IP Router Command Reference

This command creates a text description stored in the configuration file for a configuration context.

The no form of the command removes the description string from the context.

The shutdown command administratively disables the entity. The operational state of the entity is disabled as well as the operational state of any entities contained within. When disabled, an entity does not change, reset, or remove any configuration settings or statistics. Many objects must be shut down before they may be deleted. Many entities must be explicitly enabled using the no shutdown command.

Unlike other commands and parameters where the default state is not indicated in the configuration file, shutdown and no shutdown are always indicated in system-generated configuration files.

The no form of the command puts an entity into the administratively enabled state.

This command enables the context to configure router parameters, interfaces, route policies, and protocols.

The router name refers to the router instance (in other commands, the router instance can be either router name or service ID). The 7705 SAR has two routing domains (instances).

The base routing domain includes all in-band IP traffic; that is, any IP packet arriving at the router over any IP interface (all services, all physical ports on the adapter cards). The routing table for the base instance is populated with these IP addresses.

The management routing domain is for out-of-band management traffic; that is, the Mgmt port on the CSM is being used for management traffic. In this case, the routing table for the management routing instance is populated.

This command creates an aggregate route.

Use this command to group a number of routes with common prefixes into a single entry in the routing table. This reduces the number of routes that need to be advertised by this router and reduces the number of routes in the routing tables of downstream routers.

Both the original components and the aggregated route (source protocol aggregate) are offered to the Routing Table Manager (RTM). Subsequent policies can be configured to assign protocol-specific characteristics, such as the OSPF tag, to aggregate routes.

Multiple entries with the same prefix but a different mask can be configured; routes are aggregated to the longest mask. If one aggregate is configured as 10.0/16 and another as 10.0.0/24, then route 10.0.128/17 would be aggregated into 10.0/16, and route 10.0.0.128/25 would be aggregated into 10.0.0/24. If multiple entries are made with the same prefix and the same mask, the previous entry is overwritten.

The no form of the command removes the aggregate.

The following adapter cards support the full IPv6 subnet range for IPv6 static routes:

For these cards, the supported route range for statically provisioned or dynamically learned routes is from /1 to /128.

For all other cards, modules, and ports (including the v-port on the 2-port 10GigE (Ethernet) module), the supported range for statically provisioned or dynamically learned routes is from /1 to /64 or is /128 (indicating a host route).

This command enables ECMP and configures the number of routes for path sharing; for example, the value 2 means two equal-cost routes will be used for cost sharing.

ECMP (Equal-Cost Multipath Protocol) refers to the distribution of packets over two or more outgoing links that share the same routing cost. ECMP provides a fast local reaction to route failures. ECMP is supported on static routes and dynamic (OSPF, IS-IS, and BGP) routes.

ECMP can only be used for routes with the same preference and same protocol. See the static-route command for information on preferences.

When more ECMP routes are available at the best preference than configured in max-ecmp-routes, then the lowest next-hop IP address algorithm is used to select the number of routes configured in max-ecmp-routes.

The no form of the command disables ECMP path sharing. If ECMP is disabled and multiple routes are available at the best preference and equal cost, the route with the lowest next-hop IP address is used.

The no form of the command disables ECMP path sharing.

This command allows or drops ICMP redirects received on the management interface.

This command configures the router ID for the router instance.

The router ID is used by OSPF and BGP in the routing table manager. IS-IS uses the router ID as its system ID. Refer to the 7705 SAR OS Routing Protocols Guide for information on OSPF, IS-IS, and BGP.

When configuring a new router ID, protocols are not automatically restarted with the new router ID. The next time a protocol is initialized, the new router ID is used. This can result in an interim period when different protocols use different router IDs.

To force the new router ID to be used, issue the shutdown and no shutdown commands for each protocol that uses the router ID, or restart the entire router.

The no form of the command reverts to the default value.

This command creates IPv4 and IPv6 static route entries for network routes. When configuring a static route, the next-hop or black-hole parameter must be configured.

The no form of the command deletes the static route entry. If a static route needs to be removed when multiple static routes exist to the same destination, as many parameters as necessary to uniquely identify the static route must be entered.

If the router name is management (see router), the static routes configured populate the routing table for the management routing instance. Up to 32 IPv4 and 32 IPv6 static routes can be configured for management traffic. This is in addition to the management routes configured using the bof>static-route command (refer to the 7705 SAR OS Basic System Configuration Guide, “BOF Command Reference”). The static routes are not added to the routing table until after the configuration file is executed in the application load.

The following adapter cards support the full IPv6 subnet range for IPv6 static routes:

For these cards, the supported route range for statically provisioned or dynamically learned routes is from /1 to /128.

For all other cards, modules, and ports (including the v-port on the 2-port 10GigE (Ethernet) module), the supported range for statically provisioned or dynamically learned routes is from /1 to /64 or is /128 (indicating a host route).

This command enables the context to configure local DHCP server parameters.

This command creates a local DHCP server instance. A local DHCP server can serve multiple interfaces but is limited to the routing context in which it was created.

The no form of the command removes the local DHCP server instance.

This command enables the sending of FORCERENEW messages. If the DHCP server sends a unicast FORCERENEW message to the client, upon receipt of the message, the client will change its state to the RENEW state and will then try to renew its lease according to normal DHCP procedures.

The no form of the command disables the use of FORCERENEW messages.

This command configures a DHCP address pool on the router.

The no form of the command deletes a configured IP address pool.

This command configures the maximum amount of time that a client can lease the IP address.

The no form of the command returns the value to the default.

This command configures the minimum amount of time that a client can lease the IP address.

The no form of the command returns the value to the default.

This command configures the time interval during which a DHCP offer is valid. If the client does not respond with a DHCP REQUEST within this interval, the lease is returned to the available lease pool.

The no form of the command returns the value to the default.

This command enables the context to configure pool options. If the same options are defined several times in different contexts, the options defined at the subnet level take precedence over those defined at the pool level; options defined at the pool level take precedence over those defined from a DHCP client request.

This command configures specific DHCP options. If the same options are defined several times in different contexts, the options defined at the subnet level take precedence over those defined at the pool level; options defined at the pool level take precedence over those defined from a DHCP client request.

The no form of the command removes the option from the configuration.

This command configures the IP address of the DNS servers.

This command configures the default domain for a DHCP client that the router uses to complete unqualified host names (without a dotted-decimal domain name).

The no form of the command removes the name from the configuration.

This command configures the time from the assignment of the IP address until the client transitions to a rebinding state.

The no form of the command removes the time from the configuration.

This command configures the time from the assignment of the IP address until the client transitions to a renew state.

The no form of the command removes the time from the configuration.

This command configures the time that the DHCP server grants permission to the DHCP client to use a particular IP address.

The no form of the command removes the lease time parameters from the configuration.

This command configures up to four Network Basic Input/Output System (NetBIOS) name server IP addresses.

The no form of this command removes the configuration.

This command configures the NetBIOS node type. The available types are:

The no form of this command removes the configuration.

This command creates a subnet of IP addresses to be served from the pool. The subnet cannot include any addresses that were assigned to subscribers; those addresses must be excluded. When the subnet is created, no IP addresses are made available until a range is defined.

The no form of this command removes the configuration.

This command configures a range of IP addresses to be served from the pool. All IP addresses between the start and end IP addresses will be included (other than specific excluded addresses).

The no form of this command removes the configuration.

This command configures a range of IP addresses to be excluded from this subnet’s pool of IP addresses.

The no form of the command removes the configuration.

This command configures the maximum number of addresses that the client can decline from the server due to the address being in use.

The no form of the command removes the configuration.

This command configures the minimum number of free addresses in this subnet. If the actual number of free addresses in this subnet falls below the configured minimum, a notification is generated.

The no form of the command removes the configuration.

This command configures the IP address of the default router for a DHCP client. Up to four IP addresses can be specified.

The no form of the command removes the address(es) from the configuration.

This command specifies the subnet mask option to the client. The mask can either be defined (for supernetting) or taken from the pool address.

The no form of the command removes the address from the configuration.

This command enables the use of gateway IP address (GIADDR) matching. If the gi-address flag is enabled, a pool can be used even if a subnet is not found.

A pool can include multiple subnets. Since the GIADDR is shared by multiple subnets in a subscriber interface, the pool may provide IP addresses from any of the subnets included when the GIADDR is matched to any of its subnets. This allows a pool to be created that represents a subnet.

The no form of the command disables GIADDR matching.

This command enables the use of the pool indicated by the DHCP client. When enabled, the IP address pool to be used by this server is the pool indicated by the vendor-specific suboption 13 of DHCP option 82. When disabled or if there is no suboption 13 in the DHCP message, the pool selection is specified by the value of the GIADDR.

The no form of the command disables the use of the pool indicated by the DHCP client.

This command creates a logical IP routing interface. When created, attributes like IP address, port, or system can be associated with the IP interface.

Interface names are case-sensitive and must be unique within the group of IP interfaces defined for config router interface. Interface names must not be in the dotted-decimal notation of an IP address and must begin with a letter; for example, the name “1.1.1.1” is not allowed, but “int-1.1.1.1” is allowed.

Show commands for router interfaces use either the interface names or the IP addresses. Ambiguity can exist if an IP address is used both as an IP address and an interface name. Duplicate interface names can exist in different router instances, although this is not recommended because it is confusing.

When a new name is entered, a new logical router interface is created. When an existing interface name is entered, the user enters the router interface context for editing and configuration.

Although not a keyword, the interface name “system” is associated with the network entity (such as a specific 7705 SAR), not a specific interface. The system interface is also referred to as the loopback address.

The no form of the command removes the IP interface and all the associated configurations. The interface must be administratively shut down before issuing the no interface command.

This command assigns an IP address and IP subnet to an IP interface or enables the interface to accept a dynamic IP address using DHCP. Only one IP address can be associated with an IP interface.

An IP address must be assigned to each IP interface. An IP address and a mask combine to create a local IP prefix. The defined IP prefix must be unique within the context of the routing instance. It cannot overlap with other existing IP prefixes defined as local subnets on other IP interfaces in the same routing context within the router.

The IP address for the interface can be entered in either CIDR (Classless Inter-Domain Routing) or traditional dotted-decimal notation. Show commands display CIDR notation and are stored in configuration files.

By default, no IP address or subnet association exists on an IP interface until it is explicitly created.

The no form of the command removes the IP address assignment from the IP interface. Interface- specific configurations for OSPF and MPLS/RSVP-TE are also removed. This will operationally stop any MPLS LSPs that explicitly reference that IP address.When a new IP address is defined, interface-specific configurations for OSPF and MPLS/RSVP-TE must be added again.

If dynamic IP address assignment is enabled (using the dhcp keyword), the DHCP client ID (Option 61) and vendor class ID (Option 60) can be configured as specified in RFC 2132.

This command enables the forwarding of directed broadcasts out of the IP interface.

A directed broadcast is a packet received on a local router interface destined for the subnet broadcast address of another IP interface. The allow-directed-broadcasts command on an IP interface enables or disables the transmission of packets destined for the subnet broadcast address of the egress IP interface.

When enabled, a frame destined for the local subnet on this IP interface is sent as a subnet broadcast out this interface.

Note: Allowing directed broadcasts is a well-known mechanism used for denial-of-service attacks.

By default, directed broadcasts are not allowed and are discarded at this egress IP interface.

The no form of the command disables directed broadcasts forwarding out of the IP interface.

This command specifies the length of time, in 100s of milliseconds, that the system waits before reissuing a failed ARP request.

The no form of the command resets the interval to the default value.

Note: The ARP retry default value of 5000 ms is intended to protect CPU cycles on the 7705 SAR, especially when it has a large number of interfaces. Configuring the ARP retry timer to a value shorter than the default should be done only on mission-critical links, such as uplinks or aggregate spoke SDPs transporting mobile traffic; otherwise, the retry interval should be left at the default value.

This command configures the minimum interval, in seconds, that an ARP entry learned on the IP interface is stored in the ARP table. ARP entries are automatically refreshed when an ARP request or gratuitous ARP is seen from an IP host. Otherwise, the ARP entry is aged from the ARP table. If the arp-timeout value is set to 0 s, ARP aging is disabled.

The no form of the command reverts to the default value.

Note: The 7705 SAR will attempt to refresh an ARP entry 30 s prior to its expiry. This refresh attempt occurs only if the ARP timeout is set to 45 s or more.

This command configures the time interval in which BFD control messages are transmitted and received on the interface. The multiplier parameter specifies the number of consecutive BFD messages that must be missed by the peer node before the BFD session closes and the upper layer protocols (OSPF, IS-IS, BGP, PIM) are notified of the fault.

This command configures IP ECMP Layer 4 load balancing at the interface level. Configuration must be done on the ingress network interface (that is, the interface on the node that the packet is received on). When enabled, Layer 4 source and destination port fields of incoming TCP/UDP packets are included in the hashing calculation to randomly determine which equal-cost path the packet will be sent to.

You can add additional fields to generate more randomness and more equal distribution of packets with the teid-load-balancing command.

The default configuration on the interface is to match the Layer 4 load balancing configuration in the config>system context. Using this command to modify Layer 4 load-balancing configuration on an interface overrides the system-wide load-balancing settings for that interface.

This command configures the IGP-LDP synchronization timer to enable synchronization of IGP and LDP and synchronization of static routes and LDP. This command is not supported on RIP interfaces.

When a link is restored after a failure, IGP sets the link cost to infinity and advertises it. The supported IGPs are OSPF and IS-IS. The value advertised in OSPF is 0xFFFF (65535). The value advertised in IS-IS regular metric is 0x3F (63) and in IS-IS wide-metric is 0xFFFFFE (16777214).  

After IGP advertises the link cost, the LDP hello adjacency is brought up with the neighbor. The LDP synchronization timer is started by IGP from the time the LDP session to the neighbor is up over the interface. This synchronization timer allows time for the label-FEC bindings to be exchanged.

When the LDP synchronization timer expires, the link cost is restored and is readvertised. IGP will announce a new best next-hop and LDP will use it if the label binding for the neighbor’s FEC is available.

The above behavior is similar for static routes. If the static route is enabled for ldp-sync (see static-route), the route is not enabled immediately after the interface to the next hop comes up. Routes are suppressed until the LDP adjacency with the neighbor comes up and the synchronization timer expires. The timer does not start until the LDP adjacency with the neighbor node is fully established. For static routes, the ldp-sync-timer function requires LDP to use the interface address, not the system address, as its transport address.

If the user changes the cost of an interface, the new value is advertised at the next flooding of link attributes by IGP. However, if the LDP synchronization timer is still running, the new cost value will only be advertised after the timer expires. Also, if the currently advertised cost is different, the new cost value will be advertised after the user executes any of the following commands:

Refer to the 7705 SAR OS OAM and Diagnostics Guide for the tools commands and to the 7705 SAR OS Routing Protocols Guide for the OSPF and IS-IS commands.

If the user changes the value of the LDP synchronization timer parameter, the new value will take effect at the next synchronization event. In other words, if the timer is still running, it will continue using the previous value.

If parallel links exist to the same neighbor,  the bindings and services should remain up as long as there is one interface that is up. However, the user-configured LDP synchronization timer still applies on the failed then restored interface. In this case, the 7705 SAR will only consider this interface for forwarding after IGP re-advertises its actual cost value.

The LDP Sync Timer State is not always synced across to the standby CSM; therefore, after an activity switch, the timer state might not be same as it was on the previously active CSM.

The no form of this command disables IGP-LDP synchronization and deletes the configuration.

Note: If the ldp-sync-timer value is configured on the interface but LDP is not running on the interface, the configuration will cause the IGP route cost to increase to the maximum value.

This command associates the interface with a local DHCP server configured on the system.

The no form of the command removes the association of the interface with the local DHCP server.

This command enables local proxy ARP on the interface.

Local proxy ARP allows the 7705 SAR to respond to ARP requests received on an interface for an IP address that is part of a subnet assigned to the interface. The router responds to all requests for IP addresses within the subnet with its own MAC address and forwards all traffic between the hosts in the subnet.

Local proxy ARP is used on subnets where hosts are prevented from communicating directly.

This command configures the interface as a loopback interface.

This command configures ECMP LSR load balancing at the interface level. Configuration must be done on the ingress network interface (that is, the interface on the LDP LSR node that the packet is received on). Hashing can be enabled on the IP header at an LSR to send labeled IP packets over multiple equal-cost paths in an LDP LSP.

When LSR load balancing is enabled, the default configuration is label-only (lbl-only) hashing.

Load-balancing configuration on an interface overrides the system-wide load-balancing settings for the interface.

This command enables or disables the receiving of SNTP broadcasts on the IP interface.

This parameter is only valid when the SNTP broadcast-client global parameter is configured.

The no form of the command disables SNTP broadcast received on the IP interface.

This command creates an association with a logical IP interface and a physical port.

An interface can also be associated with the system (loopback address).

The command returns an error if the interface is already associated with another port or the system. In this case, the association must be deleted before the command is reattempted.

The port name consists of the port-id (for T1/E1 interfaces and Ethernet interfaces) and an optional encapsulation value (for Ethernet interfaces). The port name can also be the bundle-id used for the multilink bundle (PPP or IMA). Refer to the 7705 SAR OS Interface Configuration Guide for information on configuring ports.

The no form of the command deletes the association with the port. The no form of this command can only be performed when the interface is administratively down.

This command enables proxy ARP on the interface and specifies an existing policy statement that controls the flow of routing information by analyzing match and action criteria. The policy statement is configured in the config>router>policy-options context (see Route Policy Options in the Route Policy Command Reference section). When proxy ARP is enabled, the 7705 SAR responds to ARP requests on behalf of another device.

This command associates a network Quality of Service (QoS) policy with an IP interface.

Only one network QoS policy can be associated with an IP interface at one time. Attempts to associate a second QoS policy return an error.

Packets are marked using QoS policies on edge devices. Invoking a QoS policy on a network port allows for the packets that match the policy criteria to be remarked.

The no form of the command removes the QoS policy association from the IP interface, and the QoS policy reverts to the default.

This command enables remote proxy ARP on the interface, allowing a router on one network to respond to ARP requests intended for another node that is physically located on another network. The router effectively pretends to be the destination node by sending an ARP response to the originating node that associates the router’s MAC address with the destination node’s IP address (acts as a proxy for the destination node). The router then takes responsibility for routing traffic to the real destination.

This command configures a static ARP entry associating an IP address with a MAC address for the core router instance. This static ARP appears in the core routing ARP table. A static ARP can only be configured if it exists on the network attached to the IP interface.

If an entry for a particular IP address already exists and a new MAC address is configured for the IP address, the existing MAC address is replaced by the new MAC address.

A router interface can only have one static ARP entry configured for it.

Static ARP is used when a 7705 SAR needs to know about a device on an interface that cannot or does not respond to ARP requests. Therefore, the 7705 SAR OS configuration can state that, if it has a packet that has a certain IP address, to send it to the corresponding ARP address.

The no form of the command removes a static ARP entry.

This command configures TEID load balancing at the interface level. Configuration must be done on the ingress network interface (that is, the interface on the node that the packet is received on). The TEID attribute is included in the header of GTP (general packet radio system tunneling protocol) packets. When TEID load balancing is enabled, the TEID field of incoming TCP/UDP packets is included in the hashing calculation to randomly determine which equal-cost path the packet will be sent to.

You can add additional fields to generate more randomness and more equal distribution of packets with the l4-load-balancing command.

This command enables the context to configure IPv6 parameters on a router interface.

IP version 6 (IPv6) addresses are supported on:

This command automatically generates an FE80:: link-local address.

The no form of the command disables IPv6 on the interface.

This command assigns an IPv6 address to the interface.

The following adapter cards support the full IPv6 subnet range for interface IP addresses:

For these cards, the supported interface IP address prefixes are from /4 to /127, and /128 on system or loopback interfaces.

For all other cards, modules, and ports (including the v-port on the 2-port 10GigE (Ethernet) module), the supported interface IP address prefixes are from /4 to /64, and /128 on system or loopback interfaces.

This command configures an IPv6-to-MAC address mapping on the interface. Use this command if a directly attached IPv6 node does not support ICMPv6 neighbor discovery or a static address must be used. This command can only be used on Ethernet interfaces. The ipv6-address must be on the subnet that was configured from the IPv6 address command or a link-local address.

This command enables the context to configure DHCP Relay Agent parameters.

This command configures the gateway interface address for the DHCP Relay Agent. By default, the GIADDR used in the relayed DHCP packet is the primary address of an interface.

This command enables DHCP Option 82 (Relay Agent Information Option) parameters processing and enters the context for configuring Option 82 suboptions.

The no form of this command returns the system to the default.

This command configures the processing required when the 7705 SAR receives a DHCP request that already has a Relay Agent Information Option (Option 82) field in the packet.

The no form of this command returns the system to the default value.

When enabled, the router sends the interface index (If Index) in the circuit-id suboption of the DHCP packet. The If Index of a router interface can be displayed using the show>router> interface>detail command. This option specifies data that must be unique to the router that is relaying the circuit.

If disabled, the circuit-id suboption of the DHCP packet will be left empty.

The no form of this command returns the system to the default.

This command copies the DHCP Option 82 into Option 43 (vendor-specific) on the DHCP offer destined for the DHCP client. This command is used in conjunction with the Auto-Discovery Protocol to allow the Auto-Discovery client node to learn about its network uplink.

The no form of this command returns the system to the default.

When enabled, the router sends the MAC address of the remote end (typically, the DHCP client) in the remote-id suboption of the DHCP packet. This command identifies the host at the other end of the circuit. If disabled, the remote-id suboption of the DHCP packet will be left empty.

The no form of this command returns the system to the default.

This command specifies a list of servers where requests will be forwarded. The list of servers can be entered as either IP addresses or fully qualified domain names. There must be at least one server specified for DHCP Relay to work. If there are multiple servers specified, then the request is forwarded to all of the servers in the list. There can be a maximum of eight DHCP servers configured.

This command enables access to the context to configure egress network filter policies for the IP interface.

If an egress filter policy is not defined, no filtering is performed.

This command enables access to the context to configure ingress network filter policies for the IP interface.

If an ingress filter policy is not defined, no filtering is performed.

This command sets the aggregate rate limits (PIR and CIR) for the VLAN bound to the network interface once a queue-policy has been assigned. The agg-rate sets the PIR value. The cir-rate sets the CIR value. On a third-generation (Gen-3) Ethernet adapter card, such as the 6-port Ethernet 10Gbps Adapter card, only the agg-rate can be set—setting the cir-rate is blocked. For information on adapter card generations, refer to the “Evolution of Ethernet Adapter Cards, Modules, and Platforms” section in the 7705 SAR OS Interface Configuration Guide.

The queue-policy command is used to enable and disable network egress per-VLAN shapers on a per-network-interface basis. If a queue policy has not been assigned, or if the no queue-policy command is issued, then the VLAN interface defaults to the unshaped mode and the aggregate rate limits are set to their default values. The agg-rate-limit command is only valid when the VLAN shaper is enabled.

Configuring the cir-rate is optional. If a cir-rate is not entered, then the cir-rate is set to its default value (0 kb/s). If a cir-rate has been set and the agg-rate is changed without re-entering the cir-rate, then the cir-rate automatically resets to 0 kb/s. For example, to change the agg-rate from 2000 to 1500 while maintaining a cir-rate of 500, use the command agg-rate-limit 1500 cir 500.

The no form of the command sets the agg-rate to the maximum and the cir-rate to 0 kb/s.

This command associates an IP filter policy with an IPv4 or IPv6 interface. IPv4 filters are supported on all ingress and egress network interfaces. IPv6 filters are supported on all Ethernet ingress and egress network interfaces (with null or dot1q encapsulation) and on ingress and egress interfaces on the 4-port OC3/STM1 Clear Channel Adapter card (with POS encapsulation).

Filter policies control packet forwarding and dropping based on IP match criteria.

The ip-filter-id or ipv6-filter-id must have been preconfigured before this filter command is executed. If the filter ID does not exist, an error occurs.

Only one filter ID can be specified.

The no form of the command removes the filter policy associated with the IP interface.

This command specifies the network queue policy that defines queue parameters such as CBS, MBS, CIR, and PIR rates, as well as forwarding class-to-queue mappings for the shaped VLAN queues. The network queue policy is defined in the config>qos>network-queue context. Refer to the 7705 SAR OS Quality of Service Guide, “Network Queue QoS Policies”, for more information.

The queue-policy command is used to enable and disable network egress per-VLAN shapers on a per-network-interface basis. If the VLAN shaper is enabled, then a set of network egress queues is created specifically for the interface, and traffic for that interface is handled by a per-VLAN shaper in the egress direction. If a queue policy has not been assigned, or if the no queue-policy command is issued, then the VLAN interface defaults to the unshaped mode and the agg-rate-limit is set to its default values. If the VLAN shaper is disabled for the interface, then the queues created for the interface are deleted, and traffic goes to the unshaped VLAN aggregate queues that are shared by all other interfaces (or VLANs).

The no form of this command reverts to the default.

This command enables access to the context to configure Internet Control Message Protocol (ICMP) parameters on a network IP interface. ICMP is a message control and error reporting protocol that also provides information relevant to IP packet processing.

This command enables or disables responses to ICMP mask requests on the router interface.

If a local node sends an ICMP mask request to the router interface, the mask-reply command configures the router interface to reply to the request.

The no form of the command disables replies to ICMP mask requests on the router interface.

This command enables the generation of ICMP Time To Live (TTL) expired messages and configures the rate that the messages are issued by the IP interface.

By default, generation of ICMP TTL expired messages is enabled at a maximum rate of 100 per 10-s time interval.

The no form of the command disables the generation of TTL expired messages.

This command enables the generation of ICMP host and network destination unreachable messages on the router interface. The rate at which ICMP unreachables is issued can be controlled with the optional number and seconds parameters by indicating the maximum number of destination unreachable messages that can be issued on the interface for a given time interval.

By default, generation of ICMP destination unreachables messages is enabled at a maximum rate of 100 per 10-s time interval.

The no form of the command disables the generation of ICMP destination unreachables on the router interface.

This command enables the context to configure ICMPv6 parameters on an interface.

This command enables the generation of ICMPv6 packet-too-big messages and configures the rate that the messages are issued by the IP interface.

The no form of the command disables the sending of ICMPv6 packet-too-big messages.

This command enables the generation of ICMPv6 param-problem messages and configures the rate that the messages are issued by the IP interface.

The no form of the command disables the sending of ICMPv6 param-problem messages.

This command enables the generation of ICMPv6 time-exceeded messages and configures the rate that the messages are issued by the IP interface.

The no form of the command disables the sending of ICMPv6 time-exceeded messages.

This command enables the generation of ICMPv6 host and network destination unreachable messages on the router interface. The rate at which ICMP unreachables is issued can be controlled with the optional number and seconds parameters by indicating the maximum number of destination unreachable messages that can be issued on the interface for a given time interval.

The no form of the command disables the generation of ICMPv6 destination unreachables on the router interface.

This command enables the context to configure router advertisement properties. By default, it is disabled for all IPv6-enabled interfaces.

The no form of the command disables router advertisement on all IPv6 interfaces.

This command configures router advertisement properties on a specified interface. The interface name must already exist in the config>router>interface context.

The no form of the command disables router advertisement on the specified router interface.

This command configures the current hop limit in the router advertisement messages. It informs the nodes on the subnet about the hop limit when originating IPv6 packets.

This command sets the managed address configuration flag. This flag indicates that DHCPv6 is available for address configuration in addition to any address autoconfigured using stateless address autoconfiguration. Refer to RFC 3315, Dynamic Host Configuration Protocol (DHCP) for IPv6.

This command configures the maximum interval between sending router advertisement messages.

This command configures the minimum interval between sending ICMPv6 router advertisement messages.

This command configures the MTU for the nodes to use when sending packets on the link.

The no form of the command means that the MTU option is not sent in the router advertisement messages.

This command sets the “Other configuration” flag. This flag indicates that DHCPv6lite is available for autoconfiguration of other (non-address) information such as DNS-related information or information on other servers in the network. See RFC 3736, Stateless Dynamic Host Configuration Protocol (DHCP) for IPv6.

This command configures an IPv6 prefix in the router advertisement messages. To support multiple IPv6 prefixes, use multiple prefix statements. No prefix is advertised until it is explicitly configured using prefix statements.

This command specifies whether the prefix can be used for stateless address autoconfiguration.

This command specifies whether the prefix can be used for onlink determination.

This command configures the remaining time, in seconds, that this prefix will continue to be preferred (time until deprecation). The address generated from a deprecated prefix should not be used as a source address in new communications. However, packets received on such an interface are processed as expected.

This command specifies the length of time, in seconds, that the prefix is valid for the purpose of onlink determination. The address generated from an invalidated prefix should not appear as the destination or source address of a packet.

This command configures how long the router should be considered reachable by other nodes on the link after receiving a reachability confirmation.

This command configures the retransmission frequency of neighbor solicitation messages.

This command configures the router lifetime.

This command creates or specifies a security zone within a router context. Each zone must have a unique ID.

All zones must be explicitly created with the create keyword. If no zones are created within a service or a router context, a zone will not exist on that object.

Enter an existing zone without the create keyword to edit zone parameters.

The operational state of a zone is relative to the operational state of the port on which the zone is defined.

The no form of this command deletes the zone with the specified port. When a zone is deleted, all configuration parameters for the zone are also deleted.

This command discards changes made to a security feature.

This command enters the mode to create or edit security features.

This command saves changes made to security features.

This command creates a logical IP routing interface for a zone. Once created, attributes such as an IP address can be associated with the IP interface. Multiple interfaces can be configured on a zone.

The no form of this command removes the IP interface and all the associated configurations.

This command configures a zone name. The zone name is unique within the system. It can be used to refer to the zone under configure, show, and clear commands.

The no form of the command removes the name.

This command enters the context to configure NAT parameters for a zone.

This command configures the NAT pool for a security zone. Each pool must have a unique ID.

All pools must be explicitly created with the create keyword.

Enter an existing pool without the create keyword to edit pool parameters.

The no form of this command deletes the specified NAT pool. When a pool is deleted, all configuration parameters for the pool will also be deleted.

This command configures the NAT pool direction for the security zone. A specific NAT pool can be configured for different directions while using the same policy. For example, if the security policy entry direction is set to both, separate inbound and outbound pools can be created for that policy.

This command configures a NAT pool entry.

The no form of this command deletes the entry with the specified ID. When an entry is deleted, all configuration parameters for the entry will also be deleted.

This command configures a zone pool name. Pool names must be unique within the group of pools defined for a zone. It can be used to refer to the pool under configure, show, and clear commands.

The no form of the command removes the name.

This command configures the source IP address or IP address range to which packets that match NAT policy are routed using NAT. An interface can also be configured, in which case all packets that match NAT policy are routed to the interface IP address. If the interface IP address is changed dynamically, NAT is updated accordingly. Only one IP address can be associated with an IP interface. Source IP addresses and interfaces cannot be used together in a single NAT pool.

The IP address for the interface must be entered in dotted-decimal notation. The maximum IP address range limit is 255.

The no form of the command removes the IP address assignment. The no form of this command can only be performed when the IP interface is administratively shut down. Shutting down the IP interface brings the interface operationally down.

This command configures the UDP/TCP port or port range. Packets that match NAT policy undergo network port address translation (NPAT) and are routed to their source UDP/TCP port. Configuring a UDP/TCP port pool requires an IP-address pool because the 7705 SAR does not support port address translation (PAT) alone.

The no form of this command deletes the port or port range.

This command sets the policy to be used by the security zone to build its NAT matching criteria for incoming packets.

The no form of this command deletes the specified policy.