows:
-
it is set to the string after the first dot (.) in the configured origin-host-string
-
it is set to the configured origin-host-string if a dot (.) is not present in the string
-
- create
-
Keyword used to create the Diameter client node. The create keyword requirement can be enabled or disabled in the environment>create context.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
node
Syntax
[no] node host-name
Context
[Tree] (debug>diameter node)
Full Context
debug diameter node
Description
This command debugs the Diameter node. Node-level debugging can report on all message exchange between the peers. Although this level can report messages that contain session id (app level messages), this level is session unaware. It deals strictly with getting the messages in and out of the system (connection level messages which are not routable, and application level messages which are routable).
Parameters
- host-name
-
Specifies the host name, up to 80 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
node-id
node-id
Syntax
node-id fqdn domain-name
node-id use-ip-address
Context
[Tree] (config>subscr-mgmt>pfcp-association node-id)
Full Context
configure subscriber-mgmt pfcp-association node-id
Description
This command configures the FQDN as sent in PFCP messages. This command can be configured to use the linked interface source IP address, or a pre-configured.
Default
node-id use-ip-address
Parameters
- domain-name
-
Specifies the FQDN, up to 255 characters.
- use-ip-address
-
Specifies to use the IP address of the interface configured for this association.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
node-id
Syntax
node-id node-id
no node-id
Context
[Tree] (config>router>mpls>mpls-tp node-id)
Full Context
configure router mpls mpls-tp node-id
Description
This command configures the MPLS-TP Node ID for the node. This is used as the 'from’ Node ID used by MPLS-TP LSPs originating at this node. The default value of the node-id is the system interface IPv4 address. The Node ID may be entered in 4-octet IPv4 address format, <a.b.c.d>, or as an unsigned 32 bit integer. The Node ID is not treated as a routable IP address from the perspective of IP routing, and is not advertised in any IP routing protocols.
The MPLS-TP context cannot be administratively enabled unless at least a system interface IPv4 address is configured because MPLS requires that this value is configured.
Default
no node-id
Parameters
- node-id
-
Specifies the MPLS-TP node ID for the node.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
node-id
Syntax
node-id mac-address
no node-id
Context
[Tree] (config>eth-ring node-id)
Full Context
configure eth-ring node-id
Description
This optional command configures the MAC address of the RPL control. The default is to use the chassis MAC for the ring control. This command overrides the chassis MAC address with a different MAC address.
The no form of the command removes the RPL link.
Default
no node-id
Parameters
- mac-address
-
xx:xx:xx:xx:xx:xx or xx-xx-xx-xx-xx-xx
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
node-id-in-rro
node-id-in-rro
Syntax
[no] node-id-in-rro [include | exclude]
Context
[Tree] (config>router>rsvp node-id-in-rro)
Full Context
configure router rsvp node-id-in-rro
Description
This command enables the option to include node-id sub-object in RRO. Node-ID sub-object propagation is required to provide fast reroute protection for LSP that spans across multiple area domains.
If this option is disabled, then node-id is not included in RRO object.
Default
node-id-in-rro exclude
Platforms
All
node-protect
node-protect
Syntax
[no] node-protect
Context
[Tree] (config>router>mpls>lsp-template>fast-reroute node-protect)
[Tree] (config>router>mpls>lsp>fast-reroute node-protect)
Full Context
configure router mpls lsp-template fast-reroute node-protect
configure router mpls lsp fast-reroute node-protect
Description
This command enables or disables node and link protection on the specified LSP. Node protection ensures that traffic from an LSP traversing a neighboring router will reach its destination even if the neighboring router fails.
Default
node-protect (for a provisioned LSP)
no node-protect (for a P2P LSP template)
Platforms
All
node-protect
Syntax
node-protect [max-pq-nodes value]
no node-protect
Context
[Tree] (config>router>isis>loopfree-alternates>remote-lfa node-protect)
Full Context
configure router isis loopfree-alternates remote-lfa node-protect
Description
This command enables node-protect in which the router prefers a node-protect over a link-protect repair tunnel for a given prefix if both are found in the Remote LFA or TI-LFA SPF computations. The SPF computations may only find a link-protect repair tunnel for prefixes owned by the protected node.
The no form of this command disables node-protect.
Default
no node-protect
Parameters
- value
-
Specifies the maximum number of PQ nodes found in the LFA SPFs for which the node protection check is performed. The node-protect condition means the router must run the original Remote LFA algorithm plus one extra forward SPF on behalf of each PQ node found, potentially after applying the max-pq-cost parameter, to check if the path from the PQ node to the destination does not traverse the protected node. Setting this parameter to a lower value means the LFA SPFs will use less computation time and resources but may result in not finding a node-protect repair tunnel.
Platforms
All
node-protect
Syntax
[no] node-protect
Context
[Tree] (config>router>isis>loopfree-alternates>ti-lfa node-protect)
Full Context
configure router isis loopfree-alternates ti-lfa node-protect
Description
This command enables node-protect in which the router prefers a node-protect over a link-protect repair tunnel for a given prefix if both are found in the Remote LFA or TI-LFA SPF computations. The SPF computations may only find a link-protect repair tunnel for prefixes owned by the protected node.
The no form of this command disables node-protect.
