p Commands – Part III

Context

[Tree] (config>service>vprn>sub-if>wlan-gw pool-manager)

[Tree] (config>service>ies>sub-if>wlan-gw pool-manager)

Full Context

configure service vprn subscriber-interface wlan-gw pool-manager

configure service ies subscriber-interface wlan-gw pool-manager

Description

Commands in this context configure pool manager data for a WLAN GW subscriber interface.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>ies>if>dhcp>option>vendor pool-name)

[Tree] (config>service>vprn>sub-if>grp-if>dhcp>option>vendor pool-name)

[Tree] (config>service>ies>sub-if>grp-if>dhcp>option>vendor pool-name)

[Tree] (config>service>vprn>if>dhcp>option>vendor pool-name)

Full Context

configure service ies interface dhcp option vendor-specific-option pool-name

configure service vprn subscriber-interface group-interface dhcp option vendor-specific-option pool-name

configure service ies subscriber-interface group-interface dhcp option vendor-specific-option pool-name

configure service vprn interface dhcp option vendor-specific-option pool-name

Description

This command sends the pool name in the Nokia vendor specific sub-option of the DHCP relay packet.

The no form of this command reverts to the default.

Platforms

All

• configure service ies interface dhcp option vendor-specific-option pool-name
• configure service vprn interface dhcp option vendor-specific-option pool-name

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

• configure service ies subscriber-interface group-interface dhcp option vendor-specific-option pool-name
• configure service vprn subscriber-interface group-interface dhcp option vendor-specific-option pool-name

Context

[Tree] (config>service>ies>sub-if>wlan-gw>pool-manager>dhcp6-client>dhcpv4-nat pool-name)

[Tree] (config>service>ies>sub-if>wlan-gw>pool-manager>dhcp6-client>slaac pool-name)

[Tree] (config>service>ies>sub-if>wlan-gw>pool-manager>dhcp6-client>ia-na pool-name)

[Tree] (config>service>vprn>sub-if>wlan-gw>pool-manager>dhcp6-client>dhcpv4-nat pool-name)

[Tree] (config>service>vprn>sub-if>wlan-gw>pool-manager>dhcp6-client>slaac pool-name)

[Tree] (config>service>vprn>sub-if>wlan-gw>pool-manager>dhcp6-client>ia-na pool-name)

Full Context

configure service ies subscriber-interface wlan-gw pool-manager dhcpv6-client dhcpv4-nat pool-name

configure service ies subscriber-interface wlan-gw pool-manager dhcpv6-client slaac pool-name

configure service ies subscriber-interface wlan-gw pool-manager dhcpv6-client ia-na pool-name

configure service vprn subscriber-interface wlan-gw pool-manager dhcpv6-client dhcpv4-nat pool-name

configure service vprn subscriber-interface wlan-gw pool-manager dhcpv6-client slaac pool-name

configure service vprn subscriber-interface wlan-gw pool-manager dhcpv6-client ia-na pool-name

Description

This command specifies the pool name that should be sent in the DHCPv6 messages. This is reflected in the Nokia vendor specific pool option (vendor-id 6527, option-id 0x02).

The no form of this command removes pool-name and the option will not be sent in DHCPv6.

Parameters

name

Specifies the pool name up with 32 characters.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>router>if>dhcp>option>vendor-specific-option pool-name)

Full Context

configure router interface dhcp option vendor-specific-option pool-name

Description

This command enables the sending of the pool name in the Nokia vendor-specific suboption of the DHCP relay packet.

The no form of this command disables the feature.

Default

no pool-name

Platforms

All

Context

[Tree] (config>test-oam>twamp>twl>src-udp-pools>port pool-type)

Full Context

configure test-oam twamp twamp-light source-udp-port-pools port pool-type

Description

This command maps the specified source UDP port to the TWAMP Light application allowed to configure the source UDP port. The OAM-PM IP family of tests can only configure the source UDP port when the port pool UDP source port is configured with a pool-type oam-pm. The test-oam link-measurement measurement-template can only configure the src-udp-port when the port pool UDP source port is configured with pool-type link-measurement.A pool type cannot be changed if its current application (either an oam-pm session or link-measurement template) is configured to use the specified port, regardless of the administrative or operational state. The configuration reference linking to the source UDP prevents the change.

Default

pool-type oam-pm

Parameters

pool-type

Specifies the port to an application pool.

Values

oam-pm, link-measurement

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>router>mpls>if>label-map pop)

Full Context

configure router mpls interface label-map pop

Description

This command specifies that the incoming label must be popped (removed). No label stacking is supported for a static LSP. The service header follows the top label. Once the label is popped, the packet is forwarded based on the service header.

The no form of this command removes the pop action for the in-label.

Platforms

All

Context

[Tree] (config>service>vprn>if>ipv6>nd-host-route populate)

[Tree] (config>service>vprn>if>arp-host-route populate)

[Tree] (config>service>ies>if>arp-host-route populate)

Full Context

configure service vprn interface ipv6 nd-host-route populate

configure service vprn interface arp-host-route populate

configure service ies interface arp-host-route populate

Description

This command enables the creation of ARP/ND host-route entries in the route-table out of a certain ARP/ND entry type.

The no form of this command reverts to the default.

Default

no populate

Parameters

evpn

Enables the creation of ARP-ND host routes in the route table out of EVPN ARP/ND entries (entries learned from EVPN MAC/IP routes).

dynamic

Enables the creation of ARP-ND host routes in the route table out of dynamic ARP/ND entries (learned from received ARP/ND messages from the hosts).

static

Enables the creation of ARP-ND host routes in the route table out of configured static ARP/ND entries.

route-tag [1..255]

Specifies the route tag that is added in the route table for ARP-ND host routes of type evpn, dynamic, or static. This tag can be matched on BGP VRF export and BGP peer export policies.

Platforms

All

Context

[Tree] (config>redundancy>multi-chassis>peer>sync port)

Full Context

configure redundancy multi-chassis peer sync port

Description

This command specifies the port to be synchronized with the multi-chassis peer and a synchronization tag to be used while synchronizing this port with the multi-chassis peer.

Parameters

port-id

Specifies the port to be synchronized with the multi-chassis peer.

Values

port-id	slot/mda/port
lag-id	lag-id
	lag	keyword
	id	1 to 200
pw-id	pw-id
	pw	keyword
	id	1 to 10239

sync-tag

Specifies a synchronization tag, up to 32 characters in length, to be used while synchronizing this port with the multi-chassis peer.

create

Creates an entry; mandatory while creating an entry.

Platforms

All

Context

[Tree] (config port)

Full Context

configure port

Description

This command enables access to the context to configure ports, multilink bundles, and bundle protection groups (BPGs). Before a port can be configured, the chassis slot must be provisioned with a valid card type and the MDA parameter must be provisioned with a valid MDA type.

Default

No ports are configured. All ports must be explicitly configured and enabled.

Parameters

port-id

Specifies the physical port ID in the following format:

Values

slot/mda/port [.channel]

for GNSS RF ports:

A/gnss or B/gnss

eth-sat-id

Specifies the Ethernet satellite ID to be associated with this IP interface. This parameter applies to the 7950 XRS only.

Values

eth-sat-id	esat-id/slot/port
	esat	keyword
	id	1 to 20

pxc-id

Specifies the PXC ID to be associated with this IP interface. This parameter applies to the 7950 XRS only.

Values

pxc-id	pxc-id.sub-port
	pxc	keyword
	id	1 to 64
	sub-port	a, b

aps-id

This option configures APS on unbundled SONET/SDH ports. All SONET-SDH port parameters, with certain exceptions, for the working and protection circuit ports must be configured in the config>port>aps-id context. The working and protection circuit ports inherit all those parameters configured. The exception parameters for the working and protect circuits can be configured in the config>port>sonet-sdh context. Exception list commands include:

• clock-source

• [no] loopback

• [no] report-alarm

• section-trace

• [no] threshold

When an configure port aps-id is created all applicable parameters under the port CLI tree (including parameters under any submenus) assume aps-id defaults, or when those are not explicitly specified, default to SONET/SDH port defaults for any SONET port.

All but a few exception SONET/SDH parameters for the working channel port must be configured in the configure port sonet-sdh context. The protection channel inherits all the configured parameters. The exception parameters for the protection channel can be configured in the configure port sonet-sdh context.

Signal failure (SF) and signal degrade (SD) alarms are not enabled by default on POS interfaces. It is recommended to change the default alarm notification configuration for POS ports that belong to APS groups in order to be notified of SF/SD occurrences to be able to interpret the cause for an APS group to switch the active line.

For path alarms, modify the logical line aps-id in the configure port aps-id <sonet-sdh>path report-alarm context. For example:

configure port aps-1 sonet-sdh path report-alarm p-ais

For line alarms, separately, modify the 2 physical ports that are members of the logical aps-id port (the working and protect lines). APS reacts only to line alarms, not path alarms. For example:

configure port 1/2/3 sonet-sdh report-alarm lb2er-sd

configure port 4/5/6 sonet-sdh report-alarm lb2er-sd

If the SD and SF threshold rates must be modified, the changes must be performed at the line level on both the working and protect APS port member.

The no form of this command deletes an aps-group-id or bundle-aps-group-id. In order for an aps- group-id to be deleted,

The same rules apply for physical ports, bundles deletions apply to APS ports/bundles deletions (for example an aps-group-id must be shutdown, have no service configuration on it, and no path configuration on it). In addition working and protection circuits must be removed before an aps-group-id may be removed.

Values

port aps-group-id aps: keyword where group-id: 1 to 64

Example: port aps-64

connector-port-id

Specifies the physical port of a connector in the following format.

Values

slot/mda/connector/port

Platforms

All

Context

[Tree] (config>port-xc>pxc port)

Full Context

configure port-xc pxc port

Description

This command configures the referenced Ethernet port as a loopback or a cross-connect port (PXC). When this command is executed, the system automatically creates two PXC subports under this Ethernet port.

The physical PXC port does not require any external connectivity or optical transceivers to function properly. Consequently, all optic-related alarms are disabled on the port.

The physical PXC port is automatically configured as a hybrid port. The MTU is preset to 9212 bytes, the encapsulation type is set to dot1q, and dot1x tunneling is turned on.

A single physical port can be associated with more than one PXC. In other words, multiple PXCs are supported per physical port. Because PXC subports use a single physical port to transmit traffic in both directions, the nominal port bandwidth is asymmetrically divided between the two directions. For example, a 10 Gb/s Ethernet port in PXC mode can accommodate 9 Gb/s of traffic in one direction and 1 Gb/s in the other. Any other ratio can be achieved as long as the sum of the bandwidth of the two PXC subports does not exceed the bandwidth capacity of the physical port (10 Gb/s in this case).

Since the PXC uses a single physical port to transmit traffic in both directions, the nominal port bandwidth is asymmetrically divided between the two directions. For example, a 10 Gb/s Ethernet port in PXC mode can accommodate 9 Gb/s of traffic in one direction and 1 Gb/s in the other. Any other ratio can be achieved as long as the sum of the bandwidth of the two PXC subports does not exceed the bandwidth capacity of the physical port (10 Gb/s in this case).

The following rules apply to PXC port configurations:

• Only unused physical ports (not associated with an interface or SAP) can be referenced inside of a PXC ID configuration.

• The physical port cannot be removed from a PXC ID configuration if the corresponding PXC subports are currently in use.

• A physical port cannot be used outside the configured PXC context. For example, a regular IP interface cannot use this physical port, or a SAP on that port cannot be associated with a service.

The no form of this command removes the port ID from the configuration.

Parameters

port-id

Specifies the physical port in the slot/mda/port format.

Platforms

All

Context

[Tree] (config>lag port)

Full Context

configure lag port

Description

This command adds ports to a Link Aggregation Group (LAG).

The port configuration of the first port added to the LAG is used as a basis to compare to subsequently added ports. If a discrepancy is found with a newly added port, that port will not be added to the LAG.

Multiple (space separated) ports can be added or removed from the LAG link assuming the maximum of number of ports is not exceeded.

Ports that are part of a LAG must be configured with auto-negotiate limited or disabled.

The no form of this command removes ports from the LAG.

Default

No ports are defined as members of a LAG.

Parameters

port-id

Specifies the port ID.

The maximum number of ports in a LAG depends on the platform type, the hardware deployment, and the SR OS software release. Adding a port over the maximum allowed per given router or switch is blocked. Some platforms support double port scale for specific port types on LAGs with LAG ID in the range of 1 to 64 inclusive. Up to 16 ports can be specified in a single statement, up to 64 ports total.

Values

These values apply to the 7950 XRS only.

slot/mda/port
eth-sat-id	esat-id/slot/port
	esat	keyword
	id	1 to 20
pxc-id	pxc-id.sub-port
	pxc	keyword
	id	1 to 64
	sub-port	a to b

priority

Specifies the port priority used by LACP. The port priority is also used to determine the primary port. The port with the lowest priority is the primary port. In the event of a tie, the smallest port ID becomes the primary port.

Values

1 to 65535

sub-group-id

Identifies a LAG subgroup. When using subgroups in a LAG, they should only be configured on one side of the LAG, not both. Only having one side perform the active/standby selection guarantees a consistent selection and fast convergence. The active or standby selection is signaled through LACP to the other side. The hold time should be configured when using subgroups to prevent the LAG going down when switching between active and standby subgroup since momentarily all ports are down in a LAG (break-before-make).

