IES Command Reference

Command Hierarchies

Configuration Commands

IES Management Configuration Commands

config
— service
ies service-id [customer customer-id] [create] [vpn vpn-id]
— no ies service-id
description description-string
interface ip-int-name [create]
— no interface ip-int-name
address {ip-address/mask | ip-address netmask}
— no address
bfd transmit-interval [receive receive-interval] [multiplier multiplier] [type np]
— no bfd
description description-string
ip-mtu octets
— no ip-mtu
sap sap-id [create]
— no sap sap-id
atm
encapsulation atm-encap-type
egress
traffic-desc traffic-desc-profile-id
traffic-desc traffic-desc-profile-id
oam
[no] alarm-cells
description description-string
filter ip ip-filter-id
— no filter ip
— no filter ip [ip ip-filter-id]
[no] shutdown
[no] shutdown
service-name service-name
[no] shutdown

IES Service Configuration Commands

config
— service
ies service-id [customer customer-id] [create] [vpn vpn-id]
description description-string
[no] interface ip-int-name [create]
address {ip-address/mask | ip-address netmask} [broadcast {all-ones | host-ones}]
— no address {ip-address/mask | ip-address netmask}
arp-retry-timer ms-timer
arp-timeout seconds
bfd transmit-interval [receive receive-interval] [multiplier multiplier] [type np]
— no bfd
description description-string
dhcp
description description-string
gi-address ip-address [src-ip-addr]
— no gi-address
[no] option
action {replace | drop | keep}
— no action
circuit-id [ascii-tuple | ifindex | sap-id | vlan-ascii-tuple]
— no circuit-id
remote-id [mac | string string]
— no remote-id
[no] sap-id
[no] service-id
string text
— no string
[no] system-id
server server1 [server2...(up to 8 max)]
— no server
[no] shutdown
[no] trusted
icmp
[no] mask-reply
ttl-expired [number seconds]
unreachables [number seconds]
ip-mtu octets
— no ip-mtu
[no] ipcp
dns ip-address [secondary ip-address]
dns secondary ip-address
— no dns [ip-address] [secondary ip-address]
peer-ip-address ip-address
[no] ipv6
address ipv6-address/prefix-length [eui-64]
— no address ipv6-address/prefix-length
[no] dhcp6-relay
description description-string
[no] description
[no] option
interface-id ascii-tuple
interface-id ifindex
interface-id sap-id
interface-id string
[no] remote-id
server ipv6-address [ipv6-address...(up to 8 max)]
— no server ipv6-address [ipv6-address...(up to 8 max)]
[no] shutdown
icmp6
packet-too-big [number seconds]
param-problem [number seconds]
time-exceeded [number seconds]
— no time-exceeded [number seconds]
unreachables [number seconds]
neighbor ipv6-address mac-address
— no neighbor ipv6-address
reachable-time seconds
stale-time seconds
l4-load-balancing {includeL4 | excludeL4}
[no] local-dhcp-server local-server-name
[no] local-proxy-arp
[no] loopback
[no] mac ieee-address
proxy-arp-policy policy-name [policy-name...(up to 5 max)]
[no] sap sap-id [create]
accounting-policy acct-policy-id
— no accounting-policy [acct-policy-id]
[no] collect-stats
description description-string
egress
agg-rate-limit agg-rate [cir cir-rate]
filter ip ip-filter-id
filter ipv6 ipv6-filter-id
— no filter [ip ip-filter-id | ipv6 ipv6-filter-id]
qos policy-id
— no qos
scheduler-mode {4-priority | 16-priority}
[no] shaper-group shaper-group-name [create]
agg-rate-limit agg-rate [cir cir-rate]
filter ip ip-filter-id
filter ipv6 ipv6-filter-id
— no filter [ip ip-filter-id | ipv6 ipv6-filter-id]
match-qinq-dot1p {top | bottom}
qos policy-id
— no qos
scheduler-mode {4-priority | 16-priority}
[no] shaper-group shaper-group-name [create]
[no] shutdown
secondary {ip-address/mask | ip-address netmask} [broadcast all-ones | host-ones] [igp-inhibit]
— no secondary {ip-address/mask | ip-address netmask}
[no] shutdown
spoke-sdp sdp-id:vc-id [create]
— no spoke-sdp sdp-id:vc-id
egress
vc-label egress-vc-label
— no [egress-vc-label]
filter ip ip-filter-id
— no filter
vc-label ingress-vc-label
— no vc-label [ingress-vc-label]
[no] shutdown
static-arp ip-address ieee-address
— no static-arp ip-address [ieee-address]
static-arp ieee-address unnumbered
— no static-arp [ieee-address] unnumbered
unnumbered {ip-int-name | ip-address}
— no unnumbered
service-name service-name
[no] shutdown

Routed VPLS Commands

config
— service
ies service-id
interface ip-interface-name [create]
— no interface ip-interface-name
vpls service-name
— no vpls
ingress
v4-routed-override-filter ipv4-filter-id
v6-routed-override-filter ipv6-filter-id

VRRP Commands

config
— service
ies service-id [customer customer-id] [create] [vpn vpn-id]
[no] interface ip-int-name
[no] ipv6
vrrp virtual-router-id [owner]
— no vrrp virtual-router-id
[no] backup ip-address
init-delay seconds
— no init-delay
mac mac-address
— no mac
message-interval {[seconds] [milliseconds milliseconds]}
[no] ping-reply
policy vrrp-policy-id
— no policy
[no] preempt
priority base-priority
— no priority
[no] shutdown
[no] telnet-reply
vrrp virtual-router-id [owner]
— no vrrp virtual-router-id
authentication-key [authentication-key | hash-key] [hash | hash2]
[no] backup ip-address
[no] bfd-enable [base | service-id ] interface interface-name dst-ip ip-address
init-delay seconds
— no init-delay
mac ieee-address
— no mac
message-interval {[seconds] [milliseconds milliseconds]}
[no] ping-reply
policy vrrp-policy-id
— no policy
[no] preempt
priority priority
— no priority
[no] shutdown
[no] ssh-reply
[no] telnet-reply

IES Security Zone Configuration Commands

config
— service
ies service-id [customer customer-id] [create]
— no ies service-id
zone {zone-id | zone-name} [create]
— no zone {zone-id | zone-name}
abort
begin
commit
description description-string
limit
concurrent-sessions {tcp | udp | icmp | other} sessions
— no concurrent-sessions {tcp | udp | icmp | other}
[no] interface interface-name
[no] shutdown
log {log-id | name}
— no log
name zone-name
— no name
nat
pool pool-id [create]
— no pool pool-id
description description-string
direction {zone-outbound | zone-inbound | both}
— no direction
entry entry-id [create]
— no entry entry-id
ip-address ip-address [to ip-address] interface ip-int-name
— no ip-address
port port [to port]
— no port
name pool-name
— no name
limit
concurrent-sessions {tcp | udp | icmp | other} sessions
— no concurrent-sessions {tcp | udp | icmp | other}
policy {policy-id | policy-name}
— no policy
[no] shutdown

Show Commands

show
— service
customer [customer-id]
egress-label start-label [end-label]
id service-id
all
arp [ip-address] | [mac ieee-address] | [sap sap-id] | [interface ip-int-name]
base
dhcp
statistics [interface interface-name | ip-address]
summary [interface interface-name | saps]
interface [{[ip-address | ip-int-name] [interface-type] [detail] [family]} | summary]
sap [sap-id] [detail]
ingress-label start-label [end-label]
sap-using [sap sap-id]
sap-using interface [ip-address | ip-int-name]
sap-using description
sap-using [ingress | egress] atm-td-profile td-profile-id
sap-using [ingress | egress] scheduler-mode {4-priority | 16-priority}
sap-using [ingress] filter filter-id
sap-using [ingress | egress] qos-policy qos-policy-id
service-using [ies] [customer customer-id]

Clear Commands

clear
— service
id service-id
dhcp
statistics [ip-int-name | ip-address]
dhcp6
statistics [ip-int-name | ip-address]

Debug Commands

debug
— service
id service-id

Command Descriptions

IES Management Configuration Commands

Generic Commands

description

Syntax 
description description-string
no description
Context 
config>service>ies
config>service>ies>interface
config>service>ies>if>dhcp
config>service>ies>if>ipv6>dhcp6-relay
config>service>ies>if>sap
config>service>ies>zone
config>service>ies>zone>nat>pool
Description 

This command creates a text description stored in the configuration file for a configuration context.

The no form of this command removes the string from the context.

The dhcp and dhcp6-relay commands do not apply to IES when used for in-band management.

Parameters 
description-string—
the description character string. Allowed values are any string up to 80 printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes.

shutdown

Syntax 
[no] shutdown
Context 
config>service>ies
config>service>ies>interface
config>service>ies>if>dhcp
config>service>ies>if>ipv6>dhcp6-relay
config>service>ies>if>sap
config>service>ies>if>vrrp
config>service>ies>if>ipv6>vrrp
Description 

This command administratively disables an entity. The operational state of the entity is disabled as well as the operational state of any entities contained within. When disabled, an entity does not change, reset, or remove any configuration settings or statistics. Many objects must be shut down before they may be deleted. Many entities must be explicitly enabled using the no shutdown command.

The no form of this command places the entity into an administratively enabled state.

The dhcp and dhcp6-relay commands do not apply to IES when used for in-band management.

Services are created in the administratively down (shutdown) state. When a no shutdown command is entered, the service becomes administratively up and tries to enter the operationally up state. Default administrative states for services and service entities are described in the following Special Cases.

Special Cases 
IES—
the default administrative status of an IES service is down. While the service is down, its associated interface is operationally down.

For example, if:

1) An IES service is operational and its associated interface is shut down

2) The IES service is administratively shut down and brought back up

3) The interface that is shut down remains in the administrative shutdown state

A service is regarded as operational provided that one IP interface is operational.

IES IP Interfaces—
when the IP interface is shut down, it enters the administratively and operationally down states. For a SAP bound to the IP interface, no packets are transmitted out of the SAP and all packets received on the SAP are dropped and the packet discard counter is incremented.

IES Global Commands

ies

Syntax 
ies service-id [customer customer-id] [create] [vpn vpn-id]
no ies service-id
Context 
config>service
Description 

This command enables Internet Enhanced Service (IES). On the 7705 SAR, IES is used for direct IP connectivity between customer access points as well as in-band management of the 7705 SAR over ATM links.

The no form of this command deletes the IES service instance with the specified service-id.

The service cannot be deleted until all the IP interfaces defined within the service ID have been shut down and deleted.

Parameters 
service-id—
uniquely identifies a service in the service domain. This ID must be unique to this service and may not be used for any other service of any type. The service-id must be the same number or name used for every 7705 SAR on which this service is defined.
Values—
1 to 2147483647 or service-name
customer-id
specifies the customer ID number to be associated with the service. This parameter is required on service creation and is optional for service editing or deleting.
Values—
1 to 2147483647
vpn-id—
specifies the VPN ID number, which allows you to identify virtual private networks (VPNs) by a VPN identification number. If this parameter is not specified, the VPN ID uses the service ID number. This parameter is not the same as the VRF ID used with VPRN services.
Values—
1 to 2147483647

service-name

Syntax 
service-name service-name
no service-name
Context 
config>service>ies
Description 

This command configures a service name that can be used in other configuration commands and show commands that reference the service.

Parameters 
service-name—
up to 64 characters

IES Management Interface Commands

interface

Syntax 
interface ip-int-name [create]
no interface ip-int-name
Context 
config>service>ies
Description 

This command creates a logical IP routing interface for an Internet Enhanced Service (IES). Once created, attributes like an IP address and service access point (SAP) can be associated with the IP interface.

The interface command, under the context of services, creates and maintains IP routing interfaces within IES service IDs. The interface command can be executed in the context of an IES service ID. Two SAPs can be assigned to a single group interface.

Interface names are case-sensitive and must be unique within the group of IP interfaces defined for config router interface and config service ies interface (that is, the network core router instance). Interface names cannot be in the dotted-decimal notation of an IP address. For example, the name “1.1.1.1” is not allowed, but “int-1.1.1.1” is allowed. Show commands for router interfaces use either interface names or the IP addresses. Use unique IP address values and IP address names to maintain clarity. It could be unclear to the user if the same IP address and IP address name values are used. Although not recommended, duplicate interface names can exist in different router instances.

When a new name is entered, a new logical router interface is created. When an existing interface name is entered, the user enters the router interface context for editing and configuration.

There are no default IP interface names defined within the system. All IES IP interfaces must be explicitly defined. Interfaces are created in an enabled state.

The no form of this command removes the IP interface and all the associated configurations. The interface must be administratively shut down before issuing the no interface command. The IP interface must be shut down before the SAP on that interface can be removed.

Default 

no interface

Parameters 
ip-int-name—
the name of the IP interface. Interface names must be unique within the group of IP interfaces defined for the network core router instance. An interface name cannot be in the form of an IP address. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes.
Values—
1 to 32 characters (must start with a letter)
If the ip-int-name already exists, the context is changed to maintain that IP interface. If the ip-int-name already exists as an IP interface defined within the config router command, an error will occur and the context will not be changed to that IP interface. If the ip-int-name does not exist, the interface is created and the context is changed to that interface for further command processing.

address

Syntax 
address {ip-address/mask | ip-address netmask}
no address
Context 
config>service>ies>interface
Description 

This command assigns an IP address and IP subnet to an IES IP interface. Only one IP address can be associated with an IP interface.

An IP address must be assigned to each IP interface. An IP address and a mask combine to create a local IP prefix. The defined IP prefix must be unique within the context of the routing instance. The IP prefix cannot overlap with other existing IP prefixes defined as local subnets on other IP interfaces in the same routing context within the 7705 SAR.

The IP address for the interface can be entered in either CIDR (classless inter-domain routing) notation or traditional dotted-decimal notation. Show commands display CIDR notation and are stored in configuration files.

By default, no IP address or subnet association exists on an IP interface until it is explicitly created.

The no form of the command removes the IP address assignment from the IP interface. The no form of this command can only be performed when the IP interface is administratively shut down. Shutting down the IP interface brings the interface operationally down.

Default 

no address

Parameters 
ip-address—
the IP address of the IP interface. The ip-address portion of the address command specifies the IP host address that will be used by the IP interface within the subnet. This address must be unique within the subnet and specified in dotted-decimal notation.
Values—
1.0.0.0 to 223.255.255.255
/—
the forward slash is a parameter delimiter that separates the ip-address portion of the IP address from the mask that defines the scope of the local subnet. No spaces are allowed between the ip-address, the “/”, and the mask parameter. If a forward slash does not immediately follow the ip-address, a dotted-decimal mask must follow the prefix.
mask—
the subnet mask length when the IP prefix is specified in CIDR notation. When the IP prefix is specified in CIDR notation, a forward slash (/) separates the ip-address from the mask parameter. The mask parameter indicates the number of bits used for the network portion of the IP address; the remainder of the IP address determines the host portion of the IP address.
Values—
1 to 32 (mask length of 32 is reserved for system IP addresses)
netmask—
the subnet mask in dotted-decimal notation
Values—
0.0.0.0 to 255.255.255.255 (network bits all 1 and host bits all 0)

bfd

Syntax 
bfd transmit-interval [receive receive-interval] [multiplier multiplier] [type np]
no bfd
Context 
config>service>ies>interface
config>service>ies>if>ipv6
Description 

This command configures the time interval in which BFD control messages are transmitted and received on the interface. The multiplier parameter specifies the number of consecutive BFD messages that must be missed by the peer node before the BFD session closes and the upper layer protocols (OSPF, IS-IS, BGP, PIM) are notified of the fault.

Default 

no bfd

Parameters 
transmit-interval—
the number of milliseconds between consecutive BFD sent messages
Values—
10 to 100000
Values—
100
receive-interval—
the number of milliseconds between consecutive BFD received messages
Values—
10 to 100000
Values—
100
multiplier—
the number of consecutive BFD messages that must be missed before the interface is brought down
Values—
3 to 20
Values—
3
type np—
controls the value range of the transmit-interval and receive-interval parameters. If the type np option is not specified, the range of the transmit-interval and receive-interval parameter values is from 100 ms to 100000 ms. If the type np option is specified, the range of the transmit-interval and receive-interval parameter values is from 10 ms to 1000 ms, with the restriction that the maximum receiving detection time for the missing BFD packets must be less than or equal to 3000 ms. The maximum receiving detection time is the receive-interval parameter multiplied by the multiplier parameter.
Note:

The BFD session must be disabled before the type np parameter can be changed.

ip-mtu

Syntax 
ip-mtu octets
no ip-mtu
Context 
config>service>ies>interface
Description 

This command configures the IP maximum transmit unit (packet size) for this interface.

The no form of the command returns the default value.

Parameters 
octets —
the MTU for the interface
Values—
512 to 2048

IES Management SAP Commands

sap

Syntax 
sap sap-id [create]
no sap sap-id
Context 
config>service>ies>interface
Description 

This command creates a SAP within an IES service. Each SAP must be unique.

All SAPs must be explicitly created with the create keyword. If no SAPs are created within a service or on an IP interface, a SAP will not exist on that object.

Enter an existing SAP without the create keyword to edit SAP parameters.

A SAP can only be associated with a single service. The SAP is owned by the service in which it was created. An IES SAP can only be defined on an ATM port or IMA group that has been configured as an access port in the config>port port-id context using the mode access command. Fractional TDM ports are always access ports. Refer to the 7705 SAR OS Interface Configuration Guide for information on access ports.

If a port is shut down, all SAPs on that port become operationally down. When a service is shut down, SAPs for the service are not displayed as operationally down although all traffic traversing the service will be discarded. The operational state of a SAP is relative to the operational state of the port on which the SAP is defined.

The no form of this command deletes the SAP with the specified port. When a SAP is deleted, all configuration parameters for the SAP will also be deleted.

Default 

no sap

Parameters 
sap-id—
specifies the physical port identifier portion of the SAP definition. See Table 39 for a full list of SAP IDs.
create—
keyword used to create a SAP instance. The create keyword requirement can be enabled/disabled in the environment>create context.

ingress

Syntax 
ingress
Context 
config>service>ies>if>sap
Description 

This command enables access to the context to associate ingress filter policies with the SAP.

If an ingress filter is not defined, no filtering is performed.

filter ip

Syntax 
filter ip ip-filter-id
no filter
no filter [ip ip-filter-id]
Context 
config>service>ies>if>sap>ingress
Description 

This command associates an IP filter policy with an ingress SAP. Filter policies control the forwarding and dropping of packets based on the IP match criteria. Only one filter ID can be specified.

The filter policy must already be defined before the filter command is executed. If the filter policy does not exist, the operation fails and an error message is returned. Filters applied to the ingress SAP apply to all IP packets on the SAP.

The no form of this command removes any configured filter ID association with the SAP.

Default 

no filter

Parameters 
ip-filter-id—
specifies the IP filter policy. The filter ID or filter name must already exist within the created IP filters.
Values—
1 to 65535 or filter-name (up to 64 characters)
Note:

For information on configuring IP filter IDs, refer to the 7705 SAR OS Router Configuration Guide, “Filter Policies”.

atm

Syntax 
atm
Context 
config>service>ies>if>sap
Description 

This command enables access to the context to configure ATM-related attributes. This command can only be used when a given context (for example, a channel or SAP) supports ATM functionality such as:

  1. configuring ATM port or ATM port-related functionality on T1/E1 ASAP Adapter cards on a 7705 SAR-8 or 7705 SAR-18, or on T1/E1 ports on a 7705 SAR-M (variants with T1/E1 ports)
  2. configuring ATM-related configuration for ATM-based SAPs that exist on T1/E1 ASAP Adapter cards or T1/E1 ports on a 7705 SAR-8 or 7705 SAR-18, or on T1/E1 ports on a 7705 SAR-M (variants with T1/E1 ports)

If ATM functionality is not supported for a given context, the command returns an error.

encapsulation

Syntax 
encapsulation atm-encap-type
Context 
config>service>ies>if>sap>atm
Description 

This command configures an ATM VC SAP for encapsulation in accordance with RFC 2684, Multiprotocol Encapsulation over ATM Adaptation Layer 5. This command is only supported in the IP over ATM management context.

The only supported encapsulation type is aal5mux-ip.

Ingress traffic that does not match the configured encapsulation is dropped.

Default 

aal5mux-ip

Parameters 
atm-encap-type—
aal5mux-ip (routed IP encapsulation for a VC multiplexed circuit as defined in RFC 2684)

egress

Syntax 
egress
Context 
config>service>ies>if>sap>atm
Description 

This command provides access to the context to configure egress ATM traffic policies for the SAP.

ingress

Syntax 
ingress
Context 
config>service>ies>if>sap>atm
Description 

This command provides access to the context to configure ingress ATM traffic policies for the SAP.

traffic-desc

Syntax 
traffic-desc traffic-desc-profile-id
no traffic-desc
Context 
config>service>ies>if>sap>atm>egress
config>service>ies>if>sap>atm>ingress
Description 

This command assigns an ATM traffic descriptor profile to an egress or ingress SAP.

When configured under the ingress context, the specified traffic descriptor profile defines the traffic contract in the forward direction.

When configured under the egress context, the specified traffic descriptor profile defines the traffic contract in the backward direction.

Note:

Proper configuration of the traffic descriptor profiles is essential for proper operation of the IES SAP. If no profile is assigned, the default UBR service category is assumed. All IES 7705 SAR traffic is scheduled; no shaping is supported in this mode. To ensure that IP traffic transported over the IES SAP is prioritized fairly, ATM layer traffic descriptors should be assigned.

The no form of the command reverts to the default traffic descriptor profile.

Default 

The default traffic descriptor (trafficDescProfileId. = 1) is associated with newly created ATM VC SAPs.

Parameters 
traffic-desc-profile-id—
specifies a defined traffic descriptor profile (for information on defining traffic descriptor profiles, see the 7705 SAR OS Quality of Service Guide)
Values—
1 to 1000

oam

Syntax 
oam
Context 
config>service>ies>if>sap>atm
Description 

This command enables the context to configure OAM functionality for an IES SAP.

The T1/E1 ASAP Adapter cards support F4 and F5 end-to-end OAM functionality (AIS, RDI, Loopback).

alarm-cells

Syntax 
[no] alarm-cells
Context 
config>service>ies>if>sap>atm>oam
Description 

This command configures AIS/RDI fault management on a PVCC. Fault management allows PVCC terminations to monitor and report the status of their connection by propagating fault information through the network and by driving the PVCC operational status.

Layer 2 OAM AIS/RDI cells that are received on the IES SAP will cause the IP interface to be disabled.

The no command disables alarm-cells functionality for the SAP. When alarm-cells functionality is disabled, OAM cells are not generated as result of the SAP going into the operationally down state.

Default 

enabled

IES Service Configuration Commands

IES Service Interface Commands

interface

Syntax 
[no] interface ip-int-name [create]
Context 
config>service>ies
Description 

This command creates a logical IP routing interface for Internet Enhanced Service (IES). When created, attributes like an IP address and service access point (SAP) can be associated with the IP interface.

The interface command, under the context of services, creates and maintains IP routing interfaces within IES service IDs. The interface command can be executed in the context of an IES service ID. The IP interface created is associated with the service core network routing instance and the default routing table. Two SAPs can be assigned to a single group interface.

Interface names are case-sensitive and must be unique within the group of IP interfaces defined for config router interface and config service ies interface (that is, the network core router instance). Interface names cannot be in the dotted-decimal format of an IP address. For example, the name “1.1.1.1” is not allowed, but “int-1.1.1.1” is allowed. Show commands for router interfaces use either interface names or the IP addresses. Use unique IP address values and IP address names to maintain clarity. It could be unclear to the user if the same IP address and IP address name values are used. Although not recommended, duplicate interface names can exist in different router instances.

When a new name is entered, a new logical router interface is created. When an existing interface name is entered, the user enters the router interface context for editing and configuration.

There are no default IP interface names defined within the system. All IES IP interfaces must be explicitly defined. Interfaces are created in an enabled state.

The no form of this command removes the IP interface and all the associated configurations. The interface must be administratively shut down before issuing the no interface command. The IP interface must be shut down before the SAP on that interface can be removed.

Default 

no interface

Parameters 
ip-int-name—
the name of the IP interface. Interface names must be unique within the group of IP interfaces defined for the network core router instance. An interface name cannot be in the form of an IP address. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes.
Values—
1 to 32 characters (must start with a letter)
If the ip-int-name already exists, the context is changed to maintain that IP interface. If the ip-int-name already exists as an IP interface defined within the config router command, an error will occur and the context will not be changed to that IP interface. If the ip-int-name does not exist, the interface is created and the context is changed to that interface for further command processing.

address

Syntax 
address {ip-address/mask | ip-address netmask} [broadcast {all-ones | host-ones}]
no address {ip-address/mask | ip-address netmask}
Context 
config>service>ies>interface
Description 

This command assigns an IP address, IP subnet, and broadcast address format to an IES IP interface.

An IP address must be assigned to each IES IP interface. An IP address and a mask combine to create a local IP prefix. The defined IP prefix must be unique within the context of the routing instance. The IP prefix cannot overlap with other existing IP prefixes defined as local subnets on other IP interfaces in the same routing context within the 7705 SAR.

The IP address for the interface can be entered in either CIDR (classless inter-domain routing) notation or traditional dotted-decimal notation. Show commands display CIDR notation and are stored in configuration files.

By default, no IP address or subnet association exists on an IP interface until it is explicitly created.

The no form of the command removes the IP address assignment from the IP interface. The no form of this command can only be performed when the IP interface is administratively shut down. Shutting down the IP interface brings the interface operationally down.

Default 

no address

Parameters 
ip-address—
the IP address of the IP interface. The ip-address portion of the address command specifies the IP host address that will be used by the IP interface within the subnet. This address must be unique within the subnet and specified in dotted-decimal notation.
Values—
1.0.0.0 to 223.255.255.255
/—
the forward slash is a parameter delimiter that separates the ip-address portion of the IP address from the mask that defines the scope of the local subnet. No spaces are allowed between the ip-address, the “/”, and the mask parameter. If a forward slash does not immediately follow the ip-address, a dotted-decimal mask must follow the prefix.
mask—
the subnet mask length when the IP prefix is specified in CIDR notation. When the IP prefix is specified in CIDR notation, a forward slash (/) separates the ip-address from the mask parameter. The mask parameter indicates the number of bits used for the network portion of the IP address; the remainder of the IP address determines the host portion of the IP address.
Values—
1 to 32 (mask length of 32 is reserved for system IP addresses)
netmask—
the subnet mask in dotted-decimal notation
Values—
0.0.0.0 to 255.255.255.255 (network bits all 1 and host bits all 0)
broadcast—
overrides the default broadcast address used by the IP interface when sourcing IP broadcasts on the IP interface. If no broadcast format is specified for the IP address, the default value is host-ones, which indicates a subnet broadcast address. Use this parameter to change the broadcast address to all-ones or revert back to the default broadcast address of host-ones.

The broadcast format on an IP interface can be specified when the IP address is assigned or changed.

This parameter does not affect the type of broadcasts that can be received by the IP interface. A host sending either the local broadcast (all-ones) or the valid subnet broadcast address (host-ones) will be received by the IP interface.

all-ones—
specifies that the broadcast address used by the IP interface for this IP address is 255.255.255.255 (also known as the local broadcast)
host-ones—
specifies that the broadcast address used by the IP interface for this IP address is the subnet broadcast address. This is an IP address that corresponds to the local subnet described by the IP address and mask with all host bits set to 1. This IP address is the default broadcast address used by an IP interface.

allow-directed broadcasts

Syntax 
[no] allow-directed broadcasts
Context 
config>service>ies>interface
Description 

This command enables the forwarding of directed broadcasts out of the IP interface.

A directed broadcast is a packet received on a local router interface destined for the subnet broadcast address of another IP interface. The allow-directed-broadcasts command on an IP interface enables or disables the transmission of packets destined for the subnet broadcast address of the egress IP interface.

When enabled, a frame destined for the local subnet on this IP interface is sent as a subnet broadcast out this interface.

Note:

Allowing directed broadcasts is a well-known mechanism used for denial-of-service attacks.

By default, directed broadcasts are not allowed and are discarded at this egress IP interface.

The no form of the command disables directed broadcasts forwarding out of the IP interface.

Default 

no allow-directed broadcasts

arp-retry-timer

Syntax 
arp-retry-timer ms-timer
no arp-retry-timer
Context 
config>service>ies>interface
Description 

This command specifies the length of time, in 100s of milliseconds, that the system waits before reissuing a failed ARP request.

The no form of the command resets the interval to the default value.

Note:

The ARP retry default value of 5000 ms is intended to protect CPU cycles on the 7705 SAR, especially when it has a large number of interfaces. Configuring the ARP retry timer to a value shorter than the default should be done only on mission-critical links, such as uplinks or aggregate spoke SDPs transporting mobile traffic; otherwise, the retry interval should be left at the default value.

Default 

50 (in 100s of ms)

Parameters 
ms-timer—
the time interval, in 100s of milliseconds, the system waits before retrying a failed ARP request
Values—
1 to 300

arp-timeout

Syntax 
arp-timeout seconds
no arp-timeout
Context 
config>service>ies>interface
Description 

This command configures the minimum interval, in seconds, that an ARP entry learned on the IP interface is stored in the ARP table. ARP entries are automatically refreshed when an ARP request or gratuitous ARP is seen from an IP host. Otherwise, the ARP entry is aged from the ARP table.

If the arp-timeout value is set to 0 s, ARP aging is disabled.

The no form of the command reverts to the default value.

Note:

The 7705 SAR will attempt to refresh an ARP entry 30 s prior to its expiry. This refresh attempt occurs only if the ARP timeout is set to 45 s or more.

Default 

no arp-timeout

Parameters 
seconds—
the minimum number of seconds a learned ARP entry is stored in the ARP table, expressed as a decimal integer. A value of 0 specifies that the timer is inoperative and learned ARP entries will not be aged.
Values—
0 to 65535
Values—
14400 s (4 h)

bfd

Syntax 
bfd {transmit-interval} [receive receive-interval] [multiplier multiplier] [type np]
no bfd
Context 
config>service>ies>interface
config>service>ies>if>ipv6
Description 

This command configures the time interval in which BFD control messages are transmitted and received on the interface. The multiplier parameter specifies the number of consecutive BFD messages that must be missed by the peer node before the BFD session closes and the upper layer protocols (OSPF, IS-IS, BGP, PIM) are notified of the fault.

Default 

no bfd

Parameters 
transmit-interval—
the number of milliseconds between consecutive BFD sent messages
Values—
10 to 100000
Values—
100
receive-interval—
the number of milliseconds between consecutive BFD received messages
Values—
10 to 100000
Values—
100
multiplier—
the number of consecutive BFD messages that must be missed before the interface is brought down
Values—
3 to 20
Values—
3
type np—
controls the value range of the transmit-interval and receive-interval parameters. If the type np option is not specified, the range of the transmit-interval and receive-interval parameter values is from 100 ms to 100000 ms. If the type np option is specified, the range of the transmit-interval and receive-interval parameter values is from 10 ms to 1000 ms, with the restriction that the maximum receiving detection time for the missing BFD packets must be less than or equal to 3000 ms. The maximum receiving detection time is the receive-interval parameter multiplied by the multiplier parameter.
Note:

The BFD session must be disabled before the type np parameter can be changed.

dhcp

Syntax 
dhcp
Context 
config>service>ies>interface
Description 

This command enables the context to configure DHCP parameters.

gi-address

Syntax 
gi-address ip-address [src-ip-addr]
no gi-address
Context 
config>service>ies>if>dhcp
Description 

This command configures the gateway interface address for the DHCP Relay Agent. By default, the GIADDR used in the relayed DHCP packet is the primary address of an interface. Specifying the GIADDR allows the user to choose a secondary address.

Default 

no gi-address

Parameters 
ip-address—
the IP address of the gateway interface in dotted-decimal notation
Values—
a.b.c.d (host bits must be 0)
src-ip-addr—
specifies that the GIADDR is to be used as the source IP address for DHCP relay packets

option

Syntax 
[no] option
Context 
config>service>ies>if>dhcp
Description 

This command enables DHCP Option 82 (Relay Agent Information Option) parameters processing and enters the context for configuring Option 82 suboptions.

The no form of this command returns the system to the default.

Default 

no option

action

Syntax 
action {replace | drop | keep}
no action
Context 
config>service>ies>if>dhcp>option
Description 

This command configures the Relay Agent Information Option (Option 82) processing.

The no form of this command returns the system to the default value.

Default 

keep

Parameters 
replace—
in the upstream direction (from the user), the Option 82 field from the router is inserted in the packet (overwriting any existing Option 82 field). In the downstream direction (toward the user), the Option 82 field is stripped (in accordance with RFC 3046).
drop—
the DHCP packet is dropped if an Option 82 field is present, and a counter is incremented
keep—
the existing information is kept in the packet and the router does not add any additional information. In the downstream direction, the Option 82 field is not stripped and is forwarded toward the client.

The behavior is slightly different in the case of Vendor Specific Options (VSOs). When the keep parameter is specified, the router will insert its own VSO into the Option 82 field. This will only be done if the incoming message already has an Option 82 field.

If no Option 82 field is present, the router will not create the Option 82 field. In this case, no VSO will be added to the message.

circuit-id

Syntax 
circuit-id [ascii-tuple | ifindex | sap-id | vlan-ascii-tuple]
no circuit-id
Context 
config>service>ies>if>dhcp>option
Description 

This command sends either an ASCII tuple or the interface index (If Index) on the specified SAP ID in the circuit-id suboption of the DHCP packet.

If disabled, the circuit-id suboption of the DHCP packet is left empty.

The no form of the command returns the system to the default.

Default 

ascii-tuple

Parameters 
ascii-tuple—
specifies that the ASCII-encoded concatenated tuple, which consists of the access node identifier, service ID, and interface name, separated by “/”, will be used
ifindex—
specifies that the interface index will be used. The If Index of a router interface can be displayed using the command show>router>if>detail.
sap-id—
specifies that the SAP ID will be used
vlan-ascii-tuple—
specifies that the format will include VLAN ID and dot1p bits in addition to what is already included in ascii-tuple. The format is supported on dot1q and qinq ports only. Therefore, when the Option 82 bits are stripped, dot1p bits will be copied to the Ethernet header of an outgoing packet.

remote-id

Syntax 
remote-id [mac | string string]
no remote-id
Context 
config>service>ies>if>dhcp>option
Description 

This command sends the MAC address of the remote end (typically the DHCP client) in the remote-id suboption of the DHCP packet. This command identifies the host at the other end of the circuit.

If disabled, the remote-id suboption of the DHCP packet is left empty.

The no form of this command returns the system to the default.

Default 

remote-id

Parameters 
mac—
specifies that the MAC address of the remote end is encoded in the suboption
string—
the remote ID

vendor-specific option

Syntax 
[no] vendor-specific-option
Context 
config>service>ies>if>dhcp>option
Description 

This command configures the vendor-specific suboption of the DHCP relay packet.

client-mac-address

Syntax 
[no] client-mac-address
Context 
config>service>ies>if>dhcp>option>vendor-specific-option
Description 

This command enables the sending of the MAC address in the vendor-specific suboption of the DHCP relay packet.

The no form of the command disables the sending of the MAC address.

sap-id

Syntax 
[no] sap-id
Context 
config>service>ies>if>dhcp>option>vendor-specific-option
Description 

This command enables the sending of the SAP ID in the vendor-specific suboption of the DHCP relay packet.

The no form of the command disables the sending of the SAP ID.

service-id

Syntax 
[no] service-id
Context 
config>service>ies>if>dhcp>option>vendor-specific-option
Description 

This command enables the sending of the service ID in the vendor-specific suboption of the DHCP relay packet.

The no form of the command disables the sending of the service ID.

string

Syntax 
string text
no string
Context 
config>service>ies>if>dhcp>option>vendor-specific-option
Description 

This command specifies the string in the vendor-specific suboption of the DHCP relay packet.

The no form of the command reverts to the default value.

Default 

no string

Parameters 
text—
any combination of ASCII characters up to 32 characters in length. If spaces are used in the string, the entire string must be enclosed within double quotes.

system-id

Syntax 
[no] system-id
Context 
config>service>ies>if>dhcp>option>vendor-specific-option
Description 

This command specifies whether the system ID is encoded in the vendor-specific suboption of the DHCP relay packet.

server

Syntax 
server server1 [server2...(up to 8 max)]
no server
Context 
config>service>ies>if>dhcp>option
Description 

This command specifies a list of servers where requests will be forwarded. The list of servers can be entered either as IP addresses or fully qualified domain names. There must be at least one server specified for DHCP relay to work. If there are multiple servers, the request is forwarded to all of the servers in the list.

There can be a maximum of 8 DHCP servers configured.

Default 

no server

Parameters 
server—
the DHCP server IP address

trusted

Syntax 
[no] trusted
Context 
config>service>ies>if>dhcp>option
Description 

As specified in RFC 3046, DHCP Relay Agent Information Option, a DHCP request where the giaddr is 0.0.0.0 and that contains a Option 82 field in the packet, should be discarded unless it arrives on a “trusted” circuit. If trusted mode is enabled on an IP interface, the Relay Agent (the router) will modify the request giaddr to be equal to the ingress interface and forward the request.

This behavior only applies when the action in the Relay Agent Information Option is “keep”. In the case where the Option 82 field is being replaced by the Relay Agent (action = “replace”), the original Option 82 information is lost, and therefore there is no reason to enable the trusted option.

The no form of this command returns the system to the default.

Default 

not enabled

icmp

Syntax 
icmp
Context 
config>service>ies>interface
Description 

This command enables access to the context to configure Internet Control Message Protocol (ICMP) parameters on a network IP interface. ICMP is a message control and error reporting protocol that also provides information relevant to IP packet processing.

mask-reply

Syntax 
[no] mask-reply
Context 
config>service>ies>if>icmp
Description 

This command enables or disables responses to ICMP mask requests on the router interface.

If a local node sends an ICMP mask request to the router interface, the mask-reply command configures the router interface to reply to the request.

The no form of the command disables replies to ICMP mask requests on the router interface.

Default 

mask-reply

ttl-expired

Syntax 
ttl-expired [number seconds]
no ttl-expired
Context 
config>service>ies>if>icmp
Description 

This command configures the rate that ICMP Time To Live (TTL) expired messages are issued by the IP interface.

By default, generation of ICMP TTL expired messages is enabled at a maximum rate of 100 per 10-s time interval.

The no form of the command disables the generation of TTL expired messages.

Default 

ttl-expired 100 10—maximum of 100 TTL expired message in 10 s

Parameters 
number—
the maximum number of ICMP TTL expired messages to send, expressed as a decimal integer. The seconds parameter must also be specified.
Values—
10 to 100
seconds—
the time frame, in seconds, used to limit the number of ICMP TTL expired messages that can be issued, expressed as a decimal integer
Values—
1 to 60

unreachables

Syntax 
unreachables [number seconds]
no unreachables
Context 
config>service>ies>if>icmp
Description 

This command enables and configures the rate for ICMP host and network destination unreachable messages issued on the router interface.

The unreachables command enables the generation of ICMP destination unreachable messages on the router interface. The rate at which ICMP unreachable messages are issued can be controlled with the optional number and seconds parameters by indicating the maximum number of destination unreachable messages that can be issued on the interface for a specified time interval.

By default, generation of ICMP destination unreachable messages is enabled at a maximum rate of 100 per 10-s time interval.

The no form of the command disables the generation of ICMP destination unreachable messages on the router interface.

Default 

unreachables 100 10—maximum of 100 unreachable messages in 10 s

Parameters 
number—
the maximum number of ICMP unreachable messages to send, expressed as a decimal integer. The seconds parameter must also be specified.
Values—
10 to 100
seconds—
the time frame, in seconds, used to limit the number of ICMP unreachable messages that can be issued, expressed as a decimal integer
Values—
1 to 60

ip-mtu

Syntax 
ip-mtu octets
no ip-mtu
Context 
config>service>ies>interface
Description 

This command configures the IP maximum transmit unit (packet size) for this interface.

The default value is derived from the port MTU. The no form of the command returns the default value.

Default 

no ip-mtu — uses the value derived from the port MTU

Parameters 
octets —
the MTU for the interface
Values—
128 to 9732

ipcp

Syntax 
[no] ipcp
Context 
config>service>ies>interface
Description 

This command enables the context to configure IPCP. Within this context, IPCP extensions can be used to signal the remote IP address and DNS IP address to the PPP peer over the PPP/MLPPP interface. This command is only applicable if the associated SAP is a PPP/MLPPP interface.

dns

Syntax 
dns ip-address [secondary ip-address]
dns secondary ip-address
no dns [ip-address] [secondary ip-address]
Context 
config>service>ies>if>ipcp
Description 

This command defines the DNS addresses to be assigned to the far end of the associated PPP/MLPPP link via IPCP extensions. This command is only applicable if the associated SAP or port is a PPP/ MLPPP interface with an IPCP encapsulation.

The no form of the command deletes the specified primary DNS address, secondary DNS address, or both addresses from the IPCP extension peer-ip-address configuration.

Default 

no dns

Parameters 
ip-address—
specifies a unicast IPv4 address for the primary DNS server to be signaled to the far end of the associated PPP/MLPPP link via IPCP extensions
secondary ip-address
specifies a unicast IPv4 address for the secondary DNS server to be signaled to the far end of the associated PPP/MLPPP link via IPCP extensions

peer-ip-address

Syntax 
peer-ip-address ip-address
no peer-ip-address
Context 
config>service>ies>if>ipcp
Description 

This command defines the remote IP address to be assigned to the far end of the associated PPP/MLPPP link via IPCP extensions. This command is only applicable if the associated SAP or port is a PPP/MLPPP interface with an IPCP encapsulation.

The no form of the command deletes the IPCP extension peer-ip-address configuration.

Default 

no peer-ip-address (0.0.0.0)

Parameters 
ip-address—
a unicast IPv4 address to be signaled to the far end of the associated PPP/MLPPP link by IPCP extensions

l4-load-balancing

Syntax 
l4-load-balancing {includeL4 | excludeL4}
no l4-load-balancing
Context 
config>service>ies>interface
Description 

This command configures Layer 4 load balancing at the interface level. Configuration must be done on the ingress network interface (that is, the interface on the node that the packet is received on). When enabled, Layer 4 source and destination port fields of incoming TCP/UDP packets are included in the hashing calculation to randomly determine the distribution of packets.

You can add additional fields to generate more randomness and more equal distribution of packets with the teid-load-balancing command.

The default configuration on the interface is to match the Layer 4 load balancing configuration in the config>system context. Using this command to modify Layer 4 load-balancing configuration on an interface overrides the system-wide load-balancing settings for that interface.

Parameters 
includeL4—
layer 4 source and destination port fields are included in the hashing calculation
excludeL4—
layer 4 source and destination port fields are not included in the hashing calculation

local-dhcp-server

Syntax 
[no] local-dhcp-server local-server-name
Context 
config>service>ies>interface
Description 

This command associates the interface with a local DHCP server configured on the system. A routed VPLS interface may not be associated with a local DHCP server.

The no form of the command removes the association of the interface with the local DHCP server.

Default 

n/a

Parameters 
local-server-name—
the name of the local DHCP server
Values—
up to 32 alphanumeric characters

local-proxy-arp

Syntax 
[no] local-proxy-arp
Context 
config>service>ies>interface
Description 

This command enables local proxy ARP on the interface.

Local proxy ARP allows the 7705 SAR to respond to ARP requests received on an interface for an IP address that is part of a subnet assigned to the interface. The router responds to all requests for IP addresses within the subnet with its own MAC address and forwards all traffic between the hosts in the subnet.

Local proxy ARP is used on subnets where hosts are prevented from communicating directly.

When local-proxy-arp is enabled, ICMP redirects on the ports associated with the service are automatically blocked.

Default 

no local-proxy-arp

loopback

Syntax 
[no] loopback
Context 
config>service>ies>interface
Description 

This command specifies that the interface is a loopback interface that has no associated physical interface. If this command is enabled, a SAP cannot be defined on the interface.

Default 

no loopback

mac

Syntax 
[no] mac ieee-address
Context 
config>service>ies>interface
Description 

This command assigns a specific MAC address to an IES IP interface.

The no form of the command returns the MAC address to the default value.

Default 

the physical MAC address associated with the Ethernet interface on which the SAP is configured (default MAC address assigned to the interface by the system)

Parameters 
ieee-address—
the 48-bit MAC address for the static ARP in the form aa:bb:cc:dd:ee:ff or aa-bb-cc-dd-ee-ff, where aa, bb, cc, dd, ee, and ff are hexadecimal numbers. Allowed values are any non-broadcast, non-multicast MAC, and non-IEEE reserved MAC addresses.

proxy-arp-policy

Syntax 
proxy-arp-policy policy-name [policy-name...(up to 5 max)]
no proxy-arp-policy
Context 
config>service>ies>interface
Description 

This command enables proxy ARP on the interface and specifies an existing policy statement that controls the flow of routing information by analyzing match and action criteria. The policy statement is configured in the config>router>policy-options context (refer to the 7705 SAR OS Router Configuration Guide, “Route Policy Command Reference, Route Policy Options”). When proxy ARP is enabled, the 7705 SAR responds to ARP requests on behalf of another device.

Default 

no proxy-arp-policy

Parameters 
policy-name—
the route policy statement name. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes. The policy statement must already be defined.

remote-proxy-arp

Syntax 
[no] remote-proxy-arp
Context 
config>service>ies>interface
Description 

This command enables remote proxy ARP on the interface, allowing a router on one network to respond to ARP requests intended for another node that is physically located on another network. The router effectively pretends to be the destination node by sending an ARP response to the originating node that associates the router’s MAC address with the destination node’s IP address (acts as a proxy for the destination node). The router then takes responsibility for routing traffic to the real destination.

Default 

no remote-proxy-arp

secondary

Syntax 
secondary {ip-address/mask | ip-address netmask} [broadcast all-ones | host-ones] [igp-inhibit]
no secondary {ip-address/mask | ip-address netmask}
Context 
config>service>ies>interface
Description 

This command assigns an secondary IP address, IP subnet, and broadcast address format to the interface.

Default 

no secondary

Parameters 
ip-address —
the IP address of the IP interface. The ip-address portion of the secondary command specifies the IP host address that will be used by the IP interface within the subnet. This address must be unique within the subnet and specified in dotted-decimal notation.
Values—
a.b.c.d
(1.0.0.0 to 223.255.255.255 (with support of /31 subnets)
The “/” (forward slash) is a parameter delimiter that separates the ip-address portion of the IP address from the mask, which defines the scope of the local subnet. No spaces are allowed between the ip-address, the “/”, and the mask. If a forward slash does not immediately follow the ip-address, a dotted-decimal mask must follow the prefix.
mask—
the subnet mask length when the IP prefix is specified in CIDR notation. When the IP prefix is specified in CIDR notation, a forward slash separates the ip-address from the mask. The mask indicates the number of bits used for the network portion of the IP address; the remainder of the IP address is used to determine the host portion of the IP address.
Values—
0 to 32
netmask —
the subnet mask, in dotted-decimal notation. When the IP prefix is not specified in CIDR notation, a space separates the ip-address from a traditional dotted-decimal mask. The netmask parameter indicates the complete mask that will be used in a logical “AND” function to derive the local subnet of the IP address.
Values—
128.0.0.0 to 255.255.255.252
(network bits all 1 and host bits all 0)
(255.255.255.255 is reserved for system IP addresses)
broadcast—
the optional broadcast parameter overrides the default broadcast address used by the IP interface when sourcing IP broadcasts on the IP interface. If no broadcast format is specified for the IP address, the default value is host-ones, which indicates a subnet broadcast address. Use this parameter to change the broadcast address to all-ones or revert back to a broadcast address of host-ones.

The broadcast format on an IP interface can be specified when the IP address is assigned or changed.

This parameter does not affect the type of broadcasts that can be received by the IP interface. A host sending either the local broadcast (all-ones) or the valid subnet broadcast address (host-ones) will be received by the IP interface.

Values—
host-ones
all-ones—
specifies that the broadcast address used by the IP interface for this IP address will be 255.255.255.255, also known as the local broadcast
host-ones—
specifies that the broadcast address used by the IP interface for this IP address will be the subnet broadcast address. This is an IP address that corresponds to the local subnet described by the ip-address and the mask, or the mask with all the host bits set to binary one. This is the default broadcast address used by an IP interface.

The broadcast parameter within the secondary command does not have a negation feature, which is usually used to revert a parameter to the default value. To change the broadcast type to host-ones after being changed to all-ones, the secondary command must be executed with the broadcast parameter defined.

igp-inhibit—
specifies that this secondary IP interface should not be recognized as a local interface by the running IGP. For OSPF and IS-IS, this means that the secondary IP interface will not be injected and used as a passive interface and will not be advertised as an internal IP interface into the IGP link state database. For RIP, this means that the secondary IP interface will not source RIP updates.

static-arp

Syntax 
static-arp ip-address ieee-address
no static-arp ip-address [ieee-address]
static-arp ieee-address unnumbered
no static-arp [ieee-address] unnumbered
Context 
config>service>ies>interface
Description 

This command configures a static ARP entry associating an IP address with a MAC address for the core router instance. This static ARP appears in the core routing ARP table. A static ARP can only be configured if it exists on the network attached to the IP interface.

If an entry for a particular IP address already exists and a new MAC address is configured for the IP address, the existing MAC address is replaced by the new MAC address.

A router interface can only have one static ARP entry configured for it.

Static ARP is used when a 7705 SAR needs to know about a device on an interface that cannot or does not respond to ARP requests. Therefore, the 7705 SAR OS configuration can specify to send a packet with a particular IP address to the corresponding ARP address.

The no form of the command removes a static ARP entry.

Default 

no static-arp

Parameters 
ip-address—
the IP address for the static ARP in dotted-decimal notation
ieee-mac-address—
the 48-bit MAC address for the static ARP in the form aa:bb:cc:dd:ee:ff or aa-bb-cc-dd-ee-ff, where aa, bb, cc, dd, ee, and ff are hexadecimal numbers. Allowed values are any non-broadcast, non-multicast MAC, and non-IEEE reserved MAC addresses.
unnumbered—
specifies the static ARP MAC addresses for an unnumbered interface. Unnumbered interfaces also support dynamic ARP. If this parameter is configured, it overrides any dynamic ARP.

teid-load-balancing

Syntax 
[no] teid-load-balancing
Context 
config>service>ies>interface
Description 

This command configures TEID load balancing at the interface level. Configuration must be done on the ingress network interface (that is, the interface on the node that the packet is received on). The TEID attribute is included in the header of GTP (general packet radio system tunneling protocol) packets. When TEID load balancing is enabled, the TEID field of incoming TCP/UDP packets is included in the hashing calculation to randomly determine the distribution of packets.

You can add additional fields to generate more randomness and more equal distribution of packets with the l4-load-balancing command.

Default 

no teid-load-balancing

unnumbered

Syntax 
unnumbered {ip-int-name | ip-address}
no unnumbered
Context 
config>service>ies>interface
Description 

This command configures an IP interface as an unnumbered interface and specifies an IP address or interface name to be used for the interface. Unnumbered interfaces are point-to-point interfaces that are not explicitly configured with a dedicated IP address and subnet; instead, they borrow (or link to) an IP address from another interface on the system (the system IP address, another loopback interface, or any other numbered interface) and use it as the source IP address for packets originating from the interface.

By default, no IP address exists on an IP interface until it is explicitly created.

The no form of the command removes the IP address assignment from the IP interface.

Default 

no unnumbered

Parameters 
ip-int-name | ip-address—
the IP interface name or address to associate with the unnumbered IP interface
Values—
ip-int-name:      1 to 32 characters (must start with a letter)
ip-address:         a.b.c.d

IES Service IPv6 Commands

ipv6

Syntax 
[no] ipv6
Context 
config>service>ies>interface
Description 

This command enables the context to configure IPv6 for an IES interface.

address

Syntax 
address ipv6-address/prefix-length [eui-64]
no address ipv6-address/prefix-length
Context 
config>service>ies>if>ipv6
Description 

This command assigns an IPv6 address to the IES interface.

Default 

n/a

Parameters 
ipv6-address/prefix-length—
the IPv6 address on the interface
Values—
ipv6-address:       x:x:x:x:x:x:x:x (eight 16-bit pieces)
                             x:x:x:x:x:x:d.d.d.d
                             x:   [0 to FFFF]H
                             d:   [0 to 255]D
prefix-length:       1 to 128
eui-64—
when the eui-64 keyword is specified, a complete IPv6 address from the supplied prefix and 64-bit interface identifier is formed. The 64-bit interface identifier is derived from the MAC address on Ethernet interfaces.

dhcp6-relay

Syntax 
[no] dhcp6-relay
Context 
config>service>ies>if>ipv6
Description 

This command enables the context to configure DHCPv6 Relay parameters for the IES interface.

option

Syntax 
[no] option
Context 
config>service>ies>if>ipv6>dhcp6-relay
Description 

This command enables the context to configure DHCPv6 Relay information options.

interface-id

Syntax 
interface-id
interface-id ascii-tuple
interface-id ifindex
interface-id sap-id
interface-id string
no interface-id
Context 
config>service>ies>if>ipv6>dhcp6-relay>option
Description 

This command enables the sending of interface ID options in the DHCPv6 Relay packet.

Default 

ascii-tuple

Parameters 
ascii-tuple—
specifies that the ASCII-encoded concatenated tuple, which consists of the access node identifier, service ID, and interface name, separated by “/”, will be used
ifindex—
specifies that the interface index will be used. The If Index of a router interface can be displayed using the command show>router>if>detail.
sap-id—
specifies that the SAP ID will be used
string—
specifies that a string of up to 32 printable, 7-bit ASCII characters, will be used. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes.

remote-id

Syntax 
[no] remote-id
Context 
config>service>ies>if>ipv6>dhcp6-relay>option
Description 

This command enables the sending of the remote ID option in the DHCPv6 Relay packet. The client DHCP Unique Identifier (DUID) is used as the remote ID.

server

Syntax 
server ipv6-address [ipv6-address...(up to 8 max)]
no server ipv6-address [ipv6-address...(up to 8 max)]
Context 
config>service>ies>if>ipv6>dhcp6-relay
Description 

This command specifies a list of servers where DHCPv6 requests will be forwarded. The list of servers can be entered either as IP addresses or fully qualified domain names. At least one server must be specified in order for DHCPv6 Relay to work. If there are multiple servers, the request is forwarded to all of them. A maximum of eight servers can be configured.

Default 

n/a

Parameters 
ipv6-address—
the IPv6 addresses of the DHCP servers
Values—
x:x:x:x:x:x:x:x (eight 16-bit pieces)
x:x:x:x:x:x:d.d.d.d
x:   [0 to FFFF]H
d:   [0 to 255]D

icmp6

Syntax 
icmp6
Context 
config>service>ies>if>ipv6
Description 

This command enables the context to configure ICMPv6 parameters on the IES interface.

packet-too-big

Syntax 
packet-too-big [number seconds]
no packet-too-big
Context 
config>service>ies>if>ipv6>icmp6
Description 

This command configures the rate for ICMPv6 packet-too-big messages.

The no form of the command disables the sending of ICMPv6 packet-too-big messages.

Default 

100 10

Parameters 
number—
the maximum number of packet-too-big messages to send, expressed as a decimal integer, in the time frame specified by the seconds parameter
Values—
10 to 1000
 
seconds—
the time frame, in seconds, used to limit the number of packet-too-big messages that can be issued, expressed as a decimal integer
Values—
1 to 60

param-problem

Syntax 
param-problem [number seconds]
no param-problem
Context 
config>service>ies>if>ipv6>icmp6
Description 

This command configures the rate for ICMPv6 param-problem messages.

The no form of the command disables the sending of ICMPv6 param-problem messages.

Default 

100 10

Parameters 
number—
the maximum number of param-problem messages to send, expressed as a decimal integer, in the time frame specified by the seconds parameter
Values—
10 to 1000
seconds—
the time frame, in seconds, used to limit the number of param-problem messages that can be issued, expressed as a decimal integer
Values—
1 to 60

time-exceeded

Syntax 
time-exceeded [number seconds]
no time-exceeded
Context 
config>service>ies>if>ipv6>icmp6
Description 

This command configures the rate for ICMPv6 time-exceeded messages.

The no form of the command disables the sending of ICMPv6 time-exceeded messages.

Default 

100 10

Parameters 
number—
the maximum number of time-exceeded messages to send, expressed as a decimal integer, in the time frame specified by the seconds parameter
Values—
10 to 1000
seconds—
the time frame, in seconds, used to limit the number of time-exceeded messages that can be issued, expressed as a decimal integer
Values—
1 to 60

unreachables

Syntax 
unreachables [number seconds]
no unreachables
Context 
config>service>ies>if>ipv6>icmp6
Description 

This command enables and configures the rate for ICMPv6 host and network destination unreachable messages issued on the router interface.

The no form of the command disables the generation of ICMPv6 destination unreachables on the router interface.

Default 

100 10

Parameters 
number—
the maximum number of destination unreachable messages to send, expressed as a decimal integer, in the time frame specified by the seconds parameter
Values—
10 to 1000
seconds—
the time frame, in seconds, used to limit the number of destination unreachable messages that can be issued, expressed as a decimal integer
Values—
1 to 60

neighbor

Syntax 
neighbor ipv6-address mac-address
no neighbor ipv6-address
Context 
config>service>ies>if>ipv6
Description 

This command configures an IPv6-to-MAC address mapping on the IES interface. Use this command if a directly attached IPv6 node does not support ICMPv6 neighbor discovery or a static address must be used. This command can only be used on Ethernet interfaces. The ipv6-address must be on the subnet that was configured from the IPv6 address command or a link-local address.

Parameters 
ipv6-address—
the IPv6 address on the interface
Values—
x:x:x:x:x:x:x:x (eight 16-bit pieces)
x:x:x:x:x:x:d.d.d.d
x:   [0 to FFFF]H
d:   [0 to 255]D
mac-address—
the MAC address for the neighbor in the form of xx:xx:xx:xx:xx:xx or xx-xx-xx-xx-xx-xx

reachable-time

Syntax 
[no] reachable-time seconds
Context 
config>service>ies>if>ipv6
Description 

This command specifies the time an IPv6 neighbor remains in reachable state.

Default 

no reachable-time

Parameters 
seconds—
specifies the number of seconds that an IPv6 neighbor remains in reachable state
Values—
30 to 3600
Values—
30

stale-time

Syntax 
[no] stale-time seconds
Context 
config>service>ies>if>ipv6
Description 

This command specifies the time that an IPv6 neighbor cache entry remains in stale state. When the specified time elapses, the system removes the neighbor cache entry.

Default 

no stale-time

Parameters 
seconds—
specifies the number of seconds that an IPv6 neighbor remains in stale state
Values—
60 to 65535
Values—
14400

IES Service VRRP Commands

vrrp

Syntax 
vrrp virtual-router-id [owner]
no vrrp virtual-router-id
Context 
config>service>ies>interface
config>service>ies>if>ipv6>vrrp
Description 

This command creates or edits a virtual router ID on the service IP interface. A virtual router ID is internally represented in conjunction with the IP interface name. This allows the virtual router ID to be used on multiple IP interfaces while representing different virtual router instances.

Two VRIDs can be defined on an IP interface. One, both, or none may be defined as owner.

The no form of this command removes the specified virtual router ID from the IP interface. This terminates VRRP participation for the virtual router and deletes all references to the virtual router ID. The virtual router ID does not need to be shut down in order to remove the virtual router instance.

Default 

n/a

Parameters 
virtual-router-id—
specifies a new virtual router ID or one that can be modified on the IP interface
Values—
1 to 255

authentication-key

Syntax 
authentication-key [authentication-key | hash-key] [hash | hash2]
no authentication-key
Context 
config>service>ies>if>vrrp
Description 

This command assigns a simple text password authentication key to generate master VRRP advertisement messages and validate received VRRP advertisement messages.

If the command is re-executed with a different password key defined, the new key will be used immediately. If a no authentication-key command is executed, the password authentication key is restored to the default value. The authentication-key command may be executed at any time.

To change the current in-use password key on multiple virtual router instances:

  1. identify the current master
  2. shut down the virtual router instance on all backups
  3. execute the authentication-key command on the master to change the password key
  4. execute the authentication-key command and no shutdown command on each backup

The no form of this command restores the default value of the key.

Default 

The authentication data field contains the value 0 in all octets.

Parameters 
authentication-key—
identifies the simple text password used when VRRP Authentication Type 1 is enabled on the virtual router instance. Type 1 uses a string 8 octets long that is inserted into all transmitted VRRP advertisement messages and compared against all received VRRP advertisement messages. The authentication data fields are used to transmit the key.

The authentication-key parameter is expressed as a string consisting up to eight alpha-numeric characters. Spaces must be contained in quotation marks ( “ ” ). The quotation marks are not considered part of the string.

The string is case-sensitive and is left-justified in the VRRP advertisement message authentication data fields. The first field contains the first four characters with the first octet containing the first character. The second field holds the fifth through eighth characters. Any unspecified portion of the authentication data field is padded with the value 0 in the corresponding octet.

Values—
any 7-bit printable ASCII character
exceptions:           double quote               ASCII 34
                             carriage return             ASCII 13
                             line feed                       ASCII 10
                             tab                                ASCII 9
                             backspace                    ASCII 8
hash-key—
can be any combination of ASCII characters up to 22 characters in length (encrypted). If spaces are used in the string, enclose the entire string in quotation marks (“ ”).

This option is useful when a user must configure the parameter, but for security purposes, the actual unencrypted key value is not provided.

hash—
specifies the key is entered in an encrypted form. If the hash keyword is not used, the key is assumed to be in a non-encrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash keyword specified.
hash2—
specifies the key is entered in a more complex encrypted form. If the hash2 keyword is not used, the less-encrypted hash form is assumed.

backup

Syntax 
[no] backup ip-address
Context 
config>service>ies>if>vrrp
config>service>ies>if>ipv6>vrrp
Description 

This command configures virtual router IP addresses for backup.

Parameters 
ip-address—
specifies the destination address for backup

bfd-enable

Syntax 
bfd-enable [base | service-id] interface interface-name dst-ip ip-address
no bfd-enable
Context 
config>service>ies>if>vrrp
Description 

This commands assigns a BFD session that provides a heart-beat mechanism for the given VRRP instance. Only one BFD session can be assigned to any given VRRP instance, but multiple VRRP sessions can use the same BFD session.

BFD controls the state of the associated interface. By enabling BFD on a given protocol interface, the state of the protocol interface is tied to the state of the BFD session between the local node and the remote node. The parameters used for the BFD session are set with the bfd-enable command under the IP interface.

The no form of this command removes BFD from the configuration.

Default 

n/a

Parameters 
service-id—
specifies the service ID of the interface running BFD
Values—
1 to 2147483648 or service-name
interface-name—
specifies the name of the interface running BFD
ip-address—
specifies the destination address to be used for the BFD session

init-delay

Syntax 
init-delay seconds
no init-delay
Context 
config>service>ies>if>vrrp
config>service>ies>if>ipv6>vrrp
Description 

This command configures a VRRP initialization delay timer.

Default 

no init-delay

Parameters 
seconds—
specifies the number of seconds for the initialization delay timer for VRRP
Values—
1 to 65535

mac

Syntax 
mac ieee-address
no mac
Context 
config>service>ies>if>vrrp
config>service>ies>if>ipv6>vrrp
Description 

This command assigns a specific MAC address to an IES IP interface.

The no form of the command returns the MAC address of the IP interface to the default value.

Default 

the physical MAC address associated with the Ethernet interface that the SAP is configured on (the default MAC address assigned to the interface, assigned by the system)

Parameters 
mac-address—
specifies the 48-bit MAC address for the static ARP in the form aa:bb:cc:dd:ee:ff or aa-bbcc-dd-ee-ff, where aa, bb, cc, dd, ee, and ff are hexadecimal numbers. Allowed values are any non-broadcast, non-multicast MAC and non-IEEE reserved MAC addresses.

master-int-inherit

Syntax 
[no] master-int-inherit
Context 
config>service>ies>if>vrrp
config>service>ies>if>ipv6>vrrp
Description 

This command allows the master instance to dictate the master down timer (non-owner context only).

The master down interval is the time that the master router can be down before backup takes over. The master down interval is used to specify the master down timer. If the master down timer expires, the backup virtual router enters the master state.

Default 

no master-int-inherit

message-interval

Syntax 
message-interval {[seconds] [milliseconds milliseconds]}
no message-interval
Context 
config>service>ies>if>vrrp
config>service>ies>if>ipv6>vrrp
Description 

This command sets the advertisement timer and indirectly sets the master down timer on the virtual router instance. The message-interval setting must be the same for all virtual routers with the same VRID. Any VRRP advertisement message received with an advertisement interval field different from the virtual router instance configured message-interval value will be silently discarded.

The message-interval command is available for both non-owner and owner virtual routers. If the message-interval command is not executed, the default message interval is 1 s.

The no form of this command restores the default message-interval value of 1 s to the virtual router instance.

Parameters 
seconds—
number of seconds that will transpire before the advertisement timer expires
Values—
1 to 255
Values—
1
milliseconds—
the time interval, in milliseconds, between sending advertisement messages. This parameter is not supported on non-redundant chassis.
Values—
100 to 900

ping-reply

Syntax 
[no] ping-reply
Context 
config>service>ies>if>vrrp
config>service>ies>if>ipv6>vrrp
Description 

This command enables the non-owner master to reply to ICMP echo requests directed to the virtual router instance IP addresses. The ping request can be received on any routed interface.

Ping must not have been disabled at the management security level (either on the parental IP interface or based on the ping source host address). When ping reply is not enabled, ICMP echo requests to non-owner master virtual IP addresses are silently discarded.

Non-owner backup virtual routers never respond to ICMP echo requests regardless of the setting of the ping reply configuration.

The ping-reply command is only available for non-owner virtual routers. If the ping-reply command is not executed, ICMP echo requests to the virtual router instance IP addresses are silently discarded.

The no form of this command restores the default operation of discarding all ICMP echo request messages destined for the non-owner virtual router instance IP addresses.

Default 

no ping-reply

policy

Syntax 
policy vrrp-policy-id
no policy
Context 
config>service>ies>if>vrrp
config>service>ies>if>ipv6>vrrp
Description 

This command associates a VRRP priority control policy with the virtual router instance (non-owner context only).

Default 

n/a

Parameters 
vrrp-policy-id—
specifies a VRRP priority control policy. The VRRP policy ID must already exist in the system for the policy command to be successful.
Values—
1 to 9999

preempt

Syntax 
[no] preempt
Context 
config>service>ies>if>vrrp
config>service>ies>if>ipv6>vrrp
Description 

This command provides the ability to override an existing non-owner master with a virtual router backup that has a higher priority. Enabling preempt mode enhances the operation of the base priority and VRRP policy ID definitions on the virtual router instance. If the virtual router cannot preempt an existing non-owner master, the affect of the dynamic changing of the in-use priority is greatly diminished.

The preempt command is only available for non-owner VRRP virtual routers. The owner cannot be preempted because the priority of non-owners can never be higher than the owner. The owner will always preempt all other virtual routers when it is available.

Non-owner backup virtual router instances will only preempt when preempt is set and the current master has an in-use message priority value less than the backup virtual router instance in-use priority.

A master non-owner virtual router will only allow itself to be preempted when the incoming VRRP advertisement message priority field value is one of the following:

  1. greater than its in-use priority value
  2. equal to the in-use priority value, and the source IP address (primary IP address) is greater than its primary IP address

The no form of this command prevents a non-owner virtual router instance from preempting another, less-desirable, virtual router.

Default 

preempt

priority

Syntax 
priority priority
no priority
Context 
config>service>ies>if>vrrp
config>service>ies>if>ipv6>vrrp
Description 

This command configures a specific priority value for the virtual router instance. In conjunction with the optional policy command, the base priority derives the in-use priority of the virtual router instance.

The priority command is only available for non-owner VRRP virtual routers. The priority of owner virtual router instances is permanently set to 255 and cannot be changed. For non-owner virtual router instances, if the priority command is not executed, the base priority is set to 100.

The no form of this command restores the default value of 100.

Parameters 
priority—
specifies the priority used by the virtual router instance. If a VRRP priority control policy is not defined, the base priority will be the in-use priority for the virtual router instance.
Values—
1 to 254

ssh-reply

Syntax 
[no] ssh-reply
Context 
config>service>ies>if>vrrp
Description 

This command enables the non-owner master to reply to SSH requests directed at the IP addresses of the virtual router instances. The SSH request can be received on any routed interface. SSH must not have been disabled at the management security level (either on the parental IP interface or based on the SSH source host address). Proper login and CLI command authentication are enforced.

When the ssh-reply command is not enabled, SSH packets to non-owner master virtual IP addresses are silently discarded.

Non-owner backup virtual routers never respond to SSH requests regardless of the SSH reply configuration.

The ssh-reply command is only available for non-owner VRRP virtual routers.

The no form of this command restores the default operation of discarding all SSH packets destined to the non-owner virtual router instance IP addresses.

Default 

no ssh-reply

standby-forwarding

Syntax 
[no] standby-forwarding
Context 
config>service>ies>if>vrrp
config>service>ies>if>ipv6>vrrp
Description 

This command allows the forwarding of packets by a standby router when sent to the virtual router MAC address.

The no form of the command specifies that a standby router should not forward traffic sent to the virtual router MAC address. The standby router should forward traffic sent to the real MAC address of the standby router.

Default 

no standby-forwarding

telnet-reply

Syntax 
[no] telnet-reply
Context 
config>service>ies>if>vrrp
config>service>ies>if>ipv6>vrrp
Description 

This command enables the non-owner master to reply to TCP port 23 Telnet requests directed at the IP addresses of the virtual router instance. The Telnet request can be received on any routed interface. Telnet must not have been disabled at the management security level (either on the parental IP interface or based on the Telnet source host address). Proper login and CLI command authentication are enforced.

If the telnet-reply command is not enabled, TCP port 23 Telnet packets to non-owner master virtual IP addresses are silently discarded.

Non-owner backup virtual routers never respond to Telnet requests regardless of the Telnet reply configuration.

The telnet-reply command is only available for non-owner VRRP virtual routers.

The no form of this command restores the default operation of discarding all Telnet packets destined for the non-owner virtual router instance IP addresses.

Default 

no telnet-reply

traceroute-reply

Syntax 
[no] traceroute-reply
Context 
config>service>ies>if>vrrp
config>service>ies>if>ipv6>vrrp
Description 

This command enables a non-owner master to reply to traceroute requests directed to the virtual router instance IP addresses. The command is valid only if the VRRP virtual router instance associated with this entry is a non-owner. A non-owner backup virtual router never responds to traceroute requests regardless of the traceroute reply status.

Default 

no traceroute-reply

IES Service SAP Commands

sap

Syntax 
[no] sap sap-id [create]
Context 
config>service>ies>interface
Description 

This command creates a SAP within an IES service. Each SAP must be unique.

All SAPs must be explicitly created with the create keyword. If no SAPs are created within a service or an IP interface, a SAP will not exist on that object.

To edit SAP parameters, enter an existing SAP without the create keyword.

A SAP can only be associated with a single service. The SAP is owned by the service in which it was created. A SAP can only be defined on a port that has been configured as an access port in the config>port port-id context using the mode access command. Refer to the 7705 SAR OS Interface Configuration Guide, “Access Ports”.

If a port is shut down, all SAPs on that port become operationally down. When a service is shut down, SAPs for the service are not displayed as operationally down although all traffic traversing the service will be discarded. The operational state of a SAP is relative to the operational state of the port on which the SAP is defined.

The following SAP types are supported:

  1. PPP IPCP encapsulation of an IPv4 packet for IES (RFC 1332)
  2. MLPPP bundle
  3. LAG
  4. Ethernet SAPs supporting null, dot1q, and qinq

To configure an IES interface SAP that is used for a public IPSec tunnel interface, see sap in Service Interface Tunnel Commands.

If the IES interface has been configured as a loopback interface with the loopback command, a SAP cannot be defined on the interface.

The no form of this command deletes the SAP with the specified port. When a SAP is deleted, all configuration parameters for the SAP will also be deleted.

Default 

no sap

Parameters 
sap-id—
specifies the physical port identifier portion of the SAP definition. See Table 39 for a full list of SAP IDs.
create—
keyword used to create a SAP instance. The create keyword requirement can be enabled/disabled in the environment>create context.

accounting-policy

Syntax 
accounting-policy acct-policy-id
no accounting-policy [acct-policy-id]
Context 
config>service>ies>if>sap
Description 

This command creates the accounting policy context that can be applied to a SAP. An accounting policy must be defined before it can be associated with a SAP. If the policy ID does not exist, an error message is generated.

A maximum of one accounting policy can be associated with a SAP at one time. Accounting policies are configured in the config>log context.

The no form of this command removes the accounting policy association from the SAP, and the accounting policy reverts to the default.

Default 

no accounting-policy

Parameters 
acct-policy-id—
the accounting policy ID as configured in the config>log>accounting-policy context
Values—
1 to 99

collect-stats

Syntax 
[no] collect-stats
Context 
config>service>ies>if>sap
Description 

This command enables accounting and statistical data collection for the SAP. When applying accounting policies, the data, by default, is collected in the appropriate records and written to the designated billing file.

When the no collect-stats command is issued, the statistics are still accumulated by the CSM. However, the CPU will not obtain the results and write them to the billing file. If a subsequent collect-stats command is issued, the counters written to the billing file include all the traffic while the no collect-stats command was in effect.

Default 

collect-stats

egress

Syntax 
egress
Context 
config>service>ies>if>sap
Description 

This command enables the context to configure egress SAP QoS policies and IP filter policies.

If no sap-egress QoS policy is defined, the system default sap-egress QoS policy is used for egress processing. If no egress IP filter policy is defined, no filtering is performed.

ingress

Syntax 
ingress
Context 
config>service>ies>if>sap
Description 

This command enables the context to configure ingress SAP QoS policies and IP filter policies.

If no sap-ingress QoS policy is defined, the system default sap-ingress QoS policy is used for ingress processing. If no ingress IP filter policy is defined, no filtering is performed.

agg-rate-limit

Syntax 
agg-rate-limit agg-rate [cir cir-rate]
no agg-rate-limit
Context 
config>service>ies>if>sap>egress
config>service>ies>if>sap>ingress
Description 

This command sets the aggregate rate limits (PIR and CIR) for the SAP. The agg-rate sets the PIR value. The cir-rate sets the CIR value. When aggregate rate limits are configured on a second-generation (Gen-2) Ethernet adapter card, the scheduler mode must be set to 16-priority. On a third-generation (Gen-3) Ethernet adapter card, the scheduler mode is always 4-priority. For information on adapter card generations, refer to the “Evolution of Ethernet Adapter Cards, Modules, and Platforms” section in the 7705 SAR OS Interface Configuration Guide.

Configuring the cir-rate is optional. If a cir-rate is not entered, then the cir-rate is set to its default value (0 kb/s). If a cir-rate has been set and the agg-rate is changed without re-entering the cir-rate, the cir-rate automatically resets to 0 kb/s. For example, to change the agg-rate from 2000 to 1500 while maintaining a cir-rate of 500, use the command agg-rate-limit 1500 cir 500.

If the specified SAP is a LAG SAP, then agg-rate and cir-rate can be configured regardless of the scheduler mode setting on Gen-2 or Gen-3 hardware—it is not configurable if one of the ports configured in the LAG SAP is on Gen-1 hardware. If the active port is on a Gen-3 card or platform, then agg-rate and cir-rate are applicable. If the active port is on a Gen-2 card or platform, then agg-rate and cir-rate apply when the scheduler mode is set to 16-priority. If the active port is on a Gen-1 card, then agg-rate and cir-rate are not applicable. For details on the behavior of a mix-and-match LAG SAP, refer to the “LAG Support on Third-Generation Ethernet Adapter Cards, Ports, and Platforms” and “Network LAG Traffic Management” sections in the 7705 SAR OS Interface Configuration Guide.

Note:

From Release 7.0.R6, schedulers on Gen-3 adapter cards and platforms have been updated to better align with the scheduling behavior supported on the other 7705 SAR adapter cards and platforms. The updated scheduler mode is called "4-priority" scheduler-mode throughout the CLI. Prior to Release 7.0.R6, the CLI designation was "4-priority-hqos". In the updated mode of operation, arbitration among different flows at the second-tier aggregate (per-SAP or per-VLAN) and third-tier aggregate (per-customer (MSS)) levels are carried out in a round-robin manner, scheduling cir-rate first from the shapers, followed by the pir-rate.

Caution:

Any Gen-3 adapter card or platform running Release 7.0.R6 or later software uses 4-priority scheduling instead of 4-priority-hqos scheduling, which was supported previously. The migration of scheduler mode is automatic with an upgrade and there is no operator action required. As part of the migration, all CIR values at second-tier (per-SAP and per-VLAN) and third-tier (per-customer (MSS)) aggregate shaper levels are set to zero. Operators must exercise caution when performing an upgrade to Release 7.0.R6 or later from a previous Release 7.0 version, and must adjust the affected CIR values in accordance with the needs of their applications as soon as possible.

The no form of the command sets the agg-rate to the maximum and the cir-rate to 0 kb/s.

Default 

no agg-rate-limit

Parameters 
agg-rate—
sets the PIR for the aggregate of all the queues on the SAP. The max keyword applies the maximum physical port rate possible.
Values—
1 to 10000000 kb/s, or max
Values—
max
cir-rate—
sets the CIR for the aggregate of all the queues on the SAP
Values—
0 to 10000000 kb/s, or max
Values—
0 kb/s

filter

Syntax 
filter ip ip-filter-id
filter ipv6 ipv6-filter-id
no filter [ip ip-filter-id | ipv6 ipv6-filter-id]
Context 
config>service>ies>if>sap>egress
config>service>ies>if>sap>ingress
Description 

This command associates an IPv4 or IPv6 filter policy with an egress or ingress IES SAP.

Filter policies control the forwarding and dropping of packets based on IP matching criteria. Only one filter can be applied to a SAP at a time.

The ip-filter-id or ipv6-filter-id must already be defined before the filter command is executed. If the filter policy does not exist, the operation will fail and an error message will be displayed.

The no form of the command removes any configured filter ID association with the SAP. The filter policy cannot be deleted until it is removed from all SAPs where it is applied.

Default 

no filter

Parameters 
ip-filter-id—
specifies the IPv4 filter policy. The filter ID or filter name must already exist within the created IP filters.
Values—
1 to 65535 or filter-name (up to 64 characters)
ipv6-filter-id—
specifies the IPv6 filter policy. The filter ID or filter name must already exist within the created IP filters.
Values—
1 to 65535 or filter-name (up to 64 characters)
Note:

For information on configuring IP filter IDs, refer to the 7705 SAR OS Router Configuration Guide, “Filter Policies”.

match-qinq-dot1p

Syntax 
match-qinq-dot1p {top | bottom}
no match-qinq-dot1p
Context 
config>service>ies>if>sap>ingress
Description 

This command specifies which dot1q tag position (top or bottom) in a qinq-encapsulated packet should be used when QoS evaluates dot1p classification.

The no form of the command restores the default dot1p evaluation behavior for the SAP, which means that the inner (bottom) tag (second tag) dot1p bits are used for classification.

By default, the dot1p bits from the inner tag service-delineating dot1q tag are used.

Table 94 shows which set of dot1p bits are used for QoS purposes when match-qinq-dot1p is configured. To use the table, find the row that represents the settings for Port/SAP Type and Match-QinQ-Dot1q Setting. Use the Existing Packet Tags column to identify which dot1q tags are available in the packet. Then use the P-bits Used for Match column to identify which dot1q tag contains the dot1p bits that are used for QoS dot1p classification.

Default 

no match-qinq-dot1p

Parameters 
top—
the top parameter and bottom parameter are mutually exclusive. When the top parameter is specified, the outer tag's dot1p bits (topmost P-bits) are used (if existing) to match any dot1p dot1p-value entries.
bottom—
the bottom parameter and top parameter are mutually exclusive. When the bottom parameter is specified, the bottommost P-bits (second tag’s P-bits) are used (if existing) to match any dot1p dot1p-value entries.
Table 94:  Match-QinQ-Dot1p Matching Behavior 

Port/ SAP Type

Match-QinQ-Dot1p Setting  1

Existing Packet Tags

P-bits Used for Match

Null

n/a

None

None

Null

n/a

Dot1p (VLAN ID 0)

None  2

Null

n/a

Dot1q

None  2

Null

n/a

TopQ BottomQ

None  2

Dot1Q

n/a

None

None

Dot1Q

n/a

Dot1p (default SAP VLAN ID 0)

Dot1p P-bits

Dot1Q

n/a

Dot1q

Dot1q P-bits

QinQ/ X.Y

Top

TopQ BottomQ

TopQ P-bits

QinQ/ X.Y

Default or Bottom

TopQ BottomQ

BottomQ P-bits

QinQ/ X.0

Top

TopQ

TopQ P-bits

QinQ/ X.0

Default or Bottom

TopQ

TopQ P-bits

QinQ/ X.0

Top

TopQ BottomQ

TopQ P-bits

QinQ/ X.0

Default or Bottom

TopQ BottomQ

BottomQ P-bits

QinQ/ X.*

Top

TopQ

TopQ P-bits

QinQ/ X.*

Default or Bottom

TopQ

TopQ P-bits

QinQ/ X.*

Top

TopQ BottomQ

TopQ P-bits

QinQ/ X.*

Default or Bottom

TopQ BottomQ

BottomQ P-bits

QinQ/ 0.*

Top

None

None

QinQ/ 0.*

Default or Bottom

None

None

QinQ/ 0.*

Top

TopQ

TopQ P-bits

QinQ/ 0.*

Default or Bottom

TopQ

TopQ P-bits

QinQ/ 0.*

Top

TopQ BottomQ

TopQ P-bits

QinQ/ 0.*

Default or Bottom

TopQ BottomQ

BottomQ P-bits

QinQ/ *.*

Top

None

None

QinQ/ *.*

Default or Bottom

None

None

QinQ/ *.*

Top

TopQ

TopQ P-bits

QinQ/ *.*

Default or Bottom

TopQ

TopQ P-bits

QinQ/ *.*

Top

TopQ BottomQ

TopQ P-bits

QinQ/ *.*

Default or Bottom

TopQ BottomQ

BottomQ P-bits

    Notes:

  1. “Default” in this column refers to the no form of match-qinq-dot1p command.
  2. For null encapsulation, the 7705 SAR does not process dot1p bits.

qinq-mark-top-only

Syntax 
[no] qinq-mark-top-only
Context 
config>service>ies>if>sap>egress
Description 

When enabled, the qinq-mark-top-only command specifies which P-bits to mark during packet egress. When disabled, both sets of P-bits are marked. When enabled, only the P-bits in the top Q-tag are marked. The no form of the command is the default state (disabled).

Table 95 shows the dot1p re-marking behavior for different egress port type/SAP type combinations and qinq-mark-top-only state, where “False” represents the default (disabled) state.

If a new tag is pushed, the dot1p bits of the new tag will be zero (unless the new tag is re-marked by the egress policy. The dot1p bits are configured using the dot1p parameter under the configure>qos context.

Table 95:  Dot1P Re-marking Behavior for the QinQ-mark-top-only Command 

Egress Port Type/SAP Type

QinQ-mark-top-only State

Egress P-Bits Marked or Re-marked

Null  1

n/a

None

Dot1q/ X  1

n/a

Outer tag

Dot1q/ *  2

n/a

None

Dot1q/ 0  2

n/a

Outer tag

QinQ/ X.Y  1

False

Two outer tags  3

True

Outer tag  3

QinQ/ X.*  1

True or False

Outer tag

QinQ/ X.0  1

True or False

Outer tag

QinQ/ 0.*  1

True or False

None

QinQ/ *.*  2

True or False

None

    Notes:

  1. This port type/SAP type is supported by the following services: Epipe, Ipipe, VPLS, IES, and VPRN.
  2. This port type/SAP type is supported by the following services: Epipe and VPLS.
  3. Normally, when a new tag is pushed, the dot1p bits of the new tag will be zero, unless the P-bits are remarked by the egress policy. However, an exception to this occurs when the egress SAP type is X.Y and only one new outer tag must be pushed. In this case, the new outer tag will have its dot1p bits set to the inner tag's dot1p bits.
Default 

no qinq-mark-top-only

qos

Syntax 
qos policy-id
no qos
Context 
config>service>ies>if>sap>egress
config>service>ies>if>sap>ingress
Description 

This command associates a QoS policy with an ingress or egress IES SAP.

QoS ingress and egress policies are important for the enforcement of SLA agreements. The policy ID must be defined prior to associating the policy with a SAP. If the policy-id does not exist, an error will be returned.

The qos command associates both ingress and egress QoS policies. The qos command allows only ingress policies to be associated on the SAP ingress and only egress policies to be associated on the SAP egress. Attempts to associate a QoS policy of the wrong type returns an error.

Only one ingress and one egress QoS policy can be associated with an IES SAP at one time. Attempts to associate a second QoS policy of a given type returns an error.

By default, no specific QoS policy is associated with the SAP for ingress or egress; therefore, the default QoS policy is used.

The no form of this command removes the QoS policy association from the SAP, and the QoS policy reverts to the default.

Parameters 
policy-id—
associates the ingress or egress policy ID with the SAP. The policy ID or name must already exist.
Values—
1 to 65535, or policy-name (up to 64 characters)

scheduler-mode

Syntax 
scheduler-mode {4-priority | 16-priority}
Context 
config>service>ies>if>sap>egress
config>service>ies>if>sap>ingress
Description 

This command sets the scheduler mode for the SAP and is part of the hierarchical QoS (H-QoS) feature on the 7705 SAR.

If the mode is 4-priority, then the SAP is considered an unshaped 4-priority SAP and the agg-rate-limit cannot be changed from its default values.

If the mode is 16-priority and the agg-rate limit parameters are configured to be non-default values, then the SAP is considered a shaped SAP. If the agg-rate limit parameters are left in their default settings, the SAP is considered an unshaped, 16-priority SAP.

This command is blocked on third-generation (Gen-3) Ethernet adapter cards and platforms, such as the 6-port Ethernet 10Gbps Adapter card and the 7705 SAR-X, which only support 4-priority scheduling mode.

If the specified SAP is a LAG SAP, scheduler-mode can be configured but is not applied to Gen-3 adapter cards and platforms. If one of the ports in the LAG is on a Gen-1 adapter card, then scheduler-mode cannot be configured.

Default 

4-priority

Parameters 
4-priority—
sets the scheduler mode for the SAP to be 4-priority mode
16-priority—
sets the scheduler mode for the SAP to be 16-priority mode

shaper-group

Syntax 
[no] shaper-group shaper-group-name [create]
Context 
config>service>ies>if>sap>egress
config>service>ies>if>sap>ingress
Description 

This command applies a shaper group to a SAP. The shaper group must already be created and must be within the shaper policy assigned to the Ethernet MDA (for ingress) or port (for egress). A shaper group is a dual-rate aggregate shaper used to shape aggregate access ingress or egress SAPs at a shaper group rate. Multiple aggregate shaper groups ensure fair sharing of available bandwidth among different aggregate shapers.

The default shaper group cannot be deleted.

The no form of this command removes the configured shaper-group.

Default 

shaper-group “default”

Parameters 
shaper-group-name—
the name of the shaper group. To access the default shaper group, enter “default”.
create—
keyword used to create a shaper group

IES Service Spoke SDP Commands

spoke-sdp

Syntax 
spoke-sdp sdp-id:vc-id [create]
no spoke-sdp sdp-id:vc-id
Context 
config>service>ies>interface
Description 

This command binds a service to an existing Service Distribution Point (SDP).

A spoke SDP is treated like the equivalent of a traditional bridge “port”, where flooded traffic received on the spoke SDP is replicated on all other “ports” (other spoke SDPs or SAPs) and not transmitted on the port it was received on.

The SDP has an operational state that determines the operational state of the SDP within the service. For example, if the SDP is administratively or operationally down, the SDP for the service is down.

The SDP must already be defined in the config>service>sdp context in order to associate it with a service. If the sdp sdp-id is not already configured, an error message is generated. If the sdp-id does exist, a binding between that sdp-id and the service is created.

SDPs must be explicitly associated and bound to a service. If an SDP is not bound to a service, no far-end devices can participate in the service.

Class-based forwarding is not supported on a spoke SDP used for termination on an IES or VPRN service. All packets are forwarded over the default LSP.

The no form of this command removes the SDP binding from the service. The SDP configuration is not affected; only the binding of the SDP to the service. Once the binding is removed, no packets are forwarded to the far-end router. The spoke SDP must be shut down first before it can be deleted from the configuration.

Default 

no sdp-id is bound to a service

Special Cases 
IES—
only one sdp-id can be bound to an IES
Parameters 
sdp-id —
the SDP identifier
Values—
1 to 17407
vc-id—
the virtual circuit identifier
Values—
1 to 4294967295

egress

Syntax 
egress
Context 
config>service>ies>if>spoke-sdp
Description 

This command enables the context to configure egress SDP parameters.

vc-label

Syntax 
vc-label egress-vc-label
no vc-label [egress-vc-label]
Context 
config>service>ies>if>spoke-sdp>egress
Description 

This command configures the static MPLS VC label used by the 7705 SAR to send packets to the far-end device in this service via this SDP.

Parameters 
egress-vc-label—
a VC egress value that indicates a specific connection
Values—
16 to 1048575

ingress

Syntax 
ingress
Context 
config>service>ies>if>spoke-sdp
Description 

This command enables the context to configure ingress SDP parameters.

filter

Syntax 
filter ip ip-filter-id
no filter
Context 
config>service>ies>if>spoke-sdp>ingress
Description 

This command associates an IP filter policy with an ingress spoke SDP. Filter policies control the forwarding and dropping of packets based on IP or MAC matching criteria.

The filter policy must already be defined before the filter command is executed. If the filter policy does not exist, the operation will fail and an error message will be returned.

In general, filters applied to ingress spoke SDPs apply to all packets on the spoke SDP. One exception is that non-IP packets are not applied to IP match criteria, so the default action in the filter policy applies to these packets.

The no form of this command removes any configured filter ID association with the spoke SDP.

Parameters 
ip-filter-id
specifies the IP filter policy. The filter ID or filter name must already exist within the created IP filters.
Values—
1 to 65535 or filter-name (up to 64 characters)

vc-label

Syntax 
vc-label ingress-vc-label
no vc-label [ingress-vc-label]
Context 
config>service>ies>if>spoke-sdp>ingress
Description 

This command configures the static MPLS VC label used by the far-end device to send packets to the 7705 SAR in this service via this SDP.

Parameters 
ingress-vc-label —
a VC ingress value that indicates a specific connection
Values—
2048 to 18431

Routed VPLS Commands

vpls

Syntax 
vpls service-name
no vpls
Context 
config>service>ies>if
Description 

This command within the IP interface context binds the IP interface to the specified VPLS service name.

The system does not attempt to resolve the service name until the IP interface is placed into the administratively up state (no shutdown). Once the IP interface is administratively up, the system scans the available VPLS services that have the allow-ip-int-binding flag set for a VPLS service associated with the service name. If the IP interface is already in the administratively up state, the system immediately attempts to resolve the given service name.

Parameters 
service-name—
specifies the service name that the system attempts to resolve to an allow-ip-int-binding enabled VPLS service associated with the service name. The specified service name is an ASCII string of up to 32 characters.

ingress

Syntax 
ingress
Context 
config>service>ies>if>vpls
Description 

This command within the VPLS binding context defines the routed IPv4 optional filter override.

v4-routed-override-filter

Syntax 
v4-routed-override-filter ipv4-filter-id
no v4-routed-override-filter
Context 
config>service>ies>if>vpls>ingress
Description 

This command specifies an IPv4 filter ID applied to all ingress packets entering the VPLS service. The filter overrides the existing ingress IPv4 filter applied to SAPs or SDP bindings for packets associated with the routing IP interface. The override filter is optional, and if not defined or removed, the IPv4 routed packets use the existing ingress IPv4 filter on the VPLS virtual ports.

The no form of the command removes the IPv4 routed override filter from the ingress IP interface.

Default 

n/a

Parameters 
ipv4-filter-id—
specifies the IPv4 filter policy. The filter ID or filter name must already exist within the created IP filters.
Values—
1 to 65535 or filter-name (up to 64 characters)

v6-routed-override-filter

Syntax 
v6-routed-override-filter ipv6-filter-id
no v6-routed-override-filter
Context 
config>service>ies>if>vpls>ingress
Description 

This command specifies an IPv6 filter ID applied to all ingress packets entering the VPLS service. The filter overrides the existing ingress IPv6 filter applied to SAPs or SDP bindings for packets associated with the routing IP interface. The override filter is optional, and if it is not defined or it is removed, the IPv6 routed packets use the existing ingress IPv6 filter on the VPLS virtual ports.

The no form of the command removes the IPv6 routed override filter from the ingress IP interface.

Default 

n/a

Parameters 
ipv6-filter-id—
specifies the IPv6 filter policy. The filter ID or filter name must already exist within the created IPv6 filters.
Values—
1 to 65535 or filter-name (up to 64 characters)

IES Service Security Zone Configuration Commands

zone

Syntax 
zone {zone-id | zone-name} [create]
no zone {zone-id | zone-name}
Context 
config>service>ies
Description 

This command creates or specifies a security zone within an IES context. Each zone must have a unique ID.

All zones must be explicitly created with the create keyword.

Enter an existing zone without the create keyword to edit zone parameters.

The no form of this command deletes the zone. When a zone is deleted, all configuration parameters for the zone are also deleted.

Parameters 
zone-id—
the zone ID number. The zone ID must be unique within the system.
Values—
1 to 65534

abort

Syntax 
abort
Context 
config>service>ies>zone
Description 

This command discards changes made to a security feature.

Default 

n/a

begin

Syntax 
begin
Context 
config>service>ies>zone
Description 

This command enters the mode to create or edit security features.

Default 

n/a

commit

Syntax 
commit
Context 
config>service>ies>zone
Description 

This command saves changes made to security features.

Default 

n/a

inbound

Syntax 
inbound
Context 
config>service>ies>zone
Description 

This command enables the context to configure limit parameters on inbound firewall sessions.

Default 

n/a

outbound

Syntax 
outbound
Context 
config>service>ies>zone
Description 

This command enables the context to configure limit parameters for outbound firewall sessions on the CSM.

Default 

n/a

limit

Syntax 
limit
Context 
config>service>ies>zone>inbound
config>service>ies>zone>outbound
Description 

This command enables the context to configure limits on concurrent sessions for inbound or outbound firewall sessions on the CSM.

Default 

n/a

concurrent-sessions

Syntax 
concurrent-sessions {tcp | udp | icmp | other} sessions
no concurrent-sessions {tcp | udp | icmp | other}
Context 
config>service>ies>zone>inbound>limit
config>service>ies>zone>outbound>limit
Description 

This command configures the maximum number of concurrent firewall sessions that can be established per zone, in either the inbound or outbound direction.

Default 

n/a

Parameters 
tcp—
specifies that TCP connection traffic is to be firewalled
udp —
specifies that UDP connection traffic is to be firewalled
icmp—
specifies that ICMP connection traffic is to be firewalled
other—
specifies that the traffic to be firewalled is other than TCP, UDP, or ICMP
sessions—
the maximum number of concurrent firewall sessions that can be created in a zone for the configured direction and protocol
Values—
1 to 16383

interface

Syntax 
[no] interface ip-int-name
Context 
config>service>ies>zone
Description 

This command creates a logical IP routing interface for a zone. Once created, attributes such as an IP address can be associated with the IP interface. Multiple interfaces can be configured on a zone.

The no form of this command removes the IP interface and all the associated configurations.

Parameters 
ip-int-name—
the name of the interface to be configured within the zone
Values—
1 to 32 characters (must start with a letter)

log

Syntax 
log {log-id | name}
no log
Context 
config>service>ies>zone
Description 

This command configures a log identifier for the specified zone. A log identifier can be configured in the config>router>zone context and the config>security>policy context.

The no form of this command removes logging for the zone.

Parameters 
log-id—
the identifier for the log
Values—
1 to 32 characters

name

Syntax 
name zone-name
no name
Context 
config>service>ies>zone
Description 

This command configures a zone name. The zone name is unique within the system. It can be used to refer to the zone under configure, show, and clear commands.

Parameters 
zone-name—
 the name of the zone
Values—
1 to 32 characters (must start with a letter). If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes.

nat

Syntax 
nat
Context 
config>service>ies>zone
Description 

This command enters the context to configure NAT parameters for a zone.

pool

Syntax 
pool pool-id [create]
no pool pool-id
Context 
config>service>ies>zone>nat
Description 

This command configures the NAT pool for the security zone within an IES service. Each pool must have a unique ID.

All pools must be explicitly created with the create keyword.

Enter an existing pool without the create keyword to edit pool parameters.

The no form of this command deletes the specified NAT pool. When a pool is deleted, all configuration parameters for the pool will also be deleted.

Parameters 
pool-id—
the pool ID number
Values—
1 to 100

direction

Syntax 
direction {zone-outbound | zone-inbound | both}
no direction
Context 
config>service>ies>zone>nat>pool
Description 

This command configures the NAT pool direction for the security zone. A specific NAT pool can be configured for different directions while using the same policy. For example, if the security policy entry direction is set to both, separate inbound and outbound pools can be created for that policy.

Parameters 
zone-outbound—
configures a pool for the policy outbound traffic
zone-inbound—
configures a pool for the policy inbound traffic
both—
configures a pool for policy inbound and outbound traffic

entry

Syntax 
entry entry-id [create]
no entry entry-id
Context 
config>service>ies>zone>nat>pool
Description 

This command configures a NAT pool entry within an IES service.

The no form of this command deletes the entry with the specified ID. When an entry is deleted, all configuration parameters for the entry will also be deleted.

Parameters 
entry-id—
the entry ID number
Values—
1 to 65535

ip-address

Syntax 
ip-address ip-address [to ip-address] interface ip-int-name
no ip-address
Context 
config>service>ies>zone>nat>pool>entry
Description 

This command configures the source IP address or IP address range to which packets that match NAT policy are routed using NAT. An interface can also be configured, in which case all packets that match NAT policy are routed to the interface IP address. If the interface IP address is changed dynamically, NAT is updated accordingly. Only one IP address can be associated with an IP interface. Source IP addresses and interfaces cannot be used together in a single NAT pool.

The IP address for the interface must be entered in dotted-decimal notation. The maximum IP address range limit is 255.

The no form of the command removes the IP address assignment. The no form of this command can only be performed when the IP interface is administratively shut down. Shutting down the IP interface brings the interface operationally down.

Parameters 
ip-address—
the source IP address to be used by NAT. The ip-address portion of the ip-address command specifies the IP host address that will be used by the IP interface within the subnet. This address must be unique within the subnet and specified in dotted-decimal notation.
Values—
1.0.0.0 to 223.255.255.255
ip-int-name—
the name of the interface to be used by NAT

port

Syntax 
port port [to port]
no port
Context 
config>service>ies>zone>nat>pool>entry
Description 

This command configures the UDP/TCP port or port range. Packets that match NAT policy undergo network port address translation (NPAT) and are routed to their source UDP/TCP port. Configuring a UDP/TCP port pool requires an IP-address pool because the 7705 SAR does not support port address translation (PAT) alone.

The no form of this command deletes the port or port range.

Parameters 
port—
the UDP/TCP port or range of ports to which NPAT is applied

name

Syntax 
name pool-name
no name
Context 
config>service>ies>zone>nat>pool
Description 

This command configures a zone pool name. Pool names must be unique within the group of pools defined for a zone. It can be used to refer to the pool under configure, show, and clear commands.

Parameters 
pool-name—
 the name of the pool. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes.
Values—
1 to 32 characters (must start with a letter).

policy

Syntax 
policy {policy-id | policy-name}
no policy
Context 
config>service>ies>zone
Description 

This command sets the policy to be used by the security zone to build its matching criteria for incoming packets.

The no form of this command deletes the specified policy.

Parameters 
policy-id—
the number of the referenced policy
Values—
1 to 65535
policy-name—
the name of the referenced policy

Show Commands

Note:

The following command outputs are examples only; actual displays may differ depending on supported functionality and user configuration.

customer

Syntax 
customer [customer-id]
Context 
show>service
Description 

This command displays service customer information.

Parameters 
customer-id
specifies the customer ID number to be displayed
Values—
 1 to 2147483647
Output 

The following output is an example of service customer information, and Table 96 describes the fields.

Sample Output
A:ALU-2# show service customer 1
===============================================================================
Customer  1
===============================================================================
Customer-ID        : 1
Contact            : Tech Support
Description        : Default customer
Phone              : (613) 555-1122
===============================================================================
Table 96:  Show Service Customer Output Fields  

Label

Description

Customer-ID

ID that uniquely identifies the customer

Contact

Name or title of the primary contact person

Description

Generic information about the customer

Phone

Phone number by which to reach the contact person

egress-label

Syntax 
egress-label start-label [end-label]
Context 
show>service
Description 

This command displays service information using the range of egress labels.

If only the mandatory start-label parameter is specified, only services using the specified label are displayed.

If both start-label and end-label parameters are specified, the services using the labels in the specified range are displayed.

Use the show router ldp bindings command to display dynamic labels.

Parameters 
end-label—
the ending egress label value for which to display services using the label range
Values—
 2049 to 131071
Values—
the start-label value
start-label—
the starting egress label value for which to display services using the label range. If only start-label is specified, only services using start-label are displayed.
Values—
0, or 2048 to 131071
Output 

The following output is an example of service egress label information, and Table 97 describes the fields.

Sample Output

In the sample below, services 3, 5 and 6 are IES, and services 5000 and 5001 are VPLS services.

*A:ALU-12>show>service# egress-label 0 131071
===============================================================================
Martini Service Labels
===============================================================================
Svc Id     Sdp Binding        Type  I.Lbl                 E.Lbl
-------------------------------------------------------------------------------
3          15:15              Spok  0                     0
5          5:5                Spok  0                     0
6          5:6                Spok  0                     0
5000       15:5000            Mesh  0                     0
5000       15:5001            Spok  0                     0
5001       5001:100           Spok  0                     0
-------------------------------------------------------------------------------
Number of Bindings Found : 6
-------------------------------------------------------------------------------
===============================================================================
*A:ALU-12#
Table 97:  Show Service Egress Output Fields 

Label

Description

Svc Id

The ID that identifies a service

Sdp Binding

The ID that identifies an SDP

Type

Indicates whether the SDP binding is a spoke or a mesh

I. Lbl

The VC label used by the far-end device to send packets to 7705 SAR in this service by the SDP

E. Lbl

The VC label used by 7705 SAR to send packets to the far-end device in this service by the SDP

Number of Bindings Found

The total number of SDP bindings that exist within the specified label range

id

Syntax 
id service-id
Context 
show>service
Description 

This command displays information for a particular service ID

Parameters 
service-id—
identifies the service in the domain by service number or name

all

Syntax 
all
Context 
show>service>id
Description 

This command displays detailed information for all aspects of the service.

Output 

The following output is an example of service ID all information, and Table 98 describes the fields.

Sample Output (IES Management Service)
A:ALU-2# show service id 751 all 
===============================================================================
Service Detailed Information
===============================================================================
Service Id        : 751                                                        
Service Type      : IES                                                        
Name              : IES751                                                   
Description       : ATM_Backhaul_SAM_Mgmt
Customer Id       : 10                                                         
Last Status Change: 09/09/2008 16:26:25                                        
Last Mgmt Change  : 09/09/2008 16:25:04                                        
Admin State       : Up                  Oper State        : Up                 
SAP Count         : 2                                                          
-------------------------------------------------------------------------------
Service Access Points
-------------------------------------------------------------------------------
 
-------------------------------------------------------------------------------
SAP bundle-ima-1/3.1:0/75
-------------------------------------------------------------------------------
Service Id         : 751                                                       
SAP                : bundle-ima-1/3.1:0/75    Encap             : atm          
Admin State        : Up                       Oper State        : Up           
Flags              : None
Multi Svc Site     : None                                                      
Last Status Change : 09/09/2008 16:26:25                                       
Last Mgmt Change   : 09/09/2008 16:25:04                                       
Sub Type           : regular                                                   
 
Admin MTU          : 1572                     Oper MTU          : 1572         
Ingr IP Fltr-Id    : 1                        Egr IP Fltr-Id    : n/a          
Ingr Mac Fltr-Id   : n/a                      Egr Mac Fltr-Id   : n/a          
tod-suite          : None                     qinq-pbit-marking : both         
Egr Agg Rate Limit : max                                                       
 
Acct. Pol          : None                     Collect Stats     : Disabled     
 
Anti Spoofing      : None                     Nbr Static Hosts  : 0            
-------------------------------------------------------------------------------
QOS
-------------------------------------------------------------------------------
Ingress qos-policy : 1                        Egress qos-policy : 1            
Shared Q plcy      : n/a                      Multipoint shared : Disabled     
-------------------------------------------------------------------------------
Sap Statistics
-------------------------------------------------------------------------------
Last Cleared Time     : N/A   
                 
                        Packets                 Octets
Forwarding Engine Stats
Dropped               : 0                       n/a                            
Off. HiPrio           : 802789                  n/a                            
Off. LowPrio          : n/a                     n/a    
                        
Queueing Stats(Ingress QoS Policy 1)
Dro. HiPrio           : 0                       n/a                            
Dro. LowPrio          : n/a                     n/a                            
For. InProf           : 802789                  69039854                       
For. OutProf          : 0                       0  
                            
Queueing Stats(Egress QoS Policy 1)
Dro. InProf           : 0                       n/a                            
Dro. OutProf          : n/a                     n/a                            
For. InProf           : 802829                  41753273                       
For. OutProf          : n/a                     n/a                            
-------------------------------------------------------------------------------
Sap per Queue stats
-------------------------------------------------------------------------------
                        Packets                 Octets
 
Ingress Queue 1 (Unicast) (Priority)
Off. HiPrio           : 802789                  n/a                            
Off. LoPrio           : n/a                     n/a                            
Dro. HiPrio           : 0                       n/a                            
Dro. LoPrio           : n/a                     n/a                            
For. InProf           : 802789                  69039854                       
For. OutProf          : 0                       0                              
 
Egress Queue 1
For. InProf           : 802829                  41753273                       
For. OutProf          : n/a                     n/a                            
Dro. InProf           : 0                       n/a                            
Dro. OutProf          : n/a                     n/a                            
-------------------------------------------------------------------------------
ATM SAP Configuration Information
-------------------------------------------------------------------------------
Ingress TD Profile : 32                       Egress TD Profile : 32           
Alarm Cell Handling: Enabled                  AAL-5 Encap       : mux-ip       
OAM Termination    : Enabled                  Periodic Loopback : Disabled     
   
-------------------------------------------------------------------------------
Service Interfaces
-------------------------------------------------------------------------------
 
-------------------------------------------------------------------------------
Interface
-------------------------------------------------------------------------------
If Name           : IP_10.75.11.0/24
Admin State       : Up                  Oper State        : Up                 
Protocols         : None                                                       
IP Addr/mask      : 10.75.11.2/24       Address Type      : Primary            
IGP Inhibit       : Disabled            Broadcast Address : Host-ones          
-------------------------------------------------------------------------------
Details
-------------------------------------------------------------------------------
If Index          : 3                   Virt. If Index    : 3                  
Last Oper Chg     : 09/09/2008 16:26:25 Global If Index   : 32                 
SAP Id            : bundle-ima-1/3.1:0/75
TOS Marking       : Untrusted           If Type           : IES                
SNTP B.Cast       : False               IES ID            : 751                
MAC Address       : 00:00:00:00:00:10   Arp Timeout       : 14400              
IP MTU            : 1524                ICMP Mask Reply   : True               
Arp Populate      : Disabled            Host Conn Verify  : Disabled           
LdpSyncTimer      : None                                                       
Proxy ARP Details
Rem Proxy ARP     : Disabled            Local Proxy ARP   : Disabled           
Policies          : none     
                                                  
ICMP Details
Unreachables : Number - 100                     Time (seconds)   - 10   
TTL Expired  : Number - 100                     Time (seconds)   - 10   
 
IPCP Address Extension Details
Peer IP Addr      : Not configured                                             
Peer Pri DNS Addr : Not configured                                             
Peer Sec DNS Addr : Not configured 
===============================================================================    
Table 98:  Show Service ID All Output Fields  

Label

Description

Service Detailed Information

Service Id

Service ID number

Service Type

Type of service (IES)

Name

The service name

Description

Generic information about the service

Customer Id

Customer ID number

Last Status Change

Date and time of the most recent status change to this service

Last Mgmt Change

Date and time of the most recent management-initiated change to this service

Admin State

Desired state of the service

Oper State

Operating state of the service

MTU

Service MTU

SAP Count

Number of SAPs specified for this service

Service Access Points

Service Id

Service Identifier

SAP

ID of the access port where this SAP is defined

Encap

Encapsulation type for this SAP on the access port

Admin State

Desired state of the SAP

Oper State

Operating state of the SAP

Flags

Conditions that affect the operating status of this SAP. Display output includes ServiceAdminDown, PortOperDown, and so on.

Multi Svc Site

Indicates the multi-service site that the SAP is a member

Last Status Change

Date and time of the most recent status change to this SAP

Last Mgmt Change

Date and time of the most recent management-initiated change to this SAP

Admin MTU

Desired largest service frame size (in octets) that can be transmitted through this SAP to the far-end router, without requiring the packet to be fragmented

Oper MTU

Actual largest service frame size (in octets) that can be transmitted through this SAP to the far-end router, without requiring the packet to be fragmented

Ingr IP Fltr-Id

Ingress IP filter policy ID assigned to the SAP

Egr IP Fltr-Id

Egress IP filter policy ID assigned to the SAP

Ingr Mac Fltr-Id

Ingress MAC filter policy ID assigned to the SAP (not applicable)

Egr Mac Fltr-Id

Egress MAC filter policy ID assigned to the SAP (not applicable)

Ingr IPv6 Fltr-Id

Specifies the ingress IPv6 filter policy ID assigned to the SAP

Egr IPv6 Fltr-Id

Specifies the egress IPv6 filter policy ID assigned to the SAP

tod-suite

n/a

qinq-pbit-marking

Indicates the qinq P-bit marking for the SAP: both or top

Ing Scheduler Mode

Indicates the ingress scheduler mode for the SAP

Egr Scheduler Mode

Indicates the egress scheduler mode for the SAP

Ing Agg Rate Limit

Indicates the PIR rate limit in the access ingress direction for the aggregate of the SAP queues

Egr Agg Rate Limit

Indicates the PIR rate limit in the access egress direction for the aggregate of the SAP queues

Ing Agg cir

Indicates the CIR rate limit in the access ingress direction for the aggregate of the SAP queues

Egr Agg cir

Indicates the CIR rate limit in the access egress direction for the aggregate of the SAP queues

Ing Shaper Group

Indicates the ingress shaper group for the SAP

Egr Shaper Group

Indicates the egress shaper group for the SAP

Acct. Pol

Accounting policy applied to the SAP

Collect Stats

Specifies whether accounting statistics are collected on the SAP

QOS

Ingress qos-policy

SAP ingress QoS policy ID

Egress qos-policy

SAP egress QoS policy ID

Sap Statistics

Last Cleared Time

Date and time that a clear command was issued on statistics

Forwarding Engine Stats

Dropped

Number of packets or octets dropped by the forwarding engine

Off. HiPrio

Number of high-priority packets or octets offered to the forwarding engine

Off. LowPrio

Number of low-priority packets offered to the forwarding engine

Queueing Stats (Ingress QoS Policy)

Dro. HiPrio

Number of high-priority packets or octets discarded, as determined by the SAP ingress QoS policy

Dro. LowPrio

Number of low-priority packets discarded, as determined by the SAP ingress QoS policy

For. InProf

Number of in-profile packets or octets (rate below CIR) forwarded, as determined by the SAP ingress QoS policy

For. OutProf

Number of out-of-profile packets or octets (rate above CIR) forwarded, as determined by the SAP ingress QoS policy

Queueing Stats (Egress QoS Policy)

Dro. InProf

Number of in-profile packets or octets discarded, as determined by the SAP egress QoS policy

Dro. OutProf

Number of out-of-profile packets or octets discarded, as determined by the SAP egress QoS policy

For. InProf

Number of in-profile packets or octets (rate below CIR) forwarded, as determined by the SAP egress QoS policy

For. OutProf

Number of out-of-profile packets or octets (rate above CIR) forwarded, as determined by the SAP egress QoS policy

Sap per Queue stats

Ingress Queue n

Index of the ingress QoS queue of this SAP, where n is the index number

Off. HiPrio

Number of packets or octets of high-priority traffic for the SAP (offered)

Off. LoPrio

Number of packets or octets count of low-priority traffic for the SAP (offered)

Dro. HiPrio

Number of high-priority traffic packets or octets dropped

Dro. LoPrio

Number of low-priority traffic packets or octets dropped

For. InProf

Number of in-profile packets or octets (rate below CIR) forwarded

For. OutProf

Number of out-of-profile packets or octets (rate above CIR) forwarded

Egress Queue n

Index of the egress QoS queue of the SAP, where n is the index number

For. InProf

Number of in-profile packets or octets (rate below CIR) forwarded

For. OutProf

Number of out-of-profile packets or octets (rate above CIR) forwarded

Dro. InProf

Number of in-profile packets or octets dropped for the SAP

Dro. OutProf

Number of out-of-profile packets or octets discarded

ATM SAP Configuration Information

Ingress TD Profile

Profile ID of the traffic descriptor applied to the ingress SAP

Egress TD Profile

Profile ID of the traffic descriptor applied to the egress SAP

Alarm Cell Handling

Indicates that OAM cells are being processed

AAL-5 Encap

AAL-5 encapsulation type—this is always mux-ip

OAM Termination

Indicates whether this SAP is an OAM termination point

Services Interfaces

If Name

Name used to refer to the IES interface

Admin State

Administrative state of the interface

Oper State

Operational state of the interface

IP Addr/mask

IP address and subnet mask length of the interface

Address Type

Specifies whether the IP address for the interface is the primary or secondary address on the interface (this is always primary)

Broadcast Address

Broadcast address of the interface

If Index

Interface index corresponding to the IES interface

Virt. If Index

Virtual interface index of the IES interface

Last Oper Chg

Date and time of the last operating state change on the interface

Global IF Index

Global interface index of the IES interface

SAP Id

SAP identifier

TOS Marking

Specifies whether the ToS marking state is trusted or untrusted for the IP interface

If Type

Type of interface: IES

IES ID

Service identifier

MAC Address

IEEE 802.3 MAC address

Arp Timeout

Timeout for an ARP entry learned on the interface

IP MTU

IP maximum transmit unit for the interface

ICMP Mask Reply

Specifies whether the IP interface replies to a received ICMP mask request

ARP Populate

Indicates if ARP is enabled or disabled

Proxy ARP Details

Rem Proxy ARP

Indicates whether remote proxy ARP is enabled or disabled

Local Proxy ARP

Indicates whether local proxy ARP is enabled or disabled

Policies

Specifies the policy statements applied to proxy ARP

ICMP Details

Unreachables

Maximum number of ICMP destination unreachable messages that the IP interface will issue in a given period of time, in seconds

Disabled—indicates that the IP interface will not generate ICMP destination unreachable messages

TTL Expired

Maximum number of ICMP TTL expired messages that the IP interface will issue in a given period of time, in seconds

Disabled—indicates that the IP interface will not generate ICMP TTL expired messages

arp

Syntax 
arp [ip-address] | [mac ieee-address] | sap sap-id] | [interface ip-int-name]
Context 
show>service>id
Description 

This command displays the ARP table for the IES instance.

Parameters 
ip-address —
the IP address for which ARP entries will be displayed
Values—
all IP addresses
ieee-address—
the 48-bit MAC address for which ARP entries will be displayed. The MAC address can be expressed in the form aa:bb:cc:dd:ee:ff or aa-bb-cc-dd-ee-ff, where aa, bb, cc, dd, ee, and ff are hexadecimal numbers.
Values—
all MAC addresses
sap-id—
the SAP ID for which ARP entries will be displayed. See Table 39 for a full list of SAP IDs.
ip-int-name—
the interface name for which ARP entries will be displayed
Output 

The following output is an example of service ID ARP information, and Table 99 describes the fields.

Sample Output
*A:ALU-2# show service id 4 arp
===============================================================================
ARP Table
===============================================================================
IP Address      MAC Address       Type    Expiry    Interface         SAP
-------------------------------------------------------------------------------
3.2.3.3                           Other   00h00m00s to Internet       n/a
===============================================================================
*A:ALU-2#
Table 99:  Show Service ID ARP Output Fields  

Label

Description

ARP Table

IP Address

Specified IP address

MAC Address

Specified MAC address

Type

Static—FDB entries created by management

Learned—dynamic entries created by the learning process

OAM—entries created by the OAM process

Other—local entries created for the IP interfaces

Expiry

Age of the ARP entry

Interface

Interface applied to the service

SAP

SAP ID

base

Syntax 
base
Context 
show>service>id
Description 

This command displays basic information about the service specified by the ID.

Output 

The following output is an example of service ID base information, and Table 100 describes the fields.

Sample Output
*A:ALU-2# show service id 4 base
===============================================================================
Service Basic Information
===============================================================================
Service Id        : 4                 
Service Type      : IES
Name              : IES4
Description       : Default IES description for service ID 4
Customer Id       : 1
Last Status Change: 01/07/2010 21:58:44
Last Mgmt Change  : 01/07/2010 22:14:40
Admin State       : Up                Oper State        : Up
SAP Count         : 2
-------------------------------------------------------------------------------
Service Access & Destination Points
-------------------------------------------------------------------------------
Identifier                               Type         AdmMTU  OprMTU  Adm  Opr
-------------------------------------------------------------------------------
sap:1/1/3                                null         1514    1514    Up   Up
===============================================================================
Table 100:  Show Service ID Base Output Fields  

Label

Description

Service Basic Information

Service Id

Service ID number

Service Type

Type of service

Name

The service name

Description

Generic information about the service

Customer Id

Customer ID number

Last Status Change

Date and time of the most recent status change to this service

Last Mgmt Change

Date and time of the most recent management-initiated change to this service

Admin State

Desired state of the service

Oper State

Operating state of the service

SAP Count

Number of SAPs specified for this service

Service Access & Destination Points

Identifier

SAP ID

Type

Signaling protocol used to obtain the ingress and egress labels used in frames transmitted and received

AdmMTU

Desired largest service frame size (in octets) that can be transmitted to the far-end router without requiring the packet to be fragmented

OprMTU

Actual largest service frame size (in octets) that can be transmitted to the far-end router without requiring the packet to be fragmented

Adm

Administrative state of the SAP

Opr

Operating state of the SAP

dhcp

Syntax 
dhcp
Context 
show>service>id
Description 

This command enables the context to display DHCP information for the IES service.

statistics

Syntax 
statistics [interface {interface-name | ip-address}]
Context 
show>service>id>dhcp
Description 

This command displays DHCP statistics information.

Parameters 
interface-name—
the interface name for which DHCP statistics will be displayed
ip-address—
the IP address of the interface for which to display information
Values—
a.b.c.d (host bits must be 0)
Output 

The following output is an example of service ID DHCP statistics information, and Table 101 describes the fields.

Sample Output
*A:ALU-2# show service id 4 dhcp statistics
===================================================================
DHCP Global Statistics, service 4
===================================================================
Rx Packets                           : 0
Tx Packets                           : 0
Rx Malformed Packets                 : 0
Rx Untrusted Packets                 : 0
Client Packets Discarded             : 0
Client Packets Relayed               : 0
Server Packets Discarded             : 0
Server Packets Relayed               : 0
===================================================================
Table 101:  Show Service ID DHCP Statistics Output Fields  

Label

Description

DHCP Global Statistics, service x

Rx Packets

Number of packets received

Tx Packets

Number of packets transmitted

Rx Malformed Packets

Number of malformed packets received

Rx Untrusted Packets

Number of untrusted packets received

Client Packets Discarded

Number of packets from the DHCP client that were discarded

Client Packets Relayed

Number of packets from the DHCP client that were forwarded

Server Packets Discarded

Number of packets from the DHCP server that were discarded

Server Packets Relayed

Number of packets from the DHCP server that were forwarded

summary

Syntax 
summary [interface interface-name | saps]
Context 
show>service>id>dhcp
Description 

This command displays a summary of DHCP configuration.

Parameters 
interface-name—
the interface name for which DHCP summary information will be displayed
saps—
displays SAPs per interface
Output 

The following output is an example of service ID DHCP summary information, and Table 102 describes the fields.

Sample Output
*A:ALU-2 show service id 4 dhcp summary 
===============================================================================
DHCP Summary, service 4
===============================================================================
Interface Name                   Arp      Used/                 Info    Admin
  SapId/Sdp                      Populate Provided              Option  State
-------------------------------------------------------------------------------
to Internet                      No       0/0                   Keep    Down
-------------------------------------------------------------------------------
Interfaces: 1
===============================================================================
*A:ALU-2
Table 102:  Show Service ID DHCP Summary Output Fields  

Label

Description

DHCP Summary, service x

Interface Name SapID/Sdp

Name of the interface

Arp Populate

Specifies whether ARP populate is enabled

Used/Provided:

Used—number of lease-states that are currently in use on the specified interface; that is, the number of clients on the interface that got an IP address by DHCP. This number is always less than or equal to the “Provided” field.

Provided—lease-populate value configured for the specified interface

Info Option

Specifies whether Option 82 processing is enabled on the interface

Admin State

Administrative state

interface

Syntax 
interface [{[ip-address | ip-int-name] [interface-type] [detail] [family]} | summary]
Context 
show>service>id
Description 

This command displays information for the IP interfaces associated with the IES service.

Parameters 
ip-address—
only displays the interface information associated with the specified IP address
Values—
ipv4-address:    a.b.c.d (host bits must be 0)
ipv6-address:     x:x:x:x:x:x:x:x (eight 16-bit pieces)
                             x:x:x:x:x:x:d.d.d.d
                             x:   [0 to FFFF]H
                             d:   [0 to 255]D
ip-int-name—
the IP interface name for which to display information
interface-type—
displays either group or subscriber interfaces
detail—
displays detailed IP interface information
family—
displays the specified router IP interface family
Values—
ipv4—displays only those peers that have the IPv4 family enabled
ipv6 —displays the peers that are IPv6-capable
summary—
displays summary IP interface information
Output 

The following output is an example of service ID interface information, and Table 103 describes the fields.

Sample Output
*A:ALU-2 show service id 4 interface
===============================================================================
Interface Table
===============================================================================
Interface-Name                   Adm         Opr(v4/v6)  Type    Port/SapId
   IP-Address                                                    PfxState
-------------------------------------------------------------------------------
to Internet                      Up          Down/Down   IES     n/a
   3.2.3.3/24                                                    n/a
-------------------------------------------------------------------------------
Interfaces : 1
===============================================================================
*A:ALU-2 
Table 103:  Show Service ID Interface Output Fields  

Label

Description

Interface Table

Interface-Name

Name of the interface

IP-Address

IP address of the interface

Adm

Administrative state of the interface

Opr (v4/v6)

Operational state of the interface

Type

Service type

Port/SapId PfxState

Port or SAP associated with the interface

sap

Syntax 
sap [sap-id] [detail]
Context 
show>service>id
Description 

This command displays information for the SAP associated with the IES service.

Parameters 
sap-id—
the SAP ID for which SAP information will be displayed. See Table 39 for a full list of SAP IDs.
detail—
displays detailed SAP information
Output 

The following output is an example of IES service SAP information. See Table 50 in VLL Services Command Reference for field descriptions.

Sample Output
*A:7705custDoc:Sar18>show>service# id 6000 sap 1/12/6 detail
===============================================================================
Service Access Points(SAP)
===============================================================================
Service Id         : 6000
SAP                : 1/12/6                   Encap             : null
Description        : (Not Specified)
Admin State        : Up                       Oper State        : Down
Flags              : ServiceAdminDown
                     PortOperDown
Multi Svc Site     : None
Last Status Change : 10/01/2012 19:47:49
Last Mgmt Change   : 10/02/2012 17:21:04
Sub Type           : regular
Dot1Q Ethertype    : 0x8100                   QinQ Ethertype    : 0x8100
Split Horizon Group: (Not Specified)
Admin MTU          : 1514                     Oper MTU          : 1514
Ingr IP Fltr-Id    : n/a                      Egr IP Fltr-Id    : n/a
Ingr Mac Fltr-Id   : n/a                      Egr Mac Fltr-Id   : n/a
Ingr IPv6 Fltr-Id  : n/a                      Egr IPv6 Fltr-Id  : n/a
tod-suite          : None                     qinq-pbit-marking : n/a
Ing Scheduler Mode : 16-priority              Egr Scheduler Mode: 16-priority
Ing Agg Rate Limit : 1000                     Egr Agg Rate Limit: 2000
Ing Agg cir        : 100                      Egr Agg cir       : 200
Ing Shaper Group   : n/a                      Egr Shaper Group  : n/a
Q Frame-Based Acct : Disabled
Acct. Pol          : None                     Collect Stats     : Disabled
Anti Spoofing      : None                     Avl Static Hosts  : 0
                                              Tot Static Hosts  : 0
Calling-Station-Id : n/a
Application Profile: None
-------------------------------------------------------------------------------
QOS
-------------------------------------------------------------------------------
Ingress qos-policy : 1                        Egress qos-policy : 1
Shared Q plcy      : n/a                      Multipoint shared : Disabled
-------------------------------------------------------------------------------
Sap Statistics
-------------------------------------------------------------------------------
Last Cleared Time     : N/A
                        Packets                 Octets
Forwarding Engine Stats
Dropped               : 0                       0
Off. HiPrio           : 0                       0
Off. LowPrio          : 0                       0
Queueing Stats(Ingress QoS Policy 1)
Dro. HiPrio           : 0                       0
Dro. LowPrio          : 0                       0
For. InProf           : 0                       0
For. OutProf          : 0                       0
Queueing Stats(Egress QoS Policy 1)
Dro. InProf           : 0                       0
Dro. OutProf          : 0                       0
For. InProf           : 0                       0
For. OutProf          : 0                       0
-------------------------------------------------------------------------------
Sap per Queue stats
-------------------------------------------------------------------------------
                        Packets                 Octets
Ingress Queue 1 (Priority)
Off. HiPrio           : 0                       0
Off. LoPrio           : 0                       0
Dro. HiPrio           : 0                       0
Dro. LoPrio           : 0                       0
For. InProf           : 0                       0
For. OutProf          : 0                       0
Egress Queue 1
For. InProf           : 0                       0
For. OutProf          : 0                       0
Dro. InProf           : 0                       0
Dro. OutProf          : 0                       0
===============================================================================
*A:7705custDoc:Sar18>show>service# 

ingress-label

Syntax 
ingress-label start-label [end-label]
Context 
show>service
Description 

This command displays service information using the range of ingress labels.

If only the mandatory start-label parameter is specified, only services using the specified label are displayed.

If both start-label and end-label parameters are specified, the services using the labels in the specified range are displayed.

Use the show router ldp bindings command to display dynamic labels.

Parameters 
end-label—
the ending ingress label value for which to display services using the label range
Values—
 2049 to 131071
Values—
the start-label value
start-label—
the starting ingress label value for which to display services using the label range. If only start-label is specified, only services using start-label are displayed.
Values—
0, or 2048 to 131071
Output 

The following output is an example of service ingress label information, and Table 104 describes the fields.

Sample Output

In the sample below, services 3, 5 and 6 are IES, and services 5000 and 5001 are VPLS services.

*A:ALU-12>show>service# ingress-label 0 131071
===============================================================================
Martini Service Labels
===============================================================================
Svc Id     Sdp Binding        Type  I.Lbl                 E.Lbl
-------------------------------------------------------------------------------
3          15:15              Spok  0                     0
5          5:5                Spok  0                     0
6          5:6                Spok  0                     0
5000       15:5000            Mesh  0                     0
5000       15:5001            Spok  0                     0
5001       5001:100           Spok  0                     0
-------------------------------------------------------------------------------
Number of Bindings Found : 6
-------------------------------------------------------------------------------
===============================================================================
*A:ALU-12#
Table 104:  Show Service ingress Output FIelds 

Label

Description

Svc Id

The ID that identifies a service

Sdp Binding

The ID that identifies an SDP

Type

Indicates whether the SDP binding is a spoke or a mesh

I. Lbl

The VC label used by the far-end device to send packets to the 7705 SAR in this service by the SDP

E. Lbl

The VC label used by the 7705 SAR to send packets to the far-end device in this service by the SDP

Number of Bindings Found

The total number of SDP bindings that exist within the specified label range

sap-using

Syntax 
sap-using [sap sap-id]
sap-using interface [ip-address | ip-int-name]
sap-using description
sap-using [ingress | egress] atm-td-profile td-profile-id
sap-using [ingress | egress] filter filter-id
sap-using [ingress | egress] qos-policy [qos-policy-id | qos-policy-name]
sap-using [ingress | egress] scheduler-mode {4-priority | 16-priority}
sap-using [ingress | egress] shaper-group shaper-group-name
Context 
show>service
Description 

This command displays SAP information.

If no optional parameters are specified, the command displays a summary of all defined SAPs.

The atm-td-profile command applies only to HSDPA offload (that is, IES management service).

Parameters 
sap-id—
the SAP ID for which SAP information will be displayed. See Table 39 for a full list of SAP IDs.
ip-address—
only displays the interface information associated with the specified IP address
Values—
ipv4-address:     a.b.c.d (host bits must be 0)
ipv6-address:     x:x:x:x:x:x:x:x (eight 16-bit pieces)
                             x:x:x:x:x:x:d.d.d.d
                             x:   [0 to FFFF]H
                             d:   [0 to 255]D
ip-int-name—
the IP interface name for which to display information
description—
displays a SAP summary table with description information
ingress—
specifies matching an ingress policy
egress—
specifies matching an egress policy
td-profile-id
displays SAPs using this traffic description
filter-id—
specifies the ingress filter policy for which to display matching SAP specifies. The filter ID or filter name must already exist within the created IP filters.
Values—
1 to 65535 or filter-name (up to 64 characters)
qos-policy-id
 the ingress or egress QoS policy ID for which to display matching SAPs
Values—
1 to 65535
qos-policy-name
 the ingress or egress QoS policy name for which to display matching SAPs
Values—
up to 64 characters
scheduler-mode—
specifies the scheduler mode for which to display the SAPs
shaper-group—
specifies the shaper group for which to display matching SAPs
Output 

The following output is an example of service SAP-using information, and Table 105 describes the fields.

Sample Output
*A:ALU-48# show service sap-using
==============================================================================
Service Access Points 
==============================================================================
PortId            SvcId     Ing.  Ing.    Egr.  Egr.   Adm  Opr   
                            QoS   Fltr    QoS   Fltr                
------------------------------------------------------------------------------
1/2/7:1           103       1     none    1     none   Up   Up   
1/2/7:2           104       1     none    1     none   Up   Up   
1/2/7:3           105       1     none    1     none   Up   Up   
1/1/1.1           303       1     none    1     none   Up   Up   
1/1/1.2           304       1     none    1     none   Up   Up   
1/1/1.3           305       1     none    1     none   Up   Up   
1/1/9.1:10/50     701       1     none    1     none   Up   Down 
1/1/9.1:20        702       1     none    1     none   Up   Down 
1/1/9.1:10/51     703       1     none    1     none   Up   Down 
1/1/9.1:30        704       1     none    1     none   Up   Down 
1/1/9.1:10/52     705       1     none    1     none   Up   Down 
1/1/9.1:40        706       1     none    1     none   Up   Down 
1/1/9.1:11/50     805       1     none    1     none   Up   Down 
1/1/9.1:21        806       1     none    1     none   Up   Down 
1/1/9.1:12/52     807       1     none    1     none   Up   Down 
1/1/9.1:41        808       1     none    1     none   Up   Down 
1/1/1.9           903       1     none    1     none   Up   Up   
1/1/1.10          904       1     none    1     none   Up   Up   
------------------------------------------------------------------------------
Number of SAPs : 18
-------------------------------------------------------------------------------
===============================================================================
*A:ALU-48#
*A:ALU-48# show service sap-using sap 1/1/21:0
===============================================================================
Service Access Points Using Port 1/1/21:0
===============================================================================
PortId                 SvcId      Ing.  Ing.    Egr.  Egr.    Adm  Opr
                                  QoS   Fltr    QoS   Fltr    
-------------------------------------------------------------------------------
1/1/21:0               1          1     none    1     none    Up   Down
-------------------------------------------------------------------------------
Number of SAPs : 1
-------------------------------------------------------------------------------
===============================================================================
*A:ALU-48#
*A:ALU-48# show service sap-using description
==============================================================================
Service Access Points 
==============================================================================
PortId                             SvcId        Adm  Opr  Description  
------------------------------------------------------------------------------
1/1/2                              1            Down Down (Not Specified)   
1/2/1.1                            4            Up   Down (Not Specified)
1/10/4                             5            Up   Down (Not Specified)
------------------------------------------------------------------------------
Number of SAPs : 3
-------------------------------------------------------------------------------
===============================================================================
*A:ALU-48#
*A:ALU-48# show service sap-using egress atm-td-profile 1 
==============================================================================
Service Access Point Using ATM Traffic Profile 1
==============================================================================
PortId            SvcId     Ing.  Ing.    Egr.  Egr.   Adm  Opr   
                            QoS   Fltr    QoS   Fltr                
------------------------------------------------------------------------------
1/1/9.1:10/50     701       1     none    1     none   Up   Down 
1/1/9.1:20        702       1     none    1     none   Up   Down 
1/1/9.1:10/51     703       1     none    1     none   Up   Down 
1/1/9.1:30        704       1     none    1     none   Up   Down 
1/1/9.1:10/52     705       1     none    1     none   Up   Down 
1/1/9.1:40        706       1     none    1     none   Up   Down 
1/1/9.1:11/50     805       1     none    1     none   Up   Down 
1/1/9.1:21        806       1     none    1     none   Up   Down 
1/1/9.1:12/52     807       1     none    1     none   Up   Down 
1/1/9.1:41        808       1     none    1     none   Up   Down 
------------------------------------------------------------------------------
Saps : 10
=============================================================================== 
*A:ALU-12# 
*A:7705custDoc:Sar18>show>service# sap-using ingress scheduler-mode 4-priority
======================================================================
Service Access Points Using Ingress 4-priority Scheduler Mode
======================================================================
PortId                          SvcId      Scheduler Mode    Adm  Opr
----------------------------------------------------------------------
1/12/6                          6000       4-priority        Up   Down
----------------------------------------------------------------------
Number of SAPs : 1
----------------------------------------------------------------------
======================================================================
*A:7705custDoc:Sar18>show>service#
*A:7705custDoc:Sar18>show>service# sap-using ingress shaper-group test_sg1
===============================================================================
Service Access Points Using Ingress Shaper Group "test_sg1"
===============================================================================
PortId                      SvcId      Scheduler   Shaper Policy           Opr
                                       Mode
-------------------------------------------------------------------------------
1/2/1                       30         4-priority  test_shaper_policy      Down
-------------------------------------------------------------------------------
Number of SAPs : 1
-------------------------------------------------------------------------------
===============================================================================
*A:Sar18 Dut-B>config>service>epipe>sap>ingress#
Table 105:  Show Service SAP-Using Output Fields  

Label

Description

Service Access Point Using...

PortID

ID of the access port where the SAP is defined

SvcID

Service identifier

Ing.QoS

SAP ingress QoS policy number specified on the ingress SAP

Ing. Fltr

IP filter policy applied to the ingress SAP

Egr.QoS

SAP egress QoS policy number specified on the egress SAP

Egr. Fltr

IP filter policy applied to the egress SAP

Scheduler Mode

The scheduler mode of the SAP: 4-priority or 16-priority

Shaper Policy

Identifies the shaper policy that the shaper group belongs to

Adm

Desired state of the SAP

Opr

Actual state of the SAP

Description

The description of the SAP

Number of SAPs/Saps

Number of SAPs using this service

service-using

Syntax 
service-using [ies] [customer customer-id]
Context 
show>service
Description 

This command displays the services matching certain usage properties. If no optional parameters are specified, all services defined on the system are displayed.

Parameters 
ies—
displays matching IES services
customer-id—
displays only those services associated with the specified customer ID
Values—
1 to 2147483647
Output 

The following output is an example of service-using information, and Table 106 describes the fields.

Sample Output
*A:ALU-2# show service service-using ies
===============================================================================
Services [ies]
===============================================================================
ServiceId    Type      Adm    Opr        CustomerId        Last Mgmt Change
-------------------------------------------------------------------------------
4            IES       Down   Down       1                 01/07/2010 22:14:40
23           IES       Down   Down       1                 01/07/2010 21:58:44
-------------------------------------------------------------------------------
Matching Services : 2
-------------------------------------------------------------------------------
===============================================================================
*A:ALU-2#
Table 106:  Show Service Service-Using Output Fields  

Label

Description

ServiceID

ID that defines the service

Type

Service type configured for the service ID

Adm

Administrative state of the service

Opr

Operational state of the service

CustomerId

ID of the customer owning the service

Last Mgmt Change

Date and time of the most recent management-initiated change to this service

Matching Services

Number of services of the same type

Clear Commands

id

Syntax 
id service-id
Context 
clear>service
Description 

This command clears commands for a specific service.

Parameters 
service-id—
uniquely identifies a service by service number or name

dhcp

Syntax 
dhcp
Context 
clear>service>id
Description 

This command enables the context to clear DHCP parameters.

dhcp6

Syntax 
dhcp6
Context 
clear>service>id
Description 

This command enables the context to clear DHCPv6 parameters.

statistics

Syntax 
statistics [ip-int-name | ip-address]
Context 
clear>service>id>dhcp
clear>service>id>dhcp6
Description 

This command clears statistics for DHCP and DHCPv6 Relay.

If no interface name or IP address is specified, statistics are cleared for all configured interfaces.

If an interface name or IP address is specified, statistics are cleared only for that interface.

Parameters 
ip-int-name—
32 characters maximum
ip-address—
IPv4 or IPv6 address
Values—
ipv4-address:    a.b.c.d
ipv6-address:    x:x:x:x:x:x:x:x (eight 16-bit pieces)
                             x:x:x:x:x:x:d.d.d.d
                             x:   [0 to FFFF]H
                             d:   [0 to 255]D

Debug Commands

id

Syntax 
id service-id
Context 
debug>service
Description 

This command debugs commands for a specific service. The no form of the command disables debugging.

Parameters 
service-id—
the ID that uniquely identifies an IES service by service number or name