Default
no node-protect
Platforms
All
node-protect
Syntax
node-protect [max-pq-nodes value]
no node-protect
Context
[Tree] (config>router>ospf>loopfree-alternates>remote-lfa node-protect)
[Tree] (config>router>ospf3>loopfree-alternates>remote-lfa node-protect)
Full Context
configure router ospf loopfree-alternates remote-lfa node-protect
configure router ospf3 loopfree-alternates remote-lfa node-protect
Description
This command enables node-protect in which the router prefers a node-protect over a link-protect repair tunnel for a given prefix if both are found in the Remote LFA or TI-LFA SPF computations. The SPF computations may only find a link-protect repair tunnel for prefixes owned by the protected node.
The no form of this command disables node-protect.
Default
no node-protect
Parameters
- max-pq-nodes value
-
Specifies the maximum number of PQ nodes found in the LFA SPFs for which the node protection check is performed. The node-protect condition means the router must run the original Remote LFA algorithm plus one extra forward SPF on behalf of each PQ node found, potentially after applying the max-pq-cost parameter, to check if the path from the PQ node to the destination does not traverse the protected node. Setting this parameter to a lower value means the LFA SPFs will use less computation time and resources but may result in not finding a node-protect repair tunnel.
Platforms
All
node-protect
Syntax
[no] node-protect
Context
[Tree] (config>router>ospf>loopfree-alternates>ti-lfa node-protect)
[Tree] (config>router>ospf3>loopfree-alternates>ti-lfa node-protect)
Full Context
configure router ospf loopfree-alternates ti-lfa node-protect
configure router ospf3 loopfree-alternates ti-lfa node-protect
Description
This command enables node-protect in which the router prefers a node-protect over a link-protect repair tunnel for a given prefix if both are found in the Remote LFA or TI-LFA SPF computations. The SPF computations may only find a link-protect repair tunnel for prefixes owned by the protected node.
The no form of this command disables node-protect.
Default
no node-protect
Platforms
All
node-sid
node-sid
Syntax
[no] node-sid
Context
[Tree] (config>router>isis>segm-rtng>egress-statistics node-sid)
[Tree] (config>router>ospf3>segm-rtng>egress-statistics node-sid)
[Tree] (config>router>isis>segm-rtng>ingress-statistics node-sid)
[Tree] (config>router>ospf3>segm-rtng>ingress-statistics node-sid)
[Tree] (config>router>ospf>segm-rtng>ingress-statistics node-sid)
[Tree] (config>router>ospf>segm-rtng>egress-statistics node-sid)
Full Context
configure router isis segment-routing egress-statistics node-sid
configure router ospf3 segment-routing egress-statistics node-sid
configure router isis segment-routing ingress-statistics node-sid
configure router ospf3 segment-routing ingress-statistics node-sid
configure router ospf segment-routing ingress-statistics node-sid
configure router ospf segment-routing egress-statistics node-sid
Description
This command enables the allocation of statistic indices to each node SID (received by means of IGP advertisement). All NHLFEs associated to a given SID share the same index. If a statistics index is not available at allocation time, the allocation fails, then the system re-tries the allocation. The system generates a log on the first fail and a log on the final successful allocation.
The no form of this command disables the allocation of statistic indices to each node SID, releases the statistic indices, and clears the associated counters.
Default
no node-sid
Platforms
All
node-sid
Syntax
node-sid index index-value [clear-n-flag]
node-sid label label-value [clear-n-flag]
no node-sid
Context
[Tree] (config>router>ospf3>area>interface node-sid)
[Tree] (config>router>ospf>area>interface node-sid)
Full Context
configure router ospf3 area interface node-sid
configure router ospf area interface node-sid
Description
This command assigns a node SID index or label value to the prefix representing the primary address of a network interface of type system or loopback. A separate SID value can be configured for each IPv4 and IPv6 primary address of the interface. The secondary address of an IPv4 interface cannot be assigned a node SID index and does not inherit the SID of the primary IPv4 address.
In OSPFv2 and OSPFv3, the node SID is configured in the primary area but is inherited in any other area in which the interface is added as secondary.
This command fails if the network interface is not of type loopback or if the interface is defined in an IES or VPRN context. Assigning the same SID index or label value to the same interface in two different IGP instances is not allowed within the same node.
The value of the label or index SID is taken from the range configured for this IGP instance. When using the global mode of operation, the segment routing module checks that the same index or label value is not assigned to more than one loopback interface address. When using the per-instance mode of operation, this check is not required because the index, and therefore, the label ranges of IGP instances are not allowed to overlap.
The clear-n-flag option allows the user to clear the N-flag (node-sid flag) in an OSPF or OSPF3 prefix SID sub-TLV originated for the prefix of a loopback interface on the system. By default, the prefix SID sub-TLV for the prefix of a loopback interface is tagged as a node SID; that is, it belongs to this node only. However, to configure and advertise an anycast SID using the same loopback interface prefix on multiple nodes, the user must clear the N-flag to assure interoperability with third-party implementations, which may perform a strict check on the receive end and drop duplicate prefix SID sub-TLVs when the N-flag is set.
The SR OS implementation is relaxed on the receive end and accepts duplicate prefix SIDs with the N-flag set or clear. SR OS will resolve to the closest owner, or owners if ECMP, of the prefix SID cost-wise.
Parameters
- index-value
-
Specifies the node SID index value.
- label-value
-
Specifies the node SID label value.
- clear-n-flag
-
Clears the node SID flag.
Platforms
All
node-sid
Syntax
node-sid index [0..4294967295]
node-sid label [1..4294967295]
no node-sid
Context
[Tree] (config>router>ospf>area>if>flex-algo node-sid)
Full Context
configure router ospf area interface flex-algo node-sid
Description
This command configures a flexible algorithm-aware node SID label.
The no form of this command removes the configured node SID label.
Default
no node-sid
Platforms
All
node-sid
Syntax
node-sid
no node-sid
Context
[Tree] (config>router>segment-routing>sr-mpls>prefix-sids node-sid)
Full Context
configure router segment-routing sr-mpls prefix-sids node-sid
Description
This command sets the N-flag for the SR SID. The N-flag should be set when the prefix SID is a node SID for the primary prefix. If the N-flag is not set, the SR SID is an SR anycast SID.
The no form of this command removes the assigned node SID.
Default
no node-sid
Platforms
All
nokia-combined-modules
nokia-combined-modules
Syntax
[no] nokia-combined-modules
Context
[Tree] (config>system>management-interface>yang-modules nokia-combined-modules)
Full Context
configure system management-interface yang-modules nokia-combined-modules
Description
This command enables support of the "combined” Nokia SR OS YANG files for both configuration and state data in the NETCONF server.
When management-interface configuration-mode is set to classic, attempts to access (read or write) the configuration using the Nokia configuration modules or namespace via NETCONF results in errors, even if nokia-combined-modules or nokia-submodules is enabled.
This command and the nokia-submodules command cannot both be enabled at the same time.
The no form of this command disables support of the combined Nokia SR OS YANG files.
Default
nokia-combined-modules
Platforms
All
nokia-grpc-rpc-authorization
nokia-grpc-rpc-authorization
Syntax
[no] nokia-grpc-rpc-authorization
Context
[Tree] (config>service>vprn>aaa>remote-servers>tacplus>service-request nokia-grpc-rpc-authorization)
[Tree] (config>system>security>tacplus>service-request nokia-grpc-rpc-authorization)
Full Context
configure service vprn aaa remote-servers tacplus service-request nokia-grpc-rpc-authorization
configure system security tacplus service-request nokia-grpc-rpc-authorization
Description
This command enables the nokia-grpc-rpc-authorization service to be requested from the TACACS+ server after successful authentication.
The no form of this command disables the nokia-grpc-rpc-authorization service from being requested from the TACACS+ server.
Default
no nokia-grpc-rpc-authorization
Platforms
All
nokia-netconf-base-op-authorization
nokia-netconf-base-op-authorization
Syntax
[no] nokia-netconf-base-op-authorization
Context
[Tree] (config>service>vprn>aaa>remote-servers>tacplus>service-request nokia-netconf-base-op-authorization)
[Tree] (config>system>security>tacplus>service-request nokia-netconf-base-op-authorization)
Full Context
configure service vprn aaa remote-servers tacplus service-request nokia-netconf-base-op-authorization
configure system security tacplus service-request nokia-netconf-base-op-authorization
Description
This command enables the nokia-netconf-base-op-authorization service to be requested from the TACACS+ server after successful authentication.
The no form of this command disables that the nokia-netconf-base-op-authorization service from being requested from the TACACS+ server.
Default
no nokia-netconf-base-op-authorization
Platforms
All
nokia-submodules
nokia-submodules
Syntax
[no] nokia-submodules
Context
[Tree] (config>system>management-interface>yang-modules nokia-submodules)
Full Context
configure system management-interface yang-modules nokia-submodules
Description
This command enables support of the alternative submodule-based packaging of the Nokia SR OS YANG files for both configuration and state data in the SR OS NETCONF server.
When management-interface configuration-mode is set to classic, attempts to access (read or write) the configuration using the Nokia configuration modules or namespace via NETCONF results in errors, even if nokia-combined-modules or nokia-submodules is enabled.
This command and the nokia-combined-modules command cannot both be enabled at the same time.
The no form of this command disables support of submodule-based packaging of the Nokia SR OS YANG files.
Default
no nokia-submodules
Platforms
All
nokia-user
nokia-user
Syntax
[no] nokia-user
Context
[Tree] (config>service>vprn>aaa>remote-servers>tacplus>service-request nokia-user)
[Tree] (config>system>security>tacplus>service-request nokia-user)
Full Context
configure service vprn aaa remote-servers tacplus service-request nokia-user
configure system security tacplus service-request nokia-user
Description
This command enables the nokia-netconf-base-op-authorization service to be requested from the TACACS+ server after successful authentication
The no form of this command disables the nokia-netconf-base-op-authorization service from being requested from the TACACS+ server.
Default
no nokia-user
Platforms
All
non-dr-attract-traffic
non-dr-attract-traffic
Syntax
[no] non-dr-attract-traffic
Context
[Tree] (config>service>vprn>pim non-dr-attract-traffic)
Full Context
configure service vprn pim non-dr-attract-traffic
Description
This command specifies whether the router should ignore the designated router state and attract traffic even when it is not the designated router.
An operator can configure an interface (router or IES or VPRN interfaces) to IGMP and PIM. The interface IGMP state will be synchronized to the backup node if it is associated with the redundant peer port. The interface can be configured to use PIM which will cause multicast streams to be sent to the elected DR only. The DR will also be the router sending traffic to the DSLAM. Since it may be required to attract traffic to both routers a flag non-dr-attract-traffic can be used in the PIM context to have the router ignore the DR state and attract traffic when not DR. While using this flag, the router may not send the stream down to the DSLAM while not DR.
When enabled, the designated router state is ignored. When disabled, no non-dr-attract-traffic, the designated router value is honored.