Values

1 to 8 identifies a LAG subgroup The auto-iom subgroup is defined based on the IOM (all ports of the same IOM are assigned to the same subgroup). The auto-mda subgroup is defined based on the MDA. (all ports of the same MDA are assigned to the same subgroup).

weight

Specifies the flow hashing distribution between LAG ports.

Values

1 to 100000, port-speed

Platforms

All

Context

[Tree] (config>service>system>bgp-evpn>eth-seg port)

Full Context

configure service system bgp-evpn ethernet-segment port

Description

This command configures a port-id associated with the Ethernet-Segment. If the Ethernet-Segment is configured as all-active, then only a lag or a PW port can be associated to the Ethernet-Segment. If the Ethernet-Segment is configured as single-active, then a lag, port or sdp can be associated to the Ethernet-Segment. In any case, only one of the four objects can be configured in the Ethernet-Segment. A specified port can be part of only one Ethernet-Segment. Only Ethernet ports can be added to an Ethernet-Segment.

Default

no port

Parameters

port-id

Specifies the port ID associated to the Ethernet-Segment.

port-id	slot/mda/port [.channel]
	eth-sat-id	esat-id/slot/port
		esat	keyword
		id	1 to 20
	pxc-id	pxc-id.sub-port
		pxc	keyword
		id	1 to 64
		sub-port	a, b

Platforms

All

Context

[Tree] (config>service>sdp>binding port)

Full Context

configure service sdp binding port

Description

This command specifies the port or lag identifier, to which the pseudowire ports associated with the underlying SDP are bound. If the underlying SDP is re-routed to a port or lag other than the specified one, the pseudowire ports on the SDP are operationally brought down.

The no form of the command removes the value from the configuration.

Default

no port

Parameters

port-id

Specifies the identifier of the port in the slot/mda/port format.

port-id	slot/mda/port[.channel]
	pxc-id	psc-id.sub-port
		pxc psc-id.sub-port
		pxc: keyword
		id: 1 to 64
		sub-port: a, b
	aps-id	aps-group-id[.channel]
		aps keyword
		group-id	1 to 64
		group-id	1 to 16
	ccag-id - ccag-<id>.<path-id>[cc-type]
		ccag	keyword
		id	1 to 8
		path-id	a, b
		cc-type[.sap-net | .net-sap]
	lag-id	lag-id
		lag	keyword
		id	1 to 800

lag-id

Specifies the LAG identifier.

Platforms

All

Context

[Tree] (debug>service>id>pim-snooping port)

Full Context

debug service id pim-snooping port

Description

This command enables or disables debugging for PIM ports.

Parameters

sap-id

Only debugs packets associated with the specified SAP

sdp-id:vc-id

Only debugs packets associated with the specified SDP

detail

Provides detailed debugging information

evpn-mpls

Debugs PIM snooping statistics for EVPN-MPLS destinations

Platforms

All

Context

[Tree] (config>service>system>pw-port-list port)

Full Context

configure service system pw-port-list port

Description

This command is only applicable for VSR configurations. This command is used to select ports eligible for use with Flex PW port. Physical ports used by Flex PW port can be shared with any other Layer 2 or Layer 3 service. In other words, a Layer 3 interface using a regular SAP can be associated with a VPRN service, while the port is used by a Flex PW port. Another regular SAP from the same port can be associated with a VPLS or Epipe service at the same time.

The following rules should be followed when populating a pw-port-list:

• A port must be in hybrid mode before it is added to a pw-port-list.

• Before a port is removed from or added to a pw-port-list, all PW ports must be dissociated from the corresponding Epipe services (PW ports must be unconfigured). This implies that all PW SAPs must be deleted.

• Network interfaces (configured in the Base routing context) can be configured only on ports that are in the pw-port-list.

• A port mode (access, network, or hybrid) cannot be changed while the port is in the pw-port-list.

From this, the operator can consider adding all ports that are in hybrid mode to a pw-port-list at the beginning of the system configuration. This ensures that those ports can be used by a Flex PW port at any later time, independently of their current use.

The no form of this command removes the port ID from the configuration.

Parameters

port-id

Specifies the IP of the port.

Values

slot/mda/port: 1 to 16

Platforms

VSR

Context

[Tree] (config>service>vprn>aaa>rmt-srv>radius port)

Full Context

configure service vprn aaa remote-servers radius port

Description

This command configures the UDP port number to contact the RADIUS server.

The no form of this command reverts to the default value.

Default

port 1812 (as specified in RFC 2865, Remote Authentication Dial In User Service (RADIUS))

Parameters

port

Specifies the UDP port number to contact the RADIUS server.

Values

1 to 65535

Platforms

All

Context

[Tree] (config>service>vprn>log>syslog port)

Full Context

configure service vprn log syslog port

Description

This command configures the UDP port that will be used to send syslog messages to the syslog target host.

The port configuration is needed if the syslog target host uses a port other than the standard UDP syslog port 514.

Only one port can be configured. If multiple port commands are entered, the last entered port overwrites the previously entered ports.

The no form of this command reverts to default value.

Default

no port

Parameters

value

The value is the configured UDP port number used when sending syslog messages.

Values

1 to 65535

Platforms

All

Context

[Tree] (config>app-assure>group>event-log>syslog port)

Full Context

configure application-assurance group event-log syslog port

Description

This command specifies the UDP port used by application assurance to inject the syslog events inband.

Default

port 514

Parameters

port

Specifies the UDP port number.

Values

0 to 65535

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>app-assure>group>port-list port)

Full Context

configure application-assurance group port-list port

Description

This command specifies the server TCP or UDP port number to use in the port list definition.

The no form of this command restores the default by removing port number from the port list.

Default

no port

Parameters

port-number

Specifies the port number.

Values

0 to 65535

start-port-number

Specifies the start port number.

Values

0 to 65535

end-port-number

Specifies the end port number.

Values

0 to 65535

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>mirror>mirror-source port)

Full Context

configure mirror mirror-source port

Description

This command enables mirroring of traffic ingressing or egressing a port (Ethernet port, SONET/SDH channel, TDM channel, or Link Aggregation Group (LAG)).

The port command associates a port or LAG to a mirror source. The port is identified by the port-id. The defined port may be Ethernet, Access or network, SONET/SDH, or TDM channel access. A network port may be a single port or a Link Aggregation Group (LAG) ID. When a LAG ID is given as the port-id, mirroring is enabled on all ports making up the LAG. If the port is a SONET/SDH interface, the channel-id must be specified to identify which channel is being mirrored (applies to the 7450 ESS and 7750 SR). Either a LAG port member or the LAG port can be mirrored.

The port is only referenced in the mirror source for mirroring purposes. The mirror source association does not need to be removed before deleting the card to which the port belongs. If the port is removed from the system, the mirroring association will be removed from the mirror source.

The same port may not be associated with multiple mirror source definitions with the ingress parameter defined. The same port may not be associated with multiple mirror source definitions with the egress parameter defined.

If a SAP is mirrored on an access port, the SAP mirroring will have precedence over the access port mirroring when a packet matches the SAP mirroring criteria. Filter and label mirroring destinations will also precedence over a port-mirroring destination.

If the port is not associated with a mirror-source, packets on that port will not be mirrored. Mirroring may still be defined for a SAP, label or filter entry, which will mirror based on a more specific criteria.

The encapsulation type on an access port or channel cannot be changed to Frame Relay if it is being mirrored (applies to the 7750 SR and 7450 ESS).

The no port command disables port mirroring for the specified port. Mirroring of packets on the port may continue due to more specific mirror criteria. If the egress or ingress parameter keywords are specified in the no command, only the ingress or egress mirroring condition will be removed.

Parameters

port-id

Specifies the port ID of the 7750 SR or 7950 XRS.

The following syntax applies to the 7750 SR:

port-id	slot/mda/port [.channel]
	eth-sat-id	esat-id/slot/port
		esat	keyword
		id	1 to 20
	pxc-id	pxc-id.sub-port
		pxc	keyword
		id	1 to 64
		sub-port	a, b
	bgrp-id	bpgrp-type-bpgrp-num
		bgrp	keyword
		type	ima, ppp
		bgrp-num	1 to 2000
	ccag-id	ccag-id.path-id cc-type:cc-id
		ccag	keyword
		id	1 to 8
		path-id	a, b
		cc-type	sap-net, .net-sap
		cc-id	0 to 4094

The following syntax applies to the 7950 XRS:

port-id	slot/mda/port [.channel]
	eth-sat-id	esat-id/slot/port
		esat	keyword
		id	1 to 20
	pxc-id	pxc-id.sub-port
		pxc	keyword
		id	1 to 64
		sub-port	a, b

lag-id

The LAG identifier, expressed as a decimal integer.

Note:

On the 7950 XRS, the XMA ID takes the place of the MDA.

Values

1 to 800

egress

Specifies that packets egressing the port should be mirrored. Egress packets are mirrored to the mirror destination after egress packet modification.

ingress

Specifies that packets ingressing the port should be mirrored. Ingress packets are mirrored to the mirror destination prior to ingress packet modification.

Platforms

All

Context

[Tree] (config>li>li-source port)

Full Context

configure li li-source port

Description

This command specifies the port to perform lawful intercept. It is recommended when configuring li-source>port criteria, the li-source should only contain ports. All other criteria such as SAPs and subscribers should use a different li-source.

The no form of this command reverts to the default.

Parameters

port-id

Specifies the port ID to perform lawful intercept.

port-id	slot/mda/port [.channel]
	aps-id	aps-<group-id>[.channel]
		aps	keyword
		group-id	1 to 128
	eth-sat-id	esat-<id>/<slot>/[u]<port>
		esat	keyword
		id	1 to 20
		u	keyword for up-link port
	tdm-sat-id	tsat-<id>/<slot>/[<u>]<port>.<channel>
		tsat	keyword
		id	1 to 20
		u	keyword for up-link port
	pxc-id	pxc-<id>.<sub-port>
		pxc	keyword
		id	1 to 64
		sub-port	a, b

lag-id

The LAG identifier, expressed as a decimal integer.

Note:

On the 7950 XRS, the XMA ID takes the place of the MDA.

Values

1 to 800

egress

Performs lawful intercept on egress traffic.

ingress

Performs lawful intercept on ingress traffic.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>li>x-interfaces>lics>lic port)

Full Context

configure li x-interfaces lics lic port

Description

This command configures the TCP port associated with this LIC.

The no form of this command reverts to the default.

Parameters

tcp-port

Specifies the TCP source port of the LIC.

Values

1 to 65535

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>li>x-interfaces>x1 port)

Full Context

configure li x-interfaces x1 port

Description

This command configures the TCP port for the X1 interface. The system listens to this port and uses it as the source TCP port.

The no form of this command reverts to the default.

Parameters

tcp-port

Specifies the TCP port.

Values

1 to 65535

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (debug>mirror-source port)

Full Context

debug mirror-source port

Description

This command enables mirroring of traffic ingressing or egressing a port (Ethernet port, SONET/SDH channel, TDM channel, or Link Aggregation Group (LAG)).

The port command associates a port or LAG to a mirror source. The port is identified by the port-id. The defined port may be Ethernet, Access or network, SONET/SDH, or TDM channel access. A network port may be a single port or a Link Aggregation Group (LAG) ID. When a LAG ID is given as the port-id, mirroring is enabled on all ports making up the LAG. If the port is a SONET/SDH interface, the channel-id must be specified to identify which channel is being mirrored (applies to the 7450 ESS and 7750 SR). Either a LAG port member or the LAG port can be mirrored.

The port is only referenced in the mirror source for mirroring purposes. The mirror source association does not need to be removed before deleting the card to which the port belongs. If the port is removed from the system, the mirroring association will be removed from the mirror source.

The same port may not be associated with multiple mirror source definitions with the ingress parameter defined. The same port may not be associated with multiple mirror source definitions with the egress parameter defined.

If a SAP is mirrored on an access port, the SAP mirroring will have precedence over the access port mirroring when a packet matches the SAP mirroring criteria. Filter and label mirroring destinations will also precedence over a port-mirroring destination.

If the port is not associated with a mirror-source, packets on that port will not be mirrored. Mirroring may still be defined for a SAP, label or filter entry, which will mirror based on a more specific criteria.

The encapsulation type on an access port or channel cannot be changed to Frame Relay if it is being mirrored (applies to the 7750 SR and 7450 ESS).

The no port command disables port mirroring for the specified port. Mirroring of packets on the port may continue due to more specific mirror criteria. If the egress or ingress parameter keywords are specified in the no command, only the ingress or egress mirroring condition will be removed.

Parameters

port-id

Specifies the port ID of the 7750 SR or 7950 XRS.

The following syntax applies to the 7750 SR:

port-id	slot/mda/port [.channel]
	eth-sat-id	esat-id/slot/port
		esat	keyword
		id	1 to 20
	pxc-id	pxc-id.sub-port
		pxc	keyword
		id	1 to 64
		sub-port	a, b
	ccag-id	ccag-id.path-id cc-type:cc-id
		ccag	keyword
		id	1 to 8
		path-id	a,b
		cc-type	sap-net, net-sap
		cc-id	0 to 4094

The following syntax applies to the 7950 XRS:

port-id	slot/mda/port [.channel]
	eth-sat-id	esat-id/slot/port
		esat	keyword
		id	1 to 20
	pxc-id	pxc-id.sub-port
		pxc	keyword
		id	1 to 64
		sub-port	a, b

lag-id

Specifies the LAG identifier, expressed as a decimal integer.

Note:

On the 7950 XRS, the XMA ID takes the place of the MDA.

Values

1 to 800

egress

Specifies that packets egressing the port should be mirrored. Egress packets are mirrored to the mirror destination after egress packet modification.

ingress

Specifies that packets ingressing the port should be mirrored. Ingress packets are mirrored to the mirror destination prior to ingress packet modification.

Platforms

All

Context

[Tree] (config>filter>ipv6-exception>entry>match port)

[Tree] (config>filter>ip-filter>entry>match port)

[Tree] (config>filter>ipv6-filter>entry>match port)

Full Context

configure filter ipv6-exception entry match port

configure filter ip-filter entry match port

configure filter ipv6-filter entry match port

Description

This command configures a TCP/UDP/SCTP source or destination port match criterion in IPv4 and IPv6 CPM (SCTP not supported) and/or ACL filter policies. A packet matches this criterion if the packet TCP/UDP/SCTP (as configured by protocol/next-header match) source OR destination port matches either the specified port value or a port in the specified port range or port-list.

Operational Note: This command is mutually exclusive with src-port and dst-port commands. Configuring "port eq 0", may match non-initial fragments where the source/destination port values are not present in a packet fragment if other match criteria are also met.

The no form of this command deletes the specified port match criterion.

Default

no port

Parameters

lt | gt | eq

Specifies the operator to use relative to port-number for specifying the port number match criteria.

lt

Specifies that all port numbers less than port-number match.

gt

Specifies that all port numbers greater than port-number match.

eq

Specifies that the port-number must be an exact match.

port-number

Specifies a source or destination port to be used as a match criterion. The port number can be expressed as a decimal integer, as well as in hexadecimal or binary format. The following value shows a decimal integer only.

Values

0 to 65535

port-list port-list-name

Specifies an inclusive range of source or destination port values to be used as match criteria.

range port-number port-number

Specifies an inclusive range of source or destination port values to be used as match criteria.

Platforms

VSR

• configure filter ipv6-exception entry match port

All

• configure filter ip-filter entry match port
• configure filter ipv6-filter entry match port

Context

[Tree] (config>filter>match-list>port-list port)

Full Context

configure filter match-list port-list port

Description

This command adds a port or a range of ports to an existing port match list. The no form of this command deletes the specified port or range of ports form the list.

Parameters

port-number

Specifies the port number to add to the list. The port number can be expressed as a decimal integer, as well as in hexadecimal or binary format. Below shows decimal integer only.

Values

0 to 65535

start end

Specifies an inclusive port range between two port numbers values. The start of the range and end of the range can be expressed as decimal integers, as well as in hexadecimal or binary format. The following value shows decimal integer only.

Values

0 to 65535

Platforms

All

Context

[Tree] (config>router>origin-validation>rpki-session port)

Full Context

configure router origin-validation rpki-session port

Description

This command configures the destination port number to use when contacting the cache server. The default port number is 323. The port cannot be changed without first shutting down the session.

Default

no port

Parameters

port-id

Specifies a port ID.

Values

0 to 65535

Platforms

All

Context

[Tree] (config>router>if port)

Full Context

configure router interface port

Description

This command creates an association with a logical IP interface and a physical port.

An interface can also be associated with the system (loopback address).

The command returns an error if the interface is already associated with another port or the system. In this case, the association must be deleted before the command is re-attempted. The port-id or port-id for Ethernet ports can be in one of the following forms:

Ethernet interfaces

If the card in the slot has MDAs/XMAs, port-id is in the slot_number/MDA or XMA _number/port_number format; for example, 1/1/3 specifies port 3 of the MDA/XMA installed in MDA/XMA slot 1 on the card installed in chassis slot 1.

SONET/SDH interfaces

When the port-id represents a POS interface, the port-id must include the channel-id. The POS interface must be configured as a network port.

The no form of this command deletes the association with the port. The no form of this command can only be performed when the interface is administratively down.

Default

no port

Parameters

port-name

The physical port identifier to associate with the IP interface.

Values

The following values apply to the 7750 SR and 7450 ESS:

Table 1. Port Names

port-name	port-id[:encap-val]
	encap-val	0 for null
		[0 to 4094] for dot1q
		[0 to 4094].* [1 to 4094].[0to 4094] for qinq
port-id	slot/mda/port[.channel]
	aps-id	aps-<group-id>[.channel]
	aps	keyword
	group-id	1 to 128
	ccag-id	ccag-<id>.<path-id>[cc-type]
	ccag	keyword
	id	1 to 8
	path-id	a, b
	cc-type	[.sap-net| .net-sap]
	eth-tunnel-id	eth-tunnel-<id>
	eth-tunnel	keyword
	id	1 to 1024
	lag-id	lag-<id>
	lag	keyword
	id	1 to 800
	id	1 to 1024
	eth-sat-id	esat-<id>/<slot>/[u]<port>
	esat	keyword
	id	1 to 20
	u	keyword for up-link port

Values

The following values apply to the 7950 XRS:

Table 2. Port Names

port-name	<port-id>[:encap-val]
	encap-val	0 for null
		0 to 4094 for dot1q
		0 to 4094.* [1..4094].[0..4094] for qinq
port-id	slot/mda/port[.channel]
	eth-tunnel-id	eth-tunnel-<id>
	eth-tunnel	keyword
	id	1 to 1024
	lag-id	lag-<id>
	lag	keyword
	id	1 to 800
	id	1 to 1024
	eth-sat-id	esat-<id>/<slot>/[u]<port>
	esat	keyword
	id	1 to 20
	u	keyword for up-link port
	pxc-id	pxc-<id>.<sub-port>
	pxc	keyword
	id	1 to 64
	sub-port	a to b

Platforms

All

Context

[Tree] (config>system>port-topology port)

Full Context

configure system port-topology port

Description

This command is used for satellites. It identifies to the SR OS that there is an internal connection between two ports.

Permitted pairings of the two ports are:

For satellites, this command configures the binding between a host port ID and the satellite uplink from the satellite chassis. The port topology can be configured with the host connected to a satellite uplink or the satellite uplink port connected to the specified host port. Both configurations are supported, as shown in the following examples:

*A:Dut-A# configure system port-topology port esat-1/1/u4 to 1/2/2 create 
*A:Dut-A# configure system port-topology no port esat-1/1/u4 
*A:Dut-A# configure system port-topology port 1/2/2 to esat-1/1/u4 create 
*A:Dut-A# configure system port-topology no port 1/2/2

The no form of the command removes the internal connection.

Default

no port port-id

Parameters

port-id

Specifies one port of an internal port connection. These ports can be router ports or Ethernet satellite uplink ports. Acceptable pairings are defined in the command description.

Values

(Router port)
slot/mda/port
	slot	The slot number of the card in the chassis. The maximum slot number is platform dependent. Refer to the hardware installation guides for more information.
	mda	[1 to 2]
	port	[1 to 160] (depending on the MDA type)
(Ethernet satellite uplink port)
esat-id/slot/uport
	esat	keyword
	id	[1 to 20]
	slot	[1]
	u	keyword for up-link port
	port	[1 to 4]

create

Specifies the keyword required to create the binding between the two ports.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>system>satellite>port-template port)

Full Context

configure system satellite port-template port

Description

This command specifies the satellite port to be reconfigured.

The no form of this command deletes the specified port configuration.

Parameters

port-id

Specifies the satellite physical port ID. This must use the format slot/mda/port. Currently, all satellites have a single slot and a single MDA, so these values will always be 1. For example, port 10 would be specified as 1/1/10.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>system>ptp port)

Full Context

configure system ptp port

Description

This command configures PTP over Ethernet on the physical port. The PTP process shall transmit and receive PTP messages through the port using Ethernet encapsulation (as opposed to UDP/IPv4 encapsulation).

The frames are transmitted with no VLAN tags even if the port is configured for dot1q or qinq modes for encap-type. In addition, the received frames from the external PTP clock must also be untagged.

There are two reserved multicast addresses allocated for PTP messages (see Annex F IEEE Std 1588™-2008). Either address can be configured for the PTP messages sent through this port.

A PTP port may not be created if the PTP profile is set g8265dot1-2010.

If the port specified in the port-id supports 1588 port based timestamping, then a side effect of enabling PTP over Ethernet on the port shall be the enabling of Synchronous Ethernet on that port.

De-provisioning of the card or MDA containing the specified port is not permitted while the port is configured within PTP.

Changing the encapsulation or the port type of the Ethernet port is not permitted when PTP Ethernet Multicast operation is configured on the port.

To allocate an ethernet satellite client port as a PTP port, the ethernet satellite must first be enabled for the transparent clock function. For more information, see the config>system>satellite>eth-sat ptp-tc command.

The SyncE/1588 ports of the CPM and CCMs can be specified as a PTP port. These use the 'A/3’ and 'B/3’ designation and they both must be specified as two PTP ports if both are to be used. The active CPM sends and receives messages on both ports if they are specified and enabled.

Parameters

port-id

Specifies a specific physical port.

Values

slot/mda/port

create

Creates the PTP port. This keyword is required when first creating the PTP port, if the system is configured to require it (enabled in the environment create command). Once the PTP port is created, it is possible to navigate into the context without the create keyword.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>log>syslog port)

Full Context

configure log syslog port

Description

This command configures the UDP port that will be used to send syslog messages to the syslog target host.

The port configuration is needed if the syslog target host uses a port other than the standard UDP syslog port 514.

Only one port can be configured. If multiple port commands are entered, the last entered port overwrites the previously entered ports.

The no form of this command removes the value from the configuration.

Parameters

value

Specifies the value that is the configured UDP port number used when sending syslog messages.

Values

1 to 65535

Platforms

All

Context

[Tree] (config>system>netconf>listen port)

Full Context

configure system netconf listen port

Description

This command specifies the port on which the SR OS NETCONF server listens for new connections. Only one port can be configured for NETCONF management.

The configured port applies to both non-VPRN and VPRN management. New NETCONF connections are able to use the configured port. The SR OS NETCONF server errors if a port, different from the configured port, is used to SSH to the SR OS NETCONF server. For NETCONF connections not using VPRN management, active NETCONF connections are not disconnected if the port used to establish the connections is changed. For NETCONF connections using VPRN management, active NETCONF connections are disconnected if the port used to establish the connections is changed.

The no form of this command resets the port on which the SR OS NETCONF server listens to the default port of 830.

Parameters

port

Specifies the port on which NETCONF listens for new connections.

Values

22, 830

Default

830

Platforms

All

Context

[Tree] (config>system>security>cpm-filter>ipv6-filter>entry>match port)

[Tree] (config>system>security>cpm-filter>ip-filter>entry>match port)

Full Context

configure system security cpm-filter ipv6-filter entry match port

configure system security cpm-filter ip-filter entry match port

Description

This command configures a TCP/UDP source or destination port match criterion in IPv4 and IPv6 CPM filter policies. A packet matches this criterion if packet’s TCP/UDP (as configured by protocol/next-header match) source OR destination port matches either the specified port value or a port in the specified port range or port list.

This command is mutually exclusive with src-port and dst-port commands.

The no form of this command deletes the specified port match criterion.

Default

no port

Parameters

tcp/udp port-number

Specifies the source or destination port to be used as a match criterion specified as a decimal integer.

Values

0 to 65535

mask

Specifies the 16 bit mask to be applied when matching the port.

Values

[0x0000 to 0xFFFF] | [0 to 65535] | [0b0000000000000000. to 0b1111111111111111]

range tcp/udp port-number

Specifies an inclusive range of source or destination port values to be used as match criteria. start of the range and end of the range are expressed as decimal integers.

Values

start, end, port-number: 1 to 65535

port-list port-list-name

Specifies a string of up to 32 characters of printable ASCII characters. If special characters are used, the string must be enclosed within double quotes.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>system>security>radius port)

Full Context

configure system security radius port

Description

This command configures the TCP port number to contact the RADIUS server.

The no form of this command reverts to the default value.

Default

port 1812 (as specified in RFC 2865, Remote Authentication Dial In User Service (RADIUS))

Parameters

port

Specifies the TCP port number to contact the RADIUS server.

Values

1 to 65535

Platforms

All

Context

[Tree] (config>qos>match-list>port-list port)

Full Context

configure qos match-list port-list port

Description

This command adds a port or a range of ports to an existing port match list.

The no form of this command deletes the specified port or range of ports form the list.

Parameters

port-number

Specifies the port number to add to the list. The port number can be expressed as a decimal integer, as well as in hexadecimal or binary format. Below shows decimal integer only.

Values

0 to 65535

range

Keyword specifying a range of port values.

start

Specifies the start of the port range, expressed as decimal integers, as well as in hexadecimal or binary format. The following value shows decimal integer only.

Values

0 to 65534

end

Specifies the end of the port range, expressed as decimal integers, as well as in hexadecimal or binary format. The following value shows decimal integer only.

Values

1 to 65535

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>system>grpc-tunnel>tunnel>handler port)

Full Context

configure system grpc-tunnel tunnel handler port

Description

This command assigns the TCP port number that the handler listens to internally.

The no form of this command disables the handler from listening to a TCP port.

Default

no port

Parameters

port

Specifies the TCP port number.

Values

1 to 65535

Platforms

All

Context

[Tree] (config>test-oam>twamp>twl>src-udp-pools port)

Full Context

configure test-oam twamp twamp-light source-udp-port-pools port

Description

This command configures the TWAMP Light reserved source UDP ports to be mapped to a specific TWAMP Light or STAMP application.

Parameters

port-number

Specifies the TWAMP Light reserved source UDP port number.

Values

64374 to 64383

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (debug>open-flow>of-switch port)

Full Context

debug open-flow of-switch port

Description

This command enables debugging of a port or ports associated with the OpenFlow switch.

The no form of this command disables debugging of a port or ports associated with the OpenFlow switch.

Parameters

detail

Keyword used to specify detailed debugging information about a port or ports associated with the OpenFlow switch.

Platforms

VSR

Context

[Tree] (debug>open-flow port)

Full Context

debug open-flow port

Description

This command enables debugging of a port or ports associated with OpenFlow.

The no form of this command disables debugging of a port or ports associated with OpenFlow.

Parameters

detail

Keyword used to specify detailed debugging information about the port associated with OpenFlow.

Platforms

VSR

Context

[Tree] (config>service>vprn>nat>outside>pool port-block-extensions)

[Tree] (config>router>nat>outside>pool port-block-extensions)

Full Context

configure service vprn nat outside pool port-block-extensions

configure router nat outside pool port-block-extensions

Description

This command configures a port block reserved for a dynamic NAT traffic flow for each subscriber with a port forwarding entry.

The no form of this command removes the values from the configuration.

Parameters

num-ports

Specifies the size of extended port-block for L2-aware subscribers

Values

10 to 5000

number

Specifies the limit of L2-aware NAT subscribers per an outside IP address

Values

2 to 2000

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>nat>up-nat-policy port-block-extensions)

Full Context

configure service nat up-nat-policy port-block-extensions

Description

Commands in this context configure the attributes for dynamic allocation of NAT port blocks beyond the initial port blocks.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>qos>hs-pool-policy>mid-tier>mid-pool port-bw-oversub-factor)

Full Context

configure qos hs-pool-policy mid-tier mid-pool port-bw-oversub-factor

Description

This command modifies the size of the mid-pool when calculating the port-class pool sizes based on port bandwidth ratios. The command does not actually change the size of the mid-pool, only the size reported to the port-class pool sizing function.

Port-class pools can be sized in one of two ways: dynamically (proportionate to the bandwidth of each port) or explicitly (based on a percentage of the parent mid-pool). Explicit percentages require careful determination of the amount to give each pool. The dynamic sizing function attempts to automatically size each pool based on the relative amount of bandwidth each port-class pool is supporting compared to other port’s port-class pools. This is accomplished by determining a dynamic weight for each port with port-class pools mapped to a given mid-pool. As true with any weighted behavior, the mid-pool buffer allocation resource is distributed in a non-oversubscribed manner to its child port-class pools. The port-bw-oversub-factor oversubscription-factor allows this distribution mechanism to become proportionally oversubscribed based on the defined factor. An oversubscription-factor of 1.5 causes the port-class pool dynamic sizes to be 1.5 times bigger, allowing for a potentially more efficient utilization of the buffers represented by mid-pool.

The port-bw-oversub-factor oversubscription-factor for a mid-pool can be modified at any time, causing the corresponding port-class pool dynamic sizes to be recalculated.

A similar behavior can be obtained by increasing the mid-pool’s allocation-percent of its parent root-pool. However, the major difference in using port-bw-oversub-factor is that it provides larger port-class pools without allowing the mid-pool to use a higher number of buffers in the root pool.

The no form of the command reverts to the default.

Default

port-bw-oversub-factor 1

Parameters

oversubscription-factor

Specifies the factor by which the dynamically-sized port-class pools associated with the mid-pool may oversubscribe the mid-pool. This parameter is required when the port-bw-oversub-factor command is executed.

Values

1 to 10

Platforms

7750 SR-7/12/12e

Context

[Tree] (config>port>ethernet>dot1x port-control)

Full Context

configure port ethernet dot1x port-control

Description

This command configures the 802.1x authentication mode.

The no form of this command returns the value to the default.

Default

port-control force-auth

Parameters

force-auth

Disables 802.1x authentication and causes the port to transition to the authorized state without requiring any authentication exchange. The port transmits and receives normal traffic without requiring 802.1x-based host authentication.

force-unauth

Causes the port to remain in the unauthorized state, ignoring all attempts by the hosts to authenticate. The switch cannot provide authentication services to the host through the interface.

auto

Enables 802.1x authentication. The port starts in the unauthorized state, allowing only EAPoL frames to be sent and received through the port. Both the router and the host can initiate an authentication procedure. The port will remain in unauthorized state (no traffic except EAPoL frames is allowed) until the first client is authenticated successfully. After this, traffic is allowed on the port for all connected hosts.

Platforms

All

Context

[Tree] (config>subscr-mgmt>ancp>ancp-policy port-down)

Full Context

configure subscriber-mgmt ancp ancp-policy port-down

Description

Commands in this context configure the actions taken on port-down.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>vrrp>policy>priority-event port-down)

Full Context

configure vrrp policy priority-event port-down

Description

This command configures a port down priority control event that monitors the operational state of a port or SONET/SDH channel. When the port or channel enters the operational down state, the event is considered set. When the port or channel enters the operational up state, the event is considered cleared.

Multiple unique port-down event nodes can be configured within the priority-event context up to the overall limit of 32 events. Up to 32 events can be defined in any combination of types.

The port-down command can reference an arbitrary port or channel. The port or channel does not need to be preprovisioned or populated within the system. The operational state of the port-down event is set as follows:

• Set – non-provisioned

• Set – not populated

• Set – down

• Cleared – up

When the port or channel is provisioned, populated, or enters the operationally up or down state, the event operational state is updated appropriately.

When the event enters the operationally down, non-provisioned, or non-populated state, the event is considered to be set. When an event transitions from clear to set, the set is processed immediately and must be reflected in the associated virtual router instances in-use priority value. As the event transitions from cleared to set, a hold-set timer is loaded with the value configured by the events hold-set command. This timer prevents the event from clearing until it expires, damping the effect of event flapping. If the event clears and becomes set again before the hold-set timer expires, the timer is reset to the hold-set value, extending the time before another clear can take effect.

When the event enters the operationally up state, the event is considered to be cleared. Once the events hold-set expires, the effects of the events priority value are immediately removed from the in-use priority of all associated virtual router instances.

The actual effect on the virtual router instance in-use priority value depends on the defined event priority and its delta or explicit nature.

The no form of the command deletes the specific port or channel monitoring event. The event may be removed at anytime. When the event is removed, the in-use priority of all associated virtual router instances will be re-evaluated. The events hold-set timer has no effect on the removal procedure.

Default

no port-down — No port down priority control events are defined.

Parameters

port-id

The port ID of the port monitored by the VRRP priority control event.

The port-id can only be monitored by a single event in this policy. The port can be monitored by multiple VRRP priority control policies. A port and a specific channel on the port are considered to be separate entities. A port and a channel on the port can be monitored by separate events in the same policy.

Values

The following values apply to the 7750 SR:

slot/mda/port[.channel]
eth-sat-id	esat-id/slot/port
	esat	keyword
	id	1 to 20
pxc-id	pxc-id.sub-port
	pxc	keyword
	id	1 to 64
	sub-port	a, b
aps-id	aps-group-id[.channel]
	aps	keyword
	group-id	1 to 64
ccag-id	ccag-id. path-id[cc-type]
	ccag	keyword
	id	1 to 8
	path-id	a, b
	cc-type	.sap-net, .net-sap

Values

The following values apply to the 7450 ESS:

port-id	slot/mda/port[.channel]
	eth-sat-id	esat-id/slot/port
		esat	keyword
		id	1 to 20
	pxc-id	pxc-id.sub-port
		pxc	keyword
		id	1 to 64
		sub-port	a, b
	ccag-id	ccag-id. path-id[cc-type]
		ccag	keyword
		id	1 to 8
		path-id	a, b
		cc-type	.sap-net, .net-sap

The POS channel on the port monitored by the VRRP priority control event. The port-id. channel-id can only be monitored by a single event in this policy. The channel can be monitored by multiple VRRP priority control policies. A port and a specific channel on the port are considered to be separate entities. A port and a channel on the port can be monitored by separate events in the same policy.

If the port is provisioned, but the channel does not exist or the port has not been populated, the appropriate event operational state is Set – non-populated.

If the port is not provisioned, the event operational state is Set – non-provisioned.

If the POS interface is configured as a clear-channel, the channel-id is 1 and the channel bandwidth is the full bandwidth of the port.

Platforms

All

Context

[Tree] (config>service>vprn>wpp>portals>portal port-format)

[Tree] (config>router>wpp>portals>portal port-format)

Full Context

configure service vprn wpp portals portal port-format

configure router wpp portals portal port-format

Description

This command specifies the encoding format of WPP port attribute.

The standard format is as follows:

<0 to 20 character system-name><1 character separator><2-digit slot><1-digit mda><2-digit port><4-digit top><5-digit bottom>

As a general rule, if a value is not present or is too large to fit in the field, is the field set to all zeros. The following rules apply to standard formats.

• With a standard port, when the separator is a "-” character, the slot is the slot-id, mda is the mda-id, and the port is the port-id.

• With an ESAT port, when the separator is a ":” character, the slot is the satellite-id, MDA is satellite slot-id, and the port is satellite port-id.

• With a PXC port, when separator is a "#” character, the MDA is the PXC subport-id, and the port is the PXC port-id.

• With a LAG port, the port is the lag-id.

• With a connector port, the slot is the slot-id, the MDA is the mda-id, and the port is the connector-id.

The vendor-specific format is as follows:

With dot1q, append "%u” with the top vlan-id.

With qinq, append "%u.%u” with the top vlan-id and the bottom vlan-id.

As a general rule, there can be no trailing zeros. The string truncates if it becomes too long. 0 to 16 characters are allowed for the system name. The following rules apply to vendor-specific formats.

• With a standard port, append "%s-%u/%u/%” with the system-name, slot-id, mda-id, and port-id.

• With an ESAT port, append "%s-S%u/%u/%u” with the system-name, satellite-id, satellite-slot-id, and satellite-port-id.

• With a PXC port, append "%s-P%u%c” with the system-name, PXC port-id, and PXC subport-id ? 'a' : 'b'.

• With a LAG port, append "%s-L%u” with the system-name and lag-id.

• With a connector port append "%s-%u%uc%u/%u” with the system-name, slot-id, mda-id, connector-id, and connector-port-id.

The no form of this command reverts to the default.

Default

port-format standard

Parameters

formatting

Specifies the encoding format of the WPP port attribute.

Values

standard, vendor-specific

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>aaa>isa-radius-plcy>acct-include-attributes port-forward-logging)

Full Context

configure aaa isa-radius-policy acct-include-attributes port-forward-logging

Description

This command enables static or PCP port-forward logging via RADIUS. Port-forward logging is supported only in conjunction with the logging of port blocks.

The no form of the command disables static or PCP port-forward logging.

Default

no port-forward-logging

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>nat port-forwarding)

Full Context

configure service nat port-forwarding

Description

Commands in this context configure NAT port forwarding parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>router>nat>outside>pool port-forwarding-dyn-block-reservation)

[Tree] (config>service>vprn>nat>outside>pool port-forwarding-dyn-block-reservation)

Full Context

configure router nat outside pool port-forwarding-dyn-block-reservation

configure service vprn nat outside pool port-forwarding-dyn-block-reservation

Description

This command will enable the reservation of the dynamic port blocks when the first port forward for the subscriber is created. The dynamic port bloc allocation is logged only if the block is being utilized (mapping are created). In other words, dynamic port block reservation due to the port forward creation but without any dynamic mapping, will not be logged.

The reserved port block will be released only when the last mapping in the block expires and there is not port forward associated with the subscriber. The de-allocation log (syslog or Radius) will be generated when the dynamic port block is completely released.

Dynamic port block reservation can be enabled only if the configured maximum number of subscriber per outside IP address is less or equal then the maximum number of configured port blocks per outside IP address.

Default

no port-forwarding-dyn-block-reservation

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>router>nat>outside>pool port-forwarding-range)

[Tree] (config>service>vprn>nat>outside>pool port-forwarding-range)

Full Context

configure router nat outside pool port-forwarding-range

configure service vprn nat outside pool port-forwarding-range

Description

This command configures the lower and upper limit for port forwards in the ephemeral port space (wildcard port space) of all IP addresses in a NAT pool. A well-known port range (ports 1 to 1023) is always enabled for port forwards, and it cannot be disabled for pools in NAPT mode.

Pools in 1:1 mode do not support configured port forwards. These pools do not perform port translation and they automatically forward traffic initiated on the outside toward the inside.

Port 0 is always excluded from the port forwarding range.

The upper bound of the wildcard port range is reserved for port forwards. If the value for the range-start is not provided, the wildcard port range implicitly starts at 1024.

range-start 0 cannot be configured by an operator because it is reserved for 1:1 pools that do not support configured port forwards.

If you configure port-forwarding-range 3000, configures ports 1 to 3000 as port forwards. This implies that the well-known ports and wildcard ports are contiguous. If you configure port-forwarding-range 2000 3000, the router implicitly includes ports 1 to 1023, plus enables the wildcard port range 2000 to 3000, which is now disjoined from the well-known ports.

The range-start parameter has additional values that are configurable in the CLI. 0 is reserved for pools that do not support configured port forwards (those are 1:1 pools).

range-start 1 means that well-known ports and wildcard port forwards are contiguous. This is configured by omitting the range-start parameter and only configuring the range-end parameter.

The no form of this command disables the port forwards capability in the wildcard port range of all IP addresses in a NAT pool.

Default ranges in the range-start and range-end parameters in the MIB for the NAT pools that support port forwarding ranges are set to include only well-known ports, range-start 1 and range-end 1023.

Parameters

range-start

Specifies the lower boundary of the wildcard port range reserved for port forwards. When configured, the value must be less than the range-end value.

Values

0, 1, 1025 to 65535

Default

1

range-end

Specifies the upper boundary of the wildcard port range reserved for port forwards.

Values

0, 1023 to 65535

Default

1023

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>nat>nat-policy port-forwarding-range)

[Tree] (config>service>nat>firewall-policy port-forwarding-range)

Full Context

configure service nat nat-policy port-forwarding-range

configure service nat firewall-policy port-forwarding-range

Description

This command configures the end of the port range available for port forwarding. The start of the range is always equal to one.

The number of ports that can be configured is half of the available block => 64512 : 2 = 32256

In combination with port-forwarding-range the formulas are:

"max port-reservation blocks" = 65535 - "port-forwarding-range"

"max port-reservation ports" = (65535 - "port-forwarding-range") / 2

with:

the default min value for "port-forwarding-range" = 1023

Also, the same applies for max port-forwarding-range if the port-reservation is already configured:

"max port-forwarding-range" = 65535 - "port-reservation blocks"

"max port-forwarding-range" = 65535 - ("port-reservation ports" * 2)

The no form of the command reverts to the default.

Default

port-forwarding-range 1023

Parameters

range-end

Specifies the end of the port range available for port forwarding.

Values

1023 to 65535

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

• configure service nat nat-policy port-forwarding-range

7750 SR, 7750 SR-e, 7750 SR-s, VSR

• configure service nat firewall-policy port-forwarding-range

Context

[Tree] (config>router>if>dhcp>option>vendor-specific-option port-id)

Full Context

configure router interface dhcp option vendor-specific-option port-id

Description

This command enables sending of the port-id in the Nokia vendor specific suboption of the DHCP relay packet

The no form of this command disables the sending.

Default

no port-id

Platforms

All

Context

[Tree] (config>port>ethernet>lldp>dstmac port-id-subtype)

Full Context

configure port ethernet lldp dest-mac port-id-subtype

Description

This command specifies how to encode the PortID TLV transmit to the peer. The default setting tx-local (ifindex value) is required by some versions of the NSP NSM-P to properly build the Layer 2 topology map using LLDP. Changing this value to transmit the ifname ( tx-if-name) or ifAlias (tx-if-alias) in place of the ifindex (tx-local) may affect the ability of the NSP NFM-P to build the Layer 2 topology map using LLDP.

Default

port-id-subtype tx-local

Parameters

tx-if-alias

Transmits the ifAlias String (subtype 1) that describes the port as stored in the IF-MIB, either user configured or the default entry (i.e. 10/100/Gig Ethernet SFP).

tx-if-name

Transmits the ifName string (subtype 5) that describes the port as stored in the IF-MIB ifName info.

tx-local

The interface ifIndex value (subtype 7) as the PortID.

Platforms

All

Context

[Tree] (config>lag>lldp-member-template>dstmac port-id-subtype)

Full Context

configure lag lldp-member-template dest-mac port-id-subtype

Description

This command configures the encoding of the PortID TLV that is transmitted to the peer. Some versions of the NSP NFM-P require the default setting tx-local (ifIndex value) to properly build the Layer 2 topology map using LLDP. Changing this value to transmit the ifName (tx-if-name) or ifAlias (tx-if-alias) in place of the ifIndex (tx-local) may affect the ability of the NSP NFM-P to build the Layer 2 topology map using LLDP.

Default

port-id-subtype tx-local

Parameters

tx-if-alias

Keyword to transmit the ifAlias String (subtype 1), which describes the port as stored in the IF-MIB, either user configured or the default entry (for example, 10/100/Gig Ethernet SFP).

tx-if-name

Keyword to transmit the ifName string (subtype 5), which describes the port as stored in the IF-MIB ifName information.

tx-local

Keyword to transmit the interface ifIndex value (subtype 7) as the port ID.

Platforms

All

Context

[Tree] (config>service>nat>nat-policy port-limits)

[Tree] (config>service>nat>up-nat-policy port-limits)

[Tree] (config>service>nat>firewall-policy port-limits)

Full Context

configure service nat nat-policy port-limits

configure service nat up-nat-policy port-limits

configure service nat firewall-policy port-limits

Description

This command configures the port limits of this policy.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

• configure service nat up-nat-policy port-limits
• configure service nat nat-policy port-limits

7750 SR, 7750 SR-e, 7750 SR-s, VSR

• configure service nat firewall-policy port-limits

Context

[Tree] (config>app-assure>group port-list)

Full Context

configure application-assurance group port-list

Description

This command defines an AA group or partition named port-list, which contains a list of port numbers or port ranges. The port list is then referenced in AA policy app-filters, allowing increased flexibility in the use of server ports or HTTP proxy ports for application definition.

The no form of this command removes the list.

Parameters

port-list-name

Specifies the name of the port list.

Default

default

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>filter>match-list port-list)

Full Context

configure filter match-list port-list

Description

This command creates a list of TCP/UDP/SCTP port values or ranges for match criteria in IPv4 and IPv6 ACL and CPM filter policies.

The no form of this command deletes the specified list.

Operational notes:

SCTP port match is supported in ACL filter policies only.

A port-list must contain only TCP/UDP/SCTP port values or ranges.

A TCP/UDP/SCTP port match list cannot be deleted if it is referenced by a filter policy.

See general description related to match-list usage in filter policies.

Parameters

port-list-name

Specifies a string of up to 32 characters of printable ASCII characters. If special characters are used, the string must be enclosed within double quotes.

Platforms

All

Context

[Tree] (config>qos>match-list port-list)

Full Context

configure qos match-list port-list

Description

This command creates a list of port values or ranges for match criteria in QoS policies.

The no form of this command deletes the specified list.

Parameters

port-list-name

Specifies a port list name, up to 32 characters of printable ASCII characters. If special characters are used, the string must be enclosed within double quotes.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>system>satellite>eth-sat port-map)

Full Context

configure system satellite eth-sat port-map

Description

This command configures the mapping between a satellite client port and its associated uplink. This command allows both a primary and an optional secondary uplink to be configured.

If a secondary uplink is configured, it is used to forward traffic if the primary uplink is down for any reason.

Before an uplink can be used as either a primary or secondary uplink, it must be configured using the port-topology configuration command.

To return the uplink association to its default the port-map client-port-id system-default command should be used.

Parameters

client-port-id

Specifies the satellite client port associated with the port mapping, in the format esat- id/slot/port.

primary-uplink-port-id

Specifies the primary satellite uplink to be associated with the associate client port, in the format esat-id/slot/uport where id is 1 to 20.

secondary-uplink-port-id

Specifies the secondary satellite uplink to be associated with the associate client port, in the format esat-id/slot/uport where id is 1 to 20.

system-default

Specifies to set the port map to the system default.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>service>vpls>spoke-sdp>stp port-num)

[Tree] (config>service>vpls>sap>stp port-num)

Full Context

configure service vpls spoke-sdp stp port-num

configure service vpls sap stp port-num

Description

This command configures the virtual port number which uniquely identifies a SAP within configuration bridge protocol data units (BPDUs). The internal representation of a SAP is unique to a system and has a reference space much bigger than the 12 bits definable in a configuration BPDU. STP takes the internal representation value of a SAP and identifies it with its own virtual port number that is unique to every other SAP defined on the TLS. The virtual port number is assigned at the time that the SAP is added to the TLS. Since the order that the SAP was added to the TLS is not preserved between reboots of the system, the virtual port number may change between restarts of the STP instance.

The virtual port number cannot be administratively modified.

Platforms

All

Context

[Tree] (config>sys>security>cpu-protection port-overall-rate)

Full Context

configure system security cpu-protection port-overall-rate

Description

This command configures a per-port overall rate limit for CPU protection.

Default

port-overall-rate max

Parameters

packet-rate-limit

Specifies an overall per-port packet arrival rate limit in packets per second.

Values

1 to 65535, max (indicates no limit)

action-low-priority

Marks packets that exceed the rate as low-priority (for preferential discard later if there is congestion in the control plane) instead of discarding them immediately.

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS

Context

[Tree] (config>qos>sap-egress>dynamic-queue port-parent)

Full Context

configure qos sap-egress dynamic-queue port-parent

Description

This command configures the queue treatment by the port parent that governs the available bandwidth for the queue. When multiple queues share a child status with the parent port, the weight and level options define how this queue contends with the other children for the above-CIR parent bandwidth. The cir-weight and cir-level options specify the weight the queue uses for the within-CIR port priority.

Parameters

weight

Specifies the relative weight of this queue in comparison to other child queues while vying for above-CIR priority level bandwidth on the parent scheduler. Any queues defined as weighted receive no parental bandwidth, until all strict queues and schedulers on the parent have reached their maximum bandwidth or are idle. In this manner, weighted children are considered to be the lowest priority.

Values

1 to 100

Default 1

level

Specifies the priority level of the queue (as compared to other competing schedulers and queues) used to feed to the parent, for above-CIR offered load bandwidth passes.

Values

1 to 8

Default 1

cir-weight

Specifies the weight the queue uses at the within-CIR port priority level. This applies to any charging statistics also. The weight is specified as an integer value from 0 to 100, with 100 being the highest weight. When the cir-weight option is set to 0 (the default), the queue does not receive bandwidth during the port scheduler's within-CIR passes and the cir-level option is ignored. If the cir-weight is 1 or greater, the cir-level option comes into play.

Values

0 to 100

Default 0

cir-level

Specifies the priority level of the queue (as compared to other competing schedulers and queues) used to fed to the port parent, for within-CIR offered load bandwidth passes.

Values

0 to 8

Default 0

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>qos>sap-egress>policer port-parent)

Full Context

configure qos sap-egress policer port-parent

Description

This command specifies whether this SAP egress policer feeds off a port-level scheduler. When configured, the policer is parented by a port-level scheduler. This requires that policers-hqos-manageable be configured in the SAP egress QoS policy. This command and the SAP egress policer scheduler-parent and the parent commands are mutually exclusive.

The port-parent command defines a child/parent association between an egress policer and a port-based scheduler or between an intermediate service scheduler and a port-based scheduler. The port-parent command allows for a set of within-CIR and above-CIR parameters that define the port priority levels and weights for the policer. If the port-parent command is executed without any parameters, the default parameters are used.

In this context, the port-parent command and the scheduler-parent command (used to create a parent/child association between a queue and an intermediate scheduler) are mutually exclusive. Executing a port-parent command when a scheduler-parent definition exists causes the current intermediate scheduler association to be removed and replaced by the defined port-parent association. Executing a scheduler-parent command when a port-parent definition exists causes the port scheduler association to be removed and replaced by the defined intermediate scheduler association.

Changing the parent context on a SAP egress policy policer may cause a SAP or subscriber or a multiservice site context of the policer (policy associated with a SAP or subscriber profile or a multiservice site) to enter an orphaned state. If an instance of a policer is created on a port or channel that does not have a port scheduler enabled, and the SAP egress policy creating the policer has a port parent association, the policer will be allowed to run according to its own rate parameters and will not be controlled by a virtual scheduling context. If an instance of a policer is on a port or channel that has a port scheduler configured and the SAP egress policy defines the policer as having a non-existent intermediate scheduler parent, the policer will be treated as an orphan and will be handled according to the current orphan behavior on the port scheduler.

The no form of this command removes a port scheduler parent association for the policer. When removed, if a port scheduler is defined on the port on which the policer instance exists, the policer will be treated as orphaned to the port scheduler.

Default

no port-parent

Parameters

weight weight

Specifies the weight that the policer will use at the above-CIR port priority level (defined by the level parameter).

All weight values from all weighted active policers, queues, and schedulers with a common port parent are added together. Then, each individual active weight is divided by the total to determine the percentage of remaining bandwidth provided to the policer, queue, or scheduler after the higher priority level children have been serviced. A weight is considered to be active when the applicable policer, queue, or scheduler has not reached its maximum rate and still has packets to transmit.

The weight is specified as an integer value from 0 to 100 with 100 being the highest weight. When the weight parameter is set to a value of 0, the policer receives bandwidth only after other children with a non-zero weight at this level.

Values

0 to 100

Default

1

level level

Specifies the port priority that the policer uses to receive bandwidth for its above-CIR offered load.

Values

1 to 8 (8 is the highest priority)

Default

1

cir-weight cir-weight

Specifies the weight that the policer uses at the within-CIR port priority level (defined by the cir-level parameter).

All cir-weight values from all weighted active policers, queues, and schedulers with a common port parent are added together. Then, each individual active weight is divided by the total to determine the percentage of remaining bandwidth provided to the policer, queue, or scheduler after the higher priority level children have been serviced. A weight is considered to be active when the applicable policer, queue, or scheduler has not reached its maximum rate and still has packets to transmit.

The weight is specified as an integer value from 0 to 100 with 100 being the highest weight. When the cir-weight parameter is set to a value of 0, the policer receives bandwidth only after the other children with a non-zero weight at this level.

Values

0 to 100

Default

0

cir-level cir-level

Specifies the port priority that the policer will use to receive bandwidth for its within-CIR offered load. If the cir-level parameter is set to a value of 0 (the default value), the policer does not receive bandwidth during the port schedulers within-CIR pass and the cir-weight parameter is ignored. If the cir-level parameter is 1 or greater, the cir- weight parameter is used.

Values

0 to 8 (8 is the highest priority)

Default

0

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-1s, 7750 SR-1se, 7750 SR-2s, 7750 SR-2se, 7750 SR-7s, VSR

Context

[Tree] (config>qos>sap-egress>queue port-parent)

Full Context

configure qos sap-egress queue port-parent

Description

This command specifies whether this queue feeds off a port-level scheduler. When configured, this SAP egress queue is parented by a port-level scheduler. This object is mutually exclusive with SAP egress queue parent. Only one kind of parent is allowed.

The port-parent command defines a child/parent association between an egress queue and a port-based scheduler or between an intermediate service scheduler and a port-based scheduler. The port-parent command allows for a set of within-CIR and above-CIR parameters that define the port priority levels and weights for the queue or scheduler. If the port-parent command is executed without any parameters, the default parameters are assumed.

In this context, the port-parent command is mutually exclusive to the parent command (used to create a parent/child association between a queue and an intermediate scheduler). Executing a port-parent command when a parent definition is in place causes the current intermediate scheduler association to be removed and replaced by the defined port-parent association. Executing a parent command when a port-parent definition exists causes the port scheduler association to be removed and replaced by the defined intermediate scheduler name.

Changing the parent context on a SAP egress policy queue may cause a SAP or subscriber or multiservice site context of the queue (policy associated with a SAP or subscriber profile or multiservice site) to enter an orphaned state. If an instance of a queue is created on a port or channel that does not have a port scheduler enabled and the sap-egress policy creating the queue has a port-parent association, the queue will be allowed to run according to its own rate parameters and will not be controlled by a virtual scheduling context. If an instance of a queue is on a port or channel that has a port scheduler configured and the sap-egress policy defines the queue as having a non-existent intermediate scheduler parent, the queue will be treated as an orphan and will be handled according to the current orphan behavior on the port scheduler.

The no form of this command removes a port scheduler parent association for the queue or scheduler. If a port scheduler is defined on the port on which the queue or scheduler instance exists, the queue or scheduler will become orphaned if an port scheduler is configured on the egress port of the queue or scheduler.

Default

no port-parent

Parameters

weight weight

Specifies the weight the queue or scheduler will use at the above-CIR port priority level (defined by the level parameter).

Values

0 to 100

Default

1

level level

Specifies the port priority the queue or scheduler will use to receive bandwidth for its above-CIR offered-load.

Values

1 to 8 (8 is the highest priority)

Default

1

cir-weight cir-weight

Specifies the weight the queue or scheduler will use at the within-CIR port priority level (defined by the cir-level parameter). The weight is specified as an integer value from 0 to 100 with 100 being the highest weight. When the cir-weight parameter is set to a value of 0 (the default value), the queue or scheduler does not receive bandwidth during the port schedulers within-CIR pass and the cir-level parameter is ignored. If the cir-weight parameter is 1 or greater, the cir-level parameter comes into play.

Values

0 to 100

Default

0

cir-level cir-level

Specifies the port priority the queue or scheduler will use to receive bandwidth for its within-CIR offered-load. If the cir-weight parameter is set to a value of 0 (the default value), the queue or scheduler does not receive bandwidth during the port schedulers within-CIR pass and the cir-level parameter is ignored. If the cir-weight parameter is 1 or greater, the cir-level parameter comes into play.

Values

0 to 8 (8 is the highest priority)

Default

0

Platforms

All

Context

[Tree] (config>qos>network-queue>queue port-parent)

Full Context

configure qos network-queue queue port-parent

Description

This command specifies whether this queue feeds off a port-level scheduler. For the network-queue policy context, only the port-parent command is supported. When a port scheduler exists on the port, network queues without a port-parent association will be treated as an orphan queue on the port scheduler and treated according to the current orphan behavior on the port scheduler. If the port-parent command is defined for a network queue on a port without a port scheduler defined, the network queue will operate as if a parent association does not exist. When a port scheduler policy is associated with the egress port, the port-parent command will come into effect.

When a network-queue policy is associated with an FP for ingress queue definition, the port-parent association of the queues is ignored.

The no form of this command removes a port scheduler parent association for the queue or scheduler. If a port scheduler is defined on the port then the queue or scheduler instance exists, the queue or scheduler will become orphaned.

Default

no port-parent

Parameters

weight weight

Specifies the weight the queue or scheduler will use at the above-CIR port priority level (defined by the level parameter).

Values

0 to 100

Default

1

level level

Specifies the port priority the queue or scheduler will use to receive bandwidth for its above-CIR offered-load.

Values

1 to 8 (8 is the highest priority)

Default

1

cir-weight cir-weight

Specifies the weight the queue or scheduler will use at the within-CIR port priority level (defined by the cir-level parameter). The weight is specified as an integer value from 0 to 100 with 100 being the highest weight. When the cir-weight parameter is set to a value of 0, the queue or scheduler does not receive bandwidth during the port scheduler’s within-CIR pass and the cir-level parameter is ignored. If the cir-weight parameter is 1 or greater, the cir-level parameter is used.

Values

0 to 100

Default

0

cir-level cir-level

Specifies the port priority the queue or scheduler will use to receive bandwidth for its within-CIR offered-load. If the cir-weight parameter is set to a value of 0 (the default value), the queue or scheduler does not receive bandwidth during the port scheduler’s within-CIR pass and the cir-level parameter is ignored. If the cir-weight parameter is 1 or greater, the cir-level parameter comes into play.

Values

0 to 8 (8 is the highest priority)

Default

0

Platforms

All

Context

[Tree] (config>qos>qgrps>egr>qgrp>queue port-parent)

Full Context

configure qos queue-group-templates egress queue-group queue port-parent

Description

This command defines the port scheduling parameters used to control the queue’s behavior when a virtual egress port scheduling is enabled where the egress queue group template is applied. The port-parent command follows the same behavior and provisioning characteristics as the parent command in the SAP egress QoS policy. The port-parent command and the parent command are mutually exclusive.

The no form of this command removes the values from the configuration.

Parameters

weight weight

Specifies the weight the queue or scheduler will use at the above-CIR port priority level (defined by the level parameter).

Values

0 to 100

Default

1

level level

Specifies the port priority the queue or scheduler will use to receive bandwidth for its above-CIR offered-load.

Values

1 to 8 (8 is the highest priority)

Default

1

cir-weight cir-weight

Specifies the weight the queue or scheduler will use at the within-CIR port priority level (defined by the cir-level parameter). The weight is specified as an integer value from 0 to 100 with 100 being the highest weight. When the cir-weight parameter is set to a value of 0 (the default value), the queue or scheduler does not receive bandwidth during the port schedulers within-CIR pass and the cir-level parameter is ignored. If the cir-weight parameter is 1 or greater, the cir-level parameter is used.

Values

0 to 100

Default

0

cir-level cir-level

Specifies the port priority the queue or scheduler will use to receive bandwidth for its within-CIR offered-load. If the cir-weight parameter is set to a value of 0 (the default value), the queue or scheduler does not receive bandwidth during the port schedulers within-CIR pass and the cir-level parameter is ignored. If the cir-weight parameter is 1 or greater, the cir-level parameter is used.

Values

0 to 8 (8 is the highest priority)

Default

0

Platforms

All

Context

[Tree] (config>qos>scheduler-policy>tier>scheduler port-parent)

Full Context

configure qos scheduler-policy tier scheduler port-parent

Description

The port-parent command defines a child/parent association between an egress scheduler and a port-based scheduler, or between an intermediate service scheduler and a port-based scheduler. The port-parent command allows for a set of within-CIR and above-CIR parameters that define the port priority levels and weights for the scheduler. If the port-parent command is executed without any parameters, the default parameters are assumed.

In this context, the port-parent command and the parent command (used to create a parent/child association to an intermediate scheduler) are mutually exclusive. Executing a port-parent command when a parent definition is in place causes the current intermediate scheduler association to be removed and replaced by the defined port-parent association. Executing a parent command when a port-parent definition exists causes the port scheduler association to be removed and replaced by the defined intermediate scheduler name.

Changing the parent context on a SAP egress policy policer or queue may cause a SAP or subscriber context of the policer or queue (policy associated with a SAP or subscriber profile) to enter an orphaned state. If an instance of a policer or queue is created on a port or channel that does not have a port scheduler enabled and the sap-egress policy creating the policer queue has a port-parent association, the policer or queue will be allowed to run according to its own rate parameters and will not be controlled by a virtual scheduling context. If an instance of a policer or queue is on a port or channel that has a port scheduler configured and the sap-egress policy defines the policer or queue as having a non-existent intermediate scheduler parent, the policer or queue will be treated as an orphan and will be handled according to the current orphan behavior on the port scheduler.

The no form of this command removes a port scheduler parent association for the scheduler. If a port scheduler is defined on the port that the scheduler instance exists, the scheduler will become orphaned if an port scheduler is configured on the egress port of the queue or scheduler.

Default

no port-parent

Parameters

weight weight

Specifies the weight the queue or scheduler will use at the above-CIR port priority level (defined by the level parameter).

Values

0 to 100

Default

1

level level

Specifies the port priority the queue or scheduler will use to receive bandwidth for its above-CIR offered-load.

Values

1 to 8 (8 is the highest priority)

Default

1

cir-weight cir-weight

Specifies the weight the queue or scheduler will use at the within-CIR port priority level (defined by the cir-level parameter). The weight is specified as an integer value from 0 to 100 with 100 being the highest weight. When the cir-weight parameter is set to a value of 0, the queue or scheduler does not receive bandwidth during the port scheduler’s within-CIR pass and the cir-level parameter is ignored. If the cir-weight parameter is 1 or greater, the cir-level parameter comes into play.

Values

0 to 100

Default

0

cir-level cir-level

Specifies the port priority the queue or scheduler will use to receive bandwidth for its within-CIR offered-load. If the cir-weight parameter is set to a value of 0 (the default value), the queue or scheduler does not receive bandwidth during the port scheduler’s within-CIR pass and the cir-level parameter is ignored. If the cir-weight parameter is 1 or greater, the cir-level parameter comes into play.

Values

0 to 8 (8 is the highest priority)

Default

0

Platforms

All

Context

[Tree] (config>isa>wlan-gw-group port-policy)

Full Context

configure isa wlan-gw-group port-policy

Description

This command configures the port policy of this WLAN Gateway ISA group. If a port policy is associated with a WLAN Gateway ISA group, ports created for this group can take applicable configuration from that port policy. This port policy is applicable to those ports that take part in the per-tunnel QoS processing.

The no form of the command removes the port-policy name from the configuration.

Default

no port-policy

Parameters

port-policy

Specifies the port policy of this WLAN Gateway ISA group, up to 32 characters.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config port-policy)

Full Context

configure port-policy

Description

This command either creates a new port-policy with create parameter or enters the configuration context of an existing port-policy.

The no form of this command removes the port policy name from the configuration.

Parameters

port-policy-name

Specifies the name of port-policy up to 32 characters.

create

Creates the port-policy instance. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>isa>lns-group port-policy)

Full Context

configure isa lns-group port-policy

Description

This command enables policies referenced in the config>port-policy context to be created under ports. These are the ports that link the carrier IOM to the ISA, and are hidden within the system (they cannot be created through the CLI). They are created automatically. Use the show port command to view information.

Currently only the port scheduler policy is supported. Each lns-esm port in the lns-group receives an independent port scheduler instance. The port schedulers are instantiated in the carrier IOM on the lns-esm ports that carry PPPoE traffic in the downstream direction towards the ISA before the PPPoE traffic is L2TP encapsulated.

The no form of the command removes the policy name from the configuration.

Default

no port-policy

Parameters

policy-name

Specifies the port policy of this LNS group, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>aaa>isa-radius-plcy>acct-include-attributes port-range-block)

Full Context

configure aaa isa-radius-policy acct-include-attributes port-range-block

Description

This command enables the inclusion of the NAT port range block attributes.

The no form of the command excludes NAT port range block attributes.

Default

no port-range-block

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (debug>app-assure>group port-recorder)

Full Context

debug application-assurance group port-recorder

Description

This commands allows to stop or start the http-host-recorder. To reset the recorded values execute shutdown followed by no shutdown.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>qos>network>egress>fc port-redirect-group)

Full Context

configure qos network egress fc port-redirect-group

Description

This command is used to redirect the FC of a packet of a pseudowire (PW) or network IP interface to an egress port queue group.

It defines the mapping of an FC to a queue ID or a policer ID and a queue ID and redirects the lookup of the queue or policer of the same ID in some egress port queue-group instance. However, the queue-group name and instance are explicitly provided only at the time the network QoS policy is applied to egress context of a spoke-sdp or a network IP interface.

The no version of this command removes the redirection of the FC.

Parameters

queue-id

This parameter must be specified when executing the port-redirect-group command. The specified queue-id must exist within the egress port queue group on each IP interface where the network QoS policy is applied.

Values

1 to 8

policer id

The specified policer-id must exist within the queue-group template applied to the ingress context of the forwarding plane.

Values

1 to 8

Platforms

All

Context

[Tree] (config>router>nat>outside>pool port-reservation)

[Tree] (config>service>vprn>nat>outside>pool port-reservation)

Full Context

configure router nat outside pool port-reservation

configure service vprn nat outside pool port-reservation

Description

This command configures the size of the port block that will be assigned to a host that is served by this pool. The number of ports configured are available to UDP, TCP, and ICMP (as identifiers).

Parameters

num-blocks

Specifies the number of port blocks per IP address. Setting this parameter to one (1) for large scale NAT enables 1:1 NAT for IP addresses in this pool.

Values

1 to 64512

num-ports

Specifies the number of ports per block.

Values

0 to 64512 (for deterministic pools)

1 to 64512 (for non-deterministic pools)

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vprn>nat>outside>pool>deterministic port-reservation)

[Tree] (config>router>nat>outside>pool>deterministic port-reservation)

Full Context

configure service vprn nat outside pool deterministic port-reservation

configure router nat outside pool deterministic port-reservation

Description

This command is applicable only to deterministic NAT. It configures the number of deterministic ports per subscriber (for example a subscriber is an inside IP address in LSN44 or IPv6 address or prefix in DS-Lite). Once this command is enabled, the pool will transition into deterministic mode of operation. This means that the subscribers can use dynamic port-blocks in the pool only as a mean to expand the range of originally assigned deterministic ports. A pool with such property is referred to as deterministic pool. However, deterministic NAT and non-deterministic NAT cannot use the same pool simultaneously.

All subscribers in deterministic pool are pre-mapped during the configuration phase to outside IP addresses and deterministic port-blocks. Because of this, the deterministic pool cannot be oversubscribed with subscribers (first-come, first-served).

Once the deterministic pool becomes operational (no shutdown) a log is created. The same applies if the pool is disabled (shutdown). As a result of this one-time logging, there will be no additional logging when a subscriber starts using ports from the pre-assigned deterministic port block. This drastically reduces the logging overhead. However, when a deterministic port block is expanded by a dynamic port block, a log will be created on any allocation/de-allocation of the dynamic port block. The logs are also created for static port forwards (including PCP).

The number of subscribers per outside IP address (subscriber-limit) multiplied by the number of deterministic ports per subscriber (port-reservation) will determine the port range of an outside IP address that will be dedicated to deterministic mappings. The number of subscribers per outside IP address in deterministic NAT must be power of 2 (2^n). Once the deterministic ports are allocated, the dynamic ports are carved out of the remaining port space of the same outside IP address according to the existing port-reservation command under the same hierarchy,

Parameters

num-ports

Specifies the number of ports in a deterministic port block that is allocated and dedicated to a single subscribers during the configuration phase.

Values

1 to 65536

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>nat>pcp-server-policy>option port-reservation)

Full Context

configure service nat pcp-server-policy option port-reservation

Description

This command enables/disables support for the port-reservation option.

Default

no port-reservation

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (debug>service>id>stp port-role)

Full Context

debug service id stp port-role

Description

This command enables STP debugging for changes in port roles.

Platforms

All

Context

[Tree] (config>port>ethernet>access>egress>vport port-scheduler-policy)

Full Context

configure port ethernet access egress vport port-scheduler-policy

Description

This command specifies the destination and organization strings to be used for matching subscriber hosts with this Vport.

The parent Vport of a subscriber host queue, which has the port-parent option enabled, is determined by matching the destination string dest string associated with the subscriber and the organization string org string associated with the subscriber host with the strings defined under a Vport on the port associated with the subscriber.

If a given subscriber host policers or queue does not have the port-parent option enabled, it is foster-parented to the Vport used by this subscriber and which is based on matching the dest string and org string. If the subscriber could not be matched with a Vport on the egress port, the host policer or queue will not be bandwidth controlled and competes for bandwidth directly based on its own PIR and CIR parameters.

By default, a subscriber host policer or queue with the port-parent option enabled is scheduled within the context of the port’s port scheduler policy.

The agg-rate rate, port-scheduler-policy and scheduler-policy commands are mutually exclusive. Changing between the use of a scheduler policy and the use of an agg-rate or port-scheduler-policy involves removing the existing command and applying the new command. Applying a scheduler policy to a Vport is only applicable to Ethernet interfaces.

The no form of this command removes the port-scheduler-policy-name from the configuration.

The agg-rate rate, port-scheduler-policy and scheduler-policy commands are mutually exclusive. Changing between the use of a scheduler policy and the use of an agg-rate/port-scheduler-policy involves removing the existing command and applying the new command.

The no form of this command reverts to the default.

Parameters

port-scheduler-policy-name

Specifies an existing port-scheduler-policy configured in the config>qos context.

Platforms

All

Context

[Tree] (config>isa>aa-grp>qos>egress>to-subscriber port-scheduler-policy)

[Tree] (config>isa>aa-grp>qos>egress>from-subscriber port-scheduler-policy)

Full Context

configure isa application-assurance-group qos egress to-subscriber port-scheduler-policy

configure isa application-assurance-group qos egress from-subscriber port-scheduler-policy

Description

This command assigns an existing port scheduler policy as applicable to the specific application assurance group traffic.

Default

no port-scheduler-policy

Parameters

port-scheduler-policy-name

Specifies the name of an existing port scheduler policy.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>qos port-scheduler-policy)

Full Context

configure qos port-scheduler-policy

Description

When a port scheduler has been associated with an egress port, it is possible to override the following parameters:

• The max-rate allowed for the scheduler

• The maximum rate for each priority level (1 to 8)

• The cir associated with each priority level (1 to 8)

The orphan priority level (level 0) has no configuration parameters and cannot be overridden.

The no form of this command removes a port scheduler policy from the system. If the port scheduler policy is associated with an egress port or channel, the command will fail.

Parameters

port-scheduler-name

Specifies an existing port scheduler name. Each port scheduler must be uniquely named within the system and can be up to 32 ASCII characters.

Platforms

All

Context

[Tree] (config>qos>copy port-scheduler-policy)

Full Context

configure qos copy port-scheduler-policy

Description

This command copies existing QoS policy entries for a QoS policy to another QoS policy.

The copy command is a configuration-level maintenance tool used to create new policies using existing policies. It also allows bulk modifications to an existing policy with the use of the overwrite keyword.

If overwrite is not specified, an error will occur if the destination policy exists.

Parameters

src-name dst-name

Indicates that the source policy and the destination policy are port scheduler policy IDs. Specify the source policy that the copy command will attempt to copy from and specify the destination policy name to which the command will copy a duplicate of the policy.

overwrite

Forces the destination policy name to be copied as specified. When forced, everything in the existing destination policy will be completely overwritten with the contents of the source policy.

Platforms

All

Context

[Tree] (config>service>nat>pcp-server-policy>option port-set)

Full Context

configure service nat pcp-server-policy option port-set

Description

This command enables PORT_SET option support. When this command is disabled, the PCP uses a plain MAP option to allocate a single port at a time. This is default behavior. Instead of asking for each individual port in multiple requests through the MAP option, this port-set option allows individual ports to ask the SR OS for a set of ports at once in a single request.

The no form of this command disables PORT_SET option support.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (debug>service>id>stp port-state)

Full Context

debug service id stp port-state

Description

This command enables STP debugging for port states.

The no form of the command disables debugging.

Platforms

All

Context

[Tree] (config>system>satellite port-template)

Full Context

configure system satellite port-template

Description

This command creates a new port template context to define the port usage for a specific satellite type. A port template is specific to the specified satellite type. Port templates must be configured separately using different template names for each different satellite chassis type.

The no form of this command deletes the specified port template.

Parameters

template-name

Specifies the name for the associated port template. This value must be unique in the network.

sat-type

Specifies the type of satellite chassis associated with the port-template.

Values

es24-1gb-sfp, es24-1gb-tx, es24-sass-1gb-sfp, es48-1gb-sfp, es48-1gb-tx, es48-sass-1gb-sfp, es64-10gb-sfpp+4-100gb-cfp4, es24-sasmxp-1gb-sfp

create

Creates a new port template.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>lag port-threshold)

Full Context

configure lag port-threshold

Description

This command configures the behavior for the Link Aggregation Group (LAG) if the number of operational links is equal to or below a threshold level.

Nokia recommends that operators use the weight-threshold or hash-weight-threshold command instead of the port-threshold command to control LAG operational status. For example, when 10GE and 100GE ports are mixed in a LAG, each 10GE port will have a weight of 1, while each 100GE port will have a weight of 10.

The weight-threshold or hash-weight-threshold command can also be used for LAGs with all ports of equal speed to allow a common operational model. For example, each port has a weight of 1 to mimic port-threshold and its related configuration.

The no form of this command reverts to the default values.

Default

port-threshold 0 action down

Parameters

value

Specifies the decimal integer threshold number of operational links for the LAG at or below which the configured action is invoked. If the number of operational links exceeds the port-threshold value, any action taken for being below the threshold value will cease.

Values

0 to 63

action

Specifies the action to take if the number of active links in the LAG is at or below the threshold value.

dynamic-cost

Specifies that dynamic costing is activated. As a result, the LAG remains operationally up with a cost relative to the number of operational links. The link is only regarded as operationally down when all links in the LAG are down.

static-cost

Specifies that static costing is activated. As a result, the LAG remains operationally up with the configured cost, regardless of the number of operational links. The link is only regarded as operationally down when all links in the LAG are down.

down

Specifies that LAG is brought operationally down if the number of operational links is equal to or less than the configured threshold value. The LAG is only regarded as up once the number of operational links exceeds the configured threshold value.

static-cost

Specifies decimal integer static cost of the LAG.

Values

1 to 16777215

Platforms

All

Context

[Tree] (config>aaa>isa-radius-plcy>acct-include-attributes port-time)

Full Context

configure aaa isa-radius-policy acct-include-attributes port-time

Description

This command enables the Alc-Nat-Port-Time RADIUS attribute, which is used to record the duration of a port-block or port-forward allocated for a NAT subscriber.

The no form of this command disables the Alc-Nat-Port-Time RADIUS attribute.

Default

no port-time

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>system port-topology)

Full Context

configure system port-topology

Description

This parameter creates or edits the context to configure intra-node port connections.

Default

disabled

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>lag port-type)

Full Context

configure lag port-type

Description

This command configures the port type for the link aggregation group.

The no form of this command reverts to the default.

Default

port-type standard

Parameters

lag-port-type

Specifies the type of ports allowed in this LAG.

Values

standard — Allows all non-HS type ports to be added to this LAG

hs — Limits the LAG members to be HSQ IOMs (iom4-e-hs) ports

Platforms

7750 SR-7/12/12e

Context

[Tree] (config port-xc)

Full Context

configure port-xc

Description

Commands in this context configure port-cross connect functionality.

Platforms

All

Context

[Tree] (debug>app-assure>group>traffic-capture>match port1)

Full Context

debug application-assurance group traffic-capture match port1

Description

This command configures debugging on port 1.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (debug>app-assure>group>traffic-capture>match port2)

Full Context

debug application-assurance group traffic-capture match port2

Description

This command configures debugging on port 2.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>ies>sub-if>grp-if>wpp portal)

[Tree] (config>service>vprn>sub-if>grp-if>wpp portal)

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host>wpp portal)

Full Context

configure service ies subscriber-interface group-interface wpp portal

configure service vprn subscriber-interface group-interface wpp portal

configure subscriber-mgmt local-user-db ipoe host wpp portal

Description

This command specifies the web portal server that system talks to for the hosts on the group-interface. This command is mutually exclusive with the portal-group command.

The no form of this command removes the router instance or portal name from the configuration.

Parameters

router-instance

Specifies the virtual router instance.

Values

router-name:	Base, management
service-id:	1 to 2147483647
service-name:	Specifies the service name up to 64 characters

Default

Base

wpp-portal-name

Specifies the name of the web portal server up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>aaa>wpp>portal-groups>portal-group portal)

Full Context

configure aaa wpp portal-groups portal-group portal

Description

This command configures the portal for this portal group.

Parameters

router-instance

Specifies the virtual router instance.

Values

router-name:	Base, management
service-id:	1 to 2147483647
service-name:	Specifies the service name up to 64 characters

Default

Base

wpp-portal-name

Specifies the name of the web portal server up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (debug>router>wpp portal)

Full Context

debug router wpp portal

Description

This command enables WPP debugging for the specified WPP portal.

Parameters

wpp-portal-name

Specifies the WPP portal name.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>wlan-gw>ue-query>state portal)

Full Context

configure subscriber-mgmt wlan-gw ue-query state portal

Description

This command enables matching on UEs in a portal state.

The no form of this command disables matching on UEs in a portal state, unless all state matching is disabled.

Default

no portal

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host>wpp portal-group)

Full Context

configure subscriber-mgmt local-user-db ipoe host wpp portal-group

Description

This command configures the WPP portal group name. This command is mutually exclusive with the portal command.

Parameters

portal-group-name

Specifies the WPP portal group name, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>aaa>wpp>portal-groups portal-group)

Full Context

configure aaa wpp portal-groups portal-group

Description

This command creates a new portal group or enters the configuration context of an existing port group.

Parameters

portal-group-name

Specifies the portal group name up to 32 characters.

create

Keyword required to create the configuration context.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>ies>sub-if>grp-if>wpp portal-group)

[Tree] (config>service>vprn>sub-if>grp-if>wpp portal-group)

Full Context

configure service ies subscriber-interface group-interface wpp portal-group

configure service vprn subscriber-interface group-interface wpp portal-group

Description

This command specifies the WPP portal group for the subscriber interface. This command is mutually exclusive with the portal command.

The no form of this command removes the name from the service configuration.

Parameters

portal-group-name

Specifies the portal group name up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>aaa>wpp portal-groups)

Full Context

configure aaa wpp portal-groups

Description

Commands in this context configure portal group parameters for WPP.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>http-rdr-plcy portal-hold-time)

Full Context

configure subscriber-mgmt http-redirect-policy portal-hold-time

Description

This command configures the time for which the forwarding state applicable during redirect phase is held in the system, after the user has been authenticated on the portal. This allows the HTTP response from the portal to be forwarded back on the existing connection.

Parameters

seconds

Specifies how long the system holds on to re-direct forwarding resources of a subscriber, after it has left the re-direct portal.

Values

1 to 60

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>router>wpp portals)

[Tree] (config>service>vprn>wpp portals)

Full Context

configure router wpp portals

configure service vprn wpp portals

Description

Commands in this context configure WPP portal server parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>qos>fp-resource-policy ports)

Full Context

configure qos fp-resource-policy ports

Description

This command enters the ports context.

Platforms

7750 SR-1, 7750 SR-s

Context

[Tree] (config>service>nat>up-nat-policy>port-block-extensions ports)

Full Context

configure service nat up-nat-policy port-block-extensions ports

Description

This command configures the number of ports in extended port blocks for the NAT subscriber.

Parameters

num-ports

Specifies the number of ports per extended port block.

Values

10 to 5000

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>app-assure>group>ip-id-asst positive-app-id)

Full Context

configure application-assurance group ip-identification-assist positive-app-id

Description

Commands in this context implement the positive application identification mechanism, which monitors the correlations between IP addresses and applications identified with a high degree of confidence independently of any IP identification assist mechanism.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>qos post-policer-mapping)

Full Context

configure qos post-policer-mapping

Description

This command configures a post-policer mapping policy which is used to remap a packet's forwarding class and profile state to another forwarding class and profile state for post-policer traffic.

A post-policer mapping policy is created without any forwarding class or profile remapping statements. If an empty policy is applied to a SAP-egress QoS policy, no remapping occurs.

The no form of this command deletes the post-policer mapping policy. A post-policer mapping policy can only be deleted if there are no references to it.

Parameters

mapping-policy-name

Specifies the name of the post-policer mapping policy, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

Context

[Tree] (config>qos>copy post-policer-mapping)

Full Context

configure qos copy post-policer-mapping

Description

This command copies an existing post-policer mapping policy to another policy name.

The copy command is used to create new policies using existing policies and also allows bulk modifications to an existing policy with the use of the overwrite keyword.

Parameters

src-name

Specifies the source policy name that the copy command attempts to copy from.

dst-name

Specifies the destination policy name to which the command copies a duplicate of the policy.

overwrite

Specifies that the existing destination policy is to be replaced. Everything in the existing destination policy is overwritten with the contents of the source policy. If overwrite is not specified, an error occurs if the destination policy name exists.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

Context

[Tree] (config>qos>sap-egress post-policer-mapping)

Full Context

configure qos sap-egress post-policer-mapping

Description

This command applies a post-policer mapping policy in a SAP egress QoS policy. The policy contains forwarding class and profile remapping statements, which remap the forwarding class and profile state of an egress policed packet (the profile being the resulting profile after the packet has been processed by the egress policer) to another forwarding class and profile.

The remapping applies to all policers within the SAP egress QoS policy, including regular child policers and policers configured in an IP/IPv6 criteria action statement, except for dynamic policers.

Post-policer mapping is supported on FP3- and higher-based hardware, with the exception of the 7750 SR-a4/a8, which does not support egress policers resulting in the policy being ignored.

The no form of this command deletes the post-policer mapping policy from the SAP egress QoS policy.

Parameters

mapping-policy-name

Specifies the name of the post-policer mapping policy, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

Context

[Tree] (config>system>bluetooth power)

Full Context

configure system bluetooth power

Description

This command sets the operating mode of the Bluetooth module. This can be powered off or powered on but requires the pairing button to initiate the pairing operation, or powered on and continuously pairing.

The pairing-button setting also impacts how pairing operations work.

Default

power off

Parameters

power-state

Specifies the power state.

Values

off — Bluetooth module powered off; all transmission and reception functionality is disabled.

enabled-manual — Bluetooth is enabled (pairing requires the use of the pairing button).

enabled-automatic — Bluetooth is enabled and continuously attempts to pair whenever it is not actively paired to a device.

Platforms

7750 SR-1, 7750 SR-s, 7950 XRS-20e

Context

[Tree] (config>card>xiom>mda power-priority-level)

[Tree] (config>card>mda power-priority-level)

Full Context

configure card xiom mda power-priority-level

configure card mda power-priority-level

Description

This command sets the power priority value for an XMA or MDA-s on platforms that support intelligent power management.

Default

power-priority-level 150

Parameters

priority

Specifies the power priority level. An operator must assign a priority value to each XMA or MDA-s using a range of number from 1 to 200. The lowest number has the highest priority. The priority number range from 1 to 100 should be used for modules considered essential for system operation. Lower priority values of 101 to 200 should be used for non-essential modules.

Values

1 to 200

Platforms

7750 SR-1s, 7750 SR-2s, 7750 SR-2se, 7750 SR-7s, 7750 SR-14s

• configure card xiom mda power-priority-level

7750 SR-1s, 7750 SR-2s, 7750 SR-2se, 7750 SR-7s, 7750 SR-14s, 7950 XRS

• configure card mda power-priority-level

Context

[Tree] (config>system>pwr-mgmt power-safety-alert)

Full Context

configure system power-management power-safety-alert

Description

This command sets a value in watts for the Power Safety Alert. The Power Safety Alert minor alarm is generated when the system power capacity drops below the Power Safety Level (in watts) plus the Power Safety Alert. This is a critical level, which when breached the system starts shutting down IO cards based on card priority.

Parameters

wattage

Specifies the number of watts for the power safety alert level.

Values

0 to 102600

Default

0

Platforms

7750 SR-1s, 7750 SR-2s, 7750 SR-2se, 7750 SR-7s, 7750 SR-14s, 7950 XRS

Context

[Tree] (config>system>pwr-mgmt power-safety-level)

Full Context

configure system power-management power-safety-level

Description

This command sets the Power Safety Level, which is a percentage of the calculated worst case power draw value. Once a Power Safety Level is configured by the operator, both the Basic and Advanced modes use the Power Safety Level as a reference for calculating the power redundancy using N+1 algorithm during startup and recovery from power depression.

Default

power-safety-level 100

Parameters

percent

Specifies the Power Safety Level as a percentage of the calculated worst case power draw value.

Values

0 to 100

Platforms

7750 SR-1s, 7750 SR-2s, 7750 SR-2se, 7750 SR-7s, 7750 SR-14s, 7950 XRS

Context

[Tree] (config>card power-save)

Full Context

configure card power-save

Description

This command enables power-save mode on a specific card when it is not in use. Power-save mode allows a card to be installed and configured in a platform for future use, while having minimal impact on the overall power consumption. The card placed in power-save mode is forced into an idle state to consume minimal power. This command resets the card and then disallows the download of a software image when the card comes back up. To enable power-save mode, the desired card must first be shut down, then placed into power-save mode. In this mode, the card is not counted in the intelligent power management budget. Cards set to power-save mode do not pass traffic.

The no form of this command removes the card from power-save mode.

Default

no power-save

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-a8, 7750 SR-2e, 7750 SR-3e, 7750 SR-2s, 7750 SR-2se, 7750 SR-7s, 7750 SR-14s, 7950 XRS

Context

[Tree] (config>system power-supply)

Full Context

configure system power-supply

Description

This command configures information about the type of power supply used for each power feed connection on the router chassis. The information is used to populate queries made using the show>chassis detail and show>chassis power-supply commands.

Parameters

power-supply-id

Specifies the power feed connection.

Values

1, 2

type

Specifies the type of power source that is connected to the power feed connection.

Values

dc — Specifies that a single DC power source is connected to the power feed connector.

ac single — Specifies that a single AC power source is connected to the power feed connector.

ac multiple — Specifies that multiple AC power sources are connected to the power feed connector.

default — Reverts the configured information to the default power source type for the chassis.

none — Specifies that no power source is connected to the power feed connector.

Platforms

7450 ESS, 7750 SR-7/12

Context

[Tree] (config>app-assure>group>statistics>tca>sctp-filter ppid)

Full Context

configure application-assurance group statistics threshold-crossing-alert sctp-filter ppid

Description

This command configures a TCA for the counter capturing PPID hits for the specified SCTP filter.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>app-assure>group>sctp-filter ppid)

Full Context

configure application-assurance group sctp-filter ppid

Description

Commands in this context configure actions for specific or default Payload Protocol Identifiers (PPIDs).

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>app-assure>group>statistics>tca>sctp-filter ppid-range)

Full Context

configure application-assurance group statistics threshold-crossing-alert sctp-filter ppid-range

Description

This command configures a TCA for the counter capturing hits for the specified SCTP filter PPID range command. An PPIPD range TCA can be created for traffic generated from the subscriber side of AA (from-sub) or for traffic generated from the network toward the AA subscriber (to-sub). The create keyword is mandatory when creating a TCA.

Parameters

direction

Specifies the traffic direction.

Values

from-sub, to-sub

create

Keyword used to create the TCA.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>app-assure>group>sctp-filter ppid-range)

Full Context

configure application-assurance group sctp-filter ppid-range

Description

This command specifies the range of PPID values that are allowed by AA SCTP filter firewall.

The no form of this command removes this PPID range.

Default

no ppid-range

Parameters

min-ppid

Specifies the minimum SCTP Payload Protocol Identifier (PPID) to be permitted by the SCTP filter. The value must be less than or equal to the max max-ppid value.

Values

0 to 4294967295

max-ppid

Specifies the minimum SCTP Payload Protocol Identifier (PPID) to be permitted by the SCTP filter. The value must be greater or equal to the min min-ppid value.

Values

0 to 4294967295

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vprn>if>sap>ipsec-tunnel>dyn ppk)

[Tree] (config>service>vprn>if>ipsec>ipsec-tunnel>dyn ppk)

[Tree] (config>service>ies>if>ipsec>ipsec-tunnel>dyn ppk)

[Tree] (config>ipsec>trans-mode-prof>dyn ppk)

[Tree] (config>router>if>ipsec>ipsec-tunnel>dyn ppk)

Full Context

configure service vprn interface sap ipsec-tunnel dynamic-keying ppk

configure service vprn interface ipsec ipsec-tunnel dynamic-keying ppk

configure service ies interface ipsec ipsec-tunnel dynamic-keying ppk

configure ipsec ipsec-transport-mode-profile dynamic-keying ppk

configure router interface ipsec ipsec-tunnel dynamic-keying ppk

Description

This command specifies the PPK to use for dynamic keying of the IPsec tunnel.

The no form of this command removes the PPK.

Default

no ppk

Parameters

ppk-list-name

Specifies the name of the PPK list, up to 32 characters.

ppk-id

Specifies the ID of a PPK entry in the list, up to 64 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

• configure ipsec ipsec-transport-mode-profile dynamic-keying ppk
• configure service vprn interface sap ipsec-tunnel dynamic-keying ppk

VSR

• configure router interface ipsec ipsec-tunnel dynamic-keying ppk
• configure service ies interface ipsec ipsec-tunnel dynamic-keying ppk
• configure service vprn interface ipsec ipsec-tunnel dynamic-keying ppk

Context

[Tree] (config>ipsec>ppk-list ppk-id)

Full Context

configure ipsec ppk-list ppk-id

Description

This command configures the attributes for a PPK entry within the list.

The no form of this command deletes the PPK entry from the list.

Parameters

ppk-id

Specifies a unique ID for the PPK, up to 64 characters.

value-string

Specifies the PPK value.

ascii

Keyword to specify that the PPK value is formatted as an ASCII string, up to 64 characters.

hex

Keyword that specifies the PPK value is formatted as a hexadecimal string, up to 128 hex nibbles.

Values

0x0 to 0xFFFFFFFF...

hash

Keyword that specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

hash2

Keyword that specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

custom

Keyword that specifies the custom encryption to the management interface.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>ipsec ppk-list)

Full Context

configure ipsec ppk-list

Description

Commands in this context configure a list of Post-quantum Preshared Keys (PPKs) to use for IKEv2 authentication, as described in RFC 8784.

The no form of this command deletes the PPK list.

Parameters

ppk-list-name

Specifies the name of the PPK list, up to 32 characters.

create

Keyword to create the PPK list.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>ipsec>tnl-temp ppk-list)

Full Context

configure ipsec tunnel-template ppk-list

Description

This command specifies a PPK list to use in the tunnel template, which represents a list of PPKs available for the IPsec gateway. The actual PPK to use depends on the tunnel initiator.

The no form of this command removes the PPK list from the tunnel template.

Default

no ppk-list

Parameters

ppk-list-name

Specifies the name of the PPK list, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>ipsec>ike-policy ppk-required)

Full Context

configure ipsec ike-policy ppk-required

Description

This command configures the mandatory use of PPKs for the IKEv2 key derivation process in the IKE policy.

The no form of this command configures the use of PPKs for IKEv2 as optional. The router can fall back to derive keys without PPK.

Default

no ppk-required

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>loc-user-db ppp)

Full Context

configure subscriber-mgmt local-user-db ppp

Description

Commands in this context configure PPP host parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>router>l2tp>group ppp)

[Tree] (config>service>vprn>l2tp>group ppp)

[Tree] (config>router>l2tp>group>tunnel ppp)

[Tree] (config>service>vprn>l2tp>group>tunnel ppp)

Full Context

configure router l2tp group ppp

configure service vprn l2tp group ppp

configure router l2tp group tunnel ppp

configure service vprn l2tp group tunnel ppp

Description

This command configures PPP for the L2TP tunnel group.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR