s Commands – Part V

Context

[Tree] (config>app-assure>group>transit-ip-policy static-aa-sub)

Full Context

configure application-assurance group transit-ip-policy static-aa-sub

Description

This command configures static transit aa-subs with a name and an app-profile. A new transit sub with both a name and an app-profile is configured with the create command. Static transit aa-sub must have an explicitly assigned app-profile. An existing transit sub can optionally be assigned a different app-profile, or this command can be used to enter the static-aa-sub context.

The no form of this command deletes the named static transit aa-sub from the configuration.

Parameters

transit-aasub-name

Specifies the name of a transit subscriber up to 32 characters in length.

app-profile-name

Specifies the name of an existing application profile up to 32 characters in length.

create

Keyword used to create a new app-profile entry.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>app-assure>group>transit-prefix-policy static-aa-sub)

Full Context

configure application-assurance group transit-prefix-policy static-aa-sub

Description

This command configures a static transit aa-sub with a name and an app-profile. A new transit sub with both a name and an app-profile is configured with the create command. Static transit aa-sub must have an explicitly assigned app-profile. An existing transit sub can optionally be assigned a different app-profile, or this command can be used to enter the static-aa-sub context.

The no form of this command deletes the named static transit aa-sub from the configuration.

Parameters

transit-aasub-name

Specifies a transit aasub-name up to 32 characters.

app-profile-name

Specifies the name of an existing application profile up to 32 characters.

create

Keyword used to create a new app-profile entry

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>app-assure>group>dns-ip-cache>ip-cache static-address)

Full Context

configure application-assurance group dns-ip-cache ip-cache static-address

Description

This command configures a static address in the cache.

Parameters

ip-address | ipv6-address

Specifies a character string up to 64 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>ies>if static-arp)

[Tree] (config>service>vprn>if static-arp)

Full Context

configure service ies interface static-arp

configure service vprn interface static-arp

Description

This command configures a static address resolution protocol (ARP) entry associating a subscriber IP address with a MAC address for the core router instance. This static ARP appears in the core routing ARP table. A static ARP can only be configured if it exists on the network attached to the IP interface.

If an entry for a particular IP address already exists and a new MAC address is configured for the IP address, the existing MAC address will be replaced with the new MAC address.

The no form of this command removes a static ARP entry.

Parameters

ip-address

Specifies the IP address for the static ARP in IP address dotted decimal notation.

ieee-mac-address

Specifies the 48-bit MAC address for the static ARP in the form aa:bb:cc:dd:ee:ff or aa-bb-cc-dd-ee-ff, where aa, bb, cc, dd, ee and ff are hexadecimal numbers. Allowed values are any non-broadcast, non-multicast MAC and non-IEEE reserved MAC addresses.

unnumbered

Specifies the static ARP MAC for an unnumbered interface. Unnumbered interfaces support dynamic ARP. Once this command is configured, it overrides any dynamic ARP.

Platforms

All

Context

[Tree] (config>service>vpls>interface static-arp)

Full Context

configure service vpls interface static-arp

Description

This command configures a static address resolution protocol (ARP) entry associating a subscriber IP address with a MAC address for the core router instance. A static ARP can only be configured if it exists on the network attached to the IP interface.

If an entry for a particular IP address already exists and a new MAC address is configured for the IP address, the existing MAC address will be replaced with the new MAC address.

The no form of this command removes a static ARP entry.

Parameters

ip-address

Specifies the IP address for the static ARP in dotted decimal notation

ieee-mac-address

Specifies the 48-bit MAC address for the static ARP in the form aa:bb:cc:dd:ee:ff or aa-bb-cc-dd-ee-ff where aa, bb, cc, dd, ee and ff are hexadecimal numbers. Allowed values are any non-broadcast, non-multicast MAC and non-IEEE reserved MAC addresses.

unnumbered

Specifies the static ARP MAC for an unnumbered interface. Unnumbered interfaces support dynamic ARP. Once this command is configured, it overrides any dynamic ARP.

Platforms

All

Context

[Tree] (config>service>vprn>nw-if static-arp)

Full Context

configure service vprn network-interface static-arp

Description

This command configures a static address resolution protocol (ARP) entry associating a subscriber IP address with a MAC address for the core router instance. This static ARP will appear in the core routing ARP table. A static ARP can only be configured if it exists on the network attached to the IP interface. If an entry for a particular IP address already exists and a new MAC address is configured for the IP address, the existing MAC address will be replaced with the new MAC address.

The no form of this command removes a static ARP entry.

Parameters

ip-address

Specifies the IP address for the static ARP in IP address dotted decimal notation.

ieee-mac-address

Specifies the 48-bit MAC address for the static ARP in the form aa:bb:cc:dd :ee:ff or aa-bb-cc-dd -ee-ff where aa, bb, cc, dd, ee and ff are hexadecimal numbers. Allowed values are any non-broadcast, non-multicast MAC and non-IEEE reserved MAC addresses.

Platforms

All

Context

[Tree] (config>router>if static-arp)

Full Context

configure router interface static-arp

Description

This command configures a static Address Resolution Protocol (ARP) entry associating an IP address with a MAC address for the core router instance. This static ARP appears in the core routing ARP table. A static ARP can only be configured if it exists on the network attached to the IP interface.

If an entry for a specific IP address already exists and a new MAC address is configured for the IP address, the existing MAC address is replaced by the new MAC address.

The number of static-arp entries that can be configured on a single node is limited to 1000.

Static ARP is used when a router needs to know about a device on an interface that cannot or does not respond to ARP requests. Therefore, the router configuration can state that if it has a packet that has a certain IP address to send it to the corresponding ARP address. Use proxy ARP so the router responds to ARP requests on behalf of another device.

The no form of this command removes a static ARP entry.

Parameters

ieee-address

Specifies the 48-bit MAC address for the static ARP in the form aa:bb:cc:dd :ee:ff or aa-bb-cc-dd -ee-ff, where aa, bb, cc, dd, ee and ff are hexadecimal numbers. Allowed values are any non-broadcast, non-multicast MAC and non-IEEE reserved MAC addresses.

unnumbered

Specifies the static ARP MAC for an unnumbered interface. Unnumbered interfaces support dynamic ARP. Once this command is configured, it overrides any dynamic ARP.

Platforms

All

Context

[Tree] (config>service>vprn>bgp-ipvpn>mpls>auto-bind-tunnel static-blackhole-first)

Full Context

configure service vprn bgp-ipvpn mpls auto-bind-tunnel static-blackhole-first

Description

This command configures the router to use a modified next-hop resolution sequence for each imported VPN-IP route. The router first checks for a static route in the Base routing table that matches the BGP next-hop address. If at least one such static route exists, and the route that is the longest match of the BGP next-hop address is a blackhole static route, the router resolves the VPN-IP route and programs it into the VPRN IP FIB table with a next-hop action that discards all matching packets. If there is no matching static route, or the longest matching static route is not a blackhole, the router resolves the VPN-IP route in the Base routing table as normal, that is, according to the configured VPRN auto-bind filter options.

The no form of this command configures the router to resolve VPN-IP routes in the Base routing table according to the configured VPRN auto-bind filter options.

Default

no static-blackhole-first

Platforms

All

Context

[Tree] (config>macsec>connectivity-association static-cak)

Full Context

configure macsec connectivity-association static-cak

Description

This command allows the configuration of a Connectivity Association Key (CAK). The CAK is responsible for managing the MKA.

Platforms

All

Context

[Tree] (config>router>origin-validation static-entry)

Full Context

configure router origin-validation static-entry

Description

This command configures a static VRP entry indicating that a specific origin AS is either valid or invalid for a specific IP prefix range. Static VRP entries are stored along with dynamic VRP entries (learned from local cache servers using the RPKI-Router protocol) in the origin validation database of the router. This database is used for determining the origin-validation state of IPv4 and/or IPv6 BGP routes received over sessions with the enable-origin-validation command configured.

Static entries can only be configured under the config>router>origin-validation context of the base router.

Parameters

ip-prefix/ip-prefix-length

Specifies an IPv4 or IPv6 address with a minimum prefix length value.

Values

60 to 3600

prefix-length2

Specifies the maximum prefix length.

Values

1 to 128

as-number

Specifies as-number.

Values

0 to 4294967295

valid

Specifies a keyword meaning the static entry expresses a valid combination of origin AS and prefix range.

invalid

Specifies a keyword meaning the static entry expresses an invalid combination of origin AS and prefix range.

Platforms

All

Context

[Tree] (config>router>segment-routing>srv6>locator static-function)

Full Context

configure router segment-routing segment-routing-v6 locator static-function

Description

Commands in this context configure the function field parameters of a static End, End.X, or service SID assignment.

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

Context

[Tree] (conf>router>sr>srv6>ms>block static-function)

Full Context

configure router segment-routing segment-routing-v6 micro-segment block static-function

Description

Commands in this context configure the function field parameters of a static uA or service micro-segment assignment.

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

Context

[Tree] (config>service>ies>sub-if>grp-if>sap static-host)

[Tree] (config>service>vprn>sub-if>grp-if>sap static-host)

Full Context

configure service ies subscriber-interface group-interface sap static-host

configure service vprn subscriber-interface group-interface sap static-host

Description

This command creates a static subscriber host for the SAP. Static subscriber hosts may be used by the system for various purposes. Applications within the system that make use of static host entries include anti-spoof, ARP reply agent and source MAC population into the VPLS forwarding database.

Multiple static hosts may be defined on the SAP. Each host is identified by either a source IP address, a source MAC address or both a source IP and source MAC address. Every static host definition must have at least one address defined, IP or MAC.

Static hosts can exist on the SAP even with anti-spoof and ARP reply agent features disabled. When enabled, each feature has different requirements for static hosts.

The no form of this command removes a static entry from the system. The specified ip-address and mac-address must match the host’s exact IP and MAC addresses as defined when it was created. When a static host is removed from the SAP, the corresponding anti-spoof filter entry and/or FDB entry is also removed.

Parameters

ip-prefix[/prefix-length

Specifies information for the specified IP address and mask.

mac-address

Specifies a MAC address. The MAC address must be specified for anti-spoof mac, and anti-spoof ip-mac and arp-reply-agent (arp-reply-agent is supported by the 7450 ESS only). Multiple static hosts may be configured with the same MAC address given that each definition is distinguished by a unique IP address.

Every static host definition must have at least one address defined, IP or MAC.

force

Specifies the forced removal of the static host addresses.

create

Keyword used to create the static host instance. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>ies>if>sap static-host)

[Tree] (config>service>vpls>sap static-host)

[Tree] (config>service>vprn>if>sap static-host)

Full Context

configure service ies interface sap static-host

configure service vpls sap static-host

configure service vprn interface sap static-host

Description

This command creates a static subscriber host for the SAP. Static subscriber hosts may be used by the system for various purposes. Applications within the system that make use of static host entries include anti-spoof, ARP reply agent and source MAC population into the VPLS forwarding database.

Multiple static hosts may be defined on the SAP. Each host is identified by either a source IP address, a source MAC address or both a source IP and source MAC address. Every static host definition must have at least one address defined, IP or MAC.

Static hosts can exist on the SAP even with anti-spoof and ARP reply agent features disabled. When enabled, each feature has different requirements for static hosts.

The no form of this command removes a static entry from the system. The specified ip-address and mac-address must match the host’s exact IP and MAC addresses as defined when it was created. When a static host is removed from the SAP, the corresponding anti-spoof filter entry and/or FDB entry is also removed.

Parameters

ip-address

Specify this optional parameter when defining a static host. The IP address must be specified for anti-spoof ip, anti-spoof ip-mac and arp-reply-agent (arp-reply-agent is supported by the 7450 ESS only). Only one static host may be configured on the SAP with a given IP address.

mac-address

Specify this optional parameter when defining a static host. The MAC address must be specified for anti-spoof mac, and anti-spoof ip-mac and arp-reply-agent (arp-reply-agent is supported by the 7450 ESS only). Multiple static hosts may be configured with the same MAC address given that each definition is distinguished by a unique IP address.

Every static host definition must have at least one address defined, IP or MAC.

force

Specifies the forced removal of the static host addresses.

create

Keyword used to create the static host instance. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vprn>sub-if>grp-if>sap static-host-mgmt)

[Tree] (config>service>ies>sub-if>grp-if>sap static-host-mgmt)

Full Context

configure service vprn subscriber-interface group-interface sap static-host-mgmt

configure service ies subscriber-interface group-interface sap static-host-mgmt

Description

Commands in this context configure common parameters for static hosts.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vpls>spoke-sdp static-isid)

[Tree] (config>service>vpls>sap static-isid)

Full Context

configure service vpls spoke-sdp static-isid

configure service vpls sap static-isid

Description

This command configures the static-isid context.

Platforms

All

Context

[Tree] (config>router>mpls-labels static-label-range)

Full Context

configure router mpls-labels static-label-range

Description

This command configures the range of MPLS static label values shared among static LSP, MPLS-TP LSP, and static service VC label. Once this range is configured, it is reserved and cannot be used by other protocols such as RSVP, LDP, BGP, or Segment Routing to assign a label dynamically.

Default

static-label-range 18400

Parameters

static-range

Specifies the size of the static label range in number of labels. The minimum label value in the range is 32. The maximum label value is therefore computed as {32+ static-range-1}.

Values

0 to 262112

Default

18400

Platforms

All

Context

[Tree] (config>router>mpls static-lsp)

Full Context

configure router mpls static-lsp

Description

This command is used to configure a static LSP on the ingress router. The static LSP is a manually set up LSP where the nexthop IP address and the outgoing label (push) must be specified.

The no form of this command deletes this static LSP and associated information.

The LSP must be shutdown first in order to delete it. If the LSP is not shut down, the no static-lsp lsp-name command does nothing except generate a warning message on the console indicating that the LSP is administratively up.

Parameters

lsp-name

Specifies the name that identifies the LSP.

Values

Up to 32 alphanumeric characters.

Platforms

All

Context

[Tree] (config>router>mpls static-lsp-fast-retry)

Full Context

configure router mpls static-lsp-fast-retry

Description

This command specifies the value used as the fast retry timer for a static LSP.

When a static LSP is trying to come up, the MPLS request for the ARP entry of the LSP next-hop may fail when it is made while the next-hop is still down or unavailable. In that case, MPLS starts a retry timer before making the next request. This enhancement allows the user to configure the retry timer, so that the LSP comes up as soon as the next-hop is up.

The no form of this command reverts to the default.

Default

no static-lsp-fast-retry

Parameters

seconds

Specifies the value (in s), used as the fast retry timer for a static LSP.

Values

1 to 30

Platforms

All

Context

[Tree] (config>service>vpls>mesh-sdp static-mac)

[Tree] (config>service>vpls>spoke-sdp static-mac)

[Tree] (config>service>vpls>sap static-mac)

Full Context

configure service vpls mesh-sdp static-mac

configure service vpls spoke-sdp static-mac

configure service vpls sap static-mac

Description

This command creates a remote static MAC entry in the Virtual Private LAN Service (VPLS) forwarding database (FDB) associated with the service destination point (SDP).

In a VPLS service, MAC addresses are associated with a SAP or with an SDP. MACs associated with a SAP are classified as local MACs, and MACs associated with an SDP are remote MACs.

Local and remote static MAC entries create a permanent MAC address to SDP association in the forwarding database for the VPLS instance so that MAC address is not learned on the edge device.

