c Commands
c-mcast-signaling
c-mcast-signaling
Syntax
c-mcast-signaling {bgp | pim}
no c-mcast-signaling
Context
[Tree] (config>service>vprn>mvpn c-mcast-signaling)
Full Context
configure service vprn mvpn c-mcast-signaling
Description
This command specifies BGP or PIM, for PE-to-PE signaling of CE multicast states. When this command is set to PIM and neighbor discovery by BGP is disabled, PIM peering will be enabled on the inclusive tree.
Changes may only be made to this command when the mvpn node is shutdown.
The no form of this command reverts it back to the default.
Default
c-mcast-signaling bgp
Parameters
- bgp
-
Specifies to use BGP for PE-to-PE signaling of CE multicast states. Auto-discovery must be enabled.
- pim
-
Specifies to use PIM for PE-to-PE signaling of CE multicast states.
Platforms
All
c-tag
c-tag
Syntax
c-tag
Context
[Tree] (config>test-oam>sath>svc-test>svc-stream>frm-payl>eth c-tag)
Full Context
configure test-oam service-activation-testhead service-test service-stream frame-payload ethernet c-tag
Description
Commands in this context configure the customer VLAN tag (C-tag) information.
Platforms
7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS
ca-name
ca-name
Syntax
ca-name ca-name
no ca-name
Context
[Tree] (config>port>ethernet>dot1x>macsec>sub-port ca-name)
Full Context
configure port ethernet dot1x macsec sub-port ca-name
Description
This command configures the Connectivity Association (CA) linked to this MACsec sub-port. The specified CA provides the MACsec parameter to be used or negotiated with other peers.
The no form of this command removes the CA from the MACsec sub-port.
Parameters
- ca-name
-
Specifies the appropriate ca to be used under this MACsec sub-port, up to 32 characters.
Platforms
All
ca-name
Syntax
ca-name ca-name
no ca-name
Context
[Tree] (config>anysec>tnl-enc>enc-grp ca-name)
Full Context
configure anysec tunnel-encryption encryption-group ca-name
Description
This command configures the CA used for this encryption group.
The no form of this command removes the CA.
Parameters
- ca-name
-
Specifies the CA name for use under this ANYsec subport, up to 32 characters.
Platforms
7750 SR-1-24D, 7750 SR-1-46S, 7750 SR-1-48D, 7750 SR-1-92S, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-1se
ca-profile
ca-profile
Syntax
[no] ca-profile name
Context
[Tree] (config>ipsec>cert-profile>entry>send-chain ca-profile)
Full Context
configure ipsec cert-profile entry send-chain ca-profile
Description
This command specifies a CA certificate in the specified ca-profile to be sent to the peer.
Multiple configurations (up to seven) of this command are allowed in the same entry.
Parameters
- name
-
Specifies the profile name up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
ca-profile
Syntax
ca-profile name [create]
no ca-profile name
Context
[Tree] (config system security pki ca-profile)
Full Context
configure system security pki ca-profile
Description
This command creates a new ca-profile or enters the configuration context of an existing ca-profile. Up to 128 ca-profiles can be created in the system. A shutdown of the ca-profile will not affect the current up and running ipsec-tunnel or ipsec-gw that is associated with the ca-profile. However, authentication afterwards will fail with a shutdown ca-profile.
Executing a no shutdown command in this context causes the system to reload the configured cert-file and crl-file.
A ca-profile can be applied under the ipsec-tunnel or ipsec-gw configuration.
The no form of this command removes the name parameter from the configuration. A ca-profile cannot be removed until all the associated entities (ipsec-tunnel/gw) have been removed.
Parameters
- name
-
Specifies the name of the ca-profile up to 32 characters.
- create
-
Keyword used to create a new ca-profile. The create keyword requirement can be enabled or disabled in the environment>create context.
Platforms
All
ca-profile
Syntax
[no] ca-profile profile-name
Context
[Tree] (debug>certificate>auto-crl-update ca-profile)
[Tree] (debug>certificate>ocsp ca-profile)
[Tree] (debug>certificate>cmpv2 ca-profile)
Full Context
debug certificate auto-crl-update ca-profile
debug certificate ocsp ca-profile
debug certificate cmpv2 ca-profile
Description
This command debugs output of the specified CA profile.
-
Protection method of each message is logged.
-
All HTTP messages are logged. Format allows offline analysis using Wireshark.
-
In the event of failed transactions, saved certificates are not deleted from file system for further debug and analysis.
-
The system allows CMPv2 debugging for multiple ca-profile at the same time.
Parameters
- profile-name
-
Specifies the name of the CA profile, up to 32 characters.
Platforms
All
ca-profile
Syntax
[no] ca-profile name
Context
[Tree] (config>system>security>tls>cert-profile>entry>send-chain ca-profile)
Full Context
configure system security tls cert-profile entry send-chain ca-profile
Description
This command enables a certificate authority (CA) certificate in the specified CA profile to be sent to the peer. Up to seven configurations of this command are permitted in the same entry.
The no form of the command disables the transmission of a CA certificate from the specified CA profile.
Parameters
- name
-
Specifies the name of the certificate authority profile, up to 32 characters in length.
Platforms
All
cacert
cacert
Syntax
cacert est-profile name output output-cert-filename [force]
Context
[Tree] (admin>certificate>est cacert)
Full Context
admin certificate est cacert
Description
This command downloads a Certificate Authority (CA) certificate from an EST server specified by the EST profile. The downloaded certificate is imported and saved with the filename specified by the output-cert-filename.
Parameters
- name
-
Specifies the EST profile name, up to 32 characters
- output-cert-filename
-
Specifies the filename of the resulting CA certificate, up to 200 characters
- force
-
Overwrites the existing file with same filename
Platforms
All
cache
cache
Syntax
cache [create]
no cache
Context
[Tree] (config>python>py-policy cache)
Full Context
configure python python-policy cache
Description
Commands in this context configure the limits of the caching API inside the Python scripts.
The no form of this command removes the configured cache parameters from the configuration.
Parameters
- create
-
This keyword is required when first creating the Python policy. Once the context is created, it is possible to navigate into the context without the create keyword.
Platforms
All
cache
Syntax
cache
Context
[Tree] (config>service>vprn>radius-proxy>server cache)
[Tree] (config>router>radius-proxy>server cache)
Full Context
configure service vprn radius-proxy server cache
configure router radius-proxy server cache
Description
Commands in this context configure the cache under radius-proxy server. The cache contains per-subscriber authentication information learned from RADIUS authentication messages, and is used to authorize subsequent DHCP requests.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
cache-reset
cache-reset
Syntax
[no] cache-reset
Context
[Tree] (debug>router>rpki-session>packet cache-reset)
Full Context
debug router rpki-session packet cache-reset
Description
This command enables debugging for cache reset RPKI packets.
The no form of this command disables debugging for cache reset RPKI packets.
Platforms
All
cache-response
cache-response
Syntax
[no] cache-response
Context
[Tree] (debug>router>rpki-session>packet cache-response)
Full Context
debug router rpki-session packet cache-response
Description
This command enables debugging for cache response RPKI packets.
The no form of this command disables debugging for cache response RPKI packets.
Platforms
All
cache-size
cache-size
Syntax
cache-size num-entries
no cache-size
Context
[Tree] (config>cflowd cache-size)
Full Context
configure cflowd cache-size
Description
This command specifies the maximum number of active flows to maintain in the flow cache table.
The no form of this command resets the number of active entries back to the default value.
Default
cache-size 65536 (7450 ESS, 7750 SR, 7750 SR-1, 7750 SR-1s, 7750 SR-2s, 7750 SR-1se, 7750 SR-2se, 7750 SR-e, 7750 SR-a, and 7750 SR-7s and 7750 SR-14s with CPM-s)
cache-size 500000 (7950 XRS, and 7750 SR-14s and 7750 SR-7s with CPM2-s)
Parameters
- num-entries
-
Specifies the maximum number of entries maintained in the cflowd cache. The number depends on the CPM version.
Platforms
All
cak
cak
Syntax
cak hex-string [hash | hash2 | custom]
no cak
Context
[Tree] (config>macsec>conn-assoc>static-cak>pre-shared-key cak)
Full Context
configure macsec connectivity-association static-cak pre-shared-key cak
Description
Specifies the connectivity association key (CAK) for a pre-shared key. Two values are derived from CAK.
-
Key Encryption Key (KEK), this is used to encrypt the MKA and SAK (symmetric key used for data path PDUs) to be distributed between all members.
-
Integrity Check Value (ICK), this is used to authenticate the MKA and SAK PDUs to be distributed between all members.
The no form of this command removes the value.
Parameters
- hex-string
-
Specifies the value of the CAK.
- hash
-
Keyword, specifying the hash scheme.
- hash2
-
Keyword, specifying the hash scheme.
- custom
-
Specifies the custom encryption for management interface.
Platforms
All
calculate-counts
calculate-counts
Syntax
[no] calculate-counts
Context
[Tree] (config>subscr-mgmt>wlan-gw>tunnel-query calculate-counts)
Full Context
configure subscriber-mgmt wlan-gw tunnel-query calculate-counts
Description
This command specifies whether or not to count the number of tunnels matching the specified criteria.
Do not enable this command if the expected number of tunnels is large.
Default
no calculate-counts
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
call-trace
call-trace
Syntax
call-trace
Context
[Tree] (config call-trace)
Full Context
configure call-trace
Description
Commands in this context configure parameters related to the call trace debugging tool.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
call-trace
Syntax
call-trace
Context
[Tree] (debug call-trace)
Full Context
debug call-trace
Description
Commands in this context set up various call trace debug sessions.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
called-station-id
called-station-id
Syntax
[no] called-station-id
Context
[Tree] (config>subscr-mgmt>acct-plcy>include-radius-attribute called-station-id)
[Tree] (config>subscr-mgmt>auth-policy>include-radius-attribute called-station-id)
Full Context
configure subscriber-mgmt radius-accounting-policy include-radius-attribute called-station-id
configure subscriber-mgmt authentication-policy include-radius-attribute called-station-id
Description
This command includes called station ID attributes.
The no form of this command reverts to the default.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
called-station-id
Syntax
[no] called-station-id
Context
[Tree] (config>subscr-mgmt>diam-appl-plcy>gx>include-avp called-station-id)
[Tree] (config>subscr-mgmt>diam-appl-plcy>nasreq>include-avp called-station-id)
Full Context
configure subscriber-mgmt diameter-application-policy gx include-avp called-station-id
configure subscriber-mgmt diameter-application-policy nasreq include-avp called-station-id
Description
This command includes called station ID attributes.
The no form of this command reverts to the default.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
called-station-id
Syntax
called-station-id [called-station-id]
no called-station-id
Context
[Tree] (config>subscr-mgmt>diam-appl-plcy>gy>include-avp called-station-id)
Full Context
configure subscriber-mgmt diameter-application-policy gy include-avp called-station-id
Description
This command configures the value of the called station ID AVP.
The no form of this command returns the command to the default setting.
Parameters
- called-station-id
-
Specifies the called station ID, up to 64 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
called-station-id
Syntax
[no] called-station-id
Context
[Tree] (config>ipsec>rad-auth-plcy>include called-station-id)
[Tree] (config>ipsec>rad-acct-plcy>include called-station-id)
Full Context
configure ipsec radius-authentication-policy include-radius-attribute called-station-id
configure ipsec radius-accounting-policy include-radius-attribute called-station-id
Description
This command includes called station ID attributes.
The no form of this command excludes called station ID attributes.
Default
no called-station-id
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
called-station-id
Syntax
[no] called-station-id
Context
[Tree] (config>aaa>isa-radius-plcy>auth-include-attributes called-station-id)
[Tree] (config>aaa>isa-radius-plcy>acct-include-attributes called-station-id)
Full Context
configure aaa isa-radius-policy auth-include-attributes called-station-id
configure aaa isa-radius-policy acct-include-attributes called-station-id
Description
This command includes called station id attributes.
The no form of the command excludes called station id attributes.
Default
no called-station-id
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
calling-number-format
calling-number-format
Syntax
calling-number-format ascii-spec
no calling-number-format
Context
[Tree] (config>service>vprn>l2tp calling-number-format)
[Tree] (config>router>l2tp calling-number-format)
Full Context
configure service vprn l2tp calling-number-format
configure router l2tp calling-number-format
Description
This command what string to put in the Calling Number AVP, for L2TP control messages related to a session in this L2TP protocol instance.
Default
calling-number-format "%S %s"
Parameters
- ascii-spec
-
Specifies the L2TP calling number AVP.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
calling-station-id
calling-station-id
Syntax
[no] calling-station-id
Context
[Tree] (config>aaa>l2tp-acct-plcy>include-radius-attribute calling-station-id)
Full Context
configure aaa l2tp-accounting-policy include-radius-attribute calling-station-id
Description
This command enables the inclusion of the calling-station-id attribute in RADIUS authentication requests and RADIUS accounting messages.
Default
no calling-station-id
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
calling-station-id
Syntax
[no] calling-station-id
Context
[Tree] (config>ipsec>rad-acct-plcy>include calling-station-id)
[Tree] (config>ipsec>rad-auth-plcy>include calling-station-id)
Full Context
configure ipsec radius-accounting-policy include-radius-attribute calling-station-id
configure ipsec radius-authentication-policy include-radius-attribute calling-station-id
Description
This command enables the inclusion of the calling-station-id attribute in RADIUS authentication requests and RADIUS accounting messages.
Default
no calling-station-id
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
calling-station-id
Syntax
calling-station-id
calling-station-id {llid | mac | remote-id | sap-id | sap-string}
no calling-station-id
Context
[Tree] (config>subscr-mgmt>acct-plcy>include-radius-attribute calling-station-id)
[Tree] (config>service>ies>if>sap calling-station-id)
[Tree] (config>service>vpls>sap calling-station-id)
[Tree] (config>service>vprn>sub-if>grp-if>sap calling-station-id)
[Tree] (config>service>ies>sub-if>grp-if>sap calling-station-id)
[Tree] (config>service>vprn>if>sap calling-station-id)
[Tree] (config>subscr-mgmt>auth-plcy>include-radius-attribute calling-station-id)
Full Context
configure subscriber-mgmt radius-accounting-policy include-radius-attribute calling-station-id
configure service ies interface sap calling-station-id
configure service vpls sap calling-station-id
configure service vprn subscriber-interface group-interface sap calling-station-id
configure service ies subscriber-interface group-interface sap calling-station-id
configure service vprn interface sap calling-station-id
configure subscriber-mgmt authentication-policy include-radius-attribute calling-station-id
Description
This command enables the inclusion of the calling-station-id attribute in RADIUS authentication requests and RADIUS accounting messages.
The no form of this command reverts to the default.
Default
calling-station-id sap-string
Parameters
- llid
-
Specifies that the logical link identifier (LLID) is mapping from a physical to logical identification of a subscriber line and supplied by a RADIUS llid-server.
- mac
-
Specifies that the MAC address is sent.
- remote-id
-
Specifies that the remote ID is sent.
- sap-id
-
Specifies that the SAP ID is sent.
- sap-string
-
Specifies that the value is the inserted value set at the SAP level. If no calling-station-id value is set at the SAP level, the calling-station-id attribute will not be sent.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
calling-station-id
Syntax
calling-station-id [type {llid | mac | remote-id | sap-id | sap-string}]
no calling-station-id
Context
[Tree] (config>subscr-mgmt>diam-appl-plcy>gx>include-avp calling-station-id)
[Tree] (config>subscr-mgmt>diam-appl-plcy>nasreq>include-avp calling-station-id)
Full Context
configure subscriber-mgmt diameter-application-policy gx include-avp calling-station-id
configure subscriber-mgmt diameter-application-policy nasreq include-avp calling-station-id
Description
This command includes the calling-station-id AVP in the specified format.
The no form of this command reverts to the default.
Parameters
- type
-
Specifies the format of the Calling-Station-ID AVP.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
calling-station-id
Syntax
[no] calling-station-id
Context
[Tree] (config>aaa>isa-radius-plcy>auth-include-attributes calling-station-id)
[Tree] (config>aaa>isa-radius-plcy>acct-include-attributes calling-station-id)
Full Context
configure aaa isa-radius-policy auth-include-attributes calling-station-id
configure aaa isa-radius-policy acct-include-attributes calling-station-id
Description
This command enables the inclusion of the calling-station-id attribute in RADIUS authentication requests and RADIUS accounting messages.
Default
no calling-station-id
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
cancel-commit
cancel-commit
Syntax
[no] cancel-commit
Context
[Tree] (configure>system>security>profile>netconf>base-op-authorization cancel-commit)
Full Context
configure system security profile netconf base-op-authorization cancel-commit
Description
This command enables the NETCONF cancel-commit operation.
The no form of this command disables the operation.
Default
no cancel-commit
The operation is enabled by default in the built-in system-generated administrative profile.
Platforms
All
candidate
candidate
Syntax
candidate
Context
[Tree] (candidate)
Full Context
candidate
Description
Commands in this context edit candidate configurations.
Commands in the candidate CLI branch, except candidate edit, are available only when in edit-cfg mode.
Platforms
All
candidate
Syntax
[no] candidate
Context
[Tree] (config>system>netconf>capabilities candidate)
Full Context
configure system netconf capabilities candidate
Description
This command allows the SR OS NETCONF server to access the candidate configuration datastore. Configuring this command also enables using commit and discard-changes.
When configure system management-interface configuration-mode is set to classic, the candidate capability is disabled, even if this command is configured.
The no form of the command disables the SR OS NETCONF server from accessing the candidate datastore. If the candidate is disabled, requests that reference the candidate datastore return an error, and when a NETCONF client establishes a new session, the candidate capability is not advertised in the SR OS NETCONF Hello message.
Default
candidate
Platforms
All
candidate-path
candidate-path
Syntax
[no] candidate-path candidate-path-name
Context
[Tree] (config>router>p2mp-sr-tree>p2mp-policy candidate-path)
Full Context
configure router p2mp-sr-tree p2mp-policy candidate-path
Description
This command configures a candidate path in the P2MP policy entry for the P2MP SR tree.
A P2MP SR policy can contain multiple candidate paths, which are redundant trees. Each candidate path represents a P2MP SR tree with its own traffic engineering constraints. Each candidate path has its own preference; the candidate path with the highest preference is the active P2MP SR tunnel.
The no form of this command removes the specified candidate path from the P2MP SR policy.
Parameters
- candidate-path-name
-
Specifies the name of the candidate path, up to 32 characters.
Platforms
All
cannot-change-password
cannot-change-password
Syntax
[no] cannot-change-password
Context
[Tree] (config>system>security>user>console cannot-change-password)
Full Context
configure system security user console cannot-change-password
Description
This command allows a user the privilege to change their password for both FTP and console login.
To disable a user’s privilege to change their password, use the cannot-change-password form of this command.
The cannot-change-password flag is not replicated when a user copy is performed. A new-password-at-login flag is created instead.
Default
no cannot-change-password
Platforms
All
capacity-cost
capacity-cost
Syntax
capacity-cost cost
no capacity-cost
Context
[Tree] (config>app-assure>group>policy>app-profile capacity-cost)
Full Context
configure application-assurance group policy app-profile capacity-cost
Description
This command configures an application profile capacity cost. Capacity-Cost based load balancing allows a cost to be assigned to diverted SAPs (with the app-profile) and this is then used for load-balancing SAPs between ISAs as well as for a threshold that notifies the operator if/when capacity planning has been exceeded.
Default
capacity-cost 1
Parameters
- cost
-
Specifies the profile capacity cost.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
captive-portal-api-url
captive-portal-api-url
Syntax
captive-portal-api-url rdr-url-string
no captive-portal-api-url
Context
[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>dsm captive-portal-api-url)
[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>dsm captive-portal-api-url)
Full Context
configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range distributed-sub-mgmt captive-portal-api-url
configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range distributed-sub-mgmt captive-portal-api-url
Description
This command specifies a URL for an RFC 8908 captive portal API server that is included in DHCP, RA, and DHCPv6 messages as described in RFC 8910. This command supports the same macro substitutions as the configure subscriber-mgmt http-redirect-policy url command.
This command is mutually exclusive with the one-time-redirect and send-unrestricted-portal-url commands in the same context.
When unconfigured, the WLAN-GW populates the URL in DHCP, RA, and DHCPv6 messages based on whether redirect is applied and the value of the one-time-redirect command.
The no form of this command removes the configuration.
Default
no captive-portal-api-url
Parameters
- rdr-url-string
-
Specifies the HTTP redirect URL, up to 255 characters. This option can be used for any session.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
captive-redirect
captive-redirect
Syntax
captive-redirect
Context
[Tree] (config>app-assure>group>http-redirect captive-redirect)
Full Context
configure application-assurance group http-redirect captive-redirect
Description
This command configures the captive redirect capability for an HTTP redirect policy. HTTP redirect policies using captive redirect can be used in conjunction with a session filter policy and will terminate TCP flows in the ISA-AA card before reaching the Internet to redirect subscribers to the predefined redirect URL. Non-HTTP TCP flows are TCP reset. Captive redirect uses the provisioned VLAN id to send the HTTP response to subscribers; therefore this VLAN id must be properly assigned in the same VPN as the subscriber. The operator can select the URL arguments to include in the redirect URL using either a specific template id or by configuring the redirect URL using one of the supported macro substitution keywords.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
capture
capture
Syntax
capture [{start | stop}]
Context
[Tree] (debug>pcap capture)
Full Context
debug pcap capture
Description
This command starts and stops the packet capture process for the specified session-name.
Parameters
- start
-
Starts the packet capture process and also start or restarts the FTP or TFTP session. If the FTP or TFTP server is unreachable, the command prompt rejects further input until the retires are timed out after 24 seconds (after four attempts of about six seconds each). If the same file name is unchanged in the config>mirror>mirror-dest>pcap context between captures, this command overwrites the file content.
- stop
-
Stops the packet capture process and also stops the FTP or TFTP session. If the FTP or TFTP server is unreachable, the command prompt rejects further input until the retires are timed out after 24 seconds (after four attempts of about six seconds each).
Platforms
All
capture-sap
capture-sap
Syntax
capture-sap sap-id [encap-val qtag[.qtag]] [mode mode]
no capture-sap sap-id
Context
[Tree] (debug>dynsvc>data-triggers capture-sap)
Full Context
debug dynamic-services data-triggers capture-sap
Description
This command enables or disables the generation of dynamic services data trigger debug events, such as:
-
data trigger received
-
authentication
-
data trigger SAP created
-
dynamic service SAP created
-
dropped data trigger with drop reason such as data trigger exists or lockout active.
Multiple capture SAPs can be specified simultaneously.
Optionally, a single encap-val per capture-sap can be specified to limit the output of the debug events to the data trigger events with the specified encapsulation.
Optionally, the debug output can be restricted to dropped data trigger events only.
Parameters
- sap-id
-
Specifies the dynamic services data trigger capture SAP for which debug events should be logged.
- encap-val qtag[.qtag]
-
Optionally restrict the debug output to data trigger events with the specified encapsulation.
- mode
-
Optionally restrict the debug output to specific events.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
card
card
Syntax
[no] card slot-number
Context
[Tree] (config card)
Full Context
configure card
Description
This mandatory command enables access to the chassis and context. In SR OS cards cover IOM, IMM, and XCM.
The no form of this command removes the card from the configuration. All associated ports, services, and MDAs must be shutdown.
Default
no card
Parameters
- slot-number
-
Specifies the slot number of the card in the chassis. The maximum slot number is platform dependent. Refer to the hardware installation guides.
Platforms
All
card-type
card-type
Syntax
card-type card-type [level card-level]
no card-type
Context
[Tree] (config>card card-type)
Full Context
configure card card-type
Description
This mandatory command adds an IOM/XCM to the device configuration for the slot. The card type can be preprovisioned, meaning that the card does not need to be installed in the chassis.
A card must be provisioned before an MDA, connector, or port can be configured.
A card can only be provisioned in a slot that is vacant, meaning no other card can be provisioned (configured) for that particular slot. To reconfigure a slot position, use the no form of this command to remove the current information.
A card can only be provisioned in a slot if the card type is allowed in the slot. An error message is generated if an attempt is made to provision a card type that is not allowed.
If a card is inserted that does not match the configured card type for the slot, then a log event and facility alarm is raised. The alarm is cleared when the correct card type is installed or the configuration is modified.
A log event and facility alarm are is raised if an administratively enabled card is removed from the chassis. The alarm is cleared when the correct card type is installed or the configuration is modified. A log event is issued when a card is removed that is administratively disabled.
Because IMMs do not have the capability to install separate MDAs, the configuration of the MDA is automatic. This configuration only includes the default parameters such as default buffer policies. Commands to manage the MDA such as shutdown and so on, remain in the MDA configuration context.
Some card hardware can support two different firmware loads. One load includes the base Ethernet functionality, including 10G WAN mode, but does not include 1588 port-based timestamping. The second load includes the base Ethernet functionality and 1588 port-based timestamping, but does not include 10G WAN mode. These are identified as two card types that are the same, except for a "-ptp” suffix to indicate the second loadset; for example, imm40-10gb-sfp and imm40-10gb-sfp-ptp. A hard reset of the card occurs when switching between the two provisioned types.
An appropriate alarm is raised if a partial or complete card failure is detected. The alarm is cleared when the error condition ceases.
New generations of cards include variants controlled by hardware and software licensing. For these cards, the license level must be provisioned in addition to the card type. A card cannot become operational unless the provisioned license level matches the license level of the card installed into the slot. The set of license levels varies by card type.
The provisioned level controls aspects related to connector provisioning and the consumption of hardware egress queues and egress policers. Changes to the provisioned license level may be blocked if configuration exists that would not be permitted with the new target license level.
If the license level is not specified, the level is set to the highest license level for that card.
The no form of this command removes the card from the configuration.
Default
no card-type
Parameters
- card-type
-
Specifies the type of card to be configured and installed in that slot. Values for this attribute vary by platform and release. The release notes include a listing of all supported card-types and their CLI strings. In addition, the command can be queried to check which card-types are relevant for the active platform type. Some examples include iom4-e-b and imm-2pac-fp3.
- card-level
-
Specifies the license level of the card, up to 32 characters. Possible values vary by card type.
Platforms
All
carrier-carrier-vpn
carrier-carrier-vpn
Syntax
[no] carrier-carrier-vpn
Context
[Tree] (config>service>vprn carrier-carrier-vpn)
Full Context
configure service vprn carrier-carrier-vpn
Description
This command configures a VPRN service to support a Carrier Supporting Carrier model. It should be configured on a network provider’s CSC-PE device.
This command cannot be applied to a VPRN unless it has no SAP or spoke-SDP interfaces. Once this command has been entered one or more MPLS-capable CSC interfaces can be created in the VPRN.
The no form of this command removes the Carrier Supporting Carrier capability from a VPRN.
Default
no carrier-carrier-vpn
Platforms
All
category
category
Syntax
category category-name [create]
no category category-name
Context
[Tree] (config>subscr-mgmt>cat-map category)
Full Context
configure subscriber-mgmt category-map category
Description
Commands in this context configure RADIUS credit control, Diameter credit control (Gy), Diameter Gx Usage Monitoring, or Idle-Timeout.
Up to sixteen categories can be configured per category map. The internal category for Gx session level Usage Monitoring is included in this limit. The instantiation of the internal category is controlled with the gx-session-level-usage command.
Parameters
- category-name
-
Specifies the category name, up to 32 characters.
- create
-
Keyword used to create a category instance. The create keyword can be enabled or disabled in the environment>create context.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
category
Syntax
category category-name [create]
no category category-name
Context
[Tree] (config>subscr-mgmt>sla-prof>cat-map category)
Full Context
configure subscriber-mgmt sla-profile category-map category
Description
This command defines the category in the category map to be used for the idle timeout monitoring of subscriber hosts.
The no form of this command reverts to the default.
Parameters
- category-name
-
Specifies the name, up to 32 characters, of the category where the queues and policers are defined for idle timeout monitoring of subscriber hosts.
- create
-
Keyword used to create a category instance. The create keyword requirement can be enabled or disabled in the environment>create context.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
category
Syntax
category category block
no category category
Context
[Tree] (config>app-assure>group>url-filter>web-service>profile category)
Full Context
configure application-assurance group url-filter web-service profile category
Description
This command configures the category that will be blocked in the category profile.
The no form of this command removes the category blocking configuration.
Parameters
- category
-
Specifies the URL category name for the configured web service, up to 256 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
category-map
category-map
Syntax
category-map category-map-name [create]
no category-map category-map-name
Context
[Tree] (config>subscr-mgmt category-map)
Full Context
configure subscriber-mgmt category-map
Description
This command specifies the category map name.
The no form of this command reverts to the default.
Parameters
- category-map-name
-
Specifies the category map name, up to 32 characters.
- create
-
Keyword used to create a category map instance. The create keyword requirement can be enabled or disabled in the environment>create context.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
category-map
Syntax
category-map category-map-name
no category-map
Context
[Tree] (config>subscr-mgmt>sla-prof category-map)
Full Context
configure subscriber-mgmt sla-profile category-map
Description
This command references the category-map to be used for the idle-timeout monitoring of subscriber hosts associated with this sla-profile. The category-map must already exist in the config>subscr-mgmt context.
The no form of this command reverts to the default.
Parameters
- category-map-name
-
Specifies the name of the category map, up to 32 characters, where the activity-threshold and the category is defined for idle-timeout monitoring of subscriber hosts.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
category-map-name
category-map-name
Syntax
category-map-name category-map-name [create]
no category-map-name category-map-name
Context
[Tree] (config>subscr-mgmt>loc-user-db>ppp>host>ident-strings category-map-name)
[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host>ident-strings category-map-name)
Full Context
configure subscriber-mgmt local-user-db ppp host identification-strings category-map-name
configure subscriber-mgmt local-user-db ipoe host identification-strings category-map-name
Description
This command specifies the category map name.
The no form of this command removes the category map name from the configuration.
Parameters
- category-map-name
-
Specifies an existing category map name, up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
cbs
cbs
Syntax
cbs percent-of-resv-cbs
no cbs
Context
[Tree] (config>mcast-mgmt>bw-plcy>t2>prim-path>queue cbs)
[Tree] (config>mcast-mgmt>bw-plcy>t2>sec-path>queue cbs)
Full Context
configure mcast-management bandwidth-policy t2-paths primary-path queue-parameters cbs
configure mcast-management bandwidth-policy t2-paths secondary-path queue-parameters cbs
Description
This command overrides the default committed buffer size (CBS) for each individual path’s queue. The queue's CBS threshold is used when requesting buffers from the systems ingress buffer pool to indicate whether the requested buffer should be removed from the reserved portion of the buffer pool or the shared portion. When the queue’s fill depth is below or equal to the CBS threshold, the requested buffer comes from the reserved portion. After the queue's depth exceeds the CBS threshold, buffers come from the shared portion.
The cbs percent-of-resv-cbs parameter is defined as a percentage of the reserved portion of the pool. The system allows the sum of all CBS values to equal more than 100% allowing for oversubscription of the reserved portion of the pool. If the reserved portion is oversubscribed and the queues are currently using more reserved space than provisioned in the pool, the pool automatically starts using the shared portion of the pool for within-CBS buffer allocation. The shared early detection slopes can assume more buffers that exist within the shared portion that may cause the early detection function to fail.
For the primary-path and secondary-path queues, the percentage is applied to a single queue for each path.
The no form of this command restores the path queue's default CBS value.
Parameters
- percent-of-resv-cbs
-
Specifies the percent of buffers reserved from the total buffer pool space, expressed as a decimal integer. If 10 MB is the total buffers in the buffer pool, a value of 10 would reserve 1 MB (10%) of buffer space for the forwarding class queue. The value 0 specifies that no reserved buffers are required by the queue (a minimal reserved size can be applied for scheduling purposes).
Platforms
7450 ESS, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-7/12/12e, 7750 SR-s, 7950 XRS, VSR
cbs
Syntax
cbs size-in-kbytes
no cbs
Context
[Tree] (config>qos>sap-egress>dynamic-queue cbs)
Full Context
configure qos sap-egress dynamic-queue cbs
Description
This command configures the committed buffer size (CBS) that is reserved for the queue. The CBS is applied to each dynamic queue and is not shared.
Default
no cbs (auto)
Parameters
- size-in-kbytes
-
Specifies the size of the CBS in kilobytes.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
cbs
Syntax
cbs size-in-kbytes
no cbs
Context
[Tree] (config>subscr-mgmt>sla-prof>ingress>qos>queue cbs)
[Tree] (config>subscr-mgmt>sla-prof>egress>qos>queue cbs)
Full Context
configure subscriber-mgmt sla-profile ingress qos queue cbs
configure subscriber-mgmt sla-profile egress qos queue cbs
Description
This command can be used to override specific attributes of the specified queue's CBS parameters. It is permissible, and possibly desirable, to oversubscribe the total CBS reserved buffers for a given access port egress buffer pool. Oversubscription may be desirable due to the potential large number of service queues and the economy of statistical multiplexing the individual queues’ CBS settings into the defined reserved total.
When oversubscribing the reserved total, it is possible for a queue depth to be lower than its CBS setting and still not receive a buffer from the buffer pool for an ingress frame. As more queues are using their CBS buffers and the total in use exceeds the defined reserved total, essentially the buffers are being removed from the shared portion of the pool without the shared in use average and total counts being decremented. This can affect the operation of the high and low priority RED slopes on the pool, causing them to miscalculate when to start randomly drop packets.
The no form of this command returns the CBS size to the size as configured in the QoS policy.
Default
no cbs
Parameters
- size-in-kbytes
-
The size parameter is an integer expression of the number of kilobytes reserved for the queue. If a value of 10KBytes is desired, enter the value 10. A value of 0 specifies that no reserved buffers are required by the queue (a minimal reserved size can still be applied for scheduling purposes).
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
cbs
Syntax
cbs size [bytes | kilobytes]
no cbs
Context
[Tree] (config>subscr-mgmt>sla-prof>ingress>qos>policer cbs)
[Tree] (config>subscr-mgmt>sla-prof>egress>qos>policer cbs)
Full Context
configure subscriber-mgmt sla-profile ingress qos policer cbs
configure subscriber-mgmt sla-profile egress qos policer cbs
Description
This command is used to configure the policer’s CIR leaky bucket’s exceed threshold. The CIR bucket’s exceed threshold represents the committed burst tolerance allowed by the policer. If the policer’s forwarding rate is equal to or less than the policer's defined CIR, the CIR bucket depth hovers around the 0 depth with spikes up to the maximum packet size in the offered load. If the forwarding rate increases beyond the profiling rate, the amount of data allowed to be in-profile above the rate is capped by the threshold.
The policer’s cbs size defined in the QoS policy may be overridden on an sla-profile or SAP where the policy is applied.
The no form of this command returns the policer to its default CBS size.
Parameters
- size
-
Specifies the size parameter and is expressed as an integer representing the required size in either bytes or kilobytes. The default is kilobytes. The optional byte and kilobyte keywords are mutually exclusive and are used to explicitly define whether size represents bytes or kilobytes.
- bytes
-
Specifies the size parameter the size parameter in bytes. When bytes is defined, the value given for size is interpreted as the queue’s MBS value given in bytes.
- kilobytes
-
Specifies the size parameter in kilobytes. When kilobytes is defined, the value is interpreted as the queue’s MBS value given in kilobytes.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
cbs
Syntax
cbs size-in-kbytes
no cbs
Context
[Tree] (config>service>ies>if>sap>ingress>queue-override>queue cbs)
[Tree] (config>service>vpls>sap>ingress>queue-override>queue cbs)
[Tree] (config>service>ies>if>sap>egress>queue-override>queue cbs)
[Tree] (config>service>vpls>sap>egress>queue-override>queue cbs)
Full Context
configure service ies interface sap ingress queue-override queue cbs
configure service vpls sap ingress queue-override queue cbs
configure service ies interface sap egress queue-override queue cbs
configure service vpls sap egress queue-override queue cbs
Description
This command overrides specific attributes of the specified queue’s CBS parameters.
It is permissible, and possibly desirable, to oversubscribe the total CBS reserved buffers for a given access port egress buffer pool. Oversubscription may be desirable due to the potential large number of service queues and the economy of statistical multiplexing the individual queue’s CBS settings into the defined reserved total.
When oversubscribing the reserved total, it is possible for a queue depth to be lower than its CBS setting and still not receive a buffer from the buffer pool for an ingress frame. As more queues are using their CBS buffers and the total in use exceeds the defined reserved total, essentially the buffers are being removed from the shared portion of the pool without the shared in use average and total counts being decremented. This can affect the operation of the high and low priority RED slopes on the pool, causing them to miscalculate when to start randomly drop packets.
If the CBS value is larger than the MBS value, an error will occur, preventing the CBS change.
The no form of this command returns the CBS size to the default value.
Parameters
- size-in-kbytes
-
Specifies the size parameter is an integer expression of the number of kilobytes reserved for the queue. If a value of 10 kbytes is desired, enter the value 10. A value of 0 specifies that no reserved buffers are required by the queue (a minimal reserved size can still be applied for scheduling purposes).
Platforms
All
cbs
Syntax
cbs size-in-kbytes
no cbs
Context
[Tree] (config>service>vprn>if>sap>ingress>queue-override>queue cbs)
[Tree] (config>service>vprn>if>sap>egress>queue-override>queue cbs)
Full Context
configure service vprn interface sap ingress queue-override queue cbs
configure service vprn interface sap egress queue-override queue cbs
Description
This command can be used to override specific attributes of the specified queue’s CBS parameters.
It is permissible, and possibly desirable, to oversubscribe the total CBS reserved buffers for a given access port egress buffer pool. Oversubscription may be desirable due to the potential large number of service queues and the economy of statistical multiplexing the individual queue’s CBS setting into the defined reserved total.
When oversubscribing the reserved total, it is possible for a queue depth to be lower than its CBS setting and still not receive a buffer from the buffer pool for an ingress frame. As more queues are using their CBS buffers and the total in use exceeds the defined reserved total, essentially the buffers are being removed from the shared portion of the pool without the shared in use average and total counts being decremented. This can affect the operation of the high and low priority RED slopes on the pool, causing them to miscalculate when to start randomly drop packets.
If the CBS value is larger than the MBS value, an error occurs, preventing the CBS change.
The no form of this command returns the CBS to the default value.
Default
no cbs
Parameters
- size-in-kbytes
-
The size parameter is an integer expression of the number of kilobytes reserved for the queue. For a value of 10 kbytes, enter the number 10. A value of 0 specifies that no reserved buffers are required by the queue (a minimum reserved size can be applied for scheduling purposes).
Platforms
All
cbs
Syntax
cbs burst-size
no cbs
Context
[Tree] (config>subscr-mgmt>isa-policer cbs)
Full Context
configure subscriber-mgmt isa-policer cbs
Description
This command specifies the committed burst-size value of this policer. This can only be set on dual-bucket-bandwidth policers.
The no form of this command reverts to its default.
Default
cbs 0
Parameters
- burst-size
-
Specifies the committed burst-size in kbytes.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
cbs
Syntax
cbs {size [bytes | kilobytes] | default}
no cbs
Context
[Tree] (config>card>fp>ingress>network>qgrp>policer-over>plcr cbs)
[Tree] (config>card>fp>ingress>access>qgrp>policer-over>plcr cbs)
Full Context
configure card fp ingress network queue-group policer-override policer cbs
configure card fp ingress access queue-group policer-override policer cbs
Description
This command configures the policer’s CIR leaky bucket’s exceed threshold. The CIR bucket’s exceed threshold represents the committed burst tolerance allowed by the policer. If the policer’s forwarding rate is equal to or less than the policer’s defined CIR, the CIR bucket depth hovers around the 0 depth with spikes up to the maximum packet size in the offered load. If the forwarding rate increases beyond the profiling rate, the amount of data allowed to be in-profile above the rate is capped by the threshold.
The policer’s cbs size defined in the QoS policy may be overridden on an sla-profile or SAP where the policy is applied.
The no form of this command returns the policer to its default CBS size.
Parameters
- size
-
Specifies that the size parameter is required when specifying cbs and is expressed as an integer representing the required size in either bytes or kilobytes. The default is kilobytes. The optional bytes and kilobytes keywords are mutually exclusive and are used to explicitly define whether size represents bytes or kilobytes.
- bytes
-
When bytes is defined, the value given for size is interpreted as the queue’s CBS value specified in bytes.
- kilobytes
-
When kilobytes is defined, the value is interpreted as the queue’s CBS value given in kilobytes.
- default
-
Specifying the keyword default sets the CBS to its default value.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
cbs
Syntax
cbs size-in-kbytes
no cbs
Context
[Tree] (config>port>ethernet>network>egr>qover>q cbs)
[Tree] (config>port>ethernet>access>egr>qgrp>qover>q cbs)
[Tree] (config>port>ethernet>access>ing>qgrp>qover>q cbs)
Full Context
configure port ethernet network egress queue-overrides queue cbs
configure port ethernet access egress queue-group queue-overrides queue cbs
configure port ethernet access ingress queue-group queue-overrides queue cbs
Description
This command defines the default committed buffer size for the template queue. Overall, the CBS command follows the same behavior and provisioning characteristics as the CBS command in the queue-group or network QoS policy. The exception is the addition of the cbs-value qualifier keywords bytes or kilobytes.
The no form of this command restores the default CBS size to the template queue.
Default
cbs default
Parameters
- size-in-kbytes
-
The size parameter is an integer expression of the number of kilobytes reserved for the queue. If a value of 10 kbytes is desired, enter the value 10. A value of 0 specifies that no reserved buffers are required by the queue (a minimal reserved size can still be applied for scheduling purposes).
Platforms
All
cbs
Syntax
cbs size [bytes | kilobytes]
no cbs
Context
[Tree] (config>service>epipe>sap>ingress>policer-over>plcr cbs)
[Tree] (config>service>cpipe>sap>egress>policer-over>plcr cbs)
[Tree] (config>service>ipipe>sap>egress>policer-over>plcr cbs)
[Tree] (config>service>ipipe>sap>ingress>policer-over>plcr cbs)
[Tree] (config>service>cpipe>sap>ingress>policer-over>plcr cbs)
[Tree] (config>service>epipe>sap>egress>policer-over>plcr cbs)
Full Context
configure service epipe sap ingress policer-override policer cbs
configure service cpipe sap egress policer-override policer cbs
configure service ipipe sap egress policer-override policer cbs
configure service ipipe sap ingress policer-override policer cbs
configure service cpipe sap ingress policer-override policer cbs
configure service epipe sap egress policer-override policer cbs
Description
This command, within the SAP ingress and egress policer-overrides contexts, is used to override the sap-ingress and sap-egress QoS policy configured CBS parameter for the specified policer-id.
The no form of this command returns the CBS size to the default value.
Default
no cbs
Parameters
- size
-
The size parameter is required when specifying cbs override and is expressed as an integer representing the required size in either bytes or kilobytes. The default is kilobytes. The optional byte and kilobyte keywords are mutually exclusive and are used to explicitly define whether size represents bytes or kilobytes.
- bytes
-
When bytes is defined, the value given for size is interpreted as the policer’s MBS value in bytes.
- kilobytes
-
When kilobytes is defined, the value given for size is interpreted as the policer’s MBS value in kilobytes.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
- configure service epipe sap ingress policer-override policer cbs
- configure service ipipe sap ingress policer-override policer cbs
- configure service ipipe sap egress policer-override policer cbs
- configure service epipe sap egress policer-override policer cbs
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS
- configure service cpipe sap ingress policer-override policer cbs
- configure service cpipe sap egress policer-override policer cbs
cbs
Syntax
cbs {size-in-kbytes | default}
no cbs
Context
[Tree] (config>service>ipipe>sap>ingress>queue-override>queue cbs)
[Tree] (config>service>cpipe>sap>egress>queue-override>queue cbs)
[Tree] (config>service>epipe>sap>ingress>queue-override>queue cbs)
[Tree] (config>service>ipipe>sap>egress>queue-override>queue cbs)
[Tree] (config>service>cpipe>sap>ingress>queue-override>queue cbs)
[Tree] (config>service>epipe>sap>egress>queue-override>queue cbs)
Full Context
configure service ipipe sap ingress queue-override queue cbs
configure service cpipe sap egress queue-override queue cbs
configure service epipe sap ingress queue-override queue cbs
configure service ipipe sap egress queue-override queue cbs
configure service cpipe sap ingress queue-override queue cbs
configure service epipe sap egress queue-override queue cbs
Description
This command can be used to override specific attributes of the specified queue’s CBS parameters.
It is permissible, and possibly desirable, to oversubscribe the total CBS reserved buffers for a specific access port egress buffer pool. Oversubscription may be desirable due to the potential large number of service queues and the economy of statistical multiplexing the individual queue’s CBS setting into the defined reserved total.
When oversubscribing the reserved total, it is possible for a queue depth to be lower than its CBS setting and still not receive a buffer from the buffer pool for an ingress frame. As more queues are using their CBS buffers and the total in use exceeds the defined reserved total, essentially the buffers are being removed from the shared portion of the pool without the shared in use average and total counts being decremented. This can affect the operation of the high and low priority RED slopes on the pool, causing them to miscalculate when to start randomly to drop packets.
The no form of this command returns the CBS size to the default value.
Default
no cbs
Parameters
- size-in-kbytes
-
The size parameter is an integer expression of the number of kilobytes reserved for the queue. If a value of 10KBytes is wanted, enter the value 10. A value of 0 specifies that no reserved buffers are required by the queue (a minimal reserved size can still be applied for scheduling purposes).
Platforms
All
- configure service epipe sap egress queue-override queue cbs
- configure service epipe sap ingress queue-override queue cbs
- configure service ipipe sap ingress queue-override queue cbs
- configure service ipipe sap egress queue-override queue cbs
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
- configure service cpipe sap ingress queue-override queue cbs
- configure service cpipe sap egress queue-override queue cbs
cbs
Syntax
cbs size [{bytes | kilobytes}]
no cbs
Context
[Tree] (config>service>vpls>sap>egress>policer-override>plcr cbs)
[Tree] (config>service>vpls>sap>ingress>policer-override>plcr cbs)
Full Context
configure service vpls sap egress policer-override policer cbs
configure service vpls sap ingress policer-override policer cbs
Description
This command, within the SAP ingress and egress policer-overrides contexts, is used to override the sap-ingress and sap-egress QoS policy configured CBS parameter for the specified policer-id.
The no form of this command returns the CBS size to the default value.
Default
no cbs
Parameters
- size
-
This parameter is required when specifying CBS override and is expressed as an integer representing the required size in either bytes or kilobytes. The default is kilobytes. The optional byte and kilobyte keywords are mutually exclusive and are used to explicitly define whether size represents bytes or kilobytes.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
cbs
Syntax
cbs size [{bytes | kilobytes}]
no cbs
Context
[Tree] (config>service>ies>if>sap>egress>policer-over>plcr cbs)
[Tree] (config>service>ies>if>sap>ingress>policer-over>plcr cbs)
Full Context
configure service ies interface sap egress policer-override policer cbs
configure service ies interface sap ingress policer-override policer cbs
Description
This command, within the SAP ingress and egress policer-overrides contexts, is used to override the sap-ingress and sap-egress QoS policy configured CBS parameter for the specified policer-id.
The no form of this command returns the CBS size to the default value.
Default
no cbs
Parameters
- size
-
This parameter is required when specifying CBS override and is expressed as an integer representing the required size in either bytes or kilobytes. The default is kilobytes. The optional byte and kilobyte keywords are mutually exclusive and are used to explicitly define whether size represents bytes or kilobytes.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
cbs
Syntax
cbs size [{bytes | kilobytes}]
no cbs
Context
[Tree] (config>service>vprn>if>sap>ingress>policer-over>plcr cbs)
[Tree] (config>service>vprn>if>sap>egress>policer-over>plcr cbs)
Full Context
configure service vprn interface sap ingress policer-override policer cbs
configure service vprn interface sap egress policer-override policer cbs
Description
This command, within the SAP ingress and egress policer-overrides contexts, is used to override the sap-ingress and sap-egress QoS policy configured CBS parameter for the specified policer-id.
The no form of this command returns the CBS size to the default value.
Default
no cbs
Parameters
- size
-
This parameter is required when specifying CBS override and is expressed as an integer representing the required size in either bytes or kilobytes. The default is kilobytes. The optional byte and kilobyte keywords are mutually exclusive and are used to explicitly define whether size represents bytes or kilobytes.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
cbs
Syntax
cbs congested-cbs
no cbs
Context
[Tree] (config>app-assure>group>policer>congestion-override-stage2 cbs)
[Tree] (config>app-assure>group>policer>congestion-override cbs)
Full Context
configure application-assurance group policer congestion-override-stage2 cbs
configure application-assurance group policer congestion-override cbs
Description
This command configures the committed burst size for a policer. It is recommended that CBS is configured larger than twice the maximum MTU for the traffic handled by the policer to allow for some burstiness of the traffic. CBS is configurable for dual-bucket bandwidth policers only.
The no form of this command removes the congested CBS value from the configuration
Parameters
- congested-cbs
-
Specifies the committed burst size, in kbytes, when the access-network-level, which the subscriber belongs to, is in a congested state.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
cbs
Syntax
cbs committed-burst-size
no cbs
Context
[Tree] (config>app-assure>group>policer cbs)
[Tree] (config>app-assure>group>tod-override cbs)
Full Context
configure application-assurance group policer cbs
configure application-assurance group policer tod-override cbs
Description
This command configures the committed burst size for a policer. It is recommended that CBS is configured larger than twice the maximum MTU for the traffic handled by the policer to allow for some burstiness of the traffic. CBS is configurable for dual-bucket bandwidth policers only.
The no form of this command removes the committed burst size from the configuration.
Parameters
- committed-burst-size
-
Specifies an integer value defining size, in kbytes, for the CBS of the policer.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
cbs
Syntax
cbs size [bytes | kilobytes]
no cbs
Context
[Tree] (config>qos>sap-ingress>policer cbs)
[Tree] (config>qos>sap-ingress>dyn-policer cbs)
[Tree] (config>qos>sap-egress>policer cbs)
[Tree] (config>qos>sap-egress>dyn-policer cbs)
Full Context
configure qos sap-ingress policer cbs
configure qos sap-ingress dynamic-policer cbs
configure qos sap-egress policer cbs
configure qos sap-egress dynamic-policer cbs
Description
This command configures the policer’s CIR leaky bucket’s exceed threshold. The CIR bucket’s exceed threshold represents the committed burst tolerance allowed by the policer. If the policer’s forwarding rate is equal to or less than the policer's defined CIR, the CIR bucket depth hovers around the 0 depth with spikes up to the maximum packet size in the offered load. If the forwarding rate increases beyond the profiling rate, the amount of data allowed to be in-profile above the rate is capped by the threshold.
The policer’s cbs size defined in the QoS policy may be overridden on an sla-profile or SAP where the policy is applied.
The no form of this command returns the policer to its default CBS size.
By default, the CBS is 16 Mbytes when CIR equals max or is greater than or equal to the FP capacity (this overrides an explicit configured CBS value); otherwise, 10 ms volume of traffic for a configured non-zero/non-max CIR capped to 3968 kbytes, with a minimum of 256 bytes.
Parameters
- size [bytes | kilobytes]
-
Specifies an integer representing the required size in either bytes or kilobytes. The default is kilobytes. The optional byte and kilobyte keywords are mutually exclusive and are used to explicitly define whether size represents bytes or kilobytes.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
- configure qos sap-egress policer cbs
- configure qos sap-ingress policer cbs
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
- configure qos sap-egress dynamic-policer cbs
- configure qos sap-ingress dynamic-policer cbs
cbs
Syntax
cbs {size-in-kbytes| default}
cbs delay-time microseconds
cbs delay-percent percent
no cbs
Context
[Tree] (config>qos>sap-egress>queue cbs)
Full Context
configure qos sap-egress queue cbs
Description
This command provides a mechanism to override the default reserved buffers for the queue. It is permissible, and possibly desirable, to oversubscribe the total CBS reserved buffers for a specific access port egress buffer pool. Oversubscription may be desirable because of the potentially large number of service queues and the economy of statistical multiplexing the CBS settings of the individual into the defined reserved total.
When oversubscribing the reserved total, it is possible for a queue depth to be lower than its CBS setting and still not receive a buffer from the buffer pool for an ingress frame. As more queues use their CBS buffers and the total-in-use exceeds the defined reserved total, essentially the buffers are removed from the shared portion of the pool without the shared in-use average and total counts being decremented. This can affect the operation of the high- and low-priority RED slopes on the pool, causing them to miscalculate when to start randomly dropping packets.
If the CBS value is larger than the MBS value, the CBS is capped to the value of the MBS or the minimum CBS value. If the MBS and CBS values are configured to be equal (or nearly equal), this will result in the CBS being slightly higher than the value configured.
The delay-time command option configures the CBS as a function of the expected delay. The system automatically translates this configuration into kilobytes based on the administrative rate of the queue parent (for example, the port, scheduler, or aggregate-shaper).
The delay-percent command option configures the CBS as percentage of the SAP delay budget of the queue configured using the latency-budget command.
The no form of this command returns the CBS size to the default value.
Default
cbs default
Parameters
- size-in-kbytes
-
The size parameter is an integer expression of the number of kilobytes reserved for the queue. If a value of 10 kbytes is required, enter the value 10. A value of 0 specifies that no reserved buffers are required by the queue (a minimal reserved size can still be applied for scheduling purposes). The CBS maximum value used is constrained by the pool size in which the queue exists.
- microseconds
-
Specifies the CBS as a function of delay time.
- percent
-
Specifies the CBS as a percentage of the SAP latency budget.
Platforms
All
cbs
Syntax
cbs size-in-kbytes
no cbs
Context
[Tree] (config>qos>sap-ingress>queue cbs)
Full Context
configure qos sap-ingress queue cbs
Description
This command provides a mechanism to override the default reserved buffers for the queue. It is permissible, and possibly desirable, to oversubscribe the total CBS reserved buffers for a given access port egress buffer pool. Oversubscription may be desirable due to the potentially large number of service queues and the economy of statistical multiplexing the individual queue’s CBS settings into the defined reserved total.
When oversubscribing the reserved total, it is possible for a queue depth to be lower than its CBS setting and still not receive a buffer from the buffer pool for an ingress frame. As more queues are using their CBS buffers and the total in use exceeds the defined reserved total, essentially the buffers are being removed from the shared portion of the pool without the shared in use average and total counts being decremented. This can affect the operation of the high- and low-priority RED slopes on the pool, causing them to miscalculate when to start randomly dropping packets.
If the CBS value is larger than the MBS value, the CBS is capped to the value of the MBS or the minimum CBS value. If the MBS and CBS values are configured to be equal (or nearly equal), this will result in the CBS being slightly higher than the value configured.
The no form of this command returns the CBS size to the default value.
Default
cbs default
Parameters
- size-in-kbytes
-
The size parameter is an integer expression of the number of kilobytes reserved for the queue. If a value of 10 kbytes is desired, enter the value 10. A value of 0 specifies that no reserved buffers are required by the queue (a minimal reserved size can still be applied for scheduling purposes) The CBS maximum value used is constrained by the pool size in which the queue exists.
Platforms
All
cbs
Syntax
cbs percent
no cbs
Context
[Tree] (config>qos>network-queue>queue cbs)
Full Context
configure qos network-queue queue cbs
Description
The Committed Burst Size (cbs) command specifies the relative number of reserved buffers for a specific ingress network FP forwarding class queue or egress network port forwarding class queue. The value is entered as a percentage.
The CBS for a queue is used to determine whether it has exhausted its reserved buffers while enqueuing packets. When the queue has exceeded the number of buffers considered in reserve for this queue, it must contend with other queues for the available shared buffer space within the buffer pool. Access to this shared pool space is controlled through Random Early Detection (RED) slope application.
Two RED slopes are maintained in each buffer pool. A high-priority slope is used by in-profile packets. A low-priority slope is used by out-of-profile packets. At egress, there are two additional RED slopes maintained in each buffer pool: the highplus slope is used by inplus-profile packets, and the exceed slope is used by exceed-profile packets. All network control and management packets are considered in-profile. Assured packets are handled by their in-profile and out-of-profile markings. All best-effort packets are considered out-of-profile. Premium queues should be configured such that the CBS percent is sufficient to prevent shared buffering of packets. This is generally taken care of by the CIR scheduling of premium queues and the overall small amount of traffic on the class. Premium queues in a properly designed system will drain before all others, limiting their buffer utilization.
The RED slopes will detect congestion conditions and work to discard packets and slow down random TCP session flows through the queue. The RED slope definitions can be defined, modified, or disabled through the slope policy assigned to the FP for the network ingress buffer pool or assigned to the network port for network egress buffer pools.
The resultant CBS size can be larger than the MBS. This will result in a portion of the CBS for the queue to be unused and should be avoided.
The no form of this command returns the CBS size for the queue to the default for the forwarding class.
Default
The cbs forwarding class defaults are listed in the CBS Forwarding Class Defaults.
Forwarding Class |
Forwarding Class Label |
Default CBS |
---|---|---|
Network-Control |
nc |
3 |
High-1 |
h1 |
3 |
Expedited |
ef |
1 |
High-2 |
h2 |
1 |
Low-1 |
l1 |
3 |
Assured |
af |
1 |
Low-2 |
l2 |
3 |
Best-Effort |
be |
1 |
Parameters
- percent
-
The percent of buffers reserved from the total buffer pool space, expressed as a decimal integer. If 10 Mbytes is the total buffer space in the buffer pool, a value of 10 would reserve 1 Mbyte (10%) of buffer space for the forwarding class queue. The value 0 specifies that no reserved buffers are required by the queue (a minimal reserved size can be applied for scheduling purposes).
Platforms
All
cbs
Syntax
cbs {size-in-kbytes | default}
no cbs
Context
[Tree] (config>qos>qgrps>egr>qgrp>policer cbs)
[Tree] (config>qos>qgrps>ing>qgrp>policer cbs)
Full Context
configure qos queue-group-templates egress queue-group policer cbs
configure qos queue-group-templates ingress queue-group policer cbs
Description
The cbs command is used to define the default committed buffer size for the template queue or the CBS for the template policer. Overall, the cbs command follows the same behavior and provisioning characteristics as the cbs command in the SAP ingress and egress QoS policy.
The no form of this command restores the default CBS size to the template policer.
Default
default
Parameters
- size-in-kbytes
-
For the queues, the size parameter is an integer expression of the number of kilobytes reserved for the queue. If a value of 10 kbytes is desired, enter the value 10. A value of 0 specifies that no reserved buffers are required by the queue (a minimal reserved size can still be applied for scheduling purposes). For policers, the size parameter is an integer expression of the number of kilobytes for the policer CBS.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
cbs
Syntax
cbs {size-in-kbytes | default}
no cbs
Context
[Tree] (config>qos>qgrps>ing>qgrp>queue cbs)
[Tree] (config>qos>qgrps>egr>qgrp>queue cbs)
Full Context
configure qos queue-group-templates ingress queue-group queue cbs
configure qos queue-group-templates egress queue-group queue cbs
Description
The cbs command is used to define the default committed buffer size for the template queue or the CBS for the template policer. Overall, the cbs command follows the same behavior and provisioning characteristics as the cbs command in the SAP ingress and egress QoS policy.
The no form of this command restores the default CBS size to the template policer.
Default
default
Parameters
- size-in-kbytes
-
For the queues, the size parameter is an integer expression of the number of kilobytes reserved for the queue. If a value of 10 kbytes is desired, enter the value 10. A value of 0 specifies that no reserved buffers are required by the queue (a minimal reserved size can still be applied for scheduling purposes). For policers, the size parameter is an integer expression of the number of kilobytes for the policer CBS.
Platforms
All
cbs
Syntax
cbs percent
no cbs
Context
[Tree] (config>qos>shared-queue>queue cbs)
Full Context
configure qos shared-queue queue cbs
Description
The Committed Burst Size (cbs) command specifies the relative amount of reserved buffers for a specific ingress shared queue. The value is entered as a percentage.
The CBS for a queue is used to determine whether it has exhausted its reserved buffers while enqueuing packets. When the queue has exceeded the amount of buffers considered in reserve for this queue, it must contend with other queues for the available shared buffer space within the buffer pool.
The resultant CBS size can be larger than the MBS. This will result in a portion of the CBS for the queue being unused and should be avoided.
Default
The queue CBS defaults are listed in Queue CBS Default Values.
Queue |
Default CBS |
---|---|
1 |
1 |
2 |
3 |
3 |
10 |
4 |
3 |
5 |
10 |
6 |
10 |
7 |
3 |
8 |
3 |
9 |
1 |
10 |
1 |
11 |
1 |
12 |
1 |
13 |
1 |
14 |
1 |
15 |
1 |
16 |
1 |
Parameters
- percent
-
The percent of buffers reserved from the total buffer pool space, expressed as a decimal integer. The value 0 specifies that no reserved buffers are required by the queue (a minimal reserved size can be applied for scheduling purposes).
Platforms
All
cbs
Syntax
cbs cbs
no cbs
Context
[Tree] (config>sys>security>cpm-queue>queue cbs)
Full Context
configure system security cpm-queue queue cbs
Description
This command specifies the amount of buffer that can be drawn from the reserved buffer portion of the queue’s buffer pool.
Parameters
- cbs
-
Specifies the committed burst size in kbytes.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
cc-error
cc-error
Syntax
[no] cc-error
Context
[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>channel>video>analyzer>alarms cc-error)
[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>channel>source-override>video>analyzer>alarms cc-error)
[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>video>analyzer>alarms cc-error)
Full Context
configure mcast-management multicast-info-policy bundle channel video analyzer alarms cc-error
configure mcast-management multicast-info-policy bundle channel source-override video analyzer alarms cc-error
configure mcast-management multicast-info-policy bundle video analyzer alarms cc-error
Description
This command configures the analyzer to check the continuity counter. The continuity counter should be incremented per PID; otherwise, it is considered a continuity counter error.
Default
no cc-error
Platforms
7450 ESS, 7750 SR, 7750 SR-s
ccm-enable
ccm-enable
Syntax
[no] ccm-enable
Context
[Tree] (config>eth-tunnel>path>eth-cfm>mep ccm-enable)
Full Context
configure eth-tunnel path eth-cfm mep ccm-enable
Description
This command enables the generation of CCM messages.
The no form of this command disables the generation of CCM messages.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
ccm-enable
Syntax
[no] ccm-enable
Context
[Tree] (config>lag>eth-cfm>mep ccm-enable)
[Tree] (config>port>ethernet>eth-cfm>mep ccm-enable)
Full Context
configure lag eth-cfm mep ccm-enable
configure port ethernet eth-cfm mep ccm-enable
Description
This command enables the generation of CCM messages.
The no form of this command disables the generation of CCM messages.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
ccm-enable
Syntax
[no] ccm-enable
Context
[Tree] (config>service>epipe>spoke-sdp>eth-cfm>mep ccm-enable)
[Tree] (config>service>epipe>sap>eth-cfm>mep ccm-enable)
Full Context
configure service epipe spoke-sdp eth-cfm mep ccm-enable
configure service epipe sap eth-cfm mep ccm-enable
Description
This command enables the generation of CCM messages.
The no form of this command disables the generation of CCM messages.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
ccm-enable
Syntax
[no] ccm-enable
Context
[Tree] (config>service>vpls>spoke-sdp>eth-cfm>mep ccm-enable)
[Tree] (config>service>vpls>eth-cfm>mep ccm-enable)
[Tree] (config>service>vpls>mesh-sdp>mep ccm-enable)
[Tree] (config>service>vpls>sap>eth-cfm>mep ccm-enable)
Full Context
configure service vpls spoke-sdp eth-cfm mep ccm-enable
configure service vpls eth-cfm mep ccm-enable
configure service vpls mesh-sdp mep ccm-enable
configure service vpls sap eth-cfm mep ccm-enable
Description
This command enables the generation of CCM messages.
The no form of this command disables the generation of CCM messages.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
ccm-enable
Syntax
[no] ccm-enable
Context
[Tree] (config>service>ies>sub-if>grp-if>sap>eth-cfm>mep ccm-enable)
[Tree] (config>service>ies>if>spoke-sdp>eth-cfm>mep ccm-enable)
[Tree] (config>service>ies>if>sap>eth-cfm>mep ccm-enable)
Full Context
configure service ies subscriber-interface group-interface sap eth-cfm mep ccm-enable
configure service ies interface spoke-sdp eth-cfm mep ccm-enable
configure service ies interface sap eth-cfm mep ccm-enable
Description
This command enables the generation of CCM messages.
The no form of this command disables the generation of CCM messages.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s
- configure service ies subscriber-interface group-interface sap eth-cfm mep ccm-enable
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
- configure service ies interface sap eth-cfm mep ccm-enable
- configure service ies interface spoke-sdp eth-cfm mep ccm-enable
ccm-enable
Syntax
[no] ccm-enable
Context
[Tree] (config>service>vprn>sub-if>grp-if>sap>eth-cfm ccm-enable)
[Tree] (config>service>vprn>if>sap>eth-cfm>mep ccm-enable)
[Tree] (config>service>vprn>if>spoke-sdp>eth-cfm>mep ccm-enable)
Full Context
configure service vprn subscriber-interface group-interface sap eth-cfm ccm-enable
configure service vprn interface sap eth-cfm mep ccm-enable
configure service vprn interface spoke-sdp eth-cfm mep ccm-enable
Description
This command enables the generation of CCM messages.
The no form of this command disables the generation of CCM messages.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s
- configure service vprn subscriber-interface group-interface sap eth-cfm ccm-enable
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
- configure service vprn interface spoke-sdp eth-cfm mep ccm-enable
- configure service vprn interface sap eth-cfm mep ccm-enable
ccm-enable
Syntax
[no] ccm-enable
Context
[Tree] (config>router>if>eth-cfm>mep ccm-enable)
Full Context
configure router interface eth-cfm mep ccm-enable
Description
This command enables the generation of CCM messages.
The no form of this command disables the generation of CCM messages.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
ccm-enable
Syntax
[no] ccm-enable
Context
[Tree] (config>eth-ring>path>eth-cfm>mep ccm-enable)
Full Context
configure eth-ring path eth-cfm mep ccm-enable
Description
This command enables the generation of CCM messages.
The no form of the command disables the generation of CCM messages.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
ccm-hold-time
ccm-hold-time
Syntax
ccm-hold-time {down down-timeout] [up up-timeout}
no ccm-hold-time
Context
[Tree] (config>eth-tunnel ccm-hold-time)
Full Context
configure eth-tunnel ccm-hold-time
Description
This command allows a sub second CCM enabled MEP to delay a transition to a failed state if a configured remote CCM peer has timed out. The MEP will remain in the UP state for 3.5 times CCM interval + down-delay.
The no form of this command removes the additional delay
Parameters
- down down-timeout
-
Specifies the time, in centiseconds, used for the hold-timer for associated Continuity Check (CC) Session down event dampening. This guards against reporting excessive member operational state transitions.
This is implemented by not advertising subsequent transitions of the CC state to the Ethernet Tunnel Group until the configured timer has expired.
- up up-timeout
-
Specifies the time, in deciseconds, used for the hold-timer for associated Continuity Check (CC) Session up event dampening. This guards against reporting excessive member operational state transitions.
This is implemented by not advertising subsequent transitions of the CC state to the Ethernet Tunnel Group until the configured timer has expired.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
ccm-hold-time
Syntax
ccm-hold-time down timer
no ccm-hold-time
Context
[Tree] (config>eth-cfm>domain>assoc ccm-hold-time)
Full Context
configure eth-cfm domain association ccm-hold-time
Description
This command allows a sub second CCM enabled MEP to delay a transition to a failed state if a configured remote CCM peer has timed out. The MEP remains in the UP state for 3.5 times CCM interval + down-delay.
The no form of this command removes the additional delay.
Default
no ccm-hold-time
Parameters
- down timer
-
Specifies the amount of time to delay, in centiseconds.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
ccm-hold-time
Syntax
ccm-hold-time [down down-timeout] [up up-timeout]
no ccm-hold-time
Context
[Tree] (config>eth-ring ccm-hold-time)
Full Context
configure eth-ring ccm-hold-time
Description
This command configures eth-ring dampening timers. See the down and up commands for more information.
The no form of the command sets the up and down timers to the default values.
Parameters
- down-timeout
-
Specifies the down timeout, in centiseconds.
- up-timeout
-
Specifies the hold-time for reporting the recovery, in deciseconds.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
ccm-interval
ccm-interval
Syntax
ccm-interval interval
no ccm-interval
Context
[Tree] (config>eth-cfm>domain>assoc ccm-interval)
Full Context
configure eth-cfm domain association ccm-interval
Description
This command configures the CCM transmission interval for all MEPs in the association.
The no form of this command reverts to the default value.
Default
no ccm-interval
Parameters
- interval
-
Specifies the interval between CCM transmissions to be used by all MEPs in the MA.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
ccm-ltm-priority
ccm-ltm-priority
Syntax
ccm-ltm-priority priority
no ccm-ltm-priority
Context
[Tree] (config>eth-tunnel>path>eth-cfm>mep ccm-ltm-priority)
Full Context
configure eth-tunnel path eth-cfm mep ccm-ltm-priority
Description
This command specifies the priority value for CCMs and LTMs transmitted by the MEP.
The no form of this command removes the priority value from the configuration.
Default
The highest priority on the bridge-port.
Parameters
- priority
-
Specifies the priority of CCM and LTM messages.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
ccm-ltm-priority
Syntax
ccm-ltm-priority priority
no ccm-ltm-priority
Context
[Tree] (config>lag>eth-cfm>mep ccm-ltm-priority)
[Tree] (config>port>ethernet>eth-cfm>mep ccm-ltm-priority)
[Tree] (config>router>if>eth-cfm>mep ccm-ltm-priority)
Full Context
configure lag eth-cfm mep ccm-ltm-priority
configure port ethernet eth-cfm mep ccm-ltm-priority
configure router interface eth-cfm mep ccm-ltm-priority
Description
This command specifies the priority of the CCM and LTM messages transmitted by the MEP. Since CCM does not apply to the Router Facility MEP only the LTM priority is of value under that context.
The no form of this command reverts to the default values.
Default
no ccm-ltm-priority
Parameters
- priority
-
Specifies the priority value.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
ccm-ltm-priority
Syntax
ccm-ltm-priority priority
no ccm-ltm-priority
Context
[Tree] (config>service>epipe>sap>eth-cfm>mep ccm-ltm-priority)
[Tree] (config>service>epipe>spoke-sdp>eth-cfm>mep ccm-ltm-priority)
[Tree] (config>service>ipipe>sap>eth-cfm>mep ccm-ltm-priority)
Full Context
configure service epipe sap eth-cfm mep ccm-ltm-priority
configure service epipe spoke-sdp eth-cfm mep ccm-ltm-priority
configure service ipipe sap eth-cfm mep ccm-ltm-priority
Description
This command specifies the priority value for CCMs and LTMs transmitted by the MEP.
The no form of this command removes the priority value from the configuration.
Default
The highest priority on the bridge-port.
Parameters
- priority
-
Specifies the priority of CCM and LTM messages.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
ccm-ltm-priority
Syntax
ccm-ltm-priority priority
no ccm-ltm-priority
Context
[Tree] (config>service>vpls>mesh-sdp>mep ccm-ltm-priority)
[Tree] (config>service>vpls>eth-cfm>mep ccm-ltm-priority)
[Tree] (config>service>vpls>sap>eth-cfm>mep ccm-ltm-priority)
[Tree] (config>service>vpls>spoke-sdp>eth-cfm>mep ccm-ltm-priority)
Full Context
configure service vpls mesh-sdp mep ccm-ltm-priority
configure service vpls eth-cfm mep ccm-ltm-priority
configure service vpls sap eth-cfm mep ccm-ltm-priority
configure service vpls spoke-sdp eth-cfm mep ccm-ltm-priority
Description
This command specifies the priority value for CCMs and LTMs transmitted by the MEP.
The no form of this command removes the priority value from the configuration.
Default
The highest priority on the bridge-port.
Parameters
- priority
-
Specifies the priority of CCM and LTM messages
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
ccm-ltm-priority
Syntax
ccm-ltm-priority priority
no ccm-ltm-priority
Context
[Tree] (config>service>ies>sub-if>grp-if>sap>eth-cfm>mep ccm-ltm-priority)
[Tree] (config>service>ies>if>sap>eth-cfm>mep ccm-ltm-priority)
[Tree] (config>service>ies>if>spoke-sdp>eth-cfm>mep ccm-ltm-priority)
Full Context
configure service ies subscriber-interface group-interface sap eth-cfm mep ccm-ltm-priority
configure service ies interface sap eth-cfm mep ccm-ltm-priority
configure service ies interface spoke-sdp eth-cfm mep ccm-ltm-priority
Description
This command specifies the priority value for CCMs and LTMs transmitted by the MEP.
The no form of this command removes the priority value from the configuration.
Default
The highest priority on the bridge-port.
Parameters
- priority
-
Specifies the priority of CCM and LTM messages.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s
- configure service ies subscriber-interface group-interface sap eth-cfm mep ccm-ltm-priority
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
- configure service ies interface spoke-sdp eth-cfm mep ccm-ltm-priority
- configure service ies interface sap eth-cfm mep ccm-ltm-priority
ccm-ltm-priority
Syntax
ccm-ltm-priority priority
no ccm-ltm-priority
Context
[Tree] (config>service>vprn>if>sap>eth-cfm>mep ccm-ltm-priority)
[Tree] (config>service>vprn>if>spoke-sdp>eth-cfm>mep ccm-ltm-priority)
[Tree] (config>service>vprn>sub-if>grp-if>sap>eth-cfm ccm-ltm-priority)
Full Context
configure service vprn interface sap eth-cfm mep ccm-ltm-priority
configure service vprn interface spoke-sdp eth-cfm mep ccm-ltm-priority
configure service vprn subscriber-interface group-interface sap eth-cfm ccm-ltm-priority
Description
This command specifies the priority value for CCMs and LTMs transmitted by the MEP.
The no form of this command removes the priority value from the configuration.
Default
The highest priority on the bridge-port.
Parameters
- priority
-
Specifies the priority of CCM and LTM messages.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
- configure service vprn interface sap eth-cfm mep ccm-ltm-priority
- configure service vprn interface spoke-sdp eth-cfm mep ccm-ltm-priority
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s
- configure service vprn subscriber-interface group-interface sap eth-cfm ccm-ltm-priority
ccm-ltm-priority
Syntax
ccm-ltm-priority priority
no ccm-ltm-priority
Context
[Tree] (config>eth-ring>path>eth-cfm>mep ccm-ltm-priority)
Full Context
configure eth-ring path eth-cfm mep ccm-ltm-priority
Description
This command specifies the priority value for CCMs and LTMs transmitted by the MEP.
The no form of the command removes the priority value from the configuration.
Default
The highest priority on the bridge-port.
Parameters
- priority
-
Specifies the priority of CCM and LTM messages.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
ccm-padding-size
ccm-padding-size
Syntax
ccm-padding-size ccm-padding
no ccm-padding-size
Context
[Tree] (config>eth-tunnel>path>eth-cfm>mep ccm-padding-size)
[Tree] (config>lag>eth-cfm>mep ccm-padding-size)
Full Context
configure eth-tunnel path eth-cfm mep ccm-padding-size
configure lag eth-cfm mep ccm-padding-size
Description
This command inserts additional padding in the CCM packets.
The no form of this command reverts to the default.
Parameters
- ccm-padding
-
Specifies the additional padding in the CCM packets, in octets.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
ccm-padding-size
Syntax
ccm-padding-size ccm-padding
no ccm-padding-size ccm-padding
Context
[Tree] (config>service>ipipe>sap>eth-cfm>mep ccm-padding-size)
[Tree] (config>lag>eth-cfm>mep ccm-padding-size)
[Tree] (config>service>vpls>mesh-sdp>eth-cfm>mep ccm-padding-size)
[Tree] (config>service>epipe>sap>eth-cfm>mep ccm-padding-size)
[Tree] (config>port>ethernet>eth-cfm>mep ccm-padding-size)
[Tree] (config>service>vpls>spoke-sdp>eth-cfm>mep ccm-padding-size)
[Tree] (config>router>if>eth-cfm>mep ccm-padding-size)
[Tree] (config>service>epipe>spoke-sdp>eth-cfm>mep ccm-padding-size)
[Tree] (config>service>vpls>sap>eth-cfm>mep ccm-padding-size)
Full Context
configure service ipipe sap eth-cfm mep ccm-padding-size
configure lag eth-cfm mep ccm-padding-size
configure service vpls mesh-sdp eth-cfm mep ccm-padding-size
configure service epipe sap eth-cfm mep ccm-padding-size
configure port ethernet eth-cfm mep ccm-padding-size
configure service vpls spoke-sdp eth-cfm mep ccm-padding-size
configure router interface eth-cfm mep ccm-padding-size
configure service epipe spoke-sdp eth-cfm mep ccm-padding-size
configure service vpls sap eth-cfm mep ccm-padding-size
Description
Set the byte size of the optional Data TLV to be included in the ETH-CC PDU. This will increase the size of the ETH-CC PDU by the configured value. The base size of the ETH-CC PDU, including the Interface Status TLV and Port Status TLV, is 83 bytes not including the Layer Two encapsulation. CCM padding is not supported when the CCM-Interval is less than one second.
Default
no ccm-padding-size
Parameters
- ccm-padding
-
Specifies the byte size of the Optional Data TLV.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
ccm-padding-size
Syntax
ccm-padding-size ccm-padding
no ccm-padding-size
Context
[Tree] (config>service>ies>if>spoke-sdp>eth-cfm>mep ccm-padding-size)
[Tree] (config>service>ies>sub-if>grp-if>sap>eth-cfm>mep ccm-padding-size)
[Tree] (config>service>ies>if>sap>eth-cfm>mep ccm-padding-size)
Full Context
configure service ies interface spoke-sdp eth-cfm mep ccm-padding-size
configure service ies subscriber-interface group-interface sap eth-cfm mep ccm-padding-size
configure service ies interface sap eth-cfm mep ccm-padding-size
Description
Set the byte size of the optional Data TLV to be included in the ETH-CC PDU. This will increase the size of the ETH-CC PDU by the configured value. The base size of the ETH-CC PDU, including the Interface Status TLV and Port Status TLV, is 83 bytes not including the Layer Two encapsulation. CCM padding is not supported when the CCM-Interval is less than one second.
Default
ccm-padding-size
Parameters
- ccm-padding
-
Specifies the byte size of the Optional Data TLV.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
- configure service ies interface sap eth-cfm mep ccm-padding-size
- configure service ies interface spoke-sdp eth-cfm mep ccm-padding-size
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s
- configure service ies subscriber-interface group-interface sap eth-cfm mep ccm-padding-size
ccm-padding-size
Syntax
ccm-padding-size ccm-padding
no ccm-padding-size
Context
[Tree] (config>service>vprn>sub-if>grp-if>sap>eth-cfm>mep ccm-padding-size)
[Tree] (config>service>vprn>if>sap>eth-cfm>mep ccm-padding-size)
[Tree] (config>service>vprn>if>spoke-sdp>eth-cfm>mep ccm-padding-size)
Full Context
configure service vprn subscriber-interface group-interface sap eth-cfm mep ccm-padding-size
configure service vprn interface sap eth-cfm mep ccm-padding-size
configure service vprn interface spoke-sdp eth-cfm mep ccm-padding-size
Description
This command sets the byte size of the optional Data TLV to be included in the ETH-CC PDU. This will increase the size of the ETH-CC PDU by the configured value. The base size of the ETH-CC PDU, including the Interface Status TLV and Port Status TLV, is 83 bytes not including the Layer 2 encapsulation. CCM padding is not supported when the CCM-Interval is less than one second.
Parameters
- ccm-padding
-
Specifies the byte size of the Optional Data TLV.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s
- configure service vprn subscriber-interface group-interface sap eth-cfm mep ccm-padding-size
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
- configure service vprn interface sap eth-cfm mep ccm-padding-size
- configure service vprn interface spoke-sdp eth-cfm mep ccm-padding-size
ccm-padding-size
Syntax
ccm-padding-size ccm-padding
no ccm-padding-size
Context
[Tree] (config>eth-ring>path>eth-cfm>mep ccm-padding-size)
Full Context
configure eth-ring path eth-cfm mep ccm-padding-size
Description
This command inserts additional padding in the CCM packets.
The no form of the command reverts to the default.
Parameters
- ccm-padding
-
Specifies the additional padding in the CCM packets.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
ccm-tlv-ignore
ccm-tlv-ignore
Syntax
ccm-tlv-ignore [interface-status] [port-status]
no ccm-tlv-ignore
Context
[Tree] (config>lag>eth-cfm>mep ccm-tlv-ignore)
[Tree] (config>port>ethernet>eth-cfm>mep ccm-tlv-ignore)
[Tree] (config>router>if>eth-cfm>mep ccm-tlv-ignore)
Full Context
configure lag eth-cfm mep ccm-tlv-ignore
configure port ethernet eth-cfm mep ccm-tlv-ignore
configure router interface eth-cfm mep ccm-tlv-ignore
Description
This command allows the receiving MEP to ignore the specified TLVs in CCM PDU. Ignored TLVs will be reported as absent and will have no impact on the MEP state machine.
The no form of this command means the receiving MEP will process all recognized TLVs in the CCM PDU.
Default
no ccm-tlv-ignore
Parameters
- interface-status
-
Ignores the interface status TLV on reception.
- port-status
-
Ignores the port status TLV on reception.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
ccrt-replay
ccrt-replay
Syntax
ccrt-replay
Context
[Tree] (config>subscr-mgmt>diam-appl-plcy>gx ccrt-replay)
[Tree] (config>subscr-mgmt>diam-appl-plcy>gy ccrt-replay)
Full Context
configure subscriber-mgmt diameter-application-policy gx ccrt-replay
configure subscriber-mgmt diameter-application-policy gy ccrt-replay
Description
Commands in this context configure CCR-T replay. CCR-T replay is enabled with a no shutdown of this context. If a communication failure between client and server occurs, CCR-T replay enables the retransmission of CCR-T messages for a Gx or Gy session at a configured intervals until a valid response (CCA-t) is received or until the configured max-lifetime period expires, whichever comes first.
In Gx, replaying CCR-T messages ensures that the Gx session is cleared on the PCRF side in cases where the peering session to the PCRF was not available at the time that the initial and the first retransmitted CCR-T was sent.
In Gy, replaying CCR-T messages ensures that the final credit control usage reporting is not lost for billing by the OCS.
The subscriber host or session that triggered the Gx or Gy session that is in CCR-T replay mode is deleted from the system at the time that the initial CCR-T is sent. All resources associated with the subscriber host or session, such as queues, DHCP lease states, and PPPoE session states are released. The orphaned Gx and Gy sessions in replay mode are left in the system.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
cd
cd
Syntax
cd [file-url]
Context
[Tree] (file cd)
Full Context
file cd
Description
This command displays or changes the current working directory in the local file system.
Parameters
- file-url
-
Specifies the file URL.
- ..
-
signifies the parent directory. This can be used in place of an actual directory name in a directory-url.
- directory-url
-
Specifies the destination directory.
Platforms
All
ce-address
ce-address
Syntax
ce-address ip-address
no ce-address
Context
[Tree] (config>service>ipipe>spoke-sdp ce-address)
[Tree] (config>service>ipipe>sap ce-address)
Full Context
configure service ipipe spoke-sdp ce-address
configure service ipipe sap ce-address
Description
This command specifies the IP address of the CE device associated with an Ipipe SAP or spoke SDP. In the case of a SAP, it is the address of the CE device directly attached to the SAP. For a spoke SDP, it is the address of the CE device reachable through that spoke SDP (for example, attached to the SAP on the remote node). The address must be a host address (no subnet addresses are accepted) as there must be only one CE device attached to an Ipipe SAP. The CE address specified at one end of an Ipipe will be used in processing ARP messages at the other endpoint, as the router acts as a proxy for ARP messages.
On a 7450 ESS, this command specifies the IP address of the CE device associated with an Ipipe SAP. In the case of a SAP, it is the address of the CE device directly attached to the SAP. The address must be a host address (no subnet addresses are accepted) as there must be only one CE device attached to an Ipipe SAP. The CE address specified at one end of an Ipipe will be used in processing ARP messages at the other endpoint, as the router acts as a proxy for ARP messages.
Parameters
- ip-address
-
Specifies the IP address of the CE device associated with an Ipipe SAP.
Platforms
All
ce-address-discovery
ce-address-discovery
Syntax
ce-address-discovery
ce-address-discovery ipv6
no ce-address-discovery
Context
[Tree] (config>service>ipipe ce-address-discovery)
Full Context
configure service ipipe ce-address-discovery
Description
This command specifies whether the service automatically discovers the CE IP addresses.
When enabled, the addresses are automatically discovered on SAPs that support address discovery, and on the spoke SDPs. When enabled, addresses configuration on the Ipipe SAP and spoke SDPs are not allowed. If CE address discovery is required on an Ipipe service, the SAP should be created before either the spoke-SDP is administratively enabled or ce-address-discovery is configured.
If disabled, CE IP addresses must be manually configured for the SAPs to become operationally up.
Default
no ce-address-discovery
Parameters
- ipv6
-
The ipv6 keyword enables IPv6 CE address discovery support on the Ipipe so that both IPv4 and IPv6 address discovery are supported. If the ipv6 keyword is not included, then only IPv4 address discovery is supported and IPv6 packets are dropped.
Platforms
All
cem
cem
Syntax
cem
Context
[Tree] (config>service>cpipe>sap cem)
[Tree] (config>service>epipe>sap cem)
Full Context
configure service cpipe sap cem
configure service epipe sap cem
Description
Commands in this context specify circuit emulation (CEM) properties.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
- configure service cpipe sap cem
7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e
- configure service epipe sap cem
cem
Syntax
cem
Context
[Tree] (config>mirror>mirror-dest>sap cem)
Full Context
configure mirror mirror-dest sap cem
Description
Commands in this context specify circuit emulation (CEM) mirroring properties.
Ingress and egress options cannot be supported at the same time on a CEM encap-type SAP. The options must be configured in either the ingress or egress contexts.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
cert
cert
Syntax
cert cert-filename
no cert
Context
[Tree] (config>ipsec>cert-profile>entry cert)
Full Context
configure ipsec cert-profile entry cert
Description
This command specifies the file name of an imported certificate for the cert-profile entry.
The no form of this command removes the cert-file-name from the entry configuration.
Default
no cert
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
cert
Syntax
cert
Context
[Tree] (config>service>vprn>if>ipsec>ipsec-tunnel>dyn cert)
[Tree] (config>service>ies>if>ipsec>ipsec-tunnel>dyn cert)
[Tree] (config>router>if>ipsec>ipsec-tunnel>dyn cert)
[Tree] (config>service>vprn>if>sap>ipsec-gw cert)
[Tree] (config>service>ies>if>sap>ipsec-gw cert)
[Tree] (config>ipsec>trans-mode-prof>dyn cert)
Full Context
configure service vprn interface ipsec ipsec-tunnel dynamic-keying cert
configure service ies interface ipsec ipsec-tunnel dynamic-keying cert
configure router interface ipsec ipsec-tunnel dynamic-keying cert
configure service vprn interface sap ipsec-gw cert
configure service ies interface sap ipsec-gw cert
configure ipsec ipsec-transport-mode-profile dynamic-keying cert
Description
Commands in this context configure certificate parameters.
Platforms
VSR
- configure service ies interface ipsec ipsec-tunnel dynamic-keying cert
- configure router interface ipsec ipsec-tunnel dynamic-keying cert
- configure service vprn interface ipsec ipsec-tunnel dynamic-keying cert
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
- configure service ies interface sap ipsec-gw cert
- configure service vprn interface sap ipsec-gw cert
- configure ipsec ipsec-transport-mode-profile dynamic-keying cert
cert
Syntax
cert cert-filename
no cert
Context
[Tree] (config>system>security>tls>cert-profile>entry cert)
Full Context
configure system security tls cert-profile entry cert
Description
This command specifies the file name of an imported certificate for the cert-profile entry.
The no form of the command removes the certificate.
Default
no cert
Parameters
- cert-filename
-
Specifies the file name of the TLS certificate, up to 95 characters in length.
Platforms
All
cert
Syntax
cert cert-file-name [create]
no cert
Context
[Tree] (config>system>security>pki>cert-auto-upd cert)
Full Context
configure system security pki certificate-auto-update cert
Description
This command configures the imported certificate filename for the certificate automatic update.
The no form of this command removes the cert-file-name from the configuration.
Parameters
- cert-file-name
-
Specifies the filename of the certificate, up to 95 characters in length.
Platforms
All
cert-file
cert-file
Syntax
cert-file filename
no cert-file
Context
[Tree] (config>system>security>pki>ca-profile cert-file)
Full Context
configure system security pki ca-profile cert-file
Description
This command specifies the filename of a file in cf3:\system-pki\cert as the CA’s certificate of the ca-profile.
Notes:
-
The system will perform following checks against configured cert-file when a no shutdown command is issued:
-
Configured cert-file must be a DER formatted X.509v3 certificate file.
-
All non-optional fields defined in section 4.1 of RFC 5280 must exist and conform to the RFC 5280 defined format.
-
Check the version field to see if its value is 0x2.
-
Check The Validity field to see that if the certificate is still in validity period.
-
X509 basic constraints extension must exists, and CA Boolean must be True.
-
If Key Usage extension exists, then at least keyCertSign and cRLSign should be asserted.
-
If the certificate is not a self-signing certificate, then system will try to look for issuer’s CA’s certificate to verify if this certificate is signed by issuer’s CA; but if there is no such CA-profile configured, then system will just proceed with a warning message.
-
If the certificate is not a self-signing certificate, then system will try to look for issuer’s CA’s CRL to verify that it has not been revoked; but if there is no such CA-profile configured or there is no such CRL, then system will just proceed with a warning message.
If any of above checks fails, then the no shutdown command will fail.
-
-
Changing or removing of cert-file is only allowed when the ca-profile is in a shutdown state.
The no form of this command removes the filename from the configuration.
Parameters
- filename
-
Specifies a local CF card file URL.
Platforms
All
cert-profile
cert-profile
Syntax
cert-profile profile-name [create]
no cert-profile profile-name
Context
[Tree] (config ipsec cert-profile)
Full Context
configure ipsec cert-profile
Description
This command creates a new cert-profile or enters the configuration context of an existing cert-profile.
The no form of this command removes the profile name from the cert-profile configuration.
Parameters
- profile-name
-
Specifies the name of the certification profile up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
cert-profile
Syntax
cert-profile name
no cert-profile
Context
[Tree] (config router if ipsec ipsec-tun dyn cert cert-profile)
[Tree] (config service ies if sap ipsec-gw cert cert-profile)
[Tree] (config service vprn if sap ipsec-tun dyn cert cert-profile)
[Tree] (config service vprn if ipsec ipsec-tunnel dyn cert cert-profile)
[Tree] (config ipsec trans-mode-prof dyn cert cert-profile)
[Tree] (config service vprn if sap ipsec-gw cert cert-profile)
[Tree] (config service ies if ipsec ipsec-tunnel dyn cert cert-profile)
Full Context
configure router interface ipsec ipsec-tunnel dynamic-keying cert cert-profile
configure service ies interface sap ipsec-gw cert cert-profile
configure service vprn interface sap ipsec-tunnel dynamic-keying cert cert-profile
configure service vprn interface ipsec ipsec-tunnel dynamic-keying cert cert-profile
configure ipsec ipsec-transport-mode-profile dynamic-keying cert cert-profile
configure service vprn interface sap ipsec-gw cert cert-profile
configure service ies interface ipsec ipsec-tunnel dynamic-keying cert cert-profile
Description
This command specifies the name of certificate profile to be used for authentication.
The no form of this command removes the name from the configuration.
Parameters
- name
-
Specifies the profile name, up to 32 characters
Platforms
VSR
- configure router interface ipsec ipsec-tunnel dynamic-keying cert cert-profile
- configure service ies interface ipsec ipsec-tunnel dynamic-keying cert cert-profile
- configure service vprn interface ipsec ipsec-tunnel dynamic-keying cert cert-profile
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
- configure service vprn interface sap ipsec-gw cert cert-profile
- configure service ies interface sap ipsec-gw cert cert-profile
- configure service vprn interface sap ipsec-tunnel dynamic-keying cert cert-profile
- configure ipsec ipsec-transport-mode-profile dynamic-keying cert cert-profile
cert-profile
Syntax
cert-profile profile-name [create]
no cert-profile profile-name
Context
[Tree] (config system security tls cert-profile)
Full Context
configure system security tls cert-profile
Description
This command configures TLS certificate profile information. The certificate profile contains the certificates that are sent to the TLS peer (server or client) to authenticate itself. It is mandatory for the TLS server to send this information. The TLS client may optionally send this information upon request from the TLS server.
The no form of the command deletes the specified TLS certificate profile.
Parameters
- profile-name
-
Specifies the name of the TLS certificate profile, up to 32 characters in length.
- create
-
Keyword used to create the TLS certificate profile.
Platforms
All
cert-profile
Syntax
cert-profile name
no cert-profile
Context
[Tree] (config>system>security>tls>client-tls-profile cert-profile)
Full Context
configure system security tls client-tls-profile cert-profile
Description
This command assigns a TLS certificate profile to be used by the TLS client profile. This certificate is sent to the server for authentication of the client and public key.
The no form of the command removes the TLS certificate profile assignment.
Parameters
- name
-
Specifies the name of the TLS certificate profile, up to 32 characters in length.
Platforms
All
cert-profile
Syntax
cert-profile name
no cert-profile
Context
[Tree] (config>system>security>tls>server-tls-profile cert-profile)
Full Context
configure system security tls server-tls-profile cert-profile
Description
This command assigns a TLS certificate profile to be used by the TLS server profile. This certificate is sent to the client for authentication of the server and public key.
The no form of the command removes the TLS certificate profile assignment.
Parameters
- name
-
Specifies the name of the TLS certificate profile, up to 32 characters in length.
Platforms
All
cert-request
cert-request
Syntax
cert-request ca ca-profile-name current-key key-filename current-cert cert-filename [hash-alg hash-algorithm] newkey key-filename subject-dn subject-dn [domain-name domain-names] [ip-addr ip-address | ipv6-address] save-as save-path-of-result-cert
Context
[Tree] (admin>certificate>cmpv2 cert-request)
Full Context
admin certificate cmpv2 cert-request
Description
This command requests an additional certificate after the system has obtained the initial certificate from the CA.
The request is authenticated by a signature signed by the current-key, along with the current-cert. The hash algorithm used for signature is depends on the key type:
-
DSA key: SHA1
-
RSA key: MD5/SHA1/SHA224 | SHA256 | SHA384 | SHA512, by default is SHA1
In some cases, the CA may not return a certificate immediately, due to reasons such as request processing need manual intervention. In such cases, the admin certificate cmpv2 poll command can be used to poll the status of the request.
Parameters
- ca ca-profile-name
-
Specifies a ca-profile name which includes CMP server information up to 32 characters.
- current-key key-filename
-
Specifies corresponding certificate issued by the CA up to 95 characters.
- current-cert cert-filename
-
Specifies the file name of an imported certificate that is attached to the certificate request up to 95 characters.
- newkey key-filename
-
Specifies the file name of the imported key up to 95 characters.
- hash-alg hash-algorithm
-
Specifies the hash algorithm for RSA key.
- subject-dn dn
-
Specifies the subject of the requesting certificate up to 256 characters.
- save-as save-path-of-result-cert
-
Specifies the save full path name of saving the result certificate, up to 200 characters.
- domain-name domain-names
-
Specifies FQDNs for SubjectAltName of the requesting certificate, separated by commas, up to 512 characters.
- ip-addr ip-address | ipv6-address
-
Specifies an IPv4 or IPv6 address for SubjectAltName of the requesting certificate.
Platforms
All
cert-sync
cert-sync
Syntax
[no] cert-sync
Context
[Tree] (config>redundancy cert-sync)
Full Context
configure redundancy cert-sync
Description
This command automatically synchronizes the certificate/CRL/key when importing or generating (for the key). If a new CF card is inserted into slot3 into the backup CPM, the system will sync the whole system-pki directory from the active CPM.
Default
enabled
Platforms
All
certificate
certificate
Syntax
certificate certificate-file
no certificate
Context
[Tree] (config>app-assure>group>certificate-profile certificate)
Full Context
configure application-assurance group certificate-profile certificate
Description
This command indicated the file name of the certificate to be added to the profile.
The no form of this command removes the certificate from the profile.
Default
no certificate
Parameters
- certificate-file
-
Specifies the name of the certificate file, up to 95 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
certificate
Syntax
certificate
Context
[Tree] (admin certificate)
Full Context
admin certificate
Description
Commands in this context configure X.509 certificate related operational parameters. For information about CMPv6 admin certificate commands, see the 7450 ESS, 7750 SR, and VSR Multiservice Integrated Service Adapter and Extended Services Appliance Guide.
Platforms
All
certificate
Syntax
certificate
Context
[Tree] (debug certificate)
Full Context
debug certificate
Description
Commands in this context debug certificates.
Platforms
All
certificate
Syntax
certificate filename
Context
[Tree] (debug>ipsec certificate)
Full Context
debug ipsec certificate
Description
This command enables debug for certificate chain computation in cert-profile.
Parameters
- filename
-
Displays the filename of imported certificate, up to 95 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
certificate-auto-update
certificate-auto-update
Syntax
certificate-auto-update
Context
[Tree] (config>system>security>pki certificate-auto-update)
Full Context
configure system security pki certificate-auto-update
Description
This command configures automatic updates for the specified certificate. This must be an imported certificate.
Platforms
All
certificate-display-format
certificate-display-format
Syntax
certificate-display-format {ascii | utf8}
Context
[Tree] (config>system>security>pki certificate-display-format)
Full Context
configure system security pki certificate-display-format
Description
This command specifies the display format used for the Certificates and Certificate Revocation Lists.
Default
certificate-display-format ascii
Parameters
- ascii
-
Specifies the ASCII format to use for the Certificates and Certificate Revocation Lists.
- utf8
-
Specifies the UTF8 format to use for the Certificates and Certificate Revocation Lists.
Platforms
All
certificate-expiration-warning
certificate-expiration-warning
Syntax
certificate-expiration-warning hours [repeat repeat-hours]
no certificate-expiration-warning
Context
[Tree] (config>system>security>pki certificate-expiration-warning)
Full Context
configure system security pki certificate-expiration-warning
Description
With this command configured, the system issues two types of warnings related to certificate expiration:
-
BeforeExp — A warning message issued before certificate expire
-
AfterExp — A warning message issued when certificate expire
This command specifies when system will issue BeforeExp message before a certificate expires. For example, with certificate-expiration-warning 5, the system will issue a BeforeExp message 5 hours before a certificate expires. An optional repeat <repeat-hour> parameter will enable the system to repeat the BeforeExp message every hour until the certificate expires.
If the user only wants AfterExp, then certificate-expiration-warning 0 can be used to achieve this.
BeforeExp and AfterExp warnings can be cleared in following cases:
-
The certificate is reloaded by the admin certificate reload command. In this case, if the reloaded file is not expired, then AfterExp is cleared. And, if the reloaded file is outside of configured warning window, then the BeforeExp is also cleared.
-
When the ca-profile/ipsec-gw/ipsec-tunnel/cert-profile is shutdown, then BeforeExp and AfterExp of corresponding certificates are cleared.
-
When no certificate-expiration-warning command is configured, then all existing BeforeExp and AfterExp are cleared.
-
Users may change the configuration of the certificate-expiration-warning so that certain certificates are no longer in the warning window. BeforeExp of corresponding certificates are cleared.
-
If the system time changes so that the new time causes the certificates to no longer be in the warning window, then BeforeExp is cleared. If the new time causes an expired certificate to come non-expired, then AfterExp is cleared.
Default
no certificate-expiration-warning
Parameters
- hours
-
Specifies the amount of time before a certificate expires when system issues BeforeExp.
- repeat-hours
-
Specifies the time the system will repeat BeforeExp every repeat-hour.
Platforms
All
certificate-profile
certificate-profile
Syntax
certificate-profile cert-prof-name [create]
no certificate-profile cert-prof-name
Context
[Tree] (config app-assure group certificate-profile)
Full Context
configure application-assurance group certificate-profile
Description
This command creates a certificate profile to be used for certificate-based encryption in HTTP header enrichment.
The no form of this command removes the certificate profile.
Parameters
- cert-profile-name
-
Specifies the name of the profile, up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
certificate-update-profile
certificate-update-profile
Syntax
certificate-update-profile profile-name [create]
no certificate-profile profile-name
Context
[Tree] (config system security pki certificate-update-profile)
Full Context
configure system security pki certificate-update-profile
Description
Commands in this context configure a certificate update profile that specifies the behavior of the automatic update certificate.
The no form of this command removes the profile.
Parameters
- profile-name
-
Specifies the name of the profile, up to 32 characters.
- create
- Mandatory keyword to create a certificate update profile.
Platforms
All
cflash-cap-alarm
cflash-cap-alarm
Syntax
cflash-cap-alarm cflash-id rising-threshold threshold [falling-threshold threshold] interval seconds [rmon-event-type] [startup-alarm alarm-type]
no cflash-cap-alarm cflash-id
Context
[Tree] (config>system>thresholds cflash-cap-alarm)
Full Context
configure system thresholds cflash-cap-alarm
Description
This command enables capacity monitoring of the compact flash specified in this command. The severity level is alarm. Both a rising and falling threshold can be specified.
The no form of this command removes the configured compact flash threshold alarm.
Parameters
- cflash-id
-
Specifies the name of the cflash device to be monitored.
- rising-threshold threshold
-
Specifies a threshold for the sampled statistic. When the current sampled value is greater than or equal to this threshold, and the value at the last sampling interval was less than this threshold, a single threshold crossing event will be generated. A single threshold crossing event will also be generated if the first sample taken is greater than or equal to this threshold and the associated startup-alarm is equal to rising or either.
After a rising threshold crossing event is generated, another such event will not be generated until the sampled value falls below this threshold and reaches less than or equal to the falling-threshold value.
The threshold value represents units of 512 bytes.
- falling-threshold threshold
-
Specifies a threshold for the sampled statistic. When the current sampled value is less than or equal to this threshold, and the value at the last sampling interval was greater than this threshold, a single threshold crossing event will be generated. A single threshold crossing event will also be generated if the first sample taken is less than or equal to this threshold and the associated startup-alarm is equal to falling or either.
After a falling threshold crossing event is generated, another such event will not be generated until the sampled value rises above this threshold and reaches greater than or equal to the rising-threshold value.
The threshold value represents units of 512 bytes.
- seconds
-
Specifies the polling period, in seconds, over which the data is sampled and compared with the rising and falling thresholds.
- rmon-event-type
-
Specifies the type of notification action to be taken when this event occurs.
- alarm-type
-
Specifies the alarm that may be sent when this alarm is first created
If the first sample is greater than or equal to the rising threshold value and startup-alarm is equal to rising or either, a single rising threshold crossing event is generated.
If the first sample is less than or equal to the falling threshold value and startup-alarm is equal to falling or either, a single falling threshold crossing event is generated.
Platforms
All
cflash-cap-alarm-pct
cflash-cap-alarm-pct
Syntax
cflash-cap-alarm-pct cflash-id rising-threshold percentage [falling-threshold percentage] interval seconds [rmon-event-type event-type] [startup-alarm alarm-type]
no cflash-cap-alarm-pct cflash-id
Context
[Tree] (config>system>thresholds cflash-cap-alarm-pct)
Full Context
configure system thresholds cflash-cap-alarm-pct
Description
This command enables capacity monitoring of the compact flash specified in this command. The usage is monitored as a percentage of the capacity of the compact flash. The severity level is alarm. Both a rising and falling threshold can be specified.
The no form of this command removes the configured compact flash threshold alarm.
Parameters
- cflash-id
-
Specifies the name of the cflash device to be monitored.
- rising-threshold percentage
-
Specifies a threshold for the sampled statistic. When the current sampled value is greater than or equal to this threshold, and the value at the last sampling interval was less than this threshold, a single threshold crossing event will be generated. A single threshold crossing event will also be generated if the first sample taken is greater than or equal to this threshold and the associated startup-alarm is equal to rising or either.
After a rising threshold crossing event is generated, another such event will not be generated until the sampled value falls below this threshold and reaches less than or equal to the falling-threshold value.
The threshold value is the percentage of used space versus capacity for the specified compact flash.
- falling-threshold percentage
-
Specifies a threshold for the sampled statistic. When the current sampled value is less than or equal to this threshold, and the value at the last sampling interval was greater than this threshold, a single threshold crossing event will be generated. A single threshold crossing event will also be generated if the first sample taken is less than or equal to this threshold and the associated startup-alarm is equal to falling or either.
After a falling threshold crossing event is generated, another such event will not be generated until the sampled value rises above this threshold and reaches greater than or equal to the rising-threshold value.
The threshold value is the percentage of used space versus capacity for the specified compact flash.
- seconds
-
Specifies the polling period, in seconds, over which the data is sampled and compared with the rising and falling thresholds.
- event-type
-
Specifies the type of notification action to be taken when this event occurs.
- alarm-type
-
Specifies the alarm that may be sent when this alarm is first created.
If the first sample is greater than or equal to the rising threshold value and startup-alarm is equal to rising or either, a single rising threshold crossing event is generated.
If the first sample is less than or equal to the falling threshold value and startup-alarm is equal to falling or either, a single falling threshold crossing event is generated.
Platforms
All
cflash-cap-warn
cflash-cap-warn
Syntax
cflash-cap-warn cflash-id rising-threshold threshold [falling-threshold threshold] interval seconds [rmon-event-type] [startup-alarm alarm-type]
no cflash-cap-warn cflash-id
Context
[Tree] (config>system>thresholds cflash-cap-warn)
Full Context
configure system thresholds cflash-cap-warn
Description
This command enables capacity monitoring of the compact flash specified in this command.
The severity level is warning. Both a rising and falling threshold can be specified. The no form of this command removes the configured compact flash threshold warning.
Parameters
- cflash-id
-
Specifies that the cflash-id specifies the name of the cflash device to be monitored.
- rising-threshold threshold
-
Specifies a threshold for the sampled statistic. When the current sampled value is greater than or equal to this threshold, and the value at the last sampling interval was less than this threshold, a single threshold crossing event will be generated. A single threshold crossing event will also be generated if the first sample taken is greater than or equal to this threshold and the associated startup-alarm is equal to rising or either.
After a rising threshold crossing event is generated, another such event will not be generated until the sampled value falls below this threshold and reaches less than or equal to the falling-threshold value.
The threshold value represents units of 512 bytes.
- falling-threshold threshold
-
Specifies a threshold for the sampled statistic. When the current sampled value is less than or equal to this threshold, and the value at the last sampling interval was greater than this threshold, a single threshold crossing event will be generated. A single threshold crossing event will also be generated if the first sample taken is less than or equal to this threshold and the associated startup-alarm is equal to falling or either.
After a falling threshold crossing event is generated, another such event will not be generated until the sampled value rises above this threshold and reaches greater than or equal to the rising-threshold value.
The threshold value represents units of 512 bytes.
- seconds
-
Specifies the polling period over which the data is sampled and compared with the rising and falling thresholds.
- rmon-event-type
-
Specifies the type of notification action to be taken when this event occurs.
- alarm-type
-
Specifies the alarm that may be sent when this alarm is first created. If the first sample is greater than or equal to the rising threshold value and startup-alarm is equal to rising or either, a single rising threshold crossing event is generated.
If the first sample is less than or equal to the falling threshold value and startup-alarm is equal to falling or either, a single falling threshold crossing event is generated.
Platforms
All
cflash-cap-warn-pct
cflash-cap-warn-pct
Syntax
cflash-cap-warn-pct cflash-id rising-threshold percentage [falling-threshold percentage] interval seconds [rmon-event-type event-type] [startup-alarm alarm-type]
no cflash-cap-warn-pct cflash-id
Context
[Tree] (config>system>thresholds cflash-cap-warn-pct)
Full Context
configure system thresholds cflash-cap-warn-pct
Description
This command enables capacity monitoring of the compact flash specified in this command. The usage is monitored as a percentage of the capacity of the compact flash.
The severity level is warning. Both a rising and falling threshold can be specified. The no form of this command removes the configured compact flash threshold warning.
Parameters
- cflash-id
-
Specifies that the cflash-id specifies the name of the cflash device to be monitored.
- rising-threshold percentage
-
Specifies a threshold for the sampled statistic. When the current sampled value is greater than or equal to this threshold, and the value at the last sampling interval was less than this threshold, a single threshold crossing event will be generated. A single threshold crossing event will also be generated if the first sample taken is greater than or equal to this threshold and the associated startup-alarm is equal to rising or either.
After a rising threshold crossing event is generated, another such event will not be generated until the sampled value falls below this threshold and reaches less than or equal to the falling-threshold value.
The threshold value is the percentage of used space versus capacity for the specified compact flash.
- falling-threshold percentage
-
Specifies a threshold for the sampled statistic. When the current sampled value is less than or equal to this threshold, and the value at the last sampling interval was greater than this threshold, a single threshold crossing event will be generated. A single threshold crossing event will also be generated if the first sample taken is less than or equal to this threshold and the associated startup-alarm is equal to falling or either.
After a falling threshold crossing event is generated, another such event will not be generated until the sampled value rises above this threshold and reaches greater than or equal to the rising-threshold value.
The threshold value is the percentage of used space versus capacity for the specified compact flash.
- seconds
-
Specifies the polling period over which the data is sampled and compared with the rising and falling thresholds.
- event-type
-
Specifies the type of notification action to be taken when this event occurs.
- alarm-type
-
Specifies the alarm that may be sent when this alarm is first created. If the first sample is greater than or equal to the rising threshold value and startup-alarm is equal to rising or either, a single rising threshold crossing event is generated.
If the first sample is less than or equal to the falling threshold value and startup-alarm is equal to falling or either, a single falling threshold crossing event is generated.
Platforms
All
cflowd
cflowd
Syntax
[no] cflowd
Context
[Tree] (config>service>epipe>sap cflowd)
Full Context
configure service epipe sap cflowd
Description
This command enables cflowd to collect traffic flow samples through a service interface (SAP) for analysis. When cflowd is enabled on an Ethernet service SAP, the Ethernet traffic can be sampled and processed by the system’s cflowd engine and exported to IPFIX collectors with the l2-ip template enabled.
cflowd is used for network planning and traffic engineering, capacity planning, security, application and user profiling, performance monitoring, usage-based billing, and SLA measurement. When cflowd is enabled at the SAP level, all packets forwarded by the interface are subjected to analysis according to the cflowd configuration.
For L2 services, only ingress sampling is supported.
Default
no cflowd
Platforms
All
cflowd
Syntax
[no] cflowd
Context
[Tree] (config>service>vpls>sap cflowd)
Full Context
configure service vpls sap cflowd
Description
This command enables cflowd to collect traffic flow samples through a service interface (SAP) for analysis. When cflowd is enabled on an Ethernet service SAP, the Ethernet traffic can be sampled and processed by the system’s cflowd engine and exported to IPFIX collectors with the l2-ip template enabled.
cflowd is used for network planning and traffic engineering, capacity planning, security, application and user profiling, performance monitoring, usage-based billing, and SLA measurement. When cflowd is enabled at the SAP level, all packets forwarded by the interface are subjected to analysis according to the cflowd configuration.
For Layer 2 services, only ingress sampling is supported.
Default
no cflowd
Platforms
All
cflowd
Syntax
cflowd
Context
[Tree] (config>app-assure>group cflowd)
Full Context
configure application-assurance group cflowd
Description
Commands in this context configure cflowd parameters for the application assurance group.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
cflowd
Syntax
[no] cflowd
Context
[Tree] (config cflowd)
Full Context
configure cflowd
Description
This command creates the context to configure cflowd.
The no form of this command removes all configuration under cflowd including the deletion of all configured collectors. This can only be executed if cflowd is in a shutdown state.
Default
no cflowd
Platforms
All
cflowd-parameters
cflowd-parameters
Syntax
cflowd-parameters
Context
[Tree] (config>service>ies>if cflowd-parameters)
[Tree] (config>service>ies>sub-if>grp-if cflowd-parameters)
[Tree] (config>service>vprn>sub-if>grp-if cflowd-parameters)
Full Context
configure service ies interface cflowd-parameters
configure service ies subscriber-interface group-interface cflowd-parameters
configure service vprn subscriber-interface group-interface cflowd-parameters
Description
This command creates the configuration context to configure cflowd parameters for the associated IP interfaces.
cflowd is used for network planning and traffic engineering, capacity planning, security, application and user profiling, performance monitoring, usage-based billing, and SLA measurement. When Cflowd is enabled at the interface level, all packets forwarded by the interface are subjected to analysis according to the cflowd configuration.
At a minimum, the sampling command must be configured within this context in order to enable cflowd sampling, otherwise traffic sampling will not occur.
Default
no cflowd-parameters
Platforms
All
- configure service ies interface cflowd-parameters
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
- configure service vprn subscriber-interface group-interface cflowd-parameters
- configure service ies subscriber-interface group-interface cflowd-parameters
cflowd-parameters
Syntax
cflowd-parameters
Context
[Tree] (config>service>vprn>if cflowd-parameters)
[Tree] (config>service>vprn>nw-if cflowd-parameters)
Full Context
configure service vprn interface cflowd-parameters
configure service vprn network-interface cflowd-parameters
Description
This command creates the configuration context to configure cflowd parameters for the associated IP interfaces.
cflowd is used for network planning and traffic engineering, capacity planning, security, application and user profiling, performance monitoring, usage-based billing, and SLA measurement.
At a minimum, the sampling command must be configured within this context in order to enable cflowd sampling, otherwise traffic sampling will not occur.
Default
no cflowd-parameters
Platforms
All
cflowd-parameters
Syntax
cflowd-parameters
Context
[Tree] (config>router>if cflowd-parameters)
Full Context
configure router interface cflowd-parameters
Description
This command creates the configuration context to configure cflowd parameters for the associated IP interfaces.
cflowd is used for network planning and traffic engineering, capacity planning, security, application and user profiling, performance monitoring, usage-based billing, and SLA measurement.
At a minimum, the sampling command must be configured within this context in order to enable cflowd sampling, otherwise traffic sampling will not occur.
Default
no cflowd-parameters
Platforms
All
cfm-mac-advertisement
cfm-mac-advertisement
Syntax
[no] cfm-mac-advertisement
Context
[Tree] (config>service>vpls>bgp-evpn cfm-mac-advertisement)
Full Context
configure service vpls bgp-evpn cfm-mac-advertisement
Description
This command enables the advertisement and withdrawal, as appropriate, of the IEEE MAC address associated with the MP (MEP and MIP) created on a SAP, Spoke or Mesh, in an EVPN service.
The up-date occurs each time an MP is added or deleted, or an IEEE MAC address is changed for an MP on a SAP, Spoke or Mesh within the service. The size of the update depends on the number of MPs in the service affected by the modification.
Only enable this functionality, as required, for services that require a resident MAC address to properly forward unicast traffic and that do not perform layer two MAC learning as part of the data plane.
Local MP IEEE MAC addresses are not stored in the local FDB and, as such, cannot be advertised through a control plane to a peer without this command.
The no version of the command disables the functionality and withdraws all previously advertised MP IEEE MAC addresses.
Platforms
All
cfm-opcode
cfm-opcode
Syntax
cfm-opcode {lt | gt | eq} opcode
cfm-opcode range start end
no cfm-opcode
Context
[Tree] (config>system>security>mgmt-access-filter>mac-filter>entry>match cfm-opcode)
Full Context
configure system security management-access-filter mac-filter entry match cfm-opcode
Description
This command specifies the type of opcode checking to be performed.
If the cfm-opcode match condition is configured then a check must be made to see if the Ethertype is either IEEE802.1ag or Y1731. If the Ethertype does not match then the packet is not CFM and no match to the cfm-opcode is attempted.
The CFM (ieee802.1ag or Y1731) opcode can be assigned as a range with a start and an end number or with a (less than lt, greater than gt, or equal to eq) operator.
If no range with a start and an end or operator (lt, gt, eq) followed by an opcode with the value between 0 and 255 is defined then the command is invalid.
Opcode Values lists the opcode values.
CFM PDU or Organization |
Acronym |
Configurable Numeric Value (Range) |
---|---|---|
Reserved for IEEE 802.1 0 |
0 |
|
Continuity Check Message |
CCM |
1 |
Loopback Reply |
LBR |
2 |
Loopback Message |
LBM |
3 |
Linktrace Reply |
LTR |
4 |
Linktrace Message |
LTM |
5 |
Reserved for IEEE 802.1 |
6 – 31 |
|
Reserved for ITU |
32 |
|
AIS |
33 |
|
Reserved for ITU |
34 |
|
LCK |
35 |
|
Reserved for ITU |
36 |
|
TST |
37 |
|
Reserved for ITU |
38 |
|
APS |
39 |
|
Reserved for ITU |
40 |
|
MCC |
41 |
|
LMR |
42 |
|
LMM |
43 |
|
Reserved for ITU |
44 |
|
1DM |
45 |
|
DMR |
46 |
|
DMM |
47 |
|
Reserved for ITU |
48 – 63 |
|
Reserved for IEEE 802.1 0 |
64 - 255 |
Defined by ITU-T Y.1731 32 - 63
Defined by IEEE 802.1. 64 - 255
Default
no cfm-opcode
Parameters
- opcode
-
Specifies the opcode checking to be performed.
- start
-
specifies the start number.
- end
-
Specifies the end number.
- lt | gt | eq
-
Specifies comparison operators.
Platforms
All
cfm-vlan-tag
cfm-vlan-tag
Syntax
cfm-vlan-tag qtag1[.qtag2]
no cfm-vlan-tag
Context
[Tree] (config>service>vpls>eth-cfm>mep cfm-vlan-tag)
[Tree] (config>service>epipe>spoke-sdp>eth-cfm>mep cfm-vlan-tag)
[Tree] (config>service>vpls>mesh-sdp>eth-cfm>mep cfm-vlan-tag)
[Tree] (config>service>vpls>sap>eth-cfm>mep cfm-vlan-tag)
[Tree] (config>service>vpls>spoke-sdp>eth-cfm>mep cfm-vlan-tag)
[Tree] (config>service>epipe>sap>eth-cfm>mep cfm-vlan-tag)
Full Context
configure service vpls eth-cfm mep cfm-vlan-tag
configure service epipe spoke-sdp eth-cfm mep cfm-vlan-tag
configure service vpls mesh-sdp eth-cfm mep cfm-vlan-tag
configure service vpls sap eth-cfm mep cfm-vlan-tag
configure service vpls spoke-sdp eth-cfm mep cfm-vlan-tag
configure service epipe sap eth-cfm mep cfm-vlan-tag
Description
This command configures VLAN tags to apply to locally-generated CFM PDUs for egress processing.
The no form of the command removes the qtags from the configuration.
Parameters
- qtag1
-
Specifies the outer VLAN ID.
- qtag2
-
Specifies the inner VLAN ID and can only be specified if qtag1 is configured.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
chain-to-system-filter
chain-to-system-filter
Syntax
[no] chain-to-system-filter
Context
[Tree] (config>filter>ipv6-filter chain-to-system-filter)
[Tree] (config>filter>ip-filter chain-to-system-filter)
Full Context
configure filter ipv6-filter chain-to-system-filter
configure filter ip-filter chain-to-system-filter
Description
This command chains this filter to a currently active system filter. When the filter is chained to the system filter, the system filter rules are executed first, and the filter rules are only evaluated if no match on the system filter was found.
The no form of the command detaches this filter from the system filter.
Operational note:
If no system filter is currently active, the command has no effect.
Default
no chain-to-system-filter
Platforms
All
challenge
challenge
Syntax
challenge {always}
no challenge
Context
[Tree] (config>router>l2tp challenge)
[Tree] (config>service>vprn>l2tp challenge)
Full Context
configure router l2tp challenge
configure service vprn l2tp challenge
Description
This command configures the use of challenge-response authentication.
The no form of this command reverts to the default never value.
Default
no challenge
Parameters
- always
-
Specifies that the challenge-response authentication is always used.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
challenge
Syntax
challenge always
no challenge
Context
[Tree] (config>service>vprn>l2tp>group challenge)
Full Context
configure service vprn l2tp group challenge
Description
This command configures the use of challenge-response authentication.
The no form of this command reverts to the default never value.
Default
no challenge
Parameters
- always
-
Specifies when challenge-response is to be used for the authentication of the tunnels in this L2TP group.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
challenge
Syntax
challenge {always | never}
no challenge
Context
[Tree] (config>service>vprn>l2tp>group>tunnel challenge)
Full Context
configure service vprn l2tp group tunnel challenge
Description
This command configures the use of challenge-response authentication.
The no form of this command removes the parameter from the configuration and indicates that the value on group level will be taken.
Default
no challenge
Parameters
- always
-
Specifies that challenge-response authentication should always be used for the tunnel.
- never
-
Specifies that challenge-response authentication should never be used for the tunnel.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
change-reporting-action
change-reporting-action
Syntax
change-reporting-action reporting-action
no change-reporting-action
Context
[Tree] (config>subscr-mgmt>gtp>peer-profile change-reporting-action)
Full Context
configure subscriber-mgmt gtp peer-profile change-reporting-action
Description
This command specifies the value of the change reporting action IE sends to the peer in applicable messages. The peer needs to indicate support first using the appropriate flag in the indication IE.
This is overridden by AAA, if AAA explicitly request notification changes for either ECGI, TAI or both. If AAA does not request any notification changes or only the generic location change, the configured value is used.
The no form of this command indicates that the IE is not sent, unless specified by AAA.
Default
no change-reporting-action
Parameters
- reporting-action
-
Specifies the reporting action value as per TS 29.274.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
channel
channel
Syntax
channel ip-address [ip-address] [create]
no channel ip-address [ip-address]
Context
[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle channel)
Full Context
configure mcast-management multicast-info-policy bundle channel
Description
This command defines explicit channels or channel ranges that are associated with the containing bundle. A channel or channel range is defined by their destination IP addresses. A channel may be defined using either IPv4 or IPv6 addresses. If a channel range is being defined, both the start and ending addresses must be the same type.
A specific channel may only be defined within a single channel or channel range within the multicast information policy. A defined channel range cannot overlap with an existing channel range.
If a channel range is to be shortened, extended, split or moved to another bundle, it must first be removed from its existing bundle.
Each specified channel range creates a containing context for any override parameters for the channel range. By default, no override parameters exist.
The no form of this command removes the specified multicast channel from the containing bundle.
Parameters
- ip-address
-
Specifies the starting and ending destination IP addresses for a channel range. If only the start channel ip-address parameter is given, the channel ranges comprises of a single multicast channel.
If both the starting and ending address are specified, all addresses within the range including the specified address are part of the channel range.
IPv4 or IPv6 addresses may be defined. All specified addresses must be valid multicast destination addresses. The starting IP address must be numerically lower than the ending IP address.
- create
-
This keyword is required if creating a new multicast channel range when the system is configured to require the explicit use of the keyword to prevent accidental object creation. Objects may be accidentally created when this protection is disabled and an object name is mistyped when attempting to edit the object. This keyword is not required when the protection is disabled. The keyword is ignored when the specified channel range already exists.
Platforms
All
channel
Syntax
channel mcast-address source ip-address [channel-name channel-name]
no channel mcast-address source ip-address
Context
[Tree] (config>service>ies>video-interface channel)
[Tree] (config>service>vprn>video-interface channel)
Full Context
configure service ies video-interface channel
configure service vprn video-interface channel
Description
This command configures channel parameters for ad insertion.
Parameters
- mcast-address
-
Specifies the multicast address.
- source ip-address
-
Specifies the source IP address.
- channel-name channel-name
-
Specifies the channel name up to 32 characters in length.
Platforms
7450 ESS, 7750 SR, 7750 SR-s
channel
Syntax
channel start-address end-address bw bandwidth [class class] [type type] [source prefix/prefix-length]
no channel start-address end-address [source prefix/prefix-length]
Context
[Tree] (config>router>mcac>policy>bundle channel)
Full Context
configure router mcac policy bundle channel
Description
This command creates a multicast channel within the bundle where it is configured. A join for a particular multicast channel can be accepted if:
-
Mandatory channels:
A sufficient bandwidth exists on the interface according to the policy settings for the interface. There is always sufficient BW available on the bundle level because mandatory channels get BW pre-reserved.
-
Optional channels:
A sufficient BW exists on both interface and bundle level.
A channel definition can be either IPv4 (start-address, end-address, source-address are IPv4 addresses) or IPv6. A single bundle can have either IPv4 or IPv6 or IPv6 and IPv4 channel definitions. A single policy can mix any of those bundles.
Overlapping channels are not allowed. Two channels overlap if they contain same groups and the same source address prefix (or both do not specify source address prefix). Two channels with same groups and different source prefixes (including one of the channels having no source configured or one of the channels having more specific prefix than the other) do not overlap and are treated as separate channels.
When joining a group from multiple sources, MCAC accounts for that only once when no source address is specified or a prefix for channel covers both sources. Channel BW should be adjusted accordingly or source-aware channel definition should be used if that is not desired.
If a bundle is removed, the channels associated are also removed and every multicast group that was previously policed (because it was in the bundle that contained the policy) becomes free of constraints.
When a new bundle is added to a MCAC policy, the bundle’s established groups on a given interfaces are accounted by the policy. Even if this action results in exceeding the bundle’s constrain, no active multicast groups are removed. When a leave message is received for an existing optional channel, then the multicast stream is pruned and subsequent new joins may be denied in accordance with the policy. It is possible that momentarily there may be insufficient bandwidth, even for mandatory channels, in this bundle.
Parameters
- start-address
-
Specifies the beginning multicast IP address that identifies a multicast stream (BTV channel). Both addresses have to be either IPv4 or IPv6.
- end-address
-
Specifies the ending multicast IP address that identifies a multicast stream (BTV channel). Both addresses have to be either IPv4 or IPv6.
- prefix/prefix-length
-
Specifies the source of the multicast IP stream. This must be a valid IPv4 or IPv6 multicast source address prefix.
- bandwidth
-
Specifies the bandwidth required by this channel in kb/s. If this bandwidth is configured for a mandatory channel then this bandwidth is reserved by subtracting the amount from the total available bandwidth for all potential egress interfaces and the bundle.
If this bandwidth is configured as an optional channel then this bandwidth must be available for both the bundle and the egress interface requesting the channel to be added. Once the channel has been added the available bandwidth for the bundle and the interface must be reduced by the configured bandwidth of channel.
- class
-
Provides deeper classification of channels used in the algorithm when LAG ports change state.
- type
-
Specifies the channel to be either mandatory or optional.
mandatory — When the mandatory keyword is specified, then the bandwidth is reserved by subtracting it from the total available for all the potential egress interfaces and the bundle.
optional — When the optional keyword is specified then the bandwidth must be available on both the bundle and the egress interface that requests the channel to be added. Once the channel has been added the available bandwidth for the bundle and the interface must be reduced by the configured bandwidth of channel.
Platforms
All
channel-group
channel-group
Syntax
[no] channel-group channel-group-id
Context
[Tree] (config>port>tdm>ds1 channel-group)
[Tree] (config>port>tdm>e1 channel-group)
Full Context
configure port tdm ds1 channel-group
configure port tdm e1 channel-group
Description
This command creates DS0 channel groups in a channelized DS1 or E1 circuit. Channel groups cannot be further subdivided.
The no form of this command deletes the specified DS1 or E1 channel.
Parameters
- channel-group-id
-
Identifies the channel-group ID number.
Platforms
7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e
channelized
channelized
Syntax
channelized {ds1 | e1}
no channelized
Context
[Tree] (config>port>tdm>ds3 channelized)
Full Context
configure port tdm ds3 channelized
Description
This command specifies that the associated DS-3 is a channelized DS-3 with DS-1/E-1 sub-channels. Depending on the MDA type, the DS-3 parameters must be disabled if clear channel is the default (for example, on m12-ds3 MDAs). Clear channel is a channel that uses out-of-band signaling, not in-band signaling, so the channel's entire bit rate is available. Channelization must be explicitly specified. The no form specifies the associated DS-3 is a clear channel circuit and cannot contain sub-channel DS-1s/E-1s. The sub-channels must be deleted first before the no command is executed.
Default
no channelized.
Parameters
- ds1
-
Specifies that the channel is DS-1.
- e1
-
Specifies that the channel is E-1.
Platforms
7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e
chap-challenge-length
chap-challenge-length
Syntax
chap-challenge-length min length max length
no chap-challenge-length
Context
[Tree] (config>router>l2tp>group>ppp chap-challenge-length)
[Tree] (config>router>l2tp>group>tunnel>ppp chap-challenge-length)
[Tree] (config>service>vprn>l2tp>group>tunnel chap-challenge-length)
Full Context
configure router l2tp group ppp chap-challenge-length
configure router l2tp group tunnel ppp chap-challenge-length
configure service vprn l2tp group tunnel chap-challenge-length
Description
This command configures the maximum and minimum PPP CHAP challenge length.
The no form of this command reverts to the default value.
Default
chap-challenge-length min 32 max 64
Parameters
- min length
-
Specifies the minimum PPP CHAP challenge length.
- max length
-
Specifies the maximum PPP CHAP challenge length.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
chap-challenge-length
Syntax
chap-challenge-length min length max length
no chap-challenge-length
Context
[Tree] (config>service>vprn>l2tp>group>ppp chap-challenge-length)
Full Context
configure service vprn l2tp group ppp chap-challenge-length
Description
This command configures the maximum and minimum PPP CHAP challenge length.
The no form of this command reverts to the default value.
Default
chap-challenge-length min 32 max 64
Parameters
- min length
-
Specifies the minimum PPP CHAP challenge length.
- max length
-
Specifies the maximum PPP CHAP challenge length.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
characteristic
characteristic
Syntax
characteristic characteristic-name value value-name
no characteristic characteristic-name
Context
[Tree] (config>app-assure>group>policy-override>policy characteristic)
Full Context
configure application-assurance group policy-override policy characteristic
Description
This command configure an override characteristic and value.
Parameters
- characteristic-name
-
Specifies the characteristic name, up to 32 characters.
- value-name
-
Specifies the override characteristic value for the application profile characteristic used by the Application assurance subscriber.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
characteristic
Syntax
characteristic characteristic-name value value-name
no characteristic characteristic-name
Context
[Tree] (config>app-assure>group>policy>app-profile characteristic)
Full Context
configure application-assurance group policy app-profile characteristic
Description
This command assigns one of the existing values of an existing application service option characteristic to the application profile.
The no form of this command removes the characteristic from the application profile.
Parameters
- characteristic-name
-
Specifies the name of an existing ASO characteristic.
- value-name
-
Specifies the name for the application profile characteristic up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
characteristic
Syntax
characteristic characteristic-name {eq | neq} value-name
no characteristic characteristic-name
Context
[Tree] (config>app-assure>group>policy>aqp>entry>match characteristic)
Full Context
configure application-assurance group policy app-qos-policy entry match characteristic
Description
This command adds an existing characteristic and its value to the match criteria used by this AQP entry.
The no form of this command removes the characteristic from match criteria for this AQP entry.
Parameters
- eq
-
Specifies that the value configured and the value in the flow are equal.
- neq
-
Specifies that the value configured differs from the value in the flow.
- characteristic-name
-
Specifies the name of the existing ASO characteristic, up to 32 characters in length.
- value-name
-
Specifies the name of an existing value for the characteristic, up to 32 characters in length.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
characteristic
Syntax
characteristic characteristic-name [create]
no characteristic characteristic-name
Context
[Tree] (config>app-assure>group>policy>aso characteristic)
Full Context
configure application-assurance group policy app-service-options characteristic
Description
This command creates the characteristic of the application service options.
The no form of this command deletes characteristic option. To delete a characteristic, it must not be referenced by other components of application assurance.
Parameters
- characteristic-name
-
Specifies a string of up to 32 characters uniquely identifying this characteristic.
- create
-
Mandatory keyword used to create when creating a characteristic. The create keyword requirement can be enabled or disabled in the environment>create context.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
charging-characteristics
charging-characteristics
Syntax
charging-characteristics
Context
[Tree] (config>subscr-mgmt>gtp>peer-profile charging-characteristics)
Full Context
configure subscriber-mgmt gtp peer-profile charging-characteristics
Description
Commands in this context configure charging characteristics.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
charging-filter
charging-filter
Syntax
charging-filter
Context
[Tree] (config>app-assure>group>policy charging-filter)
Full Context
configure application-assurance group policy charging-filter
Description
Commands in this context configure a charging filter for application assurance.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
charging-group
charging-group
Syntax
charging-group charging-group-name
no charging-group
Context
[Tree] (config>app-assure>group>policy>chrg-fltr>entry charging-group)
Full Context
configure application-assurance group policy charging-filter entry charging-group
Description
This command configures an association between the charging group and the flows that match the charging filter entry.
The no form of this command removes the charging group.
Default
no charging-group
Parameters
- charging-group-name
-
Specifies a string that uniquely identifies the charging group in the system, up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
charging-group
Syntax
charging-group charging-group-name
no charging-group
Context
[Tree] (config>app-assure>group>policy>application charging-group)
[Tree] (config>app-assure>group>policy>app-grp charging-group)
Full Context
configure application-assurance group policy application charging-group
configure application-assurance group policy app-group charging-group
Description
This command associates an application or app-group to an application assurance charging group.
The no form of this command deletes the charging group association.
Default
no charging-group
Parameters
- charging-group-name
-
Specifies a string of up to 32 characters uniquely identifying an existing charging group in the system.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
charging-group
Syntax
charging-group {eq | neq} charging-group-name
no charging-group
Context
[Tree] (config>app-assure>group>policy>aqp>entry>match charging-group)
Full Context
configure application-assurance group policy app-qos-policy entry match charging-group
Description
This command adds charging-group to match criteria used by this AQP entry.
The no form of this command removes the charging-group from match criteria for this AQP entry.
Default
no charging-group
Parameters
- eq
-
Specifies that the value configured and the value in the flow are equal.
- neq
-
Specifies that the value configured differs from the value in the flow.
- charging-group-name
-
Specifies the name of the existing application group entry. The application-group name is configured in the config>app-assure>group>policy>aqp>entry>match context.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
charging-group
Syntax
charging-group charging-group-name [create]
no charging-group charging-group-name
Context
[Tree] (config>app-assure>group>policy charging-group)
Full Context
configure application-assurance group policy charging-group
Description
This command creates a charging group for an application assurance policy.
The no form of this command deletes the charging group from the configuration. All associations must be removed to delete a group.
Default
no charging-group
Parameters
- charging-group-name
-
Specifies a string of up to 32 characters uniquely identifying an existing charging group in the system.
- create
-
Mandatory keyword used when creating an charging group. The create keyword requirement can be enabled or disabled in the environment>create context.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
charging-group
Syntax
charging-group charging-group-name export-using export-method [export-method...(up to 2 max)]
charging-group charging-group-name no-export
no charging-group charging-group-name
Context
[Tree] (config>app-assure>group>statistics>aa-sub charging-group)
Full Context
configure application-assurance group statistics aa-sub charging-group
Description
This command configures aa-sub accounting statistics for export of charging groups of a given AA ISA group/partition.
The no form of this command removes the parameters from the configuration.
Parameters
- charging-group-name
-
Specifies the name of the charging group. The string is case sensitive and limited to 32 ASCII 7-bit printable characters with no spaces.
- export-using export-method
-
Specifies that the method of stats export to be used.
- no-export
-
Allows the operator to enable the referred to a charging group to be selected (via Diameter) for Gx-usage monitoring. Gx usage monitoring is enabled automatically (and this command is not shown) if the export-using parameter is selected for the respective charging group.
Usage monitoring must be enabled at the group:partition level (config>app-assure>group>statistics>aa-sub>usage-monitoring) as well in order to allow any application/application group/charging group usage monitoring.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
charging-rule-base-name
charging-rule-base-name
Syntax
charging-rule-base-name category-map-name
charging-rule-base-name string
no charging-rule-base-name
Context
[Tree] (config>subscr-mgmt>diam-appl-plcy>gy>avp charging-rule-base-name)
Full Context
configure subscriber-mgmt diameter-application-policy gy include-avp charging-rule-base-name
Description
This command includes the Charging-Rule-Base-Name AVP with the specified value in all Diameter DCCA CCR messages.
The no form of this command removes the Charging-Rule-Base-Name AVP from the Diameter DCCA CCR messages.
Default
charging-rule-base-name category-map-name
Parameters
- category-map-name
-
This keyword specifies the name of the category-map in use.
- string
-
Specifies a string of up to 64 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
chassis-level
chassis-level
Syntax
chassis-level
Context
[Tree] (config>mcast-management chassis-level)
Full Context
configure mcast-management chassis-level
Description
Commands in this context configure multicast plane bandwidth parameters. The chassis-level CLI node contains the multicast plane replication limit for each switch fabric multicast plane.
The chassis-level node always exists and contains the configuration command to define the total replication rates for primary and secondary associated ingress paths for each switch fabric multicast plane.
Platforms
7450 ESS, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-7/12/12e, 7750 SR-s, 7950 XRS, VSR
chassis-mode
chassis-mode
Syntax
chassis-mode chassis-mode [force]
Context
[Tree] (config>system chassis-mode)
Full Context
configure system chassis-mode
Description
This command is retained for historic reasons only. The command still exists but the mode is fixed at chassis mode d.
Default
chassis-mode d
Parameters
- chassis-mode
-
Specifies the chassis mode. This is always chassis mode d.
- force
-
Forces an upgrade from a lesser scaling and feature set to a greater one.
Platforms
7450 ESS, 7750 SR-7/12
check-id-kp-cmcra-only
check-id-kp-cmcra-only
Syntax
[no] check-id-kp-cmcra-only
Context
[Tree] (config>system>security>pki>est-profile check-id-kp-cmcra-only)
Full Context
configure system security pki est-profile check-id-kp-cmcra-only
Description
This command enables checking id-kp-cmcRA in the EST certificate. When enabled, instead of the subject or subject alternative name, only the id-kp-cmcRA existence in extended key usage extension of EST server certificate is checked. The id-kp-cmcRA identifies a Registration Authority.
The no form of this command reverts to the default value.
Default
no check-id-kp-cmcra-only
Platforms
All
check-zero
check-zero
Syntax
check-zero {enable | disable}
no check-zero
Context
[Tree] (config>service>vprn>rip>group check-zero)
[Tree] (config>service>vprn>ripng>group check-zero)
[Tree] (config>service>vprn>rip check-zero)
[Tree] (config>service>vprn>rip>group>neighbor check-zero)
[Tree] (config>service>vprn>ripng>group>neighbor check-zero)
[Tree] (config>service>vprn>ripng check-zero)
Full Context
configure service vprn rip group check-zero
configure service vprn ripng group check-zero
configure service vprn rip check-zero
configure service vprn rip group neighbor check-zero
configure service vprn ripng group neighbor check-zero
configure service vprn ripng check-zero
Description
This command enables checking for zero values in fields specified to be zero by the RIPv1 and RIPv2 specifications.
The no form of this command disables this check and allows the receipt of RIP messages even if the mandatory zero fields are non-zero.
Default
no check-zero
Parameters
- enable
-
Enables checking of the mandatory zero fields in the RIPv1 and RIPv2 specifications and rejecting noncompliant RIP messages.
- disable
-
Disables the checking and allows the receipt of RIP messages even if the mandatory zero fields are non-zero.
Platforms
All
check-zero
Syntax
check-zero {enable | disable}
no check-zero
Context
[Tree] (config>router>ripng>group>neighbor check-zero)
[Tree] (config>router>ripng check-zero)
[Tree] (config>router>ripng>group check-zero)
[Tree] (config>router>rip>group>neighbor check-zero)
[Tree] (config>router>rip>group check-zero)
[Tree] (config>router>rip check-zero)
Full Context
configure router ripng group neighbor check-zero
configure router ripng check-zero
configure router ripng group check-zero
configure router rip group neighbor check-zero
configure router rip group check-zero
configure router rip check-zero
Description
This command enables checking for zero values in fields specified to be zero by the RIPv1 and RIPv2 specifications.
The check-zero enable command enables checking of the mandatory zero fields in the RIPv1 and RIPv2 specifications and rejecting non-compliant RIP messages.
The check-zero disable command disables this check and allows the receipt of RIP messages even if the mandatory zero fields are non-zero.
This configuration parameter can be set at three levels: global level (applies to all groups and neighbor interfaces), group level (applies to all neighbor interfaces in the group) or neighbor level (only applies to the specified neighbor interface). The most specific value is used. In particular if no value is set (no check-zero), the setting from the less specific level is inherited by the lower level.
The no form of the command removes the check-zero command from the configuration.
Parameters
- enable
-
Specifies to reject RIP messages which do not have zero in the RIPv1 and RIPv2 mandatory fields.
- disable
-
Specifies allows receipt of RIP messages which do not have the mandatory zero fields reset.
Platforms
All
checksum
checksum
Syntax
checksum {md5 | sha256} file-url
Context
[Tree] (file checksum)
Full Context
file checksum
Description
This command computes and displays a checksum for a file.
Parameters
- md5
-
Specifies the use of the MD5 algorithm to produce the file checksum.
- sha256
-
Specifies the use of the SHA-256 algorithm to produce the file checksum.
- file-url
-
Specifies the location of the file.
Platforms
All
child-control
child-control
Syntax
child-control
Context
[Tree] (config>qos>adv-config-policy child-control)
Full Context
configure qos adv-config-policy child-control
Description
This command contains parameters that are intended to allow more precise control of the method that hierarchical virtual scheduling employs to emulate the effect of a scheduling context upon a member child queue or policer.
This command edits the parameters that control the child requested bandwidth and parental bandwidth distribution for all policers and queues associated with the policy.
Platforms
All
chli-event
chli-event
Syntax
chli-event {forward | backward | aggregate} threshold raise-threshold [clear clear-threshold]
no chli-event {forward | backward | aggregate}
Context
[Tree] (config>oam-pm>session>ethernet>lmm>loss-events chli-event)
[Tree] (config>oam-pm>session>ip>twamp-light>loss-events chli-event)
[Tree] (config>oam-pm>session>ethernet>slm>loss-events chli-event)
Full Context
configure oam-pm session ethernet lmm loss-events chli-event
configure oam-pm session ip twamp-light loss-events chli-event
configure oam-pm session ethernet slm loss-events chli-event
Description
This command sets the consecutive high loss interval (CHLI) threshold to be monitored and the associated thresholds using the counter of the specified direction. The aggregate is a function of summing forward and backward. This value is only used as a threshold mechanism and is not part of the stored statistics. If the optional clear clear-threshold parameter is not specified, the traffic crossing alarm is stateless. Stateless means the state is not carried forward to other measurement intervals. Each measurement interval is analyzed independently and regardless of any previous window. Each unique event can only be raised once within measurement interval. If the optional clear clear-threshold parameter is specified, the traffic crossing alarm uses stateful behavior. Stateful means each unique previous event state is carried forward to following measurement intervals. If a threshold crossing event is raised another is raised until a measurement interval completes and the clear threshold has not been exceeded. A clear event is raised under that condition.
The no form of this command removes the event threshold for frame loss ratio. The direction must be included with the no command.
Default
no chli-event forward
no chli-event backward
no chli-event aggregate
Parameters
- forward
-
Specifies the threshold is applied to the forward direction count.
- backward
-
Specifies the threshold is applied to the backward direction count.
- aggregate
-
Specifies the threshold is applied to the aggregate count (sum of forward and backward).
- raise-threshold
-
Specifies the numerical value compared to the CHLI counter that is the rising threshold that determines when the event is to be generated, when the percentage of loss value is reached.
- clear-threshold
-
Specifies an optional numerical value compared to the CHLI counter used for stateful behavior that allows the operator to configure a value lower than the rising percentage to indicate when the clear event should be generated.
Platforms
All
- configure oam-pm session ethernet slm loss-events chli-event
- configure oam-pm session ethernet lmm loss-events chli-event
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
- configure oam-pm session ip twamp-light loss-events chli-event
cipher
cipher
Syntax
cipher index name cipher-name
no cipher index
Context
[Tree] (config>system>security>ssh>server-cipher-list cipher)
[Tree] (config>system>security>ssh>client-cipher-list cipher)
Full Context
configure system security ssh server-cipher-list cipher
configure system security ssh client-cipher-list cipher
Description
This command configures a cipher. Client-ciphers are used when the SR OS is acting as an SSH client. Server-ciphers are used when the SR OS is acting as an SSH server.
The no form of this command removes the index and cipher name from the configuration.
Default
no cipher index
Parameters
- index
-
Specifies the index of the cipher in the list.
- cipher-name
-
Specifies the algorithm used when performing encryption or decryption.
Platforms
All
cipher
Syntax
cipher index name cipher-suite-code
no cipher index
Context
[Tree] (config>system>security>tls>client-cipher-list cipher)
[Tree] (config>system>security>tls>server-cipher-list cipher)
Full Context
configure system security tls client-cipher-list cipher
configure system security tls server-cipher-list cipher
Description
This command configures the cipher suite to be negotiated by the server and client.
Parameters
- index
-
Specifies the index number. The index number provides the location of the cipher in the negotiation list, with the lower index numbers being higher in the negotiation list and the higher index numbers being at the bottom of the list.
- cipher-suite-code
-
Specifies the cipher suite code.
Platforms
All
cipher-list
cipher-list
Syntax
cipher-list name
no cipher-list
Context
[Tree] (config>system>security>tls>client-tls-profile cipher-list)
Full Context
configure system security tls client-tls-profile cipher-list
Description
This command assigns the cipher list to be used by the TLS client profile for negotiation in the client Hello message.
Parameters
- name
-
Specifies the name of the cipher list.
Platforms
All
cipher-list
Syntax
cipher-list name
no cipher-list
Context
[Tree] (config>system>security>tls>server-tls-profile cipher-list)
Full Context
configure system security tls server-tls-profile cipher-list
Description
This command assigns a cipher list to be used by the TLS server profile. This cipher list is used to find matching ciphers with the cipher list that is received from the client.
The no form of the command removes the cipher list.
Parameters
- name
-
Specifies the name of the cipher list, up to 32 characters in length.
Platforms
All
cipher-suite
cipher-suite
Syntax
cipher-suite cipher-suite
no cipher-suite
Context
[Tree] (config>macsec>connectivity-association cipher-suite)
Full Context
configure macsec connectivity-association cipher-suite
Description
This command configures encryption of data path PDUs. When all parties in the Connectivity Association (CA) have the SAK, they use the above algorithm in conjunction with the SAK to encrypt the data path PDUs.
The XPN 64 bit (extended packet number) can be used for higher rate ports such as 10 GigE to minimize the window rollover and renegotiation of the SAK.
The no form of this command disables encryption of data path PDUs.
Default
cipher-suite gcm-aes-128
Parameters
- cypher-suite
-
Specifies the algorithm.
Platforms
All
cir
cir
Syntax
cir congested-cir
no cir
Context
[Tree] (config>app-assure>group>policer>congestion-override cir)
Full Context
configure application-assurance group policer congestion-override cir
Description
This command provides a mechanism to configure the CIR for the congestion override policer. It is recommended that the CIR is configured larger than twice the maximum MTU for the traffic handled by the policer to allow for some burstiness of the traffic. The CIR is configurable for dual-bucket bandwidth policers only.
The no form of this command resets the CIR value to its default.
Default
cir 0
Parameters
- congested-cir
-
Specifies an integer value defining size, in kilobytes, for the CIR of the policer.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
cir
Syntax
cir cir-rate
no cir
Context
[Tree] (config>app-assure>group>policer>congestion-override-stage2 cir)
Full Context
configure application-assurance group policer congestion-override-stage2 cir
Description
This command provides a mechanism to configure the CIR for the congestion override policer. It is recommended that the CIR is configured larger than twice the maximum MTU for the traffic handled by the policer to allow for some burstiness of the traffic. The CIR is configurable for dual-bucket bandwidth policers only.
The no form of this command resets the CIR value to its default.
Default
cir 0
Parameters
- cir-rate
-
Specifies an integer value defining size, in kilobytes, for the CIR of the policer.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
cir
Syntax
[no] cir
Context
[Tree] (config>test-oam>sath>svc-test>svc-stream>test-types cir)
Full Context
configure test-oam service-activation-testhead service-test service-stream test-types cir
Description
This command configures the CIR test on the service stream.
The no form of this command removes the configured CIR test.
Default
no cir
Platforms
7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS
cir
Syntax
cir
Context
[Tree] (config>test-oam>sath>svc-test>test-duration cir)
Full Context
configure test-oam service-activation-testhead service-test test-duration cir
Description
Commands in this context configure the duration for the CIR test type.
Platforms
7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS
cir-non-profiling
cir-non-profiling
Syntax
[no] cir-non-profiling
Context
[Tree] (config>qos>sap-ingress>queue cir-non-profiling)
Full Context
configure qos sap-ingress queue cir-non-profiling
Description
This command prevents the modification of the profile of a packet depending on the queue rate compared to its configured CIR. The CIR continues to be used to affect the scheduling priority of a queue. The cir-non-profiling command and the queue police command are mutually exclusive.
The cir-non-profiling command is only supported on FP4 hardware and is ignored when the related policy is applied to FP2- or FP3-based hardware.
The cir-non-profiling command should not be configured under a SAP ingress QoS policy queue associated with a LAG which spans FP4-based and FP2- or FP3-based hardware as the resulting operation could be different depending on which hardware type the traffic ingresses.
Platforms
7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS
cir-non-profiling
Syntax
[no] cir-non-profiling
Context
[Tree] (config>qos>queue-group-templates>ingress>queue-group>queue cir-non-profiling)
Full Context
configure qos queue-group-templates ingress queue-group queue cir-non-profiling
Description
This command prevents the modification of the profile of a packet-dependent queue rate compared to its configured CIR. The CIR continues to be used to affect the scheduling priority of a queue. The cir-non-profiling and the queue police commands are mutually exclusive.
cir-non-profiling is only supported on FP4 hardware and is ignored when the related policy is applied to FP2- or FP3-based hardware.
cir-non-profiling should not be configured under an ingress queue group template queue associated with a LAG which spans FP4-based and FP2/FP3-based hardware as the resulting operation could be different depending on which hardware type the traffic ingresses.
Platforms
7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS
cir-pir
cir-pir
Syntax
[no] cir-pir
Context
[Tree] (config>test-oam>sath>svc-test>svc-stream>test-types cir-pir)
Full Context
configure test-oam service-activation-testhead service-test service-stream test-types cir-pir
Description
This command configures both the CIR and PIR tests on the service stream.
The no form of this command removes the configured CIR and PIR test.
Default
no cir-pir
Platforms
7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS
cir-pir
Syntax
cir-pir
Context
[Tree] (config>test-oam>sath>svc-test>dur cir-pir)
Full Context
configure test-oam service-activation-testhead service-test test-duration cir-pir
Description
Commands in this context configure the duration for the CIR-PIR test type.
Platforms
7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS
cir-threshold
cir-threshold
Syntax
cir-threshold kbps
no cir-threshold
Context
[Tree] (config>test-oam>sath>accept-crit-tmpl cir-threshold)
Full Context
configure test-oam service-activation-testhead acceptance-criteria-template cir-threshold
Description
This command configures a CIR value that is compared to the measured results for the CIR test types. If the measured value is greater than or equal to the configured value, the test passes; otherwise, it fails. For more information, see the m-factor command.
The no form of this command disables the comparison of the parameter with the measured value; the CIR threshold value is ignored while declaring the test result.
Default
no cir-threshold
Parameters
- kbps
-
Specifies the value, in kb/s, to compare with the measured value.
Platforms
7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS
circuit-id
circuit-id
Syntax
circuit-id string ascii-string
circuit-id hex hex-string
no circuit-id
Context
[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host>host-ident circuit-id)
[Tree] (config>subscr-mgmt>loc-user-db>ppp>host>host-ident circuit-id)
Full Context
configure subscriber-mgmt local-user-db ipoe host host-identification circuit-id
configure subscriber-mgmt local-user-db ppp host host-identification circuit-id
Description
This command specifies the circuit ID to match for a host lookup. When the LUDB is accessed using a DHCPv4 server, the circuit ID is matched against DHCP Option 82.
This command is only used when circuit-id is configured as one of the match-list parameters.
The no form of this command removes the circuit ID from the configuration.
Parameters
- ascii-string
-
Specifies the circuit ID from the Option 82, up to 127 characters.
- hex-string
-
Specifies the circuit ID in hexadecimal format from the Option 82.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
circuit-id
Syntax
circuit-id sap-id
circuit-id string ASCII string
no circuit-id
Context
[Tree] (config>subscr-mgmt>loc-user-db>ppp>host>ali circuit-id)
Full Context
configure subscriber-mgmt local-user-db ppp host access-loop-information circuit-id
Description
This command specifies a circuit-id for PPPoE hosts. A circuit ID received in PPPoE tags has precedence over the LUDB specified circuit ID.
The no form of this command reverts to the default.
Parameters
- sap-id
-
Specifies to use the SAP ID of the PPPoE session as the circuit ID.
- ASCII string
-
Specifies the circuit ID as a string, up to 63 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
circuit-id
Syntax
circuit-id
circuit-id {ascii-tuple | if-index | sap-id | vlan-ascii-tuple}
circuit-id hex [hex-string]
no circuit-id
Context
[Tree] (config>service>ies>if>dhcp>option circuit-id)
[Tree] (config>service>vprn>sub-if>grp-if>dhcp>option circuit-id)
[Tree] (config>service>ies>sub-if>grp-if>dhcp>option circuit-id)
[Tree] (config>subscr-mgmt>msap-policy>vpls-only>dhcp>option circuit-id)
[Tree] (config>service>vprn>if>dhcp>option circuit-id)
[Tree] (config>service>vpls>sap>dhcp>option circuit-id)
Full Context
configure service ies interface dhcp option circuit-id
configure service vprn subscriber-interface group-interface dhcp option circuit-id
configure service ies subscriber-interface group-interface dhcp option circuit-id
configure subscriber-mgmt msap-policy vpls-only-sap-parameters dhcp option circuit-id
configure service vprn interface dhcp option circuit-id
configure service vpls sap dhcp option circuit-id
Description
When enabled, the router sends an ASCII-encoded tuple in the circuit-id sub-option of the DHCP packet. This ASCII-tuple consists of the access-node-identifier, service-id, and SAP-ID, separated by "|”. If no keyword is configured, then the circuit-id sub-option will not be part of the information option (Option 82). When the command is configured without any parameters, it equals to circuit-id ascii-tuple.
To send a tuple in the circuit ID, the action replace command must be configured in the same context.
If disabled, the circuit-id sub-option of the DHCP packet is left empty.
The no form of this command specifies to leave the circuit-id option of the packet empty.
Default
circuit-id ascii-tuple
Parameters
- ascii-tuple
-
Specifies that the ASCII-encoded concatenated tuple consisting of the access-node-identifier, service-id, and interface-name is used.
- ifindex
-
Specifies that the interface index is used. The If Index of a router interface can be displayed using the command show>router>if>detail.
- sap-id
-
Specifies that the SAP identifier is used.
- vlan-ascii-tuple
-
Specifies that the format will include VLAN-id and dot1p bits in addition to what is included in ascii-tuple already. The format is supported on dot1q and qinq ports only. Thus, when the Option 82 bits are stripped, dot1p bits are copied to the Ethernet header of an outgoing packet.
- hex-string
-
Specifies the hex value of this option.
Platforms
All
- configure service ies interface dhcp option circuit-id
- configure service vpls sap dhcp option circuit-id
- configure service vprn interface dhcp option circuit-id
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
- configure subscriber-mgmt msap-policy vpls-only-sap-parameters dhcp option circuit-id
- configure service ies subscriber-interface group-interface dhcp option circuit-id
- configure service vprn subscriber-interface group-interface dhcp option circuit-id
circuit-id
Syntax
[no] circuit-id
Context
[Tree] (config>subscr-mgmt>auth-policy>include-radius-attribute circuit-id)
[Tree] (config>subscr-mgmt>acct-plcy>include-radius-attribute circuit-id)
Full Context
configure subscriber-mgmt authentication-policy include-radius-attribute circuit-id
configure subscriber-mgmt radius-accounting-policy include-radius-attribute circuit-id
Description
This command enables the generation of the Broad Band Forum Agent-Circuit-Id Vendor Specific AVP in Diameter NASREQ AAR messages.
The no form of this command reverts to the default.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
circuit-id
Syntax
[no] circuit-id
Context
[Tree] (config>subscr-mgmt>diam-appl-plcy>nasreq>avp circuit-id)
Full Context
configure subscriber-mgmt diameter-application-policy nasreq include-avp circuit-id
Description
This command includes the Broad Band Forum Agent-Circuit-Id Vendor Specific AVP in Diameter NASREQ AAR messages.
The no form of this command reverts to the default.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
circuit-id
Syntax
[no] circuit-id circuit-id
Context
[Tree] (debug>service>id>ppp circuit-id)
Full Context
debug service id ppp circuit-id
Description
This command enable PPP debug for the specified circuit-id.
Multiple circuit-id filters can be specified in the same debug command.
The no form of this command disables debugging.
Parameters
- circuit-id
-
Specifies the circuit-id in PADI.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
circuit-id
Syntax
[no] circuit-id
Context
[Tree] (config>aaa>isa-radius-plcy>auth-include-attributes circuit-id)
[Tree] (config>aaa>isa-radius-plcy>acct-include-attributes circuit-id)
Full Context
configure aaa isa-radius-policy auth-include-attributes circuit-id
configure aaa isa-radius-policy acct-include-attributes circuit-id
Description
This command enables the generation of the Broad Band Forum Agent-Circuit-Id Vendor Specific AVP in Diameter NASREQ AAR messages.
Default
no circuit-id
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
circuit-id
Syntax
circuit-id {ascii-tuple | ifindex | if-name | port-id | vlan-ascii-tuple | none}
no circuit-id
Context
[Tree] (config>router>if>dhcp>option circuit-id)
Full Context
configure router interface dhcp option circuit-id
Description
When enabled, the router sends the interface index (If Index) in the circuit-id suboption of the DHCP packet. The If Index of a router interface can be displayed using the command show>router>if>detail. This option specifies data that must be unique to the router that is relaying the circuit.
If disabled, the circuit-id suboption of the DHCP packet will be left empty.
The no form of this command returns the system to the default.
Default
circuit-id ascii-tuple
Parameters
- ascii-tuple
-
Specifies that the ASCII-encoded concatenated tuple will be used which consists of the access-node-identifier, service-id, and interface-name, separated by "| ”.
- ifindex
-
Specifies that the interface index will be used. The If Index of a router interface can be displayed using the command show>router>if>detail.
- if-name
-
Specifies the interface name.
- port-id
-
Specifies the port ID.
- vlan-ascii-tuple
-
Specifies that the format will include VLAN-id and dot1p bits in addition to what is included in ascii-tuple already. The format is supported on dot1q and qinq ports only. Therefore, when the Option 82 bits are stripped, dot1p bits will be copied to the Ethernet header of an outgoing packet.
- none
-
Specifies that no circuit should be used.
Platforms
All
circuit-id-from-auth
circuit-id-from-auth
Syntax
[no] circuit-id-from-auth
Context
[Tree] (config>subscr-mgmt>ipoe-plcy circuit-id-from-auth)
Full Context
configure subscriber-mgmt ipoe-session-policy circuit-id-from-auth
Description
This command takes the circuit ID value from the authentication server to identify the session.
The no form of this command reverts to the default.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
cisco-nas-port
cisco-nas-port
Syntax
cisco-nas-port [ethernet binary-spec-eth] [atm binary-spec-atm]
no cisco-nas-port
Context
[Tree] (config>service>vprn>l2tp cisco-nas-port)
[Tree] (config>router>l2tp cisco-nas-port)
Full Context
configure service vprn l2tp cisco-nas-port
configure router l2tp cisco-nas-port
Description
This command configures the L2TP Cisco NAS port AVP.
The no form of this command removes the specified L2TP Cisco NAS port AVP.
Default
no cisco-nas-port
Parameters
- binary-spec-eth
-
Specifies the string to put in the Cisco-NAS-Port AVP for L2TP control messages related to a PPPoE session in this L2TP protocol instance.
- binary-spec-atm
-
Specifies the string to put in the Cisco-NAS-Port AVP, for L2TP control messages related to a PPPoA (PPP over ATM) session in this L2TP protocol instance.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
cisco-nas-port
Syntax
cisco-nas-port [ethernet binary-spec] [ atm binary-spec]
no cisco-nas-port
Context
[Tree] (config>service>vprn>l2tp cisco-nas-port)
Full Context
configure service vprn l2tp cisco-nas-port
Description
This command enables the AVP Cisco-nas-port to include the slot/mda/port along with the pseudowire port ID. If the pseudowire is terminated on a LAG, the slot/mda/port cannot be populated and only the pseudowire ID is included.
The no form of this command enables the AVP Cisco-nas-port.
Default
no cisco-nas-port
Parameters
- binary-spec
-
Specifies the NAS port attribute.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
ckn
ckn
Syntax
ckn hex-string
no ckn
Context
[Tree] (config>macsec>conn-assoc>static-cak>pre-shared-key ckn)
Full Context
configure macsec connectivity-association static-cak pre-shared-key ckn
Description
Specifies the connectivity association key name (CKN) for a pre-shared key.
CKN is appended to the MKA for identification of the appropriate CAK by the peer.
The no form of this command reverts to the default value.
Parameters
- hex-string
-
Specifies the value of the CKN.
Platforms
All
class
class
Syntax
[no] class class-number
Context
[Tree] (config>port>ethernet>egress>hs-sec-shaper class)
Full Context
configure port ethernet egress hs-secondary-shaper class
Description
This command specifies the HS secondary shaper class.
The no form of this command reverts the rate for this class to the default value.
Parameters
- class-number
-
Specifies the HS secondary shaper class identifier.
Platforms
7750 SR-7/12/12e
class
Syntax
[no] class
Context
[Tree] (config>aaa>isa-radius-plcy>acct-include-attributes class)
Full Context
configure aaa isa-radius-policy acct-include-attributes class
Description
This command enables the generation of the class RADIUS attribute.
Default
no class
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
class-forwarding
class-forwarding
Syntax
[no] class-forwarding
Context
[Tree] (config>service>vprn class-forwarding)
Full Context
configure service vprn class-forwarding
Description
This command enables the CBF for VPRN-v4/v6 prefixes resolved to RSVP-TE LSPs.
The no form of this command disables the CBF for VPRN-v4/v6 prefixes resolved to RSVP-TE LSPs.
Default
no class-forwarding
Platforms
All
class-forwarding
Syntax
class-forwarding cbf-mode {lsr | ler | lsr-and-ler}
no class-forwarding
Context
[Tree] (config>router>ldp class-forwarding)
Full Context
configure router ldp class-forwarding
Description
This command enables class-based forwarding for packets that belong to one of the eight forwarding classes (be, l2, af, l1, h2, ef, h1, and nc). For the LER role, class-based forwarding is performed in conjunction with ECMP. At LER, this function applies to packets whose prefixes resolve to an LDP FEC. This LDP FEC resolves to a set of IGP shortcuts (RSVP-TE LSPs). At LSR, this function applies to labeled LDP packets whose FEC resolves to an IGP shortcut. Refer to "Class-based Forwarding of LDP Prefix Packets over IGP Shortcuts” in the 7450 ESS, 7750 SR, 7950 XRS, and VSR MPLS Guide for detailed information on this capability.
The no form of this command disables class-based forwarding.
Default
no class-forwarding
Parameters
- cbf-mode lsr
-
Enables class-forwarding at LSR and disables any previously enabled mode.
- cbf-mode ler
-
Enables class-forwarding at LER and disables any previously enabled mode.
- cbf-mode lsr-and-ler
-
Enables class-forwarding at both LSR and LER, and disables any previously enabled mode.
Platforms
All
class-forwarding
Syntax
[no] class-forwarding
Context
[Tree] (config>router>mpls>lsp class-forwarding)
[Tree] (config>router>mpls>lsp-template class-forwarding)
Full Context
configure router mpls lsp class-forwarding
configure router mpls lsp-template class-forwarding
Description
Commands in this context configure class based forwarding parameters for a given LSP or LSP-template.
A change in the Class-Based Forwarding configuration may result in a change of forwarding behavior.
The no form removes any Class-Based Forwarding configuration associated to that LSP or LSP-template.
Default
no class-forwarding
Platforms
All
class-forwarding
Syntax
[no] class-forwarding
Context
[Tree] (config>router class-forwarding)
Full Context
configure router class-forwarding
Description
This command enables class-based forwarding (CBF) over IGP shortcuts. When the class-forwarding command is enabled, the following types of packets are forwarded based on their forwarding class:
-
packets of BGP prefixes
-
CPM originated packets for the families (IPv4 only, IPv6 only, or both IPv4 and IPv6) which have been enabled over IGP shortcuts using the igp-shortcut CLI context in one or more IGP instances
The SR OS CBF implementation supports spraying of packets over a maximum of four forwarding sets of ECMP LSPs. The user must define a class-forwarding policy object in MPLS to configure the mapping of FCs to the forwarding sets. Then, the user assigns the CBF policy name and set ID to each MPLS LSP that is used in IGP shortcuts.
When a BGP IPv4 or IPv6 prefix is resolved, the FC of the packet is used to look up the forwarding set ID. Then, a modulo operation is performed on the tunnel next-hops of this set ID only, to spray packets of this FC. The data path concurrently implements CBF and ECMP within the tunnels of each set ID.
CPM-originated packets on the router, including control plane and OAM packets, are forwarded over a single LSP from the set of LSPs that the packet's FC is mapped to, as per the CBF configuration.
Weighted ECMP, at the transport tunnel level of BGP prefixes over IGP shortcuts and the CBF feature on a per BGP next-hop basis are mutually exclusive.
Default
no class-forwarding
Platforms
All
class-forwarding
Syntax
class-forwarding [default-lsp lsp-name]
no class-forwarding
Context
[Tree] (config>service>sdp class-forwarding)
Full Context
configure service sdp class-forwarding
Description
This command enables the forwarding of a service packet over the SDP based on the class of service of the packet. Specifically, the packet is forwarded on the RSVP LSP or static LSP whose forwarding class matches that of the packet. The user maps the system forwarding classes to LSPs using the config>service>sdp>class-forwarding>fc command. If there is no LSP that matches the packet’s forwarding class, the default LSP is used. If the packet is a VPLS multicast/broadcast packet and the user did not explicitly specify the LSP to use under the config>service>sdp>class-forwarding>multicast-lsp context, then the default LSP is used.
VLL service packets are forwarded based on their forwarding class only if shared queuing is enabled on the ingress SAP. Shared queuing must be enabled on the VLL ingress SAP if class-forwarding is enabled on the SDP the service is bound to. Otherwise, the VLL packets will be forwarded to the LSP which is the result of hashing the VLL service ID. Since there are eight entries in the ECMP table for an SDP, one LSP ID for each forwarding class, the resulting load balancing of VLL service ID is weighted by the number of times an LSP appears on that table. For instance, if there are eight LSPs, the result of the hashing will be similar to when class based forwarding is disabled on the SDP. If there are fewer LSPs, then the LSPs which were mapped to more than one forwarding class, including the default LSP, will have proportionally more VLL services forwarding to them.
Class-based forwarding is not supported on a spoke SDP used for termination on an IES or VPRN service. All packets are forwarded over the default LSP.
The no form of the command deletes the configuration and the SDP reverts back to forwarding service packets based on the hash algorithm used for LAG and ECMP.
Default
no class-forwarding
Parameters
- default-lsp lsp-name
-
Specifies the default LSP for the SDP. This LSP name must exist and must have been associated with this SDP using the lsp-name configured in the config>service>sdp>lsp context. The default LSP is used to forward packets when there is no available LSP which matches the packet’s forwarding class. This could be because the LSP associated with the packet’s forwarding class is down, or that the user did not configure a mapping of the packet’s forwarding class to an LSP using the config>service>sdp>class-forwarding>fc command. The default LSP is also used to forward VPLS service multicast/broadcast packets in the absence of a user configuration indicating an explicit association to one of the SDP LSPs.
Note:When the default LSP is down, the SDP is also brought down. The user will not be able to enter the class-forwarding node if the default LSP was not previously specified. In other words, the class-forwarding for this SDP will remain shutdown.
Platforms
All
class-forwarding
Syntax
[no] class-forwarding
Context
[Tree] (config>router>isis>segm-rtng class-forwarding)
[Tree] (config>router>ospf>segm-rtng class-forwarding)
Full Context
configure router isis segment-routing class-forwarding
configure router ospf segment-routing class-forwarding
Description
This command enables Class Based Forwarding with ECMP for SR-ISIS or SR-OSPF resolved to RSVP-TE LSPs as IGP shortcuts. For CBF+ECMP to be effective, a class forwarding policy must be defined. In addition, FC to set associations and RSVP-TE LSPs to set associations must be defined.
The no form of this command disables Class Based Forwarding with ECMP for SR-ISIS or SR-OSPF resolved to RSVP-TE LSPs as IGP shortcuts.
Default
no class-forwarding
Platforms
All
class-forwarding-policy
class-forwarding-policy
Syntax
class-forwarding-policy policy-name
no class-forwarding-policy policy-name
Context
[Tree] (config>router>mpls class-forwarding-policy)
Full Context
configure router mpls class-forwarding-policy
Description
This command configures the class-based forwarding (CBF) policy used in the CBF feature of an LDP FEC or a BGP prefix over IGP shortcuts.
Parameters
- policy-name
-
Specifies the name of the class forwarding policy, up to 32 characters.
Platforms
All
class-pool
class-pool
Syntax
[no] class-pool alt-class-pool-id
Context
[Tree] (config>qos>hs-port-pool-policy>alt-port-class-pools class-pool)
Full Context
configure qos hs-port-pool-policy alt-port-class-pools class-pool
Description
Commands in this context configure a class pool's parent mid-pool, dynamic port bandwidth weight, explicit percentage of mid-pool size, or a slope policy. Six alternate port-class pools always exist (one for each of the six scheduling classes) and do not need to be created.
The no form of the command restores the default parent-mid-pool association to mid-pool none, restores the default allocation port-bw-weight 1 setting (explicit-percent disabled), and restores the default slope policy to the specified class-pool.
Parameters
- alt-class-pool-id
-
Specifies the class pool ID.
Platforms
7750 SR-7/12/12e
class-pool
Syntax
[no] class-pool std-class-pool-id
Context
[Tree] (config>qos>hs-port-pool-policy>std-port-class-pools class-pool)
Full Context
configure qos hs-port-pool-policy std-port-class-pools class-pool
Description
Commands in this context configure class pool's parent mid-pool, dynamic port bandwidth weight, explicit percentage of mid-pool size, or a slope policy. Six alternate port-class pools always exist (one for each of the six scheduling classes) and do not need to be created.
The no form of the command restores the default parent-mid-pool association to mid-pool 1, restores the default allocation port-bw-weight 1 setting (explicit-percent disabled), and restore the default slope policy to the specified class-pool.
Parameters
- std-class-pool-id
-
Specifies the class pool ID.
Platforms
7750 SR-7/12/12e
class-type
class-type
Syntax
class-type ct-number
no class-type
Context
[Tree] (config>router>mpls>lsp>primary class-type)
[Tree] (config>router>mpls>lsp>secondary class-type)
[Tree] (config>router>mpls>lsp class-type)
[Tree] (config>router>mpls>lsp-template class-type)
Full Context
configure router mpls lsp primary class-type
configure router mpls lsp secondary class-type
configure router mpls lsp class-type
configure router mpls lsp-template class-type
Description
This command configures the Diff-Serv Class Type (CT) for an LSP, the LSP primary path, or the LSP secondary path. The path level configuration overrides the LSP level configuration. However, only one CT per LSP path will be allowed as per RFC 4124.
The signaled CT of a dynamic bypass is always be CT0 regardless of the CT of the primary LSP path. The setup and hold priorities must be set to default values, that is, 7 and 0 respectively. This assumes that the operator configured a couple of TE classes, one which combines CT0 and a priority of 7 and the other which combines CT0 and a priority of 0. If not, the bypass LSP will not be signaled and will go into the down state.
The operator cannot configure the CT, setup priority, and hold priority of a manual bypass. They are always signaled with CT0 and the default setup and holding priorities.
The signaled CT and setup priority of a detour LSP must match those of the primary LSP path it is associated with.
If the operator changes the CT of an LSP or of an LSP path, or changes the setup and holding priorities of an LSP path, the path will be torn down and retried.
An LSP which does not have the CT explicitly configured will behave like a CT0 LSP when Diff-Serv is enabled.
If the operator configured a combination of a CT and a setup priority and/or a combination of a CT and a holding priority for an LSP path that are not supported by the user-defined TE classes, the LSP path will be kept in a down state and an error code will be displayed in the show command output for the LSP path.
The no form of this command reverts to the default value.
Default
class-type 0
Parameters
- ct-number
-
Specifies the Diff-Serv Class Type number.
Platforms
All
class-type-bw
class-type-bw
Syntax
class-type-bw ct0 %-link-bandwidth ct1%-link-bandwidth ct2%-link-bandwidth ct3%-link-bandwidth ct4%-link-bandwidth ct5%-link-bandwidth ct6%-link-bandwidth ct7%-link-bandwidth
no class-type-bw
Context
[Tree] (config>router>rsvp>interface class-type-bw)
[Tree] (config>router>rsvp>diffserv-te class-type-bw)
Full Context
configure router rsvp interface class-type-bw
configure router rsvp diffserv-te class-type-bw
Description
This command configures the percentage of RSVP interface bandwidth each CT shares, for example, the Bandwidth Constraint (BC).
The absolute value of the CT share of the interface bandwidth is derived as the percentage of the bandwidth advertised by IGP in the Maximum Reservable Link Bandwidth TE parameter, for example, the link bandwidth multiplied by the RSVP interface subscription percentage parameter.
This configuration also exists at RSVP interface level and the interface specific configured value overrides the global configured value. The BC value can be changed at any time.
The RSVP interface subscription percentage parameter is configured in the config>router>rsvp>interface context.
The operator can specify the Bandwidth Constraint (BC) for a CT which is not used in any of the TE class definition but that does not get used by any LSP originating or transiting this node.
When Diff-Serv is disabled on the node, this model degenerates into a single default CT internally with eight preemption priorities and a non-configurable BC equal to the Maximum Reservable Link Bandwidth. This would behave exactly like CT0 with eight preemption priorities and BC= Maximum Reservable Link Bandwidth if Diff-Serv was enabled.
The no form of this command reverts to the default value.
Parameters
- ct0 (ct1/ct2/ —ct7) %link-bandwidth
-
The Diff-Serv Class Type number. One or more system forwarding classes can be mapped to a CT.
Platforms
All
class-weight
class-weight
Syntax
class-weight weight
no class-weight
Context
[Tree] (config>service>epipe>sap>egress>queue-override>hs-wrr-group class-weight)
[Tree] (config>service>ipipe>sap>egress>queue-override>hs-wrr-group class-weight)
Full Context
configure service epipe sap egress queue-override hs-wrr-group class-weight
configure service ipipe sap egress queue-override hs-wrr-group class-weight
Description
This command overrides the class weight of this WRR group at its parent primary shaper, relative to the other queues and WRR groups in different HSQ queue groups in the same scheduling class.
The no form of this command removes the class weight override value from the configuration.
Parameters
- weight
-
Specifies the class weight of the HS WRR group.
Platforms
7750 SR-7/12/12e
class-weight
Syntax
class-weight weight
no class-weight
Context
[Tree] (config>service>vpls>sap>egress>queue-override>hs-wrr-group class-weight)
Full Context
configure service vpls sap egress queue-override hs-wrr-group class-weight
Description
This command overrides the class weight of this WRR group at its parent primary shaper, relative to the other queues and WRR groups in different HSQ queue groups in the same scheduling class.
The no form of this command removes the class weight override value from the configuration.
Parameters
- weight
-
Specifies the class weight of the HS WRR group.
Platforms
7750 SR-7/12/12e
class-weight
Syntax
class-weight weight
no class-weight
Context
[Tree] (config>service>ies>if>sap>egress>queue-override>hs-wrr-group class-weight)
Full Context
configure service ies interface sap egress queue-override hs-wrr-group class-weight
Description
This command overrides the class weight of this WRR group at its parent primary shaper relative to the other queues and WRR groups in different HSQ queue groups in the same scheduling class.
The no form of this command removes the class weight override value from the configuration.
Parameters
- weight
-
Specifies the class weight of the HS WRR group.
Platforms
7750 SR-7/12/12e
class-weight
Syntax
class-weight weight
no class-weight
Context
[Tree] (config>service>vprn>if>sap>egress>queue-override>hs-wrr-group class-weight)
Full Context
configure service vprn interface sap egress queue-override hs-wrr-group class-weight
Description
This command overrides the class weight of this WRR group at its parent primary shaper, relative to the other queues and WRR groups in different HSQ queue groups in the same scheduling class.
The no form of this command removes the class weight override value from the configuration.
Parameters
- weight
-
Specifies the class weight of the HS WRR group.
Platforms
7750 SR-7/12/12e
classes
classes
Syntax
classes limit
no classes
Context
[Tree] (config>card>fp>ingress>policy-accounting classes)
Full Context
configure card fp ingress policy-accounting classes
Description
This command configures the maximum number of source and destination classes that can be instantiated for accounting purposes on the interfaces of a specific card or FP.
The no form of this command specifies that no resources are reserved for source or destination classes.
Parameters
- limit
-
Specifies the number of accounting classes.
Platforms
7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS
classic-cli
classic-cli
Syntax
classic-cli
Context
[Tree] (config>system>management-interface>cli classic-cli)
Full Context
configure system management-interface cli classic-cli
Description
Commands in this context configure the classic CLI management interface.
Platforms
All
classic-cli
Syntax
classic-cli
Context
[Tree] (config>system>security>management-interface classic-cli)
Full Context
configure system security management-interface classic-cli
Description
Commands in this context configure hash-control for the classic CLI interface.
Platforms
All
classic-lsn-max-subscriber-limit
classic-lsn-max-subscriber-limit
Syntax
classic-lsn-max-subscriber-limit max
no classic-lsn-max-subscriber-limit
Context
[Tree] (config>service>vprn>nat>inside>deterministic classic-lsn-max-subscriber-limit)
[Tree] (config>router>nat>inside>deterministic classic-lsn-max-subscriber-limit)
Full Context
configure service vprn nat inside deterministic classic-lsn-max-subscriber-limit
configure router nat inside deterministic classic-lsn-max-subscriber-limit
Description
This command affects ingress hashing of the subscribers for deterministic NAT. It will also affect hashing of the subscribers for non-deterministic NAT if the both types of NAT are configured simultaneously. The hashing will ensure that traffic load is distributed over multiple MS-ISAs in the system. For deterministic LSN44, (32 – n) bits of the source IP address will be considered for hashing, where 2^n= classic-lsn-max-subscriber-limit.
The scope of this command is the inside routing instance. This command must match the largest subscriber limit of all pools that are referenced by nat-policies configured within the corresponding inside routing instance.
This parameter must be configured before any prefix is configured and can be modified only if there are no prefixes configured under the deterministic NAT CLI hierarchy.
If non-deterministic NAT is not used simultaneously with deterministic NAT within a routing context, then hashing for non-deterministic NAT will be performed based on the subscriber.
Default
no classic-lsn-max-subscriber-limit
Parameters
- max
-
The power of 2 (2^n) number that must match the largest subscriber limit number in a deterministic pool referenced from this inside routing instance. The range for this command is the same as the subscriber-limit command under the pool hierarchy.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
classic-lsn-max-subscriber-limit
Syntax
classic-lsn-max-subscriber-limit max
no classic-lsn-max-subscriber-limit
Context
[Tree] (config>router>nat>inside classic-lsn-max-subscriber-limit)
[Tree] (config>service>vprn>nat>inside classic-lsn-max-subscriber-limit)
Full Context
configure router nat inside classic-lsn-max-subscriber-limit
configure service vprn nat inside classic-lsn-max-subscriber-limit
Description
This command sets the granularity of traffic distribution in the upstream direction across the MS-ISA within the scope of an inside routing context. Traffic distribution mechanism is based on the source IPv4 addresses/prefixes. More granular distribution is based on the IPv4 address, while distribution based on the IPv4 prefix (determined by prefix length) will be less granular. The granularity will further decrease with shorter prefix length.
For example, a prefix length of 32 will distribute individual /32 IPv4 addresses over multiple MS-ISAs in an ISA group. This will ensure better traffic load balancing at the expense of forwarding table utilization on the outside (public side) where each /32 is installed in the forwarding table. On the contrary, shorter prefixes will ensure better utilization of the forwarding table on the outside, at the expense of coarser spread of IP addresses over multiple MS-ISAs.
This command affects all flavors of LSN44 within the inside routing contexts, although its primary use is intended for deterministic NAT and dnat-only.
The length of the prefix that is used for distribution purposes is (32-n), where 2^n= classic-lsn-max-subscriber-limit. For example, if traffic distribution is based on the IPv4 address (prefix length = 32), then n must be 0. From here, it follows that classic-lsn-max-subscriber-limit must be set to 1:
Prefix length = 32 -> 32-n = 32 -> n=0 -> 2^0= 1 = classic-lsn-max-subscriber-limit classic-lsn-max-subscriber-limit = 1
The implicit method given by this command uses power of 2 calculations to provide prefix length for traffic distribution purposes. This roundabout approach to determine the prefix-length has roots in deterministic NAT where this command was originally introduced.
Even though deterministic NAT and dnat-only have very little in common, the method (and CLI syntax) for calculating the prefix length using the classic-lsn-max-subscriber-limit parameter for traffic distribution purposes is shared between the two. In dnat-only, this parameter is important from an operational perspective since it affects traffic load balancing over MS-ISA and the size of the routing table.
This command must be configured before any prefix is configured and can be modified only if there are no prefixes configured under the deterministic NAT.
Parameters
- max
-
The power of 2 (2^n) value which in deterministic NAT must match the largest subscriber-limit value in any deterministic pool referenced from this inside routing instance.
In dnat-only, this value can be set to any value from the allowed range.
In both cases, this value will determine the prefix-length (17-32) that will directly influence load distribution between the MS-ISAs and the size of the routing table.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
classic-lsn-sub
classic-lsn-sub
Syntax
[no] classic-lsn-sub router router-instance ip ip-address
Context
[Tree] (config>li>li-source>nat classic-lsn-sub)
Full Context
configure li li-source nat classic-lsn-sub
Description
This command configures a classic LSN subscriber sources.
The no form of this command removes the parameter from the configuration.
Parameters
- router-instance
-
Specifies the router instance the pool belongs to, either by router name or service ID.
- ip-address
-
Specifies the IP address in a.b.c.d format.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
classification-overrides
classification-overrides
Syntax
classification-overrides
Context
[Tree] (config>app-assure>group>url-filter>web-service classification-overrides)
Full Context
configure application-assurance group url-filter web-service classification-overrides
Description
Commands in this context create a classification override and allows the operator to manually set the category of a hostname.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
classifier
classifier
Syntax
classifier classifier category-set-id category-set
no classifier
Context
[Tree] (config>app-assure>group>url-filter>web-service classifier)
Full Context
configure application-assurance group url-filter web-service classifier
Description
This command selects the web service to use from the supported web services.
The no form of this command removes the selected web service.
Default
no classifier
Parameters
- classifier
-
Specifies the web service to use.
- category-set
-
Specifies the category ID set to use for URL categorization. A category-set ID defines the list of categories that the web service uses to perform URL categorization.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
clear
clear
Syntax
clear
Context
[Tree] (admin clear)
Full Context
admin clear
Description
Commands in this context clear statistics.
Platforms
All
clear
Syntax
clear [now]
Context
[Tree] (admin>system>license clear)
Full Context
admin system license clear
Description
This command removes the entitlements that were installed using a license file.
All the entitlements must be unallocated; otherwise, the command fails.
Parameters
- now
-
Keyword used to specify the immediate removal of the license file entitlements. If the now keyword is not present, the user is prompted to confirm the removal.
Platforms
All
clear-alarm-msg
clear-alarm-msg
Syntax
clear-alarm-msg message-string
no clear-alarm-msg
Context
[Tree] (config>system>alarm-contact-input clear-alarm-msg)
Full Context
configure system alarm-contact-input clear-alarm-msg
Description
This command configures a message string to send with SNMP trap and log event messages that are generated when the system clears an alarm. The system generates the default message "Alarm Input Cleared” if no message is configured. The clear-alarm-msg string is included in the log event when the pin changes to the normal state.
The no form of this command reverts to the default message "Alarm Input Cleared”.
Default
no clear-alarm-msg
Parameters
- message-string
-
Specifies a printable character string, up to 160 characters.
Platforms
7750 SR-a
clear-df-bit
clear-df-bit
Syntax
[no] clear-df-bit
Context
[Tree] (config>service>vprn>if>sap>ipsec-tunnel clear-df-bit)
[Tree] (config>router>if>ipsec>ipsec-tunnel clear-df-bit)
[Tree] (config>service>ies>if>sap>ip-tunnel clear-df-bit)
[Tree] (config>service>ies>if>ipsec>ipsec-tunnel clear-df-bit)
[Tree] (config>service>vprn>if>ipsec>ip-tunnel clear-df-bit)
Full Context
configure service vprn interface sap ipsec-tunnel clear-df-bit
configure router interface ipsec ipsec-tunnel clear-df-bit
configure service ies interface sap ip-tunnel clear-df-bit
configure service ies interface ipsec ipsec-tunnel clear-df-bit
configure service vprn interface ipsec ip-tunnel clear-df-bit
Description
This command instructs the MS-ISA to reset the DF bit to 0 in all payload IP packets associated with the GRE or IPsec tunnel, before any potential fragmentation resulting from the ip-mtu command (this requires a modification of the header checksum).
The no form of this command disables the DF bit reset.
Default
no clear-df-bit
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
- configure service vprn interface sap ipsec-tunnel clear-df-bit
- configure service ies interface sap ip-tunnel clear-df-bit
VSR
- configure service ies interface ipsec ipsec-tunnel clear-df-bit
- configure router interface ipsec ipsec-tunnel clear-df-bit
clear-df-bit
Syntax
[no] clear-df-bit
Context
[Tree] (config>service>vprn>if clear-df-bit)
Full Context
configure service vprn interface clear-df-bit
Description
This command specifies whether to clear the Do not Fragment (DF) bit in the outgoing packets in this tunnel.
Platforms
All
clear-df-bit
Syntax
[no] clear-df-bit
Context
[Tree] (config>ipsec>tnl-temp clear-df-bit)
Full Context
configure ipsec tunnel-template clear-df-bit
Description
This command enables clearing of the Do-not-Fragment bit.
Default
no clear-df-bit
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
clear-ocsp-cache
clear-ocsp-cache
Syntax
clear-ocsp-cache [entry-id]
Context
[Tree] (admin>certificate clear-ocsp-cache)
Full Context
admin certificate clear-ocsp-cache
Description
This command clears the current OCSP response cache. If optional issuer and serial-number are not specified, then all current cached results are cleared.
Parameters
- entry-id
-
Specifies the local cache entry identifier of the certificate to clear.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
clear-request
clear-request
Syntax
clear-request ca ca-profile-name
Context
[Tree] (admin>certificate>cmpv2 clear-request)
Full Context
admin certificate cmpv2 clear-request
Description
This command clears current pending CMPv2 requests toward the specified CA. If there are no pending requests, it will clear the saved result of prior request.
Parameters
- ca ca-profile-name
-
Specifies a ca-profile name up to 32 characters.
Platforms
All
clear-tag-mode
clear-tag-mode
Syntax
clear-tag-mode clear-tag-mode
no clear-tag-mode
Context
[Tree] (config>macsec>connectivity-association clear-tag-mode)
Full Context
configure macsec connectivity-association clear-tag-mode
Description
This command puts 802.1Q tags in cleartext before the SecTAG. There are two modes: single-tag and dual-tag.
Encrypted Dot1q and QinQ Packet Format explains the encrypted dot1q and QinQ packet format when clear-tag-mode single-tag or dual-tag is configured.
The no form of this command puts all dot1q tags encrypted after the SecTAG.
Unencrypted format |
Clear-tag-mode |
Pre-encryption (Tx) |
Pre-decryption (Rx) |
---|---|---|---|
Single tag (dot1q) |
single-tag |
DA, SA, TPID, VID, Etype |
DA, SA, TPID, VID, SecTag |
Single tag (dot1q) |
dual-tag |
DA, SA, TPID, VID, Etype |
DA, SA, TPID, VID, SecTag |
Double tag (q-in-q) |
single-tag |
DA, SA, TPID1, VID1, IPID2, VID2, Etype |
DA, SA, TPID1, VID1, SecTag |
Double tag (QinQ) |
dual-tag |
DA, SA, TPID1, VID1, IPID2, VID2, Etype |
DA, SA, TPID1, VID1, IPID2, VID2, SecTag |
Default
no clear-tag-mode
Parameters
- clear-tag-mode
-
Specifies the clear tag mode.
Platforms
All
cli
cli
Syntax
[no] cli
Context
[Tree] (debug>dynsvc>scripts>inst>event cli)
[Tree] (debug>dynsvc>scripts>event cli)
[Tree] (debug>dynsvc>scripts>script>event cli)
Full Context
debug dynamic-services scripts instance event cli
debug dynamic-services scripts event cli
debug dynamic-services scripts script event cli
Description
This command enables/disables the generation of a specific dynamic data service script debugging event output: cli.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
cli
Syntax
cli
Context
[Tree] (config>system>management-interface cli)
Full Context
configure system management-interface cli
Description
Commands in this context configure the CLI management interfaces.
Platforms
All
cli
Syntax
cli {warning | info}
Context
[Tree] (config>system>management-interface>cli>md-cli>environment>message-severity-level cli)
Full Context
configure system management-interface cli md-cli environment message-severity-level cli
Description
This command specifies the threshold for CLI messages.
Default
cli info
Parameters
- warning
-
Specifies that WARNING messages are displayed but INFO messages are suppressed.
- info
-
Specifies that INFO messages and WARNING messages are displayed.
Platforms
All
cli-engine
cli-engine
Syntax
cli-engine {classic-cli | md-cli} [{classic-cli | md-cli}]
no cli-engine
Context
[Tree] (config>system>management-interface>cli cli-engine)
Full Context
configure system management-interface cli cli-engine
Description
This command configures the system-wide CLI engine. The operator can configure one or both engines. For the configuration to take effect, exit the running CLI session and start a new session after committing the new value.
Parameters
- classic-cli
-
Specifies the classic CLI.
- md-cli
-
Specifies the MD-CLI.
Platforms
All
cli-script
cli-script
Syntax
cli-script
Context
[Tree] (config>system>security cli-script)
Full Context
configure system security cli-script
Description
Commands in this context configure the security parameters in the system.
Platforms
All
cli-session-group
cli-session-group
Syntax
cli-session-group session-group-name [create]
no cli-session-group session-group-name
Context
[Tree] (config>system>security cli-session-group)
Full Context
configure system security cli-session-group
Description
This command is used to configure a session group that can be used to limit the number of CLI sessions available to members of the group.
Parameters
- session-group-name
-
Specifies a particular session group.
Platforms
All
cli-user
cli-user
Syntax
cli-user name
no cli-user
Context
[Tree] (config>service>dynsvc>policy cli-user)
Full Context
configure service dynamic-services dynamic-services-policy cli-user
Description
This command specifies the CLI user to be used to execute the dynamic data services CLI scripts. With the specified user’s profile, it is possible to further restrict the internal list of allowed commands to be executed via dynamic data service CLI scripts.
The no form of this command sets the CLI user to an internal user with all configuration rights.
Parameters
- name
-
Specifies the CLI user name that must exist in the >config>system>security CLI context.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
cli-user
Syntax
cli-user user-name
no cli-user
Context
[Tree] (config>system>security>cli-script>authorization>event-handler cli-user)
[Tree] (config>system>security>cli-script>authorization>cron cli-user)
Full Context
configure system security cli-script authorization event-handler cli-user
configure system security cli-script authorization cron cli-user
Description
This command configures the user context under which various types of CLI scripts should execute in order to authorize the script commands. TACACS+ and RADIUS users and authorization are not permitted for cli-script authorization.
The no form of this command configures scripts to execute with no restrictions and without performing authorization.
Default
no cli-user
Parameters
- user-name
-
The name of a user in the local node database. TACACS+ or RADIUS users cannot be used. The user configuration should reference a valid local profile for authorization.
Platforms
All
client
client
Syntax
client client-index [create]
no client client-index
Context
[Tree] (config>ipsec>client-db client)
Full Context
configure ipsec client-db client
Description
This command creates a new IPsec client entry in the client-db or enters the configuration context of an existing client entry.
There may be multiple client entries defined in the same client-db. If there are multiple entries that match the new tunnel request, then the system will select the entry that has smallest client-index.
The no form of this command reverts to the default.
Parameters
- client-index
-
Specifies the ID of the client entry.
- create
-
Keyword used to create the security policy instance. The create keyword requirement can be enabled or disabled in the environment>create context.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
client
Syntax
client all
client ip-address
no client
Context
[Tree] (debug>system>grpc client)
Full Context
debug system grpc client
Description
This command enables debug output for all clients for a particular client.
The no form of this command deactivates debugging for all clients.
Parameters
- all
-
Specifies that debugging will occur for all clients.
- ip-address
-
Specifies the IPv4 or IPv6 address of the client.
Platforms
All
client
Syntax
client
Context
[Tree] (config>system>security>ssh>key-re-exchange client)
Full Context
configure system security ssh key-re-exchange client
Description
Commands in this context enable the key re-exchange for SR OS as an SSH client.
Platforms
All
client-application
client-application
Syntax
client-application [ppp-v4] [ipoe-v4]
no client-application
Context
[Tree] (config>service>vprn>sub-if>local-address-assignment client-application)
[Tree] (config>service>ies>sub-if>grp-if>local-address-assignment client-application)
[Tree] (config>service>vprn>sub-if>grp-if>local-address-assignment client-application)
[Tree] (config>service>ies>sub-if>local-address-assignment client-application)
Full Context
configure service vprn subscriber-interface local-address-assignment client-application
configure service ies subscriber-interface group-interface local-address-assignment client-application
configure service vprn subscriber-interface group-interface local-address-assignment client-application
configure service ies subscriber-interface local-address-assignment client-application
Description
This command enables local DHCP Server pool management for PPPoXv4 clients.
A pool of IP addresses can be shared between IPoE clients that rely on DHCP protocol (lease renewal process) and PPPoX clients where address allocation is not dependent on DHCP messaging but instead an IP address allocation within the pool is tied to the PPPoX session.
The no form of this command disables Local Address Assignment for any protocol.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
client-application
Syntax
client-application [ppp-slaac] [ipoe-wan] [ ipoe-slaac]
no client-application
Context
[Tree] (config>service>vprn>sub-if>grp-if>lcl-addr-assign>ipv6 client-application)
Full Context
configure service vprn subscriber-interface group-interface local-address-assignment ipv6 client-application
Description
This command defines the client application that uses the local address server to perform address assignment. This feature relies on RADIUS or local-user-database to return a pool name. The pool name is matched again the pools defined in the local-dhcp6-server configuration. The name of the local-dhcp6-server must also be provisioned.
The no form of this command reverts to the default.
Parameters
- ppp-slaac
-
Indicates using the local DHCPv6 prefix pool to assign SLAAC prefixes for hosts. The pool name where the prefixes are used for SLAAC prefix assignment are obtained from RADIUS or local-user-database during the authentication process. The RADIUS attribute Alc-slaac-ipv6-pool is used to indicate the SLAAC pool name for PPPoE hosts.
- ipoe-wan
-
Indicates to assign an IA_NA address from a local DHCPv6 pool and to assign a fixed static IA_PD prefix. Other combinations of address assignment are not supported with client-application set to ipoe-wan. For RADIUS authentication, a Framed-IPv6-Pool (IA_NA address) and a Delegated-IPv6-Prefix (IA_PD prefix) attribute must be present in the Access-Accept message. For LUDB authentication, an IPv6-WAN-Address-Pool (IA_NA address) and an IPv6-DelegatedPrefix (IA_PD) must be provisioned.
- ipoe-slaac
-
Indicates using the local DHCPv6 prefix pool to assign SLAAC prefixes for hosts. The pool name where the prefixes are used for SLAAC prefix assignment are obtained from RADIUS or local-user-database during the authentication process. The RADIUS attribute Alc-slaac-ipv6-pool is used to indicate the SLAAC pool name for IPoE hosts.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
client-applications
client-applications
Syntax
client-applications [dhcp] [ppp]
no client-applications
Context
[Tree] (config>service>vprn>sub-if>dhcp client-applications)
[Tree] (config>service>vprn>sub-if>ipv6>dhcp6>relay client-applications)
[Tree] (config>service>ies>sub-if>dhcp client-applications)
[Tree] (config>service>ies>sub-if>ipv6>dhcp6>proxy client-applications)
[Tree] (config>service>ies>sub-if>grp-if>dhcp client-applications)
[Tree] (config>service>vprn>sub-if>ipv6>dhcp6>proxy client-applications)
[Tree] (config>service>ies>sub-if>grp-if>ipv6>dhcp6>proxy client-applications)
[Tree] (config>service>vprn>sub-if>grp-if>ipv6>dhcp6>relay client-applications)
[Tree] (config>service>vprn>sub-if>grp-if>ipv6>dhcp6>proxy client-applications)
[Tree] (config>service>ies>sub-if>ipv6>dhcp6>relay client-applications)
[Tree] (config>service>vprn>sub-if>grp-if>dhcp client-applications)
[Tree] (config>service>ies>sub-if>grp-if>ipv6>dhcp6>relay client-applications)
Full Context
configure service vprn subscriber-interface dhcp client-applications
configure service vprn subscriber-interface ipv6 dhcp6 relay client-applications
configure service ies subscriber-interface dhcp client-applications
configure service ies subscriber-interface ipv6 dhcp6 proxy-server client-applications
configure service ies subscriber-interface group-interface dhcp client-applications
configure service vprn subscriber-interface ipv6 dhcp6 proxy-server client-applications
configure service ies subscriber-interface group-interface ipv6 dhcp6 proxy-server client-applications
configure service vprn subscriber-interface group-interface ipv6 dhcp6 relay client-applications
configure service vprn subscriber-interface group-interface ipv6 dhcp6 proxy-server client-applications
configure service ies subscriber-interface ipv6 dhcp6 relay client-applications
configure service vprn subscriber-interface group-interface dhcp client-applications
configure service ies subscriber-interface group-interface ipv6 dhcp6 relay client-applications
Description
This command enables DHCP relay and proxy-server for the configured client types.
The no form of this command reverts to the default.
Default
dhcp
Parameters
- dhcp
-
Enables IPoE clients to use the DHCP relay or proxy-server.
- ppp
-
Enables PPPoE clients to use the DHCP relay or proxy-server that PPPoE attempts to request an IP address for a PPPoE client from the DHCP server assigned to PPPoE node.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
client-cert-subject-key-id
client-cert-subject-key-id
Syntax
[no] client-cert-subject-key-id
Context
[Tree] (config>ipsec>rad-auth-plcy>include client-cert-subject-key-id)
Full Context
configure ipsec radius-authentication-policy include-radius-attribute client-cert-subject-key-id
Description
This command enables the inclusion of the Subject Key Identifier of the peer's certificate in the RADIUS Access-Request packet as VSA: Alc-Subject-Key-Identifier. Refer to the 7750 SR and VSR RADIUS Attributes Reference Guide for more information.
Default
no client-cert-subject-key-id
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
client-cipher-list
client-cipher-list
Syntax
client-cipher-list
Context
[Tree] (config>system>security>ssh client-cipher-list)
Full Context
configure system security ssh client-cipher-list
Description
Commands in this context configure a list of allowed ciphers by the SSH client.
Platforms
All
client-cipher-list
Syntax
client-cipher-list name [create]
no client-cipher-list name
Context
[Tree] (config>system>security>tls client-cipher-list)
Full Context
configure system security tls client-cipher-list
Description
This command creates a cipher list that the client sends to the server in the client Hello message. It is a list of ciphers that are supported and preferred by the SR OS to be used in the TLS session. The server matches this list against the server cipher list. The most preferred cipher found in both lists is chosen.
Parameters
- name
-
Specifies the name of the client cipher list, up to 32 characters in length.
- create
-
Keyword used to create the client cipher list.
Platforms
All
client-db
client-db
Syntax
client-db db-name [create]
no client-db db-name
Context
[Tree] (config>ipsec client-db)
Full Context
configure ipsec client-db
Description
This command creates a new IPsec client-db or enters the configuration context of an existing client-db.
An IPsec client-db can be used for IKEv2 dynamic LAN-to-LAN tunnel authentication and authorization. When a new tunnel request is received, the system will match the request to the client entries configured in client-db and use credentials returned by the matched client entry for authentication. If authentication succeeds, the system could also use the IPsec configuration parameters (such as private-service-id) returned by the matched entry to set up the tunnel.
The configured client-db is referenced under the ipsec-gw configuration context using the client-db command.
The no form of this command removes the db-name from the configuration.
Parameters
- db-name
-
Specifies the name of this IPsec client up to 32 characters.
- create
-
Keyword used to create the security policy instance. The create keyword requirement can be enabled or disabled in the environment>create context.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
client-db
Syntax
client-db name
client-db name fallback
client-db name no-fallback
no client-db
Context
[Tree] (config>service>ies>if>sap>ipsec-gw client-db)
[Tree] (config>service>vprn>if>sap>ipsec-gw client-db)
Full Context
configure service ies interface sap ipsec-gw client-db
configure service vprn interface sap ipsec-gw client-db
Description
This command enables the use of an IPsec client database. The system uses the specified client database to authenticate IKEv2 dynamic LAN-to-LAN tunnel.
Default
no client-db
Parameters
- name
-
Specifies the name of the client database.
- fallback
-
Specifies whether or not this IPsec gateway falls back to the default authentication policy when the IPsec tunnel authentication request fails to match any clients in the IPsec database.
- no-fallback
-
Specifies that if the client database lookup fails to return a matched result, the system will fail the tunnel setup.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
client-db
Syntax
[no] no client-db db-name
Context
[Tree] (debug>ipsec client-db)
Full Context
debug ipsec client-db
Description
This command enables debugging for the specified IPsec client-db.
Parameters
- db-name
-
Specifies the IPsec client database name, up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
client-down-delay
client-down-delay
Syntax
client-down-delay client-down-delay
no client-down-delay
Context
[Tree] (config>system>satellite>eth-sat client-down-delay)
Full Context
configure system satellite eth-sat client-down-delay
Description
This command sets the delay between the last available uplink becoming unavailable and the disabling of associated Ethernet satellite client ports.
The no form of this command disables the delay and reverts to the current behavior.
Default
no client-down-delay
Parameters
- client-down-delay
-
Sets the number of seconds to wait between the last available uplink becoming unavailable and the disabling of associated ethernet satellite client ports.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
client-group-list
client-group-list
Syntax
client-group-list name [create]
no client-group-list name
Context
[Tree] (config>system>security>tls client-group-list)
Full Context
configure system security tls client-group-list
Description
This command configures a list of group suite codes that the client sends in a client Hello message.
The no form of this command removes the client group list.
Parameters
- name
-
Specifies the name of the client group list, up to 32 characters.
- create
-
Keyword used to create the client group list.
Platforms
All
client-id
client-id
Syntax
client-id {mac-pppoe-session-id}
no client-id
Context
[Tree] (config>service>ies>sub-if>grp-if>pppoe>dhcp-client client-id)
[Tree] (config>service>vprn>sub-if>grp-if>pppoe>dhcp-client client-id)
Full Context
configure service ies subscriber-interface group-interface pppoe dhcp-client client-id
configure service vprn subscriber-interface group-interface pppoe dhcp-client client-id
Description
This command inserts a DHCP client identifier option 61 in DHCP client messages for PPPoE sessions that obtain IPv4 addresses from a third party DHCP server. By default, a DHCP client identifier option 61 is not included.
The no form of this command reverts to the default.
Default
no client-id
Parameters
- mac-pppoe-session-id
-
Specifies that the DHCP client identifier option 61 contains a type value with type set to zero (1 octet) and value set to the PPPoE client MAC address (6 octets) and the PPPoE session ID (2 octets). For example:
Opt 61 (hex) = 00 00 10 94 A0 45 E5 00 01
where:
00 = type
00 10 94 A0 45 E5 = PPPoE client MAC address
00 01 = PPPoE session ID
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
client-identification
client-identification
Syntax
client-identification
Context
[Tree] (config>ipsec>client-db>client client-identification)
Full Context
configure ipsec client-db client client-identification
Description
Commands in this context configure client ID information of this IPsec client.
If there are multiple match input are configured in the match-list of the client-db, then all corresponding match criteria must be configured for the client-entry.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
client-ip
client-ip
Syntax
client-ip {eq | neq} ip-address
no client-ip
Context
[Tree] (debug>app-assure>group>traffic-capture>match client-ip)
Full Context
debug application-assurance group traffic-capture match client-ip
Description
This command configures debugging of a client IP.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
client-kex-list
client-kex-list
Syntax
client-kex-list
Context
[Tree] (config>system>security>ssh client-kex-list)
Full Context
configure system security ssh client-kex-list
Description
Commands in this context configure SSH KEX algorithms for SR OS as a client.
An empty list is the default list that the SSH KEX advertises. The default list contains the following:
diffie-hellman-group16-sha512
diffie-hellman-group14-sha256
diffie-hellman-group14-sha1
diffie-hellman-group1-sha1
Platforms
All
client-mac
client-mac
Syntax
client-mac {odd | even}
no client-mac
Context
[Tree] (config>service>vprn>sub-if>dhcp>osel client-mac)
[Tree] (config>service>vprn>sub-if>grp-if>dhcp>osel client-mac)
[Tree] (config>service>ies>sub-if>grp-if>dhcp>osel client-mac)
Full Context
configure service vprn subscriber-interface dhcp offer-selection client-mac
configure service vprn subscriber-interface group-interface dhcp offer-selection client-mac
configure service ies subscriber-interface group-interface dhcp offer-selection client-mac
Description
Commands in this context configure a delay for the Discover message from the designated client MAC addresses.
The no form of this command removes the client MAC configuration.
Parameters
- odd
-
Specifies to use the odd client MAC address.
- even
-
Specifies to use the even client MAC address.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
client-mac
Syntax
client-mac {odd | even}
no client-mac
Context
[Tree] (config>service>vprn>sub-if>ipv6>dhcp6>relay>advertise-selection client-mac)
[Tree] (config>service>vprn>sub-if>grp-if>ipv6>dhcp6>relay>advertise-selection client-mac)
[Tree] (config>service>ies>sub-if>grp-if>ipv6>dhcp6>relay>advertise-selection client-mac)
Full Context
configure service vprn subscriber-interface ipv6 dhcp6 relay advertise-selection client-mac
configure service vprn subscriber-interface group-interface ipv6 dhcp6 relay advertise-selection client-mac
configure service ies subscriber-interface group-interface ipv6 dhcp6 relay advertise-selection client-mac
Description
Commands in this context configure a solicit delay or preference option value in function of the source MAC address of the solicit message.
The no form of this command removes the client MAC configuration.
Parameters
- odd
-
Specifies to use the odd client MAC address.
- even
-
Specifies to use the even client MAC address.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
client-mac-address
client-mac-address
Syntax
[no] client-mac-address
Context
[Tree] (config>subscr-mgmt>msap-policy>vpls-only>dhcp>option>vendor client-mac-address)
[Tree] (config>service>ies>sub-if>dhcp>option client-mac-address)
[Tree] (config>service>vprn>if>dhcp>option>vendor client-mac-address)
[Tree] (config>service>ies>sub-if>grp-if>dhcp>option>vendor client-mac-address)
[Tree] (config>service>vprn>sub-if>grp-if>dhcp>option>vendor client-mac-address)
[Tree] (config>service>ies>if>dhcp>option>vendor client-mac-address)
[Tree] (config>service>vpls>sap>dhcp>option>vendor client-mac-address)
Full Context
configure subscriber-mgmt msap-policy vpls-only-sap-parameters dhcp option vendor-specific-option client-mac-address
configure service ies subscriber-interface dhcp option client-mac-address
configure service vprn interface dhcp option vendor-specific-option client-mac-address
configure service ies subscriber-interface group-interface dhcp option vendor-specific-option client-mac-address
configure service vprn subscriber-interface group-interface dhcp option vendor-specific-option client-mac-address
configure service ies interface dhcp option vendor-specific-option client-mac-address
configure service vpls sap dhcp option vendor-specific-option client-mac-address
Description
This command enables the sending of the MAC address in the Nokia vendor-specific sub-option of the DHCP relay packet.
The no form of this command disables the sending of the MAC address in the Nokia vendor-specific sub-option of the DHCP relay packet.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
- configure service vprn subscriber-interface group-interface dhcp option vendor-specific-option client-mac-address
- configure service ies subscriber-interface group-interface dhcp option vendor-specific-option client-mac-address
- configure subscriber-mgmt msap-policy vpls-only-sap-parameters dhcp option vendor-specific-option client-mac-address
All
- configure service vprn interface dhcp option vendor-specific-option client-mac-address
- configure service vpls sap dhcp option vendor-specific-option client-mac-address
- configure service ies interface dhcp option vendor-specific-option client-mac-address
client-mac-address
Syntax
[no] client-mac-address
Context
[Tree] (config>router>if>dhcp>option client-mac-address)
Full Context
configure router interface dhcp option client-mac-address
Description
This command enables the sending of the MAC address in the Nokia vendor specific suboption of the DHCP relay packet.
The no form of this command disables the sending of the MAC address in the Nokia vendor specific suboption of the DHCP relay packet.
Default
no client-mac-address
Platforms
All
client-mac-list
client-mac-list
Syntax
client-mac-list
Context
[Tree] (config>system>security>ssh client-mac-list)
Full Context
configure system security ssh client-mac-list
Description
Commands in this context configure SSH MAC algorithms for SR OS as a client.
Platforms
All
client-meg-level
client-meg-level
Syntax
client-meg-level [[level [level]]
no client-meg-level
Context
[Tree] (config>lag>eth-cfm>mep>ais-enable client-meg-level)
[Tree] (config>port>ethernet>eth-cfm>mep>ais-enable client-meg-level)
Full Context
configure lag eth-cfm mep ais-enable client-meg-level
configure port ethernet eth-cfm mep ais-enable client-meg-level
Description
This command configures the client maintenance entity group (MEG) level(s) to use for AIS message generation. Up to 7 levels can be provisioned with the restriction that the client MEG level must be higher than the local MEG level. Only the lowest client MEG level will be used for facility MEPs.
The no form of this command reverts to the default values.
Parameters
- level
-
Specifies the client MEG level.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
client-meg-level
Syntax
client-meg-level [[level [level ...]]
no client-meg-level
Context
[Tree] (config>service>epipe>sap>eth-cfm>mep client-meg-level)
[Tree] (config>service>epipe>spoke-sdp>eth-cfm>ais-enable client-meg-level)
Full Context
configure service epipe sap eth-cfm mep client-meg-level
configure service epipe spoke-sdp eth-cfm ais-enable client-meg-level
Description
This command configures the client maintenance entity group (MEG) level or levels to use for AIS message generation. Up to 7 levels can be provisioned with the restriction that the client MEG level must be higher than the local MEG level.
Parameters
- level
-
Specifies the client MEG level.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
client-meg-level
Syntax
client-meg-level [[level [level ...]]
no client-meg-level
Context
[Tree] (config>service>vpls>spoke-sdp>eth-cfm>mep>ais-enable client-meg-level)
[Tree] (config>service>vpls>mesh-sdp>eth-cfm>mep>ais-enable client-meg-level)
Full Context
configure service vpls spoke-sdp eth-cfm mep ais-enable client-meg-level
configure service vpls mesh-sdp eth-cfm mep ais-enable client-meg-level
Description
This command configures the client maintenance entity group (MEG) level(s) to use for AIS message generation. Up to 7 levels can be provisioned with the restriction that the client MEG level must be higher than the local MEG level.
Parameters
- level
-
Specifies the client MEG level
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
client-name
client-name
Syntax
client-name name
no client-name
Context
[Tree] (config>ipsec>client-db>client client-name)
Full Context
configure ipsec client-db client client-name
Description
This command specifies the name of the client entry. The client name can be used in CLI navigation or in show commands.
Default
no client-name
Parameters
- name
-
Specifies the name of the client.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
client-port
client-port
Syntax
client-port {eq | neq} port-num
no client-port
Context
[Tree] (debug>app-assure>group>traffic-capture>match client-port)
Full Context
debug application-assurance group traffic-capture match client-port
Description
This command configures debugging of a client port.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
client-signature-list
client-signature-list
Syntax
client-signature-list name [create]
no client-signature-list name
Context
[Tree] (config>system>security>tls client-signature-list)
Full Context
configure system security tls client-signature-list
Description
This command configures a list of TLS 1.3-supported signature suite codes that the client sends in a client Hello message.
The no form of this command removes the client signature list.
Parameters
- name
-
Specifies the name of the client signature list, up to 32 characters.
- create
-
Keyword used to create the client signature list.
Platforms
All
client-tls-profile
client-tls-profile
Syntax
client-tls-profile name
no client-tls-profile
Context
[Tree] (config>system>security>pki>est-profile client-tls-profile)
Full Context
configure system security pki est-profile client-tls-profile
Description
This command configures the TLS client profile to be assigned to applications for encryption. The profile creates the TLS connection to the EST server.
The no form of this command removes the name from the configuration.
Default
no client-tls-profile
Parameters
- name
-
Specifies the name of the client TLS profile, up to 32 characters
Platforms
All
client-tls-profile
Syntax
client-tls-profile name [create]
no client-tls-profile name
Context
[Tree] (config system security tls client-tls-profile)
Full Context
configure system security tls client-tls-profile
Description
This command configures the TLS client profile to be assigned to applications for encryption.
Parameters
- name
-
Specifies the name of the client TLS profile, up to 32 characters in length.
- create
-
Keyword used to create the client TLS profile.
Platforms
All
client-tls-profile
Syntax
client-tls-profile name
no client-tls-profile
Context
[Tree] (config system management-interface remote-management client-tls-profile)
Full Context
configure system management-interface remote-management client-tls-profile
Description
This command configures the TLS client profile used for encryption by all remote managers. This command and allow-unsecure-connection are mutually exclusive.
If this command is also configured for a specific manager in the config>system> management-interface>remote-management>manager context, that configuration takes precedence.
The no form of this command causes the profile configuration not to be used.
Parameters
- name
-
Specifies the name of the client TLS profile, up to 32 characters.
Platforms
All
client-tls-profile
Syntax
client-tls-profile name
no client-tls-profile
Context
[Tree] (config system management-interface remote-management manager client-tls-profile)
Full Context
configure system management-interface remote-management manager client-tls-profile
Description
This command configures the TLS client profile used for encryption by this remote manager. This command and allow-unsecure-connection are mutually exclusive.
This command takes precedence over the same command configured in the global context (config>system>management-interface>remote-management).
The no form of this command causes the profile configuration to be inherited from the global context (config>system>management-interface>remote-management).
Parameters
- name
-
Specifies the name of the client TLS profile, up to 32 characters.
Platforms
All
clli-code
clli-code
Syntax
clli-code clli-code
no clli-code
Context
[Tree] (config>system clli-code)
Full Context
configure system clli-code
Description
This command creates a Common Language Location Identifier (CLLI) code string for the 7450 ESS, 7750 SR, 7950 XRS, and VSR router. A CLLI code is an 11-character standardized geographic identifier that uniquely identifies geographic locations and certain functional categories of equipment unique to the telecommunications industry.
No CLLI validity checks other than truncating or padding the string to eleven characters are performed.
Only one CLLI code can be configured, if multiple CLLI codes are configured the last one entered overwrites the previous entry.
The no form of the command removes the CLLI code.
Default
no clli-code
Parameters
- clli-code
-
Specifies the 11 character string CLLI code. Any printable, seven bit ASCII characters can be used within the string. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes. If more than 11 characters are entered, the string is truncated. If less than 11 characters are entered the string is padded with spaces.
Platforms
All
clock-offset
clock-offset
Syntax
clock-offset seconds
no clock-offset
Context
[Tree] (config>oam-pm>session>meas-interval clock-offset)
Full Context
configure oam-pm session meas-interval clock-offset
Description
This command allows measurement intervals with a boundary-type of clock aligned to be offset from the default time of day clock. The configured offset must be smaller than the size of the measurement interval. As an example, an offset of 120 (seconds) shifts the start times of the measurement intervals by two minutes from their default alignments with respect to the time of day clock.
The no form of this command sets the offset to 0.
Default
clock-offset 0
Parameters
- seconds
-
Specifies the number of seconds to offset a clock-alignment measurement interval from its default.
Platforms
All
clock-source
clock-source
Syntax
clock-source {loop-timed | node-timed}
Context
[Tree] (config>port>sonet-sdh clock-source)
Full Context
configure port sonet-sdh clock-source
Description
This command configures the clock to be used for transmission of data out towards the line. The options are to use the locally recovered clock from the line's receive data stream or the node central reference.
When changing the clock source for a port on an OC-48 MDA, a brief transmit interruption can occur on all ports of that MDA. Note that all SONET/SDH MDAs support loop timing.
The node-timed parameter in this command is supported by TDM satellite.
Parameters
- loop-timed
-
The link recovers the clock from the received data stream.
- node-timed
-
The link uses the internal clock when transmitting data.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
clock-source
Syntax
clock-source {loop-timed | node-timed | adaptive | differential}
Context
[Tree] (config>port>tdm>e3 clock-source)
[Tree] (config>port>tdm>e1 clock-source)
[Tree] (config>port>tdm>ds3 clock-source)
[Tree] (config>port>tdm>ds1 clock-source)
Full Context
configure port tdm e3 clock-source
configure port tdm e1 clock-source
configure port tdm ds3 clock-source
configure port tdm ds1 clock-source
Description
This command configures the clock to be used for transmission of data out towards the line. The options are to use the locally recovered clock from the line's receive data stream, the node central reference, or an adaptively recovered clock using the received packets.
The following table shows MDAs that support loop timing at DS3/E3 channelization options.
TDM DS3/E3 |
LoopTimed |
Default |
---|---|---|
Channelized OC-12 |
No |
node-timed |
Channelized OC-3 |
No |
node-timed |
Channelized DS3/E3 |
No |
node-timed |
Channelized ASAP OC-12 |
Yes |
node-timed |
Channelized ASAP OC-3 |
Yes |
node-timed |
Channelized ASAP DS3/E3 |
Yes |
node-timed |
CES OC-3 |
Yes |
node-timed |
The following table shows MDAs that support loop timing at DS1/E1 channelization options.
TDM DS1/E1 |
LoopTimed |
Default |
---|---|---|
Channelized OC-12 |
Yes |
loop-timed |
Channelized OC-3 |
Yes |
loop-timed |
Channelized DS3/E3 |
Yes |
loop-timed |
Channelized ASAP OC-12 |
Yes |
loop-timed |
Channelized ASAP OC-3 |
Yes |
loop-timed |
Channelized ASAP DS3/E3 |
Yes |
loop-timed |
CES OC-3 |
Yes |
loop-timed |
Parameters
- loop-timed
-
The link recovers the clock from the received data stream.
- node-timed
-
The link uses the internal clock when transmitting data.
- adaptive
-
The clock is adaptively recovered from the rate at which data is received and not from the physical layer. Adaptive timing is only supported on ds1 and e1 channels.
- differential
-
The clock is recovered from differential RTP timestamp header. Differential timing is only supported on ds1 and e1 channels.
Platforms
7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e
clock-type
clock-type
Syntax
clock-type boundary
clock-type ordinary {master | slave}
Context
[Tree] (config>system>ptp clock-type)
Full Context
configure system ptp clock-type
Description
This command configures the type of clock. The clock type can only be changed when PTP is shutdown.
The clock type cannot be changed to ordinary timeTransmitter if the PTP reference is no shutdown. In addition, the clock type cannot be changed to ordinary timeTransmitter if there are peers configured. The clock type is restricted based on the profile. See the profile command description for the details of the restrictions.
When enabling a PTP with clock-type boundary, at least one reference into the central frequency clock must be enabled using the configure system sync-if-timing [bits |ref1 |ref2 | ptp| synce] command.
Default
clock-type ordinary slave
Parameters
- boundary
-
Specifies that the system is a boundary clock, which may be anywhere in the PTP clock hierarchy. It can obtain timing from a timeTransmitter clock, and provide timing to multiple timeReceiver clocks concurrently.
- ordinary master
-
Specifies that the system is a grandmaster clock in the PTP hierarchy. The system provides timing to multiple timeReceiver clocks in the network.
- ordinary slave
-
Specifies that the system is always a timeReceiver clock in the PTP hierarchy. The system derives its timing from one or more timeTransmitter clocks in the network.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
close-session
close-session
Syntax
[no] close-session
Context
[Tree] (configure>system>security>profile>netconf>base-op-authorization close-session)
Full Context
configure system security profile netconf base-op-authorization close-session
Description
This command enables the NETCONF close-session operation.
The no form of this command disables the operation.
Default
no close-session
The operation is enabled by default in the built-in system-generated administrative profile.
Platforms
All
cluster
cluster
Syntax
cluster cluster-id
no cluster
Context
[Tree] (config>subscr-mgmt>bgp-prng-plcy cluster)
Full Context
configure subscriber-mgmt bgp-peering-policy cluster
Description
This command configures the cluster ID for a route reflector server.
Route reflectors are used to reduce the number of IBGP sessions required within an AS. Normally, all BGP speakers within an AS must have a BGP peering with every other BGP speaker in an AS. A route reflector and its clients form a cluster. Peers that are not part of the cluster are considered to be non-clients.
When a route reflector receives a route, first it must select the best path from all the paths received. If the route was received from a non-client peer, then the route reflector sends the route to all clients in the cluster. If the route came from a client peer, the route reflector sends the route to all non-client peers and to all client peers except the originator.
For redundancy, a cluster can have multiple route reflectors.
Confederations can also be used to remove the full IBGP mesh requirement within an AS.
The no form of this command deletes the cluster ID and effectively disables the Route Reflection for the given group.
Parameters
- cluster-id
-
Specifies the route reflector cluster ID is expressed in dot decimal notation.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
cluster
Syntax
cluster cluster-id
no cluster
Context
[Tree] (config>service>vprn>bgp cluster)
[Tree] (config>service>vprn>bgp>group>neighbor cluster)
[Tree] (config>service>vprn>bgp>group cluster)
Full Context
configure service vprn bgp cluster
configure service vprn bgp group neighbor cluster
configure service vprn bgp group cluster
Description
This command configures the cluster ID for a route reflector server.
Route reflectors are used to reduce the number of IBGP sessions required within an AS. Normally, all BGP speakers within an AS must have a BGP peering with every other BGP speaker in an AS. A route reflector and its clients form a cluster. Peers that are not part of the cluster are considered to be non-clients.
When a route reflector receives a route, first it must select the best path from all the paths received. If the route was received from a non-client peer, then the route reflector sends the route to all clients in the cluster. If the route came from a client peer, the route reflector sends the route to all non-client peers and to all client peers except the originator.
For redundancy, a cluster can have multiple route reflectors.
Confederations can also be used to remove the full IBGP mesh requirement within an AS.
The no form of this command deletes the cluster ID and effectively disables the Route Reflection for the given group.
Default
no cluster — No cluster ID is defined.
Parameters
- cluster-id
-
The route reflector cluster ID is expressed in dot decimal notation.
Platforms
All
cluster
Syntax
cluster cluster-id orr-location location-id [ allow-local-fallback]]
Context
[Tree] (config>router>bgp cluster)
Full Context
configure router bgp cluster
Description
This command configures the cluster ID for a route reflector server ID and implicitly configures the associated BGP sessions as route reflector clients of the BGP instance. If an ORR location ID is specified with the cluster ID, the clients in that cluster receive routes optimal for that specific location; refer to draft-ietf-idr-bgp-optimal-route-reflection for more information.
Route reflectors are used to reduce the number of IBGP sessions required within an AS. Normally, all BGP speakers within an AS must have a BGP peering with every other BGP speaker in an AS. A route reflector and its clients form a cluster. Peers that are not part of the cluster are considered to be non-clients.
When a route reflector receives best path from a non-client peer, it sends the route to all clients. When the route reflector receives a best path from a client peer it sends the route to all non-client and all client peers except the originator.
With optimal route reflection, the best path advertised to a client takes location ID into account, which means that if the tie-break for best path (or Add-Paths) comes down to next-hop IGP cost, the IGP costs will be calculated relative to the specified location. In the SR OS implementation, the IGP costs from arbitrary ORR locations are calculated using OSPF/OSPFv3, IS-IS, or BGP-LS information in the TE DB.
Default
no cluster
Parameters
- ip-address
-
Specifies the route reflector cluster ID is expressed in dot decimal notation.
- orr-location location-id
-
Specifies the optimal route reflection location index for this set of route reflector clients.
- allow-local-fallback
-
Controls the behavior when there are no BGP routes to advertise to the RR clients that are reachable from the perspective of their ORR location. If this option is configured, the RR is allowed (in this circumstance only), to advertise the best reachable BGP path from its own topology location. If this option is not configured and this situation applies, then no route is advertised to the clients.
Platforms
All
cluster
Syntax
cluster cluster-id orr-location location-id [ allow-local-fallback]]
cluster cluster-id
no cluster
Context
[Tree] (config>router>bgp>group cluster)
[Tree] (config>router>bgp>group>neighbor cluster)
Full Context
configure router bgp group cluster
configure router bgp group neighbor cluster
Description
This command configures the cluster ID for a route reflector server ID and implicitly configures the associated BGP sessions as route reflector clients of the BGP instance. If an ORR location ID is specified with the cluster ID, the clients in that cluster receive routes optimal for that specific location; see draft-ietf-idr-bgp-optimal-route-reflection for more information.
Route reflectors are used to reduce the number of IBGP sessions required within an AS. Normally, all BGP speakers within an AS must have a BGP peering with every other BGP speaker in an AS. A route reflector and its clients form a cluster. Peers that are not part of the cluster are considered to be non-clients.
When a route reflector receives best path from a non-client peer, it sends the route to all clients. When the route reflector receives a best path from a client peer it sends the route to all non-client and all client peers except the originator.
With optimal route reflection, the best path advertised to a client takes location ID into account, which means that if the tie-break for best path (or Add-Paths) comes down to next-hop IGP cost, the IGP costs will be calculated relative to the specified location. In the SR OS implementation, the IGP costs from arbitrary ORR locations are calculated using OSPF/OSPFv3, IS-IS, or BGP-LS information in the TE DB.
The no form of this command deletes the cluster ID and effectively disables route reflection for the group.
Default
no cluster
Parameters
- ip-address
-
Specifies the route reflector cluster ID is expressed in dot decimal notation.
- orr-location location-id
-
Specifies the optimal route reflection location index for this set of route reflector clients.
- allow-local-fallback
-
Controls the behavior when there are no BGP routes to advertise to the RR clients that are reachable from the perspective of their ORR location. If this option is configured, the RR is allowed (in this circumstance only), to advertise the best reachable BGP path from its own topology location. If this option is not configured and this situation applies, then no route is advertised to the clients.
Platforms
All
cluster-id
cluster-id
Syntax
cluster-id ip-address/mask [ip-address/mask]
cluster-id none
no cluster-id
Context
[Tree] (config>router>policy-options>policy-statement>entry>from cluster-id)
Full Context
configure router policy-options policy-statement entry from cluster-id
Description
This command enables BGP routes to be matched based on the IP addresses encoded in the CLUSTER_LIST attribute.
The first ip-address/mask pair is matched against the most recently added cluster ID. Each subsequent ip-address/mask pair is tested against the next most recent cluster ID.
For example, to match all routes reflected by the RR with cluster ID 1.1.1.1 and then any other RR before reaching the router where the policy is applied, use the command cluster-id 0.0.0.0/0 1.1.1.1/32.
The command matches routes with two or more cluster IDs; the third and older cluster IDs are not evaluated and are automatically considered matching.
The cluster-id none form of this command only matches BGP routes without any CLUSTER_LIST attribute.
A non-BGP route does not match a policy entry if it contains the cluster-id command.
Default
no cluster-id
Parameters
- ip-address
-
Specifies the 32-bit cluster ID in dotted decimal notation.
- mask
-
Specifies a bit mask to apply to the ip-address parameter.
- none
-
Specifies that only BGP routes without a CLUSTER_LIST attribute should be matched.
Platforms
All
cmpv2
cmpv2
Syntax
cmpv2
Context
[Tree] (admin>certificate cmpv2)
Full Context
admin certificate cmpv2
Description
Commands in this context configure CMPv2 operations.
Platforms
All
cmpv2
Syntax
cmpv2
Context
[Tree] (config>system>security>pki>ca-profile cmpv2)
Full Context
configure system security pki ca-profile cmpv2
Description
Commands in this context configure CMPv2 parameters.
Platforms
All
cmpv2
Syntax
[no] cmpv2
Context
[Tree] (debug>certificate cmpv2)
Full Context
debug certificate cmpv2
Description
This command enables debugging of CMPv2 operations.
Platforms
All
cn
cn
Syntax
[no] cn index type type value common-name-value
Context
[Tree] (config>system>security>pki>common-name-list cn)
Full Context
configure system security pki common-name-list cn
Description
This command creates a CN list entry in text or regexp format.
The no form of this command removes the specified entry.
Parameters
- index
-
Specifies the index number of the entry.
- type
-
Specifies the type of the entry.
- common-name-value
-
Specifies the IP address or domain name value, up to 255 characters maximum.
Platforms
All
coa
coa
Syntax
coa [port udp-port]
no coa
Context
[Tree] (config>aaa>isa-radius-plcy>servers>server coa)
Full Context
configure aaa isa-radius-policy servers server coa
Description
This command configures Change of Authorization (CoA) messages.
Default
no coa
Parameters
- udp-port
-
Specifies the UDP port number on which to contact the RADIUS server for authentication.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
coa-script-policy
coa-script-policy
Syntax
coa-script-policy policy-name
no coa-script-policy
Context
[Tree] (config>subscr-mgmt>auth-plcy coa-script-policy)
Full Context
configure subscriber-mgmt authentication-policy coa-script-policy
Description
This command configures the RADIUS script policy used to change the RADIUS attributes of the Change-of-Authorization messages.
The no form of this command removes the policy name from the configuration.
Parameters
- policy-name
-
Specifies the Python script policy to modify the Change-of-Authorization messages.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
coa-script-policy
Syntax
coa-script-policy policy-name
no coa-script-policy
Context
[Tree] (config>router>radius-server>server coa-script-policy)
[Tree] (config>service>vprn>radius-server>server coa-script-policy)
Full Context
configure router radius-server server coa-script-policy
configure service vprn radius-server server coa-script-policy
Description
This command specifies the RADIUS script policy to modify the Change-of-Authorization messages sent from this RADIUS server.
The no form of this command removes the policy name from the configuration.
Parameters
- policy-name
-
Specifies the name of radius-script-policy up to 80 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
code-type
code-type
Syntax
code-type [sonet | sdh]
[no] code-type
Context
[Tree] (config>port>ethernet>ssm code-type)
Full Context
configure port ethernet ssm code-type
Description
This command configures the encoding of synchronization status messages. For example, whether to use an SDH or SONET set of values. Configuring the network-type is only applicable to SyncE ports. It is not configurable on SONET/SDH ports. For the network-type, sdh refers to ITU-T G.781 Option I, while sonet refers to G.781 Option II (equivalent to Telcordia GR-253-CORE).
Default
code-type sdh
Parameters
- sdh
-
Specifies the values used on a G.781 Option 1 compliant network.
- sonet
-
Specifies the values used on a G.781 Option 2 compliant network.
Platforms
All
coherent
coherent
Syntax
coherent
Context
[Tree] (config>port>dwdm coherent)
Full Context
configure port dwdm coherent
Description
This command configures the coherent optical module parameters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
cold-start-wait
cold-start-wait
Syntax
cold-start-wait seconds
no cold-start-wait
Context
[Tree] (config>log>app-route-notifications cold-start-wait)
Full Context
configure log app-route-notifications cold-start-wait
Description
The time delay that must pass before notifying specific CPM applications that a route is available after a cold reboot.
Default
no cold-start-wait
Parameters
- seconds
-
Time delay in seconds.
Platforms
All
collect-aa-acct-stats
collect-aa-acct-stats
Syntax
[no] collect-aa-acct-stats
Context
[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>dsm collect-aa-acct-stats)
[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>dsm collect-aa-acct-stats)
Full Context
configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range distributed-sub-mgmt collect-aa-acct-stats
configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range distributed-sub-mgmt collect-aa-acct-stats
Description
This command enables Application Assurance account statistics collection.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
collect-lmm-fc-stats
collect-lmm-fc-stats
Syntax
collect-lmm-fc-stats
Context
[Tree] (config>service>ipipe>sap>eth-cfm collect-lmm-fc-stats)
[Tree] (config>service>epipe>sap>eth-cfm collect-lmm-fc-stats)
[Tree] (config>service>epipe>spoke-sdp>eth-cfm collect-lmm-fc-stats)
Full Context
configure service ipipe sap eth-cfm collect-lmm-fc-stats
configure service epipe sap eth-cfm collect-lmm-fc-stats
configure service epipe spoke-sdp eth-cfm collect-lmm-fc-stats
Description
Commands in this context configure per-forwarding class (FC) LMM information collection.
This command is mutually exclusive with the collect-lmm-stats command when there is entity resource contention.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
collect-lmm-fc-stats
Syntax
collect-lmm-fc-stats
Context
[Tree] (config>service>vpls>sap>eth-cfm collect-lmm-fc-stats)
[Tree] (config>service>vpls>mesh-sdp>eth-cfm collect-lmm-fc-stats)
[Tree] (config>service>vpls>spoke-sdp>eth-cfm collect-lmm-fc-stats)
Full Context
configure service vpls sap eth-cfm collect-lmm-fc-stats
configure service vpls mesh-sdp eth-cfm collect-lmm-fc-stats
configure service vpls spoke-sdp eth-cfm collect-lmm-fc-stats
Description
Commands in this context configure per-forwarding class (FC) LMM information collection.
This command is mutually exclusive with the collect-lmm-stats command when there is entity resource contention.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
collect-lmm-fc-stats
Syntax
collect-lmm-fc-stats
Context
[Tree] (config>service>ies>if>spoke-sdp>eth-cfm collect-lmm-fc-stats)
[Tree] (config>service>ies>sub-if>grp-if>sap>eth-cfm collect-lmm-fc-stats)
[Tree] (config>service>ies>if>sap>eth-cfm collect-lmm-fc-stats)
Full Context
configure service ies interface spoke-sdp eth-cfm collect-lmm-fc-stats
configure service ies subscriber-interface group-interface sap eth-cfm collect-lmm-fc-stats
configure service ies interface sap eth-cfm collect-lmm-fc-stats
Description
Commands in this context configure per-forwarding class (FC) LMM information collection.
This command is mutually exclusive with the collect-lmm-stats command when there is entity resource contention.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
- configure service ies interface spoke-sdp eth-cfm collect-lmm-fc-stats
- configure service ies interface sap eth-cfm collect-lmm-fc-stats
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s
- configure service ies subscriber-interface group-interface sap eth-cfm collect-lmm-fc-stats
collect-lmm-fc-stats
Syntax
collect-lmm-fc-stats
Context
[Tree] (config>service>vprn>if>sap>eth-cfm collect-lmm-fc-stats)
[Tree] (config>service>vprn>sub-if>grp-if>sap>eth-cfm collect-lmm-fc-stats)
[Tree] (config>service>vprn>if>spoke-sdp>eth-cfm collect-lmm-fc-stats)
Full Context
configure service vprn interface sap eth-cfm collect-lmm-fc-stats
configure service vprn subscriber-interface group-interface sap eth-cfm collect-lmm-fc-stats
configure service vprn interface spoke-sdp eth-cfm collect-lmm-fc-stats
Description
Commands in this context configure per-forwarding class (FC) LMM information collection.
This command is mutually exclusive with the collect-lmm-stats command when there is entity resource contention.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
- configure service vprn interface spoke-sdp eth-cfm collect-lmm-fc-stats
- configure service vprn interface sap eth-cfm collect-lmm-fc-stats
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s
- configure service vprn subscriber-interface group-interface sap eth-cfm collect-lmm-fc-stats
collect-lmm-fc-stats
Syntax
collect-lmm-fc-stats
Context
[Tree] (config>router>if>eth-cfm>mep collect-lmm-fc-stats)
Full Context
configure router interface eth-cfm mep collect-lmm-fc-stats
Description
This command enables the collection of per-forwarding class LMM statistics.
The collect-lmm-fc-stats and collect-lmm-stats commands are mutually exclusive when there is entity resource contention.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
collect-lmm-stats
collect-lmm-stats
Syntax
[no] collect-lmm-stats
Context
[Tree] (config>port>ethernet>eth-cfm>mep collect-lmm-stats)
[Tree] (config>router>if>eth-cfm>mep collect-lmm-stats)
[Tree] (config>lag>eth-cfm>mep collect-lmm-stats)
Full Context
configure port ethernet eth-cfm mep collect-lmm-stats
configure router interface eth-cfm mep collect-lmm-stats
configure lag eth-cfm mep collect-lmm-stats
Description
This command enables the collection of statistics on the facility MEPs. This command is an object under the Facility MEP. This is at a different level of the hierarchy than collection of lmm statistics for service SAPs and MPLS SDP Bindings. The show mep command can be used to determine is the Facility MEP is collecting stats.
The no form of this command disables and deletes the counters for this SAP, Binding or facility.
Default
no collect-lmm-stats
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
collect-lmm-stats
Syntax
[no] collect-lmm-stats
Context
[Tree] (config>service>vpls>spoke-sdp>eth-cfm collect-lmm-stats)
[Tree] (config>service>ipipe>sap>eth-cfm collect-lmm-stats)
[Tree] (config>service>epipe>sap>eth-cfm collect-lmm-stats)
[Tree] (config>service>vpls>sap>eth-cfm collect-lmm-stats)
[Tree] (config>service>vpls>mesh-sdp>eth-cfm collect-lmm-stats)
[Tree] (config>service>epipe>spoke-sdp>eth-cfm collect-lmm-stats)
Full Context
configure service vpls spoke-sdp eth-cfm collect-lmm-stats
configure service ipipe sap eth-cfm collect-lmm-stats
configure service epipe sap eth-cfm collect-lmm-stats
configure service vpls sap eth-cfm collect-lmm-stats
configure service vpls mesh-sdp eth-cfm collect-lmm-stats
configure service epipe spoke-sdp eth-cfm collect-lmm-stats
Description
This command enables the collection of statistics on the SAP or MPLS SDP binding on which the ETH- LMM test is configured. The collection of LMM statistics must be enabled if a MEP is launching or responding to ETH-LMM packets. If LMM statistics collection is not enabled, the counters in the LMM and LMR PDU do not represent accurate measurements and all measurements should be ignored. The show sap-using eth-cfm collect-lmm-stats command and the show sdp-using eth-cfm collect-lmm-stats command can be used to display entities that are collecting stats.
The no form of this command disables and deletes the counters for this SAP or MPLS SDP binding.
Default
no collect-lmm-stats
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
collect-lmm-stats
Syntax
[no] collect-lmm-stats
Context
[Tree] (config>service>ies>if>sap>eth-cfm collect-lmm-stats)
[Tree] (config>service>ies>if>spoke-sdp>eth-cfm collect-lmm-stats)
[Tree] (config>service>ies>sub-if>grp-if>sap>eth-cfm collect-lmm-stats)
Full Context
configure service ies interface sap eth-cfm collect-lmm-stats
configure service ies interface spoke-sdp eth-cfm collect-lmm-stats
configure service ies subscriber-interface group-interface sap eth-cfm collect-lmm-stats
Description
This command enables the collection of statistics on the SAP or MPLS SDP binding on which the ETH- LMM test is configured. The collection of LMM statistics must be enabled if a MEP is launching or responding to ETH-LMM packets. If LMM statistics collection is not enabled, the counters in the LMM and LMR PDU do not represent accurate measurements and all measurements should be ignored. The show sap-using eth-cfm collect-lmm-stats command and the show sdp-using eth-cfm collect-lmm-stats command can be used to display which entities are collecting stats.
The no form of this command disables and deletes the counters for this SAP or MPLS SDP binding.
Default
no collect-lmm-stats
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
- configure service ies interface sap eth-cfm collect-lmm-stats
- configure service ies interface spoke-sdp eth-cfm collect-lmm-stats
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s
- configure service ies subscriber-interface group-interface sap eth-cfm collect-lmm-stats
collect-lmm-stats
Syntax
collect-lmm-stats
no collect-lmm-stats
Context
[Tree] (config>service>vprn>if>spoke-sdp>eth-cfm collect-lmm-stats)
[Tree] (config>service>vprn>if>sap>eth-cfm collect-lmm-stats)
[Tree] (config>service>vprn>sub-if>grp-if>sap>eth-cfm collect-lmm-stats)
Full Context
configure service vprn interface spoke-sdp eth-cfm collect-lmm-stats
configure service vprn interface sap eth-cfm collect-lmm-stats
configure service vprn subscriber-interface group-interface sap eth-cfm collect-lmm-stats
Description
This command enables the collection of statistics on the SAP or MPLS SDP binding on which the ETH- LMM test is configured. The collection of LMM statistics must be enabled if a MEP is launching or responding to ETH-LMM packets. If LMM statistics collection is not enabled, the counters in the LMM and LMR PDU do not represent accurate measurements and all measurements should be ignored. The show>service>sap-using>eth-cfm>collect-lmm-stats command and the show>service>sdp-using>eth-cfm>collect-lmm-stats command can be used to display which entities are collecting stats.
The no form of this command disables and deletes the counters for this SAP or MPLS SDP binding.
Default
no collect-lmm-stats
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
- configure service vprn interface spoke-sdp eth-cfm collect-lmm-stats
- configure service vprn interface sap eth-cfm collect-lmm-stats
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s
- configure service vprn subscriber-interface group-interface sap eth-cfm collect-lmm-stats
collect-stats
collect-stats
Syntax
[no] collect-stats
Context
[Tree] (config>subscr-mgmt>sub-prof collect-stats)
Full Context
configure subscriber-mgmt sub-profile collect-stats
Description
When enabled, the agent collects non-RADIUS accounting statistics.
When the no collect-stats command is issued the statistics are still accumulated by the IOM cards. However, the CPU will not obtain the results and write them to the billing file. If a subsequent collect-stats command is issued then the counters written to the billing file include all the traffic while the no collect-stats command was in effect.
Default
collect-stats
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
collect-stats
Syntax
[no] collect-stats
Context
[Tree] (config>service>ies>sub-if>grp-if>sap collect-stats)
[Tree] (config>service>vprn>sub-if>grp-if>sap collect-stats)
Full Context
configure service ies subscriber-interface group-interface sap collect-stats
configure service vprn subscriber-interface group-interface sap collect-stats
Description
When enabled, the agent collects non-RADIUS accounting statistics on a subscriber profile.
When the no collect-stats command is issued the statistics are still accumulated by the IOM cards. However, the CPU does not obtain the results and write them to the billing file. If a subsequent collect-stats command is issued then the counters written to the billing file include all the traffic.
Default
collect-stats
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
collect-stats
Syntax
[no] collect-stats
Context
[Tree] (config>service>vpls>mesh-sdp collect-stats)
[Tree] (config>service>vpls>spoke-sdp collect-stats)
[Tree] (config>service>ies>if>sap collect-stats)
[Tree] (config>service>vpls>sap collect-stats)
Full Context
configure service vpls mesh-sdp collect-stats
configure service vpls spoke-sdp collect-stats
configure service ies interface sap collect-stats
configure service vpls sap collect-stats
Description
This command enables accounting and statistical data collection for either the SAP or SDP, network port, or IP interface. When applying accounting policies the data, by default, is collected in the appropriate records and written to the designated billing file.
When the no collect-stats command is issued the statistics are still accumulated by the IOM cards. However, the CPU does not obtain the results and write them to the billing file. If a subsequent collect-stats command is issued then the counters written to the billing file include all the traffic while the no collect-stats command was in effect.
Default
collect-stats
Platforms
All
collect-stats
Syntax
[no] collect-stats
Context
[Tree] (config>card>fp>ingress>network>queue-group collect-stats)
[Tree] (config>card>fp>ingress>access>queue-group collect-stats)
Full Context
configure card fp ingress network queue-group collect-stats
configure card fp ingress access queue-group collect-stats
Description
This command enables the collection of accounting and statistical data for the queue group on the forwarding plane. When applying accounting policies, the data, by default, is collected in the appropriate records and written to the designated billing file.
When the no collect-stats command is issued, the statistics are still accumulated, however, the CPU does not obtain the results and write them to the billing file. If the collect-stats command is issued again (enabled), then the counters written to the billing file will include the traffic collected while the no collect-stats command was in effect.
Default
no collect-stats
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
collect-stats
Syntax
[no] collect-stats
Context
[Tree] (config>port>ethernet>access>ing>qgrp collect-stats)
[Tree] (config>port>ethernet>network>egr>qgrp collect-stats)
[Tree] (config>port>ethernet>network collect-stats)
[Tree] (config>port>ethernet collect-stats)
[Tree] (config>port>tdm>e1>channel-group>network collect-stats)
[Tree] (config>port>sonet-sdh>path>network collect-stats)
[Tree] (config>port>ethernet>access>egr>qgrp collect-stats)
[Tree] (config>port>tdm>ds1>channel-group>network collect-stats)
[Tree] (config>port>tdm>e3>network collect-stats)
[Tree] (config>port>tdm>ds3>network collect-stats)
Full Context
configure port ethernet access ingress queue-group collect-stats
configure port ethernet network egress queue-group collect-stats
configure port ethernet network collect-stats
configure port ethernet collect-stats
configure port tdm e1 channel-group network collect-stats
configure port sonet-sdh path network collect-stats
configure port ethernet access egress queue-group collect-stats
configure port tdm ds1 channel-group network collect-stats
configure port tdm e3 network collect-stats
configure port tdm ds3 network collect-stats
Description
This command enables the collection of accounting and statistical data for the network interface. When applying accounting policies, the data, by default, is collected in the appropriate records and written to the designated billing file.
When the no collect-stats command is issued, the statistics are still accumulated by the XCM/IOM cards, however, the CPU does not obtain the results and write them to the billing file. If the collect-stats command is issued again (enabled), then the counters written to the billing file will include the traffic collected while the no collect-stats command was in effect.
Default
no collect-stats
Platforms
All
- configure port ethernet access ingress queue-group collect-stats
- configure port ethernet network egress queue-group collect-stats
- configure port ethernet network collect-stats
- configure port ethernet access egress queue-group collect-stats
- configure port ethernet collect-stats
7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e
- configure port tdm ds1 channel-group network collect-stats
- configure port tdm ds3 network collect-stats
- configure port tdm e3 network collect-stats
- configure port tdm e1 channel-group network collect-stats
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
- configure port sonet-sdh path network collect-stats
collect-stats
Syntax
[no] collect-stats
Context
[Tree] (config>service>epipe>spoke-sdp collect-stats)
[Tree] (config>service>cpipe>sap collect-stats)
[Tree] (config>service>epipe>sap collect-stats)
[Tree] (config>service>ipipe>sap collect-stats)
Full Context
configure service epipe spoke-sdp collect-stats
configure service cpipe sap collect-stats
configure service epipe sap collect-stats
configure service ipipe sap collect-stats
Description
This command enables accounting and statistical data collection for either the SAP, network port, or IP interface. When applying accounting policies the data, by default, is collected in the appropriate records and written to the designated billing file.
When the no collect-stats command is issued the statistics are still accumulated by the cards. However, the CPU will not obtain the results and write them to the billing file. If a subsequent collect-stats command is issued, then the counters written to the billing file include all the traffic while the no collect-stats command was in effect.
Default
no collect-stats
Platforms
All
- configure service epipe sap collect-stats
- configure service epipe spoke-sdp collect-stats
- configure service ipipe sap collect-stats
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
- configure service cpipe sap collect-stats
collect-stats
Syntax
[no] collect-stats
Context
[Tree] (config>service>ies>if>spoke-sdp collect-stats)
Full Context
configure service ies interface spoke-sdp collect-stats
Description
This command enables statistics collection.
Platforms
All
collect-stats
Syntax
[no] collect-stats
Context
[Tree] (config>service>vprn>if>sap collect-stats)
[Tree] (config>service>vprn>if>spoke-sdp collect-stats)
Full Context
configure service vprn interface sap collect-stats
configure service vprn interface spoke-sdp collect-stats
Description
This command enables accounting and statistical data collection for either an interface SAP or interface SAP spoke SDP, or network port. When applying accounting policies the data, by default, is collected in the appropriate records and written to the designated billing file.
When the no collect-stats command is issued the statistics are still accumulated by the IOM cards. However, the CPU will not obtain the results and write them to the billing file. If a subsequent collect-stats command is issued then the counters written to the billing file include all the traffic while the no collect-stats command was in effect.
Default
no collect-stats
Platforms
All
collect-stats
Syntax
[no] collect-stats
Context
[Tree] (config>router>ldp>egr-stats>fec-pfx collect-stats)
Full Context
configure router ldp egress-statistics fec-prefix collect-stats
Description
This command enables accounting and statistical data collection. When applying accounting policies the data, by default, is collected in the appropriate records and written to the designated billing file.
When the no collect-stats command is issued the statistics are still accumulated by the forwarding engine. However, the CPU does not obtain the results and write them to the billing file. If a subsequent collect-stats command is issued, the counters written to the billing file include all the traffic while the no collect-stats command was in effect.
Default
collect-stats
Platforms
All
collect-stats
Syntax
[no] collect-stats
Context
[Tree] (config>router>mpls>ingr-stats>p2mp-template-lsp collect-stats)
[Tree] (config>router>mpls>lsp>egr-stats collect-stats)
[Tree] (config>router>mpls>ingr-stats>lsp collect-stats)
[Tree] (config>router>mpls>lsp-template>egr-stats collect-stats)
[Tree] (config>router>mpls>ingr-stats>p2p-template-lsp collect-stats)
[Tree] (config>router>mpls>lsp>ingr-stats collect-stats)
Full Context
configure router mpls ingress-statistics p2mp-template-lsp collect-stats
configure router mpls lsp egress-statistics collect-stats
configure router mpls ingress-statistics lsp collect-stats
configure router mpls lsp-template egress-statistics collect-stats
configure router mpls ingress-statistics p2p-template-lsp collect-stats
configure router mpls lsp ingress-statistics collect-stats
Description
This command enables accounting and statistical data collection. When applying accounting policies the data, by default, is collected in the appropriate records and written to the designated billing file.
The config>router>mpls>ingr-stats>p2mp-template-lsp>collect-stats command is supported on the 7750 SR, 7950 XRS, and with VPLS only on the 7450 ESS.
When the no collect-stats command is issued, the statistics are still accumulated by the forwarding engine. However, the CPU does not write the results to the billing file. If a subsequent collect-stats command is issued, the counters written to the billing file include all the traffic collected while the no collect-stats command was in effect.
Default
collect-stats
Platforms
All
- configure router mpls ingress-statistics p2p-template-lsp collect-stats
- configure router mpls lsp egress-statistics collect-stats
- configure router mpls ingress-statistics p2mp-template-lsp collect-stats
- configure router mpls lsp-template egress-statistics collect-stats
- configure router mpls ingress-statistics lsp collect-stats
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
- configure router mpls lsp ingress-statistics collect-stats
collect-stats
Syntax
[no] collect-stats
Context
[Tree] (config>app-assure>group>statistics>app-grp collect-stats)
[Tree] (config>app-assure>group>statistics>app collect-stats)
[Tree] (config>isa>aa-grp>statistics>perform collect-stats)
[Tree] (config>app-assure>group>statistics>protocol collect-stats)
[Tree] (config>app-assure>group>statistics>aa-part collect-stats)
[Tree] (config>app-assure>group>statistics>aa-sub collect-stats)
[Tree] (config>app-assure>group>statistics>aa-admit-deny collect-stats)
[Tree] (config>app-assure>group>statistics>aa-sub-study collect-stats)
Full Context
configure application-assurance group statistics app-group collect-stats
configure application-assurance group statistics application collect-stats
configure isa application-assurance-group statistics performance collect-stats
configure application-assurance group statistics protocol collect-stats
configure application-assurance group statistics aa-partition collect-stats
configure application-assurance group statistics aa-sub collect-stats
configure application-assurance group statistics aa-admit-deny collect-stats
configure application-assurance group statistics aa-sub-study collect-stats
Description
This command enables statistic collection within the applicable context.
Default
no collect-stats
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
collect-stats
Syntax
[no] collect-stats
Context
[Tree] (config>service>sdp collect-stats)
[Tree] (config>service>pw-template collect-stats)
Full Context
configure service sdp collect-stats
configure service pw-template collect-stats
Description
This command enables accounting and statistical data collection for either the SDP. When applying accounting policies the data, by default, is collected in the appropriate records and written to the designated billing file.
When the no collect-stats command is issued the statistics are still accumulated by the IOM or XCM cards. However, the CPU will not obtain the results and write them to the billing file. If a subsequent collect-stats command is issued then the counters written to the billing file include all the traffic while the no collect-stats command was in effect.
Default
no collect-stats
Platforms
All
collect-stats
Syntax
[no] collect-stats
Context
[Tree] (conf>router>segment-routing>sr-policies>egress-stats collect-stats)
Full Context
configure router segment-routing sr-policies egress-statistics collect-stats
Description
This command enables statistics collection via the accounting policy.
The no form of this command disables the collection of statistics via the accounting policy.
Default
no collect-stats
Platforms
All
collection-interval
collection-interval
Syntax
collection-interval minutes
no collection-interval
Context
[Tree] (config>log>acct-policy collection-interval)
Full Context
configure log accounting-policy collection-interval
Description
This command configures the accounting collection interval.
Parameters
- minutes
-
Specifies the interval between collections, in minutes.
Platforms
All
collector
collector
Syntax
collector ip-address[:port] [ create]
no collector ip-address[:port]
Context
[Tree] (config>app-assure>group>cflowd collector)
Full Context
configure application-assurance group cflowd collector
Description
This command defines a flow data collector for cflowd data. The IP address of the flow collector must be specified. The UDP port number is an optional parameter. If it is not set, the default of 2055 is used.
Parameters
- ip-address
-
Specifies the IP address of the flow data collector in dotted decimal notation.
- port
-
Specifies the UDP port of flow data collector.
- create
-
Keyword used to create the flow data collector.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
collector
Syntax
collector router router-instance ip ip-address [create]
no collector router router-instance ip ip-address
Context
[Tree] (config>service>ipfix>export-policy collector)
Full Context
configure service ipfix ipfix-export-policy collector
Description
This command defines an external collector node that will collect IPFIX records sent by 7750 SR node. The IPFIX records will be streamed to the collector node using UDP transport. Traffic is originated from a random ephemeral UDP port to the destination port 4739. Up to two collector nodes can be defined for redundancy purposes.
UDP streams are stateless due to the significant volume of transactions. However they do contain 32bit sequence numbers such that packet loss can be identified.
Multiple IPFIX records are sent in a single UDP packet. UDP packet transmission is triggered when the packet size containing IPFIX records exceeds the configured MTU value or the internal timer which is set to 250ms, whichever occurs first.
Parameters
- router router-instance
-
Router instance from which the collector node is reachable.
- ip ip-address
-
IPv4 address of the external collector node to which IPFIX records will be sent.
- create
-
Keyword used to create the collector instance.
Platforms
All
collector
Syntax
collector router router-name ip ip-address [create]
collector service-name service-name ip ip-address [create]
no collector router router-name ip ip-address
no collector service-name service-name ip ip-address
Context
[Tree] (config>service>nat>syslog>syslog-export-policy collector)
Full Context
configure service nat syslog syslog-export-policy collector
Description
This command defines an external collector node that collects syslog records. The syslog records are streamed to the collector node using UDP transport. Traffic is originated from a random ephemeral UDP port to the destination port 514. Up to two collector nodes can be defined for redundancy purposes.
Stateless UDP streams are used as transport due to the significant volume of transactions. However, they do contain 32-bit sequence numbers so packet loss can be identified. The sequence numbers are generated per BB-ISA per collector, and within each stream they are monotonically increased by 1. Overlapping sequence numbers between BB-ISAs can be differentiated by the MDA ID field carried in the syslog message.
Multiple syslog records are sent in a single UDP packet. UDP packet transmission is triggered when the packet size containing syslog records exceeds the configured MTU value or the configurable timer, whichever occurs first.
The no form of the command removes the parameters from the configuration.
Parameters
- router-name
-
Specifies the router instances from which the collector node is reachable.
- ip-address
-
Specifies the IPv4 address of the external collector node to which the syslog records are sent.
- service-name
-
Specifies the service name from which the collector node is reachable.
- create
-
Keyword used to create the collector instance.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
collector
Syntax
collector ip-address[:port] [version version]
no collector ip-address[:port]
Context
[Tree] (config>cflowd collector)
Full Context
configure cflowd collector
Description
This command defines a flow data collector for cflowd data. The IP address and version of the flow collector must be specified. The UDP port number is an optional parameter. If it is not set, the default of 2055 is used for all collector versions. To connect to an IPFIX (version 10) collector using the IPFIX default port, specify port 4739 when defining the collector. A maximum of eight collectors can be configured.
The no form of this command removes the flow collector definition from the config and stops the export of data to the collector. The collector needs to be shut down to be deleted.
Parameters
- ip-address
-
Specifies the address of a remote cflowd collector host to receive the exported cflowd data.
- port
-
Specifies the UDP port number on the remote cflowd collector host to receive the exported cflowd data.
- version
-
Specifies the version of the flow data collector.
Platforms
All
collector
Syntax
collector collector-id [create]
no collector collector-id
Context
[Tree] (config>app-assure>group>cflowd>direct-export collector)
Full Context
configure application-assurance group cflowd direct-export collector
Description
This command configures the Cflowd direct export collector.
The system uses the collectors when the Cflowd admin state shuts down and then re-enabled (no shutdown state). The system re-assigns the collectors to the groups or AA-ISAs or when a Cflowd collector ID is created. The collector IDs are used when a new group is added later.
When a collector ID is removed, the groups (AA-ISAs) that are assigned to this collector are removed and assigned to another available collector. The affected ISAs reset their collector statistics as they change to the new collector.
In addition, a Cflowd collector assignment to a group or AA-ISA is done only in the following conditions:
-
the admin state is in a no shutdown state for the AA group or the AA group Cflowd
-
a collector is available under the AA group with at least one address in a no shutdown admin state
If an AA group or AA-ISA is assigned a collector, shutting down, or the group unassigns the group from the cflowd collector.
The no form of this command removes the collector ID from the configuration.
Parameters
- collector-id
-
Specifies the Cflowd direct export collector ID.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
color
color
Syntax
color color
no color
Context
[Tree] (conf>router>segment-routing>sr-policies>policy color)
Full Context
configure router segment-routing sr-policies static-policy color
Description
This command associates a color value with a statically defined segment routing policy. This is a mandatory parameter and configuration command to enable the segment routing policy; if the color parameter value is not configured, the execution of the no shutdown command on the static segment routing policy fails.
The no form of this command removes the color association.
Default
no color
Parameters
- color
-
Specifies the color ID.
Platforms
All
color
Syntax
color color-id
no color
Context
[Tree] (config>router>policy-options>policy-statement>entry>from color)
Full Context
configure router policy-options policy-statement entry from color
Description
This command configures an SR Policy color ID as a route policy match criterion.
This match criterion is only used in import policies.
The no form of this command removes the configuration.
Parameters
- color-id
-
Specifies the SR policy color ID.
Platforms
All
combined-max-sessions
combined-max-sessions
Syntax
combined-max-sessions number-of-sessions
no combined-max-sessions
Context
[Tree] (config>system>security>profile combined-max-sessions)
[Tree] (config>system>security>cli-session-group combined-max-sessions)
Full Context
configure system security profile combined-max-sessions
configure system security cli-session-group combined-max-sessions
Description
This command is used to limit the number of combined SSH/TELNET based sessions available to all users that are part of a specific profile, or to all users of all profiles that are part of the same cli-session-group.
The no form of this command disables the command and the profile or group limit is not applied to the number of combined sessions.
Default
no combined-max-sessions
Parameters
- number-of-sessions
-
Specifies the maximum number of allowed combined SSH/TELNET based sessions.
Platforms
All
command-accounting-during-load
command-accounting-during-load
Syntax
[no] command-accounting-during-load
Context
[Tree] (config>system>security>management-interface>md-cli command-accounting-during-load)
Full Context
configure system security management-interface md-cli command-accounting-during-load
Description
This command controls command accounting performed on the contents of a file loaded using the MD-CLI load or rollback command.
When enabled, all commands in the loaded file are logged, which may decrease the system response time with large files.
When disabled, command accounting is not performed during a load or rollback operation, which may increase the system response time by reducing the number of command accounting messages, especially when remote AAA servers are used.
The load or rollback command itself is always logged.
The no form of this command disables command accounting during a load or rollback operation.
Default
command-accounting-during-load
Platforms
All
command-completion
command-completion
Syntax
command-completion
Context
[Tree] (config>system>management-interface>cli>md-cli>environment command-completion)
Full Context
configure system management-interface cli md-cli environment command-completion
Description
This command configures keystrokes to trigger command completion.
Platforms
All
comment
comment
Syntax
comment comment-string
[no] comment
Context
[Tree] (config>app-assure>group>ip-id-asst>pdns>trst-srv comment)
Full Context
configure application-assurance group ip-identification-assist passive-dns trusted-server comment
Description
This command specifies a name or description to associate with the DNS server.
The no form of this command removes the name or description given to the DNS server.
Parameters
- comment-string
-
Specifies a name or description, up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
commit
commit
Syntax
commit
Context
[Tree] (config>app-assure>group>policy commit)
Full Context
configure application-assurance group policy commit
Description
This command commits changes made during the current editing session. None of the policy changes done will take effect until commit command is issued. If the changes can be successfully committed, no errors detected during the commit during cross-reference verification against exiting application assurance configuration, the editing session will also be closed.
The newly committed policy takes effect immediately for all new flows, existing flows will transition onto the new policy shortly after the commit.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
commit
Syntax
commit
Context
[Tree] (config>router>bfd commit)
Full Context
configure router bfd commit
Description
This command saves the changes made to a BFD template during an active session and makes the changes active.
Platforms
All
commit
Syntax
commit
Context
[Tree] (config>router>route-next-hop-policy commit)
Full Context
configure router route-next-hop-policy commit
Description
This command saves the changes made to route next-hop templates during an active session.
Default
commit
Platforms
All
commit
Syntax
commit [confirmed timeout] [comment comment]
commit no-checkpoint [confirmed timeout]
Context
[Tree] (candidate commit)
Full Context
candidate commit
Description
This command applies the changes in the candidate configuration to the active running configuration. The candidate changes will take operational effect.
If a commit operation is successful then all of the candidate changes will take operational effect and the candidate is cleared. If there is an error in the processing of the commit, or a 'commit confirmed’ is not confirmed and an auto-revert occurs, then the router will return to a configuration state with none of the candidate changes applied. The operator can then continue editing the candidate and try a commit later.
By default, the SR OS will automatically create a new rollback checkpoint after a commit operation. The rollback checkpoint will contain the new configuration changes made by the commit. An optional no-checkpoint keyword can be used to avoid the auto-creation of a rollback checkpoint after a commit.
A commit operation is blocked if a rollback revert is currently being processed.
Parameters
- confirmed
-
specifies that the commit operation (if successful) should be automatically reverted (undone) at the end of the timeout period unless the operator issues the confirm command before the timeout period expires. A rollback checkpoint is created after the commit operation (if successful) and will remain available whether the commit is auto-reverted or not. The contents of the candidate will remain visible (candidate view) and changes to the candidate are blocked until the timeout is completed or the candidate confirm command is executed. If the timeout expires and an auto-revert occurs, then the original candidate config will be available in edit-cfg mode.
Standard line-by-line non-transactional configuration commands (including via SNMP) are not blocked during the countdown period and any changes made to the configuration during the countdown period will be rolled back if the timeout expires. The confirmed option is useful when changes are being made that could impact management reachability to the router.
A rollback revert is blocked during the countdown period until the commit has been confirmed.
- timeout
-
Specifies the auto-revert timeout period, in minutes.
- no-checkpoint
-
Specifies to avoid the automatic creation of a rollback checkpoint for a successful commit.
- comment comment
-
Adds a comment up to 255 characters to the automatic rollback checkpoint.
Platforms
All
commit
Syntax
commit
Context
[Tree] (config>system>sync-if-timing commit)
Full Context
configure system sync-if-timing commit
Description
This command saves changes made to the system synchronous interface timing configuration.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
commit
Syntax
commit
Context
[Tree] (config>router>policy-options commit)
Full Context
configure router policy-options commit
Description
This command is required to save changes made to a route policy.
Platforms
All
commit
Syntax
[no] commit
Context
[Tree] (configure>system>security>profile>netconf>base-op-authorization commit)
Full Context
configure system security profile netconf base-op-authorization commit
Description
This command enables the NETCONF commit operation.
The no form of this command disables the operation.
Default
no commit
The operation is enabled by default in the built-in system-generated administrative profile.
Platforms
All
common-name-list
common-name-list
Syntax
common-name-list name [create]
Context
[Tree] (config>system>security>pki common-name-list)
Full Context
configure system security pki common-name-list
Description
This command configures a list of common names (CNs) that will be used to authenticate X.509.3 certificates. If the CN field of the X.509.3 certificate matches any of the CNs in the list, then the certificate can be used.
Parameters
- name
-
Specifies the name of the CN list, up to 32 characters maximum.
Platforms
All
community
community
Syntax
community community-name [hash | hash2 | custom] [access-permissions] [ version SNMP-version] [src-access-list list-name]
no community community-name [hash | hash2 | custom]
Context
[Tree] (config>service>vprn>snmp community)
Full Context
configure service vprn snmp community
Description
This command sets the SNMP community name(s) to be used with the associated VPRN instance. These VPRN community names are used to associate SNMP v1/v2c requests with a particular vprn context and to return a reply that contains VPRN-specific data or limit SNMP access to data in a specific VPRN instance.
VPRN snmp communities configured with an access permission of 'r' are automatically associated with the default access group "snmp-vprn-ro” and the "vprn-view” view (read only). VPRN snmp communities configured with an access permission of 'rw' are automatically associated with the default access group "snmp-vprn” and the "vprn-view” view (read/write).
The community in an SNMP v1/v2 request determines the SNMP context (i.e., the vprn# for accessing SNMP tables) and not the VPRN of the incoming interface on which the request was received. When an SNMP request arrives on VPRN 5 interface "ringo” with a destination IP address equal to the "ringo” interface, but the community in the SNMP request is the community configured against VPRN 101, then the SNMP request will be processed using the VPRN 101 context. (the response will contain information about VPRN 101). It is recommended to avoid using a simple series of vprn snmp-community values that are similar to each other (for example, avoid my-vprncomm-1, my-vprn-comm-2, etc).
The no form of this command removes the SNMP community name from the given VPRN context.
Parameters
- community-name
-
Specifies the SNMP v1/v2c community name. This is a secret/confidential key used to access SNMP and specify a context (base vs vprn1 vs vprn2).
- hash
-
Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
- hash2
-
Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
- custom
-
Specifies the custom encryption to management interface.
- version SNMP-version
-
Specifies the SNMP version.
- access-permissions
-
Specifies the access rights to MIB objects.
- list-name
-
Configures the community to reference a specific src-access-list (created under configure system security snmp), which will be used to validate the source IP address of all received SNMP requests that use this community. Multiple community (vprn or base router) and usm-community instances can reference the same src-access-list.
Platforms
All
community
Syntax
community comm-id [comm-id]
no community [comm-id [comm-id]]
Context
[Tree] (config>service>vprn>static-route-entry community)
Full Context
configure service vprn static-route-entry community
Description
This command associates a list of up to 12 BGP communities (any mix of standard, extended, and large communities) with the static route. These communities can be matched in route policies and are automatically added to BGP routes that are created from the static route.
The communities specified at this level of the static route causes communities configured under the next-hop, black-hole, and indirect contexts of the static route to be ignored.
The no form of this command removes the association.
Default
no community
Parameters
- comm-id
-
Specifies a BGP community value, up to 72 characters.
Platforms
All
community
Syntax
community comm-id
no community [comm-id]
Context
[Tree] (config>service>vprn>static-route-entry>next-hop community)
[Tree] (config>service>vprn>static-route-entry>indirect community)
[Tree] (config>service>vprn>static-route-entry>black-hole community)
Full Context
configure service vprn static-route-entry next-hop community
configure service vprn static-route-entry indirect community
configure service vprn static-route-entry black-hole community
Description
This command associates one BGP community (standard, extended or large) with a next-hop of the static route. This community can be matched in route policies and automatically added to BGP routes that are created from the static route.
Any community specified in one of these contexts is overridden by any communities specified at the prefix level of the static route entry.
The no form of this command removes the association.
Default
no community
Parameters
- comm-id
-
Specifies a BGP community value, up to 72 characters.
Platforms
All
community
Syntax
community comm-id
no community [comm-id]
Context
[Tree] (config>service>vprn>static-route-entry>ipsec-tunnel community)
Full Context
configure service vprn static-route-entry ipsec-tunnel community
Description
This configuration option associates a BGP community with the static route. The community can be matched in route policies and is automatically added to BGP routes exported from the static route.
The no form of this command removes the community association.
Default
no community
Parameters
- comm-id
-
Specifies community IDs, up to 72 characters.
Platforms
All
community
Syntax
community community-name
no community
Context
[Tree] (config>router>ldp>targeted-session>peer-template community)
[Tree] (config>router>ldp>session-params>peer community)
Full Context
configure router ldp targeted-session peer-template community
configure router ldp session-parameters peer community
Description
This command configures a community name associated with a targeted session to a specified peer. The community is a local configuration for a targeted session. FECs received over a session of a given community are taken to belong to that community, and are redistributed over sessions of the same community.
The SR OS router uses the following rules for community:
-
If both the session parameters for a specified peer and targeted peer template that is applied to session have the default configuration then no community applies.
-
If the session parameters for a peer have the default configuration, but targeted session peer template has an explicit configuration for community, then the targeted peer template configuration will be used.
-
If the session parameters have an explicit configuration for community, and the targeted session peer template has the default configuration, then the session parameter configuration applies.
-
If both session parameters and targeted peer template have an explicit configuration for community, then the session parameter configuration is used.
The no form of this command removes the community from the session to the peer. FEC subsequently received over the session are treated as having no community.
Default
no community
Parameters
- community-name
-
Specifies the string defining the LDP community assigned to the session. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters excluding double quotes. If the string contains spaces, use double quotes to delimit the start and end of the string.
Platforms
All
community
Syntax
community comm-id
no community [comm-id]
Context
[Tree] (config>router>static-route-entry>indirect community)
[Tree] (config>router>static-route-entry>black-hole community)
[Tree] (config>router>static-route-entry>next-hop community)
Full Context
configure router static-route-entry indirect community
configure router static-route-entry black-hole community
configure router static-route-entry next-hop community
Description
This command associates one BGP community (standard, extended or large) with a next-hop of the static route. This community can be matched in route policies and automatically added to BGP routes that are created from the static route.
Any community specified in one of these contexts is overridden by any communities specified at the prefix level of the static route entry.
The no form of this command removes the association.
Default
no community
Parameters
- comm-id
-
Specifies a BGP community value, up to 72 characters.
Platforms
All
community
Syntax
community comm-id [comm-id]
no community [comm-id [comm-id]]
Context
[Tree] (config>router>static-route-entry community)
Full Context
configure router static-route-entry community
Description
This command associates a list of up to 12 BGP communities (any mix of standard, extended, and large communities) with the static route. These communities can be matched in route policies and are automatically added to BGP routes that are created from the static route.
The communities specified at this level of the static route causes communities configured under the next-hop, black-hole and indirect contexts of the static route to be ignored.
The no form of this command removes the association.
Default
no community
Parameters
- comm-id
-
Specifies a BGP community value, up to 72 characters.
Platforms
All
community
Syntax
community community-string [hash | hash2 | custom] access-permissions [version SNMP-version] [src-access-list list-name]
no community community-string [hash | hash2 | custom]
Context
[Tree] (config>system>security>snmp community)
Full Context
configure system security snmp community
Description
This command creates SNMP community strings for SNMPv1 and SNMPv2c access. This command is used in combination with the predefined access groups and views. To create custom access groups and views and associate them with SNMPv1 or SNMPv2c access use the usm-community command.
When configured, community implies a security model for SNMPv1 and SNMPv2c only.
For SNMPv3 security, the access group command must be configured.
The no form of the command removes the specified community string.
Parameters
- community-string
-
Configures the SNMPv1 and/or SNMPv2c community string.
- hash
-
Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
- hash2
-
Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
- custom
-
Specifies the custom encryption to management interface.
- access-permissions
-
Configures the access permissions for objects in the MIB.
r — Grants only read access to objects in the MIB, except security objects, using the internal "snmp-ro" access group and the "no-security" snmp view.
rw — Grants read and write access to all objects in the MIB, using the internal "snmp-rw" access group and the "no-security" snmp view.
rwa — Grants read and write access to all objects in the MIB, including security, using the internal snmp-rwa access group and the iso snmp view.
mgmt — Assigns a unique SNMP community string for SNMP access via the management router instance. This community uses the internal snmp-mgmt access group and the mgmt snmp view.
vpls-mgmt — Assigns a unique SNMP community string for SNMP access via the vpls-management router instance. This community uses the internal snmp-vpls-mgmt access group and mgmt-view snmp view.
- version {v1 | v2c | both}
-
Configures the scope of the community string to be for SNMPv1, SNMPv2c, or both SNMPv1 and SNMPv2c access.
- list-name
-
Configures the community to reference a specific src-access-list, which will be used to validate the source IP address of all received SNMP requests that use this community. Multiple community, usm-community, or VPRN SNMP community instances can reference the same src-access-list.
Platforms
All
community
Syntax
[no] community name
Context
[Tree] (config>router>policy-options community)
Full Context
configure router policy-options community
Description
This command creates a route policy community list or expression to use in route policy entries. A community list is an unordered set of community values (members). In general a route matches a community list if it has any of the member values. A community expression is a set of community values that are arranged in a logical expression using operators such as AND, OR, and NOT. A route matches a community expression if it satisfies the logic of the expression.
For additional information, see the expression and members commands in the config> router>policy-options>community context.
The no form of this command deletes the community list or the provided community ID.
Default
no community
Parameters
- name
-
Specifies the community list name. Allowed values are any string up to 64 characters, composed of printable, 7-bit ASCII characters. If the string contains special characters (for example, #, $, spaces), the entire string must be enclosed within double quotes.
Platforms
All
community
Syntax
community add name [name]
community remove name [name]
community replace name [name]
no community
Context
[Tree] (config>router>policy-options>policy-statement>default-action community)
[Tree] (config>router>policy-options>policy-statement>entry>action community)
Full Context
configure router policy-options policy-statement default-action community
configure router policy-options policy-statement entry action community
Description
This command adds or removes a BGP community list to or from routes matching the route policy statement entry.
If no community list is specified, the community path attribute is not changed.
The community list changes the community path attribute according to the add and remove keywords.
The no form of this command disables the action to edit the community path attribute for the route policy entry.
Default
no community
Parameters
- name
-
Specifies up to 28 names.
- add
-
The specified community list is added to any existing list of communities.
- remove
-
The specified community list is removed from the existing list of communities.
- replace
-
The specified community list replaces any existing community attribute. name — The community list name. Allowed values are any string up to 64 characters, composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes. Policy parameters must be enclosed by at-signs (@) and may be midstring; for example, "@variable@," "start@variable@end"," @variable@end", or "start@variable@".
Platforms
All
community
Syntax
community comm-name
community expression expression
no community
Context
[Tree] (config>router>policy-options>policy-statement>entry>from community)
Full Context
configure router policy-options policy-statement entry from community
Description
This command configures a community list as a match criterion for the route policy entry.
If no community list is specified, any community is considered a match.
The no form of this command removes the community list match criterion.
Default
no community
Parameters
- comm-name
-
Specifies the community list name. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.
- expression
-
Specifies that the parameters are applied to routes matching the entry.
Platforms
All
community-count
community-count
Syntax
community-count count [equal | or-higher | or-lower] [standard | extended | large]
no community-count
Context
[Tree] (config>router>policy-options>policy-statement>entry>from community-count)
Full Context
configure router policy-options policy-statement entry from community-count
Description
This command matches BGP routes based on community length (that is, the number of community members in the COMMUNITY, EXTENDED_COMMUNITY, or LARGE_COMMUNITY the attributes).
If no comparison qualifiers are present (equal, or-higher, or-lower), then equal is the implied default.
Without the optional standard, extended, or large keyword, the community length applies to the total number of communities, of all types. If some keywords are present, then only the types specified are counted against the limit.
A non-BGP route does not match a policy entry if it contains the community-count command.
Default
no community-count
Parameters
- count
-
Specifies the number of community members.
- equal
-
Specifies that matched routes should have the same number of AS path elements as the value specified.
- or-higher
-
Specifies that matched routes should have the same or a greater number of community members as the value specified.
- or-lower
-
Specifies that matched routes should have the same or a lower number of community members as the value specified.
- standard
-
Specifies that only communities in the COMMUNITY attribute should be counted.
- extended
-
Specifies that only communities in the EXTENDED_COMMUNITY attribute should be counted.
- large
-
Specifies that only communities in the LARGE_COMMUNITY attribute should be counted.
Platforms
All
compare
compare
Syntax
compare source1 to source2
Context
[Tree] (admin compare)
Full Context
admin compare
Description
This command displays the differences between rollback checkpoints and the active operational configuration, with source1 as the base/first file to which source2 is compared.
A compare operation does not check authorization of each line of output. Permission to execute the compare operation from the admin branch of CLI (authorization for the admin rollback compare or admin compare command itself) should only be given to users who are allowed to view the entire configuration, similar to permissions for admin display-config.
Default
The defaults for source1 and source2 are context aware and differ based on the branch in which the command is executed. In general, the default for source1 matches the context from which the command is issued.
-
In the admin node: No defaults. source1 and source2 must be specified.
-
In the admin>rollback node:
source1 default = active-cfg, source2 default = latest-rb
compare: equivalent to "compare active-cfg to latest-rb”
compare to source2: equivalent to "compare active-cfg to source2”
-
In a config>xx node:
compare to source2: equivalent to "compare active-cfg to source2”
Parameters
- source1, source2
-
Specifies comparison information.
Platforms
All
compare
Syntax
compare [to checkpoint2]
compare checkpoint1 to checkpoint2
Context
[Tree] (admin>rollback compare)
Full Context
admin rollback compare
Description
This command can be used in any branch under configure, but not with configure itself. The command syntax, parameter names, and default values are context aware and will differ based on the branch in which the command is executed.
This command displays the differences between rollback checkpoints and the active operational configuration, with checkpoint1 as the base/first file to which checkpoint2 is compared. This command displays the comparison for the configuration context where it is entered and all branches below that context level.
A compare operation does not check authorization of each line of output. Permission to execute the compare operation from the admin branch of CLI (authorization for the admin rollback compare or admin compare command itself) should only be given to users who are allowed to view the entire configuration, similar to permissions for admin display-config.
Default
The defaults for checkpoint1 and checkpoint2 are context-aware and differ based on the branch in which the command is executed. In general, the default for checkpoint1 matches the context from which the command is issued.
-
In the admin node: No defaults. checkpoint1 and checkpoint2 must be specified.
-
In the admin>rollback node:
checkpoint1 default = active-cfg, checkpoint2 default = latest-rb
compare: equivalent to "compare active-cfg to latest-rb”
compare to checkpoint2: equivalent to "compare active-cfg to checkpoint2”
-
In a config>xx node:
compare to checkpoint2: equivalent to "compare active-cfg to checkpoint2”
Parameters
- checkpoint1, checkpoint2
-
Specifies comparison information.
Platforms
All
compare-chain-include
compare-chain-include
Syntax
compare-chain-include ca-profile-name
no compare-chain-include
Context
[Tree] (config>ipsec>cert-profile>entry compare-chain-include)
Full Context
configure ipsec cert-profile entry compare-chain-include
Description
This command configures the Certificate Authority (CA) profile that needs to be included in the compare-chain for the entry. This configuration is required in instances where there are multiple overlapping compare-chains, for example, the configured root CA is cross-signed by another CA.
Default
no compare-chain-include
Parameters
- ca-profile-name
-
Specifies the name of the CA profile.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
compare-origin-validation-state
compare-origin-validation-state
Syntax
[no] compare-origin-validation-state
Context
[Tree] (config>service>vprn>bgp>best-path-selection compare-origin-validation-state)
Full Context
configure service vprn bgp best-path-selection compare-origin-validation-state
Description
This command enables the comparison of origin validation states during the BGP decision process. When this command is configured, a new step is inserted in the BGP decision process after the removal of invalid routes and before the comparison of Local Preference. This step compares the origin validation state so a BGP route with a "Valid” state is preferred over a BGP route with a "Not-Found” state. A BGP route with a "Not-Found” state is preferred over a BGP route with an "Invalid” state assuming that these routes are considered "usable”.
This comparison only applies to BGP routes learned from VPRN BGP peers. It does not apply to any comparison involving BGP-VPN routes that have been imported into the VPRN.
The no form of this command causes the new step to be skipped during the BGP decision process.
Default
no compare-origin-validation-state
Platforms
All
compare-origin-validation-state
Syntax
[no] compare-origin-validation-state
Context
[Tree] (config>router>bgp>best-path-selection compare-origin-validation-state)
Full Context
configure router bgp best-path-selection compare-origin-validation-state
Description
When this command is configured, a new step is inserted in the BGP decision process after removal of invalid routes and before the comparison of Local Preference. The new step compares the RPKI origin validation state so that a BGP route with a 'Valid’ state is preferred over a BGP route with a 'Not-Found’ state, and a BGP route with a 'Not-Found’ state is preferred over a BGP route with an 'Invalid’ state assuming that these routes are considered 'usable’.
The new step is skipped when no compare-origin-validation-state is configured.
Default
no compare-origin-validation-state
Platforms
All
compatibility
compatibility
Syntax
compatibility mode
Context
[Tree] (config>port>dwdm>coherent compatibility)
Full Context
configure port dwdm coherent compatibility
Description
This command configures the optical mode and rate of operation.
Parameters
- mode
-
Specifies the optical mode.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
compatible-rfc1583
compatible-rfc1583
Syntax
[no] compatible-rfc1583
Context
[Tree] (config>service>vprn>ospf compatible-rfc1583)
Full Context
configure service vprn ospf compatible-rfc1583
Description
This command enables OSPF summary and external route calculations in compliance with RFC 1583 and earlier RFCs.
RFC 1583 and earlier RFCs use a different method to calculate summary and external route costs. To avoid routing loops, all routers in an OSPF domain should perform the same calculation method.
Although it would be favorable to require all routers to run a more current compliance level, this command allows the router to use obsolete methods of calculation.
This command is not supported in OSPF3.
The no form of this command enables the post-RFC 1583 method of summary and external route calculation.
Default
compatible-rfc1583 — RFC 1583 compliance is enabled.
Platforms
All
compatible-rfc1583
Syntax
[no] compatible-rfc1583
Context
[Tree] (config>router>ospf compatible-rfc1583)
Full Context
configure router ospf compatible-rfc1583
Description
This command enables OSPF summary and external route calculations in compliance with RFC 1583 and earlier RFCs.
RFC 1583 and earlier RFCs use a different method to calculate summary and external route costs. To avoid routing loops, all routers in an OSPF domain should perform the same calculation method.
Although it would be favorable to require all routers to run a more current compliance level, this command allows the router to use obsolete methods of calculation.
The no form of this command enables the post-RFC 1583 method of summary and external route calculation.
Default
compatible-rfc1583
Platforms
All
compatible-version
compatible-version
Syntax
compatible-version version
no compatible-version
Context
[Tree] (config>eth-ring compatible-version)
Full Context
configure eth-ring compatible-version
Description
This command configures eth-ring compatibility version for the G.8032 state machine and messages. The default is version 2 and all router switches use this version. If there is a need to interwork with third party devices that only support version 1 this can be set to version 1.
The no form of this command set the compatibility version to 2.
Default
compatible-version 2
Parameters
- version
-
Specifies the version of the G.8032 state machine.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
complexity-rules
complexity-rules
Syntax
complexity-rules
Context
[Tree] (config>system>security>password complexity-rules)
Full Context
configure system security password complexity-rules
Description
This command defines a list of rules for configurable password options.
This command applies to local users.
Platforms
All
comprehensive
comprehensive
Syntax
comprehensive
Context
[Tree] (config>app-assure>group>cflowd comprehensive)
Full Context
configure application-assurance group cflowd comprehensive
Description
Commands in this context configure cflowd comprehensive statistics output parameters.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
conditional-expression
conditional-expression
Syntax
conditional-expression
Context
[Tree] (config>router>policy-options>policy-statement>entry conditional-expression)
Full Context
configure router policy-options policy-statement entry conditional-expression
Description
This command creates the context to configure a route existence expression.
Platforms
All
confederation
confederation
Syntax
confederation confed-as-num [members as-number [as-number]]
no confederation confed-as-num members as-number [as-number]
no confederation
Context
[Tree] (config>service>vprn confederation)
Full Context
configure service vprn confederation
Description
This command configures the VPRN BGP instance to participate in a BGP confederation. BGP confederations can be used to reduce the number of IBGP sessions required within an AS.
When a VPRN BGP instance is part of a confederation, it can form confederation-EBGP sessions with CE router peers in a different sub-autonomous systems of the same confederation as well as regular EBGP sessions with CE router peers outside the confederation. A VPRN BGP instance that is part of a confederation cannot import or export its routes to the base router instance (as VPN-IP routes).
The no form of this command deletes the specified member AS from the confederation. When members are not specified in the no statement, the entire list is removed and confederations is disabled. When the last member of the list is removed, confederations is disabled.
Default
no confederation
Parameters
- confed-as-num
-
The confederation AS number defined as a decimal value.
- members as-number
-
The AS number(s) that are members of the confederation, each expressed as a decimal integer. Configure up to 15 members per confed-as-num.
Platforms
All
confederation
Syntax
confederation confed-as-num [members as-number [as-number]]
no confederation confed-as-num members as-number [as-number]
no confederation
Context
[Tree] (config>router confederation)
Full Context
configure router confederation
Description
This command creates confederation autonomous systems within an AS.
This technique is used to reduce the number of IBGP sessions required within an AS. Route reflection is another technique that is commonly deployed to reduce the number of IBGP sessions.
The no form of this command deletes the specified member AS from the confederation.
When no members are specified in the no statement, the entire list is removed and confederation is disabled.
When the last member of the list is removed, confederation is disabled.
Default
no confederation - no confederations are defined.
Parameters
- confed-as-num
-
Specifies the confederation AS number expressed as a decimal integer.
- as-number
-
Specifies the AS number of members that are part of the confederation, expressed as a decimal integer. Up to 15 members per confed-as-num can be configured.
Platforms
All
confidence
confidence
Syntax
confidence eq equal-value
confidence gte greater-than-or-equal-value
confidence lt less-than-value
Context
[Tree] (config>app-assure>group>policy>charging-filter>entry>match>flow-attribute confidence)
[Tree] (config>app-assure>group>policy>aqp>entry>match>flow-attribute confidence)
Full Context
configure application-assurance group policy charging-filter entry match flow-attribute confidence
configure application-assurance group policy app-qos-policy entry match flow-attribute confidence
Description
This command configures the confidence level of the flow attribute for use as match criteria.
Parameters
- eq equal-value
-
Specifies that a successful match occurs when the flow attribute confidence level is equal to the specified value.
- gte greater-than-or-equal-value
-
Specifies that a successful match occurs when the flow attribute confidence level is greater than or equal to the specified value.
- lt less-than-value
-
Specifies that a successful match occurs when the flow attribute confidence level is less than the specified value.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
config-backup
config-backup
Syntax
config-backup count
no config-backup
Context
[Tree] (config>system config-backup)
Full Context
configure system config-backup
Description
This command configures the maximum number of backup versions maintained for configuration files and BOF.
For example, assume the config-backup count is set to 5 and the configuration file is called xyz.cfg. When the configuration is saved, the file xyz.cfg is saved with a 1 extension. Each configuration save increments the numeric extension until the maximum count is reached.
xyz.cfg xyz.cfg.1 xyz.cfg.2 xyz.cfg.3 xyz.cfg.4 xyz.cfg.5
Each classic CLI persistent index file is updated at the same time as the associated configuration file. When the index file is updated, then the save is performed to xyz.cfg and the index file is created as xyz.ndx. Synchronization between the active and standby CPM is performed for all configurations and their associated persistent index files.
The no form of the command returns the configuration to the default value.
Default
config-backup 50
Parameters
- count
-
Specifies the maximum number of backup revisions.
Platforms
All
configuration-mode
configuration-mode
Syntax
configuration-mode {classic | mixed | model-driven}
Context
[Tree] (config>system>management-interface configuration-mode)
Full Context
configure system management-interface configuration-mode
Description
This command controls which management interfaces are used for editing and changing the configuration of the router.
Any management interface can be used in any configuration mode (to gather state information or perform operations, for example), but only specific management interfaces (CLI, NETCONF, and so on) are allowed to edit the configuration of the router in different modes. For example, only classic CLI and SNMP can be used to edit the configuration when in classic mode.
Default
configuration-mode model-driven
Parameters
- classic
-
Enables editing of router configuration via classic CLI and SNMP management interfaces, but not using model-driven interfaces.
- model-driven
-
Enables editing of router configuration via model-driven management interfaces (NETCONF with 'Nokia' YANG models, MD-CLI or gRPC), but not using classic interfaces.
- mixed
-
Enables editing of router configuration using a mix of classic CLI and/or model-driven management interfaces (with some restrictions and limitations).
Platforms
All
configure
configure
Syntax
configure
Context
[Tree] (configure)
Full Context
configure
Description
Commands in this context edit the system configuration.
Platforms
All
confirm
confirm
Syntax
confirm
Context
[Tree] (candidate confirm)
Full Context
candidate confirm
Description
This command is used to stop an automatic reversion to the previous configuration after the candidate commit confirmed command was used. If the confirm command is not executed before the commit confirmed timeout period expires then the previous commit changes will be undone and the previous candidate configuration will be available for editing and a subsequent commit.
During the countdown the contents of the candidate will remain visible (candidate view) and changes to the candidate are blocked until the timeout is completed or the candidate confirm command is executed. Executing the confirm command clears the contents of the candidate and allows editing of the candidate.
Platforms
All
cong-priority-threshold
cong-priority-threshold
Syntax
cong-priority-threshold preference-level
no cong-priority-threshold
Context
[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle cong-priority-threshold)
Full Context
configure mcast-management multicast-info-policy bundle cong-priority-threshold
Description
This command defines the preference level threshold where records change from low congestion priority to high congestion priority. Congestion priority is used by the ingress multicast path queues to map packets entering the queue to either the low drop-tail or the MBS drop-tail threshold. If congestion occurs on the queue, the queue depth increases. As the queue depth increases beyond the low drop-tail, packets with low priority congestion priority are discarded. This leaves room in the queue for packets with high congestion priority until the queue reaches the MBS threshold.
The default congestion priority threshold is 4. This means that multicast channels with a preference level of 0 to 3 are treated as having low congestion priority and channels with preference level of 4 to 7 are treated as having a high congestion priority. The cong-priority-threshold command can be used to change the default threshold. Any multicast channel with a preference equal to or higher than the configured threshold is treated with high congestion priority.
The cong-priority-threshold value is also used by the multicast CAC manager to derive the class of a channel matched by the multicast information policy. Channels with a preference less than the configured threshold are treated as low class and channels with a preference equal to or greater than the threshold is treated as high class.
Changing the cong-priority-threshold value causes all channels congestion priority to be reevaluated. Both the ingress multicast path managers and multicast CAC managers must be updated.
The no form of this command restores the default congestion priority preference threshold value.
Default
cong-priority-threshold 4
Parameters
- preference-level
-
Specifies the cong-priority-threshold where records change from low congestion priority to high congestion priority.
Platforms
7450 ESS, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-7/12/12e, 7750 SR-s, 7950 XRS, VSR
congestion-override
congestion-override
Syntax
congestion-override
Context
[Tree] (config>app-assure>group>policer congestion-override)
Full Context
configure application-assurance group policer congestion-override
Description
Commands in this context configure per subscriber congestion bandwidth policer override rates.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
congestion-override-stage2
congestion-override-stage2
Syntax
congestion-override-stage2
Context
[Tree] (config>app-assure>group>policer congestion-override-stage2)
Full Context
configure application-assurance group policer congestion-override-stage2
Description
Commands in this context configure per-subscriber stage 2 congestion bandwidth policer override rates.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
congestion-threshold
congestion-threshold
Syntax
congestion-threshold percent
no congestion-threshold
Context
[Tree] (config>qos>hw-agg-shap-sched-plcy congestion-threshold)
Full Context
configure qos hw-agg-shaper-scheduler-policy congestion-threshold
Description
This command configures the congestion threshold for the hardware aggregate shaper scheduler policy, which, if exceeded, triggers the hardware aggregate scheduler algorithm.
Default
congestion-threshold 90
Parameters
- percent
-
Specifies the congestion threshold as a percentage of the scheduler rate.
Platforms
7750 SR-1, 7750 SR-s
connect-retry
connect-retry
Syntax
connect-retry seconds
no connect-retry
Context
[Tree] (config>subscr-mgmt>bgp-prng-plcy connect-retry)
Full Context
configure subscriber-mgmt bgp-peering-policy connect-retry
Description
This command configures the BGP connect retry timer value in seconds.
When this timer expires, BGP tries to reconnect to the configured peer.
The no form of this command used at the global level reverts to the default value.
Default
connect-retry 120
Parameters
- seconds
-
The BGP Connect Retry timer value in seconds, expressed as a decimal integer.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
connect-retry
Syntax
connect-retry seconds
no connect-retry
Context
[Tree] (config>service>vprn>bgp>group connect-retry)
[Tree] (config>service>vprn>bgp connect-retry)
[Tree] (config>service>vprn>bgp>group>neighbor connect-retry)
Full Context
configure service vprn bgp group connect-retry
configure service vprn bgp connect-retry
configure service vprn bgp group neighbor connect-retry
Description
This command configures the BGP connect retry timer value in seconds.
When this timer expires, BGP tries to reconnect to the configured peer. This configuration parameter can be set at three levels: global level (applies to all peers), peer-group level (applies to all peers in group) or neighbor level (only applies to specified peer). The most specific value is used.
The no form of this command used at the global level reverts to the default value.
The no form of this command used at the group level reverts to the value defined at the global level.
The no form of this command used at the neighbor level reverts to the value defined at the group level.
Default
120 seconds
Parameters
- seconds
-
Specifies the BGP connect retry timer value in seconds, expressed as a decimal integer.
Platforms
All
connect-retry
Syntax
connect-retry seconds
no connect-retry
Context
[Tree] (config>router>origin-validation>rpki-session connect-retry)
Full Context
configure router origin-validation rpki-session connect-retry
Description
This command configures the time in seconds to wait between one TCP connection attempt that fails and the next attempt. The default (with no connect-retry) is 120 seconds.
Default
no connect-retry
Parameters
- seconds
-
Specifies time in seconds.
Platforms
All
connect-retry
Syntax
connect-retry seconds
no connect-retry
Context
[Tree] (config>router>bgp>group connect-retry)
[Tree] (config>router>bgp connect-retry)
[Tree] (config>router>bgp>group>neighbor connect-retry)
Full Context
configure router bgp group connect-retry
configure router bgp connect-retry
configure router bgp group neighbor connect-retry
Description
This command configures the BGP connect retry timer value in seconds.
When this timer expires, BGP tries to reconnect to the configured peer. This configuration parameter can be set at three levels: global level (applies to all peers), peer-group level (applies to all peers in group) or neighbor level (only applies to specified peer). The most specific value is used.
The no form of this command used at the global level reverts to the default value.
The no form of this command used at the group level reverts to the value defined at the global level.
The no form of this command used at the neighbor level reverts to the value defined at the group level.
Default
connect-retry 120
Parameters
- seconds
-
The BGP Connect Retry timer value in seconds expressed as a decimal integer.
Platforms
All
connect-retry
Syntax
connect-retry seconds
no connect-retry
Context
[Tree] (config>bmp>station>connection connect-retry)
Full Context
configure bmp station connection connect-retry
Description
This command configures the BMP connect retry timer value. When this timer expires, BMP tries to reconnect to the configured monitoring station. This timer is applicable when the connection to the monitoring station is not yet established.
The no form of this command reverts to the default value.
Default
connect-retry 120
Parameters
- seconds
-
Specifies the BMP connect retry timer in seconds.
Platforms
All
connection
connection
Syntax
connection
Context
[Tree] (config>bmp>station connection)
Full Context
configure bmp station connection
Description
Commands in this context configure connection parameters for the BMP monitoring station.
Platforms
All
connection
Syntax
[no] connection ip-address
Context
[Tree] (debug>router>pcep>pcc connection)
Full Context
debug router pcep pcc connection
Description
This command debugs PCC connection events.
The no form of this command disables debugging.
Parameters
- ip-address
-
Specifies the IP address.
Platforms
All
connection
Syntax
[no] connection ip-address
Context
[Tree] (debug>router>pcep>pce connection)
Full Context
debug router pcep pce connection
Description
This command debugs PCE connection events.
The no form of this command disables debugging.
Parameters
- ip-address
-
Specifies the IP address.
Platforms
VSR-NRC
connection-profile-vlan
connection-profile-vlan
Syntax
connection-profile-vlan conn-prof-id [create]
no connection-profile-vlan conn-prof-id
Context
[Tree] (config connection-profile-vlan)
Full Context
configure connection-profile-vlan
Description
Commands in this context configure the VLAN ranges that will be associated with a service SAP.
Each connection-profile-vlan must be explicitly configured.
Parameters
- conn-prof-id
-
Specifies the connection-profile identifier. This value will be configured in the service along with the SAP when the user associates a VLAN bundle to a single SAP. For example, a SAP defined in a dot1q port 1/1/1 that matches all the VLANs defined in the connection-profile-vlan 1 will be created as 'sap 1/1/1:cp-1 create'.
Platforms
All
connection-timeout
connection-timeout
Syntax
connection-timeout seconds
no connection-timeout
Context
[Tree] (config>system>management-interface>remote-management connection-timeout)
Full Context
configure system management-interface remote-management connection-timeout
Description
This command configures the amount of time that all remote managers cannot be reached before they are considered to be down.
If this command is also configured for a specific manager in the config>system> management-interface>remote-management>manager context, that configuration takes precedence.
The no form of this command reverts to the default.
Default
connection-timeout 60
Parameters
- seconds
-
Specifies the connection timeout in seconds.
Platforms
All
connection-timeout
Syntax
connection-timeout seconds
no connection-timeout
Context
[Tree] (config>system>management-interface>remote-management>manager connection-timeout)
Full Context
configure system management-interface remote-management manager connection-timeout
Description
This command configures the amount of time that this remote manager cannot be reached before it is considered to be down.
This command takes precedence over the same command configured in the global context (config>system>management-interface>remote-management).
The no form of this command reverts to the default.
Default
connection-timeout 60
Parameters
- seconds
-
Specifies the connection timeout in seconds.
Platforms
All
connection-timer
connection-timer
Syntax
connection-timer seconds
no connection-timer
Context
[Tree] (config>aaa>diam>node>peer connection-timer)
[Tree] (config>aaa>diam>node connection-timer)
Full Context
configure aaa diameter node peer connection-timer
configure aaa diameter node connection-timer
Description
This command configures the Diameter node connection timer that defines the time the systems waits before attempting to reconnect to a peer after the connection was lost.
The no form of this command reverts to the default.
Default
connection-timer 30
Parameters
- seconds
-
Specifies the Diameter node connection timer.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
connectivity-association
connectivity-association
Syntax
connectivity-association ca-name [create]
no connectivity-association ca-name
Context
[Tree] (config>macsec connectivity-association)
Full Context
configure macsec connectivity-association
Description
This command configures a connectivity association. MACsec connectivity associations are applied to a port dot1x configuration to enable MACsec on that port.
The no form of this command removes the connectivity association.
Parameters
- ca-name
-
The name of the connectivity association, a string up to 32 characters long.
- create
-
Mandatory while creating an entry.
Platforms
All
connectivity-verification
connectivity-verification
Syntax
connectivity-verification [count nr-of-attempts] [timeout timeout-seconds] [retry-time retry-seconds]
no connectivity-verification
Context
[Tree] (config>subscr-mgmt>vrgw>brg>brg-profile connectivity-verification)
Full Context
configure subscriber-mgmt vrgw brg brg-profile connectivity-verification
Description
This command configures the BRG connectivity verification. The system uses ICMP Echo request messages for connectivity verification.
When the last host associated with a BRG is removed, a ping mechanism is used to verify if the BRG is still active. This command specifies the parameters used in this mechanism.
The no form of this command disables the BRG ping mechanism and removes the BRG without verification. Any configured hold time still applies.
Default
connectivity-verification count 3 timeout 30 retry-time 900
Parameters
- nr-of-attempts
-
Specifies the number of connectivity verification attempts this system makes before a BRG is considered down.
- timeout-seconds
-
Specifies the time, in seconds, after which an unanswered ping is considered failed.
- retry-seconds
-
Specifies the time, in seconds, that the system waits while it considers a BRG down before it starts a new connectivity verification cycle. If a ping succeeds, the mechanism will be retried after this time.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
connectivity-verify
connectivity-verify
Syntax
connectivity-verify
Context
[Tree] (config>redundancy>mc>peer>mcr>l3ring>node connectivity-verify)
[Tree] (config>redundancy>mc>peer>mcr>ring connectivity-verify)
Full Context
configure redundancy multi-chassis peer mc-ring l3-ring ring-node connectivity-verify
configure redundancy multi-chassis peer mc-ring ring ring-node connectivity-verify
Description
Commands in this context configure a node connectivity check.
Platforms
All
connector
connector
Syntax
connector
Context
[Tree] (config>port connector)
Full Context
configure port connector
Description
Commands in this context configure connector parameters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
consider-system-ip-in-gep
consider-system-ip-in-gep
Syntax
[no] consider-system-ip-in-gep
Context
[Tree] (config>router>ldp consider-system-ip-in-gep)
Full Context
configure router ldp consider-system-ip-in-gep
Description
When this command is enabled, the system interprets the presence or absence of the system IP and its associated action in the applied Global Export Policies in the same way as for other interfaces' IP addresses. In that case:
-
if the system IP is not present, its FEC will not be exported or it will be withdrawn if it has been exported
-
if the system IP is present with "accept", its FEC will be exported
-
if the system IP is present with "deny", its FEC will not be exported or it will be withdrawn if it had been exported
Enabling or disabling this command leads to the applied Global Export Policies being reevaluated.
The no form of this command causes the system to not interpret the presence or absence of the system IP in applied Global Export Policies, and the FEC for the system IP is exported (default behavior).
Default
no consider-system-ip-in-gep
Platforms
All
console
console
Syntax
console
Context
[Tree] (config>system>management-interface>cli>md-cli>environment console)
Full Context
configure system management-interface cli md-cli environment console
Description
Commands in this context configure console parameters.
Platforms
All
console
Syntax
console
Context
[Tree] (config>system>security>user-template console)
[Tree] (config>system>security>user console)
Full Context
configure system security user-template console
configure system security user console
Description
This command creates the context to configure user profile membership for the console (either Telnet or CPM serial port user).
Platforms
All
console-speed
console-speed
Syntax
console-speed baud-rate
no console-speed
Context
[Tree] (bof console-speed)
Full Context
bof console-speed
Description
This command configures the console port baud rate.
When this command is issued while editing the BOF file used for the most recent boot, both the BOF file and the active configuration are changed immediately.
The no form of this command reverts to the default value.
Default
console-speed 115200
Parameters
- baud-rate
-
Specifies the console port baud rate, expressed as a decimal integer.
Platforms
7450 ESS, 7750 SR-1, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e, 7750 SR-1s, 7750 SR-2s, 7750 SR-7s, 7750 SR-14s, 7950 XRS, VSR
constellation
constellation
Syntax
constellation gps [galileo]
Context
[Tree] (config>port>gnss constellation)
Full Context
configure port gnss constellation
Description
This command configures the GNSS systems used by the GNSS receiver on platforms containing one or more embedded GNSS receivers.
The GNSS receiver uses GPS by default. GPS must always be enabled when the GNSS receiver is used, and the GNSS receiver can be configured to use additional GNSS systems simultaneously.
Default
gps
Parameters
- gps
-
Enables the use of the American GPS GNSS system. This keyword is always required when using the GNSS receiver.
- galileo
-
Enables the use of the European Galileo GNSS system. This keyword is only supported on 7750 SR FP5 GNSS platforms.
Platforms
7750 SR-1-24D, 7750 SR-1-46S, 7750 SR-1-48D, 7750 SR-1-92S, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-1se, 7750 SR-2se
contact
contact
Syntax
contact contact-information
no contact contact-information
Context
[Tree] (config>service>cust contact)
Full Context
configure service customer contact
Description
This command configures contact information for a customer.
Include any customer-related contact information such as a technician’s name or account contract name.
The no form of this command removes the contact information from the customer ID.
Default
no contact
Parameters
- contact-information
-
Specifies customer contact information entered as an ASCII character string up to 80 characters in length. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes. Any printable, seven bit ASCII characters may be used within the string.
Platforms
All
contact
Syntax
contact contact-name
no contact
Context
[Tree] (config>system contact)
Full Context
configure system contact
Description
This command creates a text string that identifies the contact name for the device.
Only one contact can be configured, if multiple contacts are configured the last one entered will overwrite the previous entry.
The no form of the command reverts to default.
Default
no contact
Parameters
- contact-name
-
Specifies the contact name character string. The string can be up to 80 characters long. Any printable, seven-bit ASCII characters can be used within the string. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.
Platforms
All
context
context
Syntax
[no] context
Context
[Tree] (config>system>management-interface>cli>md-cli>environment>prompt context)
Full Context
configure system management-interface cli md-cli environment prompt context
Description
This command displays the current command context in the prompt.
The no form of this command suppresses the current command context in the prompt.
Default
context
Platforms
All
continuous
continuous
Syntax
[no] continuous
Context
[Tree] (config>saa>test continuous)
Full Context
configure saa test continuous
Description
This command specifies whether the SAA test is continuous. Once a test is configured as continuous, it cannot be started or stopped with the oam saa test-name {start | stop} command.
This option is not applicable to all SAA test types. Support is included for the following types:
-
cpe-ping
-
dns
-
eth-cfm-loopback
-
eth-cfm-two-way-delay
-
eth-cfm-two-way-slm
-
icmp-ping (not applicable to rapid type)
-
lsp-ping
-
mac-ping
-
sdp-ping
-
vccv-ping
-
vprn-ping
The no form of this command disables the continuous execution of the test.
Platforms
All
control
control
Syntax
control
Context
[Tree] (config>subscr-mgmt>sla-profile control)
Full Context
configure subscriber-mgmt sla-profile control
Description
This command specifies whether this SLA profile can be used by a session that is set up by a specific control plane.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
control
Syntax
control
Context
[Tree] (config>subscr-mgmt>sub-profile control)
Full Context
configure subscriber-mgmt sub-profile control
Description
Commands in this context configure the subscriber profile to be used by a session that is set up by a specific control plane.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
control-channel-status
control-channel-status
Syntax
[no] control-channel-status
Context
[Tree] (config>service>cpipe>spoke-sdp control-channel-status)
[Tree] (config>service>epipe>spoke-sdp control-channel-status)
[Tree] (config>service>vpls>spoke-sdp control-channel-status)
Full Context
configure service cpipe spoke-sdp control-channel-status
configure service epipe spoke-sdp control-channel-status
configure service vpls spoke-sdp control-channel-status
Description
This command enables the configuration of static pseudowire status signaling on a spoke SDP for which signaling for its SDP is set to OFF.
A control-channel-status no shutdown is allowed only if all of the following are true:
-
SDP signaling is off.
-
The control-word is enabled (the control-word is disabled by default)
-
The service type is Epipe, Apipe, VPLS, Cpipe, or IES/VPRN
-
Mate SDP signaling is off (in vc-switched services)
-
The pw-path-id is configured for this spoke SDP.
The no form of this command removes control channel status signaling from a spoke SDP. It can only be removed if control channel status is shut down.
Default
no control-channel-status
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
- configure service cpipe spoke-sdp control-channel-status
All
- configure service epipe spoke-sdp control-channel-status
- configure service vpls spoke-sdp control-channel-status
control-channel-status
Syntax
control-channel-status
Context
[Tree] (config>service>ies>if>spoke-sdp control-channel-status)
Full Context
configure service ies interface spoke-sdp control-channel-status
Description
This command enables the configuration of static pseudowire status signaling on a spoke-SDP for which signaling for its SDP is set to OFF.
A control-channel-status no shutdown is allowed only if all of the following are true:
-
SDP signaling is off.
-
The control-word is enabled (the control-word is disabled by default)
-
The service type is Epipe, Apipe, VPLS, Cpipe, or IES/VPRN
-
Mate SDP signaling is off (in vc-switched services)
-
The pw-path-id is configured for this spoke-SDP.
The no form of this command removes control channel status signaling from a spoke-SDP. It can only be removed if control channel status is shut down.
Default
no control-channel-status
Platforms
All
control-channel-status
Syntax
control-channel-status
Context
[Tree] (config>service>vprn>if>spoke-sdp control-channel-status)
[Tree] (config>service>vprn>red-if>spoke-sdp control-channel-status)
Full Context
configure service vprn interface spoke-sdp control-channel-status
configure service vprn redundant-interface spoke-sdp control-channel-status
Description
This command enables the configuration of static pseudowire status signaling on a spoke SDP for which signaling for its SDP is set to OFF.
A control-channel-status no shutdown is allowed only if all of the following are true:
-
SDP signaling is off.
-
The control-word is enabled (the control-word is disabled by default)
-
The service type is Epipe, Apipe, VPLS, Cpipe, or IES/VPRN
-
Mate SDP signaling is off (in vc-switched services)
-
The pw-path-id is configured for this spoke SDP.
The no form of this command removes control channel status signaling from a spoke SDP. It can only be removed if control channel status is shut down.
Default
no control-channel-status
Platforms
All
- configure service vprn interface spoke-sdp control-channel-status
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
- configure service vprn redundant-interface spoke-sdp control-channel-status
control-channel-status
Syntax
control-channel-status
Context
[Tree] (config>mirror>mirror-dest>remote-src>spoke-sdp control-channel-status)
[Tree] (config>mirror>mirror-dest>spoke-sdp control-channel-status)
Full Context
configure mirror mirror-dest remote-source spoke-sdp control-channel-status
configure mirror mirror-dest spoke-sdp control-channel-status
Description
Commands in this context configure static pseudowire status signaling on a spoke SDP for which signaling for its SDP is set to OFF. For more information about control channel status configuration for the spoke SDP, see the 7450 ESS, 7750 SR, 7950 XRS, and VSR Layer 2 Services and EVPN Guide: VLL, VPLS, PBB, and EVPN Services Guide.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
control-mep
control-mep
Syntax
[no] control-mep
Context
[Tree] (config>eth-tunnel>path>eth-cfm>mep control-mep)
Full Context
configure eth-tunnel path eth-cfm mep control-mep
Description
This command enables the Ethernet tunnel control on the MEP. The use of control-mep command is mandatory for an Ethernet tunnel. MEP detection of failure using CCM may be enabled or disabled independently of the control mep.
The no form of this command disables Ethernet ring control.
Default
no control-mep
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
control-mep
Syntax
[no] control-mep
Context
[Tree] (config>eth-ring>path>eth-cfm>mep control-mep)
Full Context
configure eth-ring path eth-cfm mep control-mep
Description
This command enables the Ethernet ring control on the MEP. The use of control-mep command is mandatory for a ring. MEP detection of failure using CCM may be enabled or disabled independently of the control mep.
The no form of this command disables Ethernet ring control.
Default
no control-mep
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
control-tag
control-tag
Syntax
control-tag qtag[.qtag]
no control-tag
Context
[Tree] (config>eth-tunnel>path control-tag)
Full Context
configure eth-tunnel path control-tag
Description
This command specifies the VLAN-ID to be used for Ethernet CFM and G.8031 control plane exchanges. If the operator wants to replace an existing control-tag, the parent path needs to be in shutdown state, then deleted and recreated before a new control-tag can be specified.
The no form of this command is used just to indicate that a control-tag is not configured. The procedure described above, based on 'no path’ command must be used to un-configure/change the control-tag assigned to the path.
Default
no control-tag
Parameters
- qtag[.qtag]
-
Specifies the value of the VLAN ID to be used for the control tag.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
control-word
control-word
Syntax
[no] control-word
Context
[Tree] (config>service>epipe>bgp-evpn>mpls control-word)
[Tree] (config>service>vpls>bgp-evpn>mpls control-word)
Full Context
configure service epipe bgp-evpn mpls control-word
configure service vpls bgp-evpn mpls control-word
Description
This command enables the transmission and reception of the control-word. As defined in RFC 7432, the use of the control-word helps avoid frame disordering.
It is enabled or disabled for all EVPN-MPLS destinations at the same time.
Default
no control-word
Platforms
All
control-word
Syntax
[no] control-word
Context
[Tree] (config>service>sdp>binding>pw-port control-word)
Full Context
configure service sdp binding pw-port control-word
Description
This command enables the setting of the control word bit in the label message. Control words are used to distinguish a PW payload (Ethernet) from an IP payload (identified by the first nibble past the bottom MPLS label, either 4 or 6) carried over an MPLS network.
Based on the payload type, the transit MPLS node can make an appropriate load balancing decision. Load balancing can rely on the MPLS labels, or rely on additional fields that are available only in IP header (source and destination IP addresses and ports).
The presence of a control word indicates that the header following the last MPLS label in the frame is not an IP header.
The no form of this command disables setting the control word bit in the label message.
Default
no control-word
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
control-word
Syntax
[no] control-word
Context
[Tree] (config>service>cpipe>spoke-sdp control-word)
[Tree] (config>service>ipipe>spoke-sdp control-word)
[Tree] (config>service>epipe>spoke-sdp control-word)
Full Context
configure service cpipe spoke-sdp control-word
configure service ipipe spoke-sdp control-word
configure service epipe spoke-sdp control-word
Description
The control word command provides the option to add a control word as part of the packet encapsulation for pseudowire types for which the control word is optional. These are Ethernet pseudowires (Epipe). For the 7750 SR only, ATM N:1 cell mode pseudowires (apipe vc-types atm-vcc and atm-vpc) and VT pseudowire (apipe vc-type atm-cell).
The configuration for the two directions of the pseudowire must match because the control word negotiation procedures described in Section 6.2 of RFC 4447 are not supported. The C-bit in the pseudowire FEC sent in the label mapping message is set to 1 when the control word is enabled. Otherwise, it is set to 0.
The service will only come up if the same C-bit value is signaled in both directions. If a spoke-sdp is configured to use the control word but the node receives a label mapping message with a C-bit clear, the node releases the label with the an "Illegal C-bit” status code as per Section 6.1 of RFC 4447. As soon as the user also enabled the control the remote peer, the remote peer will withdraw its original label and will send a label mapping with the C-bit set to 1 and the VLL service will be up in both nodes. The control word must be enabled to allow MPLS-TP OAM to be used on a static spoke-sdp in a Apipe, Epipe and Cpipe service.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
- configure service cpipe spoke-sdp control-word
All
- configure service epipe spoke-sdp control-word
- configure service ipipe spoke-sdp control-word
control-word
Syntax
[no] control-word
Context
[Tree] (config>service>vpls>spoke-sdp control-word)
Full Context
configure service vpls spoke-sdp control-word
Description
The control word command provides the option to add a control word as part of the packet encapsulation for pseudowire types for which the control word is optional. These are Ethernet pseudowires (Epipe). For the 7750 SR only, ATM N:1 cell mode pseudowires (apipe vc-types atm-vcc and atm-vpc) and VT pseudowire (apipe vc-type atm-cell).
The configuration for the two directions of the pseudowire must match because the control word negotiation procedures described in Section 6.2 of RFC 4447 are not supported. The C-bit in the pseudowire FEC sent in the label mapping message is set to 1 when the control word is enabled. Otherwise, it is set to 0.
The service will only come up if the same C-bit value is signaled in both directions. If a spoke-sdp is configured to use the control word but the node receives a label mapping message with a C-bit clear, the node releases the label with the an "Illegal C-bit” status code as per Section 6.1 of RFC 4447. As soon as the user also enabled the control the remote peer, the remote peer will withdraw its original label and will send a label mapping with the C-bit set to 1 and the VLL service will be up in both nodes. The control word must be enabled to allow MPLS-TP OAM to be used on a static spoke-sdp in a Apipe, Epipe and Cpipe service.
Platforms
All
control-word
Syntax
[no] control word
Context
[Tree] (config>service>vpls>mesh-sdp control-word)
[Tree] (config>service>vpls>spoke-sdp control-word)
Full Context
configure service vpls mesh-sdp control-word
configure service vpls spoke-sdp control-word
Description
This command enables the use of the control word on pseudowire packets in VPLS and enables the use of the control word individually on each mesh SDP or spoke-SDP. By default, the control word is disabled. When the control word is enabled, all VPLS packets, including the BPDU frames, are encapsulated with the control word when sent over the pseudowire. The T-LDP control plane behavior is the same as in the implementation of control word for VLL services. The configuration for the two directions of the Ethernet pseudowire should match. The no form of this command reverts the mesh SDP or spoke-SDP to the default behavior of not using the control word. The control word must be enabled to use MPLS-TP OAM on a static spoke-sdp terminating in a VPLS.
Default
no control word
Platforms
All
control-word
Syntax
[no] control-word
Context
[Tree] (config>service>ies>if>spoke-sdp control-word)
Full Context
configure service ies interface spoke-sdp control-word
Description
This command enables the PW control word on spoke-SDPs terminated on an IES or VPRN interface. The control word must be enabled to allow MPLS-TP OAM on the spoke-sdp
It is only valid for MPLS-TP spoke-SDPs when used with IES and VPRN services.
Default
no control-word
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
control-word
Syntax
[no] control-word
Context
[Tree] (config>service>vprn>red-if>spoke-sdp control-word)
[Tree] (config>service>vprn>if>spoke-sdp control-word)
Full Context
configure service vprn redundant-interface spoke-sdp control-word
configure service vprn interface spoke-sdp control-word
Description
This command enables the PW control word on spoke SDPs terminated on an IES or VPRN interface. The control word must be enabled to allow MPLS-TP OAM on the spoke SDP
It is only valid for MPLS-TP spoke SDPs when used with IES and VPRN services.
The no form of this command disables the control work on spoke SDPs.
Default
no control-word
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s
- configure service vprn redundant-interface spoke-sdp control-word
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
- configure service vprn interface spoke-sdp control-word
control-word
Syntax
[no] control-word
Context
[Tree] (config>mirror>mirror-dest>spoke-sdp control-word)
[Tree] (config>mirror>mirror-dest>remote-src>spoke-sdp control-word)
Full Context
configure mirror mirror-dest spoke-sdp control-word
configure mirror mirror-dest remote-source spoke-sdp control-word
Description
This command enables the PW control word on spoke SDPs that are part of a mirror-destination.
The control word must be enabled to allow MPLS-TP OAM on a spoke SDP.
It is only valid for spoke SDPs that are part of a mirror service of type ether.
The no form of this command disables the control word.
Platforms
All
- configure mirror mirror-dest spoke-sdp control-word
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
- configure mirror mirror-dest remote-source spoke-sdp control-word
control-word
Syntax
control-word
Context
[Tree] (config>test-oam>build-packet>header control-word)
Full Context
configure test-oam build-packet header control-word
Description
This command creates a control-word header for inclusion in a build packet instance.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
controlword
controlword
Syntax
[no] controlword
Context
[Tree] (config>service>pw-template controlword)
Full Context
configure service pw-template controlword
Description
This command enables the use of the control word on pseudowire packets in VPLS and VPWS and enables the use of the control word individually on each mesh-sdp or spoke-sdp. By default, the control word is disabled. When the control word is enabled, all VPLS/VPWS packets, including the BPDU frames, are encapsulated with the control word when sent over the pseudowire. The T-LDP control plane behavior is the same as in the implementation of control word for VLL services. The configuration for the two directions of the Ethernet pseudowire should match.
The no form of the command reverts the mesh SDP or spoke-sdp to the default behavior of not using the control word.
Default
no controlword
Platforms
All
convergence
convergence
Syntax
convergence
Context
[Tree] (config>service>vprn>bgp convergence)
Full Context
configure service vprn bgp convergence
Description
Commands in this context configure route convergence delay.
Platforms
All
convergence
Syntax
convergence
Context
[Tree] (config>router>bgp convergence)
Full Context
configure router bgp convergence
Description
Commands in this context configure route convergence delay.
Platforms
All
convert-file
convert-file
Syntax
convert-file filename to output-file-name format {secure | legacy} [force]
Context
[Tree] (admin>certificate convert-file)
Full Context
admin certificate convert-file
Description
This command converts imported certificates and keys in the cf3:/system-pki directory between secure and legacy format.
Parameters
- filename
-
Specifies an existing filename, up to 95 characters.
- output-file-name
-
Specifies the output file name, up to 95 characters. If the output filename already exists, and the force keyword is not selected, the system prompts to proceed or abort.
- format
-
Specifies the target format.
- force
-
Forces the conversion even if there is an existing file with the same output filename.
Platforms
All
cookie
cookie
Syntax
cookie [cookie1] [cookie2]
no cookie
Context
[Tree] (config>service>epipe>spoke-sdp>ingress>l2tpv3 cookie)
[Tree] (config>service>epipe>spoke-sdp>egress>l2tpv3 cookie)
Full Context
configure service epipe spoke-sdp ingress l2tpv3 cookie
configure service epipe spoke-sdp egress l2tpv3 cookie
Description
This command configures the RX/TX cookie for L2TPv3 spoke SDPs for Epipe services. The RX cookie must match the configured TX cookie on a far-end node, while the TX cookie must match the configured RX cookie on a far-end node. If a mismatch is detected between the configured (far-end binding cookie) to what is received by the local IP address of the SDP a flag is set and must be manually cleared by an operator.
The purpose of the cookie is to provide validation against misconfiguration of service endpoints, and to ensure that the right service egress is being used.
One egress cookie and up to two ingress cookies may be configured per spoke SDP binding. One or two cookies can be configured for matching ingress packets from the far-end node, in order to support cookie rollover without dropping packets. When a cookie is not configured, SR OS assumes a value of 00:00:00:00:00:00:00:00.
A cookie is not mandatory. An operator may delete an egress cookie or either or both ingress cookies.
Default
no cookie1 cookie2
Parameters
- cookie1
-
Specifies the first cookie, in the form of a 64-bit colon-separated hex value.
- cookie2
-
Specifies the second cookie, in the form of a 64-bit colon-separated hex value.
Platforms
All
cookie
Syntax
cookie cookie1-value [cookie2-value]
no cookie
Context
[Tree] (config>mirror>mirror-dest>remote-src>spoke-sdp>ingress>l2tpv3 cookie)
[Tree] (config>mirror>mirror-dest>spoke-sdp>egress>l2tpv3 cookie)
Full Context
configure mirror mirror-dest remote-source spoke-sdp ingress l2tpv3 cookie
configure mirror mirror-dest spoke-sdp egress l2tpv3 cookie
Description
This command configures the RX/TX cookie for L2TPv3 spoke SDPs for the mirror destination. The command can configure L2TPv3 a single cookie for the egress spoke SDP or one or two cookies for the remote source ingress spoke SDP.
The purpose of the cookie is to provide validation against misconfiguration of service endpoints, and to ensure that the right service egress is being used.
When a cookie is not configured, SR OS assumes a value of 00:00:00:00:00:00:00:00. A cookie is not mandatory. An operator may delete the egress cookie or either or both ingress cookies.
Parameters
- cookie1-value
-
Specifies a 64-bit colon separated hex value.
- cookie2-value
-
Specifies a second 64-bit colon separated hex value.
Platforms
All
cookie-length
cookie-length
Syntax
cookie-length {4 | 8 | default}
no cookie-length
Context
[Tree] (config>service>vprn>l2tp>l2tpv3 cookie-length)
[Tree] (config>service>vprn>l2tp>group>l2tpv3 cookie-length)
[Tree] (config>router>l2tp>l2tpv3 cookie-length)
Full Context
configure service vprn l2tp l2tpv3 cookie-length
configure service vprn l2tp group l2tpv3 cookie-length
configure router l2tp l2tpv3 cookie-length
Description
This command configures the length of the optional cookie field.
The no form of this command returns the cookie-length to a default of none.
Default
no cookie-length
Parameters
- 4
-
Specifies the cookie length as 4 bytes.
- 8
-
Specifies the cookie length as 8 bytes.
- default
-
When specified within the config>service>vprn>l2tp>group>l2tpv3 context, this is referencing to the cookie-length configuration within the config>service>vprn>l2tp>l2tpv3 context.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
cooling-profile
cooling-profile
Syntax
cooling-profile {default | aggressive}
no cooling-profile
Context
[Tree] (config system fan-control cooling-profile)
Full Context
configure system fan-control cooling-profile
Description
This command configures the cooling profile used to determine the fan speed.
Nokia recommends that the default setting be used unless aggressive cooling is explicitly required.
The no form of this command sets the cooling profile back to the default value.
Default
no cooling-profile
Parameters
- default
-
Specifies the fan speed operates at its default speed.
- aggressive
-
Sets the control point optics temperature to 65 C, which requires a higher fan speed.
Platforms
7750 SR-1-24D, 7750 SR-1-46S, 7750 SR-1-48D, 7750 SR-1-92S, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-1se
coordinates
coordinates
Syntax
coordinates coordinates
no coordinates
Context
[Tree] (config>system coordinates)
Full Context
configure system coordinates
Description
This command creates a text string that identifies the system coordinates for the device location. For example, the command coordinates "37.390 -122.0550" is read as latitude 37.390 north and longitude 122.0550 west.
Only one set of coordinates can be configured. If multiple coordinates are configured, the last one entered overwrites the previous entry.
The no form of the command reverts to the default value.
Parameters
- coordinates
-
Specifies the coordinates describing the device location character string. The string may be up to 80 characters long. Any printable, seven-bit ASCII characters can be used within the string. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes. If the coordinates are subsequently used by an algorithm that locates the exact position of this node then the string must match the requirements of the algorithm.
Platforms
All
copy
copy
Syntax
copy source-name to dest-name
Context
[Tree] (config>service>mrp copy)
Full Context
configure service mrp copy
Description
This command copies existing MRP policy list entries for a specific policy name to another policy name. The copy command is a configuration level maintenance tool used to create a new MRP policy using an existing MRP policy.
An error will occur if the destination policy name exists.
Parameters
- source-name
-
Identifies the source MRP policy from which the copy command will attempt to copy. The MRP policy with this name must exist for the command to be successful.
- dest-name
-
Identifies the destination MRP policy to which the copy command will attempt to copy. If the MRP policy with dest-name exist within the system an error message is generated.
Platforms
All
copy
Syntax
copy
Context
[Tree] (config>qos copy)
Full Context
configure qos copy
Description
Commands in this context copy existing QoS policy entries for a QoS policy-id to another QoS policy-id.
The copy command is a configuration-level maintenance tool used to create new policies using existing policies. It also allows bulk modifications to an existing policy with the use of the overwrite keyword.
Platforms
All
copy
Syntax
copy
Context
[Tree] (config>filter copy)
Full Context
configure filter copy
Description
This command copies existing filter list entries for a specific filter ID to another filter ID. The copy command is a configuration level maintenance tool used to create new filters using existing filters. It also allows bulk modifications to an existing policy with the use of the overwrite keyword. If overwrite is not specified, an error will occur if the destination policy ID exists.
Platforms
All
copy
Syntax
copy source-file-url dest-file-url [force] [no-redirect] [ client-tls-profile profile] [proxy proxy-url]
Context
[Tree] (file copy)
Full Context
file copy
Description
This command copies a file or all files in a directory from a source URL to a destination URL. At least one of the specified URLs should be a local URL. The optional wildcard (*) can be used to copy multiple files that share a common (partial) prefix and/or (partial) suffix.
When a file is copied to a destination with the same file name, the original file is overwritten by the new file specified in the operation. The following prompt appears if the destination file already exists:
"Overwrite destination file (y/n)?”
For example:
To copy a file named srcfile in a directory called test on cf2 in slot B to a file called destfile in a directory called production on cf1 in slot A, the syntax is:
sr1>file cf2:\ # copy cf2-B/test/srcfile cf1-A/production/destfile
To FTP a file named 121201.cfg in directory mydir stored on cf1 in slot A to a network FTP server with IP address 192.0.2.79 in a directory called backup with a destination file name of 121201.cfg, the FTP syntax is:
copy cf1-A/mydir/121201.cfg 192.0.2.79/backup/121201.cfg
Parameters
- source-file-url
-
Specifies the location of the source file or directory to be copied.
- dest-file-url
-
Specifies the destination of the copied file or directory.
- force
-
Specifies to force an immediate copy of the specified file(s). Executes the command without displaying a user prompt message. This command also automatically accepts HTTP redirects unless overridden by the no-redirect parameter.
- profile
-
Specifies the TLS client profile configured under config>system>security>tls>client-tls-profile to use.
- proxy-url
-
Specifies the URL of an HTTP proxy. For example, http://proxy.mydomain.com:8000. This URL must be an HTTP URL and not an HTTPS URL.
- no-redirect
-
Specifies to automatically refuse any HTTP redirects without prompting the user.
Platforms
All
copy
Syntax
copy [line]
Context
[Tree] (candidate copy)
Full Context
candidate copy
Description
This command copies the selected CLI node (which includes all sub-branches) into a temporary buffer that can be used for a subsequent insert. The contents of the temporary buffer are deleted when the operator exits the candidate edit mode.
Parameters
- line
-
Specifies which line to copy.
Platforms
All
copy
Syntax
copy {user source-user | profile source-profile} to destination [overwrite]
Context
[Tree] (config>system>security copy)
Full Context
configure system security copy
Description
This command copies a profile or user from a source profile to a destination profile.
Parameters
- source-profile
-
Specifies an existing profile to copy.
- dest-profile
-
Specifies the copied profile is copied to the destination profile.
- overwrite
-
Specifies that the destination profile configuration is overwritten with the copied source profile configuration. A profile is not overwritten if the overwrite command is not specified.
Platforms
All
copy-config
copy-config
Syntax
[no] copy-config
Context
[Tree] (configure>system>security>profile>netconf>base-op-authorization copy-config)
Full Context
configure system security profile netconf base-op-authorization copy-config
Description
This command enables the NETCONF copy-config operation.
The no form of this command disables the operation.
Default
no copy-config
The operation is enabled by default in the built-in system-generated administrative profile.
Platforms
All
copy-traffic-class-upon-decapsulation
copy-traffic-class-upon-decapsulation
Syntax
[no] copy-traffic-class-upon-decapsulation
Context
[Tree] (config>ipsec>tnl-temp copy-traffic-class-upon-decapsulation)
[Tree] (config>service>vprn>if>ipsec>ipsec-tunnel copy-traffic-class-upon-decapsulation)
[Tree] (config>service>ies>interface>ipsec>ipsec-tunnel copy-traffic-class-upon-decapsulation)
[Tree] (config>router>if>ipsec>ipsec-tunnel copy-traffic-class-upon-decapsulation)
[Tree] (config>service>vprn>if>sap>ipsec-tunnel copy-traffic-class-upon-decapsulation)
Full Context
configure ipsec tunnel-template copy-traffic-class-upon-decapsulation
configure service vprn interface ipsec ipsec-tunnel copy-traffic-class-upon-decapsulation
configure service ies interface ipsec ipsec-tunnel copy-traffic-class-upon-decapsulation
configure router interface ipsec ipsec-tunnel copy-traffic-class-upon-decapsulation
configure service vprn interface sap ipsec-tunnel copy-traffic-class-upon-decapsulation
Description
This command copies the traffic class from the outer tunnel IP packet header to the payload IP packet header upon tunnel decapsulation (public to private direction).
The no form of this command disables the traffic copying.
Default
copy-traffic-class-upon-decapsulation
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
- configure ipsec tunnel-template copy-traffic-class-upon-decapsulation
- configure service vprn interface sap ipsec-tunnel copy-traffic-class-upon-decapsulation
VSR
- configure router interface ipsec ipsec-tunnel copy-traffic-class-upon-decapsulation
- configure service vprn interface ipsec ipsec-tunnel copy-traffic-class-upon-decapsulation
- configure service ies interface ipsec ipsec-tunnel copy-traffic-class-upon-decapsulation
core-connectivity
core-connectivity
Syntax
[no] core-connectivity
Context
[Tree] (debug>service>id>stp core-connectivity)
Full Context
debug service id stp core-connectivity
Description
This command enables STP debugging for core connectivity.
The no form of the command disables debugging.
Platforms
All
core-mvpn
core-mvpn
Syntax
[no] core-mvpn service-id
Context
[Tree] (config>service>vprn>mvpn>rpf-select core-mvpn)
Full Context
configure service vprn mvpn rpf-select core-mvpn
Description
This command enables context for VRF extranet mapping for C-instance receivers in this receiver MVPN instance to multicast streams in the specified P-instance core MVPN instance.
Platforms
All
cores
cores
Syntax
cores core-count
no cores
Context
[Tree] (config>esa>vm cores)
Full Context
configure esa vm cores
Description
This command configures the number of CPU physical cores to be allocated to the ESA-VM instance. If an invalid value is configured for the number of cores, the VM remains in a failed state.
The no form of this command removes the core allocation. To modify the number of cores, you must use the no core command first.
Parameters
- core-count
-
Specifies the number of cores.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s
correlation-id
correlation-id
Syntax
x-interfaces
Context
[Tree] (config>li>x-interfaces correlation-id)
Full Context
configure li x-interfaces correlation-id
Description
Commands in this context configure the origin of the correlation identifiers.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
count
count
Syntax
count value
no count
Context
[Tree] (config>service>mac-notification count)
Full Context
configure service mac-notification count
Description
This command configures how often MAC notification messages are sent.
Parameters
- value
-
Specifies, in seconds, how often MAC notification messages are sent
Platforms
All
count
Syntax
count value
no count
Context
[Tree] (config>service>vpls>mac-notification count)
Full Context
configure service vpls mac-notification count
Description
This command configures how often MAC notification messages are sent.
Parameters
- value
-
Specifies, in seconds, how often MAC notification messages are sent
Platforms
All
count
Syntax
count number
no count
Context
[Tree] (config>system>cron>sched count)
Full Context
configure system cron schedule count
Description
This command configures the total number of times a CRON "interval” schedule is run. For example, if the interval is set to 600 and the count is set to 4, the schedule runs 4 times at 600 second intervals.
Default
no count
Parameters
- number
-
Specifies the number of times the schedule is run.
Platforms
All
cpe-check
cpe-check
Syntax
cpe-check cpe-ip-address
no cpe-check [cpe-ip-address]
Context
[Tree] (config>service>vprn>static-route-entry>indirect cpe-check)
[Tree] (config>service>vprn>static-route-entry>next-hop cpe-check)
Full Context
configure service vprn static-route-entry indirect cpe-check
configure service vprn static-route-entry next-hop cpe-check
Description
This command enables CPE-check and specifies the IP address of the target CPE device.
This option initiates a background ICMP ping test to the configured target IP address. The IP address can either be an IPv4 address for IPv4 static routes or an IPv6 address for IPv6 static routes. The target-ip-address cannot be in the same subnet as the static route subnet itself to avoid possible circular references. This option is mutually exclusive with BFD support on a given static route.
A node that is sourcing CPE-check packets waits an additional full interval before taking action, which gives the CPE time to respond. For example, with a drop-count of 3 and an interval of 1s, three CPE-check packets are sent out and the node waits for the duration of another interval before acting on the loss. Failure declaration may take extra time depending on the load, interval, and other factors. In line with multitasking, multi-priority operating principles of the node, and the relative priority of cpe-ping, the node paces these minor events.
The no form of this command disables the cpe-check option.
Default
no cpe-check
Parameters
- cpe-ip-address
-
Specifies the IP address of the CPE device.
Platforms
All
cpe-check
Syntax
cpe-check cpe-ip-address
no cpe-check [cpe-ip-address]
Context
[Tree] (config>router>static-route-entry>next-hop cpe-check)
[Tree] (config>router>static-route-entry>indirect cpe-check)
Full Context
configure router static-route-entry next-hop cpe-check
configure router static-route-entry indirect cpe-check
Description
This command enables CPE-check and specifies the IP address of the target CPE device.
This option initiates a background ICMP ping test to the configured target IP address. The IP address can either be an IPv4 address for IPv4 static routes or an IPv6 address for IPv6 static routes. The target-ip-address cannot be in the same subnet as the static route subnet itself to avoid possible circular references. This option is mutually exclusive with BFD support on a given static route.
A node that is sourcing CPE-check packets waits an additional full interval before taking action, which gives the CPE time to respond. For example, with a drop-count of 3 and an interval of 1s, three CPE-check packets are sent out and the node waits for the duration of another interval before acting on the loss. Failure declaration may take extra time depending on the load, interval, and other factors. In line with multitasking, multi-priority operating principles of the node, and the relative priority of cpe-ping, the node paces these minor events.
The no form of this command disables the cpe-check option.
Default
no cpe-check
Parameters
- cpe-ip-address
-
Specifies the IP address of the CPE device.
Platforms
All
cpe-check
Syntax
[no] cpe-check [ip-address]
Context
[Tree] (config>service>vprn>sub-if>grp-if>sap>static-host>managed-routes>route-entry cpe-check)
[Tree] (config>service>ies>sub-if>grp-if>sap>static-host>managed-routes>route-entry cpe-check)
Full Context
configure service vprn subscriber-interface group-interface sap static-host managed-routes route-entry cpe-check
configure service ies subscriber-interface group-interface sap static-host managed-routes route-entry cpe-check
Description
This command enables the CPE check and specifies the IP address of the target CPE device.
The no form of this command disables the cpe-check option.
Default
no cpe-check
Parameters
- ip-address
-
Specifies the IP address of the CPE device.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
cpe-ping
cpe-ping
Syntax
cpe-ping service service-id destination ip-address source ip-address [source-mac ieee-address] [fc fc-name [profile {in | out}]] [ttl vc-label-ttl] [count send-count] [return-control] [interval interval]
Context
[Tree] (config>saa>test>type cpe-ping)
[Tree] (oam cpe-ping)
Full Context
configure saa test type cpe-ping
oam cpe-ping
Description
This ping utility determines the IP connectivity to a CPE within a specified VPLS service.
Parameters
- service-id
-
Specifies the service ID of the service to diagnose or manage.
- destination ip-address
-
Specifies the IP address to be used as the destination for performing an OAM ping operations.
- source ip-address
-
Specifies an unused IP address in the same network that is associated with the VPLS or PBB Epipe.
- ieee-address
-
Specifies the source MAC address that is sent to the CPE. If not specified or set to 0, the MAC address configured for the CPM or CFM is used. This parameter is not applicable to CPE ping on Epipes.
- fc-name
-
Specifies the forwarding class of the MPLS echo request encapsulation.
- profile {in | out}
-
Specifies the profile state of the MPLS echo request encapsulation for VPLS and the ARP packet for PBB Epipe and Epipe VLLs.
- vc-label-ttl
-
Specifies the TTL value in the VC label for the OAM MAC request, expressed as a decimal integer.
- send-count
-
Specifies the number of messages to send to override the default number of message requests sent. Each message request must either time out or receive a reply before the next message request is sent. The message interval value must have expired before the next message request is sent.
- return-control
-
Specifies the MAC OAM reply to a data plane MAC OAM request be sent using the control plane instead of the data plane. This parameter is only valid for VPLS services.
- interval
-
Specifies the interval parameter in seconds, expressed as a decimal integer. This parameter is used to override the default request message send interval and defines the minimum amount of time that must expire before the next message request is sent.
If the interval is set to 1 second where the timeout value is set to 10 seconds, then the maximum time between message requests is 10 seconds and the minimum is 1 second. This depends upon the receipt of a message reply corresponding to the outstanding message request.
Platforms
All
cpipe
cpipe
Syntax
cpipe service-id [customer customer-id] [vpn vpn-id] [vc-type {satop-e1 | satop-t1 | [vc-switching] | cesopsn | cesopsn-cas}] [vc-switching] [test] [create] [name name]
no cpipe service-id
Context
[Tree] (config>service cpipe)
Full Context
configure service cpipe
Description
This command configures a Circuit Emulation Services instance.
When creating a service, you must enter the customer keyword and specify a customer-id to associate the service with a customer. The customer-id must already exist, having been created using the customer command in the service context. After a service has been created with a customer association, it is not possible to edit the customer association. The service must be deleted and re-created with a new customer association.
After a service is created, the use of the customer customer-id parameter is optional for navigating into the service configuration context. Attempting to edit a service with the incorrect customer-id specified results in an error.
By default, no services exist until they are explicitly created with this command.
The no form of this command deletes the service instance with the specified service-id. The service cannot be deleted until the service has been shutdown.
Parameters
- service-id
-
The unique service identification number or string identifying the service in the service domain. This ID must be unique to this service and may not be used for any other service of any type. The service-id must be the same number used for every router on which this service is defined.
- customer-id
-
Specifies the customer ID number to be associated with the service. This parameter is required on service creation and optional for service editing or deleting.
- vpn vpn-id
-
Specifies the VPN ID number which allows you to identify virtual private networks (VPNs) by a VPN ID. If this parameter is not specified, the VPN ID uses the same service ID number.
- vc-type
-
The vc-type defines the type of unstructured or structured circuit emulation service to be configured.
- vc-switching
-
Specifies if the pseudowire switching signaling is used for the spoke SDPs configured in this service.
- test
-
Specifies a unique test service type for the service context which contains only a SAP configuration. The test service can be used to test the throughput and performance of a path for MPLS-TP PWs. This parameter applies to the 7450 ESS and 7750 SR only.
- create
-
Keyword used to create the service. The create keyword requirement can be enabled/disabled in the environment>create context.
- name name
-
Configures an optional service name identifier, up to 64 characters, to a given service. This service name can then be used in configuration references, display, and show commands throughout the system. A defined service name can help the service provider or administrator to identify and manage services within the SR OS platforms.
To create a service, you must assign a service ID; however, after it is created, either the service ID or the service name can be used to identify and reference a service.
If a name is not specified at creation time, then SR OS assigns a string version of the service-id as the name.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
cpm-filter
cpm-filter
Syntax
cpm-filter
Context
[Tree] (config>system>security cpm-filter)
Full Context
configure system security cpm-filter
Description
Commands in this context configure a CPM filter. A CPM filter is a hardware filter done by the P chip on the CPM and CFM that applies to all the traffic going to the CPM CPU. It can be used to drop, accept packets, as well as allocate dedicated hardware queues for the traffic.
The no form of this command disables the CPM filter.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
cpm-http-redirect
cpm-http-redirect
Syntax
cpm-http-redirect
Context
[Tree] (config>system cpm-http-redirect)
Full Context
configure system cpm-http-redirect
Description
Commands in this context configure cpm-http-redirect settings for enabling or disabling the optimized-mode.
Platforms
All
cpm-queue
cpm-queue
Syntax
cpm-queue
Context
[Tree] (config>system>security cpm-queue)
Full Context
configure system security cpm-queue
Description
Commands in this context configure a CPM queue.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
cpr-window-size
cpr-window-size
Syntax
cpr-window-size window-size
Context
[Tree] (config>port>dwdm>coherent cpr-window-size)
Full Context
configure port dwdm coherent cpr-window-size
Description
This command configures the window size used for carrier phase recovery.
Default
32
Parameters
- window-size
-
Indicates the number of symbols used for carrier phase recovery algorithm of the receiver. When this parameter is changed, the link bounces because the receiver needs to be reconfigured.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
cpu-alarm
cpu-alarm
Syntax
cpu-alarm high-threshold high-percentage low-threshold low-percentage
no cpu-alarm
Context
[Tree] (config>li>x-interfaces>x3>alarms cpu-alarm)
Full Context
configure li x-interfaces x3 alarms cpu-alarm
Description
This command configures the thresholds for raising the CPU alarm. The low threshold value must be configured with a smaller value than the high threshold.
The no form of this command reverts to the default values.
Parameters
- high-percentage
-
Specifies the high threshold value, as a percentage.
- low-percentage
-
Specifies the low threshold value, as a percentage.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
cpu-protection
cpu-protection
Syntax
cpu-protection
Context
[Tree] (config>sys>security cpu-protection)
Full Context
configure system security cpu-protection
Description
Commands in this context configure CPU protection policies.
Platforms
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS
cpu-protection
Syntax
cpu-protection policy-id [mac-monitoring] | [eth-cfm-monitoring [aggregate][car]] | [ip-src-monitoring]
no cpu-protection
Context
[Tree] (config>service>vprn>if>spoke-sdp cpu-protection)
[Tree] (config>service>ies>if>sap cpu-protection)
[Tree] (config>service>vprn>sub-if>grp-if>sap cpu-protection)
[Tree] (config>service>ies>if>spoke-sdp cpu-protection)
[Tree] (config>service>ies>sub-if>grp-if>sap cpu-protection)
[Tree] (config>service>vprn>if>sap cpu-protection)
[Tree] (config>service>vpls>sap cpu-protection)
Full Context
configure service vprn interface spoke-sdp cpu-protection
configure service ies interface sap cpu-protection
configure service vprn subscriber-interface group-interface sap cpu-protection
configure service ies interface spoke-sdp cpu-protection
configure service ies subscriber-interface group-interface sap cpu-protection
configure service vprn interface sap cpu-protection
configure service vpls sap cpu-protection
Description
This command assigns an existing CPU protection policy to the SAP or interface. The CPU protection policies are configured in the config>sys>security>cpuprotection>policy cpu-protection-policy-id context.
If no CPU-protection policy is assigned to a SAP, then a default policy is used to limit the overall-rate according to the default policy. The default policy is policy number 254 for access interfaces, 255 for network interfaces and no policy for video interfaces.
The no form of this command removes the association of the CPU protection policy from the associated SAP or interface configuration and reverts to the default policy values.
Default
cpu-protection 254 (for access interfaces)
cpu-protection 255 (for network interfaces)
The configuration of no cpu-protection returns the msap-policy to the default policies as shown above.
Parameters
- mac-monitoring
-
Enables per SAP + source MAC address rate limiting using the per-source-rate from the associated cpu-protection policy.
- ip-src-monitoring
-
Enables per SAP + IP source address rate limiting for certain protocol packets using the per-source-rate and include-protocols from the associated cpu-protection policy. The ip-src-monitoring is useful in subscriber management architectures that have routers between the subscriber and the BNG (router). In Layer 3 aggregation scenarios all packets from all subscribers behind the same aggregation router arrives with the same source MAC address and as such the mac-monitoring functionality cannot differentiate traffic from different subscribers.
- eth-cfm-monitoring
-
Enables the Ethernet Connectivity Fault Management cpu-protection extensions on the associated SAP, SDP, or template.
- aggregate
-
applies the rate limit to the sum of the per-peer packet rates.
- car
-
(Committed Access Rate (CAR) causes Eth-CFM packets to be ignored when enforcing the overall-rate.
Platforms
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS
- configure service ies interface spoke-sdp cpu-protection
- configure service vprn interface spoke-sdp cpu-protection
- configure service ies interface sap cpu-protection
- configure service vpls sap cpu-protection
- configure service vprn interface sap cpu-protection
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s
- configure service ies subscriber-interface group-interface sap cpu-protection
- configure service vprn subscriber-interface group-interface sap cpu-protection
cpu-protection
Syntax
cpu-protection policy-id [mac-monitoring] | [eth-cfm-monitoring [aggregate][car]]
no cpu-protection
Context
[Tree] (config>service>ipipe>sap cpu-protection)
[Tree] (config>service>epipe>sap cpu-protection)
[Tree] (config>service>template>vpls-sap-template cpu-protection)
[Tree] (config>service>vpls>mesh-sdp cpu-protection)
[Tree] (config>service>vpls>spoke-sdp cpu-protection)
[Tree] (config>service>epipe>spoke-sdp cpu-protection)
[Tree] (config>service>vpls>sap cpu-protection)
Full Context
configure service ipipe sap cpu-protection
configure service epipe sap cpu-protection
configure service template vpls-sap-template cpu-protection
configure service vpls mesh-sdp cpu-protection
configure service vpls spoke-sdp cpu-protection
configure service epipe spoke-sdp cpu-protection
configure service vpls sap cpu-protection
Description
Use this command to apply a specific CPU protection policy to the associated SAP, SDP or template. If the mac-monitoring keyword is given then per-MAC-rate limiting should be performed, using the per-source-rate from the associated CPU protection policy.
The CPU protection policies are configured in the config>sys>security>cpu-protection>policy cpu-protection-policy-id context.
If no CPU protection policy is assigned to a SAP, then a default policy is used to limit the overall-rate according to the default policy. The default policy is policy number 254 for access interfaces, 255 for network interfaces and no policy for video interfaces.
The no form of this command reverts to the default values.
Default
cpu-protection 254 (for access interfaces)
cpu-protection 255 (for network interfaces)
Parameters
- mac-monitoring
-
Enables per SAP + source MAC address rate limiting using the per-source-rate from the associated cpu-protection policy.
- eth-cfm-monitoring
-
Enables the Ethernet Connectivity Fault Management cpu-protection extensions on the associated SAP/SDP/template.
- aggregate
-
applies the rate limit to the sum of the per-peer packet rates.
- car
-
(Committed Access Rate) Ignores Eth-CFM packets when enforcing overall-rate.
Platforms
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS
cpu-protection
Syntax
cpu-protection policy-id
no cpu-protection
Context
[Tree] (config>service>vprn>interface cpu-protection)
[Tree] (config>service>vprn>video-interface cpu-protection)
[Tree] (config>service>ies>interface cpu-protection)
[Tree] (config>service>ies>video-interface cpu-protection)
[Tree] (config>service>vprn>network-interface cpu-protection)
[Tree] (config>router>interface cpu-protection)
Full Context
configure service vprn interface cpu-protection
configure service vprn video-interface cpu-protection
configure service ies interface cpu-protection
configure service ies video-interface cpu-protection
configure service vprn network-interface cpu-protection
configure router interface cpu-protection
Description
This command assigns an existing CPU protection policy to the associated interface. For these interface types, the per-source rate limit is not applicable.
The CPU protection policies are configured in the config>sys>security>cpu-protection>policy cpu-protection-policy-id context.
If no CPU-protection policy is assigned to an interface, then the default policy is used to limit the overall-rate. The default policy is policy number 254 for access interfaces, 255 for network interfaces and no policy for video interfaces.
The no form of this command reverts to the default values.
Default
cpu-protection 254 (for access interfaces)
cpu-protection 255 (for network interfaces)
no cpu-protection (for video interfaces)
Parameters
- policy-id
-
Specifies an existing CPU protection policy.
Platforms
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS
- configure service vprn interface cpu-protection
- configure router interface cpu-protection
- configure service ies interface cpu-protection
- configure service vprn network-interface cpu-protection
7450 ESS, 7750 SR, 7750 SR-s
- configure service ies video-interface cpu-protection
- configure service vprn video-interface cpu-protection
cpu-protection
Syntax
cpu-protection policy-id [mac-monitoring] [ip-src-monitoring]
no cpu-protection
Context
[Tree] (config>subscr-mgmt>msap-policy cpu-protection)
Full Context
configure subscriber-mgmt msap-policy cpu-protection
Description
Use this command to apply a specific CPU protection policy to the associated MSAP policy. The specified CPU protection policy is automatically applied to any MSAPs that are create using the MSAP policy.
If no CPU protection policy is assigned to a SAP, then a default policy is used to limit the overall-rate according to the default policy. The default policy is policy number 254 for access interfaces, 255 for network interfaces and no policy for video interfaces.
The no form of this command reverts to the default values.
Default
cpu-protection 254 (for access interfaces)
cpu-protection 255 (for network interfaces)
The configuration of no cpu-protection returns the msap-policy to the default policies as shown above.
Parameters
- policy-id
-
Specifies an existing CPU protection policy.
- mac-monitoring
-
Enables per SAP + source MAC address rate limiting using the per-source-rate from the associated cpu-protection policy.
- ip-src-monitoring
-
Enables per SAP + IP source address rate limiting for certain protocol packets using the per-source-rate and included-protocols from the associated cpu-protection policy. The ip-src-monitoring is useful in subscriber management architectures that have routers between the subscriber and the BNG (router). In Layer 3 aggregation scenarios all packets from all subscribers behind the same aggregation router arrives with the same source MAC address and as such the mac-monitoring functionality cannot differentiate traffic from different subscribers.
Platforms
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s
cpu-protection
Syntax
cpu-protection
cpu-protection policy-id [ip-src-monitoring] [mac-monitoring]
Context
[Tree] (config>subscr-mgmt>sap-template cpu-protection)
Full Context
configure subscriber-mgmt sap-template cpu-protection
Description
This command assigns an existing CPU protection policy to the SAP or interface.
CPU protection policies are configured in the config>sys>security>cpu-protection context.
Default
cpu-protection 254
Parameters
- policy-id
-
Specifies an existing CPU protection policy is assigned to the SAP or interface.
- ip-src-monitoring
-
Specifies to enable IP source monitoring.
- mac-monitoring
-
Specifies to enable MAC monitoring.
Platforms
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s
crc
crc
Syntax
crc {16 | 32}
Context
[Tree] (config>port>sonet-sdh>path crc)
Full Context
configure port sonet-sdh path crc
Description
A 16 bit CRC can only be configured on an OC-3 channel, all other channel speeds must use a 32 bit CRC except for the paths configured with encap-type atm at OC3 speed.
Default
crc 16 for OC-3, DS-1, DS-3 crc 32 for OC-12, OC-48, ATM-OC12/3, AT-MOC-3, and so on
The CRC default is 32 when the encap-type is set to ATM and also, the default cannot be changed when the encap-type is set to ATM.
Parameters
- 16
-
Use 16 bit checksum for the associated port/channel.
- 32
-
Use 32 bit checksum for the associated port/channel.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
crc
Syntax
crc {16 | 32}
Context
[Tree] (config>port>tdm>ds3 crc)
[Tree] (config>port>tdm>e3 crc)
Full Context
configure port tdm ds3 crc
configure port tdm e3 crc
Description
This command configures the precision of the cyclic redundancy check (CRC).
Default
crc 16 for non-ATM E-3 and DS-3 channel/ports.
crc 32 for ATM E-3 and DS-3 channels/ports. The default cannot be changed.
Parameters
- 16
-
Uses 16 bit checksum for the associated port/channel.
- 32
-
Uses 32 bit checksum for the associated port/channel.
Platforms
7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e
crc-monitor
crc-monitor
Syntax
crc-monitor
Context
[Tree] (config>port>ethernet crc-monitor)
Full Context
configure port ethernet crc-monitor
Description
This command configures Ethernet CRC Monitoring parameters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
create
create
Syntax
[no] create
Context
[Tree] (environment create)
Full Context
environment create
Description
By default, the create command is required to create a new OS entity.
The no form of the command disables requiring the create keyword.
Default
create
Platforms
All
create-mpls-tunnel
create-mpls-tunnel
Syntax
[no] create-mpls-tunnel
Context
[Tree] (config>router>policy-options>policy-statement>entry>action create-mpls-tunnel)
Full Context
configure router policy-options policy-statement entry action create-mpls-tunnel
Description
This command enables the creation of an MPLS tunnel to the BGP next-hop. It is supported for the following address families:
-
vpn-ipv4
-
vpn-ipv6
-
evpn
-
label-ipv4
-
label-ipv6
-
ipv4
-
ipv6
The no form of the command disables the creation of an MPLS tunnel.
Default
no create-mpls-tunnel
Platforms
All
create-subscription
create-subscription
Syntax
[no] create-subscription
Context
[Tree] (configure>system>security>profile>netconf>base-op-authorization create-subscription)
Full Context
configure system security profile netconf base-op-authorization create-subscription
Description
This command enables the NETCONF create-subscription operation in the default user profile.
The base-op-authorization create-subscription configuration is not pre-emptive, which means that it is checked only at the time of the initial subscription. Configuration changes to the base-op-authorization do not cancel any in-progress subscriptions and operators who successfully subscribed continue to receive messages.
The no form of this command disables the operation.
Default
no create-subscription
The operation is enabled by default in the built-in system-generated administrative profile.
Platforms
All
create-udp-tunnel
create-udp-tunnel
Syntax
create-udp-tunnel
no create-udp-tunnel
Context
[Tree] (config>router>policy-options>policy-statement>entry>action create-udp-tunnel)
[Tree] (config>router>policy-options>policy-statement>default-action create-udp-tunnel)
Full Context
configure router policy-options policy-statement entry action create-udp-tunnel
configure router policy-options policy-statement default-action create-udp-tunnel
Description
This command instructs the router to create an MPLS-over-UDP tunnel upon receiving BGP routes that match the import policy.
Default
no create-udp-tunnel
Platforms
All
credential
credential
Syntax
credential
Context
[Tree] (config>ipsec>client-db>client credential)
Full Context
configure ipsec client-db client credential
Description
Commands in this context configure the parameters used to authenticate peers.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
credit-control-policy
credit-control-policy
Syntax
credit-control-policy policy-name [create]
credit-control-policy diameter policy-name
no credit-control-policy policy-name
Context
[Tree] (config>subscr-mgmt credit-control-policy)
Full Context
configure subscriber-mgmt credit-control-policy
Description
This command creates, configures or deletes a credit control policy.
The no form of this command reverts to the default.
Parameters
- policy-name
-
Specifies the policy name, up to 32 characters.
- create
-
Keyword used to create the credit control policy. The create keyword requirement can be enabled or disabled in the environment>create context.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
credit-control-policy
Syntax
credit-control-policy policy-name
no credit-control-policy
Context
[Tree] (config>subscr-mgmt>sla-prof credit-control-policy)
Full Context
configure subscriber-mgmt sla-profile credit-control-policy
Description
This command configures the credit policy for this SLA profile.
Default
no credit-control-policy
Parameters
- policy-name
-
Specifies the credit control policy name, up to 32 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
credit-control-quota
credit-control-quota
Syntax
[no] credit-control-quota
Context
[Tree] (config>aaa>isa-radius-plcy>acct-include-attributes credit-control-quota)
Full Context
configure aaa isa-radius-policy acct-include-attributes credit-control-quota
Description
This command includes any unconsumed volume quota in the Alc-Credit-Control-Quota attribute.
The no form of this command excludes the Alc-Credit-Control-Quota attribute.
Default
no credit-control-quota
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
credit-control-server
credit-control-server
Syntax
credit-control-server radius
no credit-control-server
Context
[Tree] (config>subscr-mgmt>credit-control-policy credit-control-server)
Full Context
configure subscriber-mgmt credit-control-policy credit-control-server
Description
This command configures the credit control server to use. In case of RADIUS, the servers defined in the authentication policy are used. For Diameter, the peers defined in the specified Diameter policy are used.
The no form of this command reverts to the default.
Default
credit-control-server radius
Parameters
- radius
-
Specifies to use the RADIUS authentication servers defined in the RADIUS authentication policy in the group interface to report credit usage and obtain new credit.
- diameter policy-name
-
Specifies to use the diameter peers specified in the diameter policy to report credit usage and obtain new credit.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
credit-exhaust-threshold
credit-exhaust-threshold
Syntax
credit-exhaust-threshold threshold-percentage
no credit-exhaust-threshold
Context
[Tree] (config>subscr-mgmt>cat-map credit-exhaust-threshold)
Full Context
configure subscriber-mgmt category-map credit-exhaust-threshold
Description
This command specifies the credit exhaust threshold considered to act.
The no form of this command reverts the configured value to the default.
Default
credit-exhaust-threshold 100
Parameters
- threshold-percentage
-
Specifies the percentage to use for the credit exhaust threshold.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
credit-mcs-interval
credit-mcs-interval
Syntax
credit-mcs-interval interval
no credit-mcs-interval
Context
[Tree] (config>subscr-mgmt>diam-appl-plcy>gx credit-mcs-interval)
Full Context
configure subscriber-mgmt diameter-application-policy gx credit-mcs-interval
Description
This command configures the usage monitoring between the redundant chassis that is synchronized periodically per Gx session, from the active Gx session to the standby Gx session.
The no form of this command reverts to the default value.
Default
credit-mcs-interval 10
Parameters
- interval
-
Specifies the interval time, in minutes, between synchronization moments for syncing volume to the multi-chassis redundant chassis in case of Gx usage monitoring on a CCI that belongs to a multi-chassis redundant host.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
credit-type
credit-type
Syntax
credit-type {volume | time}
no credit-type
Context
[Tree] (config>subscr-mgmt>cat-map credit-type)
Full Context
configure subscriber-mgmt category-map credit-type
Description
This command specifies whether volume or time based accounting is performed.
The no form of this command reverts to the default.
Default
credit-type volume
Parameters
- volume
-
Specifies volume-based accounting.
- time
-
Specifies time-based accounting.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
credit-type-override
credit-type-override
Syntax
credit-type-override {volume | time}
no credit-type-override
Context
[Tree] (config>subscr-mgmt>cat-map>category credit-type-override)
Full Context
configure subscriber-mgmt category-map category credit-type-override
Description
This command overrides the credit-type configured in the config>subscr-mgmt>cat-map context for the given category.
The no form of this command reverts to the default.
Parameters
- volume
-
If different than the value specified in the credit-type command, the value overrides the credit-type.
- time
-
If different than the value specified in the credit-type command, the value overrides the credit-type.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
credits
credits
Syntax
credits [lowercase credits] [uppercase credits] [numeric credits] [special-character credits]
no credits
Context
[Tree] (config>system>security>password>complexity-rules credits)
Full Context
configure system security password complexity-rules credits
Description
The maximum credits given for usage of the different character classes in the local passwords.
The no form of this command resets to default.
Default
no credits
Parameters
- credits
-
Specifies the number of credits that can be used for each characters class.
Platforms
All
criteria-overrides
criteria-overrides
Syntax
criteria-overrides
Context
[Tree] (config>service>epipe>sap>ingress criteria-overrides)
[Tree] (config>service>ipipe>sap>ingress criteria-overrides)
[Tree] (config>service>cpipe>sap>ingress criteria-overrides)
[Tree] (config>service>ies>if>sap>ingress criteria-overrides)
[Tree] (config>service>vpls>sap>ingress criteria-overrides)
[Tree] (config>service>vprn>if>sap>ingress criteria-overrides)
Full Context
configure service epipe sap ingress criteria-overrides
configure service ipipe sap ingress criteria-overrides
configure service cpipe sap ingress criteria-overrides
configure service ies interface sap ingress criteria-overrides
configure service vpls sap ingress criteria-overrides
configure service vprn interface sap ingress criteria-overrides
Description
Commands in this context configure IPv4 and IPv6 criteria overrides.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
critical-event
critical-event
Syntax
[no] critical-event
Context
[Tree] (config>port>ethernet>efm-oam>link-mon>local-sf-action>info-notification critical-event)
Full Context
configure port ethernet efm-oam link-monitoring local-sf-action info-notification critical-event
Description
This command sets the critical event Flag field in the Information OAMPDU when the local signal failure (sf-threshold) threshold is reached. This is maintained in all subsequent Information OAM PDUs until the situation is cleared.
Interactions: The signal failure threshold triggers these actions.
Default
no critical-event
Platforms
All
critical-event
Syntax
critical-event local-port-action {log-only | out-of-service}
Context
[Tree] (config>port>ethernet>efm-oam>peer-rdi-rx critical-event)
Full Context
configure port ethernet efm-oam peer-rdi-rx critical-event
Description
This command defines how to react to the reception of a critical event Flag field set in the informational OAMPDU.
Default
critical-event local-port-action out-of-service
Parameters
- local-port-action
-
Defines whether or not the local port will be affected when a critical event is received from a peer.
- log-only
-
Keyword that prevents the port from being affected when the local peer receives a critical event. The critical event will be logged but the port will remain operational.
- out-of-service
-
Keyword that causes the port to enter a non-operation down state with a port state of link up. The error is logged upon reception of critical event. The port is not available to service data but continues to carry Link OAM traffic to ensure the link is monitored.
Platforms
All
crl-expiration-warning
crl-expiration-warning
Syntax
crl-expiration-warning hours [repeat repeat-hours]
no crl-expiration-warning
Context
[Tree] (config>system>security>pki crl-expiration-warning)
Full Context
configure system security pki crl-expiration-warning
Description
This command specifies when the systems issues a BeforeExp message before a CRL expires. For example, with certificate-expiration-warning 5, the system issues a BeforeExp message 5 hours before a CRL expires. An optional repeat repeat-hour parameter enables the system to repeat the BeforeExp message every hour until the CRL expires.
If the user only wants AfterExp, then certificate-expiration-warning 0 can be used to achieve this.
BeforeExp and AfterExp warnings can be cleared in following cases:
-
The CRL is reloaded by the admin certificate reload command. In this case, if the reloaded file is not expired, then AfterExp is cleared. And, if the reloaded file is outside of configured warning window, then the BeforeExp is also cleared.
-
When the ca-profile is shutdown, then BeforeExp and AfterExp of corresponding certificates are cleared.
-
When no crl-expiration-warning command is configured, then all existing BeforeExp and AfterExp are cleared.
-
Users may change the configuration of the crl-expiration-warning so that certain CRL are no longer in the warning window. BeforeExp of corresponding CRL are cleared.
-
If the system time changes so that the new time causes the CRL to no longer be in the warning window, then BeforeExp is cleared. If the new time causes an expired CRL to come non-expired, then AfterExp is cleared.
Default
no crl-expiration-warning
Parameters
- hours
-
Specifies the amount of time before a CRL expires when system issues BeforeExp
- repeat-hour
-
Specifies that the system repeats BeforeExp every repeat-hour
Platforms
All
crl-file
crl-file
Syntax
crl-file filename
no crl-file
Context
[Tree] (config>system>security>pki>ca-profile crl-file)
Full Context
configure system security pki ca-profile crl-file
Description
This command specifies the name of a file in cf3:\system-pki\crl as the Certification Revoke List file of the ca-profile.
Notes:
-
The system performs following checks against configured crl-file when a no shutdown command is issued:
-
A valid cert-file of the ca-profile must be already configured.
-
Configured crl-file must be a DER formatted CRLv2 file.
-
All non-optional fields defined in section 5.1 of RFC 5280 must exist and conform to the RFC 5280 defined format.
-
Check the version field to see if its value is 0x1.
-
Delta CRL Indicator must not exist (delta CRL is not supported).
-
CRL’s signature must be verified by using the cert-file of ca-profile.
If any of above checks fail, the no shutdown command fails.
-
-
Changing or removing the crl-file is only allowed when the ca-profile is in a shutdown state.
The no form of this command removes the filename from the configuration.
Parameters
- filename
-
Specifies the name of CRL file stored in cf3:\system-pki\crl.
Platforms
All
crl-update
crl-update
Syntax
crl-update ca ca-profile-name
Context
[Tree] (admin>certificate crl-update)
Full Context
admin certificate crl-update
Description
This command manually triggers the Certificate Revocation List file (CRL) update for the specified ca-profile.
Using this command requires shutting down the auto-crl-update.
Parameters
- ca-profile-name
-
Specifies the name of the Certificate Authority profile.
Platforms
All
crl-urls
crl-urls
Syntax
crl-urls
Context
[Tree] (config>system>security>pki>ca-prof>auto-crl-update crl-urls)
Full Context
configure system security pki ca-profile auto-crl-update crl-urls
Description
Commands in this context configure crl-urls parameters. The system allows up to eight URL entries to be configured and tries each URL in order and stop when a qualified CRL is successfully downloaded. A qualified CRL is a valid CRL signed by the CA and is more recent than the existing CRL.
If none of the configured URLs returns a qualified CRL, then:
-
If the schedule-type is next-update-based, system will wait for configure retry-interval before it start from beginning of the list again.
-
If the schedule-type is periodic, then system will wait till next periodic update time.
If the user wants to manually stop the download, shutting down of auto-crl-retrieval could be used to achieve this.
Platforms
All
cron
cron
Syntax
cron
Context
[Tree] (config>system cron)
Full Context
configure system cron
Description
This command creates the context to create scripts, script parameters and schedules which support the Service Assurance Agent (SAA) functions.
CRON features are saved to the configuration file on both primary and backup control modules. If a control module switchover occurs, CRON events are restored when the new configuration is loaded. If a control module switchover occurs during the execution of a cron script, the failover behavior will be determined by the contents of the script.
Platforms
All
cron
Syntax
cron
Context
[Tree] (config>system>security>cli-script>authorization cron)
Full Context
configure system security cli-script authorization cron
Description
Commands in this context configure authorization for the Cron job-scheduler.
Platforms
All
cross-connect
cross-connect
Syntax
[no] cross-connect
Context
[Tree] (config>subscr-mgmt>wlan-gw>ue-query>state cross-connect)
Full Context
configure subscriber-mgmt wlan-gw ue-query state cross-connect
Description
This command enables matching on cross-connected UEs.
The no form of this command disables matching on cross-connected UEs, unless all state matching is disabled.
Default
no cross-connect
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
csf-enable
csf-enable
Syntax
[no] csf-enable
Context
[Tree] (config>lag>eth-cfm>mep csf-enable)
[Tree] (config>port>ethernet>eth-cfm>mep csf-enable)
Full Context
configure lag eth-cfm mep csf-enable
configure port ethernet eth-cfm mep csf-enable
Description
This command configures the reception of Client Signal Fail (CSF) message parameters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
csf-enable
Syntax
[no] csf-enable
Context
[Tree] (config>service>ies>sub-if>grp-if>sap>eth-cfm csf-enable)
[Tree] (config>service>epipe>spoke-sdp>eth-cfm>mep csf-enable)
[Tree] (config>service>vprn>if>sap>eth-cfm>mep csf-enable)
[Tree] (config>service>vpls>spoke-sdp>eth-cfm>mep csf-enable)
[Tree] (config>service>ies>if>spoke-sdp>eth-cfm>mep csf-enable)
[Tree] (config>service>vprn>if>spoke-sdp>eth-cfm>mep csf-enable)
[Tree] (config>service>ies>sub-if>grp-if>sap>eth-cfm>mep csf-enable)
[Tree] (config>service>vpls>mesh-sdp>eth-cfm>mep csf-enable)
[Tree] (config>service>vpls>sap>eth-cfm>mep csf-enable)
[Tree] (config>service>epipe>sap>eth-cfm>mep csf-enable)
[Tree] (config>service>vprn>sub-if>grp-if>sap>eth-cfm>mep csf-enable)
[Tree] (config>service>ies>if>sap>eth-cfm>mep csf-enable)
Full Context
configure service ies subscriber-interface group-interface sap eth-cfm csf-enable
configure service epipe spoke-sdp eth-cfm mep csf-enable
configure service vprn interface sap eth-cfm mep csf-enable
configure service vpls spoke-sdp eth-cfm mep csf-enable
configure service ies interface spoke-sdp eth-cfm mep csf-enable
configure service vprn interface spoke-sdp eth-cfm mep csf-enable
configure service ies subscriber-interface group-interface sap eth-cfm mep csf-enable
configure service vpls mesh-sdp eth-cfm mep csf-enable
configure service vpls sap eth-cfm mep csf-enable
configure service epipe sap eth-cfm mep csf-enable
configure service vprn subscriber-interface group-interface sap eth-cfm mep csf-enable
configure service ies interface sap eth-cfm mep csf-enable
Description
Commands in this context configure the reception and local processing of ETH-CSF frames.
The no form of this command disables the reception of Client Signal Fail (CSF) message parameters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s
- configure service ies subscriber-interface group-interface sap eth-cfm mep csf-enable
- configure service vprn subscriber-interface group-interface sap eth-cfm mep csf-enable
- configure service ies subscriber-interface group-interface sap eth-cfm csf-enable
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
- configure service vprn interface sap eth-cfm mep csf-enable
- configure service vpls mesh-sdp eth-cfm mep csf-enable
- configure service epipe sap eth-cfm mep csf-enable
- configure service vpls spoke-sdp eth-cfm mep csf-enable
- configure service vprn interface spoke-sdp eth-cfm mep csf-enable
- configure service epipe spoke-sdp eth-cfm mep csf-enable
- configure service vpls sap eth-cfm mep csf-enable
- configure service ies interface sap eth-cfm mep csf-enable
- configure service ies interface spoke-sdp eth-cfm mep csf-enable
csnp-authentication
csnp-authentication
Syntax
[no] csnp-authentication
Context
[Tree] (config>service>vprn>isis>level csnp-authentication)
[Tree] (config>service>vprn>isis csnp-authentication)
Full Context
configure service vprn isis level csnp-authentication
configure service vprn isis csnp-authentication
Description
This command enables authentication of individual ISIS packets of complete sequence number PDUs (CSNP) type for the VPRN instance.
Platforms
All
csnp-authentication
Syntax
[no] csnp-authentication
Context
[Tree] (config>router>isis csnp-authentication)
[Tree] (config>router>isis>level csnp-authentication)
Full Context
configure router isis csnp-authentication
configure router isis level csnp-authentication
Description
This command enables authentication of individual IS-IS packets of complete sequence number PDUs (CSNP) type.
The no form of this command suppresses authentication of CSNP packets.
Default
csnp-authentication
Platforms
All
csnp-interval
csnp-interval
Syntax
csnp-interval seconds
no csnp-interval
Context
[Tree] (config>service>vprn>isis>if csnp-interval)
Full Context
configure service vprn isis interface csnp-interval
Description
This command configures the time interval, in seconds, to send complete sequence number (CSN) PDUs from the interface. IS-IS must send CSN PDUs periodically.
The no form of this command reverts to the default value.
Default
csnp-interval 10 — CSN PDUs are sent every 10 seconds for LAN interfaces.
csnp-interval 5 — CSN PDUs are sent every 5 seconds for point-to-point interfaces.
Parameters
- seconds
-
The time interval, in seconds between successive CSN PDUs sent from this interface expressed as a decimal integer.
Platforms
All
csnp-interval
Syntax
csnp-interval seconds
no csnp-interval
Context
[Tree] (config>router>isis>interface csnp-interval)
Full Context
configure router isis interface csnp-interval
Description
This command configures the time interval, in seconds, to send complete sequence number (CSN) PDUs from the interface. IS-IS must send CSN PDUs periodically.
The no form of this command reverts to the default value.
Default
csnp-interval 10 — CSN PDUs are sent every 10 seconds for LAN interfaces.
csnp-interval 5 — CSN PDUs are sent every 5 seconds for point-to-point interfaces.
Parameters
- seconds
-
Specifies the time interval, in seconds, between successive CSN PDUs sent from this interface expressed as a decimal integer.
Platforms
All
csnp-on-p2p
csnp-on-p2p
Syntax
[no] csnp-on-p2p
Context
[Tree] (config>service>vprn>isis csnp-on-p2p)
[Tree] (config>router>isis csnp-on-p2p)
Full Context
configure service vprn isis csnp-on-p2p
configure router isis csnp-on-p2p
Description
This command enables the periodic transmission of CSNP PDUs to point-to-point adjacent systems.
The no form of this command disables the periodic transmission of CSNP PDUs to point-to-point adjacent systems.
Default
csnp-on-p2p
Platforms
All
cspf
cspf
Syntax
[no] cspf
Context
[Tree] (debug>router>isis cspf)
Full Context
debug router isis cspf
Description
This command enables debugging for IS-IS cspf.
The no form of the command disables debugging.
Platforms
All
cspf
Syntax
cspf [ip-address]
no cspf
Context
[Tree] (debug>router>ospf cspf)
Full Context
debug router ospf cspf
Description
This command enables debugging for an OSPF constraint-based shortest path first (CSPF).
Parameters
- ip-address
-
Specifies the IP address for the range used for CSPF.
Platforms
All
cspf-on-loose-hop
cspf-on-loose-hop
Syntax
[no] cspf-on-loose-hop
Context
[Tree] (config>router>mpls cspf-on-loose-hop)
Full Context
configure router mpls cspf-on-loose-hop
Description
This command enables the option to do CSPF calculations until the next loose hop or the final destination of LSP on LSR. On receiving a PATH message on LSR and processing of all local hops in the received ERO, if the next hop is loose, then the LSR node will first do a CSPF calculation until the next loose hop. On successful completion of CSPF calculation, ERO in PATH message is modified to include newly calculated intermediate hops and propagate it forward to the next hop. This allows setting up inter-area LSPs based on ERO expansion method.
The LSP may fail to set up if this option is enabled on an LSR that is not an area border router and receives a PATH message without proper next loose hop in ERO. The 'cspf-on-loose-hop’ configuration is allowed to change dynamically and applied to new LSP setup after change.
Default
no cspf-on-loose-hop
Platforms
All
cspf-pkt
cspf-pkt
Syntax
cspf-pkt cspf-pkt [detail]
no cspf-pkt cspf-pkt
Context
[Tree] (debug>router>pcep>pce>conn cspf-pkt)
[Tree] (debug>router>pcep>pce cspf-pkt)
Full Context
debug router pcep pce connection cspf-pkt
debug router pcep pce cspf-pkt
Description
This command enables debugging for PCEP PCE or connection packets.
The no form of this command disables debugging.
Parameters
- cspf-pkt
-
Specifies only packets of the specified type are debugged.
- detail
-
Keyword used to specify detailed output.
Platforms
VSR-NRC
cspf-te
cspf-te
Syntax
cspf-te [detail]
no cspf-te
Context
[Tree] (debug>router>pcep>pcc>conn cspf-te)
[Tree] (debug>router>pcep>pcc cspf-te)
Full Context
debug router pcep pcc connection cspf-te
debug router pcep pcc cspf-te
Description
This command debugs Constrained Shortest Path First-Traffic Engineering (CSPF-TE) events.
The no form of this command disables debugging.
Parameters
- detail
-
Keyword used to specify detailed information about all events.
Platforms
All
cspf-te
Syntax
cspf-te [detail]
no cspf-te
Context
[Tree] (debug>router>pcep>pce>conn cspf-te)
[Tree] (debug>router>pcep>pce cspf-te)
Full Context
debug router pcep pce connection cspf-te
debug router pcep pce cspf-te
Description
This command debugs Constrained Shortest Path First-Traffic Engineering (CSPF-TE) events.
The no form of this command disables debugging.
Parameters
- detail
-
Keyword used to specify detailed information about all events.
Platforms
VSR-NRC
cumulative-factor
cumulative-factor
Syntax
[no] cumulative-factor cumulative-factor
Context
[Tree] (config>service>vpls>mac-move>primary-ports cumulative-factor)
[Tree] (config>service>template>vpls-template>mac-move>primary-ports cumulative-factor)
[Tree] (config>service>template>vpls-template>mac-move>secondary-ports cumulative-factor)
[Tree] (config>service>vpls>mac-move>secondary-ports cumulative-factor)
Full Context
configure service vpls mac-move primary-ports cumulative-factor
configure service template vpls-template mac-move primary-ports cumulative-factor
configure service template vpls-template mac-move secondary-ports cumulative-factor
configure service vpls mac-move secondary-ports cumulative-factor
Description
This command defines a factor defining how many mac-relearn measurement periods can be used to measure mac-relearn rate. The rate must be exceeded during the defined number of consecutive periods before the corresponding port is blocked by the mac-move feature. The cumulative-factor of primary ports must be higher than cumulative-factor of secondary ports.
Default
cumulative-factor 2 — secondary ports
cumulative-factor 3 — primary ports
Parameters
- factor
-
Specifies the factor defining the number of mac-relearn measurement periods can be used to measure mac-relearn rate
Platforms
All
cups
cups
Syntax
[no] cups
Context
[Tree] (config>subscr-mgmt>sla-profile>control cups)
Full Context
configure subscriber-mgmt sla-profile control cups
Description
This command enables a session that is set up with remote CUPS control plane handling to use this SLA profile.
The no form of this command disables a session that is set up with remote CUPS control- plane handling from using this SLA profile.
Default
no cups
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
cups
Syntax
[no] cups
Context
[Tree] (config>subscr-mgmt>sub-profile>control cups)
Full Context
configure subscriber-mgmt sub-profile control cups
Description
This command enables a session that is set up with remote CUPS control plane handling to use this subscriber profile.
The no form of this command disables a session that is set up with remote CUPS control- plane handling from using this subscriber profile.
Default
no cups
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
current-hop-limit
current-hop-limit
Syntax
current-hop-limit limit
no current-hop-limit
Context
[Tree] (config>subscr-mgmt>rtr-adv-plcy current-hop-limit)
[Tree] (config>service>vprn>sub-if>grp-if>ipv6>rtr-adv current-hop-limit)
[Tree] (config>service>ies>sub-if>grp-if>ipv6>rtr-adv current-hop-limit)
[Tree] (config>service>vprn>router-advert>if current-hop-limit)
[Tree] (config>service>vprn>sub-if>ipv6>rtr-adv current-hop-limit)
[Tree] (config>service>ies>sub-if>ipv6>rtr-adv current-hop-limit)
Full Context
configure subscriber-mgmt router-advertisement-policy current-hop-limit
configure service vprn subscriber-interface group-interface ipv6 router-advertisements current-hop-limit
configure service ies subscriber-interface group-interface ipv6 router-advertisements current-hop-limit
configure service vprn router-advertisement interface current-hop-limit
configure service vprn subscriber-interface ipv6 router-advertisements current-hop-limit
configure service ies subscriber-interface ipv6 router-advertisements current-hop-limit
Description
This command configures the hop limit to be advertised.
The no form of this command returns the command to the default setting.
Default
current-hop-limit 64
Parameters
- limit
-
Specifies the default value to be placed in the current hop limit field in router advertisement policies sent.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
- configure service ies subscriber-interface group-interface ipv6 router-advertisements current-hop-limit
- configure service vprn subscriber-interface ipv6 router-advertisements current-hop-limit
- configure service ies subscriber-interface ipv6 router-advertisements current-hop-limit
- configure service vprn subscriber-interface group-interface ipv6 router-advertisements current-hop-limit
- configure subscriber-mgmt router-advertisement-policy current-hop-limit
All
- configure service vprn router-advertisement interface current-hop-limit
current-hop-limit
Syntax
current-hop-limit number
no current-hop-limit
Context
[Tree] (config>router>router-advert>if current-hop-limit)
Full Context
configure router router-advertisement interface current-hop-limit
Description
This command configures the current-hop-limit in the router advertisement messages. It informs the nodes on the subnet about the hop-limit when originating IPv6 packets.
Default
current-hop-limit 64
Parameters
- number
-
Specifies the hop limit.
Platforms
All
custom-option
custom-option
Syntax
custom-option option-number address [ip-address]
custom-option option-number address ipv6-address [ipv6-address]
custom-option option-number domain [domain-string]
custom-option option-number hex hex-string
custom-option option-number string ascii-string
no custom-option option-number
Context
[Tree] (config>service>vprn>dhcp>server>pool>options custom-option)
[Tree] (config>router>dhcp>server>pool>options custom-option)
[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host>options custom-option)
[Tree] (config>router>dhcp>server>pool>subnet>options custom-option)
[Tree] (config>subscr-mgmt>loc-user-db>ppp>host>options custom-option)
Full Context
configure service vprn dhcp local-dhcp-server pool options custom-option
configure router dhcp local-dhcp-server pool options custom-option
configure subscriber-mgmt local-user-db ipoe host options custom-option
configure router dhcp local-dhcp-server pool subnet options custom-option
configure subscriber-mgmt local-user-db ppp host options custom-option
Description
This command configures specific DHCP options. The options defined here can overrule options in the local user database.
The no form of the removes the custom option parameters from the configuration.
Parameters
- option-number
-
Specifies up to four option numbers that the DHCP server uses to send the identification strings to the DHCP client.
- ip-address
-
Specifies the IP address of a host.
- ipv6-address
-
Specifies the IPv6 address of a host. Applicable to DHCP6 only.
- domain-string
-
Specifies the domain name, up to 127 characters.
- hex-string
-
Specifies the hex value of this option.
- ascii-string
-
Specifies the value of this option, up to 127 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
custom-option
Syntax
custom-option option-number address [ipv6-address]
custom-option option-number domain [domain-string]
custom-option option-number hex hex-string
custom-option option-number string ascii-string
no custom-option option-number
Context
[Tree] (config>service>vprn>dhcp6>server>pool>prefix>options custom-option)
[Tree] (config>router>dhcp6>server>pool>options custom-option)
[Tree] (config>router>dhcp6>server>pool>prefix>options custom-option)
[Tree] (config>router>dhcp6>server>defaults>options custom-option)
[Tree] (config>service>vprn>dhcp6>server>pool>options custom-option)
Full Context
configure service vprn dhcp6 local-dhcp-server pool prefix options custom-option
configure router dhcp6 local-dhcp-server pool options custom-option
configure router dhcp6 local-dhcp-server pool prefix options custom-option
configure router dhcp6 local-dhcp-server defaults options custom-option
configure service vprn dhcp6 local-dhcp-server pool options custom-option
Description
This command configures specific DHCP6 options. The options defined here can overrule options in the local user database.
The no form of the removes the custom option parameters from the configuration.
Parameters
- option-number
-
Specifies up to four option numbers that the DHCP6 server uses to send the identification strings to the DHCP6 client.
- ipv6-address
-
Specifies the IPv6 address of a host.
- domain-string
-
Specifies the domain name, up to 127 characters.
- hex-string
-
Specifies the hex value of this option.
- ascii-string
-
Specifies the value of this option, up to 127 characters.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
- configure service vprn dhcp6 local-dhcp-server pool options custom-option
- configure router dhcp6 local-dhcp-server pool prefix options custom-option
- configure service vprn dhcp6 local-dhcp-server pool prefix options custom-option
- configure router dhcp6 local-dhcp-server pool options custom-option
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
- configure router dhcp6 local-dhcp-server defaults options custom-option
custom-option
Syntax
custom-option protocol option-number address ip-address
custom-option protocol option-number hex hex-string
custom-option protocol option-number string ascii-string
no custom-option protocol option-number
Context
[Tree] (config>subscr-mgmt>ppp-policy>options custom-option)
Full Context
configure subscriber-mgmt ppp-policy ppp-options custom-option
Description
This command provides the ability to configure custom PPP options.
Standard options such as the DNS name is returned from DHCP or RADIUS and be converted to PPP automatically. Compression is not supported.
The no form of this command removes the custom options from the configuration.
Parameters
- protocol
-
Specifies a protocol for the custom option.
- option-number
-
Assigns an identifying number for the custom option.
- ip-address
-
Specifies the IP address in the a.b.c.d format.
- ascii-string
-
Specifies an ASCII format string for the custom option up to 127 characters.
- hex-string
-
Specifies a hex value for the custom option.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
custom-option
Syntax
custom-option option-number address [ip-address]
custom-option option-number hex hex-string
custom-option option-number string ascii-string
no custom-option option-number
Context
[Tree] (config>subscr-mgmt>vrgw>brg>brg-profile>dhcp-pool>options custom-option)
Full Context
configure subscriber-mgmt vrgw brg brg-profile dhcp-pool options custom-option
Description
This command configures DHCP options.
Parameters
- option-number
-
Specifies the number of this DHCP option.
- ip-address
-
Specifies the IP address of this option. Up to 4 addresses can be assigned.
- hex-string
-
Specifies the hex value of this option.
- ascii-string
-
Specifies an ASCII value of this option.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
custom-protocol
custom-protocol
Syntax
custom-protocol custom-protocol-id ip-protocol-num protocol-id [create]
custom-protocol custom-protocol-id
no custom-protocol custom-protocol-id
Context
[Tree] (config>app-assure>group>policy custom-protocol)
Full Context
configure application-assurance group policy custom-protocol
Description
This command creates and enters configuration context for custom protocols. Custom protocols allow the creation of TCP and UDP-based custom protocols (based on the ip-protocol-num option) that employ pattern-match at offset in protocol signature definition.
Operator-configurable custom-protocols are evaluated ahead of any Nokia-provided protocol signature in order of custom-protocol-id (the lower ID is matched first in case of flow matching multiple custom-protocols) within the context the protocol is defined.
Custom protocols must be created before they can be used in application definition but do not have to be enabled. To reference a custom protocol in application definition, or any other CLI configuration one must use protocol name that is a concatenation of "custom_” and <custom-protocol-id>, (for example custom_01, custom_02 ... custom_10, and so on). This concatenation is also used when reporting custom protocol statistics.
Parameters
- custom-protocol-id
-
Specifies the index into the protocol list that defines a custom protocol for application assurance.
- protocol-id
-
Specifies the IP protocol to match against for the custom protocol.
- create
-
Mandatory keyword used when creating custom protocol. The create keyword requirement can be enabled/disabled in the environment>create context.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
custom-record
custom-record
Syntax
[no] custom-record
Context
[Tree] (config>subscr-mgmt>acct-plcy custom-record)
Full Context
configure subscriber-mgmt radius-accounting-policy custom-record
Description
Commands in this context configure the layout and setting for a custom accounting record associated with this accounting policy.
The no form of this command reverts the configured values to the defaults.
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
custom-record
Syntax
[no] custom-record
Context
[Tree] (config>log>acct-policy custom-record)
Full Context
configure log accounting-policy custom-record
Description
Commands in this context configure the layout and setting for a custom accounting record associated with this accounting policy.
The no form of this command reverts the configured values to the defaults.
Platforms
All
custom-user-group
custom-user-group
Syntax
custom-user-groupname
no custom-user-group
Context
[Tree] (config>subscr-mgmt>wlan-gw>tunnel-query custom-user-group)
Full Context
configure subscriber-mgmt wlan-gw tunnel-query custom-user-group
Description
This command specifies to use a custom user group as a filter. A user equipment (UE) can be assigned up to four custom user groups during RADIUS authentication using the Alc-Wlan-Custom-User-Group attribute.
The no form of this command does not select tunnels based on the custom user group.
Parameters
- name
-
Specifies the name of the user group.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
custom-user-group
Syntax
custom-user-groupname
no custom-user-group
Context
[Tree] (config>subscr-mgmt>wlan-gw>ue-query custom-user-group)
Full Context
configure subscriber-mgmt wlan-gw ue-query custom-user-group
Description
This command specifies to use a custom user group as a filter. A user equipment (UE) can be assigned up to four custom user groups during RADIUS authentication using the Alc-Wlan-Custom-User-Group attribute.
The no form of this command does not select UEs based on the custom user group.
Parameters
- name
-
Specifies the name of the user group.
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
custom-x-header
custom-x-header
Syntax
custom-x-header x-header-name
no custom-x-header
Context
[Tree] (config>app-assure>group>url-filter>icap custom-x-header)
Full Context
configure application-assurance group url-filter icap custom-x-header
Description
This command configures the url-filter ICAP policy to include a new x-header field; the content of the x-header is populated based on AQP url-filter action which can optionally specify the ASO characteristic value to include in the x-header.
Default
no custom-x-header
Parameters
- x-header-name
-
Specifies the name of the x-header added to the ICAP request.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
customer
customer
Syntax
customer customer-id [create] [ name name]
no customer customer-id
Context
[Tree] (config>service customer)
Full Context
configure service customer
Description
This command creates a customer ID and customer context used to associate information with a particular customer. Services can later be associated with this customer at the service level.
Each customer-id must be unique. The create keyword must follow each new customer customer-id entry.
Enter an existing customer customer-id (without the create keyword) to edit the customer’s parameters.
An optional customer name can be specified and is tied to the customer-name in the customer context (setting either customer-name or name will cause the other to change as well).
The no form of this command removes a customer-id and all associated information. Before removing a customer-id, all references to that customer in all services must be deleted or changed to a different customer ID.
Default
customer 1 always exists on the system and cannot be deleted.
Parameters
- customer-id
-
Specifies the ID number to be associated with the customer, expressed as an integer.
- create
-
This keyword is required when first creating the configuration context. Once the context is created, it is possible to navigate into the context without the create keyword.
- name name
-
This parameter configures an optional customer name, up to 64 characters in length, which adds a name identifier to a given customer to then use that customer name in configuration references as well as display and use customer names in show commands throughout the system. This helps the service provider/administrator to identify and manage services within the SR OS platforms.
All services are required to assign a customer ID to initially create a customer. However, either the customer ID or the customer name can be used to identify and reference a given customer once it is initially created.
If a name is not specified at creation time, then SR OS assigns a string version of the customer-id as the name.
Platforms
All
customer-id-range
customer-id-range
Syntax
customer-id-range start customer-id end customer-id
no customer-id-range
Context
[Tree] (config>service>md-auto-id customer-id-range)
Full Context
configure service md-auto-id customer-id-range
Description
This command specifies the range of IDs used by SR OS to automatically assign an ID to customers that are created in model-driven interfaces without an ID explicitly specified by the user or client.
A customer created with an explicitly-specified ID cannot use an ID in this range. In the classic CLI and SNMP, the ID range cannot be changed while objects exist inside the previous or new range. In MD interfaces, the range can be changed, which causes any previously existing objects in the previous ID range to be deleted and re-created using a new ID in the new range.
The no form of this command removes the range values.
See the config>service md-auto-id command for further details.
Default
no customer-id-range
Parameters
- start customer-id
-
Specifies the lower value of the ID range. The value must be less than or equal to the end value.
- end customer-id
-
Specifies the upper value of the ID range. The value must be greater than or equal to the start value.
Platforms
All
cut-through-packets
cut-through-packets
Syntax
cut-through-packets cut-through-packets
Context
[Tree] (debug>app-assure>group>traffic-capture>record cut-through-packets)
Full Context
debug application-assurance group traffic-capture record cut-through-packets
Description
This command records cut-through packet conditions.
Parameters
- cut-through-packets
-
Indicates whether to capture cut-through only packets or cut-through and other packets, or to exclude them all together.
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR