sap sap-id [create]
no sap sap-id
config>service>vprn>if
Supported on all 7210 SAS platforms as described in this document, except those operating in access-uplink mode
This command creates a SAP within a service. A SAP is a combination of port and encapsulation parameters which identifies the SAP on the interface and within the 7210 SAS. Each SAP must be unique.
All SAPs must be explicitly created. If no SAPs are created within a service or on an IP interface, a SAP does not exist on that object.
Enter an existing SAP without the create keyword to edit SAP parameters. The SAP is owned by the service in which it was created.
A SAP can only be associated with a single service. A SAP can only be defined on a port that has been configured as an access port using the config interface port-type port-id mode access command.
If a port is shutdown, all SAPs on that port become operationally down. When a service is shutdown, SAPs for the service are not displayed as operationally down although all traffic traversing the service is discarded. The operational state of a SAP is relative to the operational state of the port on which the SAP is defined.
The no form of this command deletes the SAP with the specified port. When a SAP is deleted, all configuration parameters for the SAP are also deleted.
No SAPs are defined.
A VPRN SAP must be defined on an Ethernet interface.
sap ipsec-id.private | public:tag — This parameter associates an IPSec group SAP with this interface. This is the public side for an IPSec tunnel. Tunnels referencing this IPSec group in the private side may be created if their local IP is in the subnet of the interface subnet and the routing context specified matches with the one of the interface.
This context provides a SAP to the tunnel. The operator may associate an ingress and egress QoS policies as well as filters and virtual scheduling contexts. Internally, this creates an Ethernet SAP that is used to send and receive encrypted traffic to and from the MDA. Multiple tunnels can be associated with this SAP. The ‟tag” is a dot1q value. The operator may see it as an identifier. The range is limited to 1 to 4094.
Specifies the physical port identifier portion of the SAP definition. See Common CLI command descriptions for command syntax.
Keyword used to create a SAP instance.
tod-suite tod-suite-name
no tod-suite
config>service>vprn>if>sap
Supported on all 7210 SAS platforms as described in this document, except those operating in access-uplink mode
This command applies a time-based policy (filter or QoS policy) to the SAP. The suite name must already exist in the config>cron context.
no tod-suite
Specifies collection of policies (ACLs, QoS) including time-ranges that define the full or partial behavior of a SAP or a subscriber. The suite can be applied to more than one SAP.
accounting-policy acct-policy-id
no accounting-policy
config>service>vprn>if>sap
Supported on all 7210 SAS platforms as described in this document, except those operating in access-uplink mode
This command creates the accounting policy context that can be applied to an interface SAP or interface SAP spoke-SDP.
An accounting policy must be defined before it can be associated with a SAP. If the policy-id does not exist, an error message is generated.
A maximum of one accounting policy can be associated with a SAP at one time. Accounting policies are configured in the config>log context.
The no form of this command removes the accounting policy association from the SAP, and the accounting policy reverts to the default.
Default accounting policy.
Specifies the accounting policy-id as configured in the config>log>accounting-policy context.
[no] collect-stats
config>service>vprn>if>sap
Supported on all 7210 SAS platforms as described in this document, except those operating in access-uplink mode
This command enables accounting and statistical data collection for either an interface SAP or interface SAP spoke-SDP, or network port. When applying accounting policies the data, by default, is collected in the appropriate records and written to the designated billing file.
When the no collect-stats command is issued the statistics are still accumulated by the IOM cards. However, the CPU does not obtain the results and write them to the billing file. If a subsequent collect-stats command is issued, the counters written to the billing file include all the traffic while the no collect-stats command was in effect.
no collect-stats
arp-timeout seconds
no arp-timeout
config>service>vprn>if
Supported on all 7210 SAS platforms as described in this document, except those operating in access-uplink mode
This command configures the minimum time in seconds an ARP entry learned on the IP interface is stored in the ARP table. ARP entries are automatically refreshed when an ARP request or gratuitous ARP is seen from an IP host, otherwise, the ARP entry is aged from the ARP table. If arp-timeout is set to a value of zero seconds, ARP aging is disabled.
The no form of this command restores arp-timeout to the default value.
14400 seconds
Specifies the minimum number of seconds a learned ARP entry is stored in the ARP table, expressed as a decimal integer. A value of zero specifies that the timer is inoperative and learned ARP entries is not aged.
delayed-enable seconds [init-only]
no delayed-enable
config>service>vprn>if
Supported on all 7210 SAS platforms as described in this document, except those operating in access-uplink mode
This command delays making the interface operational by the specified number of seconds.
In environments with many subscribers, it can take time to synchronize the subscriber state between peers when the subscriber-interface is enabled (perhaps, after a reboot). To ensure that the state has time to be synchronized, the delayed-enable timer can be specified. The optional parameter init-only can be added to use this timer only after a reboot.
no delayed-enable
Specifies the number of seconds to delay before the interface is operational.
Delays the initialization of the subscriber-interface to give the rest of the system time to complete necessary tasks such as allowing routing protocols to converge and/or to allow MCS to sync the subscriber information. The delay only occurs immediately after a reboot.