Commands in this context configure admit-deny statistics generation.
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
aa-interface aa-if-name [create]
no aa-interface aa-if-name
[Tree] (config>service>vprn aa-interface)
[Tree] (config>service>ies aa-interface)
Full Context
configure service vprn aa-interface
configure service ies aa-interface
This commands creates a new AA interface within an IES or VPRN service. It is used by the aa-isa to send/receive IPv4 traffic. In the context of ICAP url-filtering this interface is used by the ISA to establish ICAP TCP connections to the ICAP servers.
This interface supports /31 subnet only, and uses by default .1q encapsulation.
The system will automatically configure the ISA IP address based on the address configured by the operator under the aa-interface object (which represents the ISA sap facing interface on the ISA).
- aa-if-name
specifies the name of the AA Interface.
- create
Keyword that specifies to create the interface.
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
[no] aa-specific
[Tree] (config>log>acct-policy>cr aa-specific)
Full Context
configure log accounting-policy custom-record aa-specific
Commands in this context configure information for this custom record.
The no form of this command excludes aa-specific attributes in the AA subscriber's custom record.
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
aa-sub esm {eq | neq} sub-ident-string
aa-sub esm-mac {eq | neq} esm-mac-name
aa-sub sap {eq | neq} sap-id
aa-sub spoke-sdp {eq | neq} sdp-id:vc-id
aa-sub transit {eq | neq} transit-aasub-name
no aa-sub
[Tree] (config>app-assure>group>policy>aqp>entry>match aa-sub)
Full Context
configure application-assurance group policy app-qos-policy entry match aa-sub
This command specifies a Service Access Point (SAP) or an ESM subscriber as matching criteria.
The no form of this command removes the SAP or ESM matching criteria.
- eq
Specifies that the value configured and the value in the flow are equal.
- neq
Specifies that the value configured differs from the value in the flow.
- sub-ident-string
Specifies the name of an existing application assurance subscriber.
- esm-mac-name
Specifies the name of an ESM-MAC subscriber.
- sap-id
Specifies the SAP ID.
- sap sap-id
Specifies the physical port identifier portion of the SAP definition.
- sdp-id:vc-id
Specifies the spoke SDP ID and VC ID.
- transit-aasub-name
Specifies the name of a transit AA subscriber.
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
[Tree] (config>app-assure>group>statistics aa-sub)
Full Context
configure application-assurance group statistics aa-sub
Commands in this context configure accounting and statistics collection parameters per application assurance subscribers.
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
[no] aa-sub {esm sub-ident-string | sap sap-id | spoke-sdp sdp-id:vc-id | transit transit-aasub-name | esm-mac esm-mac-name }
[Tree] (config>app-assure>group>statistics>aa-sub-study aa-sub)
Full Context
configure application-assurance group statistics aa-sub-study aa-sub
This command adds an existing subscriber identification to a group of special study subscribers (for example, subscribers for which per subscriber statistics and accounting records can be collected for protocols and applications of application assurance).
The no form of this command removes the subscriber from the special study subscribers.
Up to 100 subscribers can be configured into the special study group for protocols and up to a 100 potentially different subscribers can be configured into the special study group for applications.
When adding a subscriber to the special study group, accounting records and statistics generation will commence immediately. When removing a subscriber from the group, special study statistics and accounting records for that subscriber in the current interval will be lost.
- sub-ident-string
Specifies the name of a subscriber ID. The subscriber does not need to be currently active. Any sub-ident-string will be accepted. When the subscriber becomes active, statistics generation will start automatically at that time.
- sap-id
Specifies the physical port identifier portion of the SAP definition.
- spoke-id sdp-id:vc-id
Specifies the spoke SDP ID and VC ID.
- transit-aasub-name
Specifies an existing transit subscriber name string, up to 32 characters in length.
- esm-mac-name
Specifies an existing ESM-MAC subscriber name, up to 32 characters.
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
aa-sub transit-aasub-name
no aa-sub
[Tree] (config>app-assure>group>transit-prefix-policy>entry aa-sub)
Full Context
configure application-assurance group transit-prefix-policy entry aa-sub
This command configures a transit prefix policy entry subscriber.
The no form of this command removes the transit subscriber name from the transit prefix policy configuration.
- transit-aasub-name
specifies the name of the transit prefix AA subscriber up to 32 characters.
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
aa-sub-attributes [all]
no aa-sub-attributes
[Tree] (config>log>acct-policy>cr>aa aa-sub-attributes)
Full Context
configure log accounting-policy custom-record aa-specific aa-sub-attributes
Commands in this context configure aa-specific attributes such as aa-sub-attributes and counters that will be available in the AA subscriber's custom record.
The no form of this command excludes aa specific attributes from the AA subscriber's custom record.
- all
Specifies all counters.
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
[Tree] (config>app-assure>group aa-sub-congestion-detection)
Full Context
configure application-assurance group aa-sub-congestion-detection
Commands in this context configure Non-Location Based DEM (NLB-DEM) parameters.
NLB-DEM and Access-Network Location (ANL) DEM mode are mutually exclusive, and cannot operate simultaneously.
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
aa-sub-counters [all]
no aa-sub-counters
[Tree] (config>log>acct-policy>cr>aa aa-sub-counters)
Full Context
configure log accounting-policy custom-record aa-specific aa-sub-counters
Commands in this context configure subscriber counter information. This command only applies to the 7750 SR.
The no form of this command excludes the aa-sub-counters attributes in the AA subscriber's custom record.
- all
Specifies all counters.
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
[Tree] (config>app-assure>group>policy>app-profile aa-sub-distribute-traffic-by-ip)
Full Context
configure application-assurance group policy app-profile aa-sub-distribute-traffic-by-ip
This command allows the application assurance (AA) to divert traffic on the parent SAP or spoke-SDP to multiple ISAs/ESAs based on the source IP address. This is useful when the bandwidth of a single SAP is larger than the capacity of a single ISA or ESA. This is only supported for auto-created transit IP subscribers.
The traffic is diverted when hashing is enabled at the AA group level and in the parent SAP application profile.
The no form of this command does not allow AA to divert traffic on the parent SAP or spoke-SDP to different ESAs in the AA group based on the source IP address.
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s
[Tree] (config>isa>aa-grp aa-sub-distribute-traffic-by-ip)
Full Context
configure isa application-assurance-group aa-sub-distribute-traffic-by-ip
This command allows the application assurance (AA) to divert traffic on the parent SAP or spoke-SDP to multiple ISAs/ESAs based on the source IP address. This is useful when the bandwidth of a single SAP is larger than the capacity of a single ISA or ESA. This is only supported for auto-created transit IP subscribers.
The traffic is diverted when hashing is enabled at the AA group level and in the parent SAP application profile.
The no form of this command does not allow AA to divert traffic on the parent SAP or spoke-SDP to different ESAs in the AA group based on the source IP address.
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s
aa-sub-ip ip-address[/mask]
no aa-sub-ip
[Tree] (config>app-assure>group>transit-prefix-policy>entry>match aa-sub-ip)
Full Context
configure application-assurance group transit-prefix-policy entry match aa-sub-ip
This command configures a transit prefix subscriber ip address prefix. It is used when the site is on the local side, being the same side of the system as the parent SAP. The local aa-sub-ip addresses represent the src-IP in the from-SAP direction and dest-IP in the to-SAP direction.
The no form of this command deletes the aa-sub-ip address assigned from the entry configuration.
no aa-sub-ip
- ip-address[/mask]
Specifies the address type of the subscriber address prefix associated with this transit prefix policy entry.
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
[no] aa-sub-remote
[Tree] (config>app-assure>group aa-sub-remote)
Full Context
configure application-assurance group aa-sub-remote
This command specifies whether or not the from subscriber and to subscriber traffic direction is reversed for this group-partition.
no aa-sub-remote
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
aa-sub-study study-type
[Tree] (config>app-assure>group>statistics aa-sub-study)
Full Context
configure application-assurance group statistics aa-sub-study
Commands in this context configure accounting and statistics collection parameters per application assurance special study subscribers.
- study-type
Specifies special study protocol subscriber stats.
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
no aa-sub-suppressible
[Tree] (config>app-assure>group>policy>app-profile aa-sub-suppressible)
Full Context
configure application-assurance group policy app-profile aa-sub-suppressible
This command configures an app-profile as "aa-sub-suppressible”, this function is used in the context of an SRRP group interface. If an SRRP group interface is configured as "suppress-aa-sub” then subscribers with an app-profile configured as "aa-sub-suppressible” will not be diverted to Application Assurance.
The no form of this command restores the default behavior.
no aa-sub-suppressible
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
aa-sub-tethering-state {detected | not-detected}
no aa-sub-tethering-state
[Tree] (config>app-assure>group>policy>aqp>entry>match aa-sub-tethering-state)
Full Context
configure application-assurance group policy app-qos-policy entry match aa-sub-tethering-state
This command specifies the tethering state of the subscriber where the AQP match entry will be applied.
The tethering state match condition is meaningful when configured in non-default subscriber policy AQP. Default subscriber policy consists of those AQPs that include match criteria based on the subscriber’s configuration. Tethering state match condition is also applicable in those AQPs that include matching criteria that are derived from actual subscriber’s traffic.
The no form of this command removes detection of sub-tethering state from the configuration.
no aa-sub-tethering-state
- detected
Specifies that the subscriber is in the tethering state.
- not-detected
Specifies that the subscriber is not in the tethering state.
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
aa-url-parameter url-param-string
[Tree] (config>subscr-mgmt>http-rdr-plcy aa-url-parameter)
[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>dsm aa-url-parameter)
[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>dsm aa-url-parameter)
Full Context
configure subscriber-mgmt http-redirect-policy aa-url-parameter
configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range distributed-sub-mgmt aa-url-parameter
configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range distributed-sub-mgmt aa-url-parameter
This command configures the AA URL parameter that is used for HTTP portal redirect.
- url-param-string
Specifies an AA URL parameter, up to 247 characters.
7750 SR, 7750 SR-e, 7750 SR-s, VSR
[Tree] (config aaa)
Full Context
configure aaa
Commands in this context configure authentication, authorization, and accounting.
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
[Tree] (config>service>vprn aaa)
Full Context
configure service vprn aaa
Commands in this context configure AAA on the VPRN.
aarp aarpId type type
no aarp
[Tree] (config>service>epipe>sap aarp)
[Tree] (config>service>epipe>spoke-sdp aarp)
Full Context
configure service epipe sap aarp
configure service epipe spoke-sdp aarp
This command associates an AARP instance with a multi-homed SAP or spoke SDP. This instance uses the same AARP ID in the same node to provide traffic flow and packet asymmetry removal for a multi-homed SAP or spoke SDP.
The type specifies the role of this service point in the AARP: either, primary (dual-homed) or secondary (dual-homed-secondary). The AA service attributes (app-profile and transit-policy) of the primary are inherited by the secondary endpoints. All endpoints within an AARP must be of the same type (SAP or spoke), and all endpoints with an AARP must be within the same service.
The no form of this command removes the association between an AARP instance and a multi-homed SAP or spoke SDP.
no aarp
- aarpid
Specifies the AARP instance associated with this SAP. If not configured, no AARP instance is associated with this SAP.
- type
Specifies the role of the SAP referenced by the AARP instance.
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
aarp aarp-id type {subscriber-side-shunt | network-side-shunt}
no aarp
[Tree] (config>service>ipipe>spoke-sdp aarp)
Full Context
configure service ipipe spoke-sdp aarp
This command associates an AARP instance to an Ipipe spoke SDP. This instance is paired with the same aarp-id in a peer node as part of a configuration to provide flow and packet asymmetry removal for traffic for a multi-homed SAP or spoke SDP. The type parameter specifies the role of this service point in the AARP instance.
The no form of this command removes the association.
no aarp
- aarp-id
An integer that identifies an AARP instance.
- subscriber-side-shunt
Specifies that the AARP type is an inter-chassis shunt service for subscriber-side traffic.
- network-side-shunt
Specifies that the AARP type is an inter-chassis shunt service for network-side traffic.
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
aarp aarp-id type {subscriber-side-shunt | network-side-shunt}
no aarp
[Tree] (config>service>ies>aarp-interface>spoke-sdp aarp)
Full Context
configure service ies aarp-interface spoke-sdp aarp
This command associates an AARP instance to an AARP interface spoke SDP. This instance is paired with the same aarp-id in a peer node as part of a configuration to provide flow and packet asymmetry removal for traffic for a multi-homed SAP or spoke SDP. The type parameter specifies the role of this service point in the AARP instance.
The no form of this command removes the association.
no aarp
- aarp-id
Specifies an integer that identifies an AARP instance.
- subscriber-side-shunt
Specifies that the AARP type is an inter-chassis shunt service for subscriber-side traffic.
- network-side-shunt
Specifies that the AARP type is an inter-chassis shunt service for network-side traffic.
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
aarp aarpId type type
no aarp
[Tree] (config>service>ies>if>sap aarp)
[Tree] (config>service>ies>if>spoke-sdp aarp)
Full Context
configure service ies interface sap aarp
configure service ies interface spoke-sdp aarp
This command associates an AARP instance with a multi-homed SAP or spoke SDP. This instance uses the same AARP ID in the same node or in a peer node (pre-configured) to provide traffic flow and packet asymmetry removal for a multi-homed SAP or spoke SDP.
The type specifies the role of this service point in the AARP: either, primary (dual-homed) or secondary (dual-homed-secondary). The AA service attributes (app-profile and transit-policy) of the primary are inherited by the secondary endpoints. All endpoints within an AARP must be of the same type (SAP or spoke), and all endpoints with an AARP must be within the same service.
The no form of this command removes the association between an AARP instance and a multi-homed SAP or spoke SDP.
no aarp
- aarpId
Specifies the AARP instance associated with this SAP. If not configured, no AARP instance is associated with this SAP.
- type
Specifies the role of the SAP referenced by the AARP instance.
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
aarp aarp-id type {subscriber-side-shunt | network-side-shunt}
no aarp
[Tree] (config>service>vprn>aarp-interface>spoke-sdp aarp)
Full Context
configure service vprn aarp-interface spoke-sdp aarp
This command associates an AARP instance to an AARP interface spoke SDP. This instance is paired with the same aarp-id in a peer node as part of a configuration to provide flow and packet asymmetry removal for traffic for a multi-homed SAP or spoke SDP. The type parameter specifies the role of this service point in the AARP instance.
The no form of this command removes the association.
no aarp
- aarp-id
An integer that identifies an AARP instance.
- subscriber-side-shunt
Specifies that the AARP type is an inter-chassis shunt service for subscriber-side traffic.
- network-side-shunt
Specifies that the AARP type is an inter-chassis shunt service for network-side traffic.
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
aarp aarpId type type
no aarp
[Tree] (config>service>vprn>if>sap aarp)
[Tree] (config>service>vprn>if>spoke-sdp aarp)
Full Context
configure service vprn interface sap aarp
configure service vprn interface spoke-sdp aarp
This command associates an AARP instance with a multi-homed SAP or spoke SDP. This instance uses the same AARP ID in the same node or in a peer node (pre-configured) to provide traffic flow and packet asymmetry removal for a multi-homed SAP or spoke SDP.
The type specifies the role of this service point in the AARP: either, primary (dual-homed) or secondary (dual-homed-secondary). The AA service attributes (app-profile and transit-policy) of the primary are inherited by the secondary endpoints. All endpoints within an AARP must be of the same type (SAP or spoke), and all endpoints with an AARP must be within the same service.
The no form of this command removes the association between an AARP instance and a multi-homed SAP or spoke SDP.
no aarp
- aarpId
Specifies the AARP instance associated with this SAP. If not configured, no AARP instance is associated with this SAP.
- type
Specifies the role of the SAP referenced by the AARP instance.
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
aarp aarpId [create]
no aarp aarpId
[Tree] (config>application-assurance aarp)
Full Context
configure application-assurance aarp
This command defines an Application Assurance Redundancy Protocol (AARP) instance. This instance is paired with the same aarpId in a peer node as part of a configuration to provide flow and packet asymmetry removal for traffic for a multi-homed SAP or spoke SDP.
The no form of this command removes the instance from the configuration.
- aarpid
An integer that identifies an AARP instance.
- create
Keyword used to create the AARP instance.
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
aarp-interface aarp-interface-name [create]
no aarp-interface aarp-interface-name
[Tree] (config>service>ies aarp-interface)
Full Context
configure service ies aarp-interface
This command creates an AARP interface for connecting a service to a peer node AARP service. This instance is paired with the same AARP interface in a peer node as part of a configuration to provide flow and packet asymmetry removal for traffic for a multi-homed SAP or spoke SDP.
The no form of this command deletes the interface.
no aarp-interface
- aarp-interface-name
Specifies a string of up to 32 characters identifying the interface.
- create
Keyword used to create the AARP interface.
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
aarp-interface aarp-interface-name [create]
no aarp-interface aarp-interface-name
[Tree] (config>service>vprn aarp-interface)
Full Context
configure service vprn aarp-interface
This command creates an AARP interface for connecting a service to a peer node AARP service. This instance is paired with the same AARP interface in a peer node as part of a configuration to provide flow and packet asymmetry removal for traffic for a multi-homed SAP or spoke SDP.
The no form of this command deletes the interface.
no aarp-interface
- aarp-interface-name
Specifies the AARP interface name.
- create
Keyword used to create the AARP interface.
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
[no] abandon-tcp-optimization
[Tree] (config>app-assure>group>policy>aqp>entry>action abandon-tcp-optimization)
Full Context
configure application-assurance group policy app-qos-policy entry action abandon-tcp-optimization
This command causes TCPO to stop for flows matching this AQP entry. The flows are counted as TCPO abandoned by policy flows.
The no form of this command removes abandon TCPO from actions on flows matching this AQP entry.
no abandon-tcp-optimization
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
[Tree] (config>app-assure>group>policy abort)
Full Context
configure application-assurance group policy abort
This command ends the current editing session and aborts any changes entered during this policy editing session.
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
[Tree] (config>router>bfd abort)
Full Context
configure router bfd abort
This command discards the changes made to a BFD template during an active session.
[Tree] (config>router>route-next-hop-policy abort)
Full Context
configure router route-next-hop-policy abort
This command discards the changes made to route next-hop templates during an active session.
[Tree] (config>system>sync-if-timing abort)
Full Context
configure system sync-if-timing abort
This command is required to discard changes that have been made to the synchronous interface timing configuration during a session.
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
[Tree] (config>router>policy-options abort)
Full Context
configure router policy-options abort
This command is required to discard changes made to a route policy.
[no] above-offered-allowance
[Tree] (config>qos>adv-config-policy>child-control>bandwidth-distribution above-offered-allowance)
Full Context
configure qos adv-config-policy child-control bandwidth-distribution above-offered-allowance
Commands in this context edit the parameters that control the child's above-offered-allowance bandwidth. These parameters are only applicable when the port scheduler is configured to use the above-offered-allowance-control algorithm, otherwise they are ignored.
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
above-offered-cap {percent percent-of-admin-pir | rate rate-in-kilobits-per-second}
no above-offered-cap
[Tree] (config>qos>adv-config-policy>child-control>bandwidth-distribution above-offered-cap)
Full Context
configure qos adv-config-policy child-control bandwidth-distribution above-offered-cap
This command is used to limit the operationally configured shaping or policing rate on the child associated with the policy. After the parent virtual scheduler or policer control policy determines the appropriate rate for a specific child, a separate operation decides the actual PIR that should be configured for that child. When the parent determines that the distributed rate is equal to or less than the child’s offered rate, the configured operational PIR will be equal to that determined rate. But when the parent determines that the child’s offered rate is less than the available bandwidth the child could consume, the operational PIR may be set to a value larger than the distributed bandwidth. This extra rate is not currently used by the child because the offered rate is less. The system provides this extra bandwidth in case the child’s offered rate increases before the next sampling interval is complete, to mitigate the periodic nature of the child’s operational PIR adjustments. The increase in the offered rate is not subtracted from the parent’s remaining distribution bandwidth for lower priority children, only the determined rate is considered consumed by the parent virtual scheduler or policer control policy instance. The actual operationally configured PIR will never be greater than the child’s administratively defined PIR.
This 'fair share’ PIR configuration behavior may result in the sum of the children’s PIRs exceeding the aggregate rate of the parent. If this behavior violates the downstream QoS requirements, the above-offered-cap command may be used to minimize or eliminate the increase in the child’s configured PIR.
If the above-offered-cap command is used with a percent-based value, the increase is a function of the configured PIR value on the policer or queue. In this case, care should be taken that the child is either configured with an explicit PIR rate (other than max) or the child’s administrative PIR is defined using the percent-rate command with the local parameter enabled if an explicit value is not needed. When a maximum PIR is in use on the child, the system attempts to interpret the maximum child forwarding rate. This rate could be very large if the child is associated with multiple ingress or egress ports.
If the child’s administrative PIR is modified while a percent based above-offered-cap is in effect, the system automatically uses the new relative limit value the next time the child’s operational PIR is distributed.
When this command is not specified or removed, the child’s operational 'fair share’ operational PIR may be configured up to the child’s administrative PIR, based on the actual parental bandwidth available at the child’s priority level.
The no form of this command is used to remove a fair share operational PIR rate increase limit from all child policers and queues associated with the policy.
- percent-of-admin-pir
When the percent qualifier is used, the following percent-of-admin-pir parameter specifies the percentage of the child’s administrative PIR that is used as the fair share increase limit. The new operational PIR result is capped by the child’s PIR. If a value of 0 or 0.00 is used, the system will disable the fair share increase function and only configure the actual distribution rate. If a value of 100 or 100.00 is used, the system will interpret this equivalent to executing the no above-offered-cap command and return the fair-share operation to the default behavior.
- rate-in-kilobits-per-second
When the rate qualifier is used, the rate-in-kilobits-per-second parameter specifies an explicit rate, in kb/s, that are used as the limit to the child’s fair share increase to the operational PIR. The new operational PIR result is capped by the child’s PIR. If a value of 0 is used, the system will disable the fair share increase function and only configure the actual distribution rate.
absolute microseconds
no absolute
[Tree] (config>test-oam>link-meas>template>sw>thr absolute)
[Tree] (config>test-oam>link-meas>template>asw>thr absolute)
Full Context
configure test-oam link-measurement measurement-template sample-window threshold absolute
configure test-oam link-measurement measurement-template aggregate-sample-window threshold absolute
This command specifies the delta, in microseconds, that a new delay measurement must differ from the previously reported measurement to be reported directly to the routing engine.
The no form of this command reverts to the default value.
absolute 0
- microseconds
Specifies the difference, in microseconds.
A value of 0 (zero) indicates that the absolute threshold is not used for reporting.
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
ac-df-capability {include | exclude}
[Tree] (config>service>system>bgp-evpn>eth-seg ac-df-capability)
Full Context
configure service system bgp-evpn ethernet-segment ac-df-capability
This command configures the inclusion or exclusion of the Attachment Circuit-influenced (AC-Influenced) designated forwarder (DF) election capability (AC-DF) capability into the DF Election for the Ethernet Segment.
The SR OS supports the AC-DF capability, in accordance with RFC 8584. The include option is the default command setting. The AC-DF capability is enabled by default to support the EVPN auto-discovery per EVI/ES (AD per EVI/ES) routes for a specific PE, which ensures that the PE is included in the candidate DF election list.
Configuring the exclude option disables the AC-DF capability. When ac-df-capability exclude is configured on a specific Ethernet Segment (ES), the presence or absence of the AD per EVI/ES routes from the ES peers do not modify the candidate DF Election list for the ES. The exclude option is recommended in ESs that use an oper-group monitored by the access LAG to signal standby lacp or power-off.
All PE routers attached to the same ES must be configured consistently for the AC-DF capability.
ac-df-capability include
- include
Specifies that AC-DF capability is enabled.
- exclude
Specifies that AC-DF capability is disabled.
[no] accept-authorization-change
[Tree] (config>subscr-mgmt>auth-policy accept-authorization-change)
Full Context
configure subscriber-mgmt authentication-policy accept-authorization-change
This command specifies whether or not the system should handle the CoA messages initiated by the RADIUS server, and provide for mid-session interval changes of policies applicable to subscriber hosts.
The no form of this command reverts to the default.
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
[no] accept-coa
[Tree] (config>service>vprn>radius-server>server accept-coa)
[Tree] (config>router>radius-server>server accept-coa)
Full Context
configure service vprn radius-server server accept-coa
configure router radius-server server accept-coa
This command configures this server for Change of Authorization messages. The system will process the CoA request from the external server if configured with this command; otherwise the CoA request is dropped.
The no form of this command disables the command.
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
accept-from-ebgp family [family]
no accept-from-ebgp
[Tree] (config>service>vprn>bgp>group>link-bandwidth accept-from-ebgp)
[Tree] (config>service>vprn>bgp>group>neighbor>link-bandwidth accept-from-ebgp)
Full Context
configure service vprn bgp group link-bandwidth accept-from-ebgp
configure service vprn bgp group neighbor link-bandwidth accept-from-ebgp
This command configures BGP to accept and use the link-bandwidth extended community attached to any route received from any EBGP peer in the scope of the command, as long as that route belongs to one of the listed address families.
The link-bandwidth extended community is encoded as a non-transitive type. This means that by default it should not be attached to any route advertised to an EBGP peer and it should be discarded when received in any route from an EBGP peer. This command overrides the standard behavior.
Up to three families may be configured.
The no form of this command restores the default behavior of discarding the link-bandwidth extended community in any route received from an EBGP peer.
no accept-from-ebgp
- family
Specifies the address families for which receiving the link-bandwidth extended community from EBGP peers should be supported.
accept-from-ebgp family [family]
no accept-from-ebgp
[Tree] (config>router>bgp>group>neighbor>link-bandwidth accept-from-ebgp)
[Tree] (config>router>bgp>group>link-bandwidth accept-from-ebgp)
Full Context
configure router bgp group neighbor link-bandwidth accept-from-ebgp
configure router bgp group link-bandwidth accept-from-ebgp
This command configures BGP to accept and use the link-bandwidth extended community attached to any route received from any EBGP peer in the scope of the command, as long as that route belongs to one of the listed address families.
The link-bandwidth extended community is encoded as a non-transitive type. This means that by default it should not be attached to any route advertised to an EBGP peer and it should be discarded when received in any route from an EBGP peer. This command overrides the standard behavior.
Up to six families may be configured.
The no form of this command restores the default behavior of discarding the link-bandwidth extended community in any route received from an EBGP peer.
no accept-from-ebgp
- family
Specifies the address families for which receiving the link-bandwidth extended community from EBGP peers should be supported.
[no] accept-ipv6-link-local-address
[Tree] (config>service>vprn>sub-if>grp-if>data-trigger accept-ipv6-link-local-address)
[Tree] (config>service>ies>sub-if>grp-if>data-trigger accept-ipv6-link-local-address)
Full Context
configure service vprn subscriber-interface group-interface data-trigger accept-ipv6-link-local-address
configure service ies subscriber-interface group-interface data-trigger accept-ipv6-link-local-address
This command configures the system to authenticate the subscriber based on an IPv6 packet with a source IP Link Local Address (LLA). The trigger only occurs if the anti-spoof is type nh-mac. If the anti-spoof is not nh-mac, the packet with an IPv6 LLA is ignored.
The no form of this command removes the configuration.
no accept-ipv6-link-local-address
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
[no] accept-ivpls-evpn-flush
[Tree] (config>service>vpls>bgp-evpn accept-ivpls-evpn-flush)
Full Context
configure service vpls bgp-evpn accept-ivpls-evpn-flush
This command enables the system to accept non-zero Ethernet tag MAC routes and process them only for C-MAC flushing. This command can be changed on the fly without shutting down BGP-EVPN MPLS.
The no version of the command prevents the router from processing B-MAC/ISID routes for cmac-flush.
no accept-ivpls-evpn-flush
[no] accept-mrru
[Tree] (config>subscr-mgmt>ppp-policy>mlppp accept-mrru)
Full Context
configure subscriber-mgmt ppp-policy mlppp accept-mrru
This command is applicable only to LAC. MRRU option is an indication that the session is of MLPPPoX type. The 7750 SR LAC never initiates the MRRU option in LCP negotiation process. However, it responds to MRRU negotiation request by the client.
This command provides an option to specifically enable or disable negotiation of MLPPPoX on a capture SAP level or on a group interface level.
The no form of this command causes the MRRU option in LCP to not be negotiated by LAC.
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s
[no] accept-orf
[Tree] (config>router>bgp>outbound-route-filtering>extended-community accept-orf)
[Tree] (config>router>bgp>group>outbound-route-filtering>extended-community accept-orf)
[Tree] (config>router>bgp>group>neighbor>outbound-route-filtering>extended-community accept-orf)
Full Context
configure router bgp outbound-route-filtering extended-community accept-orf
configure router bgp group outbound-route-filtering extended-community accept-orf
configure router bgp group neighbor outbound-route-filtering extended-community accept-orf
This command instructs the router to negotiate the receive capability in the BGP ORF negotiation with a peer, and accept filters that the peer wants to send.
The no form of this command causes the router to remove the accept capability in the BGP ORF negotiation with a peer, and to clear any existing ORF filters that are currently in place.
no accept-orf
[no] accept-remote-loopback
[Tree] (config>port>ethernet>efm-oam accept-remote-loopback)
Full Context
configure port ethernet efm-oam accept-remote-loopback
This command enables reactions to loopback control OAM PDUs from peers.
The no form of this command disables reactions to loopback control OAM PDUs.
no accept-remote-loopback
accept-script-policy policy-name
no accept-script-policy
[Tree] (config>aaa>radius-srv-plcy accept-script-policy)
Full Context
configure aaa radius-server-policy accept-script-policy
This command specifies the RADIUS script policy used to change the RADIUS attributes of the incoming Access-Accept messages.
- policy-name
Specifies the name of the Python script to modify Access-Accept messages, up to 32 characters.
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
accept-script-policy policy-name
no accept-script-policy
[Tree] (config>subscr-mgmt>auth-policy accept-script-policy)
Full Context
configure subscriber-mgmt authentication-policy accept-script-policy
This command specifies the RADIUS script policy used to change the RADIUS attributes of the incoming Access-Accept messages.
The no form of this command reverts to the default.
- policy-name
Specifies the name of the Python script to modify Access-Accept messages, up to 32 characters.
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
[no] accept-unprotected-errormsg
[Tree] (config>system>security>pki>ca-profile>cmpv2 accept-unprotected-errormsg)
Full Context
configure system security pki ca-profile cmpv2 accept-unprotected-errormsg
This command enables the system to accept both protected and unprotected CMPv2 error message. Without this command, system will only accept protected error messages.
The no form of this command causes the system to only accept protected PKI confirmation message.
no accept-unprotected-errormsg
[no] accept-unprotected-pkiconf
[Tree] (config>system>security>pki>ca-profile>cmpv2 accept-unprotected-pkiconf)
Full Context
configure system security pki ca-profile cmpv2 accept-unprotected-pkiconf
This command enables the system to accept both protected and unprotected CMPv2 PKI confirmation messages. Without this command, the system will only accept protected PKI confirmation message.
The no form of this command causes the system to only accept protected PKI confirmation message.
no accept-unprotected-pkiconf
acceptance-criteria-template accept-crit-tmpl-name [create]
no acceptance-criteria-template accept-crit-tmpl-name
[Tree] (config>test-oam>sath acceptance-criteria-template)
Full Context
configure test-oam service-activation-testhead acceptance-criteria-template
Commands in this context configure the test acceptance criteria policy that the service test testhead OAM tool uses to determine the test result after test completion.
The acceptance-criteria-template "default” value is attached to every service-stream created under the service-test context for which no explicit acceptance criteria template policy is configured by the user.
The default acceptance criteria template is not user-configurable.
The default template does not set any thresholds and only reports the end-of-run values. The following are the default template settings:
no description
no delay-var-threshold
no delay-threshold
no loss-threshold
no loss-threshold-policing
no cir-threshold
no pir-threshold
no m-factor
The no form of this command removes the test acceptance criteria.
acceptance-criteria-template default
- accept-crit-tmpl-name
Specifies the name, up to 64 characters, of the test acceptance criteria. This name is also used when starting the throughput test.
- create
Mandatory keyword to instantiate the template.
7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS
acceptance-criteria-template accept-crit-tmpl-name
[Tree] (config>test-oam>sath>svc-test>svc-stream acceptance-criteria-template)
Full Context
configure test-oam service-activation-testhead service-test service-stream acceptance-criteria-template
This command creates a link to an acceptance criteria template policy configured by the user for the specified service stream.
Assign the default acceptance-criteria-template "default” to remove the existing template in a service stream.
acceptance-criteria-template default
- accept-crit-tmpl-name
Specifies the name, up to 64 characters, of a preconfigured acceptance criteria.
7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS
access router router-instance
access service service-name
no access
[Tree] (config>subscr-mgmt>steering-profile access)
Full Context
configure subscriber-mgmt steering-profile access
This command specifies a routing instance to be used as a network VAS router in the steering profile.
The no form of this command removes the router instance.
- router-instance
Specifies the router instance to be used as an access VAS router.
- service-name
Specifies the service name, up to 64 characters.
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
[Tree] (config>port>ethernet access)
Full Context
configure port ethernet access
This command configures Ethernet access port parameters.
[no] access
[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>vrgw>lanext access)
[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>vrgw>lanext access)
Full Context
configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range vrgw lanext access
configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range vrgw lanext access
Commands in this context configure the access side of HLE for the VLAN range.
The no form of this command disables the vRGW parameters enabled in this context.
7750 SR, 7750 SR-e, 7750 SR-s, VSR
[Tree] (config>card>mda access)
[Tree] (config>port access)
Full Context
configure card mda access
configure port access
This command enables the access context to configure egress and ingress pool policy parameters.
On the MDA level, access egress and ingress pools are only allocated on channelized MDAs.
[Tree] (config>card>fp>ingress access)
Full Context
configure card fp ingress access
This CLI node contains the access forwarding-plane parameters.
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
[Tree] (config>lag access)
Full Context
configure lag access
Commands in this context configure access parameters.
[Tree] (config>eth-tunnel>lag-emulation access)
Full Context
configure eth-tunnel lag-emulation access
Commands in this context configure eth-tunnel load sharing access parameters.
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
[no] access
[Tree] (config>service>vprn>snmp access)
Full Context
configure service vprn snmp access
This command enables SNMP access using VPRN interface addresses. This command allows SNMP messages destined to the VPRN interface IP addresses for this VPRN (including VPRN interfaces that are bound to R-VPLS services) to be processed by the SNMP agent on the router. SNMP messages that arrive on VPRN interfaces but are destined to IP addresses in the Base routing context that can be accessed in the VPRN (for example, the router system address via grt leaking) do not require snmp access to be enabled but do require allow-local-management to be enabled.
Using an SNMP community defined inside the VPRN context (configure service vprn snmp community) allows access to a subset of the full SNMP data model. This subset can be seen in the output of show system security view "vprn-view".
Using an SNMP community defined in the system context (configure system security snmp community) allows access to the full SNMP data model (unless otherwise restricted used SNMP views).
Alternatively, grt leaking and a Base routing IP address can be used (along with an SNMP community defined at the system context) to get access to the entire SNMP data model (see the allow-local-management command).
The Nokia NSP cannot discover or fully manage an SR OS router using an SNMP community defined inside the VPRN context. Full SNMP access requires using one of the approaches described above.
Refer to the 7450 ESS, 7750 SR, 7950 XRS, and VSR System Management Guide for detailed information about SNMP.
[no] access [ftp] [snmp] [ console] [li] [netconf] [grpc] [scp-sftp] [console-port-cli] [ssh-cli] [telnet-cli] [bluetooth]
[Tree] (config>system>security>user access)
[Tree] (config>system>security>user-template access)
Full Context
configure system security user access
configure system security user-template access
This command configures user permissions for router management access methods.
To deny an existing access method, enter the no form of this command followed by the method to be denied; for example, no access ftp denies FTP access.
The no form of this command removes the user permission for all management access methods.
no access
- ftp
Specifies FTP access.
- snmp
Specifies SNMP access. This keyword is only configurable in the configure system security user context.
- console
Specifies Bluetooth, console port CLI, SCP/SFTP, SSH CLI, and Telnet CLI access.
- li
Specifies Lawful Intercept (LI) command access.
- netconf
Specifies NETCONF access.
- grpc
Specifies gRPC access.
- scp-sftp
Specifies SCP/SFTP access.
- console-port-cli
Specifies console port CLI access.
- ssh-cli
Specifies SSH CLI access.
- telnet-cli
Specifies Telnet CLI access.
- bluetooth
Specifies Bluetooth access.
[no] access group group-name security-model security-model security-level security-level [context context-name [prefix -match]] [read view-name-1] [write view-name-2] [notify view-name-3]
[Tree] (config>system>security>snmp access)
Full Context
configure system security snmp access
This command creates an association between a user group, a security model, and the views that the user group can access. Access parameters must be configured unless security is limited to the preconfigured access groups and views for SNMPv1 and SNMPv2. An access group is defined by a unique combination of the group name, security model and security level.
Access groups are used by the usm-community command.
Access must be configured unless security is limited to SNMPv1/SNMPv2c with community strings. See the community command.
Default access group configurations cannot be modified or deleted.
To remove the user group with associated, security model(s), and security level(s), use:
no access group group-name
To remove a security model and security level combination from a group, use:
no access group group-name security-model {snmpv1 | snmpv2c | usm} security-level {no-auth-no-privacy | auth-no-privacy | privacy}
- group-name
Specify a unique group name up to 32 characters.
- security-model {snmpv1 | snmpv2c | usm}
Specifies the security model required to access the views configured in this node. A group can have multiple security models. For example, one view may only require SNMPv1/ SNMPv2c access while another view may require USM (SNMPv3) access rights.
- security-level {no-auth-no-priv | auth-no-priv | privacy}
Specifies the required authentication and privacy levels to access the views configured in this node.
- security-level no-auth-no-privacy
Specifies that no authentication and no privacy (encryption) is required. When configuring the user’s authentication, select the none option.
- security-level auth-no-privacy
Specifies that authentication is required but privacy (encryption) is not required. When this option is configured, both the group and the user must be configured for authentication.
- security-level privacy
Specifies that both authentication and privacy (encryption) is required. When this option is configured, both the group and the user must be configured for authentication. The user must also be configured for privacy.
- context-name
Specifies a set of SNMP objects that are associated with the context-name.
The context-name is treated as either a full context-name string or a context name prefix depending on the keyword specified (exact or prefix).
- prefix-match
Specifies the context name prefix-match keywords, exact or prefix. This parameter applies only to the 7750 SR.
The VPRN context names begin with a vprn prefix. The numerical value is associated with the service ID that the VPRN was created with and identifies the service in the service domain. For example, when a new VPRN service is created such as config>service>vprn 2345 customer 1, a VPRN with context name vprn2345 is created.
The exact keyword specifies that an exact match between the context name and the prefix value is required. For example, when context vprn2345 exact is entered, matches for only vprn2345 are considered.
The prefix keyword specifies that only a match between the prefix and the starting portion of context name is required. If only the prefix keyword is specified, simple wildcard processing is used. For example, when context vprn prefix is entered, all vprn contexts are matched.
- view-name-1
Specifies the SNMP view used to control which MIB objects can be accessed using a read (get) operation.
- view-name-2
Specifies the SNMP view used to control which MIB objects can be accessed using a write (set) operation.
- view-name-3
Specifies the SNMP view used to control which MIB objects can be accessed for notifications.
access-algorithm {direct | round-robin}
no access-algorithm
[Tree] (config>aaa>l2tp-acct-plcy>radius-acct-server access-algorithm)
Full Context
configure aaa l2tp-accounting-policy radius-accounting-server access-algorithm
This command configures the algorithm used to access the list of configured RADIUS servers.
The no form of this command reverts to the default.
access-algorithm direct
- direct
Specifies that the first server is used as primary server for all requests, the second as secondary and so on.
- round-robin
Specifies that the first server is used as primary server for the first request, the second server as primary for the second request, and so on. If the router gets to the end of the list, it starts again with the first server.
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
access-algorithm {direct | round-robin}
[Tree] (config>app-assure>rad-acct-plcy>server access-algorithm)
Full Context
configure application-assurance radius-accounting-policy radius-accounting-server access-algorithm
This command configures the algorithm used to access the list of configured RADIUS servers.
access-algorithm direct
- direct
Specifies that the first server is used as primary server for all requests, the second as secondary and so on.
- round-robin
Specifies that the first server is used as primary server for the first request, the second server as primary for the second request, and so on. If the router gets to the end of the list, it starts again with the first server.
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
access-algorithm {direct | round-robin}
no access-algorithm
[Tree] (config>subscr-mgmt>acct-plcy>server access-algorithm)
[Tree] (config>subscr-mgmt>auth-plcy>radius-auth-server access-algorithm)
Full Context
configure subscriber-mgmt radius-accounting-policy radius-accounting-server access-algorithm
configure subscriber-mgmt authentication-policy radius-authentication-server access-algorithm
This command configures the algorithm used to access the list of configured RADIUS servers.
The no form of this command reverts to the default.
- direct
Specifies that the first server is used as primary server for all requests, the second as secondary and so on.
- round-robin
Specifies that the first server is used as primary server for the first request, the second server as primary for the second request, and so on. If the router gets to the end of the list, it starts again with the first server.
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
access-algorithm {direct | round-robin | hash-based}
no access-algorithm
[Tree] (config>aaa>radius-srv-plcy>servers access-algorithm)
Full Context
configure aaa radius-server-policy servers access-algorithm
This command configures the algorithm used to select a RADIUS server from the pool of configured RADIUS servers.
access-algorithm direct
- direct
Specifies that the first server is used as primary server for all requests, the second as secondary and so on.
- round-robin
Specifies that the first server is used as primary server for the first request, the second server as primary for the second request, and so on. If the router gets to the end of the list, it starts again with the first server.
- hash-based
Select a RADIUS server based on the calculated hash result of the configured load-balance-key under the radius-proxy server hierarchy. This parameter is only applicable for radius-proxy server scenarios and results in an unpredictable RADIUS server selection if used in other scenarios.
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
access-algorithm {direct | round-robin}
no access-algorithm
[Tree] (config>service>vprn>aaa>rmt-srv>radius access-algorithm)
[Tree] (config>system>security>radius access-algorithm)
Full Context
configure service vprn aaa remote-servers radius access-algorithm
configure system security radius access-algorithm
This command indicates the algorithm used to access the set of RADIUS servers.
access-algorithm direct
- direct
Specifies that the first server is used as primary server for all requests, the second as secondary and so on.
- round-robin
Specifies that the first server is used as primary server for the first request, the second server as primary for the second request, and so on. If the router gets to the end of the list, it starts again with the first server.
access-algorithm {direct | round-robin | hash-based | direct-priority}
no access-algorithm
[Tree] (config>aaa>isa-radius-plcy>servers access-algorithm)
Full Context
configure aaa isa-radius-policy servers access-algorithm
This command defines the algorithm used to access the list of available RADIUS servers. A RADIUS server is considered available initially and marked as unavailable if no response packets are received in a period equal to the configured packet timeout multiplied by the retry count after sending a request. A server is always marked as available when any valid RADIUS packet is received from that server. Some access algorithms periodically probe unavailable servers by sending a single request. If the server responds to the request, it is immediately marked as available.
access-algorithm direct
- direct
Specifies that the first server is used as primary server for all requests, the second as secondary and so on.
- round-robin
Specifies that the first server is used as primary server for the first request, the second server as primary for the second request, and so on. If the router gets to the end of the list, it starts again with the first server.
- hashed-based
Specifies that the selection is based on the hash-based procedures.
- direct-priority
Specifies that the first server is used for all requests. If that server is not available, the second server is used, and so on. This method periodically probes and falls back to higher-priority servers.
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
[no] access-loop-encapsulation
[Tree] (config>subscr-mgmt>loc-user-db>ppp>host access-loop-encapsulation)
Full Context
configure subscriber-mgmt local-user-db ppp host access-loop-encapsulation
Commands in this context configure access loop information.
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s
[Tree] (config>subscr-mgmt>loc-user-db>ppp>host access-loop-information)
Full Context
configure subscriber-mgmt local-user-db ppp host access-loop-information
Commands in this context configure access loop information in the local user database.
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
[no] access-loop-options
[Tree] (config>subscr-mgmt>auth-plcy>include-radius-attribute access-loop-options)
[Tree] (config>subscr-mgmt>acct-plcy>include-radius-attribute access-loop-options)
Full Context
configure subscriber-mgmt authentication-policy include-radius-attribute access-loop-options
configure subscriber-mgmt radius-accounting-policy include-radius-attribute access-loop-options
This command enables inclusion of access loop information: Broadband Forum (BBF) access loop characteristics, DSL line state and DSL type. The BBF access loop characteristics are returned as BBF specific RADIUS attributes where DSL line state and DSL type are returned as Nokia-specific RADIUS VSAs.
Information obtained via the ANCP protocol has precedence over information received in PPPoE Vendor Specific BBF tags or DHCP Vendor Specific BBF Options.
If ANCP is utilized and interim accounting update is enabled, any Port Up event from GSMP will initiate in an interim update. Port Up messages can include information such as an update on the current subscriber actual-upstream-speed. The next interim accounting message is from port up triggering point.
The no form of this command reverts to the default.
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
[Tree] (config>app-assure>group access-network-location)
Full Context
configure application-assurance group access-network-location
Commands in this context configure parameters related to dynamic experience management, also known as Access Network Location (ANL).
These parameters include location source type congestion point and congestion detection parameters (such as roundtrip delay thresholds), if applicable.
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
[no] access-operation-cmd access-operation
[Tree] (config>service>vprn>aaa>rmt-srv>tacplus>req access-operation-cmd)
[Tree] (config>system>security>tacplus>request-format access-operation-cmd)
Full Context
configure service vprn aaa remote-servers tacplus request-format access-operation-cmd
configure system security tacplus request-format access-operation-cmd
This command sends an operation argument in authorization requests.
In model-driven interfaces, this command configures the system to send the operation in the cmd argument, and the path in the cmd-args argument, in TACACS+ authorization requests. This command does not apply to authorization requests in classic interfaces.
The no form of this command removes the operation from the configuration.
no access-operation-cmd
- access-operation
Specifies that an operation in the authorization request is sent.
accounting {1 | 2} [create]
no accounting {1 | 2}
[Tree] (config>service>dynsvc>ladb>user>idx accounting)
Full Context
configure service dynamic-services local-auth-db user-name index accounting
This command creates a context for one of the two accounting destinations specified in the dynamic services policy. In this context, overrides of RADIUS accounting parameters can be specified.
The no form of this command removes the RADIUS accounting overrides context from the configuration.
- {1 | 2}
Indicates one of the two RADIUS accounting destinations.
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
[no] accounting
[Tree] (config>service>vprn>aaa>rmt-srv>radius accounting)
[Tree] (config>system>security>radius accounting)
Full Context
configure service vprn aaa remote-servers radius accounting
configure system security radius accounting
This command enables RADIUS accounting.
The no form of this command disables RADIUS accounting.
no accounting
accounting [record-type { start-stop | stop-only}]
no accounting
[Tree] (config>system>security>tacplus accounting)
[Tree] (config>service>vprn>aaa>rmt-srv>tacplus accounting)
Full Context
configure system security tacplus accounting
configure service vprn aaa remote-servers tacplus accounting
This command configures the type of accounting record packet that is to be sent to the TACACS+ server. The record-type parameter indicates whether TACACS+ accounting start and stop packets be sent or just stop packets be sent.
no accounting
- record-type start-stop
Specifies that a TACACS+ start packet is sent whenever the user executes a command and a TACACS+ stop packet when command execution is complete.
- record-type stop-only
Specifies that only a TACACS+ stop packet is sent whenever the command execution is complete.
accounting [port udp-port]
no accounting
[Tree] (config>aaa>isa-radius-plcy>servers>server accounting)
Full Context
configure aaa isa-radius-policy servers server accounting
This command configures accounting for this server.
- udp-port
Specifies the UDP port number on which to contact the RADIUS server for authentication.
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
[Tree] (config>service>dynsvc>policy accounting-1)
Full Context
configure service dynamic-services dynamic-services-policy accounting-1
Commands in this context configure the first RADIUS accounting destination and corresponding RADIUS accounting parameters for dynamic data services.
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
[Tree] (config>service>dynsvc>policy accounting-2)
Full Context
configure service dynamic-services dynamic-services-policy accounting-2
Commands in this context configure the second RADIUS accounting destination and corresponding RADIUS accounting parameters for dynamic data services.
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
accounting-files-total-size megabytes
[Tree] (config>log>storage accounting-files-total-size)
Full Context
configure log file-storage-control accounting-files-total-size
This command configures the limit for the total space that all accounting files can occupy on each storage device on the active CPM.
When this threshold is reached, new accounting files are no longer created in the \act-collect directory of the storage device until SR OS removes older accounting files from the \act directory and the occupancy is below the limit. Currently open, in-progress accounting files in the \act-collect directory are not affected by this limit and are completed.
When unconfigured, there is no specific limit for the total size of all accounting files.
Only accounting files in the \act directory with system generated names (including no file extension) are applicable toward the total size limit.
If a user manually adds or deletes accounting files from the \act directory, the size of the files is not taken into account for up to 1 hour.
The configured total size limit is not validated against the actual size of the installed storage devices. If the configured limit is larger than the installed compact flash (CF) device, the limit is never reached.
The no form of this command removes the total size limit for accounting files.
no accounting-files-total-size
- megabytes
Specifies the total size limit for accounting files, in MB.
accounting-mode accounting-mode
no accounting-mode
[Tree] (config>qos>port-sched-plcy accounting-mode)
Full Context
configure qos port-scheduler-policy accounting-mode
This command configures the accounting mode of the port scheduler policy.
The no form of this command reverts to the default accounting mode.
accounting-mode default
- accounting-mode
- Specifies the accounting mode for the port scheduler policy. In the default mode, the system counts below-CIR and above-CIR packets together. In the separate-below-cir mode, the system counts below-CIR packets separately from above-CIR packets. This applies only when the policer output is parented by different priority levels within the port scheduler policy.
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS
accounting-policy acct-policy-id
no accounting-policy
[Tree] (config>subscr-mgmt>sub-prof accounting-policy)
Full Context
configure subscriber-mgmt sub-profile accounting-policy
This command specifies the policy to use to collect accounting statistics on this subscriber profile.
A maximum of one accounting policy can be associated with a profile at one time. Accounting policies are configured in the config>log context.
The no form of this command removes the accounting policy association.
- acct-policy-id
Specifies the accounting policy-id as configured in the config>log>accounting-policy context.
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
accounting-policy acct-policy-id
no accounting-policy
[Tree] (config>service>vprn>if>sap accounting-policy)
[Tree] (config>service>ies>if>sap accounting-policy)
[Tree] (config>service>vprn>if>spoke-sdp accounting-policy)
[Tree] (config>service>vpls>sap accounting-policy)
[Tree] (config>service>vpls>mesh-sdp accounting-policy)
[Tree] (config>service>ies>sub-if>grp-if>sap accounting-policy)
[Tree] (config>service>vpls>spoke-sdp accounting-policy)
[Tree] (config>service>vprn>sub-if>grp-if>sap accounting-policy)
Full Context
configure service vprn interface sap accounting-policy
configure service ies interface sap accounting-policy
configure service vprn interface spoke-sdp accounting-policy
configure service vpls sap accounting-policy
configure service vpls mesh-sdp accounting-policy
configure service ies subscriber-interface group-interface sap accounting-policy
configure service vpls spoke-sdp accounting-policy
configure service vprn subscriber-interface group-interface sap accounting-policy
This command creates the accounting policy context that can be applied to an interface SAP or interface SAP spoke SDP.
An accounting policy must be defined before it can be associated with a SAP or SDP.
If the policy-id does not exist, an error message is generated.
A maximum of one accounting policy can be associated with a SAP or SDP at one time. Accounting policies are configured in the config>log context.
The no form of this command removes the accounting policy association from the SAP or SDP, and the accounting policy reverts to the default.
no accounting policy
- acct-policy-id
Specifies the accounting policy-id as configured in the config>log>accounting-policy context.
- configure service vprn interface sap accounting-policy
- configure service vpls spoke-sdp accounting-policy
- configure service vprn interface spoke-sdp accounting-policy
- configure service vpls sap accounting-policy
- configure service vpls mesh-sdp accounting-policy
- configure service ies interface sap accounting-policy
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
- configure service ies subscriber-interface group-interface sap accounting-policy
- configure service vprn subscriber-interface group-interface sap accounting-policy
accounting-policy isa-radius-policy-name
no accounting-policy
[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>vlan-tag-ranges>range>xconnect accounting-policy)
[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>vlan-tag-ranges>range>xconnect accounting-policy)
Full Context
configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range xconnect accounting-policy
configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range xconnect accounting-policy
This command configures the ISA RADIUS accounting policy for the cross-connect.
The no form of this command removes the ISA RADIUS accounting policy from the cross-connect UE.
- isa-radius-policy-name
Specifies the identifier of the ISA RADIUS policy name, up to 32 characters.
7750 SR, 7750 SR-e, 7750 SR-s, VSR
accounting-policy policy-name
no accounting-policy
[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>dsm accounting-policy)
[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>dsm accounting-policy)
Full Context
configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range distributed-sub-mgmt accounting-policy
configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range distributed-sub-mgmt accounting-policy
This command specifies the isa-radius-policy used for accounting messages originated from the ISAs in the wlan-gw group. The policy can specify up to five accounting servers and configuration-specific to these accounting servers. It also specifies configuration specific to RADIUS client on ISAs and RADIUS attributes to be included in accounting messages.
- policy-name
Specifies the name of the account policy up to 32 characters.
7750 SR, 7750 SR-e, 7750 SR-s, VSR
accounting-policy acct-policy-id
no accounting-policy
[Tree] (config>card>fp>ingress>network>queue-group accounting-policy)
[Tree] (config>card>fp>ingress>access>queue-group accounting-policy)
Full Context
configure card fp ingress network queue-group accounting-policy
configure card fp ingress access queue-group accounting-policy
This command configures an accounting policy that can apply to a queue-group on the forwarding plane.
An accounting policy must be configured before it can be associated to an interface. If the accounting policy-id does not exist, an error is returned.
Accounting policies associated with service billing can only be applied to SAPs. The accounting policy can be associated with an interface at a time.
The no form of this command removes the accounting policy association from the queue-group.
No accounting policies are specified by default. You must explicitly specify a policy. If configured, the accounting policy configured as the default is used.
- acct-policy-id
Specifies the name of the accounting policy to use for the queue-group.
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
accounting-policy policy-id
no accounting-policy
[Tree] (config>port>ethernet>access>egr>qgrp accounting-policy)
[Tree] (config>port>ethernet>access>ing>qgrp accounting-policy)
[Tree] (config>port>tdm>ds3>network accounting-policy)
[Tree] (config>port>tdm>e3>network accounting-policy)
[Tree] (config>port>ethernet>network>egr>qgrp accounting-policy)
[Tree] (config>port>ethernet>network accounting-policy)
[Tree] (config>port>ethernet accounting-policy)
Full Context
configure port ethernet access egress queue-group accounting-policy
configure port ethernet access ingress queue-group accounting-policy
configure port tdm ds3 network accounting-policy
configure port tdm e3 network accounting-policy
configure port ethernet network egress queue-group accounting-policy
configure port ethernet network accounting-policy
configure port ethernet accounting-policy
This command configures an accounting policy that can apply to an interface.
An accounting policy must be configured before it can be associated to an interface. If the accounting policy-id does not exist, an error is returned.
Accounting policies associated with service billing can only be applied to SAPs. Accounting policies associated with network ports can only be associated with interfaces. Only one accounting policy can be associated with an interface at a time.
The no form of this command removes the accounting policy association from the network interface, and the accounting policy reverts to the default.
No accounting policies are specified by default. You must explicitly specify a policy. If configured, the accounting policy configured as the default is used.
- policy-id
The accounting policy-id of an existing policy. Accounting policies record either service (access) or network information. A network accounting policy can only be associated with the network port configurations. Accounting policies are configured in the configure log accounting-policy context.
- configure port ethernet access ingress queue-group accounting-policy
- configure port ethernet network accounting-policy
- configure port ethernet access egress queue-group accounting-policy
- configure port ethernet network egress queue-group accounting-policy
- configure port ethernet accounting-policy
7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e
- configure port tdm e3 network accounting-policy
- configure port tdm ds3 network accounting-policy
accounting-policy acct-policy-id
no accounting-policy [acct-policy-id]
[Tree] (config>service>ipipe>sap accounting-policy)
[Tree] (config>service>epipe>spoke-sdp accounting-policy)
Full Context
configure service ipipe sap accounting-policy
configure service epipe spoke-sdp accounting-policy
This command creates the accounting policy context that can be applied to a SAP.
An accounting policy must be defined before it can be associated with a SAP. If the policy-id does not exist, an error message is generated.
A maximum of one accounting policy can be associated with a SAP at one time. Accounting policies are configured in the configure log context.
The no form of this command removes the accounting policy association from the SAP, and the accounting policy reverts to the default.
no accounting policy
- acct-policy-id
Enter the accounting policy-id as configured in the configure log accounting-policy context.
accounting-policy acct-policy-id
no accounting-policy
[Tree] (config>service>ies>if>spoke-sdp accounting-policy)
Full Context
configure service ies interface spoke-sdp accounting-policy
This command configures an accounting-policy.
- acct-policy-id
Specifies an accounting policy ID.
accounting-policy acct-policy-id
no accounting-policy
[Tree] (config>router>ldp>egr-stats>fec-pfx accounting-policy)
Full Context
configure router ldp egress-statistics fec-prefix accounting-policy
This command associates an accounting policy to the MPLS instance.
An accounting policy must be defined before it can be associated else an error message is generated.
The no form of this command removes the accounting policy association.
- acct-policy-id
Enter the accounting policy-id as configured in the config>log>accounting-policy context.
accounting-policy acct-policy-id
no accounting-policy
[Tree] (config>router>mpls>lsp>ingr-stats accounting-policy)
[Tree] (config>router>mpls>ingr-stats>p2p-template-lsp accounting-policy)
[Tree] (config>router>mpls>lsp-template>egr-stats accounting-policy)
[Tree] (config>router>mpls>ingr-stats>p2mp-template-lsp accounting-policy)
[Tree] (config>router>mpls>lsp>egr-stats accounting-policy)
[Tree] (config>router>mpls>ingr-stats>lsp accounting-policy)
Full Context
configure router mpls lsp ingress-statistics accounting-policy
configure router mpls ingress-statistics p2p-template-lsp accounting-policy
configure router mpls lsp-template egress-statistics accounting-policy
configure router mpls ingress-statistics p2mp-template-lsp accounting-policy
configure router mpls lsp egress-statistics accounting-policy
configure router mpls ingress-statistics lsp accounting-policy
This command associates an accounting policy to the MPLS instance.
The config>router>mpls>ingr-stats>p2mp-template-lsp>accounting-policy command is supported on the 7750 SR, 7950 XRS, and with VPLS only on the 7450 ESS.
An accounting policy must be defined before it can be associated else an error message is generated.
The no form of this command removes the accounting policy association.
- acct-policy-id
Specifies the accounting policy-id as configured in the config>log>accounting-policy context.
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
- configure router mpls lsp ingress-statistics accounting-policy
- configure router mpls ingress-statistics p2mp-template-lsp accounting-policy
- configure router mpls ingress-statistics p2p-template-lsp accounting-policy
- configure router mpls lsp-template egress-statistics accounting-policy
- configure router mpls lsp egress-statistics accounting-policy
- configure router mpls ingress-statistics lsp accounting-policy
accounting-policy acct-policy-id
no accounting-policy
[Tree] (config>app-assure>group>statistics>aa-sub-study accounting-policy)
[Tree] (config>app-assure>group>statistics>protocol accounting-policy)
[Tree] (config>app-assure>group>statistics>aa-admit-deny accounting-policy)
[Tree] (config>isa>aa-grp>statistics>perform accounting-policy)
[Tree] (config>app-assure>group>statistics>app-grp accounting-policy)
[Tree] (config>app-assure>group>statistics>app accounting-policy)
[Tree] (config>app-assure>group>statistics>aa-part accounting-policy)
[Tree] (config>app-assure>group>statistics>aa-sub accounting-policy)
Full Context
configure application-assurance group statistics aa-sub-study accounting-policy
configure application-assurance group statistics protocol accounting-policy
configure application-assurance group statistics aa-admit-deny accounting-policy
configure isa application-assurance-group statistics performance accounting-policy
configure application-assurance group statistics app-group accounting-policy
configure application-assurance group statistics application accounting-policy
configure application-assurance group statistics aa-partition accounting-policy
configure application-assurance group statistics aa-sub accounting-policy
This command specifies the existing accounting policy to use for AA. Accounting policies are configured in the config>log>accounting-policy context.
- acct-policy-id
Specifies the existing accounting policy to use for applications.
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
accounting-policy acct-policy-id
no accounting-policy
[Tree] (config>saa>test accounting-policy)
Full Context
configure saa test accounting-policy
This command associates an accounting policy to the SAA test. The accounting policy must already be defined before it can be associated otherwise an error message is generated.
A notification (trap) is issued whenever a test is completed or terminates.
The no form of this command removes the accounting policy association.
- acct-policy-id
Specifies the accounting policy-id as configured in the config>log>accounting-policy context.
accounting-policy acct-policy-id
no accounting-policy
[Tree] (config>oam-pm>session>meas-interval accounting-policy)
Full Context
configure oam-pm session meas-interval accounting-policy
This optional command allows the operator to assign an accounting policy and the policy-id (configured under the config>log>accounting-policy) with a record-type of complete-pm. This runs the data collection process for completed measurement intervals in memory, file storage, and maintenance functions moving data from memory to flash. A single accounting policy can be applied to a measurement interval.
The no form of this command removes the accounting policy.
- acct-policy-id
Specifies the accounting policy to be applied to the measurement interval.
accounting-policy acct-policy-id
no accounting-policy
[Tree] (config>service>pw-template accounting-policy)
[Tree] (config>service>sdp accounting-policy)
Full Context
configure service pw-template accounting-policy
configure service sdp accounting-policy
This command creates the accounting policy context that can be applied to an SDP. An accounting policy must be defined before it can be associated with a SDP. If the acct-policy-id does not exist, an error message is generated.
A maximum of one accounting policy can be associated with a SDP at one time. Accounting policies are configured in the config>log context.
The no form of this command removes the accounting policy association from the SDP, and the accounting policy reverts to the default.
no accounting-policy
- acct-policy-id
Specifies the accounting policy-id as configured in the config>log>accounting-policy context.
accounting-policy policy-id [interval minutes]
no accounting-policy policy-id
[Tree] (config>log accounting-policy)
Full Context
configure log accounting-policy
This command creates an access or network accounting policy. An accounting policy defines the accounting records that are created.
Access accounting policies are policies that can be applied to one or more SAPs. Changes made to an existing policy, using any of the sub-commands, are applied immediately to all SAPs where this policy is applied.
If an accounting policy is not specified on a SAP, then accounting records are produced in accordance with the access policy designated as the default. If a default access policy is not specified, then no accounting records are collected other than the records for the accounting policies that are explicitly configured.
Only one policy can be regarded as the default access policy. If a policy is configured as the default policy, then a no default command must be used to allow the data that is currently being collected to be written before a new access default policy can be configured.
Network accounting policies are policies that can be applied to one or more network ports or SONET/SDH channels. Any changes made to an existing policy, using any of the sub-commands, will be applied immediately to all network ports or SONET/SDH channels where this policy is applied.
If no accounting policy is defined on a network port, accounting records will be produced in accordance with the default network policy as designated with the default command. If no network default policy is created, then no accounting records will be collected other than the records for the accounting policies explicitly configured. Default accounting policies cannot be explicitly applied. For example, for accounting-policy 10, if default is set, then that policy cannot be used:
A:node-2>config>service>vpls>spoke-sdp# accounting-policy 10
Only one policy can be regarded as the default network policy. If a policy is configured as the default policy, then a no default command must be used to allow the data that is currently being collected to be written before a new network default policy can be configured.
The no form of this command deletes the policy from the configuration. The accounting policy cannot be removed unless it is removed from all the SAPs, network ports or channels where the policy is applied.
- policy-id
Specifies the policy ID that uniquely identifies the accounting policy, expressed as a decimal integer.
accounting-policy acct-policy-id
no accounting-policy
[Tree] (conf>router>segment-routing>sr-policies>egress-stats accounting-policy)
Full Context
configure router segment-routing sr-policies egress-statistics accounting-policy
This command adds the accounting record type to the accounting policy that is forwarded to the configured accounting file. A record name can only be used in one accounting policy. To obtain a list of all record types that can be configured, use the show log accounting-records command.
To configure an accounting policy for access ports, select a service record. To change the record name to another service record, configure the new record name with this command.
When configuring an accounting policy for network ports, select a network record. To change the record name to another network record, configure the new record name with this command.
The no form of this command removes the accounting policy association from the egress statistics configuration.
no accounting-policy
- acct-policy-id
Specifies the accounting policy-id as configured in the config>log>accounting-policy context.
accounting-policy acct-policy-id
no accounting-policy
[Tree] (config>test-oam>sath>svc-test accounting-policy)
Full Context
configure test-oam service-activation-testhead service-test accounting-policy
This command creates a link to an accounting policy for the specified service test. The record of the accounting policy must be set to complete-service-activation-test.
The no form of this command removes the policy.
no accounting-policy
- acct-policy-id
Specifies an identifier for the service test accounting policy.
7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS
accounting-port port
no accounting-port
[Tree] (config>service>vprn>aaa>rmt-srv>radius accounting-port)
[Tree] (config>system>security>radius accounting-port)
Full Context
configure service vprn aaa remote-servers radius accounting-port
configure system security radius accounting-port
This command specifies a UDP port number on which to contact the RADIUS server for accounting requests.
accounting-port 1813
- port
Specifies the UDP port number.
accounting-type [session] [tunnel]
no accounting-type
[Tree] (config>aaa>l2tp-acct-plcy accounting-type)
Full Context
configure aaa l2tp-accounting-policy accounting-type
This command specifies the accounting type for the L2TP tunnel accounting policy.
The no form of this command reverts to the default.
accounting-type session tunnel
- session
Enables tunnel level accounting, including:
- tunnel
Enables link level accounting, including:
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
accounting-update-interval [interval]
no accounting-update-interval
[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>vlan-tag-ranges>range>xconnect accounting-update-interval)
[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>vlan-tag-ranges>range>xconnect accounting-update-interval)
Full Context
configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range xconnect accounting-update-interval
configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range xconnect accounting-update-interval
This command configures the time interval between consecutive interim accounting update messages. If not configured, the system does not send interim accounting update messages.
The no form of this command removes the value from the cross-connect configuration.
- interval
Specifies the time interval between consecutive interim accounting update messages in minutes.
7750 SR, 7750 SR-e, 7750 SR-s, VSR
accounting-update-interval [interval]
no accounting-update-interval
[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>dsm accounting-update-interval)
[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>dsm accounting-update-interval)
Full Context
configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range distributed-sub-mgmt accounting-update-interval
configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range distributed-sub-mgmt accounting-update-interval
This command enables the interim accounting and specifies the interim accounting interval.
- interval
Specifies the interim accounting interval in minutes.
7750 SR, 7750 SR-e, 7750 SR-s, VSR
[no] acct-authentic
[Tree] (config>subscr-mgmt>acct-plcy>include-radius-attribute acct-authentic)
Full Context
configure subscriber-mgmt radius-accounting-policy include-radius-attribute acct-authentic
This command enables the generation of the acct-authentic RADIUS attribute.
The no form of this command reverts to the default.
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
[no] acct-delay-time
[Tree] (config>subscr-mgmt>acct-plcy>include-radius-attribute acct-delay-time)
Full Context
configure subscriber-mgmt radius-accounting-policy include-radius-attribute acct-delay-time
This command enables the generation of the acct-delay-time RADIUS attribute.
The no form of this command reverts to the default.
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
[no] acct-delay-time
[Tree] (config>aaa>isa-radius-plcy>acct-include-attributes acct-delay-time)
Full Context
configure aaa isa-radius-policy acct-include-attributes acct-delay-time
This command enables the acct-delay-time.
no acct-delay-time
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
[no] acct-include-attributes
[Tree] (config>aaa>isa-radius-plcy acct-include-attributes)
Full Context
configure aaa isa-radius-policy acct-include-attributes
This command configures attributes to be included in RADIUS accounting messages.
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
acct-interim min min-val max max-val lifetime lifetime
no acct-interim
[Tree] (config>aaa>radius-srv-plcy>servers>buffering acct-interim)
Full Context
configure aaa radius-server-policy servers buffering acct-interim
This command enables RADIUS accounting interim update message buffering.
The message is stored in the buffer, a lifetime timer is started and the message is sent to the RADIUS server
If after retry*timeout seconds no RADIUS accounting response is received for the interim update then a new attempt to send the message is started after minimum[(min-val*2n), max-val] seconds.
Repeat step 2 until for one of the following:
a RADIUS accounting response is received.
the lifetime of the buffered message expires.
a new RADIUS accounting interim-update or a RADIUS accounting stop for the same accounting session-id and radius-server-policy is stored in the buffer.
the message is manually purged from the message buffer via a clear command.
The message is purged from the buffer.
The no form of this command disables RADIUS accounting interim update message buffering.
- min-val
Specifies the minimum interval in seconds between attempts to resend the RADIUS accounting interim update.
- max-val
Specifies the maximum interval in seconds between attempts to resend the RADIUS accounting interim update.
- lifetime
Specifies the lifetime in hours.
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
acct-on-off monitor-group group-name
acct-on-off oper-state-change [group group-name]
[Tree] (config>aaa>radius-srv-plcy acct-on-off)
Full Context
configure aaa radius-server-policy acct-on-off
This command controls the sending of Accounting-On and Accounting-Off messages and the acct-on-off oper-state of the radius-server-policy:
acct-on-off: enables the sending of Accounting-On and Accounting-Off messages for this radius-server-policy. The acct-on-off oper-state is always not blocked.
acct-on-off oper-state-change [group group-name]: enables the sending of Accounting-On and Accounting-Off messages for this radius-server-policy. The acct-on-off oper-state is function of the Accounting-response received for the Accounting-On and Accounting-Off. Optionally, sets the acct-on-off oper-state of the acct-on-off-group.
acct-on-off monitor-group group-name: no Accounting-On and Accounting-Off messages are sent for this radius-server-policy. The acct-on-off oper-state is inherited from the acct-on-off-group.
The no form of this command disables the sending of Accounting-On and Accounting-Off messages.
- group-name
Specifies the name of an acct-on-off group up to 32 characters.
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
acct-on-off-group group-name [create]
no acct-on-off-group group-name
[Tree] (config>aaa acct-on-off-group)
Full Context
configure aaa acct-on-off-group
This command creates an acct-on-off-group.
An acct-on-off-group can be referenced by:
A single radius-server-policy as controller — The acct-on-off oper-state of the acct-on-off-group is set to the acct-on-off oper-state of the radius-server-policy.
Multiple radius-server-policies as monitor — The acct-on-off oper-state of the radius-server-policy is inherited from the acct-on-off oper-state of the acct-on-off group.
The no form of this command deletes the acct-on-off-group.
- group-name
Specifies the name of an acct-on-off group up to 32 characters.
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
acct-policy acct-policy-name [duplicate acct-policy-name]
no acct-policy
[Tree] (config>subscr-mgmt>loc-user-db>ppp>host acct-policy)
[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host acct-policy)
Full Context
configure subscriber-mgmt local-user-db ppp host acct-policy
configure subscriber-mgmt local-user-db ipoe host acct-policy
This command specifies the accounting policy used for sending an Accounting Stop message to report RADIUS authentication failures of PPPoE sessions. A duplicate policy can be specified if a copy of the Accounting Stop message must be sent to another destination.
Reporting RADIUS authentication failures with an Accounting Stop message must be enabled in the RADIUS authentication policy ("send-acct-stop-on-fail”).
A duplicate RADIUS accounting policy can be specified if the accounting stop resulting from a RADIUS authentication failure must also be sent to a second RADIUS destination.
The no form of this command reverts to the default.
- acct-policy-name
Specifies the name of a RADIUS accounting policy, up to 32 characters.
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
acct-port port
no acct-port
[Tree] (config>router>radius-server>server acct-port)
[Tree] (config>service>vprn>radius-server>server acct-port)
Full Context
configure router radius-server server acct-port
configure service vprn radius-server server acct-port
This command specifies the UDP listening port for RADIUS accounting requests.
The no form of this command resets the UDP port to its default value (1813).
acct-port 1813
- port
Specifies the UDP listening port for accounting requests of the external RADIUS server.
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
acct-request-script-policy policy-name
no acct-request-script-policy
[Tree] (config>subscr-mgmt>acct-plcy acct-request-script-policy)
Full Context
configure subscriber-mgmt radius-accounting-policy acct-request-script-policy
This command configures the Python script policy to modify Accounting-Request messages.
The no form of this command removes the policy name from the configuration.
- policy-name
Specifies the Python script policy to modify Accounting-Request messages.
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
acct-request-script-policy policy-name
no acct-request-script-policy
[Tree] (config>aaa>radius-srv-plcy acct-request-script-policy)
Full Context
configure aaa radius-server-policy acct-request-script-policy
This command specifies the name of the RADIUS script policy used to change the RADIUS attributes of the Accounting-Request messages.
- policy-name
Specifies the name of the Python script to modify Accounting-Request messages, up to 32 characters.
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
acct-session-id [session-id-type]
no acct-session-id
[Tree] (config>subscr-mgmt>auth-plcy>include-radius-attribute acct-session-id)
Full Context
configure subscriber-mgmt authentication-policy include-radius-attribute acct-session-id
The acct-session-id attribute for each subscriber host is generated at the very beginning of the session initiation. This command will enable or disable sending this attribute to the RADIUS server in the Access-Request messages regardless of whether the accounting is enabled or not. The acct-session-id attribute can be used to address the subscriber hosts from the RADIUS server in the CoA Request.
The acct-session-id attribute is unique per subscriber host network wide. It is a 22 byte field comprised of the system MAC address along with the creation time and a sequence number in a hex format.
The no form of this command reverts to the default.
no acct-session-id
- session-id-type
Specifies the format for the acct-session-id attribute used in RADIUS accounting requests.
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
[no] acct-stats
[Tree] (config>ipsec>rad-acct-plcy>include acct-stats)
Full Context
configure ipsec radius-accounting-policy include-radius-attribute acct-stats
This command enables the system to include accounting attributes in RADIUS acct-stop and interim-update packets.
The no form of this command disables the system from including accounting attributes in RADIUS acct-stop and interim-update packets.
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
acct-stop min min-val max max-val lifetime lifetime
no acct-stop
[Tree] (config>aaa>radius-srv-plcy>servers>buffering acct-stop)
Full Context
configure aaa radius-server-policy servers buffering acct-stop
This command enables RADIUS accounting stop message buffering.
The message is stored in the buffer, a lifetime timer is started and the message is sent to the RADIUS server
If after retry*timeout seconds no RADIUS accounting response is received for the accounting stop, then a new attempt to send the message is started after minimum[(min-val*2n), max-val] seconds.
Repeat step 2 until one of the following events occurs:
A RADIUS accounting response is received.
The lifetime of the buffered message expires.
The message is manually purged from the message buffer via a clear command.
The message is purged from the buffer.
The no form of this command disables RADIUS accounting stop message buffering.
- min-val
Specifies the minimum interval in seconds between attempts to resend the RADIUS accounting stop.
- max-val
Specifies the maximum interval in seconds between attempts to resend the RADIUS accounting stop.
- lifetime
Specifies the lifetime in hours.
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
[no] acct-trigger-reason
[Tree] (config>aaa>isa-radius-plcy>acct-include-attributes acct-trigger-reason)
Full Context
configure aaa isa-radius-policy acct-include-attributes acct-trigger-reason
This command enables the acct-trigger-reason.
no acct-trigger-reason
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
acct-tunnel-connection-fmt ascii-spec
no acct-tunnel-connection-fmt
[Tree] (config>aaa>l2tp-acct-plcy acct-tunnel-connection-fmt)
Full Context
configure aaa l2tp-accounting-policy acct-tunnel-connection-fmt
This command configures the accounting tunnel connection ascii-specification.
no acct-tunnel-connection-fmt
- ascii-spec
Specifies the ASCII specifications.
<char-specification> <ascii-spec>
<ascii-char> | <char-origin>
a printable ASCII character
n | s | S | t | T | c | C
Call Serial Number
s | S
Local (s) or Remote (S) Session Id
t | T
Local (t) or Remote (T) Tunnel Id
c | C
Local (c) or Remote (C) Connection Id
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
acct-tunnel-connection-fmt ascii-spec
no acct-tunnel-connection-fmt
[Tree] (config>subscr-mgmt>acct-plcy acct-tunnel-connection-fmt)
Full Context
configure subscriber-mgmt radius-accounting-policy acct-tunnel-connection-fmt
This command specifies the string that is sent in the accounting message.
no acct-tunnel-connection-fmt
- ascii-spec
Specifies the accounting tunnel connection ASCII specification.
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
[Tree] (config>aaa>isa-radius-plcy acct-update-triggers)
Full Context
configure aaa isa-radius-policy acct-update-triggers
Commands in this context enable or disable the sending of triggered interim-updates, with the exception of the following:
After an update interval change, an interim update is always sent to indicate the start of the new interval.
Mobility-triggered updates are configured in the (service vprn <svc-id> | router) wlan-gw mobility-triggered-acct context.
NAT port block allocation depends on the inclusion of NAT-related attributes (port-range, outside-service, outside-ip).
7750 SR, 7750 SR-e, 7750 SR-s, VSR
accu-stats-policy policy-name [create]
no accu-stats-policy policy-name
[Tree] (config>subscr-mgmt accu-stats-policy)
Full Context
configure subscriber-mgmt accu-stats-policy
This command creates a storage policy for cumulative statistics for subscribers. The policy defines the specific direction for the policer or the queue to be stored and performs the following functions.
The policy stores subscriber statistics even if the subscriber session has ended. The subscriber statistics can be viewed even if the subscriber is offline.
When the subscriber session ends, the statistics are added to the past statistics stored in memory so that all previous session statistics are accumulated. The accumulated statistics are not persistent; they are only stored in memory and reset to zero when the chassis reboots.
The no form of this command deletes the policy only when it is no longer referenced by a subscriber profile.
- policy-name
Specifies the name for the policy, up to 32 characters.
- create
Configures an entry for the policy.
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
accu-stats-policy policy-name
no accu-stats-policy
[Tree] (config>subscr-mgmt>sub-profile accu-stats-policy)
Full Context
configure subscriber-mgmt sub-profile accu-stats-policy
This command associates an accumulated statistics policy with a subscriber profile.
The no form of this command removes the association of the accu-stats-policy from the subscriber profile. It is possible to remove the policy from the subscriber profile while the subscriber is still online, however, the statistics remain in memory and must be cleared manually, using the clear subscriber-mgmt accu-stats active-subs no-accu-stats-policy command.
- policy-name
Specifies the name of the accumulated statistics policy, up to 32 characters.
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
ack [detail]
no ack
[Tree] (debug>router>rsvp>packet ack)
Full Context
debug router rsvp packet ack
This command debugs ack events.
The no form of the command disables the debugging.
- detail
Displays detailed information about ack events.
ack-auth-retry-count [value]
no ack-auth-retry-count
[Tree] (config>router>wpp>portals>portal ack-auth-retry-count)
[Tree] (config>service>vprn>wpp>portals>portal ack-auth-retry-count)
Full Context
configure router wpp portals portal ack-auth-retry-count
configure service vprn wpp portals portal ack-auth-retry-count
This command configures the number of retransmissions of an ACK_OUT message.
The no form of this command reverts to the default.
ack-auth-retry-count 5
- value
Specifies the number of retransmissions of an ACK_OUT message.
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
[no] acknowledgment
[Tree] (config>service>vpls>spoke-sdp>control-channel-status acknowledgment)
[Tree] (config>service>epipe>spoke-sdp>control-channel-status acknowledgment)
[Tree] (config>service>cpipe>spoke-sdp>control-channel-status acknowledgment)
Full Context
configure service vpls spoke-sdp control-channel-status acknowledgment
configure service epipe spoke-sdp control-channel-status acknowledgment
configure service cpipe spoke-sdp control-channel-status acknowledgment
This command enables the acknowledgment of control channel status messages. By default, no acknowledgment packets are sent.
- configure service epipe spoke-sdp control-channel-status acknowledgment
- configure service vpls spoke-sdp control-channel-status acknowledgment
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
- configure service cpipe spoke-sdp control-channel-status acknowledgment
[no] acknowledgment
[Tree] (config>service>ies>if>spoke-sdp>control-channel-status acknowledgment)
[Tree] (config>service>ies>red-if>spoke-sdp>control-channel-status acknowledgment)
Full Context
configure service ies interface spoke-sdp control-channel-status acknowledgment
configure service ies redundant-interface spoke-sdp control-channel-status acknowledgment
This command enables the acknowledgment of control channel status messages. By default, no acknowledgment packets are sent.
no acknowledgment
- configure service ies interface spoke-sdp control-channel-status acknowledgment
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
- configure service ies redundant-interface spoke-sdp control-channel-status acknowledgment
[no] acknowledgment
[Tree] (config>service>vprn>if>spoke-sdp>control-channel-status acknowledgment)
[Tree] (config>service>vprn>red-if>spoke-sdp>control-channel-status acknowledgment)
Full Context
configure service vprn interface spoke-sdp control-channel-status acknowledgment
configure service vprn redundant-interface spoke-sdp control-channel-status acknowledgment
This command enables the acknowledgment of control channel status messages. By default, no acknowledgment packets are sent.
- configure service vprn interface spoke-sdp control-channel-status acknowledgment
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
- configure service vprn redundant-interface spoke-sdp control-channel-status acknowledgment
[no] acknowledgment
[Tree] (config>mirror>mirror-dest>remote-src>spoke-sdp>control-channel-status acknowledgment)
[Tree] (config>mirror>mirror-dest>spoke-sdp>control-channel-status acknowledgment)
Full Context
configure mirror mirror-dest remote-source spoke-sdp control-channel-status acknowledgment
configure mirror mirror-dest spoke-sdp control-channel-status acknowledgment
This command enables the acknowledgment of control channel status messages. By default, no acknowledgment packets are sent.
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
action bypass-host-creation
action drop
no action
[Tree] (config>filter>dhcp-filter>entry action)
Full Context
configure filter dhcp-filter entry action
This command specifies the action to take on DHCP host creation when the filter entry matches.
The no form of this command reverts to the default wherein the host creation proceeds as normal.
- bypass-host-creation
Specifies that the host creation is bypassed.
- drop
Specifies that the DHCP message is dropped.
action bypass-host-creation [na] [pd]
action drop
no action
[Tree] (config>filter>dhcp6-filter>entry action)
Full Context
configure filter dhcp6-filter entry action
This command specifies the action to take on DHCP6 host creation when the filter entry matches.
The no form of this command reverts to the default wherein the host creation proceeds as normal.
- bypass-host-creation
Specifies that the host creation is bypassed.
- drop
Specifies that the DHCP6 message is dropped.
action {accept | next-entry | next-policy | drop | reject}
no action
[Tree] (config>router>policy-options>policy-statement>entry action)
Full Context
configure router policy-options policy-statement entry action
This command creates the context to configure actions to take for routes matching a route policy statement entry.
This command is required and must be entered for the entry to be active.
Any route policy entry without the action command will be considered incomplete and will be inactive.
The no form of this command deletes the action context from the entry.
no action
- accept
Specifies that routes matching the entry match criteria will be accepted and propagated.
- next-entry
Specifies that the actions specified would be made to the route attributes and then policy evaluation would continue with next policy entry (if any others are specified).
- next-policy
Specifies that the actions specified would be made to the route attributes and then policy evaluation would continue with next route policy (if any others are specified).
- drop
Specifies that routes matching the entry match criteria should be rejected. This parameter provides a context for modifying route properties.
- reject
Specifies that routes matching the entry match criteria should be rejected. This parameter does not provide a context for modifying route properties.
action dhcp-action
no action
[Tree] (config>service>vpls>sap>dhcp>option action)
[Tree] (config>service>ies>sub-if>grp-if>dhcp>option action)
[Tree] (config>service>vprn>if>dhcp>option action)
[Tree] (config>service>vprn>sub-if>grp-if>dhcp>option action)
[Tree] (config>subscr-mgmt>msap-policy>vpls-only>dhcp>option action)
[Tree] (config>service>ies>if>dhcp>option action)
Full Context
configure service vpls sap dhcp option action
configure service ies subscriber-interface group-interface dhcp option action
configure service vprn interface dhcp option action
configure service vprn subscriber-interface group-interface dhcp option action
configure subscriber-mgmt msap-policy vpls-only-sap-parameters dhcp option action
configure service ies interface dhcp option action
This command configures the processing required when the SR OS receives a DHCP request that already has a Relay Agent Information Option (Option 82) field in the packet.
The no form of this command returns the system to the default value.
action keep — Per RFC 3046, DHCP Relay Agent Information Option, section 2.1.1, Reforwarded DHCP requests. The default is to keep the existing information intact. The exception to this is if the giaddr of the received packet is the same as the ingress address on the router. In that case the packet is dropped and an error is logged.
- replace
In the upstream direction (from the user), the existing Option 82 field is replaced with the Option 82 field from the router. In the downstream direction (towards the user) the Option 82 field is stripped (in accordance with RFC 3046).
- drop
Specifies that the packet is dropped, and an error is logged.
- keep
Specifies that the existing information is kept in the packet and the router does not add any additional information. In the downstream direction the Option 82 field is not stripped and is sent on towards the client.
The behavior is slightly different in case of Vendor Specific Options (VSOs). When the keep parameter is specified, the router inserts its own VSO into the Option 82 field. This is only done when the incoming message has already an Option 82 field.
If no Option 82 field is present, the router will not create the Option 82 field. In this in that case, no VSO is added to the message.
- configure service vprn interface dhcp option action
- configure service vpls sap dhcp option action
- configure service ies interface dhcp option action
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
- configure subscriber-mgmt msap-policy vpls-only-sap-parameters dhcp option action
- configure service ies subscriber-interface group-interface dhcp option action
- configure service vprn subscriber-interface group-interface dhcp option action
action {drop | forward}
no action
[Tree] (config>log>filter>entry action)
[Tree] (config>service>vprn>log>filter>entry action)
Full Context
configure log filter entry action
configure service vprn log filter entry action
This command specifies a drop or forward action associated with the filter entry. If neither drop nor forward is specified, the default-action will be used for traffic that conforms to the match criteria. This could be considered a No-Op filter entry used to explicitly exit a set of filter entries without modifying previous actions.
Multiple action statements entered will overwrite previous actions.
The no form of this command removes the specified action statement.
Action specified by the default-action command will apply.
- drop
Specifies packets matching the entry criteria will be dropped.
- forward
Specifies packets matching the entry criteria will be forwarded.
action {drop | forward}
no action
[Tree] (config>log>filter>entry action)
Full Context
configure log filter entry action
This command specifies a drop or forward action associated with the filter entry. If neither drop nor forward is specified, the default-action will be used for traffic that conforms to the match criteria. This could be considered a No-Op filter entry used to explicitly exit a set of filter entries without modifying previous actions.
Multiple action statements entered will overwrite previous actions.
The no form of this command removes the specified action statement.
no action
- drop
Specifies packets matching the entry criteria will be dropped.
- forward
Specifies packets matching the entry criteria will be forwarded.
action direction [create]
no action direction
[Tree] (config>subscr-mgmt>isa-svc-chain>vas-filter>entry action)
Full Context
configure subscriber-mgmt isa-service-chaining vas-filter entry action
Commands in this context configure an action to be performed for traffic that matches a configured match criteria in the filter entry. The action can be configured as being applicable to upstream traffic, downstream traffic, or both.
The no form of this command removes the direction from the configuration.
- direction
Specifies the direction for the action in a VAS filter entry.
- create
Keyword used to create the action’s direction. The create keyword requirement can be enabled or disabled in the environment>create context.
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
action drop
action forward
action http-redirect url [allow-override]
no action
[Tree] (config>subscr-mgmt>cat-map>category>exh-lvl>egr-ipv6>entry action)
[Tree] (config>subscr-mgmt>cat-map>category>exh-lvl>egr-ip>entry action)
[Tree] (config>subscr-mgmt>cat-map>category>exh-lvl>ingr-ipv6>entry action)
[Tree] (config>subscr-mgmt>cat-map>category>exh-lvl>ingr-ip>entry action)
Full Context
configure subscriber-mgmt category-map category exhausted-credit-service-level egress-ipv6-filter-entries entry action
configure subscriber-mgmt category-map category exhausted-credit-service-level egress-ip-filter-entries entry action
configure subscriber-mgmt category-map category exhausted-credit-service-level ingress-ipv6-filter-entries entry action
configure subscriber-mgmt category-map category exhausted-credit-service-level ingress-ip-filter-entries entry action
This command configures the action for the filter entry.
The no form of this command reverts to the default.
action drop
- drop
Specifies to drop the packets matching the IP filter entry.
- forward
Specifies to forward the packets matching the IP filter entry.
- http-redirect url [allow-override]
Specifies the HTTP web address, up to 255 characters, that is sent to the user’s browser for redirection.
Note:This action is not supported for IPv6 filter entries.
The specified URL can be overridden by a Diameter Credit Control Server when the following conditions are met:
a Final-Unit-Indication AVP is present in the Multiple-Services-Credit-Control AVP of a CCA message
the Final-Unit-Action AVP is set to REDIRECT (1)
a Redirect-Server AVP is included with the following:
the Redirect-Address-Type AVP set to URL (2)
the Redirect-Server-Address AVP containing the URL to use for this rating group (category-map)
the out of credit action for the corresponding rating group is set to change-service-level using one of the following commands:
configure>subscriber-mgmt>credit-control-policy policy-name>out-of-credit-action change-service-level
configure>subscriber-mgmt>category-map category-map-name category category-name>out-of-credit-action-override change-service-level
an IPv4 HTTP redirect action with allow-override is specified in the exhausted credit service level context for the corresponding rating group using the command configure>subscriber-mgmt>category-map category-map-name category category-name>exhausted-credit-service-level>ingress-ip-filter-entries> entry entry-id>action http-redirect url allow-override
In all other cases, the URL specified in the Redirect-Server-Address AVP is ignored and the configured URL is used. The URL received from the Credit Control Server is included in the output of show>service>active-subscribers>credit-control. The allow-override is ignored for RADIUS credit control.
The following variables can optionally be added in the configured URL (http-redirect url) and in the override URL from the Credit Control Server (Redirect-Server-Address AVP):
$IP – Customer’s IP address
$MAC – Customer’s MAC address
$URL – Original requested URL
$SAP – Customer’s SAP
$SUB – Customer’s subscriber identification string
$CID – string that represents the circuit-id or interface-id of the subscriber host (hexadecimal format)
$RID – string that represents the remote-id of the subscriber host (hexadecimal format)
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
action {alarm | remove}
no action
[Tree] (config>subscr-mgmt>shcv-policy>periodic action)
Full Context
configure subscriber-mgmt shcv-policy periodic action
This command configures the action to take when the periodic connectivity verification failed.
The no form of this command reverts to the default.
action alarm
- alarm
Raises an alarm indicating that the host is disconnected.
- remove
Raises an alarm and releases all allocated resources (addresses, prefixes, queues, table entries, and so on). Static hosts are removed.
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
action {drop | forward | none}
action http-redirect rdr-url-string
no action
[Tree] (config>subscr-mgmt>isa-filter>ipv6>entry action)
[Tree] (config>subscr-mgmt>isa-filter>entry action)
Full Context
configure subscriber-mgmt isa-filter ipv6 entry action
configure subscriber-mgmt isa-filter entry action
This command specifies what should happen to packets that do match this entry.
The no form of this command reverts to the default value.
action none
- drop
Specifies to drop the packet.
- forward
Specifies to forward the packet.
- none
Specifies to ignore the entry and continue processing with subsequent entries.
- rdr-url-string
Specifies the URL to which matching HTTP flows are redirected, up to 255 characters. The URL can be overridden by AAA. Non-HTTP packets are dropped. The URL supports the $URL, $MAC, and $IP variables. For other macro substitutions, the string is not modified.
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
action {permit-deny | priority-mark}
no action
[Tree] (config>subscr-mgmt>isa-policer action)
Full Context
configure subscriber-mgmt isa-policer action
This command specifies what happens to packets that are in-profile and out-of-profile.
The no form of this command reverts to the default value.
action permit-deny
- permit-deny
Drops all packets that are out of profile (they do not conform to the PIR).
- priority-mark
Currently not supported. The policer will take no action.
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
action {log-only | reset-mda | fail-mda}
no action
[Tree] (config>card>mda>event action)
Full Context
configure card mda event action
This command defines the action to be taken when a specific hardware error event is raised against the target mda.
Only one action can be enabled at a time. Entering a new action will override a previously defined action.
The no form of this command sets the action to the default value.
action log-only
- log-only
Specifies to pass the log event to log management. No other action is taken.
- reset-mda
Specifies to reset the mda.
- fail-mda
Specifies to set the operational state of the mda to Failed. This Failed state will persist until the clear mda command is issued (reset) or the mda is removed and re-inserted (re-seat).
[no] action
[Tree] (configure>system>security>profile>netconf>base-op-authorization action)
Full Context
configure system security profile netconf base-op-authorization action
This command enables the NETCONF <action> RPC.
The no form of this command disables the RPC.
no action
The operation is enabled by default in the built-in system-generated administrative profile.
action {priority-mark | permit-deny| monitor}
[Tree] (config>app-assure>group>policer action)
Full Context
configure application-assurance group policer action
This command configures the action to be performed by single-bucket bandwidth policers for non-conformant traffic.
Dual bucket bandwidth policers cannot have their action configured and always mark traffic below CIR in profile, between CIR and PIR out of profile, and drop traffic above PIR. Flow policers always discard non-conformant traffic.
When multiple application assurance policers are configured against a single flow (including policers at both subscriber and system), the final action done to the flow/packet will be a logical OR of all policers actions. For example, if only of the policers requires the packet to be discarded, the packet will be dropped regardless of the action of the other policers.
action permit-deny
- priority-mark
Non-conformant traffic will be marked out of profile and the conformant traffic will be marked in profile. The new marking will overwrite any previous IOM QoS marking done to a packet.
- permit-deny
Non-conformant traffic will be dropped.
- monitor
- Records the duration and volume of non-conformant traffic. The non-conformant traffic is not dropped. This parameter is only applicable to single-rate flow-level policers.
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
[Tree] (config>app-assure>group>policy>aqp>entry action)
Full Context
configure application-assurance group policy app-qos-policy entry action
Commands in this context configure AQP actions to be performed on flows that match the AQP entry’s match criteria.
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
action {permit | deny} [event-log event-log-name]
action http-redirect http-redirect-name [event-log event-log-name]
action tcp-optimizer tcp-optimizer-name
action redirect [dst-ip ip-address] [dst-port dst-port] [event-log event-log-name]
[Tree] (config>app-assure>group>sess-fltr>entry action)
Full Context
configure application-assurance group session-filter entry action
This command configures the action for this entry.
- deny
Specifies that packets matching the criteria are denied.
- permit
Specifies that packets matching the criteria are permitted.
- event-log-name
Specifies the event log name, up to 32 characters.
- http-redirect-name
Specifies the HTTP redirect name, up to 32 characters.
- tcp-optimizer
Specifies to use TCP Optimization (TCPO) on the matching flows. The TCPO policy referenced within this session filter entry is configured under the AA group. If the TCPO action is removed from a session-filter entry, the existing flows are not affected. However, no new TCP flows are optimized.
- tcp-optimizer-name
Specifies the name of the TCPO policy, up to 32 characters.
- redirect
Configures a session filter entry action to perform Layer 3 or Layer 4 redirect. For the matching flows, AA replaces the destination address (IP address or port) with the configured values. In the reverse direction (toward the subscriber), AA restores the original IP and port numbers (as the source IP and port fields).
If the redirect action is removed from a session filter, the existing redirected flows are not affected, and redirect still occurs. However, no redirect will be applied to newly-established flows.
- ip-address
Specifies a valid unicast server IPv4 or IPv6 address to forward the traffic to.
- dst-port
Specifies a valid TCP/UDP server destination port number.
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
action {permit | deny}
[Tree] (config>app-assure>group>gtp>gtp-fltr>imsi-apn-fltr>entry action)
Full Context
configure application-assurance group gtp gtp-filter imsi-apn-filter entry action
This command configures an action for the IMSI-APN filter entry.
action permit
- permit
Specifies to permit packets that do not match any message entries.
- deny
Specifies to deny packets that do not match any message entries.
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
action {dnat | forward} [ip-address ip-address]
no action
[Tree] (config>service>nat>nat-classifier>entry action)
Full Context
configure service nat nat-classifier entry action
This command specifies the action to take for packets that match this nat-classifier entry. The no form of the command removes the specified action statement. By default, the entry is ignored (skipped). Consequently, the action from another matching entry is applied. If there are no other matching entries found, the default-action is applied.
no action.
- dnat
Performs the DNAT function. The destination IP address of the packet traversing the router in the direction from inside to outside is replaced by the configured IP address. Destination port is not translated. In the opposite direction (from outside to inside), the source address in the returning packet is restored to the original value.
- forward
Specifies that the forward action ensures that the packet is transparently passed through the nat-classifier.
- ip-address ip-address
Specifies that the destination IP address replaces the original IP address in the packet traveling from inside to outside.
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
[no] action [secondary]
[Tree] (config>filter>ip-filter>entry action)
[Tree] (config>filter>ipv6-filter>entry action)
[Tree] (config>filter>mac-filter>entry action)
Full Context
configure filter ip-filter entry action
configure filter ipv6-filter entry action
configure filter mac-filter entry action
Commands in this context configure a primary (no option specified) or secondary (secondary option specified) action to be performed on packets matching this filter entry. An ACL filter entry remains inactive (is not programmed in hardware) until a specific action is configured for that entry.
A primary action supports any filter entry action, a secondary action is used for redundancy and defines a redundant Layer 3 PBR action for an Layer 3 PBR primary action or a redundant L2 PBF action for a Layer 2 PBF primary action.
The no form of this command removes the specific action configured in the context of the action command. The primary action cannot be removed if a secondary action exists.
no action
- secondary
Specifies a secondary action to be performed on packets matching this filter entry. A secondary action can only be configured if a primary action is configured.
action [fc fc-name] [priority {high | low}] [policer policer-id]
no action
[Tree] (config>qos>sap-ingress>ipv6-criteria>entry action)
[Tree] (config>qos>sap-ingress>ip-criteria>entry action)
[Tree] (config>qos>sap-ingress>mac-criteria>entry action)
Full Context
configure qos sap-ingress ipv6-criteria entry action
configure qos sap-ingress ip-criteria entry action
configure qos sap-ingress mac-criteria entry action
This mandatory command associates the forwarding class or enqueuing priority with specific IP, IPv6, or MAC criteria entry ID. The action command supports setting the forwarding class parameter to a subclass. Packets that meet all match criteria within the entry have their forwarding class and enqueuing priority overridden based on the parameters included in the action parameters. When the forwarding class is not specified in the action command syntax, a matching packet preserves (or inherits) the existing forwarding class derived from earlier matches in the classification hierarchy. When the enqueuing priority is not specified in the action, a matching packet preserves (or inherits) the existing enqueuing priority derived from earlier matches in the classification hierarchy.
When a policer is specified in the action, a matching packet is directed to the configured policer instead of the policer/queue assigned to the forwarding class of the packet.
The action command must be executed for the match criteria to be added to the active list of entries. If the entry is designed to prevent more explicit (higher entry ID) entries from matching certain packets, the fc fc-name and match protocol fields should not be defined when executing action. This allows packets matching the entry to preserve the forwarding class and enqueuing priority derived from previous classification rules.
Each time action is executed on a specific entry ID, the previously entered values for fc fc-name and priority are overridden with the newly defined parameters or inherit previous matches when a parameter is omitted.
The no form of this command removes the entry from the active entry list. Removing an entry on a policy immediately removes the entry from all SAPs using the policy. All previous parameters for the action is lost.
If no action is specified, the action specified by the default-fc command will be used.
- fc fc-name
The value given for fc fc-name must be one of the predefined forwarding classes in the system. Specifying the fc fc-name is required. When a packet matches the rule, the forwarding class is only overridden when the fc fc-name parameter is defined on the rule. If the packet matches and the forwarding class is not explicitly defined in the rule, the forwarding class is inherited based on previous rule matches.
The subclass-name parameter is optional and used with the fc-name parameter to define a pre-existing subclass. The fc-name and subclass-name parameters must be separated by a period (.). If subclass-name does not exist in the context of fc-name, an error will occur. If subclass-name is removed using the no fc fc-name.subclass-name force command, the default-fc command will automatically drop the subclass-name and only use fc-name (the parent forwarding class for the subclass) as the forwarding class.
- priority
The priority parameter overrides the default enqueuing priority for all packets received on a SAP using this policy that match this rule. Specifying the priority (high or low) is optional. When a packet matches the rule, the enqueuing priority is only overridden when the priority parameter is defined on the rule. If the packet matches and priority is not explicitly defined in the rule, the enqueuing priority is inherited based on previous rule matches.
- high
The high parameter is used in conjunction with the priority parameter. Setting the priority enqueuing parameter to high for a packet increases the likelihood to enqueue the packet when the queue is congested. The enqueuing priority only affects ingress SAP queuing. When the packet is placed in a buffer on the queue, the significance of the enqueuing priority is lost.
- low
The low parameter is used in conjunction with the priority parameter. Setting the priority enqueuing parameter to low for a packet decreases the likelihood to enqueue the packet when the queue is congested. The enqueuing priority only affects ingress SAP queuing. When the packet is placed in a buffer on the ingress queue, the significance of the enqueuing priority is lost.
- policer-id
A valid policer-id must be specified. The parameter policer-id references a policer-id that has already been created within the sap-ingress QoS policy.
action [fc fc-name] [profile {in | out | exceed | inplus}] [policer policer-id] [port-redirect-group-queue] [queue queue-id] [use-fc-mapped-queue]
no action
[Tree] (config>qos>sap-egress>ipv6-criteria>entry action)
[Tree] (config>qos>sap-egress>ip-criteria>entry action)
Full Context
configure qos sap-egress ipv6-criteria entry action
configure qos sap-egress ip-criteria entry action
This command defines the reclassification actions that should be performed on any packet matching the defined IP flow criteria within the entries match node. When defined under the ip-criteria context, the reclassification only applies to IPv4 packets. When defined under the ipv6-criteria context, the reclassification only applies to IPv6 packets.
If an egress packet on the SAP matches the specified IP flow entry, the forwarding class, or profile or egress queue accounting behavior may be overridden. By default, the forwarding class and profile of the packet is derived from ingress classification and profiling functions. Matching an IP flow reclassification entry will override all IP precedence- or DSCP-based reclassification rule actions when an explicit reclassification action is defined for the entry.
It is also possible to redirect the egress packet to a configured policer. The forwarding class or profile can also be optionally specified.
When an IP flow entry is first created, the entry will have no explicit behavior defined as the reclassification actions to be performed. In show and info commands, the entry will display no action as the specified reclassification action for the entry. When the entry is defined with no action, the entry will not be populated in the IP flow reclassification list used to evaluate packets egressing a SAP with the SAP egress policy defined. An IP flow reclassification entry is only added to the evaluation list when the action command for the entry is executed either with explicit reclassification entries or without any actions defined. Specifying action without any trailing reclassification actions allows packets matching the entry to exit the evaluation list without matching entries lower in the list. Executing no action on an entry removes the entry from the evaluation list and also removes any explicitly defined reclassification actions associated with the entry.
The fc keyword is optional. When specified, the egress classification rule will overwrite the forwarding class derived from ingress. The new forwarding class is used for egress remarking and queue mapping decisions.
The profile keyword is optional. When specified, the egress classification rule will overwrite the profile of the packet derived from ingress. The new profile value is used for egress remarking and queue congestion behavior.
The policer keyword is optional. When specified, the egress packet will be redirected to the configured policer. Optional parameters allow the user to control how the forwarded policed traffic exits the egress port. By default, the policed forwarded traffic will use a queue in the egress port’s policer-output-queue queue group; alternatively, a queue in an instance of a user-configured queue group can be used or a local SAP egress queue.
The no form of this command removes all reclassification actions from the IP flow reclassification entry and also removes the entry from the evaluation list. An entry removed from the evaluation list will not be matched to any packets egress a SAP associated with the SAP egress QoS policy.
- fc fc-name
The fc reclassification action is optional. When specified, packets matching the IP flow reclassification entry will be explicitly reclassified to the forwarding class specified as fc-name regardless of the ingress classification decision. The fc-name defined must be one of the eight forwarding classes supported by the system. To remove the forwarding class reclassification action for the IP flow entry, the action command must be re-executed without the fc reclassification action defined.
- profile {in | out | exceed | inplus}
The profile reclassification action is optional. When specified, packets matching the IP flow reclassification entry will be explicitly reclassified to the configured profile regardless of the ingress profiling decision. To remove the profile reclassification action for the IP flow reclassification entry, the action command must be re-executed without the profile reclassification action defined.
- in
The in parameter is mutually exclusive to the exceed, inplus, and out parameters following the profile reclassification action keyword. In, exceed, inplus, or out must be specified when the profile keyword is present. When in is specified, any packets matching the reclassification rule will be treated as in-profile by the egress forwarding plane.
- out
The out parameter is mutually exclusive to the exceed, inplus, and in parameters following the profile reclassification action keyword. In, exceed, inplus, or out must be specified when the profile keyword is present. When out is specified, any packets matching the reclassification rule will be treated as out-of-profile by the egress forwarding plane.
- exceed
The exceed parameter is mutually exclusive to the out, inplus, and in parameters following the profile reclassification action keyword. In, exceed, inplus, or out must be specified when the profile keyword is present. When exceed is specified, any packets matching the reclassification rule will be treated as exceed-profile by the egress forwarding plane.
- inplus
The inplus parameter is mutually exclusive to the out, exceed, and in parameters following the profile reclassification action keyword. In, exceed, inplus, or out must be specified when the profile keyword is present. When inplus is specified, any packets matching the reclassification rule will be treated as inplus-profile by the egress forwarding plane.
- policer policer-id
When the action policer command is executed, a valid policer ID must be specified. The parameter policer ID references a policer ID that has already been created within the SAP egress QoS policy.
- port-redirect-group-queue queue queue-id
Used to override the forwarding class default egress queue destination to an egress port queue group. The specific egress queue group instance to use is specified at the time the QoS policy is applied to the SAP. Therefore, this parameter is only valid if SAP-based redirection is required. The queue parameter overrides the policer’s default egress queue destination to a specified queue-id in the egress port queue group instance.
- queue queue-id
This parameter overrides the policer’s default egress queue destination to a specified local SAP queue of that queue-id. A queue of ID queue-id must exist within the egress QoS policy.
- use-fc-mapped-queue
This parameter overrides the policer’s default egress queue destination to the queue mapped by the traffic’s forwarding class.
action [fc fc-name profile {in | out | exceed | inplus}] [port-redirect-group {queue queue-id | policer policer-id [queue queue-id]}]
[Tree] (config>qos>network>egress>ipv6-criteria>entry action)
[Tree] (config>qos>network>egress>ip-criteria>entry action)
Full Context
configure qos network egress ipv6-criteria entry action
configure qos network egress ip-criteria entry action
This command defines the reclassification actions that are performed on any packet matching the defined IP flow criteria within the entry’s matched node. When defined under the ip-criteria context, the reclassification only applies to IPv4 packets. When defined under the ipv6-criteria context, the reclassification only applies to IPv6 packets.
If an egress packet matches the specified IP flow entry, the forwarding class and profile may be overridden. By default, the forwarding class and profile of the packet are derived from ingress classification and profiling functions. Matching an IP flow reclassification entry will override all IP precedence-based or DSCP-based reclassification rule actions when an explicit reclassification action is defined for the entry.
When an IP flow entry is first created, the entry will have no explicit behavior defined as the reclassification actions to be performed. When the entry is defined with no action, the entry will not be populated in the IP flow reclassification list used to evaluate egress packets. An IP flow reclassification entry is only added to the evaluation list when the action command for the entry is executed.
The fc and profile keywords are optional. When specified, the egress classification rule will overwrite the forwarding class and profile derived from ingress. The new forwarding class and profile are used for egress remarking, queue mapping decisions, and queue congestion behavior.
The port-redirect-group keyword is optional. When specified, the egress packet will be redirected to the configured queue or policer in the specified egress network queue group. By default, the policed forwarded traffic will use the regular network queue to which the packet's forwarding class is mapped. Alternatively, a queue in the network egress queue group instance can be used for post-policed traffic by specifying a queue after the policer parameter. The port-redirect-group keyword requires that the network egress queue group instance is specified when this network QoS policy is applied to a network interface. The port-redirect-group is not supported on a 7750 SR-a4/a8.
The no form of this command removes all reclassification actions from the IP flow reclassification entry and also removes the entry from the evaluation list. An entry removed from the evaluation list will not be matched to any egress packets.
no action
- fc fc-name
The fc reclassification action is optional. When specified, packets matching the IP flow reclassification entry will be explicitly reclassified to the forwarding class specified as fc-name regardless of the ingress classification decision. The fc-name defined must be one of the eight forwarding classes supported by the system. The profile reclassification action is mandatory when an fc is specified. To remove the forwarding class reclassification action for the IP flow entry, the action command must be re-executed without the fc reclassification action defined.
- profile {in | out | exceed | inplus}
The profile reclassification action is mandatory when an fc is specified, otherwise it is optional. When specified, packets matching the IP flow reclassification entry will be explicitly reclassified to the configured profile regardless of the ingress profiling decision. In, exceed, inplus, or out must be specified when the profile keyword is present. To remove the profile reclassification action for the IP flow reclassification entry, the action command must be re-executed without the profile reclassification action defined.
- in
When specified, any packets matching the reclassification rule will be treated as in-profile by the egress forwarding plane.
- out
When specified, any packets matching the reclassification rule will be treated as out-of-profile by the egress forwarding plane.
- exceed
When specified, any packets matching the reclassification rule will be treated as exceed-profile by the egress forwarding plane.
- inplus
When specified, any packets matching the reclassification rule will be treated as inplus-profile by the egress forwarding plane.
- queue queue-id
Used to override the forwarding class default egress queue destination to the specified network egress queue group instance queue. The specific egress queue group instance to use is specified at the time the QoS policy is applied to the network interface.
- policer policer-id
Specifies a valid policer ID that has already been created within the network egress queue group instance.
- queue queue-id
The queue following the configured policer overrides the default policed traffic egress queue destination to a specified queue in the network egress queue group instance.
action fc fc-name profile {in | out}
no action
[Tree] (config>qos>network>ingress>ipv6-criteria>entry action)
[Tree] (config>qos>network>ingress>ip-criteria>entry action)
Full Context
configure qos network ingress ipv6-criteria entry action
configure qos network ingress ip-criteria entry action
This command defines the reclassification actions that are performed on any packet matching the defined IP flow criteria within the entry’s matched node. When defined under the ip-criteria context, the reclassification only applies to IPv4 packets. When defined under the ipv6-criteria context, the reclassification only applies to IPv6 packets.
If an ingress packet matches the specified IP flow entry, the forwarding class and profile may be overridden. By default, the forwarding class and profile of the packet are derived from ingress classification and profiling functions. Matching an IP flow reclassification entry will override all non-criteria reclassification rule actions when an explicit reclassification action is defined for the entry.
When an IP flow entry is first created, the entry will have no explicit behavior defined as the reclassification actions to be performed. When the entry is defined with no action, the entry will not be populated in the IP flow reclassification list used to evaluate ingress packets. An IP flow reclassification entry is only added to the evaluation list when the action command for the entry is executed.
The no form of this command removes all reclassification actions from the IP flow reclassification entry and also removes the entry from the evaluation list. An entry removed from the evaluation list will not be matched to any ingress packets.
no action
- fc fc-name
The fc reclassification action is optional. When specified, packets matching the IP flow reclassification entry will be explicitly reclassified to the forwarding class specified as fc-name regardless of the ingress classification decision. The fc-name defined must be one of the eight forwarding classes supported by the system. The profile reclassification action is mandatory when an fc is specified. To remove the forwarding class reclassification action for the IP flow entry, the action command must be re-executed without the fc reclassification action defined.
- profile {in | out}
The profile reclassification action is mandatory. Packets matching the IP flow reclassification entry will be explicitly reclassified to the configured profile regardless of other ingress profiling decisions. In or out must be specified when the profile keyword is present. To remove the profile reclassification action for the IP flow reclassification entry, the action command must be re-executed without the profile reclassification action defined.
- in
When specified, any packets matching the reclassification rule will be treated as in-profile by the ingress forwarding plane.
- out
When specified, any packets matching the reclassification rule will be treated as out-of-profile by the ingress forwarding plane.
action {replace | drop | keep}
no action
[Tree] (config>router>if>dhcp>option action)
Full Context
configure router interface dhcp option action
This command configures the processing required when the 7450 ESS, 7750 SR, 7950 XRS, and VSR router receives a DHCP request that already has a Relay Agent Information Option (Option 82) field in the packet.
The no form of this command returns the system to the default value.
Per RFC 3046, DHCP Relay Agent Information Option, section 2.1.1, Reforwarded DHCP requests, the default is to keep the existing information intact. The exception to this is if the GI address of the received packet is the same as the ingress address on the router. In that case the packet is dropped and an error is logged.
- replace
In the upstream direction (from the user), the existing Option 82 field is replaced with the Option 82 field from the router. In the downstream direction (toward the user) the Option 82 field is stripped (in accordance with RFC 3046).
- drop
The packet is dropped, and an error is logged.
- keep
The existing information is kept in the packet and the router does not add any additional information. In the downstream direction the Option 82 field is not stripped and is sent on toward the client.
The behavior is slightly different in case of Vendor Specific Options (VSOs). When the keep parameter is specified, the router will insert his own VSO into the Option 82 field. This will only be done when the incoming message has already an Option 82 field.
If no Option 82 field is present, the router will not create the Option 82 field. In this in that case, no VSO will be added to the message.
action {action}
no action
[Tree] (config>serv>mrp>mrp-policy>entry action)
Full Context
configure service mrp mrp-policy entry action
This command specifies the action to be applied to the MMRP attributes (Group B-MACs) whose ISIDs match the specified ISID criteria in the related entry.
The action keyword must be entered for the entry to be active. Any filter entry without the action keyword will be considered incomplete and will be inactive. If neither keyword is specified (no action is used), this is considered a No-Op policy entry used to explicitly set an entry inactive without modifying match criteria or removing the entry itself. Multiple action statements entered will overwrite previous actions parameters when defined. To remove a parameter, use the no form of the action command with the specified parameter.
The no form of the command removes the specified action statement. The entry is considered incomplete and hence rendered inactive without the action keyword.
no action
- action
Specifies the action for the MRP policy entry.
- block
Specifies that the matching MMRP attributes will not be declared or registered on this SAP or SDP.
- allow
Specifies that the matching MMRP attributes will be declared and registered on this SAP or SDP.
- end-station
Specifies that an end-station emulation is present on this SAP or SDP for the MMRP attributes related with matching ISIDs. Equivalent action with the block keyword on that SAP or SDP. The attributes associated with the matching ISIDs are not declared or registered on the SAP or SDP. The matching attributes on the other hand are mapped as static MMRP entries on the SAP or SDP which implicitly instantiates in the data plane as a MFIB entry associated with that SAP or SDP for the related Group B-MAC. For the other SAPs/SDPs in the BVPLS with MRP enabled (no shutdown). This means that the permanent declaration of the matching attributes, as in the case when the IVPLS instances associated with these ISIDs were locally configured.
If an MRP policy has end-station action in one entry, the only default action allowed in the policy is block. Also no other actions are allowed to be configured in other entry configured under the policy.
This policy will apply even if the MRP is shutdown on the local SAP or SDP or for the whole BVPLS to allow for manual creation of MMRP entries in the data plane. Specifically the following rules apply:
If service vpls mrp shutdown is executed, and the MMRP on all SAP or SDPs is shutdown, then MRP PDUs pass-through transparently.
If service vpls mrp no shutdown, and the endstation statement (even with no ISID values in the related match statement) is used in an MRP policy applied to SAP or SDP, then no declaration is sent on SAP or SDP. The provisioned ISIDs in the match statement are registered on that SAP or SDP and are propagated on all the other MRP enabled endpoints.
action {permit | deny | deny-host-unreachable}
no action
[Tree] (config>system>security>mgmt-access-filter>mac-filter>entry action)
[Tree] (config>system>security>mgmt-access-filter>ipv6-filter>entry action)
[Tree] (config>system>security>mgmt-access-filter>ip-filter>entry action)
Full Context
configure system security management-access-filter mac-filter entry action
configure system security management-access-filter ipv6-filter entry action
configure system security management-access-filter ip-filter entry action
This command creates the action associated with the management access filter match criteria entry.
The action keyword is required. If no action is defined, the filter is ignored. If multiple action statements are configured, the last one overwrites previous configured actions.
If the packet does not meet any of the match criteria the configured default action is applied.
- permit
Specifies that packets matching the configured criteria will be permitted.
- deny
Specifies that packets matching the configured selection criteria will be denied and that a ICMP host unreachable message will not be issued.
- deny-host-unreachable
Specifies that packets matching the configured selection criteria will be denied and that a host unreachable message will not be issued.
The deny-host-unreachable parameter only applies to ip-filter and ipv6-filter.
action [accept | drop | queue queue-id]
no action
[Tree] (config>sys>security>cpm-filter>ipv6-filter>entry action)
[Tree] (config>sys>security>cpm-filter>mac-filter>entry action)
[Tree] (config>sys>security>cpm-filter>ip-filter>entry action)
Full Context
configure system security cpm-filter ipv6-filter entry action
configure system security cpm-filter mac-filter entry action
configure system security cpm-filter ip-filter entry action
This command specifies the action to take for packets that match this filter entry.
action drop
- accept
Specifies packets matching the entry criteria will be forwarded.
- drop
Specifies packets matching the entry criteria will be dropped.
- queue queue-id
Specifies packets matching the entry criteria will be forward to the specified CPM hardware queue.
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
action {deny | permit | read-only}
[Tree] (config>system>security>profile>entry action)
Full Context
configure system security profile entry action
This command configures the action associated with the profile entry.
- deny
Specifies that commands matching the entry command match criteria are to be denied.
- permit
Specifies that commands matching the entry command match criteria is permitted.
- read-only
Specifies the commands matching the entry command match criteria is available with read-only access.
[Tree] (config>log>event-handling>handler action-list)
Full Context
configure log event-handling handler action-list
Commands in this context configure the EHS handler action list.
action-on-fail {drop | passthrough}
no action-on-fail
[Tree] (config>python>py-script action-on-fail)
Full Context
configure python python-script action-on-fail
This command specifies the action taken when Python fails to modify the given message.
The no form of this command reverts to the default.
action-on-fail drop
- drop
Specifies that the packet will be dropped.
- passthrough
Specifies that the packet that is sent out without any modifications.
action-on-fail {drop | passthrough}
no action-on-fail
[Tree] (config>aaa>radius-scr-plcy action-on-fail)
Full Context
configure aaa radius-script-policy action-on-fail
specifies the action taken when Python fails to modify the RADIUS message.
The no form of this command reverts to the default.
action-on-fail drop
- drop
Specifies that the packet will be dropped.
- passthrough
Specifies that the packet will be sent out without any modifications.
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
activate [file-url] [now]
[Tree] (admin>system>license activate)
Full Context
admin system license activate
This command performs an activation on the license file pointed to by the command line argument. The file is first validated as described in the admin>system>license>validate command and upon success, replaces the existing license attributes in the system with the information in the new license file.
The license attributes that are active on a system can be viewed with the show>licensing>entitlements command.
If the CLM tool is being used for license management, it shall perform the validation and activation and there is no need to enter these commands manually.
- file-url
Specifies the file URL location to read the license file.
- now
If the now keyword is not present, the operator is prompted to confirm the activation. With the now keyword the license file is activated without the additional prompt.
activate card cpm-slot serial-number cpm-serial-number confirmation-code code
[Tree] (admin>system>security>secure-boot activate)
Full Context
admin system security secure-boot activate
This command activates Secure Boot to enforce digital signature verification of the software on every boot.
Once Secure Boot is activated on a CPM, the capability is permanently enabled and cannot be disabled.
- cpm-slot
Specifies the CPM slot.
- cpm-serial-number
Specifies the CPM serial number, up to 256 characters.
- code
Specifies the secure boot confirmation code, up to 32 characters.
7750 SR-1, 7750 SR-s, 7950 XRS-20e
activate-entry-tag activate-entry-tag
no activate-entry-tag
[Tree] (config>service>ies>if>sap>ingress>criteria-overrides>ipv6-criteria activate-entry-tag)
[Tree] (config>service>cpipe>sap>ingress>criteria-overrides>ip-criteria activate-entry-tag)
[Tree] (config>service>epipe>sap>ingress>criteria-overrides>ip-criteria activate-entry-tag)
[Tree] (config>service>cpipe>sap>ingress>criteria-overrides>ipv6-criteria activate-entry-tag)
[Tree] (config>service>vpls>sap>ingress>criteria-overrides>ip-criteria activate-entry-tag)
[Tree] (config>service>vprn>if>sap>ingress>criteria-overrides>ipv6-criteria activate-entry-tag)
[Tree] (config>service>ipipe>sap>ingress>criteria-overrides>ip-criteria activate-entry-tag)
[Tree] (config>service>ipipe>sap>ingress>criteria-overrides>ipv6-criteria activate-entry-tag)
[Tree] (config>service>ies>if>sap>ingress>criteria-overrides>ip-criteria activate-entry-tag)
[Tree] (config>service>vpls>sap>ingress>criteria-overrides>ipv6-criteria activate-entry-tag)
[Tree] (config>service>epipe>sap>ingress>criteria-overrides>ipv6-criteria activate-entry-tag)
[Tree] (config>service>vprn>if>sap>ingress>criteria-overrides>ip-criteria activate-entry-tag)
Full Context
configure service ies interface sap ingress criteria-overrides ipv6-criteria activate-entry-tag
configure service cpipe sap ingress criteria-overrides ip-criteria activate-entry-tag
configure service epipe sap ingress criteria-overrides ip-criteria activate-entry-tag
configure service cpipe sap ingress criteria-overrides ipv6-criteria activate-entry-tag
configure service vpls sap ingress criteria-overrides ip-criteria activate-entry-tag
configure service vprn interface sap ingress criteria-overrides ipv6-criteria activate-entry-tag
configure service ipipe sap ingress criteria-overrides ip-criteria activate-entry-tag
configure service ipipe sap ingress criteria-overrides ipv6-criteria activate-entry-tag
configure service ies interface sap ingress criteria-overrides ip-criteria activate-entry-tag
configure service vpls sap ingress criteria-overrides ipv6-criteria activate-entry-tag
configure service epipe sap ingress criteria-overrides ipv6-criteria activate-entry-tag
configure service vprn interface sap ingress criteria-overrides ip-criteria activate-entry-tag
This command activates the entry tag.
The no form of this command removes any existing entry tags from the SAP.
- activate-entry-tag
Specifies the tag identifier value for activation.
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
[no] active-cpm-protocols
[Tree] (config>service>vprn>if active-cpm-protocols)
Full Context
configure service vprn interface active-cpm-protocols
This command enables CPM protocols on this interface.
active-flow-timeout seconds
no active-flow-timeout
[Tree] (config>cflowd active-flow-timeout)
Full Context
configure cflowd active-flow-timeout
This command configures the maximum amount of time before an active flow is aged out of the active cache. If an individual flow is active for the specified amount of time, the flow is aged out and a new flow is created on the next packet sampled for that flow.
Existing flows do not inherit the new active-flow-timeout value if this parameter is changed while cflowd is active. The active-flow-timeout value for a flow is set when the flow is first created in the active cache table and does not change dynamically.
The no form of this command resets the timeout back to the default value.
active-flow-timeout 1800
- seconds
Specifies the value, in seconds, before an active flow is exported.
active-hold-delay active-hold-delay
no active-hold-delay
[Tree] (config>service>ipipe>endpoint active-hold-delay)
[Tree] (config>service>cpipe>endpoint active-hold-delay)
[Tree] (config>service>epipe>endpoint active-hold-delay)
Full Context
configure service ipipe endpoint active-hold-delay
configure service cpipe endpoint active-hold-delay
configure service epipe endpoint active-hold-delay
This command specifies that the node will delay sending the change in the T-LDP status bits for the VLL endpoint when the MC-LAG transitions the LAG subgroup which hosts the SAP for this VLL endpoint from active to standby or when any object in the endpoint. For example, SAP, ICB, or regular spoke SDP, transitions from up to down operational state.
By default, when the MC-LAG transitioned the LAG subgroup which hosts the SAP for this VLL endpoint from active to standby, the node sends immediately new T-LDP status bits indicating the new value of "standby” over the spoke SDPs which are on the mate-endpoint of the VLL. The same applies when any object in the endpoint changes an operational state from up to down.
There is no delay applied to the VLL endpoint status bit advertisement when the MC-LAG transitions the LAG subgroup which hosts the SAP from standby to active or when any object in the endpoint transitions to an operationally up state.
active-hold-delay 0
- active-hold-delay
Specifies the active hold delay in 100s of milliseconds.
A value of zero means that when the MC-LAG transitioned the LAG subgroup which hosts the SAP for this VLL endpoint from active to standby, the node sends immediately new T-LDP status bits indicating the new value of standby over the spoke SDPs which are on the mate-endpoint of the VLL. The same applies when any object in the endpoint changes an operational state from up to down.
- configure service epipe endpoint active-hold-delay
- configure service ipipe endpoint active-hold-delay
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
- configure service cpipe endpoint active-hold-delay
active-instance instance-id
no active-instance
[Tree] (config>router>p2mp-sr-tree>p2mp-policy>candidate-path active-instance)
Full Context
configure router p2mp-sr-tree p2mp-policy candidate-path active-instance
This command configures the active instance of a P2MP candidate path for the P2MP SR tree as a primary or a secondary instance. Before configuring the active instance ID, the candidate path instance must be configured using the configure router p2mp-sr-tree p2mp-policy candidate-path path-instances index instance command.
The no form of this command removes the active instance.
no active-instance
- instance-id
Specifies the active instance as primary (1) or secondary (2).
active-iom-limit number
no active-iom-limit
[Tree] (config>isa>wlan-gw-group active-iom-limit)
Full Context
configure isa wlan-gw-group active-iom-limit
This command specifies the number of WLAN-GW IOMs used as active IOMs from the total number of configured WLAN-GW IOMs. If there are more configured IOM than active-iom-limit, then the remaining number of IOMs is designated as backup(s).
The no form of this command removes the number from the configuration.
- number
Specifies the number of IOMs in this WLAN Gateway ISA group that are intended for active use.
7750 SR, 7750 SR-e, 7750 SR-s, VSR
active-lease-time [hrs hours] [min minutes] [sec seconds]
no active-lease-time
[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>dhcp active-lease-time)
[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>dhcp active-lease-time)
Full Context
configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range dhcp active-lease-time
configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range dhcp active-lease-time
This command configures the lease time for an authenticated user.
active-lease-time min 10
- hours
Specifies the number of active lease time hours.
- minutes
Specifies the number of active lease time minutes.
- seconds
Specifies the number of active lease time seconds.
7750 SR, 7750 SR-e, 7750 SR-s, VSR
active-mda-limit number
no active-mda-limit
[Tree] (config>isa>wlan-gw-group active-mda-limit)
Full Context
configure isa wlan-gw-group active-mda-limit
This command specifies how many ISAs may be in active use by the WLAN-GW group at the same time. If the maximum number of active ISAs is reached and more ISAs are added to the group, the new ISAs are considered to be in standby mode.
The no form of this command removes the limit on the maximum number of active ISAs.
- number
Specifies the number of WLAN-GW ISAs intended for active use.
7750 SR, 7750 SR-e, 7750 SR-s
active-mda-limit number
no active-mda-limit
[Tree] (config>isa>nat-group active-mda-limit)
Full Context
configure isa nat-group active-mda-limit
This command configures the number of active ESA-VM or ISA members in a NAT group.
The system automatically selects which ESA-VMs or ISAs are active. In active/standby (A/S) redundancy mode, the correlation between ESA-VM or ISA members is direct, meaning each ESA-VM or ISA equates to one member. In active/active (A/A) redundancy mode, an individual ESA-VM or ISA may be associated with multiple members.
For A/S redundancy, any surplus ESA-VMs or ISAs beyond the configured active threshold automatically transition to standby. These standby units remain idle until an active unit fails, at which point a standby unit takes over, handling traffic from only one failed active unit. This setup allows for the configuration of multiple standby units to provide resilience against several concurrent failures.
In A/A redundancy, the combination of this command and the failed-mda-limit command guides the distribution of resources among ESA-VMs or ISAs, essentially defining how the members are structured.
In both A/S and A/A modes, the system strives to maintain the configured number of active members as outlined by the active MDA limit, drawing from the pool of available spare resources to compensate for any failures. If the actual number of active members drops below this limit because of a lack of available spares, the NAT group status changes to degraded. In this state, traffic intended for the missing ESA-VM or ISA members (up to the active MDA limit) is blackholed. In Layer 2-aware NAT this condition can be circumvented where traffic can bypass NAT altogether and be directly routed within the internal network that may have an alternate path to a backup NAT system. For additional details, see "L2-Aware bypass" in the 7450 ESS, 7750 SR, and VSR Multiservice Integrated Service Adapter and Extended Services Appliance Guide.
The no form of this command removes the active MDA limit configuration.
no active-mda-limit
- number
Specifies the active MDA limit.
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
active-mda-number number
no active-mda-number
[Tree] (config>isa>tunnel-grp active-mda-number)
Full Context
configure isa tunnel-group active-mda-number
This command specifies the number of active MS-ISA within all configured MS-ISA in the tunnel-group with multi-active enabled. IPsec traffic will be load balanced across all active MS-ISAs. If the number of configured MS-ISA is greater than the active-mda-number then the delta number of MS-ISA will be backup.
active-mda-number 1
- number
Specifies the number of active MDAs.
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
active-outbound-sa spi
no active-outbound-sa
[Tree] (config>grp-encryp>encryp-keygrp active-outbound-sa)
Full Context
configure group-encryption encryption-keygroup active-outbound-sa
This command specifies the Security Association, referenced by the Security Parameter Index (SPI), to use when performing encryption and authentication on NGE packets egressing the node for all services configured using this key group.
The no form of the command returns the parameter to its default value and is the same as removing this key group from all outbound direction key groups in all services configured with this key group (that is, all packets of services using this key group will egress the node in without being encrypted).
- spi
Specifies the SPI to use for packets of services using this key group when egressing the node.
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
active-preferred-lifetime [hrs hours] [min minutes] [sec seconds]
no active-preferred-lifetime
[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>dhcp6 active-preferred-lifetime)
[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>slaac active-preferred-lifetime)
[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>dhcp6 active-preferred-lifetime)
[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>slaac active-preferred-lifetime)
Full Context
configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range dhcp6 active-preferred-lifetime
configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range slaac active-preferred-lifetime
configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range dhcp6 active-preferred-lifetime
configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range slaac active-preferred-lifetime
This command specifies the signaled preferred lifetime in DHCPv6 or SLAAC after full authentication. This is only applicable to DSM.
The no form of this command reverts to the default.
active-preferred-lifetime min 10
- hours
Specifies the number of active preferred lifetime hours.
- minutes
Specifies the number of active preferred lifetime minutes.
- seconds
Specifies the number of active preferred lifetime seconds.
7750 SR, 7750 SR-e, 7750 SR-s, VSR
active-psk active-pre-shared-key
no active-psk
[Tree] (config>macsec>conn-assoc>static-cak active-psk)
Full Context
configure macsec connectivity-association static-cak active-psk
This command specifies the active transmitting pre-shared-key. If two pre-shared-keys are configured, the arriving MACsec MKA can be decrypted via CAKs of both pre-shared keys; however, only the active-psk will be used for TX encryption of MKA PDUs.
active-psk 1
- active-pre-shared-key
Specifies the value of the pre-shared-key.
active-source-limit number
no active-source-limit
[Tree] (config>service>vprn>msdp>peer active-source-limit)
[Tree] (config>service>vprn>msdp>group>peer active-source-limit)
[Tree] (config>service>vprn>msdp active-source-limit)
[Tree] (config>service>vprn>msdp>group active-source-limit)
[Tree] (config>service>vprn>msdp>source active-source-limit)
Full Context
configure service vprn msdp peer active-source-limit
configure service vprn msdp group peer active-source-limit
configure service vprn msdp active-source-limit
configure service vprn msdp group active-source-limit
configure service vprn msdp source active-source-limit
This option controls the maximum number of active source messages that will be accepted by Multicast Source Discovery Protocol (MSDP), effectively controlling the number of active sources that can be stored on the system.
The no form of this command reverts the number of source message limit to default operation.
no active-source-limit
- number
Defines how many active sources can be maintained by MSDP.
active-source-limit number
no active-source-limit
[Tree] (config>router>msdp>group active-source-limit)
[Tree] (config>router>msdp>peer active-source-limit)
[Tree] (config>router>msdp>source active-source-limit)
[Tree] (config>router>msdp>group>peer active-source-limit)
[Tree] (config>router>msdp active-source-limit)
Full Context
configure router msdp group active-source-limit
configure router msdp peer active-source-limit
configure router msdp source active-source-limit
configure router msdp group peer active-source-limit
configure router msdp active-source-limit
This command controls the maximum number of source-active (SA) messages that are accepted by MSDP, effectively controlling the number of active sources that can be stored on the system.
The no form of this command sets no limit on the number of active source records.
no active-source-limit
- number
Specifies the number of active sources that can be maintained by MSDP.
active-valid-lifetime [hrs hours] [min minutes] [sec seconds]
no active-valid-lifetime
[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>dhcp6 active-valid-lifetime)
[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>dhcp6 active-valid-lifetime)
[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>slaac active-valid-lifetime)
[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>slaac active-valid-lifetime)
Full Context
configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range dhcp6 active-valid-lifetime
configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range dhcp6 active-valid-lifetime
configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range slaac active-valid-lifetime
configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range slaac active-valid-lifetime
This command specifies the signaled valid lifetime in DHCPv6 or SLAAC after full authentication. This is only applicable to DSM.
The no form of this command reverts to the default.
active-valid-lifetime min 10
- hours
Specifies the number of active-valid-lifetime hours.
- minutes
Specifies the number of active-valid-lifetime minutes.
- seconds
Specifies the number of active-valid-lifetime seconds.
7750 SR, 7750 SR-e, 7750 SR-s, VSR
activity-threshold kilobits-per-second
no activity-threshold
[Tree] (config>subscr-mgmt>cat-map activity-threshold)
Full Context
configure subscriber-mgmt category-map activity-threshold
This command configures the threshold that is applied to determine whether or not there is activity. This is only valid for credit-type = time (not volume).
The no form of this command reverts to the default.
- kilobits-per-second
Specifies the activity threshold value, in kilobits per second.
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
ad-per-es-route-target evi-rt
ad-per-es-route-target evi-rt-set route-distinguisher ip-address [extended-evi-range]
[Tree] (config>service>system>bgp-evpn ad-per-es-route-target)
Full Context
configure service system bgp-evpn ad-per-es-route-target
This command controls how Ethernet AD per-ES routes are generated.
The system can either send a separate Ethernet AD per-ES route per service, or an Ethernet AD per-ES route aggregating the route-targets for multiple services. While both alternatives can interoperate, RFC 7432 states that the EVPN Auto-Discovery per-ES route must be sent with a set of route-targets corresponding to all the EVIs defined on the Ethernet Segment. This command supports both options.
The default ad-per-es-route-target evi-rt option configures the system to send a separate AD per-ES route per service.
When enabled, the evi-rt-set option allows the aggregation of routes: a single AD per-ES route with the associated RD (ip-address:1) and a set of EVI route-targets are advertised (to a maximum of 128). When a significant number of EVIs are defined in the Ethernet Segment (hence the number of route-targets), the system sends more than one route. For example:
AD per-ES route for evi-rt-set 1 will be sent with RD ip-address:1
AD per-ES route for evi-rt-set 2 will be sent with RD ip-address:2
ad-per-es-route-target evi-rt
- evi-rt
Specifies the option to advertise a separate AD per-ES route per service.
- evi-rt-set
Specifies the option to advertise a set of AD per-ES routes aggregating the route-targets for all the services in the Ethernet Segment.
- ip-address
Specifies the ip-address part of the route-distinguisher being used in the evi-rt-set option.
- extended-evi-range
Specifies that the system reserves the RD comm-val 1 to 65535 out of the type 1 RD that is used for AD per-ES routes.
[Tree] (config>service>system>bgp-evpn ad-per-evi-routes)
Full Context
configure service system bgp-evpn ad-per-evi-routes
Commands in this context configure how Ethernet AD per-EVI routes are generated.
ad-validation {fall-through | drop}
no ad-validation
[Tree] (config>system>dns>dnssec ad-validation)
Full Context
configure system dns dnssec ad-validation
This command enables validation of the presence of the AD-bit in responses from the DNS servers, and reports a warning to the SECURITY log if DNSSEC validation was not possible.
This command requires either the fall-through or drop parameters be configured. When the fall-through parameter is supplied, the system will allow DNS responses that do not pass DNSSEC validation to be accepted and logged. When the drop parameter is specified, the system will reject and log DNS responses that do not pass DNSSEC validation and the resolution will appear to fail.
no ad-validation
- fall-through
Specifies that the DNSSEC validator should allow non-DNSSEC responses to fall-through to permit resolution in case of validation failure.
- drop
Specifies that the DNSSEC validator should drop non-DNSSEC responses in case of validation failure.
adapt-qos {link | port-fair | distribute [include-egr-hash-cfg]}
[Tree] (config>lag>access adapt-qos)
Full Context
configure lag access adapt-qos
This command specifies how the LAG SAP queue and virtual scheduler buffering and rate parameters are adapted over multiple active XMAs/MDAs. This command applies only to access LAGs.
adapt-qos distribute
- link
Specifies that the LAG will create the SAP queues and virtual schedulers with the actual parameters on each LAG member port.
- port-fair
Places the LAG instance into a mode that enforces QoS bandwidth constraints in the following manner:
all egress QoS objects associated with the LAG instance are created on a per port basis
bandwidth is distributed over these per port objects based on the proportion of the port's bandwidth relative to the total of all active ports bandwidth within the LAG
the include-egr-hash-cfg behavior is automatically enabled allowing the system to detect objects that hash to a single egress link in the lag and enabling full bandwidth for that object on the appropriate port
- distribute
Creates an additional internal virtual scheduler per IOM/XCM as parent of the configured SAP queues and virtual schedulers per LAG member port on that IOM/XCM. This internal virtual scheduler limits the total amount of egress bandwidth for all member ports on the IOM/XCM to the bandwidth specified in the egress qos policy.
- include-egr-hash-cfg
Specifies whether explicitly configured hashing should factor into the egress buffering and rate distribution.
When this parameter is configured, all SAPs on this LAG which have explicit hashing configured, the egress HQoS and HPol (including queues, policers, schedulers and arbiters) will receive 100% of the configured bandwidth (essentially operating in adapt-qos link mode). For any Multi-Service-Sites assigned to such a LAG, bandwidth will continue to be divided according to adapt-qos distribute mode.
A LAG instance that is currently in adapt-qos link mode may be placed at any time in port-fair mode. Similarly, a LAG instance that is currently in adapt-qos port-fair mode may be placed at any time in link mode. However, a LAG instance in adapt-qos distribute mode may not be placed into port-fair (or link) mode while QoS objects are associated with the LAG instance. To move from distribute to port-fair mode it is necessary to remove all QoS objects from the LAG instance.
adapt-qos {distribute | link | port-fair}
no adapt-qos
[Tree] (config>eth-tunnel>lag-emulation>access adapt-qos)
Full Context
configure eth-tunnel lag-emulation access adapt-qos
This command specifies how the emulated LAG queue and virtual scheduler buffering and rate parameters are adapted over multiple active MDAs.
The no form of the command reverts to the default.
- distribute
Creates an additional internal virtual scheduler per line card as parent of the configured SAP queues and virtual schedulers per member path on that line card. This internal virtual scheduler limits the total amount of egress bandwidth for all member paths on the line card to that line card’s share of the bandwidth specified in the egress qos policy. This mode is not supported together with an egress port scheduler or the use of egress queue groups.
- link
Specifies that the emulated LAG will create the SAP queues and virtual schedulers with the bandwidth specified in the egress QoS policy on each member path.
- port-fair
Specifies that the emulated LAG will create the SAP queues and virtual schedulers on each member path based on the bandwidth specified in the egress QoS policy divided by the number of active paths.
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
adaptation-rule [pir adaptation-rule] [cir adaptation-rule]
no adaptation-rule
[Tree] (config>qos>sap-egress>queue adaptation-rule)
Full Context
configure qos sap-egress queue adaptation-rule
This command defines the method used by the system to derive the operational CIR and PIR settings when the queue is provisioned in hardware. For the CIR and PIR parameters individually, the system attempts to find the best operational rate depending on the defined constraint.
When a specific adaptation-rule is removed, the default constraints for pir and cir apply.
The no form of this command removes any explicitly defined constraints used to derive the operational CIR and PIR created by the application of the policy.
adaptation-rule pir closest cir closest
- pir
Defines the constraints enforced when adapting the queue's PIR. The pir parameter requires a qualifier that defines the constraint used when deriving the operational PIR for the queue. When the pir parameter is not specified, the default constraint applies.
- cir
Defines the constraints enforced when adapting the queue's CIR defined. The cir parameter requires a qualifier that defines the constraint used when deriving the operational CIR for the queue. When the cir parameter is not specified, the default constraint applies.
adaptation-rule [pir adaptation-rule] [cir adaptation-rule]
no adaptation-rule
[Tree] (config>qos>sap-egress>queue adaptation-rule)
Full Context
configure qos sap-egress queue adaptation-rule
This command defines the method used by the system to derive the operational FIR, CIR, and PIR settings when the queue is provisioned in hardware. For the FIR, CIR, and PIR parameters individually, the system attempts to find the best operational rate depending on the defined constraint.
When a specific adaptation-rule is removed, the default constraints for pir, cir, and fir apply.
The no form of this command removes any explicitly defined constraints used to derive the operational FIR, CIR, and PIR created by the application of the policy.
adaptation-rule pir closest cir closest fir closest
- pir adaptation-rule
Defines the constraints enforced when adapting the queue's PIR. The pir parameter requires a qualifier that defines the constraint used when deriving the operational PIR for the queue. When the pir parameter is not specified, the default applies.
- cir adaptation-rule
Defines the constraints enforced when adapting the queue's CIR. The cir parameter requires a qualifier that defines the constraint used when deriving the operational CIR for the queue. When the cir parameter is not specified, the default constraint applies.
- max
Specifies that the operational rate for the queue will be equal to or less than the requested rate.
- min
Specifies that the operational PIR for the queue will be equal to or greater than the requested rate.
- closest
Specifies that the operational PIR for the queue will be the rate closest to the requested rate.
adaptation-rule [pir adaptation-rule] [cir adaptation-rule]
[Tree] (config>service>vpls>sap>egress>queue-override>queue adaptation-rule)
[Tree] (config>service>vpls>sap>ingress>queue-override>queue adaptation-rule)
[Tree] (config>service>ies>if>sap>ingress>queue-override>queue adaptation-rule)
[Tree] (config>service>ies>if>sap>egress>queue-override>queue adaptation-rule)
Full Context
configure service vpls sap egress queue-override queue adaptation-rule
configure service vpls sap ingress queue-override queue adaptation-rule
configure service ies interface sap ingress queue-override queue adaptation-rule
configure service ies interface sap egress queue-override queue adaptation-rule
This command overrides specific attributes of the specified queue’s adaptation rule parameters. The adaptation rule controls the method used by the system to derive the operational CIR and PIR settings when the queue is provisioned in hardware. For the CIR and PIR parameters individually, the system attempts to find the best operational rate depending on the defined constraint.
This command is ignored for egress HSQ queue group queues which are attached to an HS WRR group within an associated HS attachment policy. In this case, the configuration of the adaptation rule is performed under the hs-wrr-group within the SAP egress QoS policy.
The no form of this command removes any explicitly defined constraints used to derive the operational CIR and PIR created by the application of the policy. When a specific adaptation-rule is removed, the default constraints for rate and cir apply.
no adaptation-rule
- pir
Specifies the constraints enforced when adapting the PIR rate defined within the queue queue-id rate command. The pir parameter requires a qualifier that defines the constraint used when deriving the operational PIR for the queue. When the rate command is not specified, the default applies.
- cir
Specifies the constraints enforced when adapting the CIR rate defined within the queue queue-id rate command. The cir parameter requires a qualifier that defines the constraint used when deriving the operational CIR for the queue. When the cir parameter is not specified, the default constraint applies.
- adaptation-rule
Specifies the CIR and PIR adaptation rules.
adaptation-rule pir adaptation-rule [cir adaptation-rule]
no adaptation-rule
[Tree] (config>subscr-mgmt>isa-policer adaptation-rule)
Full Context
configure subscriber-mgmt isa-policer adaptation-rule
For operational efficiency, the operational rate of a policer cannot take on every value in the configurable range. This configuration defines a rule that must be followed when mapping a configured rate to an operational rate.
The cir adaptation-rule can only be set on dual-bucket-bandwidth policers.
The no form of this command reverts to its default.
adaptation-rule pir closest cir closest
- pir adaptation-rule
Configures the rules to compute the PIR operational rates.
- cir adaptation-rule
Configures the rules to compute the CIR operational rates.
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
adaptation-rule [pir adaptation-rule] [cir {max | min | closest}]
no adaptation-rule
[Tree] (config>port>ethernet>network>egr>qgrp>qover>q adaptation-rule)
[Tree] (config>port>ethernet>access>ing>qgrp>qover>q adaptation-rule)
[Tree] (config>port>ethernet>access>egr>qgrp>qover>q adaptation-rule)
Full Context
configure port ethernet network egress queue-group queue-overrides queue adaptation-rule
configure port ethernet access ingress queue-group queue-overrides queue adaptation-rule
configure port ethernet access egress queue-group queue-overrides queue adaptation-rule
This command specifies the method used by the system to derive the operational CIR and PIR settings when the queue is provisioned in hardware. For the CIR and PIR parameters individually, the system attempts to find the best operational rate depending on the defined constraint.
This command is ignored for egress HSQ queue group queues which are attached to an HS WRR group within an associated HS attachment policy. In this case the configuration of the adaptation rule is performed under the hs-wrr-group within the egress queue group template.
The no form of this command removes any explicitly defined constraints used to derive the operational CIR and PIR created by the application of the policy. When a specific adaptation-rule is removed, the default constraints for rate and cir apply.
adaptation-rule pir closest cir closest
- pir
Defines the constraints enforced when adapting the PIR rate defined within the queue queue-id rate command. The pir parameter requires a qualifier that defines the constraint used when deriving the operational PIR for the queue. When the rate command is not specified, the default applies.
- cir
Defines the constraints enforced when adapting the CIR rate defined within the queue queue-id rate command. The cir parameter requires a qualifier that defines the constraint used when deriving the operational CIR for the queue. When the cir parameter is not specified, the default constraint applies.
- adaptation-rule
Specifies the adaptation rule to be used while computing the operational CIR or PIR value.
adaptation-rule [pir adaptation-rule] [cir adaptation-rule]
no adaption-rule
[Tree] (config>service>epipe>sap>egress>queue-override>queue adaptation-rule)
[Tree] (config>service>epipe>sap>ingress>queue-override>queue adaptation-rule)
[Tree] (config>service>ipipe>sap>egress>queue-override>queue adaptation-rule)
[Tree] (config>service>ipipe>sap>ingress>queue-override>queue adaptation-rule)
Full Context
configure service epipe sap egress queue-override queue adaptation-rule
configure service epipe sap ingress queue-override queue adaptation-rule
configure service ipipe sap egress queue-override queue adaptation-rule
configure service ipipe sap ingress queue-override queue adaptation-rule
This command can be used to override specific attributes of the specified queue’s adaptation rule parameters. The adaptation rule controls the method used by the system to derive the operational CIR and PIR settings when the queue is provisioned in hardware. For the CIR and PIR parameters individually, the system attempts to find the best operational rate depending on the defined constraint.
This command is ignored for egress HSQ queue group queues which are attached to an HS WRR group within an associated HS attachment policy. In this case the configuration of the adaptation rule is performed under the hs-wrr-group within the SAP egress QoS policy.
The no form of this command removes any explicitly defined constraints used to derive the operational CIR and PIR created by the application of the policy. When a specific adaptation-rule is removed, the default constraints for rate and cir apply.
no adaptation-rule
- pir
The pir parameter defines the constraints enforced when adapting the PIR rate defined within the queue queue-id rate command. The pir parameter requires a qualifier that defines the constraint used when deriving the operational PIR for the queue. When the rate command is not specified, the default applies.
- cir
The cir parameter defines the constraints enforced when adapting the CIR rate defined within the queue queue-id rate command. The cir parameter requires a qualifier that defines the constraint used when deriving the operational CIR for the queue. When the cir parameter is not specified, the default constraint applies.
- adaptation-rule
Specifies the criteria to use to compute the operational CIR and PIR values for this queue, while maintaining a minimum offset.
adaptation-rule [pir adaptation-rule] [cir adaptation-rule]
no adaptation-rule
[Tree] (config>service>vprn>if>sap>ingress>queue-override>queue adaptation-rule)
[Tree] (config>service>vprn>if>sap>egress>queue-override>queue adaptation-rule)
Full Context
configure service vprn interface sap ingress queue-override queue adaptation-rule
configure service vprn interface sap egress queue-override queue adaptation-rule
This command can be used to override specific attributes of the specified queue’s adaptation rule parameters. The adaptation rule controls the method used by the system to derive the operational CIR and PIR settings when the queue is provisioned in hardware. For the CIR and PIR parameters individually, the system attempts to find the best operational rate depending on the defined constraint.
This command is ignored for egress HSQ queue group queues which are attached to an HS WRR group within an associated HS attachment policy. In this case, the configuration of the adaptation rule is performed under the hs-wrr-group within the SAP egress QoS policy.
The no form of this command removes any explicitly defined constraints used to derive the operational CIR and PIR created by the application of the policy. When a specific adaptation-rule is removed, the default constraints for rate and cir apply.
no adaptation-rule
- pir
The pir parameter defines the constraints enforced when adapting the PIR rate defined within the queue queue-id rate command. The pir parameter requires a qualifier that defines the constraint used when deriving the operational PIR for the queue. When the rate command is not specified, the default applies.
- cir
The cir parameter defines the constraints enforced when adapting the CIR rate defined within the queue queue-id rate command. The cir parameter requires a qualifier that defines the constraint used when deriving the operational CIR for the queue. When the cir parameter is not specified, the default constraint applies.
- adaptation-rule
Specifies the criteria to use to compute the operational CIR and PIR values for this queue, while maintaining a minimum offset.
adaptation-rule pir adaptation-rule [cir {adaptation-rule}]
no adaptation-rule
[Tree] (config>app-assure>group>policer adaptation-rule)
Full Context
configure application-assurance group policer adaptation-rule
This command defines the method used by the system to derive the operational CIR and PIR settings when the queue is provisioned in hardware. For the CIR and PIR parameters individually, the system attempts to find the best operational rate depending on the defined option. To change the CIR adaptation rule only, the current PIR rule must be part of the command executed.
The no form of this command removes any explicitly defined constraints used to derive the operational CIR and PIR created by the application of the policy. When a specific adaptation-rule is removed, the default constraints for rate and cir apply.
adaptation-rule pir closest cir closest
- max
The operational PIR or CIR for the queue will be equal to or less than the administrative rate specified using the rate command.
- min
The operational PIR or CIR for the queue will be equal to or greater than the administrative rate specified using the rate command.
- closest
The operational PIR or CIR for the queue will be the rate closest to the rate specified using the rate command.
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
adaptation-rule [pir adaptation-rule] [cir adaptation-rule]
no adaptation-rule
[Tree] (config>qos>sap-egress>policer adaptation-rule)
[Tree] (config>qos>sap-ingress>policer adaptation-rule)
Full Context
configure qos sap-egress policer adaptation-rule
configure qos sap-ingress policer adaptation-rule
This command is used to define how the policer’s configuration parameters are translated into the underlying hardware capabilities used to implement each policer instance. For instance, the configured rates for the policer need to be mapped to the timers and decrement granularity used by the hardware's leaky bucket functions that actually perform the traffic metering. If a rate is defined that cannot be exactly matched by the hardware, the adaptation-rule setting provides guidance for which hardware rate should be used.
The hardware also needs to adapt the given mbs and cbs values into the PIR bucket violate threshold (discard) and the CIR bucket exceed threshold (out-of-profile). The hardware may not have an exact threshold match that it can use. The system treats the mbs and cbs values as minimum threshold values.
The no form of this command is used to return the policer’s metering and profiling hardware adaptation rules to closest.
- pir adaptation-rule
When the optional pir parameter is specified, the max, min, or closest keyword qualifier must follow.
- cir adaptation-rule
When the optional cir parameter is specified, the max, min, or closest keyword qualifier must follow.
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
adaptation-rule [pir adaptation-rule] [cir adaptation-rule] [fir {max | min | closest}]
no adaptation-rule
[Tree] (config>qos>sap-ingress>queue adaptation-rule)
Full Context
configure qos sap-ingress queue adaptation-rule
This command defines the method used by the system to derive the operational FIR, CIR and PIR settings when the queue is provisioned in hardware. For the FIR, CIR and PIR parameters individually, the system attempts to find the best operational rate depending on the defined constraint.
When a specific adaptation-rule is removed, the default constraints for pir, cir and fir apply.
The no form of this command removes any explicitly defined constraints used to derive the operational FIR, CIR and PIR created by the application of the policy.
adaptation-rule pir closest cir closest fir closest
- pir adaptation-rule
Defines the constraints enforced when adapting the queue's PIR. The pir parameter requires a qualifier that defines the constraint used when deriving the operational PIR for the queue. When the pir parameter is not specified, the default applies.
- cir adaptation-rule
Defines the constraints enforced when adapting the queue's CIR. The cir parameter requires a qualifier that defines the constraint used when deriving the operational CIR for the queue. When the cir parameter is not specified, the default constraint applies.
- fir
Defines the constraints enforced when adapting the queue's FIR. The fir parameter requires a qualifier that defines the constraint used when deriving the operational CIR for the queue. When the fir parameter is not specified, the default constraint applies. FIR is only supported on FP4 hardware and is ignored when the related policy is applied to FP2- or FP3-based hardware.
- max
Specifies that the operational rate for the queue will be equal to or less than the requested rate.
- min
Specifies that the operational rate for the queue will be equal to or greater than the requested rate.
- closest
Specifies that the operational rate for the queue will be the rate closest to the requested rate.
adaptation-rule [pir adaptation-rule]
no adaptation-rule
[Tree] (config>qos>network-queue>hs-wrr-group adaptation-rule)
Full Context
configure qos network-queue hs-wrr-group adaptation-rule
This command specifies how the system should resolve differences between the specified scheduling limit derived from the WRR group’s rate command and the actual operational rate obtainable in hardware. The min, max, and closest mutually exclusive keywords specify whether the next highest rate, next lowest rate, or closest rate should be selected by the system.
The no form of the command reverts to the default value.
adaptation-rule pir closest
- adaptation-rule
Specifies the adaptation rule (min, max, or closest) to be used while computing the operational PIR value. The adaptation rule specifies the rules to compute the operational values while maintaining minimum offset. The min, max, and closest keywords are mutually exclusive.
7750 SR-7/12/12e
adaptation-rule [pir adaptation-rule]
no adaptation-rule
[Tree] (config>qos>sap-egress>hs-wrr-group adaptation-rule)
Full Context
configure qos sap-egress hs-wrr-group adaptation-rule
This command specifies how the system resolves differences between the specified scheduling limit derived from the WRR group’s rate command and the actual operational rate obtainable in hardware. The mutually exclusive min, max, and closest keywords specify whether the next highest rate, next lowest, or closest rate should be selected by the system.
The no form of the command reverts to the default value.
adaptation-rule pir closest
- pir
Defines the constraints enforced when adapting the PIR rate defined within the queue queue-id rate command. The pir parameter requires a qualifier that defines the constraint used when deriving the operational PIR for the queue. When the rate command is not specified, the default applies.
- adaptation-rule
Specifies the adaptation rule (min, max, or closest) to be used while computing the operational PIR value. The adaptation rule specifies the rules to compute the operational values while maintaining minimum offset. The min, max, and closest keywords are mutually exclusive.
7750 SR-7/12/12e
adaptation-rule [pir adaptation-rule]
no adaptation-rule
[Tree] (config>qos>qgrps>egr>qgrp>hs-wrr-group adaptation-rule)
Full Context
configure qos queue-group-templates egress queue-group hs-wrr-group adaptation-rule
This command specifies how the system should resolve differences between the specified scheduling limit derived from the WRR group’s rate command and the actual operational rate obtainable in hardware. The mutually exclusive min, max, and closest keywords specify whether the next highest rate, next lowest rate, or closest rate should be selected by the system.
The no form of the command reverts to the default value.
adaptation-rule pir closest
- adaptation-rule
Specifies the adaptation rule (min, max, or closest) to be used while computing the operational PIR value. The adaptation rule specifies the rules to compute the operational values while maintaining minimum offset. The min, max, and closest keywords are mutually exclusive.
7750 SR-7/12/12e
adaptation-rule [pir {max | min | closest}] [cir {max | min | closest}]
no adaptation-rule
[Tree] (config>qos>queue-group-templates>egress>queue-group>policer adaptation-rule)
Full Context
configure qos queue-group-templates egress queue-group policer adaptation-rule
This command defines the method used by the system to derive the operational CIR and PIR settings when the policer is provisioned in hardware. For the CIR and PIR parameters individually, the system attempts to find the best operational rate depending on the defined constraint.
When configured on an egress HSQ queue group queue, the cir keywords are ignored. This command is ignored for egress HSQ queue group queues which are attached to an HS WRR group within an associated HS attachment policy. In this case, the configuration of the adaptation rule is performed under the hs-wrr-group within the egress queue group template.
When a specific adaptation-rule is removed, the default constraints for pir and cir apply.
The no form of this command removes any explicitly defined constraints used to derive the operational CIR and PIR created by the application of the policy.
adaptation-rule pir closest cir closest
- pir
Defines the constraints enforced when adapting the policer’s PIR. The pir parameter requires a qualifier that defines the constraint used when deriving the operational PIR for the policer. When the pir parameter is not specified, the default constraint applies.
- cir
Defines the constraints enforced when adapting the policer’s CIR. The cir parameter requires a qualifier that defines the constraint used when deriving the operational CIR for the policer. When the cir parameter is not specified, the default constraint applies.
- max
Specifies that the operational rate for the policer will be equal to or less than the requested rate.
- min
Specifies that the operational rate for the policer will be equal to or greater than the requested rate.
- closest
Specifies that the operational rate for the policer will be the rate closest to the requested rate.
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR
adaptation-rule [pir {max | min | closest}] [cir {max | min | closest}] [fir {max | min | closest}]
no adaptation-rule
[Tree] (config>qos>queue-group-templates>ingress>queue-group>queue adaptation-rule)
Full Context
configure qos queue-group-templates ingress queue-group queue adaptation-rule
This command defines the method used by the system to derive the operational FIR, CIR and PIR settings when the queue is provisioned in hardware. For the FIR, CIR and PIR parameters individually, the system attempts to find the best operational rate depending on the defined constraint.
When a specific adaptation-rule is removed, the default constraints for pir, cir and fir apply.
The no form of this command removes any explicitly defined constraints used to derive the operational FIR, CIR and PIR created by the application of the policy.
adaptation-rule pir closest cir closest fir closest
- pir
Defines the constraints enforced when adapting the queue's PIR. The pir parameter requires a qualifier that defines the constraint used when deriving the operational PIR for the queue. When the pir parameter is not specified, the default constraint applies.
- cir
Defines the constraints enforced when adapting the queue's CIR. The cir parameter requires a qualifier that defines the constraint used when deriving the operational CIR for the queue. When the cir parameter is not specified, the default constraint applies.
- fir
Defines the constraints enforced when adapting the queue's FIR. The fir parameter requires a qualifier that defines the constraint used when deriving the operational CIR for the queue. When the fir parameter is not specified, the default constraint applies. FIR is only supported on FP4 hardware and is ignored when the related policy is applied to FP2- or FP3-based hardware.
- max
Specifies that the operational rate for the queue will be equal to or less than the requested rate.
- min
Specifies that the operational rate for the queue will be equal to or greater than the requested rate.
- closest
Specifies that the operational rate for the queue will be the rate closest to the requested rate.
adaptation-rule [pir {max | min | closest}] [cir {max | min | closest}]
no adaptation-rule
[Tree] (config>qos>queue-group-templates>egress>queue-group>queue adaptation-rule)
Full Context
configure qos queue-group-templates egress queue-group queue adaptation-rule
This command defines the method used by the system to derive the operational CIR and PIR settings when the queue is provisioned in hardware. For the CIR and PIR parameters individually, the system attempts to find the best operational rate depending on the defined constraint.
When configured on an egress HSQ queue group queue, the cir keywords are ignored. This command is ignored for egress HSQ queue group queues which are attached to an HS WRR group within an associated HS attachment policy. In this case, the configuration of the adaptation rule is performed under the hs-wrr-group within the egress queue group template.
When a specific adaptation-rule is removed, the default constraints for pir and cir apply.
The no form of this command removes any explicitly defined constraints used to derive the operational CIR and PIR created by the application of the policy.
adaptation-rule pir closest cir closest
- pir
Defines the constraints enforced when adapting the queue's PIR. The pir parameter requires a qualifier that defines the constraint used when deriving the operational PIR for the queue. When the pir parameter is not specified, the default applies.
- cir
Defines the constraints enforced when adapting the queue's CIR defined. The cir parameter requires a qualifier that defines the constraint used when deriving the operational CIR for the queue. When the cir parameter is not specified, the default constraint applies.
- max
Specifies that the operational rate for the queue will be equal to or less than the requested rate.
- min
Specifies that the operational rate for the queue will be equal to or greater than the requested rate.
- closest
Specifies that the operational rate for the queue will be the rate closest to the requested rate.
adaptation-rule [pir {max | min | closest}] [cir {max | min | closest}] [fir {max | min | closest}]
no adaptation-rule
[Tree] (config>qos>network-queue>queue adaptation-rule)
Full Context
configure qos network-queue queue adaptation-rule
This command defines the method used by the system to derive the operational FIR, CIR, and PIR settings when the queue is provisioned in hardware. For the FIR, CIR, and PIR parameters individually, the system attempts to find the best operational rate depending on the defined constraint.
When configured on an egress HSQ queue group queue, the cir keyword is ignored. This command is ignored for egress HSQ queue group queues which are attached to an HS WRR group within an associated HS attachment policy. In this case, the configuration of the adaptation-rule is performed under the hs-wrr-group within the network queue policy.
The no form of this command removes any explicitly defined constraints used to derive the operational FIR, CIR, and PIR created by the application of the policy. When a specific adaptation-rule is removed, the default constraints for fir, cir, and pir apply.
adaptation-rule pir closest cir closest fir closest
- pir
Defines the constraints enforced when adapting the queue's PIR. The pir parameter requires a qualifier that defines the constraint used when deriving the operational PIR for the queue. When the pir parameter is not specified, the default applies.
- cir
Defines the constraints enforced when adapting the queue's CIR. The cir parameter requires a qualifier that defines the constraint used when deriving the operational CIR for the queue. When the cir parameter is not specified, the default constraint applies.
- fir
Defines the constraints enforced when adapting the queue's FIR. The fir parameter requires a qualifier that defines the constraint used when deriving the operational FIR for the queue. When the fir parameter is not specified, the default constraint applies. FIR is only supported on FP4 hardware and is ignored when the related policy is applied to FP2- or FP3-based hardware.
- max
Specifies that the operational rate for the queue will be equal to or less than the requested rate.
- min
Specifies that the operational rate for the queue will be equal to or greater than the administrative rate specified using the rate command.
- closest
Specifies that the operational rate for the queue will be the rate closest to the requested rate.
[no] adaptive
[Tree] (config>router>mpls>lsp>primary-p2mp-instance adaptive)
[Tree] (config>router>mpls>lsp-template adaptive)
[Tree] (config>router>mpls>lsp adaptive)
[Tree] (config>router>mpls>lsp>primary adaptive)
[Tree] (config>router>mpls>lsp>secondary adaptive)
Full Context
configure router mpls lsp primary-p2mp-instance adaptive
configure router mpls lsp-template adaptive
configure router mpls lsp adaptive
configure router mpls lsp primary adaptive
configure router mpls lsp secondary adaptive
This command enables the make-before-break functionality for an LSP or LSP path. When enabled for the LSP, make-before-break will be performed for primary path and all the secondary paths of the LSP.
The config>router>mpls>lsp>primary-p2mp-instance> adaptive command is not supported on the 7450 ESS.
adaptive-load-balancing [tolerance tolerance-value] [interval interval] [bandwidth-threshold percent]
no adaptive-load-balancing
[Tree] (config>lag adaptive-load-balancing)
Full Context
configure lag adaptive-load-balancing
This command enables adaptive load balancing between LAG links. The tolerance value defines the percentage threshold between the most and the least used link in the LAG. If the tolerance value is exceeded, adaptive load balancing optimizes traffic distribution between LAG links. The bandwidth threshold defines the minimum bandwidth percentage of the most loaded LAG port egress. If the bandwidth threshold value is exceeded, adaptive load balancing optimization is performed.
The no form of this command disables adaptive load balancing.
no adaptive-load-balancing
- tolerance-value
Specifies the allowed tolerance value expressed as a percentage.
- interval
Specifies the statistics pooling interval value, in seconds, for the LAG ports.
- percent
Specifies the bandwidth threshold expressed as a percentage.
add percent percentage [min-only] [ active-min-only]
add rate rate [min-only] [active-min-only]
no add
[Tree] (config>qos>adv-config-policy>child-control>offered-measurement add)
Full Context
configure qos adv-config-policy child-control offered-measurement add
This command is used to increase the measured rate of the policer or queue associated with the policy. The offered rate (capped by the administrative PIR configured on the queue or policer) is usually used unaltered by the parent virtual scheduler. The add command allows this measured rate to be increased by the specified amount or by a percentage of the administrative PIR. The resulting rate will not exceed the administrative PIR.
The parent scheduler uses the modified measured rate as the available work load for the queue or policer in determining how much bandwidth the child should receive from the bandwidth distribution algorithm.
One example of when an increase in the measured offered rate may be desired is when a queue or policer is handling VoIP traffic. A characteristic of VoIP is the step nature in how traffic is used. Each call typically adds a certain maximum amount to the overall load. By using the add command, the bandwidth required for the next added call may be included in the current measured rate. This allows the virtual scheduler to allocate sufficient bandwidth to the queue or policer so that when the call is made the scheduling algorithm does not need to run to increase the bandwidth.
A side effect of increasing the measured offered rate is that if the extra bandwidth is allocated by the virtual scheduler, the available bandwidth to lower priority queues or policers is diminished even though the extra allocated bandwidth may not be in use. If this is the case, the effect will be seen as an underrun in the aggregate output of the virtual scheduler.
If the add command is used with a percent-based value, the increase is a function of the configured PIR value on the policer or queue. In this case, care should be taken that the child is either configured with an explicit PIR rate (other than max) or the child’s administrative PIR is defined using the percent-rate command with the local parameter enabled if an explicit value is not desired. When a maximum PIR is in use on the child, the system attempts to interpret the maximum child forwarding rate. This rate could be very large if the child is associated with multiple ingress or egress ports.
Except for the overall cap on the offered input into the virtual scheduler, the child’s administrative PIR has no effect on the calculated increase if an explicit rate is specified.
If the child’s administrative PIR is modified while a percent based add is in effect, the system automatically uses the new relative increase value the next time the child’s offered rate is determined.
When the add command is not specified or removed, the child’s offered rate used by the child’s virtual scheduler is not increased.
The no form of this command is used to remove an offered rate increase from all child policers and queues associated with the policy.
- percent-of-admin-pir
When the percent qualifier is used, this parameter specifies the percentage of the child’s administrative PIR that should be added to the child’s offered rate. The new offered rate result is capped by the child’s PIR. If a value of 0 or 0.00 is used, the system interprets this equivalent to no add.
- rate-in-kilobits-per-second
When the rate qualifier is used, this parameter specifies an explicit rate, in kb/s, that should be added to the child’s offered rate. The new offered rate result is capped by the child’s PIR. If a rate increase of 0 is specified, the system interprets this equivalent to no add.
- min-only
This optional parameter is used to reinterpret the increase as a minimum offered rate. When this option is enabled, the system uses the specified increase as a minimum offered rate even for inactive queues or policers associated with the policy.
- active-min-only
When this optional parameter is specified, the respective rate or percentage is treated as the minimum offered rate for a queue only when the queue has an actual non-zero offered rate. This is intended to limit the artificial increase in offered rate to queues that are currently active. When a queue’s measured offered rate drops to zero, the system stops enforcing the minimum value.
[no] add-paths
[Tree] (config>router>bgp>group>neighbor add-paths)
[Tree] (config>router>bgp add-paths)
[Tree] (config>router>bgp>group add-paths)
Full Context
configure router bgp group neighbor add-paths
configure router bgp add-paths
configure router bgp group add-paths
This command allows the add-paths node to be the configured for one or more families of the BGP instance, a group or a neighbor. The BGP add-paths capability allows the router to send and/or receive multiple paths per prefix to/from a peer. The add-paths command without additional parameters is equivalent to removing Add-Paths support for all address families, which causes sessions that previously negotiated the add-paths capability for one or more address families to go down and come back up without the add-paths capability.
The no form of this command (no add-paths) removes add-paths from the configuration of BGP, the group or the neighbor, causing sessions established using add-paths to go down and come back up without the add-paths capability.
no add-paths
add-paths-send-limit send-limit
no add-paths-send-limit
[Tree] (config>router>policy-options>policy-statement>default-action add-paths-send-limit)
[Tree] (config>router>policy-options>policy-statement>entry add-paths-send-limit)
Full Context
configure router policy-options policy-statement default-action add-paths-send-limit
configure router policy-options policy-statement entry add-paths-send-limit
This command sets the send-limit to a specific value for all routes matched by the policy entry or default action. Add-paths allows a BGP router to send multiple paths for the same NLRI/prefix to a peer advertising the add-paths receive capability. The send-limit dictates the maximum number of paths that can be advertised.
The default send-limit is controlled by the instance, group or neighbor level configuration and applies to all prefixes in a particular address family. Using route policies allows the default send-limit to be overridden to use a larger or smaller maximum value on a per-prefix basis. For example, if, for most prefixes advertised to a peer, at most 1 path should be advertised but for a few exceptional prefixes up to 4 paths should be advertised, then the neighbor-level send-limit can be set to a value of 1 and the add-paths-send-limit in the policy entry that matches the exceptional routes can be set to a value of 4.
no add-paths-send-limit
- send-limit
Specifies the maximum number of paths to advertise for matched routes to an Add-Paths peer. If the value is multipaths, then BGP advertises all of the used BGP multipaths for each matched route that is the best path for its prefix (NLRI). Add paths can be advertised only if the peer has signaled support for receiving multiple add paths.
add-srv6-tlvs locator locator-name
add-srv6-tlvs micro-segment-locator ms-locator-name
no add-srv6-tlvs
[Tree] (config>router>bgp>srv6>family add-srv6-tlvs)
Full Context
configure router bgp segment-routing-v6 family add-srv6-tlvs
This command adds a prefix SID attribute containing an SRv6 TLV to routes belonging to the family that are redistributed from another protocol into BGP. This command also adds a prefix SID attribute with SRv6 TLV to BGP routes received from other peers without the SRv6 TLV and that are propagated to other peers with next-hop-self applied.
The no form of this command reverts to the default value which does not append the SRv6 TLV.
no add-srv6-tlvs
- locator-name
Specifies an existing locator name, up to 64 characters.
- ms-locator-name
Specifies a micro-segment locator name, up to 64 characters.
7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR
add-to-received-bgp weight
no add-to-received-bgp
[Tree] (config>service>vprn>bgp>group>evpn-link-bandwidth add-to-received-bgp)
[Tree] (config>service>vprn>bgp>group>neighbor>evpn-link-bandwidth add-to-received-bgp)
Full Context
configure service vprn bgp group evpn-link-bandwidth add-to-received-bgp
configure service vprn bgp group neighbor evpn-link-bandwidth add-to-received-bgp
This command configures the weight value added to all BGP PE-CE routes for the purpose of weighted ECMP if EVPN-IFL and BGP PE-CE routes are combined into the same ECMP set.
For the load-balancing between EVPN-IFL and BGP PE-CE routes the configure service vprn bgp eibgp-loadbalance command must already be configured on the system.
The no form of this command disables the weight value added to all BGP PE-CE routes.
no add-to-received-bgp
- weight
Specifies the weight value added to all BGP PE-CE routes.
add-to-received-ebgp family [family]
no add-to-received-ebgp
[Tree] (config>service>vprn>bgp>group>neighbor>link-bandwidth add-to-received-ebgp)
[Tree] (config>service>vprn>bgp>group>link-bandwidth add-to-received-ebgp)
Full Context
configure service vprn bgp group neighbor link-bandwidth add-to-received-ebgp
configure service vprn bgp group link-bandwidth add-to-received-ebgp
This command configures BGP to automatically add a link-bandwidth extended community to every route received from a directly connected (single-hop) EBGP peer within the scope of the command, as long as that route belongs to one of the listed address families.
The link-bandwidth extended community added by this command encodes the local-AS number of receiving BGP instance and the bandwidth of the interface to the directly connected EBGP peer.
Up to three families may be configured.
The no form of this command removes the link-bandwidth extended community added to received BGP routes.
no add-to-received-ebgp
- family
Specifies the address families for which receiving the link-bandwidth extended community from EBGP peers should be supported.
add-to-received-ebgp family [family]
no add-to-received-ebgp
[Tree] (config>router>bgp>group>link-bandwidth add-to-received-ebgp)
[Tree] (config>router>bgp>group>neighbor>link-bandwidth add-to-received-ebgp)
Full Context
configure router bgp group link-bandwidth add-to-received-ebgp
configure router bgp group neighbor link-bandwidth add-to-received-ebgp
This command configures BGP to automatically add a link-bandwidth extended community to every route received from a directly connected (single-hop) EBGP peer within the scope of the command, as long as that route belongs to one of the listed address families.
The link-bandwidth extended community added by this command encodes the local-AS number of receiving BGP instance and the bandwidth of the interface to the directly connected EBGP peer.
Up to six families may be configured.
The no form of this command removes the link-bandwidth extended community added to received BGP routes.
no add-to-received-ebgp
- family
Specifies the address families for which receiving the link-bandwidth extended community from EBGP peers should be supported.
add-tunnel never
add-tunnel on reason [reason]
no add-tunnel
[Tree] (config>router>l2tp>tunnel-selection-blacklist add-tunnel)
[Tree] (config>service>vprn>l2tp>tunnel-selection-blacklist add-tunnel)
Full Context
configure router l2tp tunnel-selection-blacklist add-tunnel
configure service vprn l2tp tunnel-selection-blacklist add-tunnel
This command will force the tunnel to the denylist and render it unavailable for new sessions for the duration of preconfigured time. Peers are always forced to the denylist in case they time out (failure to receive response to control packets). In addition to time outs, certain events can be used to trigger placement of the tunnel on the denylist.
add-tunnel never
- never
When specified, no tunnels will be placed on the denylist under any circumstance. This parameter will available to preserve backward compatibility.
- reason
Specifies the return codes or events that determine which tunnels are added to the denylist. A maximum of eight reasons can be specified in a single statement.
Table 1. Return codes Return code
Tunnels added to denylist
A tunnel is forced to the denylist if that CDN message with the Result Code 2 (Call disconnected for the reasons indicated in error code) is received.
A tunnel is forced to the denylist if that CDN message with the Result Codes 6 (Invalid destination) is received.
A tunnel is forced to the denylist if that CDN message with the Result Code 4 is received (Call failed due to lack of appropriate facilities being available - temporary condition) is received.
A tunnel is forced to the denylist if that CDN message with the Result Codes 5 (Call failed due to lack of appropriate facilities being available - permanent condition) is received.
A tunnel is forced to the denylist if that CDN message with the Result Code 10 (Call was not established within time allotted by LAC) is sent from the LAC to the LNS.
A tunnel is forced to the denylist if that StopCCN message with the Result Code 2 (General error – Error Code indicates the problem) is sent or received.
A tunnel is forced to the denylist if that StopCCN message with the following Result Codes is received:
(1) General request to clear control connection
(4) Requester is not authorized to establish a control channel
(5) Protocol version not supported
(6) Requester is being shutdown
Or in the case that the StopCCN with the following result codes is transmitted:
(4) Requester is not authorized to establish a control channel.
(5) Protocol version not supported
The receipt of the following Result Codes will never denylist a tunnel:
(0) Reserved
(3) Control channel already exist
(7) Finite state machine error
(8) Undefined
Transmission of the following Result Codes will never denylist a tunnel:
(1) General request to clear control connection
(3) Control channel already exist
(6) Requester is being shutdown
(7) Finite state machine error
A timed-out tunnel for which the peer IP address has changed mid-session (from the one that is provided initially during configuration) is forced to the denylist. In absence of this configuration option, only the configured peer for the tunnel is, but not the tunnel itself which now has a different peer address than the one initially configured.
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
address gi-address [scope scope]
address ip-address[/prefix-length]
address pool pool-name [secondary-pool sec-pool-name] [delimiter delimiter]
address use-pool-from-client [delimiter delimiter]
no address
[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host address)
[Tree] (config>subscr-mgmt>loc-user-db>ppp>host address)
Full Context
configure subscriber-mgmt local-user-db ipoe host address
configure subscriber-mgmt local-user-db ppp host address
This command configures how the IP address is defined for this host.
When the user database is used from a local DHCP server, then this command defines how to define the IP address the server offers to the DHCP-client.
When the user-db is used for PPPoE authentication, the gi-address parameter cannot be used. A fixed IP address causes PPPoE to use this IP address. If no IP address is specified, the PPPoE looks for IP address by other means (DHCP). If a pool name is given, this pool is sent in the DHCP request so it can be used in by the DHCP server to determine which address to give to the host.
The no form of this command causes no IP address to be assigned to this host. In a user database referred to from a local DHCP server, creating a host without address information causes the matching client never to get an IP address.
The no form of this command reverts to the default.
- gi-address
When specified, the gi-address of the DHCP message is taken to look for a subnet in the local DHCP server. The first available free address of the subnet is taken and "offered” to the host. When local-user-db is used for PPPoE authentication, this has the same result as no address.
- ip-address
Specifies the fixed IP address to use for this host.
- pool-name/sec-pool-name
Specifies the primary (and secondary) pool (in the local DHCP server), up to 32 characters, to look for an available address. The first available IP address from any subnet in the pool is used. When the local user database is used for PPPoE authentication, this causes the specified pool name to be sent to the DHCP server in a vendor-specific sub-option under Option 82.
- use-pool-from-client
Use the pool-name in the Option 82 vendor-specific sub-option.
- delimiter
Specifies a single ASCII character specifies the delimiter of separating primary and secondary pool names in option82 VSO.
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
address ipv6-address/prefix-length [eui-64] [track-srrp srrp-instance] [modifier cga-modifier] [dad-disable] [primary-preference primary-preference]
no address ipv6-address/prefix-length
[Tree] (config>service>ies>if>ipv6 address)
[Tree] (config>service>vprn>if>ipv6 address)
Full Context
configure service ies interface ipv6 address
configure service vprn interface ipv6 address
This command assigns an IPv6 address/subnet to the interface.
Up to 16 total primary and secondary IPv4 and IPv6 addresses can be assigned to network interfaces, and up to 256 to access interfaces.
Configurations must not exceed 16 secondary IP addresses when IPsec, GRE, L2TPv3, or IP in IP protocols are active on an access interface.
The no form of this command removes the IPv6 address from the interface.
- ipv6-address/prefix-length
Specifies the IPv6 address on the interface.
- eui-64
When the eui-64 keyword is specified, a complete IPv6 address from the supplied prefix and 64-bit interface identifier is formed. The 64-bit interface identifier is derived from MAC address on Ethernet interfaces. For interfaces without a MAC address, for example ATM interfaces, the Base MAC address of the chassis is used.
- srrp-instance
Specifies the SRRP instance ID that this interface route needs to track.
- cga-modifier
Specifies the modifier in 32 hexadecimal nibbles.
- dad-disable
Disables Duplicate Address Detection (DAD) and sets the address to preferred, even if there is a duplicated address.
- primary-preference
Specifies a primary-preference index to an IPv6 address of the interface to enforce the order in which the address is used by control plane protocols and applications which require a fixed address of the interface. These include LDP and Segment Routing.
When originating packets from this interface, the source IPv6 address follows the selection rules in RFC 6724 except for the specific cases where a fixed address is required. In the latter case, the IPv6 address with the lowest primary-preference index is selected. If the selected address is removed, the system selects the IPv6 address with the next lowest primary-preference index.
The system assigns the next available index value to any IPv6 address of the interface when configured without the primary-preference index value specified. The address index space is unique across all addresses of a given interface.
address ipv6-address/prefix-length [pd] [wan-host] [track-srrp srrp-instance] [holdup-time milli-seconds]
no address ipv6-address/prefix-length
[Tree] (config>service>ies>sub-if>ipv6 address)
[Tree] (config>service>vprn>sub-if>ipv6 address)
Full Context
configure service ies subscriber-interface ipv6 address
configure service vprn subscriber-interface ipv6 address
This command assigns an IPv6 address/subnet to the subscriber interface.
SRRP and an IPv6 Global Unicast Address on a subscriber interface are mutual exclusive:
track-srrp cannot be enabled on a subscriber interface ipv6 address
when an ipv6 address is configured on a subscriber interface, SRRP cannot be enabled on its group interfaces
The no form of this command removes the IPv6 address from the interface.
- ipv6-address
Specifies the 128-bit IPv6 address.
- prefix-length
Specifies the length of any associated aggregate prefix.
- pd
Specifies that this aggregate is used by IPv6 ESM hosts for DHCPv6 prefix-delegation.
- wan-host
Specifies that this aggregate is used by IPv6 ESM hosts for local addressing or by a routing gateway’s WAN interface.
- srrp-instance
Specifies the SRRP instance number.
- milli-seconds
Specifies the time to wait, in milli-seconds, for the route before it accepts the new state attribute. This timer is used to prevent fluctuations in route advertisement caused by short lived SRRP instabilities, in the case that such condition arises.
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
address ip-prefix/ip-prefix-length [peer-profile profile-name]
no address ip-prefix/ip-prefix-length
[Tree] (config>service>vprn>gtp>s11>peer-profile-map address)
[Tree] (config>router>gtp>s11>peer-profile-map address)
[Tree] (config>router>gtp>uplink>peer-profile-map address)
[Tree] (config>service>vprn>gtp>uplink>peer-profile-map address)
Full Context
configure service vprn gtp s11 peer-profile-map address
configure router gtp s11 peer-profile-map address
configure router gtp uplink peer-profile-map address
configure service vprn gtp uplink peer-profile-map address
This command configures a mapping of an IP address or subnet to a peer profile. If one peer profile is used for the entire router, it is possible to map the entire IPv4 subnet using
If no match is found, the default or default S11 peer profile is used.
The no form of this command removes the peer profile mapping, affecting only the setup of new peers.
- ip-prefix/ip-prefix-length
Specifies the IP prefix and prefix length of the subnet.
- profile-name
Specifies the GTP peer profile associated with the address prefix, up to 32 characters.
7750 SR, 7750 SR-e, 7750 SR-s, VSR
address [ip-address | ipv6-address]
no address
[Tree] (config>aaa>diam>node>peer address)
Full Context
configure aaa diameter node peer address
This command configures IPv4 or IPv6 address for a Diameter peer.
The no form of this command removes the IPv4 or IPv6 from the peer configuration.
- ip-address
Specifies the IPv4 address in the a.b.c.d form
- ipv6-address
Specifies the IPv6 address in the form:
x:x:x:x:x:x:x:x (eight 16-bit pieces)
x - [0..FFFF]H
d - [0 to 255] D
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
address {ip-address/mask | ip-address netmask} [broadcast {all-ones | host-ones}] [track-srrp srrp-instance]
no address [ip-address/mask | ip-address netmask]
[Tree] (config>service>vprn>if address)
[Tree] (config>service>vprn>nw-if address)
[Tree] (config>service>ies>if address)
Full Context
configure service vprn interface address
configure service vprn network-interface address
configure service ies interface address
This command assigns an IP address, IP subnet, and broadcast address format to an IES IP router interface. Only one IP address can be associated with an IP interface. Use the secondary command to assign multiple addresses.
An IP address must be assigned to each IES or VPRN IP interface. An IP address and a mask are used together to create a local IP prefix. The defined IP prefix must be unique within the context of the routing instance. It cannot overlap with other existing IP prefixes defined as local subnets on other IP interfaces in the same routing context within the router.
The IP address for the interface can be entered in either CIDR (Classless Inter-Domain Routing) or traditional dotted decimal notation. The show commands display CIDR notation and is stored in configuration files.
By default, no IP address or subnet association exists on an IP interface until it is explicitly created.
Address |
Admin State |
Oper State |
No address |
up |
down |
No address |
down |
down | |
up |
up | |
down |
down |
The operational state is a read-only variable and the only controlling variables are the address and admin states. The address and admin states are independent and can be set independently. If an interface is in an administratively up state and an address is assigned, it becomes operationally up and the protocol interfaces and the MPLS LSPs associated with that IP interface are reinitialized.
The no form of this command removes the IP address assignment from the IP interface. When the no address command is entered, the interface becomes operationally down.
- ip-address
Specifies the IP address of the IP interface. The ip-address portion of the address command specifies the IP host address that is used by the IP interface within the subnet. This address must be unique within the subnet and specified in dotted decimal notation. Allowed values are IP addresses in the range – (with support of /31 subnets).
- /
The forward slash is a parameter delimiter and separates the ip-address portion of the IP address from the mask that defines the scope of the local subnet. No spaces are allowed between the ip-address, the "/” and the mask-length parameter. If a forward slash is not immediately following the ip-address, a dotted decimal mask must follow the prefix.
- mask-length
Specifies the subnet mask length when the IP prefix is specified in CIDR notation. When the IP prefix is specified in CIDR notation, a forward slash (/) separates the ip-address from the mask-length parameter. The mask length parameter indicates the number of bits used for the network portion of the IP address; the remainder of the IP address is used to determine the host portion of the IP address.
Note:A mask length of 32 is reserved for loopback addresses (includes system addresses).
- mask
The subnet mask in dotted decimal notation. When the IP prefix is not specified in CIDR notation, a space separates the ip-address from a traditional dotted decimal mask. The mask parameter indicates the complete mask that is used in a logical 'AND’ function to derive the local subnet of the IP address. Allowed values are dotted decimal addresses in the range –
Note:A mask of is reserved for system IP addresses.
- broadcast
Overrides the default broadcast address used by the IP interface when sourcing IP broadcasts on the IP interface. If no broadcast format is specified for the IP address, the default value is host-ones which indicates a subnet broadcast address. Use this parameter to change the broadcast address to all-ones or revert back to a broadcast address of host-ones.
The broadcast format on an IP interface can be specified when the IP address is assigned or changed.
This parameter does not affect the type of broadcasts that can be received by the IP interface. A host sending either the local broadcast (all-ones) or the valid subnet broadcast address (host-ones) is received by the IP interface.
- all-ones
Specifies the broadcast address used by the IP interface for this IP address is, also known as the local broadcast.
- host-ones
Specifies that the broadcast address used by the IP interface for this IP address is the subnet broadcast address. This is an IP address that corresponds to the local subnet described by the ip-address and the mask-length or mask with all the host bits set to binary one. This is the default broadcast address used by an IP interface.
The broadcast parameter within the address command does not have a negate feature, which is usually used to revert a parameter to the default value. To change the broadcast type to host-ones after being changed to all-ones, the address command must be executed with the broadcast parameter defined.
- srrp-instance
Tracks the specified SRRP instance state on the IPv6 address.
address {ip-address/mask | ip-address netmask} [remote-ip ip-address]
no address
[Tree] (config>service>vprn>red-if address)
Full Context
configure service vprn redundant-interface address
This command assigns an IP address mask or netmask and a remote IP address to the interface.
The no form of this command removes the values from the configuration.
- ip-address/mask
Assigns an IP address/IP subnet format to the interface.
- ip-address netmask
Assigns an IP address netmask to the interface. Specifies a string of 0s and 1s that mask or screen out the network part of an IP address so that only the host computer part of the address remains.
- remote-ip ip-address
Assigns a remote IP to the interface.
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
address ip-address/mask [netmask] [ gw-ip-address gw-ip-address] [populate-host-routes] [track-srrp srrp-instance] [holdup-time milli-seconds]
no address ip-address/mask [netmask]
[Tree] (config>service>vprn>sub-if address)
[Tree] (config>service>ies>sub-if address)
Full Context
configure service vprn subscriber-interface address
configure service ies subscriber-interface address
This command configures the subscriber interface address along with additional parameters related to multi-chassis redundancy.
The no form of this command reverts to the default.
- ip-address
The IP address of the IP interface. The ip-address portion of the address command specifies the IP host address that is used by the IP interface within the subnet. This address must be unique within the subnet and specified in dotted decimal notation. Allowed values are IP addresses in the range – (with support of /31 subnets).
- /
The forward slash is a parameter delimiter and separates the ip-address portion of the IP address from the mask that defines the scope of the local subnet. No spaces are allowed between the ip-address, the "/” and the mask-length parameter. If a forward slash is not immediately following the ip-address, a dotted decimal mask must follow the prefix.
- mask
The subnet mask in dotted decimal notation. When the IP prefix is not specified in CIDR notation, a space separates the ip-address from a traditional dotted decimal mask. The mask parameter indicates the complete mask that is used in a logical AND function to derive the local subnet of the IP address. Allowed values are dotted decimal addresses in the range –
Note:A mask of is reserved for system IP addresses.
- netmask
The subnet mask in dotted decimal notation.
- gw-ip-address
Specifies a separate IP address within the subnet for SRRP routing purposes. This parameter must be followed by a valid IP interface that exists within the subscriber subnet created by the address command. The defined gateway IP address cannot currently exist as a subscriber host (static or dynamic). If the defined ip-address already exists as a subscriber host address, the address command will fail. The specified ip-address must be unique within the system.
The gw-ip-address parameter may be specified at any time. If the subscriber subnet was created previously, executing the address command with a gw-ip-address parameter will simply add the SRRP gateway IP address to the existing subnet.
If the address command is executed without the gw-ip-address parameter when the subscriber subnet is associated with an active SRRP instance, the address will fail. If the SRRP instance is inactive or removed, executing the address command without the gw-ip-address parameter removes the SRRP gateway IP address from the specified subscriber subnet.
If the address command is executed with a new GW address, all SRRP instances associated with the specified subscriber subnet is updated with the new SRRP gateway IP address.
- populate-host-routes
Specifies to populate subscriber-host routes in local FDB. Storing them in FDB benefits topologies only where the external router advertises more specific routes than the one corresponding to locally configured subscriber-interface subnets.
- milli-seconds
Specifies the time to wait, in milli-seconds, for the route before it accepts the new state attribute. This timer is used to prevent fluctuations in route advertisement caused by short lived SRRP instabilities, in the case that such condition arises.
- srrp-inst
Enables the subscriber interface route to track the SRRP state of the specified SRRP instance. The route updates its state attribute to reflect the state of SRRP instance:
Master = srrp-master
Any other = srrp-non-master
Routing policy can be applied towards the state attribute in order to customize the advertisement of the route. Only one SRRP instance can be tracked per subscriber interface route. Tracked SRRP instance can be part of the Fate Sharing Group. This command can be enabled at any time.
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
[no] address [ip-address | ipv6-address]
[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw address)
[Tree] (config>service>ies>sub-if>grp-if>wlan-gw address)
Full Context
configure service vprn subscriber-interface group-interface wlan-gw address
configure service ies subscriber-interface group-interface wlan-gw address
This command configures an IPv4 or IPv6 address of a WLAN Gateway.
The no form of this command removes the IPv4 or IPv6 address from the configuration.
- ip-address
Specifies up to four IPv4 addresses.
- ipv6-address
Specifies up to six gateway IPv6 endpoint addresses.
- ipv6-address
Specifies up to six IPv6 addresses.
7750 SR, 7750 SR-e, 7750 SR-s, VSR
address ip-address [/mask] [netmask]
no address
[Tree] (config>service>vpls>interface address)
Full Context
configure service vpls interface address
This command assigns an IP address, IP subnet, and broadcast address format to an IES IP router interface. Only one IP address can be associated with an IP interface.
An IP address must be assigned to each IES IP interface. An IP address and a mask are used together to create a local IP prefix. The defined IP prefix must be unique within the context of the routing instance. It cannot overlap with other existing IP prefixes defined as local subnets on other IP interfaces in the same routing context within the router.
The IP address for the interface can be entered in either CIDR (Classless Inter-Domain Routing) or traditional dotted decimal notation. The show commands display CIDR notation and is stored in configuration files.
By default, no IP address or subnet association exists on an IP interface until it is explicitly created.
Use the no form of this command to remove the IP address assignment from the IP interface. When the no address command is entered, the interface becomes operationally down.
Address |
Admin State |
Oper State |
No address |
up |
down |
No address |
down |
down | |
up |
up | |
down |
down |
The operational state is a read-only variable and the only controlling variables are the address and admin states. The address and admin states are independent and can be set independently. If an interface is in an administratively up state and an address is assigned, it becomes operationally up and the protocol interfaces and the MPLS LSPs associated with that IP interface will be reinitialized.
- ip-address
The IP address of the IP interface. The ip-address portion of the address command specifies the IP host address that will be used by the IP interface within the subnet. This address must be unique within the subnet and specified in dotted decimal notation. Allowed values are IP netmask
The subnet mask in dotted decimal notation. When the IP prefix is not specified in CIDR notation, a space separates the ip-address from a traditional dotted decimal mask. The mask parameter indicates the complete mask that will be used in a logical 'AND’ function to derive the local subnet of the IP address. Allowed values are dotted decimal addresses in the range to A mask of is reserved for system IP addresses.
address {ip-address/mask | ip-address netmask} [remote-ip ip-address]
no address
[Tree] (config>service>ies>redundant-interface address)
Full Context
configure service ies redundant-interface address
This command assigns an IP address mask or netmask and a remote IP address to the interface.
- ip-address/mask
Assigns an IP address/IP subnet format to the interface.
- ip-address netmask
Specifies a string of 0s and 1s that mask or screen out the network part of an IP address so that only the host computer part of the address remains.
Assigns an IP address netmask to the interface.
- remote-ip ip-address
Assigns a remote IP to the interface.
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
address ip-address
no address
[Tree] (config>service>vprn>log>syslog address)
Full Context
configure service vprn log syslog address
This command adds the syslog target host IP address to/from a syslog ID.
The ip-address parameter is mandatory. If no address is configured, syslog data cannot be forwarded to the syslog target host.
Only one address can be associated with a syslog-id. If multiple addresses are entered, the last address entered overwrites the previous address.
The same syslog target host can be used by multiple log IDs.
The no form of this command removes the syslog target host IP address.
no address
- ip-address
Specifies the IP address of the syslog target host in dotted decimal notation.
[no] address ipv6-address
[Tree] (config>service>vprn>nat>inside>dslite address)
Full Context
configure service vprn nat inside dual-stack-lite address
This command configures a DS-Lite IPv6 address
The no form of this command removes the value from the configuration.
- ipv6-address
Specifies the IPv6 address on the interface.
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
[no] address ip-address
[Tree] (config>service>vprn>radius-proxy>server>wlan-gw address)
[Tree] (config>router>radius-proxy>server>wlan-gw address)
Full Context
configure service vprn radius-proxy server wlan-gw address
configure router radius-proxy server wlan-gw address
This command configures the IPv4 address of the distributed RADIUS proxy server for use by the access points.
The no form of this command removes the address from the configuration.
- ip-address
Specifies the destination IPv4 address of the RADIUS proxy server.
7750 SR, 7750 SR-e, 7750 SR-s, VSR
[no] address ip-address/mask
[Tree] (config>service>vprn>nat>inside>l2-aware address)
[Tree] (config>router>nat>inside>l2-aware address)
Full Context
configure service vprn nat inside l2-aware address
configure router nat inside l2-aware address
This command configures a Layer 2-aware NAT address. This address acts as a local address of the system. Hosts connected to the inside service are able to ARP for this address. To verify connectivity, a host can also ping the address. This address is typically used as next hop of the default route of a Layer 2-aware host. The given mask defines a Layer 2-aware subnet. The (inside) IP address used by a Layer 2-aware host must match one of the subnets defined here or it will be rejected.
- ip-address
Specifies the IP address in a.b.c.d format.
- mask
Specifies the mask.
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
[no] address ip-address
[Tree] (config>service>vprn>pim>rp>bsr-candidate address)
[Tree] (config>service>vprn>pim>rp>rp-candidate address)
Full Context
configure service vprn pim rp bsr-candidate address
configure service vprn pim rp rp-candidate address
This command configures a static bootstrap or rendezvous point (RP) as long as the source is not directly attached to this router.
Use the no form of this command to remove the static RP from the configuration.
No IP address is specified.
- ip-address
The static IP address of the RP. The ip-address portion of the address command specifies the IP host address that will be used by the IP interface within the subnet. This address must be unique within the subnet and specified in dotted decimal notation.
[no] address ipv6-address
[Tree] (config>service>vprn>pim>rp>ipv6>rp-candidate address)
[Tree] (config>service>vprn>pim>rp>ipv6>bsr-candidate address)
Full Context
configure service vprn pim rp ipv6 rp-candidate address
configure service vprn pim rp ipv6 bsr-candidate address
This command configures a static bootstrap or rendezvous point (RP) as long as the source is not directly attached to this router.
Use the no form of this command to remove the static RP from the configuration.
No IP address is specified.
- ipv6-address
The static IP address of the RP. The ip-address portion of the address command specifies the IP host address that will be used by the IP interface within the subnet. This address must be unique within the subnet and specified in dotted decimal notation.
[no] address ip-address
[Tree] (config>service>vprn>pim>rp>static address)
Full Context
configure service vprn pim rp static address
This command configures the static rendezvous point (RP) address.
The no form of this command removes the static RP entry from the configuration.
address {ip-address/mask | ip-address netmask} [remote-ip ip-address]
no address
[Tree] (config>service>vprn>redundant-interface address)
Full Context
configure service vprn redundant-interface address
This command assigns an IP address mask or netmask and a remote IP address to the interface.
- ip-address/mask
Assigns an IP address/IP subnet format to the interface.
- ip-address netmask
Specifies a string of 0s and 1s that mask or screen out the network part of an IP address so that only the host computer part of the address remains.
Assigns an IP address netmask to the interface.
- remote-ip ip-address
Assigns a remote IP to the interface.
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
address ip-address
no address
[Tree] (config>app-assure>group>evt-log>syslog address)
Full Context
configure application-assurance group event-log syslog address
This command configures the target syslog host IP address.
no address
- ip-address
Specifies the IP address of the target syslog host, either IPv4 or IPv6.
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
address {ip-address/mask | ip-address netmask}
no address [ip-address/mask | ip-address netmask]
[Tree] (config>service>ies>aa-interface address)
[Tree] (config>service>vprn>aa-interface address)
Full Context
configure service ies aa-interface address
configure service vprn aa-interface address
This command assigns an IP address to the interface.
no address
- ip-address/mask
Specifies an IP address/IP subnet format to the interface.
- ip-address netmask
Specifies a string of 0s and 1s that mask or screen out the network part of an IP address so that only the host computer part of the address remains.
- create
Keyword that specifies to create the interface.
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
address prefix ip-prefix/ip-prefix-len
address from begin-ip-address to end-ip-address
no address
[Tree] (config>ipsec>ts-list>local>entry address)
[Tree] (config>ipsec>ts-list>remote>entry address)
Full Context
configure ipsec ts-list local entry address
configure ipsec ts-list remote entry address
This command specifies the address range in the IKEv2 traffic selector.
no address
- ip-prefix/ip-prefix-len
Specifies the IP prefix and subnet mask.
- begin-ip-address
Specifies the beginning address of the range for this entry.
- end-ip-address
Specifies the ending address of the range for this entry.
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
[no] address ipv6-address
[Tree] (config>router>nat>inside>dual-stack-lite address)
Full Context
configure router nat inside dual-stack-lite address
This command configures a DS-Lite IPv6 address.
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
[no] address ip-address/mask
[Tree] (config>router>nat>inside address)
Full Context
configure router nat inside address
This command configures the IP address and mask of the subnet.
The no form of the command removes the IP address and prefix length from the configuration.
- ip-address/mask
Specifies the IP address and mask of the subnet.
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
[no] address ip-address/mask
[Tree] (config>service>ies>video-interface address)
[Tree] (config>service>vprn>video-interface address)
Full Context
configure service ies video-interface address
configure service vprn video-interface address
This command assigns an IP address to the video interface within the service. Video interface IP addresses are used by video service clients to direct requests for video server services. Up to 16 IP address/subnets can be defined. The addresses defined must all be distinct and cannot be contained within a previously defined address.
The no form of the command deletes the IP address/subnet from the video interface.
- ip-address
Specifies the IP address/subnet of the video interface in dotted decimal notation.
- mask
Specifies the subnet mask length for the IP address expressed as an integer.
7450 ESS, 7750 SR, 7750 SR-s
address ip-address
no address
[Tree] (config>router>pim>rp>bsr-candidate address)
Full Context
configure router pim rp bsr-candidate address
This command configures the candidate BSR IP address. This address is for Bootstrap router election.
The no form of this command removes the IP address from the BSR candidate configuration.
no address
- ip-address
Specifies the IP host address used by the IP interface within the subnet. This address must be unique within the subnet and specified in dotted decimal notation.
address ipv6-address
no address
[Tree] (config>router>pim>rp>ipv6>bsr-candidate address)
Full Context
configure router pim rp ipv6 bsr-candidate address
This command configures the candidate BSR IPv6 address. This address is for Bootstrap router election.
The no form of this command removes the IPv6 address from the BSR candidate configuration.
no address
- ipv6-address
Specifies the IPv6 host address used by the interface within the subnet.
address ipv6-address
no address
[Tree] (config>router>pim>rp>ipv6>rp-candidate address)
Full Context
configure router pim rp ipv6 rp-candidate address
This command configures the local IPv6 RP address. This address is sent in the RP candidate advertisements to the bootstrap router.
The no form of this command removes the IPv6 address from the RP candidate configuration.
no address
- ipv6-address
Specifies the IPv6 RP address.
address ip-address
no address
[Tree] (config>router>pim>rp>rp-candidate address)
Full Context
configure router pim rp rp-candidate address
This command configures the local RP address. This address is sent in the RP candidate advertisements to the bootstrap router.
The no form of this command removes the IP address from the RP candidate configuration.
no address
- ip-address
Specifies the ip-address.
address ip-address
no address
[Tree] (config>router>pim>rp>static address)
[Tree] (config>router>pim>rp>ipv6>static address)
Full Context
configure router pim rp static address
configure router pim rp ipv6 static address
This command configures the Rendezvous Point (RP) address that should be used by the router for the range of multicast groups configured by the range command.
The no form of this command removes the IP address from the static configuration.
- ip-address
Specifies the static IP address of the RP. The ip-address portion of the address command specifies the IP host address that is used by the IP interface within the subnet. This address must be unique within the subnet and specified in dotted decimal notation.
address ipv4-address
no address
[Tree] (config>li>x-interfaces>lics>lic address)
Full Context
configure li x-interfaces lics lic address
This command configures the IP address of this LIC.
The no form of this command reverts to the default.
- ipv4-address
Specifies the IPv4 address of the LIC.
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
address ipv4-address
no address
[Tree] (config>li>x-interfaces>x1 address)
Full Context
configure li x-interfaces x1 address
This command configures the X1 interface IP address that must match an IP address configured on the router.
The no form of this command reverts to the default.
- ipv4-address
Specifies the IPv4 address of the LIC.
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
address ipv4-address
no address
[Tree] (config>li>x-interfaces>x2 address)
Full Context
configure li x-interfaces x2 address
This command configures the X2 interface IP address that must match an IP address configured on the router.
The no form of this command reverts to the default.
- ipv4-address
Specifies the IPv4 address of the LIC.
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
address {ip-address/mask | ip-address netmask} [broadcast {all-ones | host-ones}] [track-srrp srrp-instance] [gre-termination]
no address
[Tree] (config>router>if address)
Full Context
configure router interface address
This command assigns an IP address, IP subnet, and broadcast address format to an IP interface. Only one IP address can be associated with an IP interface. Use the secondary command to assign additional addresses.
An IP address must be assigned to each IP interface. An IP address and a mask combine to create a local IP prefix. The defined IP prefix must be unique within the context of the routing instance. It cannot overlap with other existing IP prefixes defined as local subnets on other IP interfaces in the same routing context within the router.
From Release 19.10, The overlap restriction is not applicable for host-addresses configured on loopback interfaces. For example, a loopback interface addresses configured with mask of 32 or netmask of can overlap with other prefixes on other IP interfaces in the same routing context within the router.
The IP address for the interface can be entered in either CIDR (Classless Inter-Domain Routing) or traditional dotted decimal notation. Show commands display CIDR notation and are stored in configuration files.
By default, no IP address or subnet association exists on an IP interface until it is explicitly created.
The no form of this command removes the IP address assignment from the IP interface. Interface specific configurations for MPLS are also removed. This will operationally stop any MPLS LSPs that explicitly reference that IP address. When a new IP address is configured, interface specific configurations for MPLS need to be added. IEEE 1588 port based timestamping configured with ptp-hw-assist is also disabled.
no address
- ip-address
Specifies the IP address of the IP interface. The ip-address portion of the address command specifies the IP host address that will be used by the IP interface within the subnet. This address must be unique within the subnet and specified in dotted decimal notation.
- /
The forward slash is a parameter delimiter that separates the ip-address portion of the IP address from the mask that defines the scope of the local subnet. No spaces are allowed between the ip-address, the "/” and the mask parameter. If a forward slash does not immediately follow the ip-address, a dotted decimal mask must follow the prefix.
- mask
Specifies the subnet mask length when the IP prefix is specified in CIDR notation. When the IP prefix is specified in CIDR notation, a forward slash (/) separates the ip-address from the mask parameter. The mask parameter indicates the number of bits used for the network portion of the IP address; the remainder of the IP address is used to determine the host portion of the IP address. Allowed values are integers in the range 1— 32. A mask length of 32 is reserved for system IP addresses.
- netmask
Specifies the subnet mask in dotted decimal notation.
- broadcast
The optional broadcast parameter overrides the default broadcast address used by the IP interface when sourcing IP broadcasts on the IP interface. If no broadcast format is specified for the IP address, the default value is host-ones, which indicates a subnet broadcast address. Use this parameter to change the broadcast address to all-ones or revert back to a broadcast address of host-ones.
The broadcast parameter within the address command does not have a negate feature, which is usually used to revert a parameter to the default value. To change the broadcast type to host-ones after being changed to all-ones, the address command must be executed with the broadcast parameter defined.
The broadcast format on an IP interface can be specified when the IP address is assigned or changed.
This parameter does not affect the type of broadcasts that can be received by the IP interface. A host sending either the local broadcast (all-ones) or the valid subnet broadcast address (host-ones) will be received by the IP interface.
- all-ones
The all-ones keyword following the broadcast parameter specifies that the broadcast address used by the IP interface for this IP address will be, also known as the local broadcast.
- host-ones
Specifies that the broadcast address used by the IP interface for this IP address will be the subnet broadcast address. This is an IP address that corresponds to the local subnet described by the ip-address and the netmask with all the host bits set to binary 1. This is the default broadcast address used by an IP interface.
- srrp-instance
Specifies the SRRP instance ID that this interface route needs to track.
- gre-termination
The optional gre-termination keyword allows GRE SDP tunnel packets to terminate on the router interface using the /31 value of the configured IP address. Refer to the 7450 ESS, 7750 SR, 7950 XRS, and VSR Services Overview Guide for information about using gre-termination.
address ipv6-address/prefix-length [eui-64] [track-srrp srrp-instance] [modifier cga-modifier] [dad-disable] [primary-preference primary-preference]
no address ipv6-address/prefix-length
[Tree] (config>router>if>ipv6 address)
Full Context
configure router interface ipv6 address
This command assigns an IPv6 address to the interface. Up to 16 total primary and secondary IPv4 and IPv6 addresses can be assigned to network interfaces, and up to 256 to access interfaces.
Configurations must not exceed 16 IPv6 addresses when IPsec, GRE, L2TPv3, or IP in IP protocols are active on an access interface.
A global IPv6 address together with the prefix-length create a locally configured interface IPv6 prefix and subnet. The defined global IP prefix must be unique within the context of a routing instance. It cannot overlap with any other existing global IP prefix defined on another IP interface within the same routing context in the router.
This overlap restriction is not applicable for IPv6 host addresses configured on loopback interfaces. For example, an IPv6 loopback host address configured upon a loopback interface may overlap with another prefix subnet configured on another IP interface within the same routing context.
- ipv6-address/prefix-length
Specifies the IPv6 address on the interface.
- eui-64
When the eui-64 keyword is specified, a complete IPv6 address from the supplied prefix and 64-bit interface identifier is formed. The 64-bit interface identifier is derived from MAC address on Ethernet interfaces. For interfaces without a MAC address, for example POS interfaces, the Base MAC address of the chassis should be used.
- srrp-instance
Indicates the unique identifier of the tracked SRRP instance.
- cga-modifier
Sets the modifier for cryptographically-assigned addresses.
- dad-disable
Disables Duplicate Address Detection (DAD) and sets the address to preferred, even if there is a duplicated address.
- primary-preference
Specifies a primary-preference index to an IPv6 address of the interface to enforce the order in which the address is used by control plane protocols and applications which require a fixed address of the interface. These include LDP and Segment Routing.
When originating packets from this interface, the source IPv6 address follows the selection rules in RFC 6724 except for the specific cases where a fixed address is required. In the latter case, the IPv6 address with the lowest primary-preference index is selected. If the selected address is removed, the system selects the IPv6 address with the next lowest primary-preference index.
The system assigns the next available index value to any IPv6 address of the interface when configured without the primary-preference index value specified. The address index space is unique across all addresses of a given interface.
- srrp
Tracks the specified SRRP instance state on the IPv6 address.
[no] address ip-prefix/ip-prefix-length [active | standby | standby/A | standby/B | standby/C | standby/D]
[Tree] (bof address)
Full Context
bof address
This command assigns an IP address to the management Ethernet port on a CPM. The IP addresses are applied by the boot loader and the running image. The active and standby IP addresses must be on the same subnet.
On all systems except the 7950 XRS-40, an address must be assigned with the active keyword and for systems with a redundant CPM an additional address may be assigned with the standby keyword. The active address is used by the active CPM whether its CPM A or CPM B and the standby address, if specified, is used by the standby CPM whether its CPM B or CPM A.
For the 7950 XRS-40, if the extension chassis shall boot from local compact flash then an active and standby address should be defined for use by the master chassis as defined above.
For the 7950 XRS-40, if the extension chassis shall boot from remote URL, then it is required to assign addresses to the management Ethernet ports for CPM C and CPM D. In this case, the BOF should be updated to have addresses defined using the standby/A, standby/B, standby/C, and standby/D keywords in addition to an address using the active keyword. With these keywords, CPM A shall always use the address defined using the standby/A address when CPM A is running as the standby CPM. Similarly, CPM B shall always use the address defined using the standby/B address when CPM B is running as the standby CPM. The active CPM of CPM A and CPM B shall use the address defined using the active keyword.
Deleting a BOF address entry is not allowed from a remote session.
Note that changing the active and standby addresses without reboot standby CPM may cause a boot-env sync to fail.
The no form of this command deletes the IP address from the CPM Ethernet port.
- ip-prefix/ip-prefix-length
Specifies the destination address of the aggregate route in dotted decimal notation.
- active | standby | standby/A | standby/B | standby/C | standby/D
specifies which CPM Ethernet address is being configured
address {01:1b:19:00:00:00| 01:80:c2:00:00:0e}
[Tree] (config>system>ptp>port address)
Full Context
configure system ptp port address
This command allows for the specification of the mac-address to be used for the destination MAC address of the transmitted ptp messages.
IEEE Std 1588-2008 Annex F defines two reserved addresses for 1588 messages. These are:
01-1B-19-00-00-00 — all except the peer delay mechanism messages
01-80-C2-00-00-0E — peer delay mechanism messages
Both addresses are supported for reception independent of the address configured by this command.
The no form of this command sets the address to the default address.
address 01-1B-19-00-00-00
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
address ip-address
no address
[Tree] (config>log>syslog address)
Full Context
configure log syslog address
This command adds the syslog target host IP address to/from a syslog ID.
This parameter is mandatory. If no address is configured, syslog data cannot be forwarded to the syslog target host.
Only one address can be associated with a syslog-id. If multiple addresses are entered, the last address entered overwrites the previous address.
The same syslog target host can be used by multiple log IDs.
The no form of this command removes the syslog target host IP address.
no address
- ip-address
Specifies the IP address of the syslog target host in dotted decimal notation. An IPv6-address applies only to the 7750 SR.
address ip-address [port port]
no address
[Tree] (config>system>security>ldap>server address)
Full Context
configure system security ldap server address
This command configures the IPv4 or IPv6 address for the LDAP server.
The no version of this command removes the server address.
- ip-address
The IP address of the LDAP server.
- port
Specifies the port ID. The port is the LDAP server listening port; by default it is 389 but if the listening port on LDAP server is changed, this command needs to be configured accordingly.
address ip-address
no address
[Tree] (config>router>static-route-entry>next-hop>backup-next-hop address)
[Tree] (config>service>vprn>static-route-entry>next-hop>backup-next-hop address)
Full Context
configure router static-route-entry next-hop backup-next-hop address
configure service vprn static-route-entry next-hop backup-next-hop address
This command specifies the backup IP forwarding address that is used for static route Fast ReRoute (FRR). The configured address, if reachable, acts as pre-installed backup forwarding information that can be used when the primary IP next-hop suddenly fails.
The configured backup next-hop IP address can be directly or indirectly connected (using an IGP or tunnel) to the node. The backup next-hop forwarding information or the Next-hop Label Forwarding Entry (NHLFE) tunnel forwarding information from the IP Routing Table Manager (RTM) is used to preconfigure an IP fast-reroute backup path.
One backup next-hop address can protect a single primary static route entry next-hop address without ECMP and it is only activated when the primary next-hop has no active ECMP.
The configured IP address can be either on the network or the access side.
By default, there is no backup next-hop address configured.
The no form of this command deletes the backup next-hop address entry.
- ip-address
Specifies the backup IP forwarding address.
[no] address ip-address [:port]
[Tree] (config>app-assure>group>cflowd>direct-export>collector address)
Full Context
configure application-assurance group cflowd direct-export collector address
This command configures the Cflowd direct export collector remote address. Two addresses can be configured for each collector for redundancy. AA sends the same records to both at the same time.
The no form of this command removes the address from the configuration
- ip-address
Specifies the IP address of the Cflowd direct export collector, in the a.b.c.d format.
- port
Specifies the port of the Cflowd direct export collector.
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR