anti-spoof {ip | mac | ip-mac | nh-mac}
no anti-spoof-type
config>service>vprn>if>sap
config>service>vprn>sub-if>grp-if>sap
Supported on all 7210 SAS platforms as described in this document
This command enables anti-spoof filtering and optionally changes the anti-spoof matching type for the interface.
The type of anti-spoof filtering defines what information in the incoming packet is used to generate the criteria to look up an entry in the anti-spoof filter table. The parameter type defines the anti-spoof filter type enforced by the SAP when anti-spoof filtering is enabled.
The following are the default filter types:
non-Ethernet encapsulation default anti-spoof filter type
When enabled on a non-Ethernet encapsulated SAP, the anti-spoof filter default type is ip.
Ethernet encapsulated default anti-spoof filter type
When enabled on an Ethernet encapsulated SAP, the anti-spoof default type is ip-mac.
default anti-spoof filter state
By default, anti-spoof filtering is disabled on the SAP.
The no form of this command disables anti-spoof filtering on the SAP.
Keyword to specify that SAP anti-spoof filtering uses only the source IP address in its lookup. If a static host exists on the SAP without an IP address specified, the anti-spoof type ip command fails.
Keyword to specify that SAP anti-spoof filtering uses only the source MAC address in its lookup. Setting the anti-spoof filter type to mac is not allowed on non-Ethernet encapsulated SAPs. If a static host exists on the SAP without a specified MAC address, the anti-spoof type mac command fails. The anti-spoof type mac command also fails if the SAP does not support Ethernet encapsulation.
Keyword to specify that SAP anti-spoof filtering uses both the source IP address and the source MAC address in its lookup. If a static host exists on the SAP without both the IP address and MAC address specified, the anti-spoof type ip-mac command fails. This is also true if the default anti-spoof filter type of the SAP is ip-mac and the default is not overridden. The anti-spoof type ip-mac command also fails if the SAP does not support Ethernet encapsulation.
Keyword to specify that the ingress anti-spoof is based on the source MAC address and the egress anti-spoof is based on the nh-ip-address.
[no] arp-populate
config>service>vprn>if
config>service>vprn>sub-if>subscriber-interface
config>service>vprn>sub-if>grp-if
Supported on all 7210 SAS platforms as described in this document
This command configures populating static and dynamic hosts into the system ARP cache. When enabled, the host IP address and MAC address are placed in the system ARP cache as a managed entry.
Static hosts must be defined on the interface using the host command. Dynamic hosts are enabled on the system through enabling lease-populate in the IP interface DHCP context. In the event that both a static host and a dynamic host share the same IP and MAC address, the system ARP cache retains the host information until both the static and dynamic information are removed. Both static and dynamic hosts override static ARP entries. Static ARP entries are marked as inactive when they conflict with static or dynamic hosts and are repopulated when all static and dynamic host information for the IP address are removed. Because static ARP entries are not possible when static subscriber hosts are defined or when DHCP lease state table population is enabled, conflict between static ARP entries and the arp-populate function is not an issue.
The arp-populate command fails if an existing static subscriber host on the SAP does not have both MAC and IP addresses specified.
When the arp-populate command is enabled, creating a static subscriber host on the SAP without both an IP address and MAC address fails.
The arp-populate command can be enabled on only VPRN interfaces supporting Ethernet encapsulation.
The no form of this command disables ARP cache population functions for static and dynamic hosts on the interface. All static and dynamic host information in the system ARP cache are removed. Any existing static ARP entries previously inactive because of static or dynamic hosts are populated in the system ARP cache.
When arp-populate is enabled, the system does not send out ARP requests for hosts that are not in the ARP cache. Only statically configured and DHCP learned hosts are reachable through an IP interface with the arp-populate command enabled.
no arp-populate
arp-timeout seconds
no arp-timeout
config>service>vprn>if
Supported on all 7210 SAS platforms as described in this document
This command configures the minimum time in seconds an ARP entry learned on the IP interface is stored in the ARP table. ARP entries are automatically refreshed when an ARP request or gratuitous ARP is seen from an IP host; otherwise, the ARP entry is aged from the ARP table. If arp-timeout is set to a value of zero seconds, ARP aging is disabled.
The no form of this command reverts to the default value.
14400 seconds
Specifies the minimum number of seconds a learned ARP entry is stored in the ARP table, expressed as a decimal integer. A value of zero specifies that the timer is inoperative and learned ARP entries are not aged.
delayed-enable seconds [init-only]
no delayed-enable
config>service>vprn>if
Supported on all 7210 SAS platforms as described in this document
This command delays making the interface operational by the specified number of seconds.
In environments with many subscribers, it can take time to synchronize the subscriber state between peers when the subscriber interface is enabled (for example, after a reboot). To ensure that the state has time to be synchronized, the delayed-enable timer can be specified. The optional init-only parameter specifies to use the delayed-enable timer only after a reboot.
no delayed-enable
Specifies the number of seconds to delay before the interface is operational.
Keyword that delays the initialization of the subscriber interface to give the system time to complete necessary tasks, such as allowing routing protocols to converge or MCS to synchronize the subscriber information. The delay occurs only immediately after a reboot.
[no] host {[ip ip-address [mac ieee-address]} [subscriber sub-ident-string] [sub-profile sub-profile-name] [sla-profile sla-profile-name]
no host {[ip ip-address] [mac ieee-address]}
config>service>vprn>if>sap
Supported on all 7210 SAS platforms as described in this document
This command creates a static host for the SAP. Applications within the system that make use of static host entries include anti-spoof and source MAC population into the VPLS forwarding database.
Multiple static hosts can be defined on the SAP. Each host is identified by a source IP address, a source MAC address, or both a source IP and source MAC address. When anti-spoof is enabled on the SAP, the host information is populated into the SAP anti-spoof table, allowing ingress packets that match the entry to access the SAP. When the MAC address exists in the host definition, the MAC address is populated into the VPLS forwarding database and associates it with the SAP. The static host definition overrides static MAC entries using the same MAC and prevents dynamic learning of the MAC on another interface.
Defining a static host identical to an existing static host has no effect and does not generate a log or error message.
Every static host definition must have at least one address defined: IP or MAC.
Static hosts may exist on the SAP even with anti-spoof and arp-populate (VPRN) features disabled. When enabled, each feature has different requirements for static hosts.
The no form of this command removes a static entry from the system. The specified ip address and mac address must exactly match the IP and MAC addresses of the host as defined when it was created. When a static host is removed from the SAP, the affect of its removal on the anti-spoof filter, ARP cache, or the VPLS forwarding database is also evaluated.
Keyword that specifies to use static and dynamic host information to populate entries into an anti-spoof filter table. The anti-spoof filter entries generated are of the same type as specified in the anti-spoof type parameter. If the SAP anti-spoof filter is defined as mac, each static host definition must specify a MAC address. If the SAP anti-spoof filter is defined as ip, each static host definition must specify an IP address. If the SAP anti-spoof filter is defined as ip-mac, each static host definition must specify both an IP address and MAC address. If the definition of a static host is attempted without addresses specified for the enabled anti-spoof filter, the static host definition fails.
Keyword that specifies to use static and dynamic host information to populate entries into the system ARP cache. This is only available on the VPRN service SAPs. Both a MAC address and IP address are required to populate an ARP entry in the system. If the definition of a static host is attempted without both a MAC and IP address specified when arp-populate is enabled, the static host definition fails.
Keyword that is an implicit feature and uses the static host definition as a static MAC in the VPLS forwarding database. It cannot be enabled or disabled and has no effect on the ability to create static hosts without a MAC address specified. When a MAC address is specified for a static host, it is automatically populated into the VPLS forwarding database associated with the SAP on which the host is created. The static host MAC address overrides static MAC entries that use the same MAC and prevent dynamic learning of the MAC on another interface. Existing static MAC entries with the same MAC address as a static host are marked as inactive but not deleted. If all static hosts are removed from the SAP, the static MAC may be populated. New static MAC definitions for the VPLS instance may be created while a static host exists associated with the static MAC address.
Optional parameter that specifies a static host. The IP address must be specified for anti-spoof ip and anti-spoof ip-mac commands. Only one static host can be configured on the SAP with a specified IP address. The following rules apply to configuring static hosts using an IP address.
Only one static host can be defined using a specific IP address.
Defining a static host with the same IP address as a previous static host overwrites the previous static host.
If a static host has an IP address assigned, the MAC address for the host is optional (depending on the features enabled on the SAP).
Optional parameter that specifies a static host. The MAC address must be specified for anti-spoof ip and anti-spoof ip-mac. Multiple static hosts may be configured with the same MAC address if each definition is distinguished by a unique IP address. The following rules apply to configuring static hosts using a MAC address:
Multiple static hosts can share the same MAC address.
Executing the host command with the same MAC address but a different IP address as an existing static host creates a new static host.
If a static host has a MAC address assigned, the IP address for the host is optional (depending on the features enabled on the SAP).
Optional parameter that specifies an existing subscriber identification profile to be associated with the static subscriber host. The subscriber identification profile is configured using the config>subscr-mgmt>sub-ident-policy context. The subscriber information is used by the VPRN SAP arp-reply-agent to determine the correct handling of received ARP requests from subscribers.
For VPRN SAPs with arp-reply-agent enabled with the optional sub-ident parameter, the static subscriber host sub-ident-string is used to determine whether an ARP request received on the SAP is sourced from a host belonging to the same subscriber as the destination host. When both the destination and source hosts from the ARP request are known on the SAP and the subscriber identifications do not match, the ARP request may be forwarded to the rest of the VPRN destinations.
If the static subscriber host sub-ident-string is not defined, the host is not considered to belong to the same subscriber as another host on the SAP.
If source or destination host is unknown, the hosts are not considered to belong to the same subscriber. ARP messages from unknown hosts are subject to anti-spoof filtering rules applied at the SAP.
If sub-ident is not enabled on the SAP arp-reply-agent, subscriber identification matching is not performed on ARP requests received on the SAP.
ARP requests are never forwarded back to the same SAP or within the receiving SAP split horizon group.
Optional parameter that specifies an existing subscriber profile name to be associated with the static subscriber host. The subscriber profile is configured in the config>subscr-mgmt>sub-profile context.
Optional parameter that specifies an existing SLA profile name to be associated with the static subscriber host. The SLA profile is configured in the config>subscr-mgmt>sla-profile context.
frame-relay
config>service>vprn>if>sap
Supported on all 7210 SAS platforms as described in this document
Commands in this context configure Frame Relay parameters on the SAP.
[no] frf-12
config>service>vprn>if>sap
Supported on all 7210 SAS platforms as described in this document
This command enables the use of FRF12 headers.
The no form of this command disables the use of FRF12 headers.
ete-fragment-threshold threshold
no ete-fragment-threshold
config>service>vprn>if>sap>frf-12
Supported on all 7210 SAS platforms as described in this document
This command specifies the maximum length of a fragment to be transmitted.
The no form of this command reverts to the default.
Specifies the maximum length of a fragment to be transmitted.
interleave
no interleave
config>service>vprn>if>sap>frame-relay>frf.12
Supported on all 7210 SAS platforms as described in this document
This command enables interleaving of high priority frames and low-priority frame fragments within a FR SAP using FRF.12 end-to-end fragmentation.
When this option is enabled, only frames of the FR SAP non-expedited forwarding class queues are subject to fragmentation. The frames of the FR SAP expedited queues are interleaved, with no fragmentation header among the fragmented frames. This provides behavior similar to MLPPP Link Fragment Interleaving (LFI).
When this option is disabled, frames of all the FR SAP forwarding class queues are subject to fragmentation. However, the fragmentation header is not included when the frame size is smaller than the user-configured fragmentation size. In this mode, the SAP transmits all fragments of a frame before sending the next full or fragmented frame.
The receive direction of the FR SAP supports both modes of operation concurrently, with and without fragment interleaving.
The no form of this command reverts to the default value.
no interleave
scheduling-class class-id
config>service>vprn>if>sap
Supported on all 7210 SAS platforms as described in this document
This command specifies the scheduling class to use for this SAP.
Specifies the scheduling class to use for this sap.