Default
no non-dr-attract-traffic
Platforms
All
non-dr-attract-traffic
Syntax
non-dr-attract-traffic [from-evpn] [from-pim-mvpn]
no non-dr-attract-traffic
Context
[Tree] (config>service>vpls>bind>evpn-mcast-gateway non-dr-attract-traffic)
Full Context
configure service vpls allow-ip-int-bind evpn-mcast-gateway non-dr-attract-traffic
Description
This command triggers the required procedures so that multicast traffic can be attracted to the router when it is not elected as DR.
The no form of this command disables the attraction of non-DR traffic.
Default
non-dr-attract-traffic from-pim-mvpn
Parameters
- from-evpn
-
Specifies that non-DR traffic generates a wildcard SMET route to attract the MCAST traffic from the OISM domain. No Layer 3 IFF or PIM/C-MCAST route is triggered from received SMET routes on the non-DR.
- from-pim-mvpn
-
Specifies that non-DR traffic does not generate a wildcard SMET route but it does create an IIF or generate PIM/C-MCAST join upon receiving an SMET route. Local joins on a non-SBD service generate PIM/C-MCAST routes or SMETs despite this.
Platforms
All
non-dr-attract-traffic
Syntax
[no] non-dr-attract-traffic
Context
[Tree] (config>router>pim non-dr-attract-traffic)
Full Context
configure router pim non-dr-attract-traffic
Description
This command specifies whether the router should ignore the designated router state and attract traffic even when it is not the designated router.
An operator can configure an interface (router or IES or VPRN interfaces) to IGMP and PIM. The interface state will be synchronized to the backup node if it is associated with the redundant peer port. The interface can be configured to use PIM which will cause multicast streams to be sent to the elected DR only. The DR will also be the router sending traffic to the DSLAM. Since it may be required to attract traffic to both routers a flag non-dr-attract-traffic can be used in the PIM context to have the router ignore the DR state and attract traffic when not DR. While using this flag, the router may not send the stream down to the DSLAM while not DR.
When enabled, the designated router state is ignored.
The no form of this command the designated router value is honored.
Default
no non-dr-attract-traffic
Platforms
All
non-ip
non-ip
Syntax
[no] non-ip
Context
[Tree] (config>cflowd>collector>export-filter>family non-ip)
Full Context
configure cflowd collector export-filter family non-ip
Description
This command configures the router to prevent Layer 2 and MPLS carrying non-IP flow data from being sent to the associated cflowd collector. Collector version 10 must be configured to filter Layer 2 and MPLS carrying non-IP flow data.
The no form of this command removes the filter, allowing Layer 2 and MPLS carrying non-IP flow data to be sent to the associated cflowd collector.
Default
no non-ip
Platforms
All
non-multi-chassis-tunnel-id-range
non-multi-chassis-tunnel-id-range
Syntax
non-multi-chassis-tunnel-id-range start l2tp-tunnel-id end l2tp-tunnel-id
non-multi-chassis-tunnel-id-range default
no non-multi-chassis-tunnel-id-range
Context
[Tree] (config>system>l2tp non-multi-chassis-tunnel-id-range)
Full Context
configure system l2tp non-multi-chassis-tunnel-id-range
Description
This command sets the tunnel-id range that is used to allocate a new tunnel-id for a tunnel for which no multi-chassis redundancy is configured.
The no form of this command is a double negation and means all tunnel-IDs are configured for multi-chassis redundancy.
Default
Sets the tunnel-id range to the full tunnel-id range available on this system meaning that by default no tunnel-ID has multi-chassis redundancy.
non-multi-chassis-tunnel-id-range default or non-multi-chassis-tunnel-id-range start 1 end <maximum tunnel-id>
The default for start l2tp-tunnel-id is 1. No tunnel-ids are available for which no multi-chassis redundancy is configured when set to 0.
The default for end l2tp-tunnel-id is the maximum tunnel-id allowed on this system. The end l2tp-tunnel-id must be set to 0 when the start l2tp-tunnel-id is set to 0 and vice versa.
Parameters
- start l2tp-tunnel-id
-
Specifies the start of the range of L2TP tunnel identifiers that can be allocated by L2TP on this system, to be synchronized with Multi Chassis Redundancy Synchronization (MCS).
- end l2tp-tunnel-id
-
Specifies the end of the range of L2TP tunnel identifiers that can be allocated by L2TP on this system, to be synchronized with Multi Chassis Redundancy Synchronization (MCS).
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
non-sub-traffic
non-sub-traffic
Syntax
non-sub-traffic sub-profile sub-profile-name sla-profile sla-profile-name [subscriber sub-ident-string] [app-profile app-profile-name]
no non-sub-traffic
Context
[Tree] (config>service>vpls>sap>sub-sla-mgmt>single-sub non-sub-traffic)
[Tree] (config>subscr-mgmt>msap-policy>sub-sla-mgmt>single-sub non-sub-traffic)
[Tree] (config>service>vprn>sub-if>grp-if>sap>sub-sla-mgmt>single-sub non-sub-traffic)
[Tree] (config>service>ies>sub-if>grp-if>sap>sub-sla-mgmt>single-sub non-sub-traffic)
Full Context
configure service vpls sap sub-sla-mgmt single-sub-parameters non-sub-traffic
configure subscriber-mgmt msap-policy sub-sla-mgmt single-sub-parameters non-sub-traffic
configure service vprn subscriber-interface group-interface sap sub-sla-mgmt single-sub-parameters non-sub-traffic
configure service ies subscriber-interface group-interface sap sub-sla-mgmt single-sub-parameters non-sub-traffic
Description
This command configures traffic profiles for non-IP traffic such as PPPoE packets on a VPLS SAP. It is used in conjunction with the profiled-traffic-only command to forward non-IP traffic through the single subscriber SAP without the need for SAP queues.
The no form of this command removes any configured profile.
Parameters
- sub-profile-name
-
Specifies an existing subscriber profile name to be associated with the non-sub-traffic L2 host. The subscriber profile is configured in the config>subscr-mgmt>sub-profile context.
- sla-profile-name
-
Specifies an existing SLA profile name to be associated with the non-sub-traffic L2 host. The SLA profile is configured in the config>subscr-mgmt>sla-profile context.
- sub-ident-string
-
Specifies the subscriber ID to be associated with the non-sub-traffic L2 host. The sub-ident-string should match the dynamic subscriber associated with the SAP. If no sub-ident-string is configured and no dynamic subscriber is yet associated, then the system will use a default subscriber ID that is overridden when a dynamic subscriber is created on the SAP.
- app-profile-name
-
Specifies an existing app profile name to be associated with the non-sub-traffic L2 host. The application profile is configured in the config>app-assure>group>policy>app-prof context.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
non-vid-pid-absent
non-vid-pid-absent
Syntax
non-vid-pid-absent milli-seconds
no non-vid-pid-absent
Context
[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>channel>video>analyzer>alarms non-vid-pid-absent)
[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>video>analyzer>alarms non-vid-pid-absent)
[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>channel>source-override>video>analyzer>alarms non-vid-pid-absent)
Full Context
configure mcast-management multicast-info-policy bundle channel video analyzer alarms non-vid-pid-absent
configure mcast-management multicast-info-policy bundle video analyzer alarms non-vid-pid-absent
configure mcast-management multicast-info-policy bundle channel source-override video analyzer alarms non-vid-pid-absent
Description
This command configures the analyzer to check for a PID within the specified interval.
Default
no non-vid-pid-absent
Parameters
- milli-seconds
-
Specifies the interval, in milliseconds.
Platforms
7450 ESS, 7750 SR, 7750 SR-s
nonce-length
nonce-length
Syntax
nonce-length length
no nonce-length
Context
[Tree] (config>router>l2tp>l2tpv3 nonce-length)
[Tree] (config>service>vprn>l2tp>group>l2tpv3 nonce-length)
[Tree] (config>service>vprn>l2tp>l2tpv3 nonce-length)
Full Context
configure router l2tp l2tpv3 nonce-length
configure service vprn l2tp group l2tpv3 nonce-length
configure service vprn l2tp l2tpv3 nonce-length
Description
This command configures the length for the local L2TPv3 nonce (random number) value used in the Nonce AVP.
The no form of this command removes the nonce length from the configuration.
Default
no nonce-length
Parameters
- length
-
Specifies the length of the Nonce AVP value.
- default
-
When specified within the config>service>vprn>l2tp>group>l2tpv3 context, this is referencing to the nonce-length configuration within the config>service>vprn>l2tp>l2tpv3 context.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
normal-state
normal-state
Syntax
normal-state {open | closed}
Context
[Tree] (config>system>alarm-contact-input normal-state)
Full Context
configure system alarm-contact-input normal-state
Description
This command configures the normal state of the alarm contact input circuit. When the system detects a transition from the normal state, an alarm is generated. The alarm is cleared when the system detects a transition back to the normal state.
Configure the normal state as closed if an external power source is used to power the alarm contact inputs.
Default
normal-state open
Parameters
- open
-
Specifies that the normal state of the alarm contact input circuit is open. When the system detects a transition to the closed state, an alarm is generated. The alarm is cleared when the system detects a transition back to the open state.
- closed
-
Specifies that the normal state of the alarm contact input circuit is closed. When the system detects a transition to the open state, an alarm is generated. The alarm is cleared when the system detects a transition back to the closed state.
Platforms
7750 SR-a
notification
notification
Syntax
[no] notification
Context
[Tree] (config>port>ethernet>lldp>dstmac notification)
Full Context
configure port ethernet lldp dest-mac notification
Description
This command enables LLDP notifications.
The no form of this command disables LLDP notifications.
Default
no notification
Platforms
All
notification
Syntax
notification [neighbor ip-address | group name]
no notification
Context
[Tree] (debug>router>bgp notification)
Full Context
debug router bgp notification
Description
This command decodes and logs all sent and received notification messages in the debug log.
The no form of this command disables the debugging.
Parameters
- neighbor ip-address
-
Debugs only events affecting the specified BGP neighbor.
- group name
-
Debugs only events affecting the specified peer group name, up to 64 characters, and associated neighbors.
Platforms
All
notification
Syntax
[no] notification
Context
[Tree] (config>lag>lldp-member-template>dstmac notification)
Full Context
configure lag lldp-member-template dest-mac notification
Description
This command enables LLDP notifications.
The no form of this command disables LLDP notifications.
Default
no notification
Platforms
All
notification-bundling
notification-bundling
Syntax
notification-bundling
Context
[Tree] (config>system>telemetry notification-bundling)
Full Context
configure system telemetry notification-bundling
Description
Commands in this context configure SubscribeResponse notification bundling.
Platforms
All
notification-interval
notification-interval
Syntax
notification-interval time
no notification-interval
Context
[Tree] (config>system>lldp notification-interval)
Full Context
configure system lldp notification-interval
Description
This command configures the minimum time between change notifications.
The no form of this command reverts to the default value.
Default
no notification-interval
Parameters
- time
-
Specifies the minimum time, in seconds, between change notifications.
Platforms
All
notify-dest-change
notify-dest-change
Syntax
[no] notify-dest-change
Context
[Tree] (config>filter>redirect-policy notify-dest-change)
Full Context
configure filter redirect-policy notify-dest-change
Description
This command instructs the system to send notifications (Log, SNMP, …) when the active destination of a redirect policy changes. No notification is sent when there are no more active destinations (as this is covered by a specific other notification). Notifications can be controlled (using the config>log>event-control command) using application ID 2017 and event-name tFilterRPActiveDstChangeEvent.
The no form of the command disables notification generation.
Default
no notify-dest-change
Platforms
All
nsp-proxy
nsp-proxy
Syntax
[no] nsp-proxy
Context
[Tree] (debug>system nsp-proxy)
Full Context
debug system nsp-proxy
Description
This command enables debugging for NSP proxy.
The no form of this command disables debugging for NSP proxy.
Default
no nsp-proxy
Platforms
VSR-NRC
nssa
nssa
Syntax
[no] nssa
Context
[Tree] (config>service>vprn>ospf3>area nssa)
[Tree] (config>service>vprn>ospf>area nssa)
Full Context
configure service vprn ospf3 area nssa
configure service vprn ospf area nssa
Description
This command creates the context to configure an OSPF Not So Stubby Area (NSSA) and adds/removes the NSSA designation from the area.
NSSAs are similar to stub areas in that no external routes are imported into the area from other OSPF areas. The major difference between a stub area and an NSSA is that an NSSA has the capability to flood external routes that it learns throughout its area and via an ABR to the entire OSPF domain.
Existing virtual links of a non-stub or NSSA area are removed when the designation is changed to NSSA or stub.
An area can be designated as stub or NSSA but never both at the same time.
By default, an area is not configured as an NSSA area.
The no form of this command removes the NSSA designation and configuration context from the area.
Default
no nssa — The OSPF area is not an NSSA.
Platforms
All
nssa
Syntax
[no] nssa
Context
[Tree] (config>router>ospf3>area nssa)
[Tree] (config>router>ospf>area nssa)
Full Context
configure router ospf3 area nssa
configure router ospf area nssa
Description
This command creates the context to configure an OSPF or OSPF3 Not So Stubby Area (NSSA) and adds/removes the NSSA designation from the area.
NSSAs are similar to stub areas in that no external routes are imported into the area from other OSPF areas. The major difference between a stub area and an NSSA is an NSSA has the capability to flood external routes that it learns throughout its area and via an ABR to the entire OSPF or OSPF3 domain.
Existing virtual links of a non-stub or NSSA area will be removed when the designation is changed to NSSA or stub.
An area can be designated as stub or NSSA but never both at the same time.
By default, an area is not configured as an NSSA area.
The no form of this command removes the NSSA designation and configuration context from the area.
Default
no nssa
Platforms
All
nssa-range
nssa-range
Syntax
nssa-range [ip-address]
no nssa-range
Context
[Tree] (debug>router>ospf3 nssa-range)
[Tree] (debug>router>ospf nssa-range)
Full Context
debug router ospf3 nssa-range
debug router ospf nssa-range
Description
This command enables debugging for an NSSA range.
Parameters
- ip-address
-
Specifies the IPv4 or IPv6 address range to debug OSPF or OSPF3 leaks.
Platforms
All
ntf-logout-retry-count
ntf-logout-retry-count
Syntax
ntf-logout-retry-count [value]
no ntf-logout-retry-count
Context
[Tree] (config>router>wpp>portals>portal ntf-logout-retry-count)
[Tree] (config>service>vprn>wpp>portals>portal ntf-logout-retry-count)
Full Context
configure router wpp portals portal ntf-logout-retry-count
configure service vprn wpp portals portal ntf-logout-retry-count
Description
This command configures the number of retransmissions of an NTF_LOGOUT message.
The no form of this command reverts to the default.
Default
ntf-logout-retry-count 5
Parameters
- value
-
Specifies the number of retransmissions of an NTF_LOGOUT message.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
ntp
ntp
Syntax
[no] ntp
Context
[Tree] (config>service>vprn ntp)
Full Context
configure service vprn ntp
Description
Commands in this context configure Network Time Protocol (NTP) and its operation. It also enables NTP server mode within the VPRN routing instance so that the router will respond to NTP requests from external clients received inside the VPRN.
The no form of this command stops the execution of NTP and removes its configuration.
Platforms
All
ntp
Syntax
[no] ntp
Context
[Tree] (config>system>time ntp)
Full Context
configure system time ntp
Description
Commands in this context configure Network Time Protocol (NTP) and its operation. This protocol defines a method to accurately distribute and maintain time for network elements. Furthermore, this capability allows for the synchronization of clocks between the various network elements.
The no form of the command stops the execution of NTP and remove its configuration.
Default
ntp
Platforms
All
ntp
Syntax
ntp [router router-instance] [interface ip-int-name]
Context
[Tree] (debug>system ntp)
Full Context
debug system ntp
Description
This command enables and configures debugging for NTP.
The no form of the command disables debugging for NTP.
Parameters
- router-instance
-
Specifies the router name or CPM router instance.
- ip-int-name
-
Specifies the name of the IP interface. The name can be up to 32 characters and must begin with a letter. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes.
Platforms
All
ntp-reply
ntp-reply
Syntax
[no] ntp-reply
Context
[Tree] (config>service>ies>if>vrrp ntp-reply)
[Tree] (config>service>ies>if>ipv6>vrrp ntp-reply)
Full Context
configure service ies interface vrrp ntp-reply
configure service ies interface ipv6 vrrp ntp-reply
Description
This command enables the reception and response to NTP Requests directed at the VRRP virtual IP address. This behavior only applies the router currently acting as the master VRRP router.
The no form of this command disables NTP Requests from being processed.
Default
no ntp-reply
Platforms
All
ntp-reply
Syntax
[no] ntp-reply
Context
[Tree] (config>service>vprn>if>ipv6>vrrp ntp-reply)
[Tree] (config>service>vprn>if>vrrp ntp-reply)
Full Context
configure service vprn interface ipv6 vrrp ntp-reply
configure service vprn interface vrrp ntp-reply
Description
This command enables the reception and response to NTP Requests directed at the VRRP virtual IP address. This behavior only applies the router currently acting as the master VRRP router.
The no form of this command disables NTP Requests from being processed.
Default
no ntp-reply
Platforms
All
ntp-reply
Syntax
[no] ntp-reply
Context
[Tree] (config>router>if>ipv6>vrrp ntp-reply)
[Tree] (config>router>if>vrrp ntp-reply)
Full Context
configure router interface ipv6 vrrp ntp-reply
configure router interface vrrp ntp-reply
Description
This command enables the reception and response to NTP Requests directed at the VRRP virtual IP address. This behavior only applies the router currently acting as the master VRRP router.
The no form of this command disables NTP Requests from being processed.
Default
no ntp-reply
Platforms
All
ntp-server
ntp-server
Syntax
ntp-server [authenticate]
no ntp-server
Context
[Tree] (config>system>time>ntp ntp-server)
Full Context
configure system time ntp ntp-server
Description
This command configures the node to assume the role of an NTP server. Unless the server command is used, this node will function as an NTP client only and will not distribute the time to downstream network elements.
Default
no ntp-server
Parameters
- authenticate
-
Specifies to make authentication a requirement (optional). If authentication is required, the authentication key-id received in a message must have been configured in the authentication-key command, and that key-id type and key value must also match.
The authentication key from the received messages will be used for the transmitted messages.
Platforms
All
number
number
Syntax
number {eq | neq | lt | lte | gt | gte} event-id
no number
Context
[Tree] (config>service>vprn>log>filter>entry>match number)
Full Context
configure service vprn log filter entry match number
Description
This command adds an SR OS application event number as a match criterion.
SR OS event numbers uniquely identify a specific logging event within an application.
Only one number command can be entered per event filter entry. The latest number command overwrites the previous command.
The no form of this command removes the event number as a match criterion.
Default
no event-number — No event ID match criterion is specified.
Parameters
- eq | neq | lt | lte | gt | gte
-
Specifies the type of match. Valid operators are listed below.
- event-id
-
Specifies the event ID, expressed as a decimal integer.
Platforms
All
number
Syntax
number {eq | neq | lt | lte | gt | gte} event-id
no number
Context
[Tree] (config>log>filter>entry>match number)
Full Context
configure log filter entry match number
Description
This command adds an SR OS application event number as a match criterion.
SR OS event numbers uniquely identify a specific logging event within an application.
Only one number command can be entered per event filter entry. The latest number command overwrites the previous command.
The no form of this command removes the event number as a match criterion.
Parameters
- eq | neq | lt | lte | gt | gte
-
Specifies the type of match. Valid operators are listed in Valid Operators.
Table 2. Valid Operators Operator
Notes
eq
equal to
neq
not equal to
lt
less than
lte
less than or equal to
gt
greater than
gte
greater than or equal to
- event-id
-
The event ID, expressed as a decimal integer.
Platforms
All
number-down
number-down
Syntax
number-down number-lag-port-down level level-id
no number-down number-lag-port-down
Context
[Tree] (config>subscr-mgmt>msap-policy>vpls-only>igmp-snp>mcac>mc-constraints number-down)
Full Context
configure subscriber-mgmt msap-policy vpls-only-sap-parameters igmp-snooping mcac mc-constraints number-down
Description
This command configures the number of ports down along with level for multicast CAC policy on an MSAP.
The no form of this command reverts to the default.
Parameters
- number-lag-port-down
-
Specifies the number of port in a LAG group that are down. If the number of ports available in the LAG is reduced by the number of ports configured in this command here then bandwidth allowed for bundle and/or interface is as per the levels configured in this context.
- level-id
-
Specifies the amount of bandwidth available within a given bundle for MC traffic for a specified level.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
number-down
Syntax
number-down number-lag-port-down level level-id
no number-down number-lag-port-down
Context
[Tree] (config>service>vpls>sap>mld-snooping>mcac>mc-constraints number-down)
[Tree] (config>service>vpls>sap>igmp-snooping>mcac>mc-constraints number-down)
Full Context
configure service vpls sap mld-snooping mcac mc-constraints number-down
configure service vpls sap igmp-snooping mcac mc-constraints number-down
Description
This command configure the number of ports down along with level for multicast CAC policy on this interface.
Default
no number-down
Parameters
- number-lag-port-down
-
Specifies that the number of ports available in the LAG is reduced by the number of ports configured in this command here then bandwidth allowed for bundle and/or interface will be as per the levels configured in this context.
Platforms
All
number-down
Syntax
number-down number-lag-port-down level level-id
no number-down
Context
[Tree] (config>service>vprn>igmp>if>mcac>mc-constraints number-down)
[Tree] (config>service>vprn>pim>if>mcac>mc-constraints number-down)
[Tree] (config>service>vprn>mld>if>mcac>mc-constraints number-down)
Full Context
configure service vprn igmp interface mcac mc-constraints number-down
configure service vprn pim interface mcac mc-constraints number-down
configure service vprn mld interface mcac mc-constraints number-down
Description
This command configures the number of ports down and level for interface’s multicast CAC policy.
The no form of this command removes the values from the configuration.
Default
not enabled
Parameters
- number-lag-port-down
-
If the number of ports available in the LAG is reduced by the number of ports configured in this command here then bandwidth allowed for bundle and/or interface will be as per the levels configured in this context.
- level-id
-
Specifies an entry for the multicast CAC policy constraint level configured on this system.
Platforms
All
number-down
Syntax
number-down number-lag-port-down level level-id
no number-down number-lag-port-down
Context
[Tree] (config>router>pim>if>mcac>mc-constraints number-down)
[Tree] (config>router>mld>if>mcac>mc-constraints number-down)
[Tree] (config>router>igmp>if>mcac>mc-constraints number-down)
Full Context
configure router pim interface mcac mc-constraints number-down
configure router mld interface mcac mc-constraints number-down
configure router igmp interface mcac mc-constraints number-down
Description
This command configures the number of ports down along with level for the MCAC policy on this interface.
The no form of this command removes the values from the configuration.
Parameters
- number-lag-port-down
-
Specifies the number of LAG ports down. If the number of ports available in the LAG is reduced by the number of ports configured in this command, then the bandwidth allowed for a bundle or interface will be as per the levels configured in this context.
- level level-id
-
Specifies the bandwidth for a given level. Level 1 has the highest priority. Level 8 has the lowest priority.
Platforms
All
number-down
Syntax
[no] number-down number-of-lag-ports-down
Context
[Tree] (config>vrrp>policy>priority-event>lag-port-down number-down)
Full Context
configure vrrp policy priority-event lag-port-down number-down
Description
This command creates a context to configure an event set threshold within a lag-port-down priority control event.
The number-down command defines a sub-node within the lag-port-down event and is uniquely identified with the number-of-lag-ports-down parameter. Each number-down node within the same lag-port-down event node must have a unique number-of-lag-ports-down value. Each number-down node has its own priority command that takes effect whenever that node represents the current threshold.
The total number of sub-nodes (uniquely identified by the number-of-lag-ports-down parameter) allowed in a single lag-port-down event is equal to the total number of possible physical ports allowed in a LAG.
A number-down node is not required for each possible number of ports that could be down. The active threshold is always the closest lower threshold. When the number of ports down equals a given threshold, that is the active threshold.
The no form of the command deletes the event set threshold. The threshold may be removed at any time. If the removed threshold is the current active threshold, the event set thresholds must be re-evaluated after removal.
Default
no number-down — No threshold for the LAG priority event is created.
Parameters
- number-of-lag-ports-down
-
The number of LAG ports down to create a set event threshold. This is the active threshold when the number of down ports in the LAG equals or exceeds number-of-lag-ports-down, but does not equal or exceed the next highest configured number-of-lag-ports-down.
Platforms
All
number-paths
number-paths
Syntax
number-paths number-of-paths [redundant-sfm number-of-paths]
Context
[Tree] (config>mcast-mgmt>bw-plcy>t2>sec-path number-paths)
Full Context
configure mcast-management bandwidth-policy t2-paths secondary-path number-paths
Description
This command is used to explicitly provision the number of secondary paths (and imply the number of primary paths) supported by the TChip based forwarding plane the bandwidth policy is managing. The default (and minimum) number of secondary paths is 1 and the maximum configurable is 15. The number of primary paths is total number of available paths minus the number of secondary paths.
Secondary paths are used by:
-
Expedited VPLS, IES and VPRN service ingress multipoint queues
-
Expedited network ingress multipoint queues
-
Managed multicast explicit path primary channels (using the primary paths managed multipoint queue)
-
All managed multicast dynamic path channels when the primary paths or multicast planes are not at their limit (using the primary paths managed multipoint queue)
-
Highest preference managed multicast dynamic path channels when the primary paths or multicast planes are at their limit (using the primary paths managed multipoint queue)
Secondary paths are used by:
-
Best-Effort VPLS, IES and VPRN service ingress multipoint queues
-
Best-Effort network ingress multipoint queues
-
Managed multicast explicit path secondary channels (using the secondary paths managed multipoint queue)
-
Lower preference managed multicast dynamic path channels when the primary paths or multicast planes are at their limit (using the secondary paths managed multipoint queue)
The number of secondary paths should be increased from the default value of 1 when a single secondary path is enough for explicit secondary path managed traffic or the amount of best-effort multipoint non-managed queue traffic.
The no form of this command restores the default number of secondary paths.
Default
number-paths 1 redundant-sfm 1
Parameters
- number-of-paths
-
Specifies the number of secondary paths when only one switch fabric is active, while the dual-sfm parameter specifies the same value when two switch fabrics are active.
Platforms
7450 ESS, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-7/12/12e, 7750 SR-s, 7950 XRS, VSR
number-retries
number-retries
Syntax
number-retries number-retries
no number-retries
Context
[Tree] (config>service>vpls>mac-move number-retries)
[Tree] (config>service>template>vpls-template>mac-move number-retries)
Full Context
configure service vpls mac-move number-retries
configure service template vpls-template mac-move number-retries
Description
This command configures the number of times retries are performed for re-enabling the SAP/SDP.
Default
number-retries 3
Parameters
- number-retries
-
Specifies number of retries for re-enabling the SAP/SDP. A zero (0) value indicates unlimited number of retries.
Platforms
All