Only one static MAC entry (local or remote) can be defined per MAC address per VPLS instance.

By default, no static MAC address entries are defined for the SDP.

The no form of this command deletes the static MAC entry with the specified MAC address associated with the SDP from the VPLS forwarding database.

Parameters

ieee-mac-address

Specifies the 48-bit MAC address for the static ARP in the form aa:bb:cc:dd :ee:ff or aa-bb-cc-dd -ee-ff where aa, bb, cc, dd, ee and ff are hexadecimal numbers. Allowed values are any non-broadcast, non-multicast MAC and non-IEEE reserved MAC addresses.

create

Keyword used to create the static MAC instance. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

All

Context

[Tree] (config>service>vpls static-mac)

Full Context

configure service vpls static-mac

Description

A set of conditional static MAC addresses can be created within a VPLS supporting BGP-EVPN. Conditional Static Macs are also supported in B-VPLS with SPBs. Unless they are configured as black-hole, conditional Static Macs are dependent on the SAP/SDP state.

This command allows the assignment of a set of conditional Static MAC addresses to a SAP/ spoke-SDP or black-hole. In the FDB, the static MAC is then associated with the active SAP or spoke-SDP.

When configured in conjunction with SPBM services, Static MACs are used for PBB Epipe and I-VPLS services that may terminate external to SPBM. If this is configured under a Control B-VPLS the interface referenced will not use IS-IS for this neighbor. This may also be configured under a User B-VPLS where the corresponding interface is not supported under the Control B-VPLS.

Static MACs configured in a BGP-EVPN service are advertised as protected (EVPN will signal the MAC as protected).

Platforms

All

Context

[Tree] (config>service>vpls>interface static-mac)

Full Context

configure service vpls interface static-mac

Description

A set of conditional static MAC addresses can be created within a VPLS supporting bgp-evpn. Conditional static macs are also supported in B-VPLS with SPBM. Conditional Static MACs are dependent on the SAP/SDP state.

This command allows assignment of a set of conditional static MAC addresses to a SAP/ spoke-SDP. In the FDB, the static MAC is then associated with the active SAP or spoke-SDP.

Static MACs are used for PBB Epipe and I-VPLS services that may terminate external to SPBM. If this is configured under a Control B-VPLS the interface referenced will not use IS-IS for this neighbor. This may also be configured under a User B-VPLS where the corresponding interface is not supported under the Control B-VPLS.

Static MACs configured in a bgp-evpn service are advertised as protected (EVPN will signal the mac as protected).

Platforms

All

Context

[Tree] (config>service>vpls>endpoint static-mac)

Full Context

configure service vpls endpoint static-mac

Description

This command assigns a static MAC address to the endpoint. In the FDB, the static MAC is then associated with the active spoke-SDP.

Parameters

ieee-address

Specifies the static MAC address to the endpoint

Values

6-byte mac-address (xx:xx:xx:xx:xx:xx or xx-xx-xx-xx-xx-xx) Cannot be all zeros

create

This keyword is mandatory while creating a static MAC

Platforms

All

Context

[Tree] (config>sys>security>dist-cpu-protection>policy static-policer)

Full Context

configure system security dist-cpu-protection policy static-policer

Description

Configures a static enforcement policer that can be referenced by one or more protocols in the policy. Once this policer-name is referenced by a protocol, then this policer will be instantiated for each object (for example, a SAP or network interface) that is created and references this policy. If there is no policer resource available on the associated card or fp then the object is be blocked from being created. Multiple protocols can use the same static-policer.

Parameters

policy-name

Specifies the name of the policy, up to 32 characters.

Platforms

All

Context

[Tree] (conf>router>segment-routing>sr-policies static-policy)

Full Context

configure router segment-routing sr-policies static-policy

Description

This command creates a context to configure a segment routing policy. The resulting segment routing policy is targeted for local installation or propagation by BGP to another router.

The no form of this command deletes the statically defined segment routing policy.

Default

no static-policy

Parameters

name

Specifies the name assigned to the statically defined segment routing policy, up to 64 characters.

create

Keyword used to create the policy.

Platforms

All

Context

[Tree] (config>service>vprn>mvpn>pt>selective>p2mp-sr static-policy-mpls)

[Tree] (config>service>vprn>mvpn>pt>inclusive>p2mp-sr static-policy-mpls)

[Tree] (config>service>vprn>mvpn>pt>selective>multistream-spmsi static-policy-mpls)

Full Context

configure service vprn mvpn provider-tunnel selective p2mp-sr static-policy-mpls

configure service vprn mvpn provider-tunnel inclusive p2mp-sr static-policy-mpls

configure service vprn mvpn provider-tunnel selective multistream-spmsi static-policy-mpls

Description

This command assigns the specified static policy to the MVPN tunnel.

The no form of this command removes the static policy from the MVPN tunnel.

Default

no static-policy-mpls

Parameters

policy-name

Specifies the policy name, up to 32 characters.

Platforms

All

Context

[Tree] (config>app-assure>group>transit-prefix-policy static-remote-aa-sub)

Full Context

configure application-assurance group transit-prefix-policy static-remote-aa-sub

Description

This command configures static remote transit aa-subs with a name and an app-profile. Remote transit subscribers are configured for sites on the opposite side of the system as the parent SAP/spoke- SDP. A new remote transit sub with both a name and an app-profile is configured with the create command. Static remote transit aa-subs must have an explicitly assigned app-profile. An existing remote transit sub can optionally be assigned a different app-profile.

The no form of this command removes the name from the transit prefix policy.

Parameters

transit-aasub-name

Specifies a transit aasub-name up to 32 characters.

app-profile-name

Specifies the name of an existing application profile up to 32 characters.

create

Keyword used to create a new app-profile entry.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>pw-routing static-route)

Full Context

configure service pw-routing static-route

Description

This command configures a static route to a next hop S-PE or T-PE. Static routes may be configured on either S-PEs or T-PEs.

A default static route is entered as follows:

static-route 0:0:next_hop_ip_addresss

or

static-route 0:0.0.0.0:next_hop_ip_address

The no form of this command removes a previously configured static route.

Parameters

route-name

Specifies the static pseudowire route.

Values

route-name	<global-id>:<prefix>:<next-hop-ip_addr>
global-id	0 to 4294967295
prefix	a.b.c.d | 0 to 4294967295
next-hop-ip_addr	a.b.c.d

Platforms

All

Context

[Tree] (bof static-route)

Full Context

bof static-route

Description

This command creates a static route entry for the CPM management Ethernet port in the running configuration and the Boot Option File (BOF).

This command allows manual configuration of static routing table entries. These static routes are only used by traffic generated by the CPM Ethernet port. To reduce configuration, manual address aggregation should be applied where possible.

A maximum of 10 static routes can be configured on the CPM port.

The no form of this command deletes the static route.

Default

no static-route

Parameters

ip-prefix/ip-prefix-length

Specifies the destination address of the static route in dotted decimal notation.

Values

ip-prefix/ip-prefix-length	ipv4-prefix	a.b.c.d (host bits must be 0)
	ipv4-prefix-le	0 to 32
	ipv6-prefix	x:x:x:x:x:x:x:x (eight 16-bit pieces)
		x:x:x:x:x:x:d.d.d.d
		x: [0 to FFFF]H
		d: [0to 255]D
	ipv6-prefix-le	0 to128
ip-address	ipv4-address	a.b.c.d
	ipv6-address	x:x:x:x:x:x:x:x (eight 16-bit pieces)
		x:x:x:x:x:x:d.d.d.d
		x: [0 to FFFF]H
		d: [0 to 255]D

Note:

IPv6 is applicable to the 7750 SR and 7950 XRS only.

mask

Specifies the subnet mask, expressed as an integer or in dotted decimal notation.

Values

1 to 32 (mask length), 128.0.0.0 to255.255.255.255 (dotted decimal)

ip-address

Specifies the next hop IP address used to reach the destination.

Platforms

All

Context

[Tree] (config>service>vprn static-route-entry)

Full Context

configure service vprn static-route-entry

Description

This command creates a static route entry for both the network and access routes. A prefix and netmask must be specified.

Once the static route context for the specified prefix and netmask has been created, additional parameters associated with the static route(s) may be specified through the inclusion of additional static-route parameter commands.

The no form of this command deletes the static route entry. If a static route needs to be removed when multiple static routes exist to the same destination, then as many parameters to uniquely identify the static route must be entered.

IPv6 static routes are not supported on the 7450 ESS except in mixed mode.

Default

No static routes are defined.

Parameters

ip-prefix/prefix-length

The destination address of the static route.

Values

The following values apply to the 7750 SR and 7950 XRS:

ipv4-prefix	a.b.c.d (host bits must be 0)
ipv4-prefix-length	0 to 32
ipv6-prefix	x:x:x:x:x:x:x:x (eight 16-bit pieces)
	x:x:x:x:x:x:d.d.d.d
	x: [0 to FFFF]H
	d: [0 to 255]D
ipv6-prefix-length	0 to 128

Values

The following values apply to the 7450 ESS:

ipv4-prefix	a.b.c.d (host bits must be 0)
ipv4-prefix-length	0 to 32

mcast

Specifies that the associated static route should be populated in the associated VPRN multicast route table.

Platforms

All

Context

[Tree] (config>router static-route-entry)

Full Context

configure router static-route-entry

Description

This command creates a static route entry for both the network and access routes. A prefix and netmask must be specified.

After the static route context for the specified prefix and netmask has been created, additional parameters associated with the static routes may be specified through the inclusion of additional static route parameter commands.

The no form of this command deletes the static route entry. If a static route needs to be removed when multiple static routes exist to the same destination, then as many parameters to uniquely identify the static route must be entered.

Default

No static routes are defined.

Parameters

ip-prefix/prefix-length

Specifies the destination address of the static route.

Values

The following values apply to the 7750 SR and 7950 XRS:

ipv4-prefix	a.b.c.d (host bits must be 0)
ipv4-prefix-length	0 to 32
ipv6-prefix	x:x:x:x:x:x:x:x (eight 16-bit pieces)
	x:x:x:x:x:x:d.d.d.d
	x	[0 to FFFF]H
	d	[0 to 255]D
ipv6-prefix-length	0 to 128

Values

The following values apply to the 7450 ESS:

ipv4-prefix	a.b.c.d (host bits must be 0)
ipv4-prefix-length	0 to 32

ip-address

Specifies the IP address of the IP interface. The ip-addr portion of the address command specifies the IP host address that will be used by the IP interface within the subnet. This address must be unique within the subnet and specified in dotted decimal notation.

Values

The following values apply to the 7750 SR and 7950 XRS:

ipv4-address	a.b.c.d (host bits must be 0)
ipv6-address	x:x:x:x:x:x:x:x[-interface]
	x:x:x:x:x:x:d.d.d.d[-interface]
	x: [0..FFFF]H
	d: [0..255]D
	interface: 32 characters maximum, mandatory for link local addresses

Values

The following value applies to the 7450 ESS:

ipv4-address

a.b.c.d (host bits must be 0)

mcast

Indicates that static route being configured is used for multicast table only.

Platforms

All

Context

[Tree] (config>router static-route-hold-down)

Full Context

configure router static-route-hold-down

Description

This command enables the hold down time feature globally for static routes in the system.

The static route hold-down time is a mechanism to protect from rapid, fluctuating state changes of static routes resulting from issues with reachability because of link flap.

This command applies to all static routes in the VPRN and the base router instance in which this hold-down time is configured.

The no form of this command disables the hold down time feature globally for static routes in the system.

Default

no static-route-hold-down

Parameters

initial

Specifies the initial value of the hold down time, in seconds, globally for static routes in the system.

Values

1 to 65535

multiplier

Specifies the multiplier value of the hold down time feature globally for static routes in the system.

Values

1 to 10

max-value

Specifies the maximum value of the hold down time, in seconds, globally for static routes in the system.

Values

1 to 65535

Platforms

All

Context

[Tree] (config>ipsec static-sa)

Full Context

configure ipsec static-sa

Description

This command configures an IPsec static SA.

Platforms

All

Context

[Tree] (config>app-assure>group>http-enrich>field static-string)

Full Context

configure application-assurance group http-enrich field static-string

Description

This command configures an HTTP header enrichment template field static string.

The no form of this command removes the template field static string.

Default

no static-string

Parameters

static-string

Specifies a static string.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>ies>if static-tunnel-redundant-next-hop)

[Tree] (config>service>vprn>if static-tunnel-redundant-next-hop)

Full Context

configure service ies interface static-tunnel-redundant-next-hop

configure service vprn interface static-tunnel-redundant-next-hop

Description

This command specifies redundant next-hop address on public or private IPsec interface (with public or private tunnel-sap) for static IPsec tunnel. The specified next-hop address will be used by standby node to shunt traffic to master in case of it receives them. Refer to the 7450 ESS, 7750 SR, and VSR Multiservice Integrated Service Adapter and Extended Services Appliance Guide for information about IPsec commands and descriptions.

The next-hop address will be resolved in routing table of corresponding service.

The no form of this command removes the address from the interface configuration.

Parameters

ip-address

Specifies the static ISA tunnel redundant next-hop address.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>bmp station)

Full Context

configure bmp station

Description

The command configures the BMP monitoring station name.

The no form of this command removes the station name from the configuration.

Parameters

station-name

Specifies the station name of the BMP monitoring station up to 32 characters.

create

Keyword used to create the station name. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

All

Context

[Tree] (config>service>vprn>bgp>group>neighbor>monitor station)

[Tree] (config>service>vprn>bgp>group>monitor station)

[Tree] (config>router>bgp>group>monitor station)

[Tree] (config>router>bgp>monitor station)

[Tree] (config>router>bgp>group>neighbor>monitor station)

Full Context

configure service vprn bgp group neighbor monitor station

configure service vprn bgp group monitor station

configure router bgp group monitor station

configure router bgp monitor station

configure router bgp group neighbor monitor station

Description

This command configures the set of BMP monitoring stations for which BMP messages are to be sent, at the global BGP instance level, per group or for a particular neighbor.

Whatever value is configured for the station parameter at the most specific BGP hierarchy level is used.

• If a station list or the no station command is configured at a neighbor context, then that value is used.

• If no station command is configured at the neighbor context, the group value is used.

• If a station list or the no station command is configured at a group context, then that value is used.

• If no station command is configured at the group context, the global value is used.

• If a station list or the no station command is configured at the global context, then that value is used.

• If no station command is configured at the global context, then a no station is assumed.

The no form of this command disables sending BMP messages to BMP monitoring stations.

Parameters

name

Specifies up to eight station names up to 32 characters. Allowed values are any string up to 32 characters long composed of printable,7-bit ASCII characters. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes.

all

Specifies all configured stations.

Platforms

All

Context

[Tree] (config>bmp>station>connection station-address)

Full Context

configure bmp station connection station-address

Description

This command configures the IP address and TCP port number of the remote BMP monitoring station. This is a mandatory parameter and must be configured before the associated station can transitioned out of the shut down state.

The no form of this command removes the configured station IP address and port number for the BMP session. The no station-address command cannot be accepted unless the BMP or station instance is shut down.

Parameters

ip-address

Specifies the station address expressed in dotted decimal notation. Allowed value is a valid routable IP address on the router, either an interface or system IP address.

Values

ipv4-address:

• a.b.c.d (host bits must be 0)

ipv6-address

Specifies the station address expressed in dotted decimal notation. Allowed value is a valid routable IPv6 address on the router, either an interface or system IPv6 address.

Values

ipv6-address:

• x:x:x:x:x:x:x:x (eight 16-bit pieces)

• x:x:x:x:x:x:d.d.d.d

• x: [0 to FFFF]H

• d: [0 to 255]D

port

Specifies the TCP (destination) port number to be used when establishing the connection to the associated BMP station.

Values

1 to 65535

Platforms

All

Context

[Tree] (debug>wlan-gw>group statistic)

Full Context

debug wlan-gw group statistic

Description

This command enables debugging of the specified statistic. The first packet that causes an increase of the specified statistic is shown in debug output. After the first packet, debugging of the counter is stopped.

Parameters

type

Displays the type of statistic to be debugged; for example, DHCP or RADIUS.

Values

packet-errors, host-errors, bd-errors, forwarding, reassembly, aa, radius, arp, dhcp, dhcp6, icmp, icmp6

name

Specifies the name, up to 256 characters, of the statistic within that group. For a complete list, see the command show isa wlan-gw-group wlan-gw-group-id member member-id statistics.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>app-assure>group statistics)

Full Context

configure application-assurance group statistics

Description

Commands in this context configure accounting and billing statistics for this AA ISA group.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>isa>aa-grp statistics)

Full Context

configure isa application-assurance-group statistics

Description

Commands in this context configure statistics generation.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>isa>tunnel-grp stats-collection)

Full Context

configure isa tunnel-group stats-collection

Description

Commands in this context configure ISA statistics collection parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>bmp>station stats-report-interval)

Full Context

configure bmp station stats-report-interval

Description

This command configures the frequency of sending statistics reporting messages to the BMP monitoring station.

The no form of this command removes the interval from the configuration.

Parameters

seconds

Specifies the frequency of sending statistics reporting messages, in seconds, to the BMP monitoring station.

Values

15 to 65535

Platforms

All

Context

[Tree] (config>service>dynsvc>acct-1 stats-type)

[Tree] (config>service>dynsvc>acct-2 stats-type)

Full Context

configure service dynsvc acct-1 stats-type

configure service dynamic-services dynamic-services-policy accounting-2 stats-type

Description

This command configures the type of statistics to be reported in dynamic data services RADIUS accounting. A RADIUS specified Stats Type overrides the CLI configured value.

The no form of this command resets the default value.

Default

stats-type volume-time

Parameters

time

Only report Session-Time in the RADIUS Accounting Interim-Update and Stop message.

volume-time

Report both Session-Time and Volume counter attributes in the RADIUS. Accounting Interim-Update and Stop messages.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>dynsvc>ladb>user>idx>acct stats-type)

Full Context

configure service dynamic-services local-auth-db user-name index accounting stats-type

Description

This command specifies whether dynamic service accounting should be enabled or disabled for this destination. RADIUS accounting is enabled by specifying the stats type: volume and time or time only. This command overrides the local configured value in the dynamic services policy.

The no form of this command disables RADIUS accounting (stats-type off).

Parameters

volume-time | time

Enables RADIUS accounting for this dynamic service and specifies if volume counters should be included (volume-time) or time only (time) in the RADIUS accounting messages.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>ies>if>sap>ipsec-gw>cert status-verify)

[Tree] (config>service>ies>if>ipsec>ipsec-tunnel>dyn>cert status-verify)

[Tree] (config>service>vprn>if>sap>ipsec-gw>cert status-verify)

[Tree] (config>ipsec>trans-mode-prof>dyn>cert status-verify)

[Tree] (config>service>vprn>if>sap>ipsec-tun>dyn>cert status-verify)

[Tree] (config>router>if>ipsec>ipsec-tun>dyn>cert status-verify)

[Tree] (config>service>vprn>if>ipsec>ipsec-tunnel>dyn>cert status-verify)

Full Context

configure service ies interface sap ipsec-gw cert status-verify

configure service ies interface ipsec ipsec-tunnel dynamic-keying cert status-verify

configure service vprn interface sap ipsec-gw cert status-verify

configure ipsec ipsec-transport-mode-profile dynamic-keying cert status-verify

configure service vprn interface sap ipsec-tunnel dynamic-keying cert status-verify

configure router interface ipsec ipsec-tunnel dynamic-keying cert status-verify

configure service vprn interface ipsec ipsec-tunnel dynamic-keying cert status-verify

Description

Commands in this context configure Certificate Status Verification (CSV) parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

• configure ipsec ipsec-transport-mode-profile dynamic-keying cert status-verify
• configure service ies interface sap ipsec-gw cert status-verify
• configure service vprn interface sap ipsec-tunnel dynamic-keying cert status-verify
• configure service vprn interface sap ipsec-gw cert status-verify

VSR

• configure router interface ipsec ipsec-tunnel dynamic-keying cert status-verify
• configure service vprn interface ipsec ipsec-tunnel dynamic-keying cert status-verify
• configure service ies interface ipsec ipsec-tunnel dynamic-keying cert status-verify

Context

[Tree] (config>system>security>tls>server-tls-profile status-verify)

[Tree] (config>system>security>tls>client-tls-profile status-verify)

Full Context

configure system security tls server-tls-profile status-verify

configure system security tls client-tls-profile status-verify

Description

This command configures the certificate revocation status verification parameters for end-entity (EE) certificates in the TLS client or server. This configuration overrides the existing revocation check policy.

By default the router checks the certification revocation status, but if this command is set to good, the end-entity certificate revocation status is overwritten and a good revocation status is returned for the EE certificate.

If this command is set to revoked, the router returns the actual revocation status of the end-entity certificate.

The no form of this command returns the actual revocation status to that of the end entity certificate.

Default

status-verify default-result revoked

Parameters

good

Specifies that the certificate is considered acceptable.

revoked

Specifies that the certificate is considered revoked.

Platforms

All

Context

[Tree] (config>subscr-mgmt>acct-plcy>include-radius-attribute std-acct-attributes)

Full Context

configure subscriber-mgmt radius-accounting-policy include-radius-attribute std-acct-attributes

Description

This command enables reporting of aggregated forwarded IPv4 and IPv6 octet, packet and gigaword counters using standard RADIUS attributes. This attribute is by default. It can be enabled simultaneously with detailed per queue or policer counters (detailed-acct-attributes).

The no form of this command reverts to the default.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>qos>hs-port-pool-policy std-port-class-pools)

Full Context

configure qos hs-port-pool-policy std-port-class-pools

Description

Commands in this context configure standard port-class pools parameters. Within this context, the corresponding port-class pools can be associated with a mid-pool, explicitly sized as a percentage of the mid-pool size, dynamically-sized based on relative port bandwidth, or have a slope policy applied.

Platforms

7750 SR-7/12/12e

Context

[Tree] (config>subscr-mgmt>loc-user-db>ppp>host steering-profile)

Full Context

configure subscriber-mgmt local-user-db ppp host steering-profile

Description

This command configures the steering profile for the specific host.

The no form of this command removes the steering profile for the host.

Parameters

steering-profile-name

Specifies the name of the steering profile, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt steering-profile)

Full Context

configure subscriber-mgmt steering-profile

Description

This command configures a steering profile mapping. A steering profile can be applied to each L2TP LAC subscriber host that requires traffic steering.

The no form of this command removes the specified steering profile.

Parameters

steering-profile-name

Specifies the name of the steering profile, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>acct-plcy>include-radius-attribute steering-profile)

Full Context

configure subscriber-mgmt radius-accounting-policy include-radius-attribute steering-profile

Description

This command enables including the Alc-Steering-Profile RADIUS attribute.

The no form of the command disables including the Alc-Steering-Profile RADIUS attribute.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vprn>nat>inside>redundancy steering-route)

Full Context

configure service vprn nat inside redundancy steering-route

Description

This command configures specifies the IP address and prefix length of the steering route. The steering route is used in the realm of this virtual router instance as an indirect next-hop for all the traffic that must be routed to the large scale NAT function.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>router>nat>inside>redundancy steering-route)

Full Context

configure router nat inside redundancy steering-route

Description

This command is optionally used in LSN44 multi-chassis redundancy when filters are used on the inside to send traffic destined for the LSN44 function to MS-ISA, where NAT is performed.

If configured, the steering-route is advertised only from the active LSN44 node: the purpose is to bring the LSN44 node activity awareness to downstream routers. In this fashion, downstream routers can make a more intelligent decision when forwarding traffic in the upstream direction. Based on the steering-route, traffic can be sent directly towards the active LSN44 node. This route avoids an extra forwarding hop which would ensue in the case without LSN44 activity awareness, where the upstream traffic can be forwarded to the standby LSN44 node and then to the active LSN44 node.

LSN44 node activity (active/standby) is evaluated per isa-group based on monitoring routes advertised on the outside.

The no form of the command removes the ip-prefix/length from the configuration.

Parameters

ip-prefix/length

Specifies the IP address and length of the steering route.

Values

ip-prefix:	a.b.c.d
ip-prefix-length:	0 to 32

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>filter>ip-filter>entry sticky-dest)

[Tree] (config>filter>ipv6-filter>entry sticky-dest)

[Tree] (config>filter>redirect-policy sticky-dest)

[Tree] (config>filter>mac-filter>entry sticky-dest)

Full Context

configure filter ip-filter entry sticky-dest

configure filter ipv6-filter entry sticky-dest

configure filter redirect-policy sticky-dest

configure filter mac-filter entry sticky-dest

Description

This command configures sticky destination behavior for redundant PBR/PBF actions. Configuring sticky destination has an effect on PBR/PBF actions whether a secondary action is configured.

The hold-time-up parameter allows the operator to delay programming of a PBR/PBF action for a specified amount of time. The timer is only started when transitioning from all configured targets being down (that is, the primary target if no secondary target is configured, or both the primary and secondary targets when both are configured) to at least one target being up.

When the timer expires, the primary PBR/PBF action is programmed if its target is up. If the primary PBR/PBF target is down and a secondary PBR/PBF action has been configured and its target is up, then this secondary PBR/PBF action is programmed. In all other cases, no specific programming occurs when the timer expires.

When sticky destination is configured and the secondary PBR/PBF target is up and its associated action is programmed, it is not automatically replaced by the primary PBR/PBF action when its target transitions from down to up. In this situation, programming the primary PBR/PBF action can be forced using the activate-primary-action tools command.

Changing the value of the timer while the timer is running takes effect immediately (that is, the timer is restarted immediately using the new value).

The no form of the command disables sticky destination behavior.

Default

no sticky-dest

Parameters

hold-time-up

Specifies the initial delay in seconds. Zero is equivalent to no-hold-time-up (no delay).

Values

0 to 65535 seconds

Platforms

All

Context

[Tree] (config>service>vprn>pim>if sticky-dr)

Full Context

configure service vprn pim interface sticky-dr

Description

This command enables sticky-dr operation on this interface. When enabled, the priority in PIM hellos sent on this interface when elected as the designated router (DR) is modified to the value configured in dr-priority. This is done to avoid the delays in forwarding caused by DR recovery, when switching back to the old DR on a LAN when it comes back up.

By enabling sticky-dr on this interface, it will continue to act as the DR for the LAN even after the old DR comes back up.

The no form of this command disables sticky-dr operation on this interface.

Default

no sticky-dr

Parameters

priority dr-priority

Sets the DR priority to be sent in PIM Hello messages following the election of that interface as the DR, when sticky-dr operation is enabled.

Values

1 to 4294967295

Platforms

All

Context

[Tree] (config>router>pim>interface sticky-dr)

Full Context

configure router pim interface sticky-dr

Description

This command enables sticky-dr operation on this interface. When enabled, the priority in PIM hellos sent on this interface when elected as the designated router (DR) will be modified to the value configured in dr-priority. This is done to avoid the delays in forwarding caused by DR recovery, when switching back to the old DR on a LAN when it comes back up.

By enabling sticky-dr on this interface, it will continue to act as the DR for the LAN even after the old DR comes back up.

The no form of this command disables sticky-dr operation on this interface.

Default

no sticky-dr

Parameters

priority dr-priority

Sets the DR priority to be sent in PIM Hello messages following the election of that interface as the DR, when sticky-dr operation is enabled.

Values

1 to 4294967295

Platforms

All

Context

[Tree] (config>router>policy-options>policy-statement>default-action sticky-ecmp)

[Tree] (config>router>policy-options>policy-statement>entry>action sticky-ecmp)

Full Context

configure router policy-options policy-statement default-action sticky-ecmp

configure router policy-options policy-statement entry action sticky-ecmp

Description

This command specifies that BGP routes matching an entry or default-action of a route policy should be tagged internally as requiring sticky ECMP behavior. When a BGP route with multiple equal-cost BGP next-hops is programmed for sticky ECMP the failure of one or more of its BGP next-hops causes only the affected traffic flows to be re-distributed to the remaining next-hops; by default (without sticky-ECMP) all flows are potentially affected, even those using a next-hop that did not fail.

Default

no sticky-ecmp

Platforms

All

Context

[Tree] (config>subscr-mgmt>msap-policy sticky-msaps)

Full Context

configure subscriber-mgmt msap-policy sticky-msaps

Description

This command prevents MSAPs associated with the specified MSAP policy from being deleted unless a manual clear command is issued. If this command is not enabled, an MSAP is deleted when a host creation fails or when a subscriber is no longer associated with the MSAP, for example, when a subscriber ends the session. This feature is useful for an operator who wants to keep historical statistics on MSAPs. It can also speed up host creation on an MSAP since the MSAP is already created. The idle-timeout parameter allows the removal of MSAPs that are idle for longer than the specified time.

The no form of this command allows an MSAP to be deleted when a host creation fails or when a subscriber is no longer associated with the MSAP.

Default

no sticky-msaps

Parameters

seconds

Specifies the idle timeout, in seconds.

Values

5 to 604800

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vpls>pbb>backbone-vpls stp)

Full Context

configure service vpls pbb backbone-vpls stp

Description

This command enables or disable STP through B-VPLS service.

Platforms

All

Context

[Tree] (config>service>vpls>pbb>bvpls stp)

Full Context

configure service vpls pbb backbone-vpls stp

Description

This command enables STP on the backbone VPLS service.

The no form of this command disables STP on the backbone VPLS service.

Platforms

All

Context

[Tree] (config>service>template>vpls-sap-template stp)

[Tree] (config>service>vpls>spoke-sdp stp)

[Tree] (config>service>template>vpls-template stp)

[Tree] (config>service>vpls stp)

[Tree] (config>service>vpls>sap stp)

Full Context

configure service template vpls-sap-template stp

configure service vpls spoke-sdp stp

configure service template vpls-template stp

configure service vpls stp

configure service vpls sap stp

Description

Commands in this context configure the Spanning Tree Protocol (STP) parameters. Nokia’s STP is simply the Spanning Tree Protocol (STP) with a few modifications to better suit the operational characteristics of VPLS services. The most evident change is to the root bridge election. Since the core network operating between Nokia’s service routers should not be blocked, the root path is calculated from the core perspective.

Platforms

All

Context

[Tree] (debug>service>id stp)

Full Context

debug service id stp

Description

Commands in this context debug STP.

The no form of the command disables debugging.

Platforms

All

Context

[Tree] (config>service>pw-template stp)

Full Context

configure service pw-template stp

Description

Commands in this context configure the Spanning Tree Protocol (STP) parameters. The STP is simply the Spanning Tree Protocol (STP) with a few modifications to better suit the operational characteristics of VPLS services. The most evident change is to the root bridge election. Since the core network operating between service routers should not be blocked, the root path is calculated from the core perspective.

Platforms

All

Context

[Tree] (config>test-oam>sath>svc-test stream-run-type)

Full Context

configure test-oam service-activation-testhead service-test stream-run-type

Description

This command configures the execution sequence for service streams that are run during the specified service test.

The no form of this command removes the configured run type.

Default

stream-run-type parallel

Parameters

sequential

Keyword to run the streams consecutively.

parallel

Keyword to run the streams in parallel.

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS

Context

[Tree] (config>isa>video-group stream-selection)

Full Context

configure isa video-group stream-selection

Description

This command specifies whether or not stream selection is enabled on this video group.

The no form of the command disables stream-selection for the group.

Default

no stream-selection

Platforms

7450 ESS, 7750 SR, 7750 SR-s

Context

[Tree] (config>oam-pm streaming)

Full Context

configure oam-pm streaming

Description

This command specifies the context to configure the OAM-PM streaming template and its associated parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>system>snmp streaming)

Full Context

configure system snmp streaming

Description

This command enables the proprietary SNMP request/response bundling and TCP-based transport mechanism for optimizing network management of the router nodes. In higher latency networks, synchronizing router MIBs from network management via streaming takes less time than synchronizing via classic SNMP UDP requests. Streaming operates on TCP port 1491 and runs over IPv4 or IPv6.

Platforms

All

Context

[Tree] (config>app-assure>group>tcp-validate strict)

Full Context

configure application-assurance group tcp-validate strict

Description

This command specifies whether enforcement of TCP sequence and acknowledgment numbers is applied. If a packet does not meet the expected sequence or acknowledgment number, it is dropped.

This command should only be enabled if the expected bit error rate or packet loss is low. For example, if acknowledgments are lost before being detected by AA, the server timeouts are triggered and retransmissions occur. If strict is enabled, these retransmissions would resemble a reply attack and would be dropped by AA.

The no form of this command removes TCP sequence and acknowledgment number enforcement.

Default

no strict

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vprn>isis strict-adjacency-check)

Full Context

configure service vprn isis strict-adjacency-check

Description

This command enables strict checking of address families (IPv4 and IPv6) for IS-IS adjacencies. When enabled, adjacencies do not come up unless both routers have exactly the same address families configured. If there is an existing adjacency with unmatched address families, it is torn down.

This command is used to prevent black-holing traffic when IPv4 and IPv6 topologies are different. When disabled (no strict-adjacency-check) a BFD session failure for either IPv4 or IPv6 will cause the routes for the other address family to be removed as well.

When disabled (no strict-adjacency-check), both routers only need to have one common address family to establish the adjacency.

Default

no strict-adjacency-check

Platforms

All

Context

[Tree] (config>router>isis strict-adjacency-check)

Full Context

configure router isis strict-adjacency-check

Description

This command enables strict checking of address families (IPv4 and IPv6) for IS-IS adjacencies. When enabled, adjacencies will not come up unless both routers have exactly the same address families configured. If there is an existing adjacency with unmatched address families, it will be torn down. This command is used to prevent black-holing traffic when IPv4 and IPv6 topologies are different. When disabled (no strict-adjacency-check) a BFD session failure for either IPv4 or Ipv6 will cause the routes for the other address family to be removed as well.

When disabled (no strict-adjacency-check), both routers only need to have one common address family to establish the adjacency.

Platforms

All

Context

[Tree] (config>router>mpls strict-ero-nhop-direct-resolution)

Full Context

configure router mpls strict-ero-nhop-direct-resolution

Description

This command enables the strict Explicit Route Object (ERO) next-hop direct resolution. The feature restricts the routes used to resolve the next hop of an ERO address to local and host routes. This command avoids using a next hop over a parallel link when a half link is up in the routing table.

When enabled, this command applies to an ERO when all of the following conditions are met:

• the ERO next hop is an IPv4 address

• the ERO object is a strict hop

• the IPv4 address matches the primary subnet of a local numbered interface

An ERO that meets the preceding conditions restricts resolution of the next hop to a LOCAL or a HOST route. If no such route exists, RSVP rejects the PATH message with ErrCode = Routing Error (24) and SubErrCode = Bad Strict Node (2).

The no form of this command disables the strict ERO next-hop direct resolution.

Default

no strict-ero-nhop-direct-resolution

Platforms

All

Context

[Tree] (config>isa>tunnel-grp strict-esp-seq-number-ordering)

Full Context

configure isa tunnel-group strict-esp-seq-number-ordering

Description

This command configures the router to use strict ESP sequence number ordering.

When ESP sequence number ordering is enabled, the outbound ESP sequence number of a CHILD_SA must be in the same order as when clear packets are received by the same CHILD_SA.

The no form of this command disables strict ESP sequence number ordering.

Default

no strict-esp-seq-number-ordering

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s

Context

[Tree] (config>service>vprn>ospf>graceful-restart strict-lsa-checking)

[Tree] (config>service>vprn>ospf3>graceful-restart strict-lsa-checking)

Full Context

configure service vprn ospf graceful-restart strict-lsa-checking

configure service vprn ospf3 graceful-restart strict-lsa-checking

Description

This command indicates whether an OSPF restart helper should terminate graceful restart when there is a change to an LSA that would be flooded to the restarting router during the restart process.

The default OSPF behavior is to terminate a graceful restart if an LSA changes, which causes the OSPF neighbor to go down.

The no strict-lsa-checking command disables strict LSA checking.

Default

strict-lsa-checking

Platforms

All

Context

[Tree] (config>router>ospf3>graceful-restart strict-lsa-checking)

[Tree] (config>router>ospf>graceful-restart strict-lsa-checking)

Full Context

configure router ospf3 graceful-restart strict-lsa-checking

configure router ospf graceful-restart strict-lsa-checking

Description

This command indicates whether an OSPF restart helper should terminate graceful restart when there is a change to an LSA that would be flooded to the restarting router during the restart process.

The default OSPF behavior is to terminate a graceful restart if an LSA changes, which causes the OSPF neighbor to go down.

The no form of this command disables strict LSA checking.

Default

strict-lsa-checking

Platforms

All

Context

[Tree] (config>service>upnp>upnp-policy strict-mode)

Full Context

configure service upnp upnp-policy strict-mode

Description

This command enable UPnP strict mode. With strict-mode, system only allows changes to existing UPnP mapping if the request comes from same UPnP client.

Default

no strict-mode

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host>host-ident string)

Full Context

configure subscriber-mgmt local-user-db ipoe host host-identification string

Description

This command specifies the string from the Nokia vendor-specific sub-option (VSO) in Option 82 to match when the LUDB is accessed using a DHCPv4 server.

The no form of this command removes the host identification string from the configuration.

Parameters

string

Specifies the VSO string of this host, up to 255 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vpls>sap>dhcp>option>vendor string)

[Tree] (config>service>vprn>if>dhcp>option>vendor string)

[Tree] (config>service>ies>sub-if>grp-if>dhcp>option>vendor string)

[Tree] (config>subscr-mgmt>msap-policy>vpls-only>dhcp>option>vendor string)

[Tree] (config>service>vprn>sub-if>grp-if>dhcp>option>vendor string)

Full Context

configure service vpls sap dhcp option vendor-specific-option string

configure service vprn interface dhcp option vendor-specific-option string

configure service ies subscriber-interface group-interface dhcp option vendor-specific-option string

configure subscriber-mgmt msap-policy vpls-only-sap-parameters dhcp option vendor-specific-option string

configure service vprn subscriber-interface group-interface dhcp option vendor-specific-option string

Description

This command specifies the string in the Nokia vendor-specific sub-option of the DHCP relay packet.

The no form of this command reverts to the default.

Parameters

text

Specifies a string that can be any combination of ASCII characters, up to 32 characters. If spaces are used in the string, enclose the entire string in quotation marks (" ").

Platforms

All

• configure service vprn interface dhcp option vendor-specific-option string
• configure service vpls sap dhcp option vendor-specific-option string

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

• configure service vprn subscriber-interface group-interface dhcp option vendor-specific-option string
• configure service ies subscriber-interface group-interface dhcp option vendor-specific-option string
• configure subscriber-mgmt msap-policy vpls-only-sap-parameters dhcp option vendor-specific-option string

Context

[Tree] (config>router>if>dhcp>option>vendor-specific-option string)

Full Context

configure router interface dhcp option vendor-specific-option string

Description

This command specifies the vendor-specific sub-option string of the DHCP relay packet.

The no form of this command returns the default value.

Default

no string

Parameters

text

Specifies a string that can be any combination of ASCII characters, up to 32 characters in length. If spaces are used in the string, enclose the entire string in quotation marks (" ”).

Platforms

All

Context

[Tree] (config>subscr-mgmt>sub-ident-pol strings-from-option)

Full Context

configure subscriber-mgmt sub-ident-policy strings-from-option

Description

This command enables DHCPv4 option processing on DHCP ACK for subscriber host identification.

The parameter dhcp-option-number specifies the DHCPv4 option number containing subscriber host identification strings such as subscriber ID, sub-profile, sla-profile strings, and so on. The identification strings can be inserted by an SR OS based DHCPv4 server via a local user database lookup.

Applicable to DHCPv4 hosts and PPP hosts that use the internal DHCP client to get an IPv4 address from an SR OS based DHCPv4 server.

The no form of this command reverts to the default.

Default

no strings-from-option

Parameters

dhcp-option-number

Specifies the DHCPv4 option number containing subscriber host identification strings.

Values

1 to 254

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>router>if strip-label)

Full Context

configure router interface strip-label

Description

This command forces packets to be stripped of all (max 5) MPLS labels before the packets are handed over for possible filter (PBR) processing.

If the packets do not have an IP header immediately following the MPLS label stack after the strip, they are discarded. Only MPLS encapsulated IP, IGP shortcuts and VPRN over MPLS packets will be processed. However, IPv4 and IPv6 packets that arrive without any labels are supported on an interface with strip-label enabled.

This command operates in promiscuous mode. This means that the router does not filter on the destination MAC address of the Ethernet frames. In some network designs, multiple ports may be tapped and combined into interface toward the router. Promiscuous mode allows all of these flows to be processed without requiring the destination MAC address to be updated to match the router address.

This command is supported on:

• Optical ports for the 7750 SR and 7450 ESS

• Null/Dot1q encaps

• Network ports

• IPv4

• IPv6

In order to associate an interface that is configured with the strip-label parameter with a port, the port must be configured as single-fiber for the command to be valid.

Packets that are subject to the strip-label action and are mirrored (using mirrors or lawful interception) will contain the original MPLS labels (and other L2 encapsulation) in the mirrored copy of the packet, as they appeared on the wire, when the mirror-dest type is the default type "ether”. If the mirror-dest type is "ip-only”, then the mirrored copy of the packet will not contain the original L2 encapsulation or the stripped MPLS labels.

The no form of this command removes the strip-label command.

Default

no strip-label

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>router>bgp>group>srv6>route>fam strip-srv6-tlvs)

[Tree] (config>router>bgp>group>neighbor>srv6>route>family strip-srv6-tlvs)

Full Context

configure router bgp group segment-routing-v6 route-advertisement family strip-srv6-tlvs

configure router bgp group neighbor segment-routing-v6 route-advertisement family strip-srv6-tlvs

Description

This command specifies that BGP routes that belong to the address family configured in the family command are advertised to peers with SRv6 TLVs removed. Locally or remotely added SRv6 TLVs can be removed.

The no form of this command configures the router not to strip SRv6 TLVs from the BGP routes advertised to peers.

Default

no strip-srv6-tlvs

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

Context

[Tree] (config>service>vprn>ospf>area stub)

[Tree] (config>service>vprn>ospf3>area stub)

Full Context

configure service vprn ospf area stub

configure service vprn ospf3 area stub

Description

This command enables access to the context to configure an OSPF stub area and adds/removes the stub designation from the area. External routing information is not flooded into stub areas. All routers in the stub area must be configured with the stub command. An OSPF area cannot be both an NSSA and a stub area. Existing virtual links of a non STUB or NSSA area will be removed when its designation is changed to NSSA or STUB.

By default, an area is not a stub area.

The no form of this command removes the stub designation and configuration context from the area.

Default

no stub — The area is not configured as a stub area.

Platforms

All

Context

[Tree] (config>router>ospf>area stub)

[Tree] (config>router>ospf3>area stub)

Full Context

configure router ospf area stub

configure router ospf3 area stub

Description

This command enables access to the context to configure an OSPF or OSPF3 stub area and adds/removes the stub designation from the area.

External routing information is not flooded into stub areas. All routers in the stub area must be configured with the stub command. An OSPF or OSPF3 area cannot be both an NSSA and a stub area.

Existing virtual links of a non STUB or NSSA area will be removed when its designation is changed to NSSA or STUB.

By default, an area is not a stub area.

The no form of this command removes the stub designation and configuration context from the area.

Default

no stub

Platforms

All

Context

[Tree] (config>service>vprn>mvpn>provider-tunnel>selective>bier sub-domain)

[Tree] (config>service>vprn>mvpn>provider-tunnel>inclusive>bier sub-domain)

Full Context

configure service vprn mvpn provider-tunnel selective bier sub-domain

configure service vprn mvpn provider-tunnel inclusive bier sub-domain

Description

This command sets the sub-domain used to attach the BIER provider tunnel. Both PMSI within the MVPN need to have the same sub-domain.

The no form of this command removes the sub-domain.

Parameters

sub-domain

The identifier of the sub-domain.

Values

0 to 255

Platforms

All

Context

[Tree] (config>router>bier>template sub-domain)

Full Context

configure router bier template sub-domain

Description

This command creates a BIER sub-domain or range of sub-domains. For example, for IS-IS each sub-domain is associated with a single IS-IS topology, which may be any of the topologies supported by IS-IS.

The no form of this command removes a sub-domain.

Default

sub-domain 0

Parameters

sub-domain

The ID of the sub-domain to be created or removed.

Values

0 to 255

Platforms

All

Context

[Tree] (config>redundancy>multi-chassis>peer>sync sub-host-trk)

Full Context

configure redundancy multi-chassis peer sync sub-host-trk

Description

This command specifies whether subscriber host tracking information should be synchronized with the multi-chassis peer.

Default

no sub-host-trk

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vprn>igmp>grp-if sub-hosts-only)

Full Context

configure service vprn igmp group-interface sub-hosts-only

Description

This command enables the IGMP traffic from known hosts only.

The no form of this command disable the IGMP traffic from known hosts only

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>router>igmp>group-interface sub-hosts-only)

Full Context

configure router igmp group-interface sub-hosts-only

Description

This command disables the processing of IGMP messages outside of the subscriber-host context. No other hosts outside of the subscriber-hosts can create IGMP states.

Disabling this command allows the creation of the IGMP states that correspond to the AN that operate in IGMP proxy mode. In this mode, the AN will hide source IP addresses of IGMP messages and will source IGMP messages with its own IP address. In this case, an IGMP state can be created under the sap context. This IGMP state creation under the SAP is controlled via the import policy under the group-interface.

The IGMP state processing for regular subscriber-hosts is unaffected by this command.

The no form of the command disables the command.

Default

sub-hosts-only

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>router>mld>group-interface sub-hosts-only)

Full Context

configure router mld group-interface sub-hosts-only

Description

This command processes the handling of MLD joins received from hosts that are not known in subscriber management or on which no MLD policy is applied.

Disabling this command allows the creation of the MLD states that correspond to the AN that operate in MLD proxy mode. In this mode, the AN will hide source IP addresses of MLD messages and will source MLD messages with its own IP address. In this case, an MLD state can be created under the sap context. This MLD state creation under the SAP is controlled via the import policy under the group-interface.

The MLD state processing for regular subscriber-hosts is unaffected by this command.

The no form of the command enables the command.

Default

sub-hosts-only

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>nat>syslog>syslog-export-policy>include sub-id)

Full Context

configure service nat syslog syslog-export-policy include sub-id

Description

This command includes the sub-id string in the flow log. The sub-id is applicable only in subscriber-aware NAT. If subscriber-aware NAT is not enabled, the sub-id string is set to '-'.

The no form of the command disables the feature.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt sub-ident-policy)

Full Context

configure subscriber-mgmt sub-ident-policy

Description

This command configures a subscriber identification policy. Each subscriber identification policy can have a default subscriber profile defined. The subscriber identification policy default subscriber profile overrides the system default and the subscriber SAP default subscriber profiles. Defining a subscriber identification policy default subscriber profile is optional.

The subscriber identification policy default subscriber profile cannot be defined with the subscriber profile name default.

Defining a subscriber profile as a subscriber identification policy default subscriber profile will cause all active subscribers currently associated with a subscriber SAP using the policy and associated with a subscriber policy through the system default or subscriber SAP default subscriber profiles to be reassigned to the subscriber policy defined as default on the subscriber identification policy.

Attempting to delete a subscriber profile that is currently defined as a default for a subscriber identification policy will fail.

When attempting to remove a subscriber identification policy default subscriber profile definition, the system will evaluate each active subscriber on all subscriber SAPs the subscriber identification policy is currently associated with that are using the default definition to determine whether the active subscriber can be either reassigned to a subscriber SAP default or the system default subscriber profile. If all active subscribers cannot be reassigned, the removal attempt will fail.

The no form of this command reverts to the default.

Parameters

sub-ident-policy-name

Specifies the name of the subscriber identification policy, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vprn>sub-if>grp-if>sap>sub-sla-mgmt sub-ident-policy)

[Tree] (config>service>ies>sub-if>grp-if>sap>sub-sla-mgmt sub-ident-policy)

[Tree] (config>service>vpls>sap>sub-sla-mgmt sub-ident-policy)

[Tree] (config>subscr-mgmt>msap-policy>sub-sla-mgmt sub-ident-policy)

[Tree] (config>service>ies>sub-if>grp-if>sap-parameters>sub-sla-mgmt sub-ident-policy)

[Tree] (config>service>vprn>sub-if>grp-if>sap-parameters>sub-sla-mgmt sub-ident-policy)

Full Context

configure service vprn subscriber-interface group-interface sap sub-sla-mgmt sub-ident-policy

configure service ies subscriber-interface group-interface sap sub-sla-mgmt sub-ident-policy

configure service vpls sap sub-sla-mgmt sub-ident-policy

configure subscriber-mgmt msap-policy sub-sla-mgmt sub-ident-policy

configure service ies subscriber-interface group-interface sap-parameters sub-sla-mgmt sub-ident-policy

configure service vprn subscriber-interface group-interface sap-parameters sub-sla-mgmt sub-ident-policy

Description

This command associates a subscriber identification policy to this SAP. The subscriber identification policy must be defined prior to associating the profile with a SAP in the config>subscr-mgmt>sub-ident-policy context.

Subscribers are managed by the system through the use of subscriber identification strings such as a subscriber identifier, an sla-profile string, a sub-profile string and an app-profile string.

The subscriber identification policy performs following functions for subscriber hosts and sessions associated with the SAP or MSAP:

• mapping of sla-profile, sub-profile and app-profile strings obtained from authentication (for example, LUDB, RADIUS, Diameter, or Python) into profile names that are configured on the router

• for IPoE DHCPv4 hosts, the subscriber identification strings can be derived from the DHCP ACK message sent to the subscriber host using a Python script referenced in the sub-ident-policy

• for PPPoE hosts that get an IPv4 address via the PPPoE DHCPv4 client and for IPoE DHCPv4 hosts, an SR OS DHCPv4 server in combination with an LUDB returns the identification strings in a DHCPv4 option. The strings-from-option command in the sub-ident-policy tells the system from which option to extract the identification strings.

The no form of this command removes the default subscriber identification policy from the SAP configuration.

Parameters

sub-ident-policy-name

Specifies a subscriber identification policy for this SAP.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

• configure service ies subscriber-interface group-interface sap sub-sla-mgmt sub-ident-policy
• configure service vprn subscriber-interface group-interface sap sub-sla-mgmt sub-ident-policy
• configure subscriber-mgmt msap-policy sub-sla-mgmt sub-ident-policy
• configure service vpls sap sub-sla-mgmt sub-ident-policy

7750 SR, 7750 SR-e, 7750 SR-s, VSR

• configure service vprn subscriber-interface group-interface sap-parameters sub-sla-mgmt sub-ident-policy
• configure service ies subscriber-interface group-interface sap-parameters sub-sla-mgmt sub-ident-policy

Context

[Tree] (debug>subscr-mgmt sub-ident-policy)

Full Context

debug subscriber-mgmt sub-ident-policy

Description

This command debugs subscriber identification policies.

The no form of this command disables debugging.

Parameters

policy-name

Specifies the subscriber identification policy to debug.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>app-assure>group>transit-ip-policy sub-ident-policy)

Full Context

configure application-assurance group transit-ip-policy sub-ident-policy

Description

This command associates a subscriber identification policy to this SAP. The subscriber identification policy must be defined prior to associating the profile with a SAP in the config>subscribermgmt>sub-ident-policy context.

Subscribers are managed by the system through the use of subscriber identification strings. A subscriber identification string uniquely identifies a subscriber. For static hosts, the subscriber identification string is explicitly defined with each static subscriber host.

For dynamic hosts, the subscriber identification string must be derived from the DHCP ACK message sent to the subscriber host. The default value for the string is the content of Option 82 CIRCUIT-ID and REMOTE-ID fields interpreted as an octet string. As an option, the DHCP ACK message may be processed by a subscriber identification policy which has the capability to parse the message into an alternative ASCII or octet string value.

When multiple hosts on the same port are associated with the same subscriber identification string they are considered to be host members of the same subscriber.

A sub-ident-policy can also be used for identifying dynamic transit subscriber names.

The no form of this command removes the default subscriber identification policy from the SAP configuration.

Default

no sub-ident-policy

Parameters

sub-ident-policy-name

Specifies the subscriber identification policy name, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>filter>ipv6-filter sub-insert-credit-control)

[Tree] (config>filter>ip-filter sub-insert-credit-control)

Full Context

configure filter ipv6-filter sub-insert-credit-control

configure filter ip-filter sub-insert-credit-control

Description

This command inserts point information for credit control for the filter.

The no form of the command reverts to the default.

Default

no sub-insert-credit-control

Parameters

entry-id

Identifies a filter on this system.

Values

1 to 2097151

count

Specifies the count

Values

1 to 65535

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>filter>ipv6-filter sub-insert-radius)

[Tree] (config>filter>ip-filter sub-insert-radius)

Full Context

configure filter ipv6-filter sub-insert-radius

configure filter ip-filter sub-insert-radius

Description

This command inserts point information for RADIUS for the filter.

The no form of the command reverts to the default.

Default

no sub-insert-radius

Parameters

entry-id

Specifies at what place the filter entries received from RADIUS will be inserted in the filter.

Values

1 to 2097151

count

Specifies the count.

Values

1 to 65535

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>qos>sap-ingress sub-insert-shared-pccrule)

[Tree] (config>qos>sap-egress sub-insert-shared-pccrule)

Full Context

configure qos sap-ingress sub-insert-shared-pccrule

configure qos sap-egress sub-insert-shared-pccrule

Description

This command defines the range of filter and QoS policy entries that are reserved for shared entries received in Flow-Information AVP via Gx interface (PCC rules – Policy and Charging Control).

The no form of this command disables the insertion, which will result in a failure of PCC rule installation.

Default

no sub-insert-shared-pccrule

Parameters

entry-id

Specifies the lowest entry in the range.

Values

1 to 65535

count

Specifies the number of entries in the range.

Values

1 to 65535

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>filter>ipv6-filter sub-insert-shared-pccrule)

[Tree] (config>filter>ip-filter sub-insert-shared-pccrule)

Full Context

configure filter ipv6-filter sub-insert-shared-pccrule

configure filter ip-filter sub-insert-shared-pccrule

Description

This command defines the range of filter and QoS policy entries that are reserved for shared entries received in Flow-Information AVP via Gx interface (PCC rules – Policy and Charging Control). The no form of this command disables the insertion, which will result in a failure of PCC rule installation.

Default

no sub-insert-shared-pccrule

Parameters

entry-id

Specifies the lowest entry in the range.

Values

1 to 2097151

count

Specifies the number of entries in the range.

Values

1 to 65535

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>filter>ip-filter sub-insert-shared-radius)

[Tree] (config>filter>ipv6-filter sub-insert-shared-radius)

Full Context

configure filter ip-filter sub-insert-shared-radius

configure filter ipv6-filter sub-insert-shared-radius

Description

This command configures the insert point for shared host rules from RADIUS.

Default

no sub-insert-shared-radius

Parameters

entry-id

Identifies a filter on this system.

Values

1 to 2097151

count

Specifies the count.

Values

1 to 65535

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>filter>ipv6-filter sub-insert-wmark)

[Tree] (config>filter>ip-filter sub-insert-wmark)

Full Context

configure filter ipv6-filter sub-insert-wmark

configure filter ip-filter sub-insert-wmark

Description

This command configures the low and high watermark percentage for inserted filter entry usage reporting.

The no form of the command reverts to the default.

Default

sub-insert-wmark low 90 high 95

Parameters

low-watermark

Specifies the utilization of the filter ranges for filter entry insertion, at which a table full alarm will be cleared by the agent.

Values

0 to 100

high-watermark

Specifies the utilization of the filter ranges for filter entry insertion, at which a table full alarm will be raised by the agent.

Values

0 to 100

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt sub-mcac-policy)

Full Context

configure subscriber-mgmt sub-mcac-policy

Description

This command creates a policy template with MCAC bandwidth limits that are applied to the subscriber.

Per interface mcac bandwidth limits are set directly under the interface (regular interface or group-interface) and no such policy templates are needed.

The need for a separate policy template for subscribers is due to the fact that groups of subscribers under the same group-interface can share certain settings that can be configured via this template.

To summarize, the MCAC bandwidth constraints for subscribers are defined in the sub-mcac-policy while the mcac bandwidth constraints for the interface are configured directly under the igmp>interface>mcac or igmp>grp-if>mcac context without the need for policy templates.

In case of HQoS Adjustment, it is mandatory that the sub-mcac-policy be created and applied to the subscriber. The sub-mac-policy does not have to contain any bandwidth constrains, but it has to be in a no shutdown state in order for HQoS Adjustment to work.

The no form of this command reverts to the default.

Parameters

policy-name

Specifies the name of the policy up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s

Context

[Tree] (config>subscr-mgmt>sub-prof sub-mcac-policy)

Full Context

configure subscriber-mgmt sub-profile sub-mcac-policy

Description

This command references the policy template in which the mcac bandwidth limits are defined. Mcac for the subscriber is effectively enabled with this command when the sub-profile is applied to the subscriber. The bandwidth of the channels is defined in a different policy (under the config>router>mcac context) and this policy is applied on the interface level as follows:

• For group-interfaces under the config>service>vprn>igmp>grp-if>mcac context

• For regular interfaces under the config>service/router>igmp>interface>mcac context

In case of HQoS Adjustment, it is mandatory that the sub-mcac-policy be created and applied to the subscriber. The sub-mac-policy does not have to contain any bandwidth constrains, but it has to be in a no shutdown state in order for HQoS Adjustment to work.

The no form of this command removes the policy from the configuration.

Parameters

policy-name

Specifies the policy name configured in the config>subscr-mgmt>sub-mcac-policy context.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s

Context

[Tree] (config>redundancy>multi-chassis>options sub-mgmt)

Full Context

configure redundancy multi-chassis options sub-mgmt

Description

This command enables the CLI context to configure subscriber management multi-chassis options parameters.

Default

sub-mgmt

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>fwd-path-ext>fpe sub-mgmt-extensions)

Full Context

configure fwd-path-ext fpe sub-mgmt-extensions

Description

This command configures FPE for subscriber management extensions. The FPE cannot be used for other applications but can be used for multiple subscriber management applications.

The no version of this command disables FPE for subscriber management extensions.

Default

no sub-mgmt-extensions

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>port>ethernet>dot1x>macsec sub-port)

Full Context

configure port ethernet dot1x macsec sub-port

Description

This command creates a MACsec instance on a physical port, targeting the specific subset of traffic defined by the encap-match command.

The no form of this command removes the MACsec instance.

Parameters

port-id

Specifies the sub-port id index.

Values

1 to 1023

create

Creates a new sub-port.

Platforms

All

Context

[Tree] (config>subscr-mgmt>acct-plcy>include-radius-attribute sub-profile)

Full Context

configure subscriber-mgmt radius-accounting-policy include-radius-attribute sub-profile

Description

This command specifies that subscriber profile attributes should be included into RADIUS accounting messages.

The no form of this command excludes subscriber profile attributes into RADIUS accounting messages.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vprn>sub-if>grp-if>sap>static-host sub-profile)

[Tree] (config>service>vprn>if>sap>static-host sub-profile)

[Tree] (config>service>ies>if>sap>static-host sub-profile)

[Tree] (config>service>vpls>sap>static-host sub-profile)

[Tree] (config>service>ies>sub-if>grp-if>sap>static-host sub-profile)

Full Context

configure service vprn subscriber-interface group-interface sap static-host sub-profile

configure service vprn interface sap static-host sub-profile

configure service ies interface sap static-host sub-profile

configure service vpls sap static-host sub-profile

configure service ies subscriber-interface group-interface sap static-host sub-profile

Description

This command specifies an existing subscriber profile name to be associated with the static subscriber host.

The no form of this command reverts to the default.

Parameters

sub-profile-name

Specifies the sub-profile name.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt sub-profile)

Full Context

configure subscriber-mgmt sub-profile

Description

Commands in this context configure a subscriber profile. A subscriber profile is a template used to define the aggregate QoS for all hosts within a subscriber context. This is done through the definition of the egress and ingress scheduler policies that govern the aggregate SLA for subscribers using the subscriber profile. Subscriber profiles also allow for specific SLA profile definitions when the default definitions from the subscriber identification policy must be overridden.

Subscribers are either explicitly mapped to a subscriber profile template or are dynamically associated by one of various non-provisioned subscriber profile definitions.

A subscriber host can be associated with a subscriber profile in the following ways, listed from lowest to highest precedence:

1. The subscriber profile named default.

2. The subscriber profile defined as the subscriber SAP default.

3. The subscriber profile found by the subscriber identification policy sub-profile-map.

4. The subscriber profile found by the subscriber identification policy explicit map.

In the event that no defaults are defined and the subscriber identification string is not explicitly provisioned to map to a subscriber profile, either the static subscriber host creation will fail or the dynamic subscriber host DHCP ACK is discarded.

Default Subscriber profile:

When a subscriber profile is created with the subscriber-profile-name default, it is used when no other subscriber profile is associated with the subscriber host by the system. Creating a subscriber profile with the subscriber-profile-name default is optional. If a default subscriber profile is not created, all subscriber hosts subscriber identification strings must match either a non-provisioned default or be provisioned as an explicit match to a subscriber profile.

The default profile has no effect on existing active subscriber on the system as they exist due to higher precedence mappings.

Attempting to delete any subscriber profile (including the profile named default) while in use by existing active subscribers will fail.

The no form of this command reverts to the default.

Parameters

subscriber-profile-name

Specifies the name of the subscriber profile, up to 32 characters.

create

Keyword used to create the subscriber profile.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>sub-ident-pol sub-profile-map)

Full Context

configure subscriber-mgmt sub-ident-policy sub-profile-map

Description

Commands in this context configure subscriber profile mapping parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>loc-user-db>ppp>host>ident-strings sub-profile-string)

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host>ident-strings sub-profile-string)

Full Context

configure subscriber-mgmt local-user-db ppp host identification-strings sub-profile-string

configure subscriber-mgmt local-user-db ipoe host identification-strings sub-profile-string

Description

This command specifies the subscriber profile string which is encoded in the identification strings.

The no form of this command returns to the default.

Parameters

sub-profile-string

Specifies the subscriber profile string, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>vrgw>brg>brg-profile sub-profile-string)

Full Context

configure subscriber-mgmt vrgw brg brg-profile sub-profile-string

Description

This string will be used as a default for subscriber-profile lookup. This string can be overridden during BRG or host authentication. The no form of the command removes the string from the configuration.

Default

no sub-profile-string

Parameters

string

Specifies the string used to look up the subscriber profile.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>eth-ring sub-ring)

Full Context

configure eth-ring sub-ring

Description

This command specifies this ring-id to be sub-ring as defined in G.80312. By declaring this ring as a sub-ring object, this ring will only have one valid path and the sub-ring will be connected to a major ring or a VPLS instance.

The virtual-link keyword declares that a sub-ring is connected to another ring and control messages can be sent over the attached ring to the other side of the sub-ring.

The non-virtual-link channel parameter declares that a sub-ring may be connected to another ring or to a VPLS instance but no control messages from the sub-ring use the attached ring or VPLS instance. The non-virtual channel behavior is standard G.8032 capability.

The no form of this command deletes the sub-ring and its virtual channel associations.

Default

no sub-ring

Parameters

virtual-link

Specifies that the interconnection is to a ring and a virtual link will be used.

non-virtual-link

Specifies that the interconnection is to a ring or a VPLS instance and a virtual link will not be used.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>service>ies>sub-if>grp-if>sap sub-sla-mgmt)

[Tree] (config>service>vprn>sub-if>grp-if>sap sub-sla-mgmt)

[Tree] (config>subscr-mgmt>msap-policy sub-sla-mgmt)

[Tree] (config>service>vpls>sap sub-sla-mgmt)

[Tree] (config>service>ies>if>sap sub-sla-mgmt)

[Tree] (config>service>vprn>if>sap sub-sla-mgmt)

Full Context

configure service ies subscriber-interface group-interface sap sub-sla-mgmt

configure service vprn subscriber-interface group-interface sap sub-sla-mgmt

configure subscriber-mgmt msap-policy sub-sla-mgmt

configure service vpls sap sub-sla-mgmt

configure service ies interface sap sub-sla-mgmt

configure service vprn interface sap sub-sla-mgmt

Description

Commands in this context configure subscriber management parameters for this SAP.

The no form of this command reverts to the default.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

• configure service vpls sap sub-sla-mgmt
• configure service ies subscriber-interface group-interface sap sub-sla-mgmt
• configure subscriber-mgmt msap-policy sub-sla-mgmt
• configure service vprn subscriber-interface group-interface sap sub-sla-mgmt

All

• configure service vprn interface sap sub-sla-mgmt
• configure service ies interface sap sub-sla-mgmt

Context

[Tree] (config>service>ies>sub-if>grp-if>sap-parameters sub-sla-mgmt)

[Tree] (config>service>vprn>sub-if>grp-if>sap-parameters sub-sla-mgmt)

Full Context

configure service ies subscriber-interface group-interface sap-parameters sub-sla-mgmt

configure service vprn subscriber-interface group-interface sap-parameters sub-sla-mgmt

Description

Commands in this context configure subscriber management parameters.

The no form of this command removes the parameters from the configuration.

Default

sub-sla-mgmt

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>router>if>extref>oc subinterface)

[Tree] (config>svc>vprn>if>extref>oc subinterface)

Full Context

configure router interface external-reference openconfig subinterface

configure service vprn interface external-reference openconfig subinterface

Description

This command configures the subinterface ID used to map a Nokia vendor-specific configuration and the OpenConfig state.

This command configures the ability to query the OpenConfig state through NETCONF, gRPC, and the MD-CLI from any configuration mode without having to add any OpenConfig model configuration. As part of the configuration, a user must also add a port to the Layer 3 interface.

The no form of this command reverts to the default.

Default

no subinterface

Parameters

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>service>vprn>log>filter>entry>match subject)

Full Context

configure service vprn log filter entry match subject

Description

This command adds an event subject as a match criterion.

The subject is the entity for which the event is reported, such as a port. In this case the port-id string would be the subject. Only one subject command can be entered per event filter entry. The latest subject command overwrites the previous command.

The no form of this command removes the subject match criterion.

Default

no subject

Parameters

eq | neq

This operator specifies the type of match. Valid operators are listed below.

Values

Table 1. Valid Operators

Operator	Notes
eq	equal to
neq	not equal to

subject

A string used as the subject match criterion.

regexp

Specifies the type of string comparison to use to determine if the log event matches the value of subject command parameters. When the regexp keyword is specified, the string in the subject command is a regular expression string that will be matched against the subject string in the log event being filtered.

When regexp keyword is not specified, the subject command string is matched exactly by the event filter.

Platforms

All

Context

[Tree] (config>log>filter>entry>match subject)

Full Context

configure log filter entry match subject

Description

This command adds an event subject as a match criterion.

The subject is the entity for which the event is reported, such as a port. In this case the port-id string would be the subject. Only one subject command can be entered per event filter entry. The latest subject command overwrites the previous command.

The no form of this command removes the subject match criterion.

Parameters

eq | neq

Specifies the match type. Valid operators are listed in Valid Operators.

Table 2. Valid Operators

Operator	Notes
eq	equal to
neg	not equal to

subject

Specifies a string up to 32 characters, used as the subject match criterion.

regexp

Specifies the type of string comparison to use to determine if the log event matches the value of subject command parameters. When the regexp keyword is specified, the string in the subject command is a regular expression string that will be matched against the subject string in the log event being filtered. When the regexp keyword is not specified, the subject command string is matched exactly by the event filter.

Platforms

All

Context

[Tree] (config>service>vprn>dhcp>server>pool subnet)

[Tree] (config>router>dhcp>server>pool subnet)

Full Context

configure service vprn dhcp local-dhcp-server pool subnet

configure router dhcp local-dhcp-server pool subnet

Description

This command creates a subnet of IP addresses to be served from the pool. The subnet cannot include any addresses that were assigned to subscribers without those addresses specifically excluded. When the subnet is created, no IP addresses are made available until a range is defined.

The no form of the removes the subnet parameters from the configuration.

Parameters

ip-prefix/mask

Specifies the address prefix and mask. A mask of 255.255.255.255 is reserved for system IP addresses.

Values

ip-prefix: a.b.c.d

mask: 8 to 32

netmask

Specifies a string of 0s and 1s that mask or screen out the network part of an IP address so that only the host computer part of the address remains.

Values

a.b.c.d, any mask expressed as dotted quad

create

Keyword used to create the subnet. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vprn>igmp>grp-if subnet-check)

[Tree] (config>service>vprn>igmp>if subnet-check)

Full Context

configure service vprn igmp group-interface subnet-check

configure service vprn igmp interface subnet-check

Description

This command enables subnet checking for IGMP messages received on this interface. All IGMP packets with a source address that is not in the local subnet are dropped.

The no form of this command disables local subnet checking for IGMP.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

• configure service vprn igmp group-interface subnet-check

All

• configure service vprn igmp interface subnet-check

Context

[Tree] (config>router>igmp>if subnet-check)

[Tree] (config>router>igmp>group-interface subnet-check)

Full Context

configure router igmp interface subnet-check

configure router igmp group-interface subnet-check

Description

This command enables subnet checking for IGMP messages received on this interface. All IGMP packets with a source address that is not in the local subnet are dropped.

Default

subnet-check

Platforms

All

• configure router igmp interface subnet-check

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

• configure router igmp group-interface subnet-check

Context

[Tree] (config>router>mld>group-interface subnet-check)

Full Context

configure router mld group-interface subnet-check

Description

This command enables subnet checking for MLD messages received on this interface. All MLD packets with a source address that is not in the local subnet are dropped.

Default

subnet-check

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>router>dhcp>server>pool>subnet>options subnet-mask)

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host>options subnet-mask)

Full Context

configure router dhcp local-dhcp-server pool subnet options subnet-mask

configure subscriber-mgmt local-user-db ipoe host options subnet-mask

Description

This command specifies the subnet-mask option to the client. The mask can either be defined (for supernetting) or taken from the pool address.

The no form of this command removes the address from the configuration.

Parameters

ip-address

Specifies the IP address of the subnet mask. This address must be unique within the subnet and specified in dotted decimal notation. Allowed values are IP addresses in the range 1.0.0.0 – 223.255.255.255 (with support of /31 subnets).

Values

a.b.c.d

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>port>tdm>ds3 subrate)

Full Context

configure port tdm ds3 subrate

Description

This command configures the channel service unit (CSU) compatibility mode to interoperate with existing DS-3 subrate standards.

This configuration applies only for non-channelized DS-3s on ASAP TDM MDAs.

The no form of this command remove the subrate functionality.

Default

no subrate

Parameters

digital-link

Enables the Digital-Link (Quick Eagle) CSU compatibility mode.

larscom

Enables the Larscom CSU compatibility mode.

rate-step

Specifies the subrate value for the associated DS-3.

Values

1 to 147 (digital-link) 1 to 14 (larscom)

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e

Context

[Tree] (config>service>vprn>sub-if>grp-if>sap>static-host subscriber)

[Tree] (config>service>vpls>sap>static-host subscriber)

[Tree] (config>service>vprn>if>sap>static-host subscriber)

[Tree] (config>service>ies>sub-if>grp-if>sap>static-host subscriber)

[Tree] (config>service>ies>if>sap>static-host subscriber)

Full Context

configure service vprn subscriber-interface group-interface sap static-host subscriber

configure service vpls sap static-host subscriber

configure service vprn interface sap static-host subscriber

configure service ies subscriber-interface group-interface sap static-host subscriber

configure service ies interface sap static-host subscriber

Description

This command specifies an existing subscriber identification profile to be associated with the static subscriber host.

Parameters

sub-ident

Specifies the subscriber identification.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>mirror>mirror-source subscriber)

Full Context

configure mirror mirror-source subscriber

Description

This command adds hosts of a subscriber to mirroring service.

Parameters

sub-ident-string

Specifies the name of the subscriber identification policy.

sap-id

Specifies the physical port identifier portion of the SAP definition.

ip-address

Specifies the service IP address (system IP address) of the remote device sending LI traffic. If 0.0.0.0 is specified, any remote router is allowed to send to this service.

Values

1.0.0.1 to 223.255.255.254

ieee-address

Specify this optional parameter when defining a static host. The MAC address must be specified for anti-spoof ip-mac and arp-populate. Multiple static hosts may be configured with the same MAC address given that each definition is distinguished by a unique IP address.

sla-profile-name

Each host of a subscriber can use a different sla-profile. This option allows interception of only the hosts using the specified sla-profile. In some deployments sla-profiles are assigned per type of traffic. There can be, for example, a specific sla-profile for voice traffic (which could be used for all SIP-hosts). The name can have up to 32 characters.

fc

Specifies the name of the forwarding class with which to associate traffic. The forwarding class name must already be defined within the system. If the fc-name does not exist, an error will be returned and the fc command will have no effect. If the fc-name does exist, the forwarding class associated with fc-name will override the default forwarding class.

Values

be, l2, af, l1, h2, ef, h1, nc

egress

Specifies that packets egressing the SAP should be mirrored. Egress packets are mirrored to the mirror destination after egress packet modification.

ingress

Specifies that packets ingressing the SAP should be mirrored. Ingress packets are mirrored to the mirror destination prior to ingress packet modification.

host-type

Specifies the host type for mirroring. The anti-spoof filter on the SAP must be configured as ip-mac.

Values

any, ipoe, ppp

family

Specifies the IP family for mirroring. The anti-spoof filter on the SAP must be configured as ip-mac.

Values

any, ipv4, ipv6

Platforms

All

Context

[Tree] (config>li>li-source subscriber)

Full Context

configure li li-source subscriber

Description

This command adds hosts of a subscriber to mirroring service.

Parameters

sub-ident-string

Specifies the name of the subscriber identification policy.

sap-id

Specifies the physical port identifier portion of the SAP definition.

ip-address

Specifies the service IP address (system IP address) of the remote device sending LI traffic. If 0.0.0.0 is specified, any remote router is allowed to send to this service.

Values

1.0.0.1 to 223.255.255.254

ieee-address

Specifies a MAC address when defining a static host. The MAC address must be specified for anti-spoof ip-mac and arp-populate. Multiple static hosts may be configured with the same MAC address given that each definition is distinguished by a unique IP address.

sla-profile-name

Specifies an SLA profile name, up to 32 characters. Each host of a subscriber can use a different sla-profile. This option allows interception of only the hosts using the specified sla-profile. In some deployments sla-profiles are assigned per type of traffic. There can be, for example, a specific sla-profile for voice traffic (which could be used for all SIP-hosts).

fc

The name of the forwarding class with which to associate LI traffic. The forwarding class name must already be defined within the system. If the fc-name does not exist, an error will be returned and the fc command will have no effect. If the fc-name does exist, the forwarding class associated with fc-name will override the default forwarding class.

Values

be, l2, af, l1, h2, ef, h1, nc

intercept-id

Specifies the intercept-id that is inserted into the packet header for all mirrored packets of the associated li-source entry. This intercept-id can be used (for example by a downstream LI Gateway) to identify the particular LI session to which the packet belongs.

For all types of li-source entries (filter, nat, sap, or subscriber), when the mirror service is configured with ip-udp-shim routable encap, an intercept-id field (as part of the routable encap) is always present in the mirrored packets. If there is no intercept-id configured for an li-source entry, then the default value will be inserted. When the mirror service is configured with ip-gre or ip-udp-shim-sampled routable encap, no intercept-id is inserted and none can be specified against the li-source entries.

Values

1 to 4294967295 (32b) For nat li-source entries that are using a mirror service that is not configured with routable encap

Values

1 to 1,073,741,824 (30b) For all types of li-source entries that are using a mirror service with routable ip-udp-shim encapsulation and no direction-bit.

Values

1 to 536,870,912 (29b) For all types of li-source entries that are using a mirror service with routable ip-udp-shim encapsulation and with the direction-bit enabled.

session-id

Specifies the session-id that is inserted into the packet header for all mirrored packets of the associated li-source entry. This session-id can be used (for example by a downstream LI gateway) to identify the particular LI session to which the packet belongs. The session-id is only valid and used for mirror services that are configured with ip-udp-shim routable encapsulation (config>mirror>mirror-dest>encap>ip-udp-shim).

For all types of li-source entries (filter, nat, sap, or subscriber), when the mirror service is configured with ip-udp-shim routable encap, a session-id field (as part of the routable encapsulation) is always present in the mirrored packets. If there is no session-id configured for an li-source entry, then the default value will be inserted. When a mirror service is configured with ip-gre or ip-udp-shim-sampled routable encap, no session-id is inserted and none can be specified against the li-source entries.

Values

1 to 4,294,967,295 (32b)

ingress

Specifies the ingress policy for lawful intercept.

egress

Specifies the egress policy for lawful intercept.

host-type

Specifies the host type for lawful intercept. The anti-spoof filter on the SAP must be configured as ip-mac.

Values

any, ipoe, ppp

ip-family

Specifies the IP family for lawful intercept. The anti-spoof filter on the SAP must be configured as ip-mac.

Values

any, ipv4, ipv6

Platforms

All

Context

[Tree] (debug>mirror-source subscriber)

Full Context

debug mirror-source subscriber

Description

This command adds hosts of a subscriber to mirroring service.

Parameters

sub-ident-string

Specifies the name of the subscriber identification policy.

sap-id

Specifies the physical port identifier portion of the SAP definition.

ip-address

The service IP address (system IP address) of the remote 7750 SR or 7450 ESS device sending LI traffic.

Values

1.0.0.1 to 223.255.255.254

ieee-address

Specify this optional parameter when defining a static host. The MAC address must be specified for anti-spoof ip-mac and arp-populate. Multiple static hosts may be configured with the same MAC address given that each definition is distinguished by a unique IP address.

sla-profile-name

Specifies the SLA profile name, up to 32 characters.

fc

Specifies name of the forwarding class with which to associate LI traffic.

Values

be, l2, af, l1, h2, ef, h1, nc

ingress

Specifies information for the ingress policy.

egress

Specifies information for the egress policy.

Platforms

All

Context

[Tree] (config>mcast-mgmt>mcast-info-plcy>video-policy>video-if subscriber-bw-limit)

Full Context

configure mcast-management multicast-info-policy video-policy video-interface subscriber-bw-limit

Description

This command configures of an egress per-subscriber bandwidth limit for the combined retransmission and Fast Channel Change (FCC) replies for requests received directed to the IP address. If the bandwidth for a request will exceed the bandwidth limit, the request is logged and dropped.

The no form of the command disables enforcement of an egress bandwidth limit.

Default

no subscriber-bw-limit

Parameters

bandwidth

The per-subscriber egress bandwidth limit for retransmission and FCC packets in kilobits per second expressed as an integer indicates infinity or no limit.

Values

1 to 4294967295 kb/s

Platforms

7450 ESS, 7750 SR, 7750 SR-s

Context

[Tree] (config>aaa>isa-radius-plcy>acct-include-attributes subscriber-data)

Full Context

configure aaa isa-radius-policy acct-include-attributes subscriber-data

Description

This command enables the inclusion of subscriber data attributes.

The no form of the command excludes subscriber data attributes.

Default

no subscriber-data

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host>ident-strings subscriber-id)

[Tree] (config>subscr-mgmt>loc-user-db>ppp>host>ident-strings subscriber-id)

Full Context

configure subscriber-mgmt local-user-db ipoe host identification-strings subscriber-id

configure subscriber-mgmt local-user-db ppp host identification-strings subscriber-id

Description

This command specifies the subscriber ID which is encoded in the identification strings.

The no form of this command returns to the default.

Parameters

sub-ident-string

Specifies the subscriber ID string, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>acct-plcy>include-radius-attribute subscriber-id)

Full Context

configure subscriber-mgmt radius-accounting-policy include-radius-attribute subscriber-id

Description

This command specifies that subscriber ID attributes should be included into RADIUS accounting messages.

The no form of this command excludes subscriber ID attributes into RADIUS accounting messages.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>aaa>isa-radius-plcy>acct-include-attributes subscriber-id)

Full Context

configure aaa isa-radius-policy acct-include-attributes subscriber-id

Description

This command specifies that subscriber ID attributes should be included into RADIUS accounting messages.

Default

no subscriber-id

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>router>nat>inside subscriber-identification)

Full Context

configure router nat inside subscriber-identification

Description

Commands in this context configure subscriber identification for Large Scale NAT.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vprn subscriber-interface)

[Tree] (config>service>ies subscriber-interface)

Full Context

configure service vprn subscriber-interface

configure service ies subscriber-interface

Description

This command allows the operator to create special subscriber-based interfaces. It is used to contain multiple group interfaces. Multiple subnets associated with the subscriber interface can be applied to any of the contained group interfaces in any combination. The subscriber interface allows subnet sharing between group interfaces.

The no form of this command reverts to the default.

Parameters

ip-int-name

Specifies the interface name of a subscriber interface, up to 32 characters. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes.

create

Keyword used to create the subscriber interface.

fwd-service service-id

Specifies the wholesale service ID or service name.

Values

service-id: 1 to 214748364

svc-name: A string up to 64 characters

ip-int-name

Specifies the wholesale subscriber interface.

wan-mode mode

Specifies the WAN mode as 64-bit or 128-bit. To change the WAN mode after creation, the interface must first be removed then recreated.

Values

mode64, mode128

Default

mode64

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt subscriber-interface-statistics)

Full Context

configure subscriber-mgmt subscriber-interface-statistics

Description

Commands in this context enable or disable the collection of subscriber interface statistics.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vprn>nat>outside>pool subscriber-limit)

Full Context

configure service vprn nat outside pool subscriber-limit

Description

This command configures the maximum number of subscribers per outside IP address.

If multiple port blocks per subscriber are used, the block size is typically small; all blocks assigned to a given subscriber belong to the same IP address; the subscriber limit guarantees that any subscriber can get a minimum number of ports.

The subscribers are counted per protocol (UDP, TCP and ICMP). For example, in LSN44 a source IPv4 address that uses ports on each of the three protocols (UDP, TCP and ICMP) on an outside IP address count as 3 subscribers on that outside IP address. The ‘no subscriber-limit’ removes the limit for the number of subscribers per outside IP address.

This command is not applicable to pools with:

• arbitrary address pooling enabled
• flexible port allocations (application configured under a pool)

Parameters

limit

Specifies the maximum number of subscribers per outside IP address.

Values

1 to 65535

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>ies subscriber-mgmt)

[Tree] (config>service>vprn subscriber-mgmt)

Full Context

configure service ies subscriber-mgmt

configure service vprn subscriber-mgmt

Description

Commands in this context configure per service subscriber management parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config subscriber-mgmt)

Full Context

configure subscriber-mgmt

Description

Commands in this context configure subscriber management entities. A subscriber is uniquely identified by a subscriber identification string. Each subscriber can have several DHCP sessions active at any time. Each session is referred to as a subscriber host and is identified by its IP address and MAC address.

All subscriber hosts belonging to the same subscriber are subject to the same hierarchical QoS (HQoS) processing. The HQoS processing is defined in the sub-profile (the subscriber profile). A sub-profile refers to an existing scheduler policy (configured in the config>qos>scheduler-policy context) and offers the possibility to overrule the rate of individual schedulers within this policy.

Because all subscriber hosts use the same scheduler policy instance, they must all reside on the same complex.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>system>persistence subscriber-mgmt)

Full Context

configure system persistence subscriber-mgmt

Description

This command configures subscriber management persistence parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>redundancy>multi-chassis>peer>sync subscriber-mgmt)

Full Context

configure redundancy multi-chassis peer sync subscriber-mgmt

Description

Commands in this context configure the synchronization of subscriber management information with the multi-chassis peer.

The no form of this command disables the router from synchronizing subscriber management information with the multi-chassis peer.

Default

no subscriber-mgmt

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vprn>nat>inside>dslite subscriber-prefix-length)

Full Context

configure service vprn nat inside dual-stack-lite subscriber-prefix-length

Description

This command configures the IPv6 prefix length of the DS-Lite subscribers.

The no form of this command reverts the default.

Default

subscriber-prefix-length 128

Parameters

prefix-length prefix-length

Specifies the IPv6 prefix length of the DS-Lite subscriber.

Values

32 to 64, 128

Default

128

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>router>nat>inside>dual-stack-lite subscriber-prefix-length)

Full Context

configure router nat inside dual-stack-lite subscriber-prefix-length

Description

This command sets the value for the number of high order bits of the source IPv6 address that will be considered as DS-Lite subscriber. The remaining bits of the source IPv6 address will be masked off, effectively aggregation all IPv6 source addresses under the configured prefix length into a single DS-Lite subscriber. Source IPv4 addresses/ports of the traffic carried within the DS-Lite subscriber will be translated into a single outside IPv4 address and the corresponding deterministic port-block (port-blocks can be extended).

The range of values for subscriber-prefix-length in non-deterministic DS-Lite is limited from 32 to 64 (a prefix will be considered as a DS-Lite subscriber) or it can be set to a value of 128 (the source IPv6 address is considered as a DS-Lite subscriber).

In cases where deterministic DS-Lite is enabled in a giver inside routing context, the range of values of the subscriber-prefix-length depends on the value of dslite-max-subscriber-limit parameter as follows:

subscriber-prefix-length – n = [32..64,128]

where n = log2(dslite-max-subscriber-limit)

[or in an alternate form: dslite-max-subscriber-limit = 2^n.]

In other words the largest prefix length for the deterministic DS-Lite subscriber will be 32+n, where n = log2(dslite-max-subscriber-limit). The subscriber prefix length can extend up to 64 bits. Beyond 64 bits for the subscriber prefix length, there only one value is allowed: 128. In the case n must be 0, which means that the mapping between B4 elements (or IPv6 address) and the IPv4 outside addresses is in 1:1 ratio (no sharing of outside IPv4 addresses).

This parameter can be changed only when there are no deterministic prefixes configured in the same routing context.

The no form of the command reverts to the default.

Default

128

Parameters

prefix-length

In non-deterministic DS-Lite this value can be [32..64,128], assuming that the deterministic DS-Lite is not concurrently enabled in the same inside routing context. In case that deterministic DS-Lite is enabled, this value can be within the range [(32+n)..64,128] where n = log2(dslite-max-subscriber-limit). The value of 128 is allowed only when n=0 (each subscriber is mapped to a single outside IPv4 IP address).

Values

32 to 64

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vprn>nat>inside>nat64 subscriber-prefix-length)

[Tree] (config>router>nat>inside>nat64 subscriber-prefix-length)

Full Context

configure service vprn nat inside nat64 subscriber-prefix-length

configure router nat inside nat64 subscriber-prefix-length

Description

This command specifies the IPv6 address prefix length to be used for the NAT64 subscribers in this virtual router instance.

Default

subscriber-prefix-length128

Parameters

prefix-length

Specifies the subscriber identification for Large Scale NAT.

Values

32 to 64, 128

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>ies>sub-if>ipv6 subscriber-prefixes)

[Tree] (config>service>vprn>sub-if>ipv6 subscriber-prefixes)

Full Context

configure service ies subscriber-interface ipv6 subscriber-prefixes

configure service vprn subscriber-interface ipv6 subscriber-prefixes

Description

Commands in this context configure aggregate off-link subscriber prefixes associated with this subscriber interface. Individual prefixes are specified under the prefix context list aggregate routes in which the next hop is indirect via the subscriber interface.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>nat>nat-policy>timeouts subscriber-retention)

[Tree] (config>service>nat>up-nat-policy>timeouts subscriber-retention)

Full Context

configure service nat nat-policy timeouts subscriber-retention

configure service nat up-nat-policy timeouts subscriber-retention

Description

This command specifies the subscriber retention timeout, which is the time a NAT subscriber and its associated IP address are kept after all hosts and associated port blocks have expired. If a NAT subscriber host appears before the retention timeout has elapsed, it is given the same outside IP address.

Default

no subscriber-retention

Parameters

hrs hours

Specifies the hours a subscriber’s IP address is kept after all hosts and port blocks have expired.

Values

1 to 24

min minutes

Specifies the minutes a subscriber’s IP address is kept after all hosts and port blocks have expired.

Values

1 to 59

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>ies>if>sap>static-host subscriber-sap-id)

[Tree] (config>service>ies>sub-if>grp-if>sap>static-host subscriber-sap-id)

[Tree] (config>service>vpls>sap>static-host subscriber-sap-id)

[Tree] (config>service>vprn>if>sap>static-host subscriber-sap-id)

[Tree] (config>service>vprn>sub-if>grp-if>sap>static-host subscriber-sap-id)

Full Context

configure service ies interface sap static-host subscriber-sap-id

configure service ies subscriber-interface group-interface sap static-host subscriber-sap-id

configure service vpls sap static-host subscriber-sap-id

configure service vprn interface sap static-host subscriber-sap-id

configure service vprn subscriber-interface group-interface sap static-host subscriber-sap-id

Description

This command enables using the SAP ID as the subscriber ID.

Parameters

subscriber-sap-id

Specifies to use the sap-id as the subscriber-id.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>qos>fp-resource-policy>aggregate-shapers>queue-sets>default-size subscribers)

Full Context

configure qos fp-resource-policy aggregate-shapers queue-sets default-size subscribers

Description

This command configures the default queue-set size for subscribers.

Parameters

size

Specifies the size of the queue sets.

Values

2 to 8

non-shaper-queues

Specifies that subscribers will not use hardware aggregate shapers on FPs where the FP resource policy is applied.

Platforms

7750 SR-1, 7750 SR-s

Context

[Tree] (config>router>rsvp>interface subscription)

Full Context

configure router rsvp interface subscription

Description

This command configures the percentage of the link bandwidth that RSVP can use for reservation and sets a limit for the amount of over-subscription or under-subscription allowed on the interface.

When the subscription is set to zero, no new sessions are permitted on this interface. If the percentage is exceeded, the reservation is rejected and a log message is generated.

The no form of this command reverts the percentage to the default value.

Default

subscription 100

Parameters

percentage

Specifies the percentage of the interface's bandwidth that RSVP allows to be used for reservations.

Values

0 to 1000

Platforms

All

Context

[Tree] (admin>system>telemetry>grpc subscription)

Full Context

admin system telemetry grpc subscription

Description

This command cancels an active telemetry subscription.

Parameters

subscription-id

Specifies the ID of the telemetry subscription to cancel.

Values

0 to 4294967295

Platforms

All

Context

[Tree] (config>system>telemetry>persistent-subscriptions subscription)

Full Context

configure system telemetry persistent-subscriptions subscription

Description

Commands in this context configure persistent subscription commands.

The no form of this command removes the configuration.

Parameters

name

Specifies the subscription name, up to 32 characters.

create

Keyword used to create the subscription.

Platforms

All

Context

[Tree] (environment suggest-internal-objects)

Full Context

environment suggest-internal-objects

Description

This command enables suggesting of internally created objects while auto completing.

The no form of the command disables the command.

Platforms

All

Context

[Tree] (config>service>vprn>ospf3>area>nssa summaries)

[Tree] (config>service>vprn>ospf>area>stub summaries)

[Tree] (config>service>vprn>ospf>area>nssa summaries)

Full Context

configure service vprn ospf3 area nssa summaries

configure service vprn ospf area stub summaries

configure service vprn ospf area nssa summaries

Description

This command enables sending summary (type 3) advertisements into a stub area or Not So Stubby Area (NSSA) on an Area Border Router (ABR). This parameter is particularly useful to reduce the size of the routing and Link State Database (LSDB) tables within the stub or nssa area. By default, summary route advertisements are sent into the stub area or NSSA.

The no form of this command disables sending summary route advertisements and, for stub areas, only the default route is advertised by the ABR.

Default

summaries — Summary routes are advertised by the ABR into the stub area or NSSA.

Platforms

All

Context

[Tree] (config>router>ospf3>area>stub summaries)

[Tree] (config>router>ospf>area>nssa summaries)

[Tree] (config>router>ospf>area>stub summaries)

[Tree] (config>router>ospf3>area>nssa summaries)

Full Context

configure router ospf3 area stub summaries

configure router ospf area nssa summaries

configure router ospf area stub summaries

configure router ospf3 area nssa summaries

Description

This command enables sending summary (type 3) advertisements into a stub area or Not So Stubby Area (NSSA) on an Area Border Router (ABR).

This parameter is particularly useful to reduce the size of the routing and Link State Database (LSDB) tables within the stub or NSSA area (default: summary).

By default, summary route advertisements are sent into the stub area or NSSA.

The no form of this command disables sending summary route advertisements and, for stub areas; only the default route is advertised by the ABR.

Default

summaries

Platforms

All

Context

[Tree] (config>filter>log summary)

Full Context

configure filter log summary

Description

Commands in this context configure log summarization. These settings will only be taken into account when syslog is the log destination.

Platforms

All

Context

[Tree] (debug>router>isis summary)

Full Context

debug router isis summary

Description

This command enables debugging for ISIS summary addresses.

The no form of the command disables the debugging.

Parameters

ip-address

When specified, only packets with the specified address are debugged.

Platforms

All

Context

[Tree] (config>service>vprn>isis summary-address)

Full Context

configure service vprn isis summary-address

Description

This command creates summary-addresses for the specified router or VPRN instance.

Parameters

ip-prefix/mask

Specifies information for the specified IP prefix and mask length.

Values

ip-prefix	a.b.c.d (host bits must be 0)
ipv4-prefix-length	0 to 32
ipv6-prefix	x:x:x:x:x:x:x:x (eight 16-bit pieces)
	x:x:x:x:x:x:d.d.d.d
	x: [0 to FFFF]H
	d: [0 to 255]D
ipv6-prefix-length	0 to 128

netmask

The subnet mask in dotted decimal notation.

Values

0.0.0.0 to 255.255.255.255 (network bits all 1 and host bits all 0)

level

Specifies IS-IS level area attributes. If no level parameter is specified, the default is level-1/2.

Values

level-1, level-2, level-1/2

tag tag

Assigns a route tag to the summary address.

Values

1 to 4294967295

Platforms

All

Context

[Tree] (config>router>isis summary-address)

Full Context

configure router isis summary-address

Description

This command creates a summary IPv4, IPv6, or SRv6 locator address.

When an IS-IS domain exists out of multiple areas, the user must redistribute IP addresses and SRv6 locators between areas for inter-area SRv6-based transport services.

Scaling may be impacted if all existing IPv4, IPv6, and SRv6 locators are redistributed between all existing areas. SRv6 locators and IP addresses can be summarized when they are redistributed from one area into another area. Summarization reduces the number of entries redistributed, which reduces the size of the Link State Database (LSDB) and increases network stability.

The no form of this command reverts to the default.

Default

no summary-address

Parameters

ip-prefix/ip-prefix-length

Specifies the IP prefix and prefix length of the summary address.

Values

ipv4-prefix	a.b.c.d (host bits must be 0)
ipv4-prefix-length	0 to 32
ipv6-prefix	x:x:x:x:x:x:x:x (eight 16-bit pieces)
	x:x:x:x:x:x:d.d.d.d
	x: [0 to FFFF]H
	d: [0 to 255]D
ipv6-prefix-length	0 to 128

netmask

Specifies the subnet mask in dotted decimal notation.

Values

0.0.0.0 to 255.255.255.255 (network bits all 1 and host bits all 0)

level

Specifies IS-IS level area attributes.

Values

level-1, level-2, level-1/2

Default

level-1/2

tag

Specifies the route tag to assign for the summary address.

Values

1 to 4294967295

algo-id

Specifies the algorithm topology applied for the summary address.

Values

0, 128 to 255

Default

0

match-route-tag tag

Specifies the route tag to match the Unreachable Prefix Announcements (UPAs). This selects a subset of summary member prefixes to monitor for reachability.

Values

1 to 4294967295

Default

no match-route-tag

advertise-route-tag tag

Specifies the route tag to advertise in the UPA. The UPA tag can be used when there are multiple ASBR redistributing prefixes between two IGP areas.

Values

1 to 4294967295

Default

no advertise-route-tag

Platforms

All

Context

[Tree] (config>filter>log>summary summary-crit)

Full Context

configure filter log summary summary-crit

Description

This command defines the key of the index of the mini-table. If key information is changed while summary is administratively enabled (no shutdown), the filter summary mini-table is flushed and recreated with different key information. Log packets received during the reconfiguration time will be handled as if summary was not active.

The no form of the command reverts to the default parameter.

Default

summary-crit src-addr

Parameters

dst-addr

Specifies that received log packets are summarized based on the destination IPv4, IPv6, or MAC address.

src-addr

Specifies that received log packets are summarized based on the source IPv4, IPv6 or MAC address.

Platforms

All

Context

[Tree] (config>service>vprn>ospf super-backbone)

Full Context

configure service vprn ospf super-backbone

Description

This command specifies whether CE-PE functionality is required or not. The OSPF super backbone indicates the type of the LSA generated as a result of routes redistributed into OSPF. When enabled, the redistributed routes are injected as summary, external or NSSA LSAs. When disabled, the redistributed routes are injected as either external or NSSA LSAs only.

Default

no super-backbone

Platforms

All

Context

[Tree] (config>port>ethernet>dot1x supplicant-timeout)

Full Context

configure port ethernet dot1x supplicant-timeout

Description

This command configures the period during which the router waits for a client to respond to its EAPOL messages. When the supplicant-timeout expires, the 802.1x authentication session is considered to have failed.

The no form of this command returns the value to the default.

Default

supplicant-timeout 30

Parameters

seconds

Specifies the server timeout period in seconds.

Values

1 to 300

Platforms

All

Context

[Tree] (config>subscr-mgmt>diam-appl-plcy>gx>include-avp supported-features)

Full Context

configure subscriber-mgmt diameter-application-policy gx include-avp supported-features

Description

This command includes the supported-features in CCR messages.

The no form of this command resets the command to the default setting.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>router>policy-options>damping suppress)

Full Context

configure router policy-options damping suppress

Description

This command configures the suppression parameter for the route policy damping profile.

A route is suppressed when it has flapped frequently enough to increase the Figure of Merit (FoM) value to exceed the suppress threshold limit. When the FoM value exceeds the suppress threshold limit, the route is removed from the route table or inclusion in advertisements.

The no form of this command removes the suppress parameter from the damping profile.

Default

no suppress

Parameters

integer

Specifies the suppress value expressed as a decimal integer.

Values

1 to 20000

Platforms

All

Context

[Tree] (config>service>vprn>isis suppress-attached-bit)

Full Context

configure service vprn isis suppress-attached-bit

Description

This command configures IS-IS to suppress setting the attached bit on originated Level 1 LSPs to prevent all L1 routers in the area from installing a default route to it.

Platforms

All

Context

[Tree] (config>router>isis suppress-attached-bit)

Full Context

configure router isis suppress-attached-bit

Description

This command configures IS-IS to suppress setting the attached bit on originated Level 1 LSPs to prevent all L1 routers in the area from installing a default route to it.

Default

no suppress-attached-bit

Platforms

All

Context

[Tree] (config>service>vprn>ospf suppress-dn-bit)

[Tree] (config>service>vprn>ospf3 suppress-dn-bit)

Full Context

configure service vprn ospf suppress-dn-bit

configure service vprn ospf3 suppress-dn-bit

Description

This command specifies whether to suppress the setting of the DN bit for OSPF LSA packets generated by this instance of OSPF on the router. When enabled, the DN bit for OSPF LSA packets generated by this instance of the OSPF router will not be set. When disabled, this instance of the OSPF router will follow the normal procedure to determine whether to set the DN bit.

Default

no suppress-dn-bit

Platforms

All

Context

[Tree] (config>port>sonet-sdh suppress-lo-alarm)

Full Context

configure port sonet-sdh suppress-lo-alarm

Description

This command enables the suppression of lower order alarms on SONET/SDH port such as MLPPP bundle alarms, DS1/E1 links alarms and 336 APS channel groups alarms.

The no form of this command disables the suppression of lower order alarms on SONET/SDH port.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (configure>isa>wlan-gw-group>nat suppress-lsn-events)

Full Context

configure isa wlan-gw-group nat suppress-lsn-events

Description

This command suppresses the generation of Large Scale NAT (LSN) events when RADIUS accounting is enabled.

By default, only one logging facility for tracking subscribers in LSN44, DS-Lite, and NAT64 can be enabled at the time, either the SR OS event logging facility or the RADIUS logging facility. Note that SR OS event logs can be sent to multiple destinations, such as the console session, a telnet or SSH session, memory logs, file destinations, SNMP trap groups, and syslog destinations.

If RADIUS logging is enabled, the NAT logs are sent to the RADIUS destination and the NAT logs are suppressed in the SR OS event logging facility, for example, NAT logs are not sent to the syslog server.

If RADIUS logging is disabled, the NAT logs are sent to the SR OS event logging facility, for example, syslog, assuming that the events are enabled via the SR OS event-control (configure log event-control nat event generate).

The no form of this command, the NAT logs can be sent to both logging facilities simultaneously, the SR OS event logging facility and RADIUS logging facility.

Default

suppress-lsn-events

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>isa>nat-group suppress-lsn-events)

Full Context

configure isa nat-group suppress-lsn-events

Description

This command suppresses the generation of Large Scale NAT (LSN) events when RADIUS accounting is enabled.

By default, only one logging facility for tracking subscribers in LSN44, DS-Lite, and NAT64 can be enabled at the time: either the SR OS event logging facility or the RADIUS logging facility. SR OS event logs can be sent to multiple destinations, such as the console session, a telnet or SSH session, memory logs, file destinations, SNMP trap groups, and syslog destinations.

If RADIUS logging is enabled, the NAT logs are sent to the RADIUS destination and the NAT logs are suppressed in the SR OS event logging facility, for example, NAT logs are not sent to the syslog server.

If RADIUS logging is disabled, the NAT logs are sent to the SR OS event logging facility; for example, syslog, assuming that the events are enabled via the event-control command (configure log event-control nat event generate).

By explicitly disabling this command (no suppress-lsn-events), the NAT logs can be sent to both logging facilities simultaneously, the SR OS event logging facility, and the RADIUS logging facility.

Default

suppress-lsn-events

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (configure>isa>wlan-gw-group>nat suppress-lsn-sub-blks-free)

Full Context

configure isa wlan-gw-group nat suppress-lsn-sub-blks-free

Description

This command suppresses the tmnxNatLsnSubBlksFree summary notification and use the tmnxNatPlBlockAllocationLsn notifications. When the SR OS node is in a state of excessive logging, the queue associated with the transmission of logs on the MS-ISA can become congested. This event further delays the generation of logs, and with this, further allocations and deallocations of NAT resources (port-blocks) is stalled until the queue is relieved of congestion. For example, an excessive logging state in the system can be caused by issuing a command to clear a large number of NAT subscribers where a large number of resources (port-blocks) are released at once.

The suppress-lsn-sub-blks-free command enables the generation of individual logs carried in event-id 2012 for every released port block regardless of the state of the transmission queue (whether congested or not). If NAT subscribers have a large number of allocated port blocks (this could be hundreds of port blocks per subscriber), generating individual logs per port-block release contributes to the congestion.

To alleviate transmission queue congestion, this behavior can be changed by disabling this command (no suppress-lsn-sub-blks-free). This causes the suppression of logs related to the release of individual port blocks of a NAT subscriber when the transmission queue is congested. As a result, only a summarized release log via event-id 2021 for the subscriber is generated. The purpose of this new log is to inform the operator in a single message that all ports blocks for the subscriber are released. For example, the log message for LSN is "LSN subscriber all blocks freed”. The benefit of such summarization (or log aggregation) is to alleviate the congestion of the transmission queue and consequently accelerate resource releases. An effect is the decreased granularity of information.

If summarization is enabled (no suppress-lsn-sub-blks-free) while there is no logging congestion in the system, the port block releases continue to be logged individually via the event-id 2012 (assuming that this is enabled in the event control), except for the last port block of the subscriber. When the last port block is released, the log with event-id 2021 is generated indicating that all port blocks for the subscriber are now released without carrying the specific information about this last port block that is released.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>isa>nat-group suppress-lsn-sub-blks-free)

Full Context

configure isa nat-group suppress-lsn-sub-blks-free

Description

This command suppresses the tmnxNatLsnSubBlksFree summary notification and use the tmnxNatPlBlockAllocationLsn notifications. When the SR OS node is in a state of excessive logging, the queue associated with the transmission of logs on the MS-ISA can become congested. This event further delays the generation of logs, and with this, further allocations and deallocations of NAT resources (port-blocks) will be stalled until the queue is relieved of congestion. For example, an excessive logging state in the system can be caused by issuing a command to clear a large number of NAT subscribers where a large number of resources (port-blocks) are released at once.

The suppress-lsn-sub-blks-free command enables the generation of individual logs carried in event-id 2012 for every released port block regardless of the state of the transmission queue (whether congested or not). If NAT subscribers have a large number of allocated port blocks (this could be hundreds of port blocks per subscriber), generating individual logs per port-block release contributes to the congestion.

To alleviate transmission queue congestion, this behavior can be changed by disabling this command (no suppress-lsn-sub-blks-free). This causes the suppression of logs related to the release of individual port blocks of a NAT subscriber when the transmission queue is congested. As a result, only a summarized release log via event-id 2021 for the subscriber is generated. The purpose of this new log is to inform the operator in a single message that all ports blocks for the subscriber are released. For example, the log message for LSN will be "LSN subscriber all blocks freed”. The benefit of such summarization (or log aggregation) is to alleviate the congestion of the transmission queue and consequently accelerate resource releases. An effect is the decreased granularity of information.

If summarization is enabled (no suppress-lsn-sub-blks-free) while there is no logging congestion in the system, the port block releases continue to be logged individually via the event-id 2012 (assuming that this is enabled in the event control), except for the last port block of the subscriber. When the last port block is released, the log with event-id 2021 is generated indicating that all port blocks for the subscriber are now released without carrying the specific information about this last port block that is released.

Default

no suppress-lsn-sub-blks-free

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vpls>endpoint suppress-standby-signaling)

Full Context

configure service vpls endpoint suppress-standby-signaling

Description

When this command is enabled, the pseudowire standby bit (value 0x00000020) will not be sent to T-LDP peer when the specified spoke is selected as a standby. This allows faster switchover as the traffic will be sent over this SDP and discarded at the blocking side of the connection. This is particularly applicable to multicast traffic.

Default

suppress-standby-signaling

Platforms

All