t Commands – Part II

Context

[Tree] (config>service>vprn>log>log-id time-format)

Full Context

configure service vprn log log-id time-format

Description

This command specifies whether the time should be displayed in local or Coordinated Universal Time (UTC) format.

Default

time-format utc

Parameters

local

Specifies that timestamps are written in the system’s local time.

utc

Specifies that timestamps are written using the UTC value. This was formerly called Greenwich Mean Time (GMT) and Zulu time.

Platforms

All

Context

[Tree] (config>li>log>log-id time-format)

Full Context

configure li log log-id time-format

Description

This command specifies whether the time should be displayed in local or Coordinated Universal Time (UTC) format.

Default

time-format utc

Parameters

local

Specifies that timestamps are written in the system’s local time.

utc

Specifies that timestamps are written using the UTC value. This was formerly called Greenwich Mean Time (GMT) and Zulu time.

Platforms

All

Context

[Tree] (config>log>log-id time-format)

Full Context

configure log log-id time-format

Description

This command specifies whether the time should be output in local or Coordinated Universal Time (UTC) format in the following event log locations:

• in the syslog TIMESTAMP field
• in the timestamp of log events inside log files on local storage devices

The timestamp in the filename of event log files is not affected by this command.

The output of show log log-id and the output of YANG state under /state/log/log-id are not affected by this command. See the environment time-display command.

Default

time-format utc

Parameters

local

Specifies that timestamps are written in the system’s local time.

utc

Specifies that timestamps are written using the UTC value. This was formerly called Greenwich Mean Time (GMT) and Zulu time.

Platforms

All

Context

[Tree] (config>call-trace>trace-profile time-limit)

Full Context

configure call-trace trace-profile time-limit

Description

This command specifies how long a trace may run before it is stopped.

Default

time-limit 86400

Parameters

limit-value

Specifies the maximum duration of a single call trace job in seconds. After reaching the limit the call trace job for a given host is automatically terminated.

Values

1 to 604800

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>app-assure>group>tod-override time-range)

Full Context

configure application-assurance group policer tod-override time-range

Description

This command configures up to seven time-ranges applicable to a particular override-id. The time-range can be configured as daily or weekly policies.

When using a daily override the operator can select which days during the week from Sunday to Saturday it is applicable along with the start/end hour/min time range repeated over these days.

When using a weekly override the operator can select between which days in the week the policy start up to the hours/min for both start day and end day.

Default

no time-range

Parameters

daily

Schedule the override as a daily occurrence.

weekly

Schedule the override as a weekly occurrence.

Values

start-time	daily	<hh>:<mm>
	weekly	<day>,<hh>:<mm>
		<hh> : 0..23
		<mm> : 0 | 15 | 30 | 45
end-time	daily	<hh>:<mm>
	weekly	<day>,<hh>:<mm>
		<hh> 0..23
		<mm> 0 | 15 | 30 | 45
day	sunday | monday | tuesday | wednesday | thursday | friday | saturday

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (environment time-stamp)

Full Context

environment time-stamp

Description

This command specifies whether the time-stamp should be displayed before the prompt.

Platforms

All

Context

[Tree] (config>aaa>l2tp-acct-plcy>radius-acct-server timeout)

Full Context

configure aaa l2tp-accounting-policy radius-accounting-server timeout

Description

This command configures the time that the router waits for a response from a RADIUS server.

The no form of this command reverts to the default value.

Default

timeout sec 5

Parameters

seconds

Specifies the time, in seconds, that the router waits for a response from a RADIUS server.

Values

1 to 59

minutes

Specifies the time, in minutes, that the router waits for a response from a RADIUS server.

Values

1 to 1

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>app-assure>rad-acct-plcy>server timeout)

Full Context

configure application-assurance radius-accounting-policy radius-accounting-server timeout

Description

This command configures the number of seconds the router waits for a response from a RADIUS server.

The no form of this command reverts to the default value.

Default

timeout 5

Parameters

seconds

Specifies the time the router waits for a response from a RADIUS server.

Values

1 to 90

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vprn>sub-if>grp-if>sap>static-host>managed-routes>route-entry>cpe-check timeout)

[Tree] (config>service>ies>sub-if>grp-if>sap>static-host>managed-routes>route-entry>cpe-check timeout)

Full Context

configure service vprn subscriber-interface group-interface sap static-host managed-routes route-entry cpe-check timeout

configure service ies subscriber-interface group-interface sap static-host managed-routes route-entry cpe-check timeout

Description

This command configures the time the system waits for a reply to a specific ping before concluding the ping has been missed.

Default

timeout 1

Parameters

seconds

Specifies the time, in seconds, that the router waits for a response.

Values

1 to 10

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>auth-plcy>radius-auth-server timeout)

[Tree] (config>subscr-mgmt>acct-plcy>server timeout)

Full Context

configure subscriber-mgmt authentication-policy radius-authentication-server timeout

configure subscriber-mgmt radius-accounting-policy radius-accounting-server timeout

Description

This command configures the number of seconds the router waits for a response from a RADIUS server.

The no form of this command reverts to the default value.

Default

timeout 3

Parameters

seconds

Specifies the time, in seconds, that the router waits for a response from a RADIUS server, expressed as a decimal integer.

Values

1 to 90

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>shcv-policy>periodic timeout)

Full Context

configure subscriber-mgmt shcv-policy periodic timeout

Description

This command configures the timeout before a retransmission in triggered connectivity verification.

The no form of this command reverts to the default.

Default

timeout 10

Parameters

seconds

Specifies the timeout, in seconds, before a retransmission in triggered connectivity verification.

Values

10 to 60

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>shcv-policy>trigger timeout)

Full Context

configure subscriber-mgmt shcv-policy trigger timeout

Description

This command configures the timeout before a retransmission.

The no form of this command reverts to the default.

Default

timeout 1 — trigger-type ip-conflict, host-limit-exceeded and mobility

timeout 2 — trigger-type inactivity and mac-learning

Parameters

seconds

Specifies the retry timeout in seconds.

Values

1 to 60

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>aaa>radius-srv-plcy>servers timeout)

Full Context

configure aaa radius-server-policy servers timeout

Description

This command configures the time the router waits for a response from a RADIUS server.

The no form of this command reverts to the default value.

Default

timeout sec 5

Parameters

seconds

Specifies the number of seconds for the timeout.

Values

1 to 59

minutes

Specifies the number of minutes for the timeout.

Values

1 to 5

Values

Max. value = 5 min 40 sec

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vprn>radius-proxy>server>cache timeout)

[Tree] (config>router>radius-proxy>server>cache timeout)

Full Context

configure service vprn radius-proxy server cache timeout

configure router radius-proxy server cache timeout

Description

This command configures the time for which the cache entry is kept if there is no corresponding DHCP DISCOVER. At the expiry of this time, the cache entry is deleted.

The no form of this command reverts to the default value.

Default

timeout min 5

Parameters

hours

Specifies, in hours, the timeout after which an entry in the cache will expire.

Values

1

minutes

Specifies, in minutes, the timeout after which an entry in the cache will expire.

Values

1 to 59

seconds

Specifies, in seconds, the timeout after which an entry in the cache will expire.

Values

1 to 59

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>pfcp-association>heartbeat timeout)

Full Context

configure subscriber-mgmt pfcp-association heartbeat timeout

Description

This command configures the timeout period, after which, a Heartbeat Request message is considered unanswered.

Default

timeout 5

Parameters

seconds

Specifies the timeout value, in seconds. This interval should be identical on both the BNG UPF and CPF. For information about the BNG CUPS CPF configuration, refer to the CMG BNG CUPS Control Plane Function Guide and the 7750 SR MG and CMG CLI Reference Guide.

Values

1 to 20

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>pfcp-association>tx timeout)

Full Context

configure subscriber-mgmt pfcp-association tx timeout

Description

This command configures the timeout period, after which, a message is considered unanswered. This timeout value is also known as T1.

Default

timeout 5

Parameters

seconds

Specifies the timeout value, in seconds.

This value must be identical on both the BNG UPF and CPF. For information about the BNG CUPS CPF configuration, refer to the CMG BNG CUPS Control Plane Function Guide and the 7750 SR MG and CMG CLI Reference Guide.

Values

1 to 30

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>system>security>radius timeout)

[Tree] (config>service>vprn>aaa>rmt-srv>radius timeout)

Full Context

configure system security radius timeout

configure service vprn aaa remote-servers radius timeout

Description

This command configures the number of seconds the router waits for a response from a RADIUS server.

The no form of this command reverts to the default value.

Default

timeout 3

Parameters

seconds

Specifies the number of seconds the router waits for a response from a RADIUS server, expressed as a decimal integer.

Values

1 to 90

Platforms

All

Context

[Tree] (config>service>vprn>aaa>rmt-srv>tacplus timeout)

[Tree] (config>system>security>tacplus timeout)

Full Context

configure service vprn aaa remote-servers tacplus timeout

configure system security tacplus timeout

Description

This command configures the number of seconds the router waits for a response from a TACACS+ server.

The no form of this command reverts to the default value.

Default

timeout 3

Parameters

seconds

Specifies the number of seconds the router waits for a response from a TACACS+ server, expressed as a decimal integer.

Values

1 to 90

Platforms

All

Context

[Tree] (config>router>mpls>lsp-self-ping timeout)

Full Context

configure router mpls lsp-self-ping timeout

Description

This command configures a timeout value for LSP Self Ping. The LSP Self Ping timer is started when the RESV message is received for an LSP. The system then periodically sends LSP Self Ping packets until the timer expiry or the receipt of the first LSP Self Ping reply, whichever comes first. If the timeout expires before an LSP Self Ping packet is received, then the configured timeout-action is performed.

The no form of this command reverts to the default value.

Default

timeout 300

Parameters

seconds

Specifies the value, in seconds, of the fast retry timer for a secondary path.

Values

3 to 3600

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>system>file-trans-prof timeout)

Full Context

configure system file-transmission-profile timeout

Description

This command specifies timeout value in seconds for transport protocol. The timeout is the maximum waiting time to receive any data from the server (e.g., FTP or HTTP server).

Default

timeout 60

Parameters

seconds

Specifies the connection timeout (in seconds) for the file transmission.

Values

1 to 3600

Platforms

All

Context

[Tree] (config>aaa>isa-radius-plcy>servers timeout)

Full Context

configure aaa isa-radius-policy servers timeout

Description

This command configures the number of seconds the router waits for a response from a RADIUS server.

The no form of the command reverts to the default value.

Default

timeout sec 5

Parameters

seconds

Specifies the wait for a response from a RADIUS server, in seconds.

minutes

Specifies the wait for a response from a RADIUS server, in minutes.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>test-oam>ldp-treetrace>path-discovery timeout)

Full Context

configure test-oam ldp-treetrace path-discovery timeout

Description

This command configures the time the node waits for the response to an LSP Trace message discovering the path of an LDP FEC before it declares failure. After consecutive failures equal to the retry-count parameter, the node gives up.

The no form of this command resets the timeout to its default value.

Default

timeout 30

Parameters

timeout

Specifies the timeout parameter, in seconds, within a range of 1 to 60, expressed as a decimal integer.

Values

1 to 60

Platforms

All

Context

[Tree] (config>test-oam>ldp-treetrace>path-probing timeout)

Full Context

configure test-oam ldp-treetrace path-probing timeout

Description

This command configures the time the node waits for the response to an LSP Ping message probing the path of an LDP FEC before it declares failure. After consecutive failures equal to the retry-count parameter, the node gives up.

The no form of this command resets the time out to its default value.

Default

timeout 1

Parameters

timeout

Specifies the timeout parameter, in minutes, expressed as a decimal integer.

Values

1 to 3

Platforms

All

Context

[Tree] (config>saa>test>type-multi-line>lsp-ping timeout)

[Tree] (config>saa>test>type-multi-line>lsp-ping>sr-policy timeout)

Full Context

configure saa test type-multi-line lsp-ping timeout

configure saa test type-multi-line lsp-ping sr-policy timeout

Description

This command configures the number, in seconds, used to override the default timeout value and is the amount of time that the router waits for a message reply after sending the last probe for a specific test. Upon the expiration of the time out, the test is marked complete and no more packets are processed for any of the request probes.

The no form of this command reverts to the default value.

Default

timeout 5

Parameters

timeout

Specifies the timeout value in seconds.

Values

1 to 10

Default

5

Platforms

All

Context

[Tree] (config>saa>test>type-multi-line>lsp-trace>sr-policy timeout)

Full Context

configure saa test type-multi-line lsp-trace sr-policy timeout

Description

This command configures the time, in seconds, used to override the default timeout value and is the amount of time that the router waits for a message reply after sending the message request. Upon the expiration of the message time out, the requesting router assumes that the message response is not received. A request timeout message is displayed by the CLI for each message request sent that expires. Any response received after the request times out is silently discarded.

The no form of this command reverts to the default value.

Default

timeout 3

Parameters

timeout

Specifies the timeout value in seconds.

Values

1 to 60

Default

3

Platforms

All

Context

[Tree] (config>filter>redirect-policy>dest>ping-test timeout)

Full Context

configure filter redirect-policy destination ping-test timeout

Description

Specifies the amount of time, in seconds, that is allowed for receiving a response from the far-end host. If a reply is not received within this time the far-end host is considered unresponsive.

Default

timeout 1

Parameters

seconds

Specifies the amount of time, in seconds, that is allowed for receiving a response from the far end host.

Values

1 to 60

Platforms

All

Context

[Tree] (config>vrrp>policy>priority-event>host-unreachable timeout)

Full Context

configure vrrp policy priority-event host-unreachable timeout

Description

This command defines the time, in seconds, that must pass before considering the far-end IP host unresponsive to an outstanding ICMP echo request message.

The timeout value is not directly related to the configured interval parameter. The timeout value may be larger, equal, or smaller, relative to the interval value.

If the timeout value is larger than the interval value, multiple ICMP echo request messages may be outstanding. Every ICMP echo request message transmitted to the far end host is tracked individually according to the message identifier and sequence number.

With each consecutive attempt to send an ICMP echo request message, the timeout timer is loaded with the timeout value. The timer decrements until:

• an internal error occurs preventing message sending (request unsuccessful)

• an internal error occurs preventing message reply receiving (request unsuccessful)

• a required route table entry does not exist to reach the IP address (request unsuccessful)

• a required ARP entry does not exist and ARP request timed out (request unsuccessful)

• a valid reply is received (request successful)

It is possible for a required ARP request to succeed or timeout after the message timeout timer expires. In this case, the message request is unsuccessful.

If an ICMP echo reply message is not received prior to the timeout period for a given ICMP echo request, that request is considered to be dropped and increments the consecutive message drop counter for the priority event.

If an ICMP echo reply message with the same sequence number as an outstanding ICMP echo request message is received prior to that message timing out, the request is considered successful. The consecutive message drop counter is cleared and the request message no longer is outstanding.

If an ICMP Echo Reply message with a sequence number equal to an ICMP echo request sequence number that had previously timed out is received, that reply is silently discarded while incrementing the priority event reply discard counter.

The no form of the command reverts to the default value.

Default

timeout 1

Parameters

seconds

The number of seconds before an ICMP echo request message is timed out. Once a message is timed out, a reply with the same identifier and sequence number is discarded.

Values

1 to 60

Platforms

All

Context

[Tree] (config>service>sdp>keep-alive timeout)

Full Context

configure service sdp keep-alive timeout

Description

This command configures the time interval that the SDP waits before tearing down the session.

Default

timeout 5

Parameters

timeout

Specifies the timeout time, in seconds.

Values

1 to 10

Platforms

All

Context

[Tree] (config>system>security>ldap timeout)

Full Context

configure system security ldap timeout

Description

The timeout value is the number of seconds that the SR OS will wait for a response from the current server that it is trying to establish a connection with. If the server does not reply within the configured timeout value, the SR OS will increment the retry counter by 1. The SR OS attempts to establish the connection to the current server up to the configured retry value before it moves to the next configured server.

The no form of this command reverts to the default value.

Default

timeout 3

Parameters

seconds

The length of time that the SR OS waits for a response from the server.

Values

1 to 90

Default

3

Platforms

All

Context

[Tree] (config>system>security>dot1x>radius-plcy timeout)

Full Context

configure system security dot1x radius-plcy timeout

Description

This command configures the number of seconds the router waits for a response from a RADIUS server.

The no form of this command reverts to the default value.

Default

timeout 3

Parameters

seconds

Specifies the number of seconds the router waits for a response from a RADIUS server, expressed as a decimal integer.

Values

1 to 90

Platforms

All

Context

[Tree] (config>test-oam>icmp>ping-template timeout)

Full Context

configure test-oam icmp ping-template timeout

Description

This command configures the time the function waits before declaring an ICMP echo request packet is lost. This is the timer used to time out the interval transmitted packets. The timeout can be equal to or lower than the interval but not higher.

The no form of this command reinstates the default value for timeout.

Default

timeout 5

Parameters

seconds

Specifies the time, in seconds, before declaring an ICMP echo request being lost.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>router>l2tp>tunnel-selection-blacklist timeout-action)

[Tree] (config>service>vprn>l2tp>tunnel-selection-blacklist timeout-action)

Full Context

configure router l2tp tunnel-selection-blacklist timeout-action

configure service vprn l2tp tunnel-selection-blacklist timeout-action

Description

This command defines an action that is executed on the entity (peer/tunnel) in the denylist once the entity becomes eligible for selection again.

The no form of this command reverts to the default.

Default

timeout-action remove-from-blacklist

Parameters

action

Specifies the Action to be taken when a tunnel or peer has been in the denylist for the max-period of time.

Values

remove-from-blacklist — The peer or tunnel in the denylist is removed completely from the denylist and made eligible for the selection process once the max-time expires. In this mode of operation, multiple new sessions can be mapped into the same, newly released tunnel from the denylist. The first such session will try to setup the tunnel, while the other is buffered until the tunnel establishment process is completed. In case that the tunnel remains unavailable, it is placed in the denylist again. Consequently, all new sessions are re-negotiated over an alternate tunnel.

try-one-session — Once the max-time expired, the peer or tunnel in the denylist is made available for selection only to a single new session request. Only upon successful tunnel establishment will the incoming new sessions be eligible to be mapped into this tunnel. This behavior will avoid session establishment delays in case that the tunnel just removed from the denylist is still unavailable.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>router>mpls>lsp-self-ping timeout-action)

Full Context

configure router mpls lsp-self-ping timeout-action

Description

This command configures an action that the router takes when the timeout LSP self ping timeout timer expires. The lsp-self-ping timer is started when the RESV is received for an LSP. If the retry is configured and the timeout expires before an LSP self ping packet is received, then the system tears down the candidate path and goes back to CSPF for a new path. If the switch is configured and the timeout expires before an LSP self ping packet is received, then the system switches to the candidate path.

The no form of this command reverts to the default value.

Default

timeout-action retry

Parameters

retry

Specifies to retry the candidate path when the timeout expires.

switch

Specifies to switch to the candidate path when the timeout expires.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>service>nat>firewall-policy timeouts)

[Tree] (config>service>nat>up-nat-policy timeouts)

[Tree] (config>service>nat>nat-policy timeouts)

Full Context

configure service nat firewall-policy timeouts

configure service nat up-nat-policy timeouts

configure service nat nat-policy timeouts

Description

This command configures session idle timeouts for this policy.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

• configure service nat firewall-policy timeouts

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

• configure service nat up-nat-policy timeouts
• configure service nat nat-policy timeouts

Context

[Tree] (config>li>x-interfaces>x3 timeouts)

[Tree] (config>li>x-interfaces>x1 timeouts)

[Tree] (config>li>x-interfaces>x2 timeouts)

Full Context

configure li x-interfaces x3 timeouts

configure li x-interfaces x1 timeouts

configure li x-interfaces x2 timeouts

Description

This command configures the X1, X2, and X3 messages timeout.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>service>dynsvc timers)

Full Context

configure service dynamic-services timers

Description

Commands in this context configure dynamic data services related timers.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vpls>spb timers)

Full Context

configure service vpls spb timers

Description

Commands in this context configure SPB timers.

Platforms

All

Context

[Tree] (config>service>vprn>isis timers)

Full Context

configure service vprn isis timers

Description

Commands in this context configure the IS-IS timer values.

Default

n/a

Platforms

All

Context

[Tree] (config>service>vprn>ospf3 timers)

[Tree] (config>service>vprn>ospf timers)

Full Context

configure service vprn ospf3 timers

configure service vprn ospf timers

Description

Commands in this context configure OSPF timers. Timers control the delay between receipt of a LSA requiring a Dijkstra (Shortest Path First (SPF)) calculation and the minimum time between successive SPF calculations.

Changing the timers affect CPU utilization and network reconvergence times. Lower values reduce convergence time but increase CPU utilization. Higher values reduce CPU utilization but increase reconvergence time.

Platforms

All

Context

[Tree] (config>service>vprn>rip>group timers)

[Tree] (config>service>vprn>rip>group>neighbor timers)

[Tree] (config>service>vprn>rip timers)

[Tree] (config>service>vprn>ripng>group timers)

[Tree] (config>service>vprn>ripng>group>neighbor timers)

[Tree] (config>service>vprn>ripng timers)

Full Context

configure service vprn rip group timers

configure service vprn rip group neighbor timers

configure service vprn rip timers

configure service vprn ripng group timers

configure service vprn ripng group neighbor timers

configure service vprn ripng timers

Description

This command configures the values for the update, timeout, and flush timers:

• update timer

  Determines how often RIP updates are sent.

• timeout timer

  If a router is not updated by the time the timer expires, the route is declared invalid, but maintained in the RIP database.

• flush timer

  Determines how long a route is maintained in the RIP database, after it has been declared invalid. Once this timer expires it is flushed from the RIP database completely.

The no form of this command resets all timers to their default values of 30, 180, and 120 seconds respectively.

Default

no timers

Parameters

update

The RIP update timer value in seconds.

Values

1 to 600

Default

30

timeout

The RIP timeout timer value in seconds.

Values

1 to 1200

Default

180

flush

The RIP flush timer value in seconds.

Values

1 to 1200

Default

120

Platforms

All

Context

[Tree] (debug>router>bgp timers)

Full Context

debug router bgp timers

Description

This command logs all BGP timer events to the debug log.

The no form of this command disables debugging.

Parameters

neighbor ip-address

Debugs only events affecting the specified BGP neighbor.

Values

ipv4-address:

• a.b.c.d (host bits must be 0)

ipv6-address:

• x:x:x:x:x:x:x:x [-interface] (eight 16-bit pieces)

• x:x:x:x:x:x:d.d.d.d [-interface]

• x: [0 to FFFF]H

• d: [0 to 255]D

• interface: up to 32 characters for link local addresses

group name

Debugs only events affecting the specified peer group name, up to 64 characters, and associated neighbors.

Platforms

All

Context

[Tree] (config>router>isis timers)

Full Context

configure router isis timers

Description

This command configures the IS-IS timer values.

Platforms

All

Context

[Tree] (config>router>ospf timers)

[Tree] (config>router>ospf3 timers)

Full Context

configure router ospf timers

configure router ospf3 timers

Description

Commands in this context configure OSPF timers. Timers control the delay between receipt of a link state advertisement (LSA) requiring a Dijkstra (Shortest Path First (SPF)) calculation and the minimum time between successive SPF calculations.

Changing the timers affects CPU utilization and network re-convergence times. Lower values reduce convergence time but increase CPU utilization. Higher values reduce CPU utilization but increase re-convergence time.

Platforms

All

Context

[Tree] (config>router>ripng>group timers)

[Tree] (config>router>ripng>group>neighbor timers)

[Tree] (config>router>rip>group>neighbor timers)

[Tree] (config>router>rip timers)

[Tree] (config>router>rip>group timers)

[Tree] (config>router>ripng timers)

Full Context

configure router ripng group timers

configure router ripng group neighbor timers

configure router rip group neighbor timers

configure router rip timers

configure router rip group timers

configure router ripng timers

Description

This command configures values for the update, timeout and flush RIP timers.

The RIP update timer determines how often RIP updates are sent.

If the route is not updated by the time the RIP timeout timer expires, the route is declared invalid but is maintained in the RIP database.

The RIP flush timer determines how long a route is maintained in the RIP database after it has been declared invalid. After the flush timer expires, the route is removed from the RIP database.

The no form of the command reverts to the default values.

Default

timers 30 180 120

Parameters

update

Specifies the RIP update timer value in seconds expressed as a decimal integer.

Values

1 to 600

timeout

Specifies the RIP timeout timer value in seconds expressed as a decimal integer.

Values

1 to 1200

flush

Specifies the RIP flush timer value in seconds expressed as a decimal integer.

Values

1 to 1200

Platforms

All

Context

[Tree] (config>port>tdm>ds1>channel-group timeslots)

[Tree] (config>port>tdm>e1>channel-group timeslots)

Full Context

configure port tdm ds1 channel-group timeslots

configure port tdm e1 channel-group timeslots

Description

This command defines the list of DS-0 timeslots to be used in the DS-1 or E-1 channel-group. The timeslots are defaulted as defined below when encap-type is set to/from atm. ATM channel groups do not allow timeslots to change.

The no form of this command removes DS-0 timeslots from a channel group.

Parameters

timeslots

Specifies the timeslot(s) to be associated with the channel group. The value can consist of a list of timeslots. Each member of the list can either be a single timeslot or a range of timeslots.

Values

1 to 24 for DS-1 interfaces (the full range is auto-configured for ATM channel groups and cannot be changed) 2 to 32 for E-1 interfaces (the 2 to 16,18 to 32 ranges are auto-configured for ATM channel groups and cannot be changed)

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e

Context

[Tree] (config>system>management-interface>cli>md-cli>environment>prompt timestamp)

Full Context

configure system management-interface cli md-cli environment prompt timestamp

Description

This command displays the timestamp before the first prompt line.

The no form of this command suppresses the timestamp before the first prompt line.

Default

timestamp

Platforms

All

Context

[Tree] (config>log>syslog timestamp-format)

Full Context

configure log syslog timestamp-format

Description

This command controls the format of the syslog timestamp.

The no form of this command reverts to the default.

Default

no timestamp-format

Parameters

millisecond

Keyword to set the timestamp format to milliseconds.

Platforms

All

Context

[Tree] (config>test-oam>link-meas>template>twl timestamp-format)

Full Context

configure test-oam link-measurement measurement-template twamp-light timestamp-format

Description

This command configures the format of the timestamp used in the TWAMP Light PDU. This configuration places the requested timestamp format in the packet using the appropriate epoch. This is unrelated to any time distribution protocol being used to synchronize time between clocks.

Default

timestamp-format ntp

Parameters

parameter

Specifies the timestamp format to be used in the TWAMP Light PDU.

Values

ntp, ptp

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>test-oam>lag-meas>template>twl timestamp-format)

Full Context

configure test-oam lag-ip-measurement lag-ip-measurement-template twamp-light timestamp-format

Description

This command configures the timestamp field format for launched TWAMP Light packets.

Default

timestamp-format ntp

Parameters

timestamp-format

Specifies the timestamp field format.

Values

ntp, ptp

Default

ntp

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>oam-pm>session>ethernet>lmm>availability timing)

Full Context

configure oam-pm session ethernet lmm availability timing

Description

This command defines various availability parameters for LMM availability testing. This command does not define the probe interval. Validation occurs when the LMM test is activated using the no shutdown command. The maximum size of the availability window cannot exceed 100 seconds (100 000 milliseconds). LMM test activation fails if the availability window exceeds the maximum value.

The no form of this command restores the default values for all timing parameters, and uses those values to compute availability and set the loss frequency.

Parameters

frames

Specifies the number of SLM frames that define the size of the small measurement window. Each delta-t is marked as a high-loss interval or non-high-loss interval based on the flr-threshold. The size of the delta-t measurement is the product of the number of frames and the interval.

Values

1 to 50

Default

10

deltas

Specifies the number of consecutive delta-t measurement intervals that make up the sliding window over which availability and unavailability determined. Transitions from one state to another occurs when the consec-delta-t are in a new state. The sliding window cannot exceed 100 seconds.

Values

2 to 10

Default

10

threshold

Specifies the number of consecutive unavailable delta-t intervals that, when reached or exceeded, increments the CHLI counter. A CHLI counter is an indication that the sliding window is available but has crossed a threshold of consecutive unavailable delta-t intervals. A CHLI can only be incremented once during a sliding window and, by default, is incremented during times of availability.

Values

1 to 9

Default

5

Platforms

All

Context

[Tree] (config>oam-pm>session>ethernet>slm timing)

Full Context

configure oam-pm session ethernet slm timing

Description

This command defines various availability parameters and the probe spacing (interval) for the SLM frames. The maximum size of the availability window cannot exceed 10 s (10 000 ms).

The no form of this command installs the default values for all timing parameters and use those values to compute availability and set the SLM frequency. If an SLM test is in the no shutdown state, it always has timing parameters, default or operator configured.

Parameters

frames

Specifies the of SLM frames that define the size of the delta-t (small measurement window). Each delta-t is marked as available or unavailable based on the flr-threshold. The size of the delta-t measurement is the product of the number of frames and the interval.

Values

1 to 50

Default

10

deltas

Specifies the number of consecutive delta-t small measurement intervals that make up the sliding window over which availability and unavailability is determined. Transitions from one state to another occurs when the consec-delta-t is in a new state.

Values

2 to 10

Default

10

milliseconds

Specifies the number of milliseconds between the transmission of the SLM frames. By design, the default value for the SLM interval is different than the default interval for DMM.

Values

50, 100, 200, 300, 400, 500, 600, 700, 800, 900, 1000

Default

100

threshold

Specifies the number of consecutive high loss intervals (unavailable delta-t) that when equal to or exceeded increments the CHLI counter. A CHLI counter is an indication that the sliding window is available but has crossed a threshold consecutive of unavailable delta-t intervals. A CHLI can only be incremented once during a sliding window and, by default, it is only incremented during times of availability.

Values

1 to 9

Default

5

Platforms

All

Context

[Tree] (config>oam-pm>session>ip>twamp-light>loss timing)

Full Context

configure oam-pm session ip twamp-light loss timing

Description

This command defines various availability parameters but not the probe interval. A single TWAMP-Light frame is used to collect both delay and loss metrics; the interval is common to both and as such not unique per metric type. Any TWAMP light test that is attempting to become active validates the configuration of the timing parameter regardless of which statistics are being recorded.

The no form of this command restores the default values for all timing parameters and use those values to compute availability and set the loss frequency.

Default

timing frames-per-delta-t 1 consec-delta-t 10 chli-threshold 5

Parameters

frames

Defines the size of the small measurement window. Each delta-t is marked as available of unavailable based on the flr-threshold. The size of the delta-t measurement is the product of the number of frames and the interval. This value defaults to a different value thank single probe per metric approaches.

Values

1 to 50

Default

1

deltas

Specifies the number of consecutive delta-t small measurement intervals that make up the sliding window over which availability and unavailability are determined. Transitions from one state to another occurs when the consec-delta-t are now in a new state. The sliding window cannot exceed 100 seconds.

Values

2 to 10

Default

10

threshold

Specifies the number of consecutive high loss intervals (unavailable delta-t) that when equal to or exceeded increments the CHLI counter. A CHLI counter is an indication that the sliding window is available but has crossed a threshold consecutive of unavailable delta-t intervals. A CHLI can only be incremented once during a sliding window and, by default, is only incremented during times of availability.

Values

1 to 9

Default

5

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>system>security tls)

Full Context

configure system security tls

Description

This command configures TLS parameters.

Platforms

All

Context

[Tree] (config>open-flow>of-switch>of-controller tls-client-profile)

Full Context

configure open-flow of-switch of-controller tls-client-profile

Description

This command configures the use of Transport Layer Security (TLS) on the control channel to a given OpenFlow controller for this OpenFlow switch.

The no form of this command deletes removed TLS from the control channel.

Parameters

profile-name

Specifies the use of TLS for the control channel. A named TLS profile must also be specified, referring to a TLS profile configured under config>system>security>tls.

Platforms

VSR

Context

[Tree] (config>system>telemetry>destination-group tls-client-profile)

[Tree] (config>system>grpc-tunnel>destination-group tls-client-profile)

Full Context

configure system telemetry destination-group tls-client-profile

configure system grpc-tunnel destination-group tls-client-profile

Description

This command configures a TLS client profile to a destination group.

This command is mutually exclusive with the allow-unsecured-connection command.

The no form of this command removes the TLS client profile.

Default

no tls-client-profile

Parameters

name

Specifies the TLS client profile name, up to 32 characters.

Platforms

All

Context

[Tree] (config>service>vprn>log>syslog tls-client-profile)

[Tree] (config>log>syslog tls-client-profile)

Full Context

configure service vprn log syslog tls-client-profile

configure log syslog tls-client-profile

Description

This command specifies the Transport Layer Security (TLS) client profile used to encrypt syslog communications. When configured, syslog messages are sent using TLS.

Any change to this command results in a brief interruption of the event log, which may cause the loss of a few syslog messages.

The no form of this command removes TLS encryption of syslog communications and sends syslog messages over UDP.

Parameters

tls-client-profile

Specifies the name of a TLS profile configured in the config>system>security>tls context, up to 32 characters.

Platforms

All

Context

[Tree] (config>router>pcep>pcc>peer tls-client-profile)

Full Context

configure router pcep pcc peer tls-client-profile

Description

This command configures a TLS client profile on the PCC. When the TLS profile is configured, the PCC tries to establish a PCEP connection with the PCE over TLS. Because SR OS supports a strict TLS-only mode, both the PCE and PCC must support TLS. If a TLS failure occurs, the connection over TLS is closed and a new connection is retried within 60 seconds.

The no form of this command removes TLS encryption from the communication between this PCC and the PCE.

Default

no tls-client-profile

Parameters

profile-name

Specifies the TLS client profile name, up to 32 characters.

Platforms

All

Context

[Tree] (config>system>security>ldap>server tls-profile)

Full Context

configure system security ldap server tls-profile

Description

This command attaches a TLS client profile to the LDAP client. The parameter in the TLS profile is used to encrypt the LDAP connection to the server. Each LDAP server can use its own TLS profile.

When a TLS profile is assigned, the LDAP application will send encrypted PDUs from the client to the LDAP server. If TLS is operationally down, the LDAP application should not send any PDUs.

The no form of this command removes the TLS profile from LDAP and disables the TLS encryption from LDAP.

Parameters

tls-profile-name

Specifies the TLD profile for encryption.

Platforms

All

Context

[Tree] (config>system>security>tls>server-tls-profile tls-re-negotiate-timer)

Full Context

configure system security tls server-tls-profile tls-re-negotiate-timer

Description

This command configures the timed interval after which the server is triggered to send a Hello request message to all clients and force a renegotiation of the symmetric encryption key. When an interval of 0 is configured, the server will never send a hello request message.

Default

tls-re-negotiate-timer 0

Parameters

timer-min

Specifies the interval, in minutes, after which the server is triggered to send a Hello request message.

Values

0 to 65000

Platforms

All

Context

[Tree] (config>system>grpc tls-server-profile)

Full Context

configure system grpc tls-server-profile

Description

This command adds a configured TLS server profile to the gRPC session. The TLS server is used for encryption of the gRPC session. gRPC will not transmit any PDUs if there is a TLS server profile assigned to it and the TLS connection is down.

The no form of this command removes the specified TLS server profile from the gRPC session.

Parameters

name

Specifies the name of the TLS server profile configured under the config>system>security>tls context.

Platforms

All

Context

[Tree] (config>router>pcep>pce tls-server-profile)

Full Context

configure router pcep pce tls-server-profile

Description

This command configures a TLS server profile on the PCE. When a TLS server profile is configured, the PCE accepts TLS handshakes from the PCC. Because SR OS supports a strict TLS mode only, both the PCE and the PCC must support TLS. If a TLS failure occurs, the connection over TLS is closed and a new connection is retried within 60 seconds.

The no form of this command removes the specified TLS server profile.

Default

no tls-server-profile

Parameters

name

Specifies the name of the TLS server profile, up to 32 characters.

Platforms

VSR-NRC

Context

[Tree] (config>router>pcep>pcc>peer tls-wait-timer)

Full Context

configure router pcep pcc peer tls-wait-timer

Description

This command configures the time that the PCC waits before declaring a TLS handshake failure if the handshake is not established.

The no form of this command reverts to the default.

Default

tls-wait-timer 60

Parameters

tls-wait-timer

Specifies the time, in seconds.

Values

60 to 255

Platforms

All

Context

[Tree] (config>system>security>tls>client-cipher-list tls13-cipher)

[Tree] (config>system>security>tls>server-cipher-list tls13-cipher)

Full Context

configure system security tls client-cipher-list tls13-cipher

configure system security tls server-cipher-list tls13-cipher

Description

This command configures the TLS 1.3-supported ciphers that are used by the client and server.

The no form of this command removes the cipher suite.

Parameters

index

Specifies the index number, which provides the location of the cipher in the negotiation list. The lower index numbers are higher in the negotiation list, and the higher index numbers are at the bottom of the list.

Values

1 to 255

cipher-suite-code

Specifies the cipher suite code.

Values

tls-aes128-gcm-sha256

tls-aes256-gcm-sha384

tls-chacha20-poly1305-sha256

tls-aes128-ccm-sha256

tls-aes128-ccm8-sha256

Platforms

All

Context

[Tree] (config>system>security>tls>server-group-list tls13-group)

[Tree] (config>system>security>tls>client-group-list tls13-group)

Full Context

configure system security tls server-group-list tls13-group

configure system security tls client-group-list tls13-group

Description

This command configures the TLS 1.3-supported group suite codes sent by the client or server in their respective Hello messages.

SR OS supports the use of Elliptic-curve Diffie-Hellman Ephemeral (ECDHE) groups.

The no form of this command removes the group suite code.

Parameters

index

Specifies the index number , which provides the location of the group suite code in the client or server group list. The lower index numbers are higher in the list and the higher index numbers are at the bottom of the list.

Values

1 to 255

group-suite-code

Specifies the group suite code.

Values

tls-ecdhe-256

tls-ecdhe-384

tls-ecdhe-521

tls-x25519

tls-x448

Platforms

All

Context

[Tree] (config>system>security>tls>client-signature-list tls13-signature)

[Tree] (config>system>security>tls>server-signature-list tls13-signature)

Full Context

configure system security tls client-signature-list tls13-signature

configure system security tls server-signature-list tls13-signature

Description

This command configures the TLS 1.3-supported signature suite codes sent by the client or server in their respective Hello messages.

The no form of this command removes the signature suite code.

Parameters

index

Specifies the index number, which provides the location of the signature suite code in the client or server group list. The lower index numbers are higher in the list, and the higher index numbers are at the bottom of the list.

Values

1 to 255

signature-suite-code

Specifies the signature suite code.

Values

tls-rsa-pkcs1-sha256

tls-rsa-pkcs1-sha384

tls-rsa-pkcs1-sha512

tls-ecdsa-secp256r1-sha256

tls-ecdsa-secp384r1-sha384

tls-ecdsa-secp521r1-sha512

tls-rsa-pss-rsae-sha256

tls-rsa-pss-rsae-sha384

tls-rsa-pss-rsae-sha512

tls-rsa-pss-pss-sha256

tls-rsa-pss-pss-sha384

tls-rsa-pss-pss-sha512

tls-ed25519

tls-ed448

Platforms

All

Context

[Tree] (config>router>mpls>lsp to)

Full Context

configure router mpls lsp to

Description

This command specifies the IP address or MPLS-TP node-id of the egress router for the LSP. This command is mandatory to create an LSP.

An IP address for which a route does not exist is allowed in the configuration. If the LSP signaling fails because the destination is not reachable, an error is logged and the LSP operational status is set to down.

For a non MPLS-TP LSP, the to ip-address can be an IP address of a network IP interface, the system interface, or a loopback interface of the egress router. When used in a SDP, if the LSP to address does not match the SDP address, the LSP is not included in the SDP definition.

For an MPLS-TP LSP, the to node-id may be either in 4-octet IPv4 address format, or a 32-bit unsigned integer. This command is mandatory to create an MPLS-TP LSP. A value of zero is invalid. This to address is used in the MPLS-TP LSP ID, and the MPLS-TP MEP ID for the LSP.

Default

no default

Parameters

ip-address

Specifies the IP address of the egress router. When the LSP type is sr-te, then an IPv6 address can be used.

Values

ipv4-address — a.b.c.d

ipv6-address — x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x — 0 to FFFF (hexadecimal)

d — 0 to 255 (decimal)

node-id a.b.c.d. | 1...4294967295

4-octet IPv4 formatted or unsigned 32-bit integer MPLS-TP node-id of the egress router.

Platforms

All

Context

[Tree] (config>router>mpls>static-lsp to)

Full Context

configure router mpls static-lsp to

Description

This command specifies the IP address of the egress router for the static LSP. When creating an LSP this command is required. The to IP address may be the address of a local interface, the system IP interface, or of a loopback interface of the egress router. When used in a SDP and the to address does not match the far-end SDP address, the LSP is not included in the SDP definition.

Parameters

ip-address

Specifies the system IP address of the egress router.

Platforms

All

Context

[Tree] (config>li>log>log-id to)

Full Context

configure li log log-id to

Description

Commands in this context configure the destination type for the event log.

The source of the data stream must be specified in the from command prior to configuring the destination with the to command.

The to command cannot be modified or re-entered. If the destination or maximum size of a memory log, NETCONF log, or SNMP log needs to be modified, the log ID must be removed and then re-created.

Parameters

memory

Specifies that log events are directed to a memory file. A memory file is a circular buffer; when the file is full, each new entry replaces the oldest entry in the log. If the optional size parameter is not configured, the default value is used.

Default

100

netconf

Specifies that log events are directed to a NETCONF session as notifications. A NETCONF client can subscribe to a NETCONF log using the configured netconf-stream stream-name for the log in a subscription request. One or more NETCONF sessions can subscribe to a NETCONF log or stream.

session

Specifies that log events are directed to the current console or telnet session. This command is only valid for the duration of the session. When the session is terminated, the to session configuration is removed. A log ID with a session destination is saved in the configuration file but the to session part is not stored.

snmp

Specifies that log events are directed to the snmp-trap-group associated with the log ID. A local circular memory log is maintained for SNMP logs.

size

The size parameter indicates the number of events that can be stored into memory.

Default

100

Values

50 to 1024

send-using-vprn service-id

Configures the lawful intercept (LI) SNMP notifications to transmit in a VPRN. The parameter is the service ID of the VPRN. This configuration is useful when doing management of LI using a VPRN.

The specified VPRN service must exist. After an LI log is configured using the send-using-vprn command, the VPRN service cannot be deleted without removing the LI log ID first.

When this command is configured, an LI log ID uses the snmp-trap-group configured for the VPRN.

When unconfigured, the outgoing routing instance of LI SNMP notifications is determined by the configure log route-preference command, and the LI log ID uses the snmp-trap-group configured in the main system log configuration.

Platforms

All

Context

[Tree] (config>oam-pm>session>mpls>lsp>rsvp-auto to)

Full Context

configure oam-pm session mpls lsp rsvp-auto to

Description

This command specifies an IPv4 address used (with the LSP template) to identify the LSP to be tested.

One of three mandatory configuration statements that are required to identify automatically created RSVP LSPs, using config>router>mpls>lsp-template. The config>router>mpls>auto-lsp>lsp-template links three distinct functions, the config>router>policy-options>prefix-list, config>router>policy-options>policy-statement>entry>from and the config>router>mpls> lsp-template. The to address is the same address configured as the from address for the config>router>policy-options>policy-statement>entry>from. The required identifiers are from, lsp-template and to, all under this node.

Parameters

ipv4-address

Specifies the IPv4 address.

Values

a.b.c.d

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>log>accounting-policy to)

Full Context

configure log accounting-policy to

Description

This command specifies the destination for the accounting records selected for the accounting policy.

Parameters

file-id

Specifies the destination for the accounting records selected for this destination. The characteristics of the file ID must have already been defined in the config>log>file context. A file ID can only be used once.

The file is generated when the file policy is referenced. This command identifies the type of accounting file to be created. The file definition defines its characteristics.

If the to command is executed while the accounting policy is in operation, then it becomes active during the next collection interval.

Values

1 to 99

Platforms

All

Context

[Tree] (config>router>policy-options>policy-statement>entry to)

Full Context

configure router policy-options policy-statement entry to

Description

This command creates the context to configure export policy match criteria based on a route’s destination or the protocol into which the route is being advertised.

If no condition is specified, all route destinations are considered to match.

The to command context only applies to export policies. If it is used for an import policy, match criteria is ignored.

The no form of this command deletes export match criteria for the route policy statement entry.

Platforms

All

Context

[Tree] (config>log>log-id to)

Full Context

configure log log-id to

Description

This command specifies a destination for the log event data.

The source of the data stream must be specified in the from command before configuring the destination with the to command.

The to command cannot be modified or re-entered. If the destination or maximum size of an SNMP or memory log needs to be modified, the log ID must be removed and then recreated.

Parameters

cli

Specifies that log events are directed to any subscribed CLI session. Subscribe to a CLI log from within a CLI session using the tools>perform>log>subscribe-to log-id log-id command. Events are sent to the CLI session for the duration of that CLI session, or until an unsubscribe-from command is issued. A local circular memory log is maintained for CLI logs.

console

Specifies that log events events are directed to the console port. If the console is not connected, all the entries are dropped.

file log-file-id

Specifies that log events are directed to a file with the specified log-file-id. The characteristics of the log-file-id referenced in this parameter must have already been defined in the config>log>file file-id context. When the file-id location parameter is modified, log files are not written to the new location until a rollover occurs or the log is manually cleared. A rollover can be forced by using the clear>log command. Subsequent log entries are then written to the new location. If a rollover does not occur or the log is not cleared, the old location continues to be used.

Values

1 to 99, name (up to 64 characters max)

memory

Specifies that log events are directed to a memory file. A memory file is a circular buffer; when the file is full, each new entry replaces the oldest entry in the log. If the optional size parameter is not configured, the default value is used.

Default

100

netconf

Specifies that log events are directed to a NETCONF session as notifications. A NETCONF client can subscribe to a NETCONF log using the configured netconf-stream stream-name for the log in a subscription request. One or more NETCONF sessions can subscribe to a NETCONF log or stream.

session

Specifies that log events are directed to the current console or telnet session. This command is only valid for the duration of the session. When the session is terminated, the to session configuration is removed. A log ID with a session destination is saved in the configuration file but the to session part is not stored.

size

Specifies the maximum size of the log data destination, in bytes.

Values

50 to 3000

snmp

Specifies that log events are directed to the snmp-trap-group associated with the log ID. A local circular memory log is maintained for SNMP logs.

syslog syslog-id

Specifies that log events are directed to the specified syslog collector. To remain consistent with the standards governing syslog, messages to syslog are truncated to 1024 bytes. The characteristics of the syslog-id referenced in this parameter must have already been defined in the config>log>syslog syslog-id context.

Values

1 to 10

Platforms

All

Context

[Tree] (config>oam-pm>session>ip>tunnel>mpls>rsvp-te-auto to)

Full Context

configure oam-pm session ip tunnel mpls rsvp-te-auto to

Description

This command configures the termination point of the RSV LSP. Configure the following three commands to identify an RSVP-TE Auto LSP: from, to, and lsp-template.When all three of these values are configured, the specific RSVP LSP can be identified and the test packets can be carried across the tunnel

The no form of this command removes the IPv4 address.

Parameters

ipv4-address

Specifies IPv4 address.

Values

ipv4-address: a.b.c.d (host bits must be 0)

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>log>acct-policy>cr>aa to-aa-sub-counters)

Full Context

configure log accounting-policy custom-record aa-specific to-aa-sub-counters

Description

Commands in this context configure Application Assurance "to subscriber” counter parameters and only applies to the 7750 SR.

The no form of this command excludes the "to subscriber” count.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host to-client-options)

[Tree] (config>subscr-mgmt>loc-user-db>ppp>host to-client-options)

Full Context

configure subscriber-mgmt local-user-db ipoe host to-client-options

configure subscriber-mgmt local-user-db ppp host to-client-options

Description

Commands in this context configure DHCP options to send to the client.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vpls>sap>igmp-snp>mvr to-sap)

Full Context

configure service vpls sap igmp-snooping mvr to-sap

Description

In some situations, the multicast traffic should not be copied from the MVR VPLS to the SAP on which the IGMP message was received (standard MVR behavior), but to another SAP.

This command configures the SAP to which the multicast data needs to be copied.

The no form of this command reverts to the default value.

Parameters

sap-id

Specifies the SAP to which multicast channels should be copied.

Platforms

All

Context

[Tree] (config>service>vpls>sap>igmp-snooping>mvr to-sap)

Full Context

configure service vpls sap igmp-snooping mvr to-sap

Description

In some situations, the multicast traffic should not be copied from the MVR VPLS to the SAP on which the IGMP message was received (standard MVR behavior) but to another SAP.

This command configures the SAP to which the multicast data needs to be copied.

Default

no to-sap

Parameters

sap-id

Specifies the SAP to which multicast channels should be copied

Platforms

All

Context

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host to-server-options)

Full Context

configure subscriber-mgmt local-user-db ipoe host to-server-options

Description

Commands in this context configure DHCP options to send to the server.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>isa>aa-grp>qos>egress to-subscriber)

Full Context

configure isa application-assurance-group qos egress to-subscriber

Description

Commands in this context configure Quality of Service for this application assurance group to-subscriber logical port, traffic destined to AA subscribers and entering an application assurance engine.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>app-assure>group>policer tod-override)

Full Context

configure application-assurance group policer tod-override

Description

This commands creates a time of day override policy for a given policer. Up to 8 overrides can be configured per policer. Rate/mbs/cbs/flow-rate/flow-count configured in each override-id will override the default policer values at the specified time of day configured in the override.

Parameters

tod-override-id

Specifies the time of day override ID.

Values

1 to 255

create

Keyword used to create the time of day override policy.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>system>security>keychain>direction>bi>entry tolerance)

[Tree] (config>system>security>keychain>direction>uni>receive>entry tolerance)

Full Context

configure system security keychain direction bi entry tolerance

configure system security keychain direction uni receive entry tolerance

Description

This command configures the amount of time that an eligible receive key should overlap with the active send key or to never expire.

Parameters

seconds

Specifies the duration that an eligible receive key overlaps with the active send key.

Values

0 to 4294967294 seconds

forever

Specifies that an eligible receive key overlap with the active send key forever.

Platforms

All

Context

[Tree] (config>service>ies>sub-if>grp-if tos-marking-state)

[Tree] (config>service>vprn>interface tos-marking-state)

[Tree] (config>service>vprn>sub-if>grp-if tos-marking-state)

[Tree] (config>service>ies>if tos-marking-state)

Full Context

configure service ies subscriber-interface group-interface tos-marking-state

configure service vprn interface tos-marking-state

configure service vprn subscriber-interface group-interface tos-marking-state

configure service ies interface tos-marking-state

Description

This command is used to alter the default trusted state to a non-trusted state. When unset or reverted to the trusted default, the ToS field are not remarked by egress network IP interfaces unless the egress network IP interface has the remark-trusted state set, in which case the egress network interface treats all VPRN and network IP interface as untrusted.

When the ingress interface is set to untrusted, all egress network IP interfaces remark IP packets received on the network interface according to the egress marking definitions on each network interface. The egress network remarking rules also apply to the ToS field of IP packets routed using IGP shortcuts (tunneled to a remote next-hop). However, the tunnel QoS markings are always derived from the egress network QoS definitions.

Egress marking and remarking is based on the internal forwarding class and profile state of the packet once it reaches the egress interface. The forwarding class is derived from ingress classification functions. The profile of a packet is either derived from ingress classification or ingress policing.

The default marking state for network IP interfaces is trusted. This is equivalent to declaring no tos-marking-state on the network IP interface. When undefined or set to tos-marking-state trusted, the trusted state of the interface will not be displayed when using show config or show info unless the detail parameter is given. The save config command will not store the default tos-marking-state trusted state for network IP interfaces unless the detail parameter is also specified.

The no form of this command restores the trusted state to a network IP interface. This is equivalent to executing the tos-marking-state trusted command.

Default

tos-marking-state trusted

Parameters

trusted

The default prevents the ToS field to not be remarked by egress network IP interfaces unless the egress network IP interface has the remark-trusted state set.

untrusted

Specifies that all egress network IP interfaces will remark IP packets received on the network interface according to the egress marking definitions on each network interface.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

• configure service vprn subscriber-interface group-interface tos-marking-state
• configure service ies subscriber-interface group-interface tos-marking-state

All

• configure service ies interface tos-marking-state
• configure service vprn interface tos-marking-state

Context

[Tree] (config>service>vprn>nw-if tos-marking-state)

Full Context

configure service vprn network-interface tos-marking-state

Description

This command is used to alter the default trusted state to a non-trusted state. When unset or reverted to the trusted default, the ToS field will not be remarked by egress network IP interfaces unless the egress network IP interface has the remark-trusted state set, in which case the egress network interface treats all VPRN and network IP interface as untrusted.

When the ingress interface is set to untrusted, all egress network IP interfaces will remark IP packets received on the network interface according to the egress marking definitions on each network interface. The egress network remarking rules also apply to the ToS field of IP packets routed using IGP shortcuts (tunneled to a remote next-hop). However, the tunnel QoS markings are always derived from the egress network QoS definitions. Egress marking and remarking is based on the internal forwarding class and profile state of the packet once it reaches the egress interface. The forwarding class is derived from ingress classification functions. The profile of a packet is either derived from ingress classification or ingress policing.

The default marking state for network IP interfaces is trusted. This is equivalent to declaring no tos-marking-state on the network IP interface. When undefined or set to tos-marking-state trusted, the trusted state of the interface will not be displayed when using show config or show info unless the detail parameter is given. The save config command will not store the default tos-marking-state trusted state for network IP interfaces unless the detail parameter is also specified.

The no tos-marking-state command is used to restore the trusted state to a network IP interface. This is equivalent to executing the tos-marking-state trusted command.

Default

tos-marking-state trusted

Parameters

trusted

The default prevents the ToS field to not be remarked by egress network IP interfaces unless the egress network IP interface has the remark-trusted state set.

untrusted

Specifies that all egress network IP interfaces will remark IP packets received on the network interface according to the egress marking definitions on each network interface.

Platforms

All

Context

[Tree] (config>router>if tos-marking-state)

Full Context

configure router interface tos-marking-state

Description

This command is used on a network IP interface to alter the default trusted state to a non-trusted state. When unset or reverted to the trusted default, the ToS field will not be remarked by egress network IP interfaces unless the egress network IP interface has the remark-trusted state set, in which case the egress network interface treats all IES and network IP interface as untrusted. When the ingress network IP interface is set to untrusted, all egress network IP interfaces will remark IP packets received on the network interface according to the egress marking definitions on each network interface. The egress network remarking rules also apply to the ToS field of IP packets routed using IGP shortcuts (tunneled to a remote next-hop). However, the tunnel QoS markings are always derived from the egress network QoS definitions. Egress marking and remarking is based on the internal forwarding class and profile state of the packet once it reaches the egress interface. The forwarding class is derived from ingress classification functions. The profile of a packet is either derived from ingress classification or ingress policing. The default marking state for network IP interfaces is trusted. This is equivalent to declaring no tos-marking-state on the network IP interface. When undefined or set to tos-marking-state trusted, the trusted state of the interface will not be displayed when using show config or show info unless the detail parameter is given. The save config command will not store the default tos-marking-state trusted state for network IP interfaces unless the detail parameter is also specified.

The no form of this command is used to restore the trusted state to a network IP interface. This is equivalent to executing the tos-marking-state trusted command.

Default

tos-marking-state trusted

Parameters

trusted

Specifies that the default prevents the ToS field to not be remarked by egress network IP interfaces unless the egress network IP interface has the remark-trusted state set

untrusted

Specifies that all egress network IP interfaces will remark IP packets received on the network interface according to the egress marking definitions on each network interface.

Platforms

All

Context

[Tree] (config>isa>video-group>watermark>bandwidth total)

[Tree] (config>isa>video-group>watermark>session total)

Full Context

configure isa video-group watermark bandwidth total

configure isa video-group watermark session total

Description

This command sets the watermark to trigger the SNMP trap if the combined FCC and RET bandwidth or session exceeds the configured percentage. The bandwidth is the available egress bandwidth of the ISA. The SNMP trap is cleared when the consumption is lowered by 10%. For example, if the system resource of the bandwidth available is 10 Gb/s and the watermark is configured to be 90%, the SNMP trap is raised as the bandwidth exceeds 9 Gb/s (90% of 10 Gb/s). The SNMP trap is cleared when the bandwidth drops below 8.1 Gb/s (10% of 9 Gb/s = 0.9 Gb/s, and 9 Gb/s - 0.9 Gb/s = 8.1 Gb/s). The default value of the watermark is set at 90% of the system resources for both bandwidth and session.

Default

total 90

Parameters

percent

Specifies the percentage of the system resources per ISA.

Values

1 to 99

Platforms

7450 ESS, 7750 SR, 7750 SR-s

Context

[Tree] (config>mcast-mgmt>chassis-level>plane-capacity total-capacity)

Full Context

configure mcast-management chassis-level per-mcast-plane-capacity total-capacity

Description

This command configures the total multicast plane capacity supported individually by all switch fabric multicast planes.

The multicast plane capacity is determined based on the provisioned line cards and switch fabrics in the chassis.

The no form of this command reverts to the default.

Parameters

capacity

Specifies the multicast plane capacity in Mb/s.

Values

2000, 4000, 5250, 8250, 15000, 19000, dynamic (Specifies that multicast plane capacity is determined based on provisioned line cards and switch fabrics in the chassis.)

Platforms

7450 ESS, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-7/12/12e, 7750 SR-s, 7950 XRS, VSR

Context

[Tree] (config>log>acct-policy>cr>aa>aa-sub-cntr total-flow-duration)

Full Context

configure log accounting-policy custom-record aa-specific aa-sub-counters total-flow-duration

Description

This command includes the total flow duration flow count in the AA subscriber's custom record. This command only applies to the 7750 SR.

The no form of this command excludes the total flow duration flow count.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>log>acct-policy>cr>aa>aa-sub-cntr total-flows-completed-count)

Full Context

configure log accounting-policy custom-record aa-specific aa-sub-counters total-flows-completed-count

Description

This command includes the total flows completed count in the AA subscriber's custom record. This command only applies to the 7750 SR.

The no form of this command excludes the total flow duration flow count.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>port>access>egress>pool>monitor-depth>alarm total-pool-in-use)

[Tree] (config>port>network>egress>pool>monitor-depth>alarm total-pool-in-use)

[Tree] (config>port>access>ingress>pool>monitor-depth>alarm total-pool-in-use)

[Tree] (config>card>fp>ingress>network>pool>monitor-depth>alarm total-pool-in-use)

Full Context

configure port access egress pool monitor-pool-depth alarm-thresholds total-pool-in-use

configure port network egress pool monitor-pool-depth alarm-thresholds total-pool-in-use

configure port access ingress pool monitor-pool-depth alarm-thresholds total-pool-in-use

configure card fp ingress network pool monitor-pool-depth alarm-thresholds total-pool-in-use

Description

This command configures the threshold for the total pool in use.

A tmnxTotalPoolUseThreshExcd trap is generated when the total pool usage exceeds this threshold percentage. When the usage returns below the threshold percentage, the tmnxTotalPoolUseThreshNotExcd trap is generated

The no form of this command removes the threshold on which to alarm.

Default

no total-pool-in-use

Parameters

percentage

Specifies the total pool in-use alarm threshold.

Values

0.01 to 100.00

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>router>mpls>mpls-tp tp-tunnel-id-range)

Full Context

configure router mpls mpls-tp tp-tunnel-id-range

Description

This command configures the range of MPLS tunnel IDs reserved for MPLS-TP LSPs. The maximum difference between the start-id and end-id is 4K.

The tunnel ID referred to here is the RSVP-TE tunnel ID. This maps to the MPLS-TP Tunnel Number. There are some cases where the dynamic LSPs may have caused fragmentation to the number space such that contiguous range [end-id – start-id] is not available. In these cases, the command will fail.

There are no default values for the start-id and end-id of the tunnel id range, and they must be configured to enable MPLS-TP.

Default

no tp-tunnel-id-range

Parameters

start-id

Specifies the start ID.

Values

1 to 61440

end-id

Specifies the end ID.

Values

1 to 61440

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (debug>call-trace>ipoe trace)

Full Context

debug call-trace ipoe trace

Description

This command enables tracing for IPoE sessions specified by the configured parameters. This command can trace a single session or multiple sessions, and can use wildcard characters.

This command can be executed multiple times to start multiple traces. When rules overlap, such as for a wildcard SAP and a specific SAP, the rule that a specific trace is associated with cannot be guaranteed.

The no form of this command prevents new traces from being configured and terminates all trace jobs that were previously started using the trace command.

Parameters

circuit-id

Specifies a circuit ID that is used to filter sessions to trace. The circuit-id and remote-id parameters are mutually exclusive.

ieee-address

Specifies a MAC address that is used to identify a session to trace, in the format "ab:cd:ef:01:23:45”. A wildcard character can be used to match all remaining octets; for example, the format "ab:cd:ef:*” can be used to filter by OUI.

num

Specifies the maximum number of jobs that may be started with this rule.

Values

1 to 50

Default

1

remote-id

Specifies a remote ID that is used to filter sessions to trace. The remote-id and circuit-id parameters are mutually exclusive.

sap-id

Specifies a SAP to trace. The following formats are accepted:

• port/lag/pw-port:svlan.cvlan

• port/lag/pw-port:vlan

• port/lag/pw-port

• port/lag/pw-port:vlan.*

• port/lag/pw-port:* (also matches *.*)

trace-existing-sessions

Specifies that existing IPoE sessions is traced. If this parameter is not included, only new IPoE sessions is traced.

trace-name

Specifies the name by which the trace is referenced, up to 16 characters.

trace-profile-name

Specifies the name of the trace profile to be applied. The default parameters is used if a trace profile is not specified.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>call-trace trace-profile)

Full Context

configure call-trace trace-profile

Description

This command creates a profile that can be applied to a specific trace job.

Parameters

profile-name

Specifies the unique name of the call trace profile.

create

Keyword used to create the trace profile instance. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>port>sonet-sdh>path trace-string)

Full Context

configure port sonet-sdh path trace-string

Description

This command specifies that a J1-path-trace that identifies the circuit is inserted continuously at source. This can be checked against the expected value by the receiver. If no trace string is entered then a null string is used.

The no form of this command resets the string to its default.

This command is supported on TDM satellite.

Default

The default J1 value is Alcatel XXX YYY where XXX is the platform number, such as "7750” or "7450”, and YYY is the platform acronym, such as "SR” or "ESS”. The value does not change when the encap-type changes. The J1 string contains all zeros for a non-provisioned path.

Parameters

trace-string

Specifies either a string up to 62 bytes for SONET or 15 bytes for SDH. If the string contains spaces, enclose it in quotation marks. String 'zeros’ will send all zeros in the J1 bytes.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (traceroute)

Full Context

traceroute

Description

This command determines the route to a destination address. DNS lookups for the responding hosts are enabled by default.

Parameters

candidate-path

Specifies a candidate path of the SRv6 policy to traceroute. The candidate path does not need to be the currently active candidate path.

dest-port-udp-fixed

Specifies that the destination UDP port number should not increment with each packet transmitted. By default, the UDP traceroute starts with destination UDP port 33434 and each subsequent packet sent to this destination UDP port increases by 1. The next packet uses UDP seat port 33435, the next 33436, and so on.

For a UDP test, this parameter prevents the per-transmitted packet increment of the destination UDP port number. The TCP protocol does not increment the destination TCP port, using a single destination TCP port for all traceroute packets for the test.

decode

Perform additional original datagram parsing functions. This parameter must be used with the detail parameter.

detail

Specifies to display additional information about the resulting packet.

distinguisher

Specifies the distinguisher of the SRv6 policy candidate path to send the traceroute probe on. This parameter must be configured if protocol-owner is configured to bgp.

Values

1 to 4294967295

dns-name

Specifies the DNS name, up to 63 characters, of the far-end device on which to send the traceroute request message.

endpoint ipv6-address

Specifies an SRv6 policy for a specific endpoint as the target of the traceroute.

Values

ipv6-address:	x:x:x:x:x:x:x:x
	x:x:x:x:x:x:d.d.d.d
	x:	[0 to FFFF]H
	d:	[0 to 255]D

ip-address

Specifies the far-end IP address on which to send the traceroute request message in dotted decimal notation.

Values

ipv4-address:	a.b.c.d
ipv6-address:	x:x:x:x:x:x:x:x
	x:x:x:x:x:x:d.d.d.d
	x:	[0 to FFFF]H
	d:	[0 to 255]D

max-ttl

Specifies the maximum Time-To-Live (TTL) value to include in the traceroute request, expressed as a decimal integer.

Values

1 to 255

Default

30

milliseconds

Specifies the time in milliseconds to wait for a response to a probe, expressed as a decimal integer.

Values

1 to 60000

Default

5000

min-ttl

Specifies the IP TTL in the initial traceroute packet to target a specific node or starting node along the path.

Values

1 to 255

Default

1

no-dns

Specifies that, when the no-dns keyword is specified, DNS lookups of the responding hosts are not performed, and only the IP addresses are printed.

original-datagram

Parse the returned original datagram including any IPv6 and SRH header information.

pad-size

Specifies the number of bytes added to the UDP or TCP payload.

Values

0 to 9786

Default

0

port-number

Specifies the transport protocol destination port number.

Values

1 to 65535

Default

33434

preference

Specifies the preference of the SRv6 policy candidate path to send the traceroute probe on.

Values

0 to 4294967295

Default

100

probes-per-hop

Specifies the number of probes per hop.

Values

1 to 10

Default

3

protocol-owner

Specifies the protocol owner of the SRv6 policy candidate path to traceroute.

Values

bgp — Specifies a BGP SRv6 policy.

static — Specifies a locally configured static SRv6 policy.

protocol udp | tcp

Sets the transport protocol for the traceroute packet. The TCP protocol is silently discarded on a targeted VRPN service. VPRN services only respond to UDP traceroutes.

Default

udp

router-or-service

Specifies the routing instance or service, by number. The router-instance parameter is the preferred parameter to specify the router or service.

Values

router-name: Base, management, vpls-management

vprn-svc-id: 1 to 2147483647

Default

Base

router-instance

Specifies the preferred method for entering a service name. Stored as the service name, this is the only service-linking function allowed for both mixed-mode and model-driven configuration modes.

Values

router-name: Base, management, vpls-management

vprn-svc-name: up to 64 characters

service-name

Specifies the alias function that allows the service name to be used, converted, and stored as service ID.

source ip-address

Specifies the source IP address to use as the source of the probe packets, in dotted decimal notation. If the IP address is not one of the device’s interfaces, an error is returned.

Values

ipv4-address:	a.b.c.d
ipv6-address:	x:x:x:x:x:x:x:x (eight 16-bit pieces)
	x:x:x:x:x:x:d.d.d.d
	x:	[0 to FFFF]H
	d:	[0 to 255]D

type-of-service

Specifies the Type-of-Service (ToS) bits in the IP header of the probe packets, expressed as a decimal integer.

Values

0 to 255

Default

0

srv6-policy

Keyword to specify that the traceroute probe is applied to an SRv6 policy matching a specific color and endpoint. The traceroute probe may optionally be targeted at a specific segment list of the SRv6 policy. When the segment list is not specified, the traceroute probe is sent on the lowest available segment list.

color-id

Specifies the SRv6 policy color ID.

Values

0 to 4294967295

segment-list

Specifies the SRv6 policy segment list to trace.

Values

1 to 32

Platforms

All

Output

ICMPv4 Type 3 symbols in CLI, ICMPv6 Type 1 symbols in CLI, and ICMPv6 Type 2 symbols in CLI describe the ICMPv4 Type 3, and the ICMPv6 Type 1 and 2 symbols in the CLI outputs. For references without a symbol in the form !<code>, see www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml.

The following output is an example of traceroute for an IPv4 prefix.

A:node-2# traceroute 192.168.xx.xx4
traceroute to 192.168.xx.xx4, 30 hops max, 40 byte packets
 1  192.168.xx.xx4 0.000 ms  0.000 ms  0.000 ms

The following output is an example of traceroute for an IPv4 prefix resolved to an IPv4 SR policy with ICMP tunneling enabled.

A:node-2# traceroute 11.21.1.6 detail no-dns 
traceroute to 11.21.1.6, 30 hops max, 40 byte packets
  1   1  10.10.11.3  3.36 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =   28303, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =   28306, Exp = 7, TTL =   1, S = 0
             entry  3:  MPLS Label =  524283, Exp = 7, TTL =   1, S = 1
  1   2  10.10.11.3  3.68 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =   28303, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =   28306, Exp = 7, TTL =   1, S = 0
             entry  3:  MPLS Label =  524283, Exp = 7, TTL =   1, S = 1
  1   3  10.10.11.3  4.18 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =   28303, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =   28306, Exp = 7, TTL =   1, S = 0
             entry  3:  MPLS Label =  524283, Exp = 7, TTL =   1, S = 1
  2   1  10.10.10.5  3.77 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =   28506, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =  524283, Exp = 7, TTL =   2, S = 1
  2   2  10.10.10.5  8.02 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =   28506, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =  524283, Exp = 7, TTL =   2, S = 1
  2   3  10.10.10.5  4.72 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =   28506, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =  524283, Exp = 7, TTL =   2, S = 1
  3   1  11.21.1.6  5.33 ms
  3   2  11.21.1.6  4.77 ms
  3   3  11.21.1.6  4.07 ms

The following output is an example of traceroute for an IPv6 prefix resolved to an IPv4 SR policy with ICMP tunneling enabled.

A:node-2# traceroute fc00::b15:106 detail no-dns 
traceroute to fc00::b15:106, 30 hops max, 60 byte packets
  1   1  fc00::a0a:b03  3.41 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =   28303, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =   28306, Exp = 7, TTL =   1, S = 0
             entry  3:  MPLS Label =       2, Exp = 7, TTL =   1, S = 1
  1   2  fc00::a0a:b03  2.58 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =   28303, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =   28306, Exp = 7, TTL =   1, S = 0
             entry  3:  MPLS Label =       2, Exp = 7, TTL =   1, S = 1
  1   3  fc00::a0a:b03  3.90 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =   28303, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =   28306, Exp = 7, TTL =   1, S = 0
             entry  3:  MPLS Label =       2, Exp = 7, TTL =   1, S = 1
  2   1  fc00::a0a:a05  4.65 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =   28506, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =       2, Exp = 7, TTL =   2, S = 1
  2   2  fc00::a0a:a05  4.85 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =   28506, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =       2, Exp = 7, TTL =   2, S = 1
  2   3  fc00::a0a:a05  4.78 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =   28506, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =       2, Exp = 7, TTL =   2, S = 1
  3   1  fc00::b15:106  2.89 ms
  3   2  fc00::b15:106  3.58 ms
  3   3  fc00::b15:106  4.15 ms

The following output is an example of traceroute for an IPv6 prefix resolved to an IPv6 SR-OSPF3 tunnel with ICMP tunneling enabled.

A:node-2# traceroute fc00::b14:106 detail 
traceroute to fc00::b14:106, 30 hops max, 60 byte packets
  1   1  fc00::a0a:402  (fc00::a0a:402)  4.38 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =   29266, Exp = 7, TTL =   1, S = 1
  1   2  fc00::a0a:402  (fc00::a0a:402)  3.42 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =   29266, Exp = 7, TTL =   1, S = 1
  1   3  fc00::a0a:402  (fc00::a0a:402)  4.19 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =   29266, Exp = 7, TTL =   1, S = 1
  2   1  fc00::a0a:904  (fc00::a0a:904)  4.05 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =   29466, Exp = 7, TTL =   1, S = 1
  2   2  fc00::a0a:904  (fc00::a0a:904)  3.62 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =   29466, Exp = 7, TTL =   1, S = 1
  2   3  fc00::a0a:904  (fc00::a0a:904)  4.64 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =   29466, Exp = 7, TTL =   1, S = 1
  3   1  fc00::b14:106  (fc00::b14:106)  3.35 ms
  3   2  fc00::b14:106  (fc00::b14:106)  4.02 ms
  3   3  fc00::b14:106  (fc00::b14:106)  3.30 ms

The following output is an example of traceroute for a label-ipv4 prefix resolved to an IPv6 SR-TE LSP with ICMP tunneling enabled (requires IPv4 system address).

A:node-2# traceroute 11.21.1.1 source 11.21.1.6 detail 
traceroute to 11.21.1.1 from 11.21.1.6, 30 hops max, 40 byte packets
  1   1  10.20.1.4  (10.20.1.4)  4.96 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =  524270, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =  524285, Exp = 7, TTL =   1, S = 0
             entry  3:  MPLS Label =  524236, Exp = 7, TTL =   1, S = 1
  1   2  10.20.1.4  (10.20.1.4)  5.35 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =  524270, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =  524285, Exp = 7, TTL =   1, S = 0
             entry  3:  MPLS Label =  524236, Exp = 7, TTL =   1, S = 1
  1   3  10.20.1.4  (10.20.1.4)  5.43 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =  524270, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =  524285, Exp = 7, TTL =   1, S = 0
             entry  3:  MPLS Label =  524236, Exp = 7, TTL =   1, S = 1
  2   1  10.20.1.2  (10.20.1.2)  4.72 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =  524285, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =  524236, Exp = 7, TTL =   2, S = 1
  2   2  10.20.1.2  (10.20.1.2)  5.71 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =  524285, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =  524236, Exp = 7, TTL =   2, S = 1
  2   3  10.20.1.2  (10.20.1.2)  5.03 ms
         returned MPLS Label Stack Object
            entry  1:  MPLS Label =  524285, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =  524236, Exp = 7, TTL =   2, S = 1
  3   1  11.21.1.1  (11.21.1.1)  3.51 ms
  3   2  11.21.1.1  (11.21.1.1)  3.91 ms
  3   3  11.21.1.1  (11.21.1.1)  3.09 ms

The following output is an example of traceroute for a label-ipv6 prefix resolved to an IPv4 SR-TE LSP with ICMP tunneling enabled.

A:node-2# traceroute fc00::b15:101 detail 
traceroute to fc00::b15:101, 30 hops max, 60 byte packets
  1   1  fc00::a0a:404  (fc00::a0a:404)  3.36 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =  524270, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =  524285, Exp = 7, TTL =   1, S = 0
             entry  3:  MPLS Label =       2, Exp = 7, TTL =   1, S = 1
  1   2  fc00::a0a:404  (fc00::a0a:404)  3.46 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =  524270, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =  524285, Exp = 7, TTL =   1, S = 0
             entry  3:  MPLS Label =       2, Exp = 7, TTL =   1, S = 1
  1   3  fc00::a0a:404  (fc00::a0a:404)  3.77 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =  524270, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =  524285, Exp = 7, TTL =   1, S = 0
             entry  3:  MPLS Label =       2, Exp = 7, TTL =   1, S = 1
  2   1  fc00::a0a:102  (fc00::a0a:102)  4.54 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =  524285, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =       2, Exp = 7, TTL =   2, S = 1
  2   2  fc00::a0a:102  (fc00::a0a:102)  4.70 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =  524285, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =       2, Exp = 7, TTL =   2, S = 1
  2   3  fc00::a0a:102  (fc00::a0a:102)  3.63 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =  524285, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =       2, Exp = 7, TTL =   2, S = 1
  3   1  fc00::b15:101  (fc00::b15:101)  3.40 ms
  3   2  fc00::b15:101  (fc00::b15:101)  3.15 ms
  3   3  fc00::b15:101  (fc00::b15:101)  3.23 ms

The following output is an example of traceroute for a vpn-ipv4 prefix resolved to an IPv6 SR-TE LSP with ICMP tunneling enabled (requires IPv4 system address).

A:node-2# traceroute router-instance "vprn.sr-te.4" 1.0.4.1 source 6.0.4.1 detail 
traceroute to 1.0.4.1 from 6.0.4.1, 30 hops max, 40 byte packets
  1   1  10.20.1.4  (10.20.1.4)  5.03 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =   28462, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =   28261, Exp = 7, TTL =   1, S = 0
             entry  3:  MPLS Label =  524241, Exp = 7, TTL =   1, S = 1
  1   2  10.20.1.4  (10.20.1.4)  4.52 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =   28462, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =   28261, Exp = 7, TTL =   1, S = 0
             entry  3:  MPLS Label =  524241, Exp = 7, TTL =   1, S = 1
  1   3  10.20.1.4  (10.20.1.4)  5.61 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =   28462, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =   28261, Exp = 7, TTL =   1, S = 0
             entry  3:  MPLS Label =  524241, Exp = 7, TTL =   1, S = 1
  2   1  10.20.1.2  (10.20.1.2)  5.38 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =   28262, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =   28261, Exp = 7, TTL =   2, S = 0
             entry  3:  MPLS Label =  524241, Exp = 7, TTL =   2, S = 1
  2   2  10.20.1.2  (10.20.1.2)  5.39 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =   28262, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =   28261, Exp = 7, TTL =   2, S = 0
             entry  3:  MPLS Label =  524241, Exp = 7, TTL =   2, S = 1
  2   3  10.20.1.2  (10.20.1.2)  5.27 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =   28262, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =   28261, Exp = 7, TTL =   2, S = 0
             entry  3:  MPLS Label =  524241, Exp = 7, TTL =   2, S = 1
  3   1  1.0.4.1  (1.0.4.1)  4.09 ms
  3   2  1.0.4.1  (1.0.4.1)  4.47 ms
  3   3  1.0.4.1  (1.0.4.1)  4.13 ms

The following output is an example of traceroute for a vpn-ipv6 prefix resolved to an IPv6 SR-TE LSP with ICMP tunneling enabled.

A:node-2# traceroute router 5004 fc00::100:401 detail 
traceroute to fc00::100:401, 30 hops max, 60 byte packets
  1   1  fc00::a0a:404  (fc00::a0a:404)  5.45 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =   28462, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =   28261, Exp = 7, TTL =   1, S = 0
             entry  3:  MPLS Label =  524241, Exp = 7, TTL =   1, S = 1
  1   2  fc00::a0a:404  (fc00::a0a:404)  5.14 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =   28462, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =   28261, Exp = 7, TTL =   1, S = 0
             entry  3:  MPLS Label =  524241, Exp = 7, TTL =   1, S = 1
  1   3  fc00::a0a:404  (fc00::a0a:404)  5.31 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =   28462, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =   28261, Exp = 7, TTL =   1, S = 0
             entry  3:  MPLS Label =  524241, Exp = 7, TTL =   1, S = 1
  2   1  fc00::a0a:102  (fc00::a0a:102)  4.70 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =   28262, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =   28261, Exp = 7, TTL =   2, S = 0
             entry  3:  MPLS Label =  524241, Exp = 7, TTL =   2, S = 1
  2   2  fc00::a0a:102  (fc00::a0a:102)  5.20 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =   28262, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =   28261, Exp = 7, TTL =   2, S = 0
             entry  3:  MPLS Label =  524241, Exp = 7, TTL =   2, S = 1
  2   3  fc00::a0a:102  (fc00::a0a:102)  5.16 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =   28262, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =   28261, Exp = 7, TTL =   2, S = 0
             entry  3:  MPLS Label =  524241, Exp = 7, TTL =   2, S = 1
  3   1  fc00::100:401  (fc00::100:401)  5.38 ms
  3   2  fc00::100:401  (fc00::100:401)  4.48 ms
  3   3  fc00::100:401  (fc00::100:401)  4.39 ms

The following output is an example of traceroute for an IPv4 prefix using the tcp and the detail options.

A:node-2# traceroute 192.168.34.2 protocol tcp detail
traceroute to 192.168.34.2, 30 hops max, 40 byte packets
  1   1  192.168.13.2  (192.168.13.2)  0.755 ms
  1   2  192.168.13.2  (192.168.13.2)  0.913 ms
  1   3  192.168.13.2  (192.168.13.2)  0.928 ms
  2   1  192.168.34.2  (192.168.34.2)  1.19 ms (port closed)
  2   2  192.168.34.2  (192.168.34.2)  1.29 ms (port closed)
  2   3  192.168.34.2  (192.168.34.2)  1.59 ms (port closed)

The following output is an example of traceroute for an IPv4 prefix using the tcp and the detail options.

A:node-2# traceroute 192.168.34.2 protocol tcp dest-port 862 detail
traceroute to 192.168.34.2, 30 hops max, 40 byte packets
  1   1  192.168.13.2  (192.168.13.2)  0.915 ms
  1   2  192.168.13.2  (192.168.13.2)  0.861 ms
  1   3  192.168.13.2  (192.168.13.2)  0.825 ms
  2   1  192.168.34.2  (192.168.34.2)  1.42 ms (port open)
  2   2  192.168.34.2  (192.168.34.2)  1.27 ms (port open)
  2   3  192.168.34.2  (192.168.34.2)  1.52 ms (port open)

The following output is an example of traceroute of an SRv6 SID using the decode original-datagram option.

A:node-2# traceroute 2002:abcd:1100:102:1:: detail decode original-datagram probe-count 1 
traceroute to 2002:abcd:1100:102:1::, 30 hops max, 60 byte packets
  1   1  2001:100:4:12::4  (2001:100:4:12::4)  1.23 ms
         Original Datagram
             IPv6 Header, Hop Limit 1, DSCP be
                 SA = 2001:1:1:1::112, DA = 2002:abcd:1100:102:1::
  2   1  2001:100:3:4::3  (2001:100:3:4::3)  2.25 ms
         Original Datagram
             IPv6 Header, Hop Limit 1, DSCP be
                 SA = 2001:1:1:1::112, DA = 2002:abcd:1100:101:1::
             Segment Routing Header SRv6, Segments Left 1
                 Segment_List[0] = 2002:abcd:1100:102:1::
  3   1  2001:100:1:3::1  (2001:100:1:3::1)  3.21 ms
         Original Datagram
             IPv6 Header, Hop Limit 1, DSCP be
                 SA = 2001:1:1:1::112, DA = 2002:abcd:1100:101:1::
             Segment Routing Header SRv6, Segments Left 1
                 Segment_List[0] = 2002:abcd:1100:102:1::
  4   1  2001:1:1:1::102  (2001:1:1:1::102)  9.16 ms
         Original Datagram
             IPv6 Header, Hop Limit 1, DSCP be
                 SA = 2001:1:1:1::112, DA = 2002:abcd:1100:102:1::
             Segment Routing Header SRv6, Segments Left 0
                 Segment_List[0] = 2002:abcd:1100:102:1::

The following output is an example of traceroute of an SRv6 policy.

A:node-2# traceroute srv6-policy color 10 endpoint 6:6:6:6::86 probe-count 1                                 
traceroute srv6-policy color 10 endpoint 6:6:6:6::86, 30 hops max, 60 byte packets (excluding SRH)
  1  fc00::a0a:203 (fc00::a0a:203)    2.76 ms
  2  fc00::a0a:505 (fc00::a0a:505)    5.11 ms
  3  6:6:6:6::86 (6:6:6:6::86)    6.18 ms

The following output is an example of traceroute of an SRv6 policy using the decode original-datagram option.

A:node-2# traceroute srv6-policy color 10 endpoint 6:6:6:6::86 probe-count 1 detail decode original-datagram 
traceroute srv6-policy color 10 endpoint 6:6:6:6::86, 30 hops max, 60 byte packets (excluding SRH)
  1   1  fc00::a0a:203  (fc00::a0a:203)  2.70 ms
         Original Datagram
             IPv6 Header, Hop Limit 1, DSCP be
                 SA = 1:1:1:1::61, DA = 3:3:3:3:0:a::
             Segment Routing Header SRv6, Segments Left 2
                 Segment_List[0] = 6:6:6:6::86
                 Segment_List[1] = 5:5:5:5:0:a::
  2   1  fc00::a0a:505  (fc00::a0a:505)  4.88 ms
         Original Datagram
             IPv6 Header, Hop Limit 1, DSCP be
                 SA = 1:1:1:1::61, DA = 5:5:5:5:0:a::
             Segment Routing Header SRv6, Segments Left 1
                 Segment_List[0] = 6:6:6:6::86
                 Segment_List[1] = 5:5:5:5:0:a::
  3   1  6:6:6:6::86  (6:6:6:6::86)  5.51 ms
         Original Datagram
             IPv6 Header, Hop Limit 1, DSCP be
                 SA = 1:1:1:1::61, DA = 6:6:6:6::86

The following output is an example of traceroute for a candidate path of an SRv6 policy.

A:node-2# traceroute srv6-policy color 20 endpoint fc00::a14:106 probe-count 1 detail candidate-path protocol-owner static distinguisher 126 preference 100 
traceroute srv6-policy color 20 endpoint fc00::a14:106 candidate-path protocol-owner static preference 100 distinguisher 126, 30 hops max, 60 byte packets (excluding SRH)
  1   1  fc00::a0a:203  (fc00::a0a:203)  2.87 ms
  2   1  fc00::a0a:505  (fc00::a0a:505)  4.58 ms
  3   1  fc00::a14:106  (fc00::a14:106)  6.28 ms

Context

[Tree] (config>service>ies>if>ipv6>vrrp traceroute-reply)

Full Context

configure service ies interface ipv6 vrrp traceroute-reply

Description

This command is valid only if the VRRP virtual router instance associated with this entry is a non-owner.

When this command is enabled, a non-owner master can reply to traceroute requests directed to the virtual router instance IP addresses.

A non-owner backup virtual router never responds to such traceroute requests regardless of the trace-route-reply status.

Default

no traceroute-reply

Platforms

All

Context

[Tree] (config>service>ies>if>vrrp traceroute-reply)

Full Context

configure service ies interface vrrp traceroute-reply

Description

This command is valid only if the VRRP virtual router instance associated with this entry is a non-owner.

When this command is enabled, a non-owner master can reply to traceroute requests directed to the virtual router instance IP addresses.

A non-owner backup virtual router never responds to such traceroute requests regardless of the trace-route-reply status.

Default

no traceroute-reply

Platforms

All

Context

[Tree] (config>service>vprn>if>vrrp traceroute-reply)

[Tree] (config>service>vprn>if>ipv6>vrrp traceroute-reply)

Full Context

configure service vprn interface vrrp traceroute-reply

configure service vprn interface ipv6 vrrp traceroute-reply

Description

This command is valid only if the VRRP virtual router instance associated with this entry is a non-owner.

When this command is enabled, a non-owner master can reply to traceroute requests directed to the virtual router instance IP addresses.

A non-owner backup virtual router never responds to such traceroute requests regardless of the trace-route-reply status.

Default

no traceroute-reply

Platforms

All

Context

[Tree] (config>router>if>ipv6>vrrp traceroute-reply)

[Tree] (config>router>if>vrrp traceroute-reply)

Full Context

configure router interface ipv6 vrrp traceroute-reply

configure router interface vrrp traceroute-reply

Description

This command is valid only if the VRRP virtual router instance associated with this entry is a non-owner.

When this command is enabled, a non-owner master can reply to traceroute requests directed to the virtual router instance IP addresses.

A non-owner backup virtual router never responds to such traceroute requests regardless of the trace-route-reply status.

Traceroute must not have been disabled at the management security level (either on the parental IP interface or the source host address).

Default

no traceroute-reply

Platforms

All

Context

[Tree] (config>service>vprn>radius-proxy>server>cache track-accounting)

[Tree] (config>router>radius-proxy>server>cache track-accounting)

Full Context

configure service vprn radius-proxy server cache track-accounting

configure router radius-proxy server cache track-accounting

Description

This command specifies the type of RADIUS accounting packets from RADIUS client (a WIFI AP) that the router should track.

The no form of this command removes the parameters from the configuration.

Parameters

start

Specifies that the router will update the associated ESM-host with the RADIUS client (for example, a WIFI AP) that generated the accounting-start. This is required in cases where a UE roams to a new AP that does not re-authenticate due to key caching.

stop

Specifies that the router will remove the corresponding ESM host and forward the accounting-stop packet to the external RADIUS server.

accounting-on | accounting-off

Specifies that the router will remove all ESM hosts associated with the RADIUS client (a WIFI AP), and forward the accounting-on packet to the external RADIUS server.

interim-update

Specifies that the router will update the associated ESM-host with the RADIUS client (a WIFI AP) that generated the interim-update. The interim-updates with the updated information are sent to the RADIUS server as scheduled.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>router>radius-proxy>server>cache track-authentication)

[Tree] (config>service>vprn>radius-proxy>server>cache track-authentication)

Full Context

configure router radius-proxy server cache track-authentication

configure service vprn radius-proxy server cache track-authentication

Description

This command specifies if RADIUS authentication (from the AP) should be tracked in order to update the ESM host with the RADIUS client (for example, WIFI AP) on UE mobility. It also specifies the authentication packet from RADIUS client (for example, a WIFI AP) that the router should track for mobility.

The no form of this command stops tracking authentication for UE mobility.

Default

track-authentication accept

Parameters

accept

Indicates access-accept is tracked for mobility.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>router>radius-proxy>server>cache track-delete-hold-time)

Full Context

configure router radius-proxy server cache track-delete-hold-time

Description

This command specifies the delete hold-time in case the DHCP host gets a trigger to delete from the matched RADIUS Proxy server.

The no form of this command reverts to the default.

Default

track-delete-hold-time 0

Parameters

seconds

Specifies the delete hold time, in seconds.

Values

0 to 600

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range track-mobility)

[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range track-mobility)

Full Context

configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range track-mobility

configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range track-mobility

Description

Commands in this context configure RADIUS-proxy cache information required for subscribers that are created via data-triggered authentication. The RADIUS proxy cache enables efficient handling of UE mobility.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vprn>l2tp>group>l2tpv3 track-password-change)

Full Context

configure service vprn l2tp group l2tpv3 track-password-change

Description

This command enables tracking of password changes, allowing password tunnel passwords to be changed without bringing down active tunnels or sessions. This is only supported with L2TPv3.

The no form of this command disables password change tracking.

Default

no track-password-change

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vprn>l2tp>failover track-srrp)

[Tree] (config>router>l2tp>failover track-srrp)

Full Context

configure service vprn l2tp failover track-srrp

configure router l2tp failover track-srrp

Description

This command sets the sync-tag to be used to synchronize the tunnels with track-srrp srrp-id to MCS peer IP-@. The same sync-tag should be configured on the MCS peer.

The no form of this command reverts to the default.

Default

Removes the sync-tag for the indicated track-srrp.

Parameters

srrp-instance

Specifies the Simple Router Redundancy Protocol (SRRP) instance used for Multi-Chassis redundancy failover that is associated with this Layer Two Tunneling Protocol Tunnel.

sync-tag

Specifies a synchronization tag to be used while synchronizing with the peer.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>redundancy>multi-chassis>peer>sync>track-srrp-instances track-srrp)

Full Context

configure redundancy multi-chassis peer sync track-srrp-instances track-srrp

Description

This command configures a tracked SRRP instance.

The no form of this command removes the SRRP instance identifier from the configuration.

Parameters

srrp-instance

Indicates the unique identifier of the tracked SRRP instance.

Values

1 to 4294967295

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vpls>sap track-srrp)

Full Context

configure service vpls sap track-srrp

Description

This command configures the SRRP instance this capture SAP will track. This is a capture SAP level command. This command is important in PPPoE deployments with MSAPs. PPPoE operation requires that the MAC address learned by the client at the very beginning of the session negotiation phase remains unchanged for the lifetime of the session (RFC 2516). This command ensures that the virtual MAC address used during the PPPoE session negotiation phase on the capture SAP is the same virtual MAC address that is used by the SRRP on the group interface on which the session is established. Therefore, it is mandated that the SRRP instance (and implicitly the group-interface) where the session belongs to is known in advance. If the group interface name for the session is returned by the RADIUS, it must be ensured that this group interface is the one on which the tracked SRRP instance is configured. PPPoE sessions on the same capture SAP cannot be shared across multiple group interfaces, but instead they all must belong to a single group interface that is known in advance.

The same restrictions apply to IPoE clients in MC Redundancy scenario if they are to be supported concurrently on the same capture SAP as PPPoE.

The supported capture SAP syntax is this:

sap <port-id>:X.* capture-sap

The capture SAP syntax that is not supported is this:

sap <port-id>:*.* capture-sap

The no form of this command removes the SRRP ID from this configuration.

Parameters

srrp-id

Specifies the SRRP instance number.

Values

1 to 4294967295

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>redundancy>multi-chassis>peer>sync track-srrp-instances)

Full Context

configure redundancy multi-chassis peer sync track-srrp-instances

Description

Commands in this context configure tracked SRRP instances.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vprn>mvpn>pt>inclusive>pim tracking-support)

Full Context

configure service vprn mvpn provider-tunnel inclusive pim tracking-support

Description

This command enables the setting of the T bit in the LAN Prune Delay option of the Hello message. This indicates the router's capability to disable Join message suppression.

The no form of this command disables the setting.

Default

no tracking-support

Platforms

All

Context

[Tree] (config>service>vprn>pim>if tracking-support)

Full Context

configure service vprn pim interface tracking-support

Description

This command sets the T bit in the LAN Prune Delay option of the Hello Message. This indicates the router's capability to disable Join message suppression.

Default

no tracking-support

Platforms

All

Context

[Tree] (config>router>pim>interface tracking-support)

Full Context

configure router pim interface tracking-support

Description

This command sets the T bit in the LAN Prune Delay option of the Hello Message. This indicates the router's capability to enable join message suppression. This capability allows for upstream routers to explicitly track join membership.

The no form of this command disables tracking support.

Default

no tracking-support

Platforms

All

Context

[Tree] (debug>app-assure>group traffic-capture)

Full Context

debug application-assurance group traffic-capture

Description

This command configures debugging for traffic capture.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>test-oam>build-packet>header>mpls traffic-class)

[Tree] (debug>oam>build-packet>packet>field-override>header>mpls traffic-class)

Full Context

configure test-oam build-packet header mpls traffic-class

debug oam build-packet packet field-override header mpls traffic-class

Description

This command defines the traffic class value to be used in the MPLS header.

The no form of this command removes the traffic class value.

Default

traffic-class 0 (BE)

Parameters

traffic-class

Specifies the MPLS traffic class to be used in the MPLS header.

Values

0 to 7

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>app-assure>group>policy>aqp>entry>match traffic-direction)

Full Context

configure application-assurance group policy app-qos-policy entry match traffic-direction

Description

This command specifies the direction of traffic where the AQP match entry will be applied.

To use a policer action with the AQP entry the match criteria must specify a traffic-direction of either subscriber-to-network or network-to-subscriber.

Default

traffic-direction both

Parameters

subscriber-to-network

Traffic from a local subscriber will match this AQP entry.

network-to-subscriber

Traffic to a local subscriber will match this AQP entry.

both

Combines subscriber-to-network and network-to-subscriber.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>router>isis traffic-engineering)

Full Context

configure router isis traffic-engineering

Description

This command enables this IS-IS instance to advertise TE link attributes for RSVP-TE and SR-TE enabled interfaces.

Default

no traffic-engineering

Platforms

All

Context

[Tree] (config>router>ospf traffic-engineering)

Full Context

configure router ospf traffic-engineering

Description

This command enables the advertisement of the traffic engineering information for the router and its links.

Traffic engineering enables the router to perform route calculations constrained by nodes or links. The traffic engineering of this router are limited to calculations based on link and nodal constraints.

The no form of this command disables the advertisement of the traffic engineering information.

Default

no traffic-engineering

Platforms

All

Context

[Tree] (config>router>isis traffic-engineering-options)

Full Context

configure router isis traffic-engineering-options

Description

Commands in this context configure advanced traffic-engineering options.

The no form of this command deletes the context.

Default

no traffic-engineering-options

Platforms

All

Context

[Tree] (config>router>ospf traffic-engineering-options)

Full Context

configure router ospf traffic-engineering-options

Description

Commands in this context configure the advanced traffic-engineering options.

The no form of this command removes the context to configure the advanced traffic-engineering options.

Default

no traffic-engineering-options

Platforms

All

Context

[Tree] (config>service>vprn>nat>inside traffic-identification)

[Tree] (config>router>nat>inside traffic-identification)

Full Context

configure service vprn nat inside traffic-identification

configure router nat inside traffic-identification

Description

Commands in this context configure traffic idenification for NAT processing.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vprn>mvpn>pt>selective>umh-rm>group>source traffic-rate-delta)

[Tree] (config>service>vprn>mvpn>pt>inclusive>umh-rm traffic-rate-delta)

Full Context

configure service vprn mvpn provider-tunnel selective umh-rate-monitoring group source traffic-rate-delta

configure service vprn mvpn provider-tunnel inclusive umh-rate-monitoring traffic-rate-delta

Description

This command configures the bandwidth delta upwards of which the traffic is switched from the primary UMH to the backup UMH.

The no form of this command removes UMH redundancy with bandwidth monitoring.

Default

1

Parameters

rate

Specifies the bandwidth delta, in kbps.

Values

1 to 4294967294

Platforms

All

Context

[Tree] (config>app-assure>group>statistics>aa-partition traffic-type)

Full Context

configure application-assurance group statistics aa-partition traffic-type

Description

This command enables traffic type statistics collection within an aa-partition.

The no form of this command disables traffic type statistics collection.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>port transceiver)

Full Context

configure port transceiver

Description

Commands in this context configure transceiver parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>service>ies>if>sap>ipsec-gw transform)

[Tree] (config>service>vprn>if>ipsec>ipsec-tunnel>dyn transform)

[Tree] (config>service>vprn>if>sap>ipsec-tunnel transform)

[Tree] (config>router>if>ipsec>ipsec-tunnel>dyn transform)

[Tree] (config>service>ies>if>ipsec>ipsec-tunnel>dyn transform)

[Tree] (config>service>vprn>if>sap>ipsec-gw transform)

[Tree] (config>ipsec>trans-mode-prof>dyn transform)

[Tree] (config>ipsec>tnl-temp transform)

Full Context

configure service ies interface sap ipsec-gw transform

configure service vprn interface ipsec ipsec-tunnel dynamic-keying transform

configure service vprn interface sap ipsec-tunnel transform

configure router interface ipsec ipsec-tunnel dynamic-keying transform

configure service ies interface ipsec ipsec-tunnel dynamic-keying transform

configure service vprn interface sap ipsec-gw transform

configure ipsec ipsec-transport-mode-profile dynamic-keying transform

configure ipsec tunnel-template transform

Description

This command associates the IPsec transform sets allowed for this the CHILD_SA. A maximum of four transforms can be specified. The transforms are listed in decreasing order of preference (the first one specified is the most preferred).

The no form of this command removes the transform ID from the configuration.

Default

no transform

Parameters

transform-id

Specifies a number to identify a tranform used for CHILD_SA negotiation. Up to four transform ID can be specified.

Values

1 to 2048

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

• configure ipsec tunnel-template transform
• configure service vprn interface sap ipsec-gw transform
• configure ipsec ipsec-transport-mode-profile dynamic-keying transform
• configure service vprn interface sap ipsec-tunnel transform
• configure service ies interface sap ipsec-gw transform

VSR

• configure router interface ipsec ipsec-tunnel dynamic-keying transform
• configure service vprn interface ipsec ipsec-tunnel dynamic-keying transform
• configure service ies interface ipsec ipsec-tunnel dynamic-keying transform

Context

[Tree] (config>service>vprn>if>sap>ipsec-tun>dyn transform)

Full Context

configure service vprn interface sap ipsec-tunnel dynamic-keying transform

Description

This command associates the IPsec transform sets allowed for this tunnel. A maximum of four transforms can be specified. The transforms are listed in decreasing order of preference (the first one specified is the most preferred).

Default

no transform

Parameters

transform-id

Specifies the value used for transforms for dynamic keying.

Values

1 to 2048

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vprn>ttl-propagate transit)

Full Context

configure service vprn ttl-propagate transit

Description

This command overrides the global configuration of the TTL propagation for in transit packets which are forwarded over a MPLS LSPs in a given VPRN service context.

The global configuration is performed under config>router>ttl-propagate>vprn-transit.

The default behavior for a given VPRN instance is to inherit the global configuration for the same command. The user can explicitly set the default behavior by configuring the inherit value.

Default

transit inherit

Parameters

inherit

specifies the TTL propagation behavior is inherited from the global configuration under config>router>ttl-propagate>vprn-transit.

none

specifies the TTL of the IP packet is not propagated into the VC label or labels in the transport label stack.

vc-only

specifies the TTL of the IP packet is propagated into the VC label and not into the labels. in the transport label stack

all

specifies the TTL of the IP packet is propagated into the VC label and all labels in the transport label stack.

Platforms

All

Context

[Tree] (config>app-assure>group>transit-ip-policy transit-auto-create)

Full Context

configure application-assurance group transit-ip-policy transit-auto-create

Description

This command enables seen-IP auto creation of transit subscribers using the transit-IP-policy name and subscriber IP address as the AA-sub name. The default app-profile configured against the transit-ip-policy is applied to these subscribers.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>vprn>ospf>area>sham-link transit-delay)

[Tree] (config>service>vprn>ospf>area>if transit-delay)

[Tree] (config>service>vprn>ospf>area>virtual-link transit-delay)

[Tree] (config>service>vprn>ospf3>area>virtual-link transit-delay)

[Tree] (config>service>vprn>ospf3>area>if transit-delay)

Full Context

configure service vprn ospf area sham-link transit-delay

configure service vprn ospf area interface transit-delay

configure service vprn ospf area virtual-link transit-delay

configure service vprn ospf3 area virtual-link transit-delay

configure service vprn ospf3 area interface transit-delay

Description

This command configures the estimated time, in seconds, that it takes to transmit a LSA on the interface or virtual link or sham-link.

The no form of this command reverts to the default delay time.

Default

transit-delay 1

Parameters

seconds

The transit delay in seconds expressed as a decimal integer.

Values

0 to 3600

Platforms

All

Context

[Tree] (config>router>ospf3>area>virtual-link transit-delay)

[Tree] (config>router>ospf>area>virtual-link transit-delay)

[Tree] (config>router>ospf>area>interface transit-delay)

[Tree] (config>router>ospf3>area>interface transit-delay)

Full Context

configure router ospf3 area virtual-link transit-delay

configure router ospf area virtual-link transit-delay

configure router ospf area interface transit-delay

configure router ospf3 area interface transit-delay

Description

This command configures the estimated time, in seconds, that it takes to transmit a link state advertisement (LSA) on the interface or virtual link.

The no form of this command reverts to the default delay time.

Default

transit-delay 1

Parameters

seconds

Specifies the transit delay in seconds expressed as a decimal integer.

Values

1 to 1800

Platforms

All

Context

[Tree] (config>app-assure>group transit-ip-policy)

Full Context

configure application-assurance group transit-ip-policy

Description

This command defines a transit AA subscriber IP policy. Transit AA subscribers are managed by the system through the use of this policy assigned to services, which determines how transit subs are created and removed for that service.

The no form of this command deletes the policy from the configuration. All associations must be removed in order to delete a policy.

Parameters

ip-policy-id

An integer that identifies a transit IP profile entry.

Values

1 to 65535

create

Keyword used to create the entry.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>router>mpls>mpls-tp transit-path)

Full Context

configure router mpls mpls-tp transit-path

Description

This command enables the configuration or editing of an MPLS-TP transit path at an LSR.

Default

no transit-path

Parameters

path-name

Specifies the template of up to 32 characters in printable 7-bit ASCII, enclosed in double quotes.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

Context

[Tree] (config>service>epipe>sap transit-policy)

[Tree] (config>service>ies>if>spoke-sdp transit-policy)

[Tree] (config>service>vpls>spoke-sdp transit-policy)

[Tree] (config>service>ies>if>sap transit-policy)

[Tree] (config>service>vpls>sap transit-policy)

[Tree] (config>service>vprn>if>spoke-sdp transit-policy)

[Tree] (config>service>vprn>if>sap transit-policy)

[Tree] (config>service>epipe>spoke-sdp transit-policy)

Full Context

configure service epipe sap transit-policy

configure service ies interface spoke-sdp transit-policy

configure service vpls spoke-sdp transit-policy

configure service ies interface sap transit-policy

configure service vpls sap transit-policy

configure service vprn interface spoke-sdp transit-policy

configure service vprn interface sap transit-policy

configure service epipe spoke-sdp transit-policy

Description

This command associates a transit AA subscriber IP or prefix policy to the service. The transit policy must be defined prior to associating the policy with a SAP in the config>app-assure>group>transit-ip-policy or transit-prefix-policy context.

The no form of this command removes the association of the policy to the service.

Default

no transit-policy

Parameters

ip-aasub-policy-id

Specifies a transit IP policy ID.

Values

1 to 65535

prefix-aasub-policy-id

Specifies a transit prefix policy ID.

Values

1 to 65535

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>service>ipipe>sap transit-policy)

[Tree] (config>service>ipipe>spoke-sdp transit-policy)

Full Context

configure service ipipe sap transit-policy

configure service ipipe spoke-sdp transit-policy

Description

This command associates an AA transit policy to the service. The transit IP policy must be defined prior to associating the policy with a SAP in the config>application assurance>group>policy>transit-ip-policy context.

Transit AA subscribers are managed by the system through this service policy, which determines how transit subs are created and removed for that service.

The no form of this command removes the association of the policy to the service.

Default

no transit-policy

Parameters

prefix-aasub-policy-id

Specifies an integer identifying a prefix transit profile entry.

Values

1 to 65535

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>isa>aa-grp transit-prefix-ipv4-entries)

Full Context

configure isa application-assurance-group transit-prefix-ipv4-entries

Description

This command defines the number of transit-prefix IPv4 entries for an ISA.

The no form of this command removes the assignment of entries space from the configuration. All entries must be removed in order to delete the configuration.

Default

no transit-prefix-ipv4-entries

Parameters

entries

Specifies an integer that determines the number of transit-prefix-ipv4 entries.

Values

0 to 16383

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>isa>aa-grp transit-prefix-ipv4-remote-entries)

Full Context

configure isa application-assurance-group transit-prefix-ipv4-remote-entries

Description

This command configures the ISA-AA-group transit prefix IPv4 remote entry limit. This entry space is allocated on the IOM within a common area with the second MDA/ISA position of the IOM and also used for IPv4filter entries for system SDPs. The per-ISA size allocated for transit-prefix-ipv4 entries should be set to allow sufficient space on the IOM for SDP IPv4 filters.

The no form of this command removes the assignment of entries space from the configuration. All entries must be removed in order to delete the configuration.

Default

no transit-prefix-ipv4-remote-entries

Parameters

entries

Specifies the ISA-AA-Group transit prefix IPv4 remote entry limit.

Values

0 to 2047

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>isa>aa-grp transit-prefix-ipv6-entries)

Full Context

configure isa application-assurance-group transit-prefix-ipv6-entries

Description

This command configures the ISA-AA-group transit prefix IPv6 entry limit for each ISA in the group. This entry space is allocated on the IOM within a common area with the second MDA / ISA position of the IOM and also used for ipv6-filter entries for system SDPs. The per-ISA size allocated for transit-prefix-ipv6 entries should be set to allow sufficient space on the IOM for SDP ipv6-filters.

The no form of this command removes the assignment of entries space from the configuration. All entries must be removed in order to delete the configuration.

Default

no transit-prefix-ipv6-entries

Parameters

entries

Specifies the ISA-AA-Group transit prefix IPv6 entry limit.

Values

0 to 8191

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>isa>aa-grp transit-prefix-ipv6-remote-entries)

Full Context

configure isa application-assurance-group transit-prefix-ipv6-remote-entries

Description

This command configures the ISA-AA-group transit prefix IPv6 remote entry limit. This entry space is allocated on the IOM within a common area with the second MDA/ISA position of the IOM and also used for IPv6filter entries for system SDPs. The per-ISA size allocated for transit-prefix-ipv6 entries should be set to allow sufficient space on the IOM for SDP IPv6 filters.

The no form of this command removes the assignment of entries space from the configuration. All entries must be removed in order to delete the configuration.

Default

no transit-prefix-ipv6-remote-entries

Parameters

entries

Specifies the ISA-AA-Group transit prefix IPv6 remote entry limit.

Values

0 to 1023

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>app-assure>group transit-prefix-policy)

Full Context

configure application-assurance group transit-prefix-policy

Description

This command defines a transit aa subscriber prefix policy. Transit AA subscribers are managed by the system through the use of this policy assigned to services, which determines how transit subs are created and removed for that service.

The no form of this command deletes the policy from the configuration. All associations must be removed in order to delete a policy.

Parameters

prefix-policy-id

Indicates the transit prefix policy to which this subscriber belongs.

Values

1 to 65535

create

Mandatory keyword used when creating transit prefix policy. The create keyword requirement can be enabled/disabled in the environment>create context.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>system>security>pki>ca-profile>ocsp transmission-profile)

Full Context

configure system security pki ca-profile ocsp transmission-profile

Description

This command specifies the transmission-profile for OCSP. When specified, this configuration overrides the service service-id or service service-name configured in the config>system>security>pki>ca-profile>ocsp context.

The no form of the command removes the profile name from the configuration.

Default

no transmission-profile

Parameters

name

Specifies the file transmission profile name, up to 32 characters.

Platforms

All

Context

[Tree] (config>system>security>pki>est-profile transmission-profile)

Full Context

configure system security pki est-profile transmission-profile

Description

This command specifies the transmission profile name created in the config>system file-transmission-profile context for the EST profile.

The no form of the command removes the name from the EST profile configuration.

Default

no transmission-profile

Parameters

name

Specifies the file transmission profile name, up to 32 characters.

Platforms

All

Context

[Tree] (config>port>ethernet>efm-oam transmit-interval)

Full Context

configure port ethernet efm-oam transmit-interval

Description

This command configures the transmit interval of OAM PDUs.

Default

transmit-interval 10 multiplier 5

Parameters

interval

Specifies the transmit interval, in 100 milliseconds.

Values

1 to 600

multiplier

Specifies the multiplier for transmit-interval to set local link down timer.

Values

2 to 5

Platforms

All

Context

[Tree] (config>lag>bfd>family transmit-interval)

Full Context

configure lag bfd family transmit-interval

Description

This command specifies the transmit timer used for micro-BFD session over the associated LAG links.

The no form of this command removes the transmit timer from the configuration.

Default

transmit-interval 100

Parameters

transmit-interval

Specifies the interval value, in milliseconds.

Values

10 to 100000

Default

100 for CPM3 or later, 1000 for all others

Platforms

All

Context

[Tree] (config>router>bfd>bfd-template transmit-interval)

Full Context

configure router bfd bfd-template transmit-interval

Description

This command specifies the transmit timer used for BFD packets. If the template is used for a BFD session on an MPLS-TP LSP, then this timer is used for CC packets.

The no form of this command reverts to the default value.

Default

transmit-interval 100

Parameters

transmit-interval

Specifies the transmit interval. The minimum interval that can be configured is hardware dependent.

Values

10 ms to 100,000 ms in 1 ms intervals

Default

10 ms for CPM3 or higher; 1 second for other hardware

Platforms

All

Context

[Tree] (config>router>lsp-bfd>tail-end transmit-interval)

Full Context

configure router lsp-bfd tail-end transmit-interval

Description

This command configures the LSP BFD minimum transmit interval for the tail end of LSP BFD sessions.

The no form of this command reverts to the default value.

Default

transmit-interval 1000

Parameters

transmit-interval

Specifies the transmit interval, in milliseconds.

Values

100 to 1000

Default

1000

Platforms

All

Context

[Tree] (config>port>ethernet>dot1x transmit-period)

Full Context

configure port ethernet dot1x transmit-period

Description

This command configures the period after which the router sends a new EAPOL request message.

The no form of this command returns the value to the default.

Default

transmit-period 30

Parameters

seconds

Specifies the server transmit period in seconds.

Values

1 to 3600

Platforms

All

Context

[Tree] (config>system>snmp transport)

Full Context

configure system snmp transport

Description

This command configures the transport protocol used by the SNMP agent.

The no form of this command removes the transport protocol.

Default

no transport

Parameters

transport-protocol

Specifies the transport protocol.

Values

udp — Keyword to specify UDP only.

tcp — Keyword to specify TCP only.

both — Keyword to specify TCP and UDP.

Default

udp

Platforms

All

Context

[Tree] (config>router>ldp>if-params>ipv6 transport-address)

[Tree] (config>router>ldp>if-params>if>ipv4 transport-address)

[Tree] (config>router>ldp>if-params>if>ipv6 transport-address)

[Tree] (config>router>ldp>if-params>ipv4 transport-address)

Full Context

configure router ldp interface-parameters ipv6 transport-address

configure router ldp interface-parameters interface ipv4 transport-address

configure router ldp interface-parameters interface ipv6 transport-address

configure router ldp interface-parameters ipv4 transport-address

Description

This command configures the transport address to be used when setting up the LDP TCP sessions. The transport address can be configured as interface or system. The transport address can be configured globally (applies to all LDP interfaces) or per interface. The most specific value is used.

The config>router>ldp>if-params>ipv6> transport-address command is not supported on the 7450 ESS.

With the transport-address command, you can set up the LDP interface to the connection which can be set to the interface address or the system address. However, there can be an issue of which address to use when there are parallel adjacencies. This situation can not only happen with parallel links, it could be a link and a targeted adjacency since targeted adjacencies request the session to be set up only to the system IP address.

The transport-address value should not be interface if multiple interfaces exist between two LDP neighbors. Depending on the first adjacency to be formed, the TCP endpoint is chosen. In other words, if one LDP interface is set up as transport-address interface and another for transport-address system, then, depending on which adjacency was set up first, the TCP endpoint addresses are determined. After that, because the hello contains the LSR ID, the LDP session can be checked to verify that it is set up and then match the adjacency to the session.

For any iLDP interface, as the local-lsr-id parameters is changed to interface, the transport-address configuration loses effectiveness. Since it will be ignored and the iLDP session will always use the relevant interface IP address as transport-address even though system is chosen.

The no form of this command, at the global level, sets the transport address to the default value.

The no form of this command, at the interface level, sets the transport address to the value defined under the global level.

Default

system

Parameters

interface

Specifies the IP interface address is used to set up the LDP session between neighbors. The transport address interface cannot be used if multiple interfaces exist between two neighbors, since only one LDP session is set up between two neighbors.

system

Specifies the system IP address is used to set up the LDP session between neighbors.

Platforms

All

Context

[Tree] (config>redundancy>multi-chassis>peer>sync transport-encryption)

Full Context

configure redundancy multi-chassis peer sync transport-encryption

Description

Commands in this context configure MCS applications that need to encrypt synchronized states for transportation .

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>router>bgp>next-hop-res>labeled-routes transport-tunnel)

Full Context

configure router bgp next-hop-resolution labeled-routes transport-tunnel

Description

Commands in this context configure options for the next-hop resolution of BGP labeled routes (VPN-IP and labeled-unicast) using tunnels in TTM. The context allows the selection of different tunnel resolution options for different types of BGP labeled routes: label-unicast IPv4, label-unicast IPv6, and VPN-IP routes (both VPN-IPv4 and VPN-IPv6).

By default (if this context and the resolution options are not configured), these routes resolve only to LDP tunnels.

If the resolution option is explicitly set to disabled, the default binding to LDP tunnel resumes. If resolution is set to any, then any supported tunnel type is allowed and the selection is based on the lowest numerical TTM preference value.

Platforms

All

Context

[Tree] (config>router>l2tp>l2tpv3 transport-type)

[Tree] (config>service>vprn>l2tp>l2tpv3 transport-type)

Full Context

configure router l2tp l2tpv3 transport-type

configure service vprn l2tp l2tpv3 transport-type

Description

This command configures the transport type to be used to carry the L2TPv3 tunnel. Currently, only IP transport is supported.

The no form of this command returns the transport-type to the default value.

Default

no transport-type

Parameters

ip

Specifies that IP should be used as the transport type for the L2TPv3 tunnel.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

Context

[Tree] (config>saa>test trap-gen)

Full Context

configure saa test trap-gen

Description

Commands in this context configure trap generation for the SAA test.

Platforms

All

Context

[Tree] (config>service>vprn>log>snmp-trap-group trap-target)

Full Context

configure service vprn log snmp-trap-group trap-target

Description

This command adds/modifies a trap receiver and configures the operational parameters for the trap receiver. A trap reports significant events that occur on a network device such as errors or failures.

Before an SNMP trap can be issued to a trap receiver, the log-id, snmp-trap-group, and at least one snmp-trap-group must be configured.

The snmp-trap-group command is used to add or remove a trap receiver from an snmp-trap-group. The operational parameters specified in the command include:

• The IP address of the trap receiver

• The UDP port used to send the SNMP trap

• SNMP version

• SNMP community name for SNMPv1 and SNMPv2c receivers.

• Security name and level for SNMPv3 trap receivers.

A single snmp-trap-group log-id can have multiple trap-receivers. Each trap receiver can have different operational parameters.

An address can be configured as a trap receiver more than once as long as a different port is used for each instance.

To prevent resource limitations, only configure a maximum of 10 trap receivers.

If the same trap-target name port port parameter value is specified in more than one SNMP trap group, each trap destination should be configured with a different notify-community value. This allows a trap receiving an application, such as NMS, to reconcile a separate event sequence number stream for each router event log when multiple event logs are directed to the same IP address and port destination.

The no form of this command removes the SNMP trap receiver from the SNMP trap group.

Default

No SNMP trap targets are defined.

Parameters

name

specifies the name of the trap target up to 28 characters in length

address ip-address

The IP address of the trap receiver in dotted decimal notation. Only one IP address destination can be specified per trap destination group.

Values

ipv4-address	a.b.c.d (host bits must be 0)
ipv6-address	x:x:x:x:x:x:x:x[-interface]
	x:x:x:x:x:x:d.d.d.d[-interface]
	x: [0 to FFFF]H
	d: [0 to 255]D
	interface: 32 characters maximum, mandatory for link local addresses

The ipv6-address applies to the 7750 SR.

port

Specifies the destination UDP port used to send traps to the destination, expressed as a decimal integer. Only one port can be specified per trap-target statement. If multiple traps need to be issued to the same address then multiple ports must be configured.

Values

1 to 65535

Default

162

snmpv1 | snmpv2c | snmpv3

Specifies the SNMP version format to use for traps sent to the trap receiver.

The keyword snmpv1 selects the SNMP version 1 format. When specifying snmpv1, the notify-community must be configured for the proper SNMP community string that the trap receiver expects to be present in alarms and traps messages. If the SNMP version is changed from snmpv3 to snmpv1, then the notify-community parameter must be changed to reflect the community string rather than the security-name that is used by snmpv3.

The keyword snmpv2c selects the SNMP version 2c format. When specifying snmpv2c, the notify-community must be configured for the proper SNMP community string that the trap receiver expects to be present in alarms and traps messages. If the SNMP version is changed from snmpv3 to snmpv2c, then the notify-community parameter must be changed to reflect the community string rather than the security-name that is used by snmpv3.

The keyword snmpv3 selects the SNMP version 3 format. When specifying snmpv3, the notify-community must be configured for the SNMP security-name. If the SNMP version is changed from snmpv1 or snmpv2c to snmpv3, then the notify-community parameter must be changed to reflect the security-name rather than the community string used by snmpv1 or snmpv2c.

Pre-existing conditions are checked before the snmpv3SecurityName is accepted. These are:

• The username must be configured.

• The v3 access group must be configured.

• The v3 notification view must be configured.

Values

snmpv1, snmpv2c, snmpv3

Default

snmpv3

notify-community community | security-name

Specifies the community string for snmpv1 or snmpv2c or the snmpv3 security-name. If no notify-community is configured, then no alarms nor traps will be issued for the trap destination. If the SNMP version is modified, the notify-community must be changed to the proper form for the SNMP version.

community

The community string as required by the snmpv1 or snmpv2c trap receiver. Allowed values are any string up to 31 characters, composed of printable, 7-bit ASCII characters. If the string contains special characters (for example, #, $, spaces), the entire string must be enclosed within double quotes.

security-name

The security-name as defined in the config>system>security>user context for SNMP v3. The security-name can be an ASCII string up to 31 characters in length.

security-level {no-auth-no-privacy | auth-no-privacy | privacy}

Specifies the required authentication and privacy levels required to access the views configured on this node when configuring an snmpv3 trap receiver.

The keyword no-auth-no-privacy specifies no authentication and no privacy (encryption) are required.

The keyword auth-no-privacy specifies authentication is required but no privacy (encryption) is required. When this option is configured the security-name must be configured for authentication.

The keyword privacy specifies both authentication and privacy (encryption) is required. When this option is configured the security-name must be configured for authentication and privacy.

Values

no-auth-no-privacy, auth-no-privacy, privacy

Default

no-auth-no-privacy. This parameter can only be configured if SNMPv3 is also configured.

replay

Enable replay of missed events to target. If replay is applied to an SNMP trap target address, the address is monitored for reachability. Reachability is determined by whether or not there is a route in the routing table by which the target address can be reached. Before sending a trap to a target address, the SNMP module asks the PIP module if there is either an in-band or out-of-band route to the target address. If there is no route to the SNMP target address, the SNMP module saves the sequence-id of the first event that will be missed by the trap target. When the routing table changes again so that there is now a route by which the SNMP target address can be reached, the SNMP module replays (for example, retransmits) all events generated to the SNMP notification log while the target address was removed from the route table. Because of route table change convergence time, it is possible that one or more events may be lost at the beginning or end of a replay sequence. The cold-start-wait and route-recovery-wait timers under config>log>app-route-notifications can help reduce the probability of lost events.

Platforms

All

Context

[Tree] (config>log>snmp-trap-group trap-target)

Full Context

configure log snmp-trap-group trap-target

Description

This command configures a trap receiver and configures the operational parameters for the trap receiver. A trap reports significant events that occur on a network device such as errors or failures.

Before an SNMP trap can be issued to a trap receiver, the log-id, snmp-trap-group and at least one trap-target must be configured.

The trap-target command is used to add/remove a trap receiver from an snmp-trap-group. The operational parameters specified in the command include:

• The IP address of the trap receiver

• The UDP port used to send the SNMP trap

• SNMP version

• SNMP community name for SNMPv1 and SNMPv2c receivers.

• Security name and level for SNMPv3 trap receivers.

A single snmp-trap-group log-id can have multiple trap-receivers. Each trap receiver can have different operational parameters.

An address can be configured as a trap receiver more than once as long as a different port is used for each instance.

To prevent resource limitations, only configure a maximum of 10 trap receivers.

The no form of this command removes the SNMP trap receiver from the SNMP trap group.

Parameters

name

Specifies the name of the trap target, up to 28 characters.

ip-address

Specifies the IP address of the trap receiver in dotted decimal notation. Only one IP address destination can be specified per trap destination group. ipv6 applies to the 7750 SR only.

Values

ipv4-address	a.b.c.d (host bits must be 0)
ipv6-address	x:x:x:x:x:x:x:x[-interface]
	x:x:x:x:x:x:d.d.d.d[-interface]
	x: [0..FFFF]H
	d: [0..255]D
	interface: 32 characters maximum, mandatory for link local addresses

port

Specifies the destination UDP port used for sending traps to the destination, expressed as a decimal integer. Only one port can be specified per trap-target statement. If multiple traps need to be issued to the same address then multiple ports must be configured.

Default

162

Values

1 to 65535

snmpv1 | snmpv2c | snmpv3

Specifies the SNMP version format to use for traps sent to the trap receiver.

The keyword snmpv1 selects the SNMP version 1 format. When specifying snmpv1, the notify-community must be configured for the proper SNMP community string that the trap receiver expects to be present in alarms and traps messages. If the SNMP version is changed from snmpv3 to snmpv1, then the notify-community parameter must be changed to reflect the community string rather than the security-name that is used by snmpv3.

The keyword snmpv2c selects the SNMP version 2c format. When specifying snmpv2c, the notify-community must be configured for the proper SNMP community string that the trap receiver expects to be present in alarms and traps messages. If the SNMP version is changed from snmpv3 to snmpv2c, then the notify-community parameter must be changed to reflect the community string rather than the security-name that is used by snmpv3.

The keyword snmpv3 selects the SNMP version 3 format. When specifying snmpv3, the notify-community must be configured for the SNMP security-name. The security name is the name of a locally configured user. If the SNMP version is changed from snmpv1 or snmpv2c to snmpv3, then the notify-community parameter must be changed to reflect the security-name rather than the community string used by snmpv1 or snmpv2c.

The following conditions must all be met before traps will be issued using an SNMPv3 trap-target:

The user name must be configured, and must be configured with an snmp group that exists.

The v3 access group must be configured, or be one of the built-in SR OS views.

The v3 notification view must be configured, or be one of the built-in SR OS views.

Default

snmpv3

Values

snmpv1, snmpv2c, snmpv3

community | security-name

Specifies the community string for snmpv1 or snmpv2c or the snmpv3 security-name. If the notify-community is not configured, then no alarms or traps will be issued for the trap destination. If the SNMP version is modified, the notify-community must be changed to the proper form for the SNMP version.

community-name

Specifies the community string as required by the snmpv1 or snmpv2c trap receiver. Allowed values are any string up to 31 characters, composed of printable, 7-bit ASCII characters. If the string contains special characters (for example, #, $, spaces), the entire string must be enclosed within double quotes.

security-name

For SNMPv3 trap targets, specifies the security-name as defined in the config>system> security>user context. The security-name can be an ASCII string up to 31 characters in length.

security-level {no-auth-no-privacy | auth-no-privacy | privacy}

Specifies the required authentication and privacy levels required to access the views configured on this node when configuring an snmpv3 trap receiver.

The keyword no-auth-no-privacy specifies no authentication and no privacy (encryption) are required.

The keyword auth-no-privacy specifies authentication is required but no privacy (encryption) is required. When this option is configured the security-name must be configured for authentication.

The keyword privacy specifies both authentication and privacy (encryption) is required. When this option is configured the security-name must be configured for authentication and privacy.

Default

no-auth-no-privacy. This parameter can only be configured if SNMPv3 is also configured.

Values

no-auth-no-privacy, auth-no-privacy, privacy

replay

Enables the replay of missed events to target. If replay is applied to an SNMP trap target address, the address is monitored for reachability. Reachability is determined by whether or not there is a route in the routing table by which the target address can be reached. Before sending a trap to a target address, the SNMP module asks the PIP module if there is either an in-band or out-of-band route to the target address. If there is no route to the SNMP target address, the SNMP module saves the sequence-id of the first event that will be missed by the trap target. When the routing table changes again so that there is now a route by which the SNMP target address can be reached, the SNMP module replays (for example, retransmits) all events generated to the SNMP notification log while the target address was removed from the route table.

Note:

Due to route table change convergence time, it is possible that one or more events may be lost at the beginning or end of a replay sequence. The cold-start-wait and route-recovery-wait timers under the config>log>app-route-notifications context can help reduce the probability of lost events.

Platforms

All