This command creates a text description stored in the configuration file for a configuration context.
The no form of this command removes the string from the context.
The dhcp and dhcp6-relay commands do not apply to IES when used for in-band management.
This command administratively disables an entity. The operational state of the entity is disabled as well as the operational state of any entities contained within. When disabled, an entity does not change, reset, or remove any configuration settings or statistics. Many objects must be shut down before they may be deleted. Many entities must be explicitly enabled using the no shutdown command.
The no form of this command places the entity into an administratively enabled state.
The dhcp and dhcp6-relay commands do not apply to IES when used for in-band management.
Services are created in the administratively down (shutdown) state. When a no shutdown command is entered, the service becomes administratively up and tries to enter the operationally up state. Default administrative states for services and service entities are described in the following Special Cases.
For example, if:
1) An IES service is operational and its associated interface is shut down
2) The IES service is administratively shut down and brought back up
3) The interface that is shut down remains in the administrative shutdown state
A service is regarded as operational provided that one IP interface is operational.
It is not possible to make configuration changes to an IP transport subservice without performing a shutdown first.
The operational state of an IP transport subservice is relative to the operational state of the serial port for which the IP transport subservice is defined. When a serial port is shut down, the IP transport subservice associated with the serial port becomes operationally down.
When the no shutdown command is executed for an IP transport subservice, it becomes operationally up, serial data from the serial port is encapsulated in TCP/UDP packets destined for remote hosts, and TCP/UDP packets can be received by the local host, where raw serial data is then sent out the serial port.
This command enables Internet Enhanced Service (IES). On the 7705 SAR, IES is used for direct IP connectivity between customer access points as well as in-band management of the 7705 SAR over ATM links.
The no form of this command deletes the IES service instance with the specified service-id.
The service cannot be deleted until all the IP interfaces defined within the service ID have been shut down and deleted.
This command configures a service name that can be used in other configuration commands and show commands that reference the service.
This command creates a logical IP routing interface for an Internet Enhanced Service (IES). Once created, attributes like an IP address and service access point (SAP) can be associated with the IP interface.
The interface command, under the context of services, creates and maintains IP routing interfaces within IES service IDs. The interface command can be executed in the context of an IES service ID. Two SAPs can be assigned to a single group interface.
Interface names are case-sensitive and must be unique within the group of IP interfaces defined for config router interface and config service ies interface (that is, the network core router instance). Interface names cannot be in the dotted-decimal notation of an IP address. For example, the name “1.1.1.1” is not allowed, but “int-1.1.1.1” is allowed. Show commands for router interfaces use either interface names or the IP addresses. Use unique IP address values and IP address names to maintain clarity. It could be unclear to the user if the same IP address and IP address name values are used. Although not recommended, duplicate interface names can exist in different router instances.
When a new name is entered, a new logical router interface is created. When an existing interface name is entered, the user enters the router interface context for editing and configuration.
There are no default IP interface names defined within the system. All IES IP interfaces must be explicitly defined. Interfaces are created in an enabled state.
The no form of this command removes the IP interface and all the associated configurations. The interface must be administratively shut down before issuing the no interface command. The IP interface must be shut down before the SAP on that interface can be removed.
no interface
This command assigns an IP address and IP subnet to an IES IP interface. Only one IP address can be associated with an IP interface.
An IP address must be assigned to each IP interface. An IP address and a mask combine to create a local IP prefix. The defined IP prefix must be unique within the context of the routing instance. The IP prefix cannot overlap with other existing IP prefixes defined as local subnets on other IP interfaces in the same routing context within the 7705 SAR.
The IP address for the interface can be entered in either CIDR (classless inter-domain routing) notation or traditional dotted-decimal notation. Show commands display CIDR notation and are stored in configuration files.
By default, no IP address or subnet association exists on an IP interface until it is explicitly created.
The no form of the command removes the IP address assignment from the IP interface. The no form of this command can only be performed when the IP interface is administratively shut down. Shutting down the IP interface brings the interface operationally down.
no address
This command configures the time interval in which BFD control messages are transmitted and received on the interface. The multiplier parameter specifies the number of consecutive BFD messages that must be missed by the peer node before the BFD session closes and the upper layer protocols (OSPF, IS-IS, BGP, PIM) are notified of the fault.
no bfd
Note: The BFD session must be disabled before the type np parameter can be changed. |
This command configures the IP maximum transmit unit (packet size) for this interface.
The no form of the command returns the default value.
This command creates a SAP within an IES service. Each SAP must be unique.
All SAPs must be explicitly created with the create keyword. If no SAPs are created within a service or on an IP interface, a SAP will not exist on that object.
Enter an existing SAP without the create keyword to edit SAP parameters.
A SAP can only be associated with a single service. The SAP is owned by the service in which it was created. An IES SAP can only be defined on an ATM port or IMA group that has been configured as an access port in the config>port port-id context using the mode access command. Fractional TDM ports are always access ports. Refer to the 7705 SAR Interface Configuration Guide for information on access ports.
If a port is shut down, all SAPs on that port become operationally down. When a service is shut down, SAPs for the service are not displayed as operationally down although all traffic traversing the service will be discarded. The operational state of a SAP is relative to the operational state of the port on which the SAP is defined.
The no form of this command deletes the SAP with the specified port. When a SAP is deleted, all configuration parameters for the SAP will also be deleted.
no sap
This command enables access to the context to associate ingress filter policies with the SAP.
If an ingress filter is not defined, no filtering is performed.
This command associates an IP filter policy with an ingress SAP. Filter policies control the forwarding and dropping of packets based on the IP match criteria. Only one filter ID can be specified.
The filter policy must already be defined before the filter command is executed. If the filter policy does not exist, the operation fails and an error message is returned. Filters applied to the ingress SAP apply to all IP packets on the SAP.
The no form of this command removes any configured filter ID association with the SAP.
no filter
Note: For information on configuring IP filter IDs, refer to the 7705 SAR Router Configuration Guide, “Filter Policies”. |
This command enables access to the context to configure ATM-related attributes. This command can only be used when a given context (for example, a channel or SAP) supports ATM functionality such as:
If ATM functionality is not supported for a given context, the command returns an error.
This command configures an ATM VC SAP for encapsulation in accordance with RFC 2684, Multiprotocol Encapsulation over ATM Adaptation Layer 5. This command is only supported in the IP over ATM management context.
The only supported encapsulation type is aal5mux-ip.
Ingress traffic that does not match the configured encapsulation is dropped.
aal5mux-ip
This command provides access to the context to configure egress ATM traffic policies for the SAP.
This command provides access to the context to configure ingress ATM traffic policies for the SAP.
This command assigns an ATM traffic descriptor profile to an egress or ingress SAP.
When configured under the ingress context, the specified traffic descriptor profile defines the traffic contract in the forward direction.
When configured under the egress context, the specified traffic descriptor profile defines the traffic contract in the backward direction.
Note: Proper configuration of the traffic descriptor profiles is essential for proper operation of the IES SAP. If no profile is assigned, the default UBR service category is assumed. All IES 7705 SAR traffic is scheduled; no shaping is supported in this mode. To ensure that IP traffic transported over the IES SAP is prioritized fairly, ATM layer traffic descriptors should be assigned. |
The no form of the command reverts to the default traffic descriptor profile.
The default traffic descriptor (trafficDescProfileId. = 1) is associated with newly created ATM VC SAPs.
This command enables the context to configure OAM functionality for an IES SAP.
The T1/E1 ASAP Adapter cards support F4 and F5 end-to-end OAM functionality (AIS, RDI, Loopback).
This command configures AIS/RDI fault management on a PVCC. Fault management allows PVCC terminations to monitor and report the status of their connection by propagating fault information through the network and by driving the PVCC operational status.
Layer 2 OAM AIS/RDI cells that are received on the IES SAP will cause the IP interface to be disabled.
The no command disables alarm-cells functionality for the SAP. When alarm-cells functionality is disabled, OAM cells are not generated as result of the SAP going into the operationally down state.
enabled
This command creates a logical IP routing interface for Internet Enhanced Service (IES). When created, attributes like an IP address and service access point (SAP) can be associated with the IP interface.
The interface command, under the context of services, creates and maintains IP routing interfaces within IES service IDs. The interface command can be executed in the context of an IES service ID. The IP interface created is associated with the service core network routing instance and the default routing table. Two SAPs can be assigned to a single group interface.
Interface names are case-sensitive and must be unique within the group of IP interfaces defined for config router interface and config service ies interface (that is, the network core router instance). Interface names cannot be in the dotted-decimal format of an IP address. For example, the name “1.1.1.1” is not allowed, but “int-1.1.1.1” is allowed. Show commands for router interfaces use either interface names or the IP addresses. Use unique IP address values and IP address names to maintain clarity. It could be unclear to the user if the same IP address and IP address name values are used. Although not recommended, duplicate interface names can exist in different router instances.
When a new name is entered, a new logical router interface is created. When an existing interface name is entered, the user enters the router interface context for editing and configuration.
There are no default IP interface names defined within the system. All IES IP interfaces must be explicitly defined. Interfaces are created in an enabled state.
The no form of this command removes the IP interface and all the associated configurations. The interface must be administratively shut down before issuing the no interface command. The IP interface must be shut down before the SAP on that interface can be removed.
no interface
This command assigns an IP address, IP subnet, and broadcast address format to an IES IP interface.
An IP address must be assigned to each IES IP interface. An IP address and a mask combine to create a local IP prefix. The defined IP prefix must be unique within the context of the routing instance. The IP prefix cannot overlap with other existing IP prefixes defined as local subnets on other IP interfaces in the same routing context within the 7705 SAR.
The IP address for the interface can be entered in either CIDR (classless inter-domain routing) notation or traditional dotted-decimal notation. Show commands display CIDR notation and are stored in configuration files.
By default, no IP address or subnet association exists on an IP interface until it is explicitly created.
The no form of the command removes the IP address assignment from the IP interface. The no form of this command can only be performed when the IP interface is administratively shut down. Shutting down the IP interface brings the interface operationally down.
no address
The broadcast format on an IP interface can be specified when the IP address is assigned or changed.
This parameter does not affect the type of broadcasts that can be received by the IP interface. A host sending either the local broadcast (all-ones) or the valid subnet broadcast address (host-ones) will be received by the IP interface.
This command enables the forwarding of directed broadcasts out of the IP interface.
A directed broadcast is a packet received on a local router interface destined for the subnet broadcast address of another IP interface. The allow-directed-broadcasts command on an IP interface enables or disables the transmission of packets destined for the subnet broadcast address of the egress IP interface.
When enabled, a frame destined for the local subnet on this IP interface is sent as a subnet broadcast out this interface.
Note: Allowing directed broadcasts is a well-known mechanism used for denial-of-service attacks. |
By default, directed broadcasts are not allowed and are discarded at this egress IP interface.
The no form of the command disables directed broadcasts forwarding out of the IP interface.
no allow-directed broadcasts
This command specifies the length of time, in 100s of milliseconds, that the system waits before reissuing a failed ARP request.
The no form of the command resets the interval to the default value.
Note: The ARP retry default value of 5000 ms is intended to protect CPU cycles on the 7705 SAR, especially when it has a large number of interfaces. Configuring the ARP retry timer to a value shorter than the default should be done only on mission-critical links, such as uplinks or aggregate spoke SDPs transporting mobile traffic; otherwise, the retry interval should be left at the default value. |
50 (in 100s of ms)
This command configures the minimum interval, in seconds, that an ARP entry learned on the IP interface is stored in the ARP table. ARP entries are automatically refreshed when an ARP request or gratuitous ARP is seen from an IP host. Otherwise, the ARP entry is aged from the ARP table.
If the arp-timeout value is set to 0 s, ARP aging is disabled.
The no form of the command reverts to the default value.
Note: The 7705 SAR will attempt to refresh an ARP entry 30 s prior to its expiry. This refresh attempt occurs only if the ARP timeout is set to 45 s or more. |
no arp-timeout
This command configures the time interval in which BFD control messages are transmitted and received on the interface. The multiplier parameter specifies the number of consecutive BFD messages that must be missed by the peer node before the BFD session closes and the upper layer protocols (OSPF, IS-IS, BGP, PIM) are notified of the fault.
no bfd
Note: The BFD session must be disabled before the type np parameter can be changed. |
This command enables the context to configure DHCP parameters.
This command configures the gateway interface address for the DHCP Relay Agent. By default, the GIADDR used in the relayed DHCP packet is the primary address of an interface. Specifying the GIADDR allows the user to choose a secondary address.
no gi-address
This command enables DHCP Option 82 (Relay Agent Information Option) parameters processing and enters the context for configuring Option 82 suboptions.
The no form of this command returns the system to the default.
no option
This command configures the Relay Agent Information Option (Option 82) processing.
The no form of this command returns the system to the default value.
keep
The behavior is slightly different in the case of Vendor Specific Options (VSOs). When the keep parameter is specified, the router will insert its own VSO into the Option 82 field. This will only be done if the incoming message already has an Option 82 field.
If no Option 82 field is present, the router will not create the Option 82 field. In this case, no VSO will be added to the message.
This command sends either an ASCII tuple or the interface index (If Index) on the specified SAP ID in the circuit-id suboption of the DHCP packet.
If disabled, the circuit-id suboption of the DHCP packet is left empty.
The no form of the command returns the system to the default.
ascii-tuple
This command sends the MAC address of the remote end (typically the DHCP client) in the remote-id suboption of the DHCP packet. This command identifies the host at the other end of the circuit.
If disabled, the remote-id suboption of the DHCP packet is left empty.
The no form of this command returns the system to the default.
remote-id
This command configures the vendor-specific suboption of the DHCP relay packet.
This command enables the sending of the MAC address in the vendor-specific suboption of the DHCP relay packet.
The no form of the command disables the sending of the MAC address.
This command enables the sending of the SAP ID in the vendor-specific suboption of the DHCP relay packet.
The no form of the command disables the sending of the SAP ID.
This command enables the sending of the service ID in the vendor-specific suboption of the DHCP relay packet.
The no form of the command disables the sending of the service ID.
This command specifies the string in the vendor-specific suboption of the DHCP relay packet.
The no form of the command reverts to the default value.
no string
This command specifies whether the system ID is encoded in the vendor-specific suboption of the DHCP relay packet.
This command specifies a list of servers where requests will be forwarded. The list of servers can be entered either as IP addresses or fully qualified domain names. There must be at least one server specified for DHCP relay to work. If there are multiple servers, the request is forwarded to all of the servers in the list.
There can be a maximum of 8 DHCP servers configured.
no server
As specified in RFC 3046, DHCP Relay Agent Information Option, a DHCP request where the giaddr is 0.0.0.0 and that contains a Option 82 field in the packet, should be discarded unless it arrives on a “trusted” circuit. If trusted mode is enabled on an IP interface, the Relay Agent (the router) will modify the request giaddr to be equal to the ingress interface and forward the request.
This behavior only applies when the action in the Relay Agent Information Option is “keep”. In the case where the Option 82 field is being replaced by the Relay Agent (action = “replace”), the original Option 82 information is lost, and therefore there is no reason to enable the trusted option.
The no form of this command returns the system to the default.
not enabled
This command enables access to the context to configure Internet Control Message Protocol (ICMP) parameters on a network IP interface. ICMP is a message control and error reporting protocol that also provides information relevant to IP packet processing.
This command enables or disables responses to ICMP mask requests on the router interface.
If a local node sends an ICMP mask request to the router interface, the mask-reply command configures the router interface to reply to the request.
The no form of the command disables replies to ICMP mask requests on the router interface.
mask-reply
This command configures the rate that ICMP Time To Live (TTL) expired messages are issued by the IP interface.
By default, generation of ICMP TTL expired messages is enabled at a maximum rate of 100 per 10-s time interval.
The no form of the command disables the generation of TTL expired messages.
ttl-expired 100 10—maximum of 100 TTL expired message in 10 s
This command enables and configures the rate for ICMP host and network destination unreachable messages issued on the router interface.
The unreachables command enables the generation of ICMP destination unreachable messages on the router interface. The rate at which ICMP unreachable messages are issued can be controlled with the optional number and seconds parameters by indicating the maximum number of destination unreachable messages that can be issued on the interface for a specified time interval.
By default, generation of ICMP destination unreachable messages is enabled at a maximum rate of 100 per 10-s time interval.
The no form of the command disables the generation of ICMP destination unreachable messages on the router interface.
unreachables 100 10—maximum of 100 unreachable messages in 10 s
This command configures the IP maximum transmit unit (packet size) for this interface.
The default value is derived from the port MTU. The no form of the command returns the default value.
no ip-mtu — uses the value derived from the port MTU
This command enables the context to configure IPCP. Within this context, IPCP extensions can be used to signal the remote IP address and DNS IP address to the PPP peer over the PPP/MLPPP interface. This command is only applicable if the associated SAP is a PPP/MLPPP interface.
This command defines the DNS addresses to be assigned to the far end of the associated PPP/MLPPP link via IPCP extensions. This command is only applicable if the associated SAP or port is a PPP/ MLPPP interface with an IPCP encapsulation.
The no form of the command deletes the specified primary DNS address, secondary DNS address, or both addresses from the IPCP extension peer-ip-address configuration.
no dns
This command defines the remote IP address to be assigned to the far end of the associated PPP/MLPPP link via IPCP extensions. This command is only applicable if the associated SAP or port is a PPP/MLPPP interface with an IPCP encapsulation.
The no form of the command deletes the IPCP extension peer-ip-address configuration.
no peer-ip-address (0.0.0.0)
This command configures Layer 4 load balancing at the interface level. Configuration must be done on the ingress network interface (that is, the interface on the node that the packet is received on). When enabled, Layer 4 source and destination port fields of incoming TCP/UDP packets are included in the hashing calculation to determine the distribution of packets.
You can add additional fields to generate more randomness and more equal distribution of packets with the teid-load-balancing command.
The default configuration on the interface is to match the Layer 4 load-balancing configuration in the config>system context. Using this command to modify Layer 4 load-balancing configuration on an interface overrides the system-wide load-balancing settings for that interface.
This command associates the interface with a local DHCP server configured on the system. A routed VPLS interface may not be associated with a local DHCP server.
The no form of the command removes the association of the interface with the local DHCP server.
n/a
This command enables local proxy ARP on the interface.
Local proxy ARP allows the 7705 SAR to respond to ARP requests received on an interface for an IP address that is part of a subnet assigned to the interface. The router responds to all requests for IP addresses within the subnet with its own MAC address and forwards all traffic between the hosts in the subnet.
Local proxy ARP is used on subnets where hosts are prevented from communicating directly.
When local-proxy-arp is enabled, ICMP redirects on the ports associated with the service are automatically blocked.
no local-proxy-arp
This command specifies that the interface is a loopback interface that has no associated physical interface. If this command is enabled, a SAP cannot be defined on the interface.
no loopback
This command assigns a specific MAC address to an IES IP interface.
The no form of the command returns the MAC address to the default value.
the physical MAC address associated with the Ethernet interface on which the SAP is configured (default MAC address assigned to the interface by the system)
This command enables proxy ARP on the interface and specifies an existing policy statement that controls the flow of routing information by analyzing match and action criteria. The policy statement is configured in the config>router>policy-options context (refer to the 7705 SAR Router Configuration Guide, “Route Policy Command Reference, Route Policy Options”). When proxy ARP is enabled, the 7705 SAR responds to ARP requests on behalf of another device.
no proxy-arp-policy
This command enables remote proxy ARP on the interface, allowing a router on one network to respond to ARP requests intended for another node that is physically located on another network. The router effectively pretends to be the destination node by sending an ARP response to the originating node that associates the router’s MAC address with the destination node’s IP address (acts as a proxy for the destination node). The router then takes responsibility for routing traffic to the real destination.
no remote-proxy-arp
This command assigns an secondary IP address, IP subnet, and broadcast address format to the interface.
no secondary
The broadcast format on an IP interface can be specified when the IP address is assigned or changed.
This parameter does not affect the type of broadcasts that can be received by the IP interface. A host sending either the local broadcast (all-ones) or the valid subnet broadcast address (host-ones) will be received by the IP interface.
The broadcast parameter within the secondary command does not have a negation feature, which is usually used to revert a parameter to the default value. To change the broadcast type to host-ones after being changed to all-ones, the secondary command must be executed with the broadcast parameter defined.
This command configures a static ARP entry associating an IP address with a MAC address for the core router instance. This static ARP appears in the core routing ARP table. A static ARP can only be configured if it exists on the network attached to the IP interface.
If an entry for a particular IP address already exists and a new MAC address is configured for the IP address, the existing MAC address is replaced by the new MAC address.
A router interface can only have one static ARP entry configured for it.
Static ARP is used when a 7705 SAR needs to know about a device on an interface that cannot or does not respond to ARP requests. Therefore, the 7705 SAR configuration can specify to send a packet with a particular IP address to the corresponding ARP address.
The no form of the command removes a static ARP entry.
no static-arp
This command configures the maximum segment size (MSS) in a TCP SYN or SYN-ACK packet during the establishment of a TCP connection. A tcp-mss value can be specified on an ingress interface, egress interface, or both. When configured on two interfaces, the smaller of the two values is used. If the TCP SYN packet has no TCP MSS field, the 7705 SAR assigns it the MSS value configured on the interface and recalculates the IP checksum. If the TCP SYN or SYN-ACK packet has an MSS field and the value is greater than the value configured on the interface, the 7705 SAR overwrites the packet MSS value with the lower value. If the MSS value is less than the value configured on the interface, the packet MSS value does not change.
This command is supported on interfaces with IPv4 and IPv6 traffic, and a different MSS value can be configured for the IPv4 and IPv6 interfaces. This command is not supported on IPSec public interfaces in IES.
no tcp-mss
This command configures TEID load balancing at the interface level. Configuration must be done on the ingress network interface (that is, the interface on the node that the packet is received on). The TEID attribute is included in the header of GTP (general packet radio system tunneling protocol) packets. When TEID load balancing is enabled, the TEID field of incoming TCP/UDP packets is included in the hashing calculation to randomly determine the distribution of packets.
You can add additional fields to generate more randomness and more equal distribution of packets with the l4-load-balancing command.
no teid-load-balancing
This command configures an IP interface as an unnumbered interface and specifies an IP address or interface name to be used for the interface. Unnumbered interfaces are point-to-point interfaces that are not explicitly configured with a dedicated IP address and subnet; instead, they borrow (or link to) an IP address from another interface on the system (the system IP address, another loopback interface, or any other numbered interface) and use it as the source IP address for packets originating from the interface.
By default, no IP address exists on an IP interface until it is explicitly created.
The no form of the command removes the IP address assignment from the IP interface.
no unnumbered
This command enables the context to configure IPv6 for an IES interface.
This command assigns an IPv6 address to the IES interface.
n/a
This command enables the context to configure DHCPv6 Relay parameters for the IES interface.
This command enables the context to configure DHCPv6 Relay information options.
This command enables the sending of interface ID options in the DHCPv6 Relay packet.
ascii-tuple
This command enables the sending of the remote ID option in the DHCPv6 Relay packet. The client DHCP Unique Identifier (DUID) is used as the remote ID.
This command specifies a list of servers where DHCPv6 requests will be forwarded. The list of servers can be entered either as IP addresses or fully qualified domain names. At least one server must be specified in order for DHCPv6 Relay to work. If there are multiple servers, the request is forwarded to all of them. A maximum of eight servers can be configured.
n/a
This command enables the context to configure ICMPv6 parameters on the IES interface.
This command configures the rate for ICMPv6 packet-too-big messages.
The no form of the command disables the sending of ICMPv6 packet-too-big messages.
100 10
This command configures the rate for ICMPv6 param-problem messages.
The no form of the command disables the sending of ICMPv6 param-problem messages.
100 10
This command configures the rate for ICMPv6 time-exceeded messages.
The no form of the command disables the sending of ICMPv6 time-exceeded messages.
100 10
This command enables and configures the rate for ICMPv6 host and network destination unreachable messages issued on the router interface.
The no form of the command disables the generation of ICMPv6 destination unreachables on the router interface.
100 10
This command configures an IPv6-to-MAC address mapping on the IES interface. Use this command if a directly attached IPv6 node does not support ICMPv6 neighbor discovery or a static address must be used. This command can only be used on Ethernet interfaces. The ipv6-address must be on the subnet that was configured from the IPv6 address command or a link-local address.
This command specifies the time an IPv6 neighbor remains in reachable state.
no reachable-time
This command specifies the time that an IPv6 neighbor cache entry remains in stale state. When the specified time elapses, the system removes the neighbor cache entry.
no stale-time
This command creates or edits a virtual router ID on the service IP interface. A virtual router ID is internally represented in conjunction with the IP interface name. This allows the virtual router ID to be used on multiple IP interfaces while representing different virtual router instances.
Two VRIDs can be defined on an IP interface. One, both, or none may be defined as owner.
The no form of this command removes the specified virtual router ID from the IP interface. This terminates VRRP participation for the virtual router and deletes all references to the virtual router ID. The virtual router ID does not need to be shut down in order to remove the virtual router instance.
n/a
This command assigns a simple text password authentication key to generate master VRRP advertisement messages and validate received VRRP advertisement messages.
If the command is re-executed with a different password key defined, the new key will be used immediately. If a no authentication-key command is executed, the password authentication key is restored to the default value. The authentication-key command may be executed at any time.
To change the current in-use password key on multiple virtual router instances:
The no form of this command restores the default value of the key.
The authentication data field contains the value 0 in all octets.
The authentication-key parameter is expressed as a string consisting up to eight alphanumeric characters. Spaces must be contained in quotation marks ( “ ” ). The quotation marks are not considered part of the string.
The string is case-sensitive and is left-justified in the VRRP advertisement message authentication data fields. The first field contains the first four characters with the first octet containing the first character. The second field holds the fifth through eighth characters. Any unspecified portion of the authentication data field is padded with the value 0 in the corresponding octet.
This option is useful when a user must configure the parameter, but for security purposes, the actual unencrypted key value is not provided.
This command configures virtual router IP addresses for backup.
This commands assigns a BFD session that provides a heart-beat mechanism for the given VRRP instance. Only one BFD session can be assigned to any given VRRP instance, but multiple VRRP sessions can use the same BFD session.
BFD controls the state of the associated interface. By enabling BFD on a given protocol interface, the state of the protocol interface is tied to the state of the BFD session between the local node and the remote node. The parameters used for the BFD session are set with the bfd-enable command under the IP interface.
The no form of this command removes BFD from the configuration.
n/a
This command configures a VRRP initialization delay timer.
no init-delay
This command assigns a specific MAC address to an IES IP interface.
The no form of the command returns the MAC address of the IP interface to the default value.
the physical MAC address associated with the Ethernet interface that the SAP is configured on (the default MAC address assigned to the interface, assigned by the system)
This command allows the master instance to dictate the master down timer (non-owner context only).
The master down interval is the time that the master router can be down before backup takes over. The master down interval is used to specify the master down timer. If the master down timer expires, the backup virtual router enters the master state.
no master-int-inherit
This command sets the advertisement timer and indirectly sets the master down timer on the virtual router instance. The message-interval setting must be the same for all virtual routers with the same VRID. Any VRRP advertisement message received with an advertisement interval field different from the virtual router instance configured message-interval value will be silently discarded.
The message-interval command is available for both non-owner and owner virtual routers. If the message-interval command is not executed, the default message interval is 1 s.
The no form of this command restores the default message-interval value of 1 s to the virtual router instance.
This command enables the non-owner master to reply to ICMP echo requests directed to the virtual router instance IP addresses. The ping request can be received on any routed interface.
Ping must not have been disabled at the management security level (either on the parental IP interface or based on the ping source host address). When ping reply is not enabled, ICMP echo requests to non-owner master virtual IP addresses are silently discarded.
Non-owner backup virtual routers never respond to ICMP echo requests regardless of the setting of the ping reply configuration.
The ping-reply command is only available for non-owner virtual routers. If the ping-reply command is not executed, ICMP echo requests to the virtual router instance IP addresses are silently discarded.
The no form of this command restores the default operation of discarding all ICMP echo request messages destined for the non-owner virtual router instance IP addresses.
no ping-reply
This command associates a VRRP priority control policy with the virtual router instance (non-owner context only).
n/a
This command provides the ability to override an existing non-owner master with a virtual router backup that has a higher priority. Enabling preempt mode enhances the operation of the base priority and VRRP policy ID definitions on the virtual router instance. If the virtual router cannot preempt an existing non-owner master, the affect of the dynamic changing of the in-use priority is greatly diminished.
The preempt command is only available for non-owner VRRP virtual routers. The owner cannot be preempted because the priority of non-owners can never be higher than the owner. The owner will always preempt all other virtual routers when it is available.
Non-owner backup virtual router instances will only preempt when preempt is set and the current master has an in-use message priority value less than the backup virtual router instance in-use priority.
A master non-owner virtual router will only allow itself to be preempted when the incoming VRRP advertisement message priority field value is one of the following:
The no form of this command prevents a non-owner virtual router instance from preempting another, less-desirable, virtual router.
preempt
This command configures a specific priority value for the virtual router instance. In conjunction with the optional policy command, the base priority derives the in-use priority of the virtual router instance.
The priority command is only available for non-owner VRRP virtual routers. The priority of owner virtual router instances is permanently set to 255 and cannot be changed. For non-owner virtual router instances, if the priority command is not executed, the base priority is set to 100.
The no form of this command restores the default value of 100.
This command enables the non-owner master to reply to SSH requests directed at the IP addresses of the virtual router instances. The SSH request can be received on any routed interface. SSH must not have been disabled at the management security level (either on the parental IP interface or based on the SSH source host address). Proper login and CLI command authentication are enforced.
When the ssh-reply command is not enabled, SSH packets to non-owner master virtual IP addresses are silently discarded.
Non-owner backup virtual routers never respond to SSH requests regardless of the SSH reply configuration.
The ssh-reply command is only available for non-owner VRRP virtual routers.
The no form of this command restores the default operation of discarding all SSH packets destined for the non-owner virtual router instance IP addresses.
no ssh-reply
This command allows the forwarding of packets by a standby router when sent to the virtual router MAC address.
The no form of the command specifies that a standby router should not forward traffic sent to the virtual router MAC address. The standby router should forward traffic sent to the real MAC address of the standby router.
no standby-forwarding
This command enables the non-owner master to reply to TCP port 23 Telnet requests directed at the IP addresses of the virtual router instance. The Telnet request can be received on any routed interface. Telnet must not have been disabled at the management security level (either on the parental IP interface or based on the Telnet source host address). Proper login and CLI command authentication are enforced.
If the telnet-reply command is not enabled, TCP port 23 Telnet packets to non-owner master virtual IP addresses are silently discarded.
Non-owner backup virtual routers never respond to Telnet requests regardless of the Telnet reply configuration.
The telnet-reply command is only available for non-owner VRRP virtual routers.
The no form of this command restores the default operation of discarding all Telnet packets destined for the non-owner virtual router instance IP addresses.
no telnet-reply
This command enables a non-owner master to reply to traceroute requests directed to the virtual router instance IP addresses. The command is valid only if the VRRP virtual router instance associated with this entry is a non-owner. A non-owner backup virtual router never responds to traceroute requests regardless of the traceroute reply status.
no traceroute-reply
This command creates a SAP within an IES service. Each SAP must be unique.
All SAPs must be explicitly created with the create keyword. If no SAPs are created within a service or an IP interface, a SAP will not exist on that object.
To edit SAP parameters, enter an existing SAP without the create keyword.
A SAP can only be associated with a single service. The SAP is owned by the service in which it was created. A SAP can only be defined on a port that has been configured as an access port in the config>port port-id context using the mode access command. Refer to the 7705 SAR Interface Configuration Guide, “Access Ports”.
If a port is shut down, all SAPs on that port become operationally down. When a service is shut down, SAPs for the service are not displayed as operationally down although all traffic traversing the service will be discarded. The operational state of a SAP is relative to the operational state of the port on which the SAP is defined.
The following SAP types are supported:
To configure an IES interface SAP that is used for a public IPSec tunnel interface, see sap in Service Interface Tunnel Commands.
If the IES interface has been configured as a loopback interface with the loopback command, a SAP cannot be defined on the interface.
The no form of this command deletes the SAP with the specified port. When a SAP is deleted, all configuration parameters for the SAP will also be deleted.
no sap
This command creates the accounting policy context that can be applied to a SAP. An accounting policy must be defined before it can be associated with a SAP. If the policy ID does not exist, an error message is generated.
A maximum of one accounting policy can be associated with a SAP at one time. Accounting policies are configured in the config>log context.
The no form of this command removes the accounting policy association from the SAP, and the accounting policy reverts to the default.
no accounting-policy
This command enables accounting and statistical data collection for the SAP. When applying accounting policies, the data, by default, is collected in the appropriate records and written to the designated billing file.
When the no collect-stats command is issued, the statistics are still accumulated by the CSM. However, the CPU will not obtain the results and write them to the billing file. If a subsequent collect-stats command is issued, the counters written to the billing file include all the traffic while the no collect-stats command was in effect.
collect-stats
This command enables the context to configure egress SAP QoS policies and IP filter policies.
If no sap-egress QoS policy is defined, the system default sap-egress QoS policy is used for egress processing. If no egress IP filter policy is defined, no filtering is performed.
This command enables the context to configure ingress SAP QoS policies and IP filter policies.
If no sap-ingress QoS policy is defined, the system default sap-ingress QoS policy is used for ingress processing. If no ingress IP filter policy is defined, no filtering is performed.
This command sets the aggregate rate limits (PIR and CIR) for the SAP. The agg-rate sets the PIR value. The cir-rate sets the CIR value. When aggregate rate limits are configured on a second-generation (Gen-2) Ethernet adapter card, the scheduler mode must be set to 16-priority. On a third-generation (Gen-3) Ethernet adapter card, the scheduler mode is always 4-priority. For information on adapter card generations, refer to the “Evolution of Ethernet Adapter Cards, Modules, and Platforms” section in the 7705 SAR Interface Configuration Guide.
Configuring the cir-rate is optional. If a cir-rate is not entered, then the cir-rate is set to its default value (0 kb/s). If a cir-rate has been set and the agg-rate is changed without re-entering the cir-rate, the cir-rate automatically resets to 0 kb/s. For example, to change the agg-rate from 2000 to 1500 while maintaining a cir-rate of 500, use the command agg-rate-limit 1500 cir 500.
If the specified SAP is a LAG SAP, then agg-rate and cir-rate can be configured regardless of the scheduler mode setting on Gen-2 or Gen-3 hardware—it is not configurable if one of the ports configured in the LAG SAP is on Gen-1 hardware. If the active port is on a Gen-3 card or platform, then agg-rate and cir-rate are applicable. If the active port is on a Gen-2 card or platform, then agg-rate and cir-rate apply when the scheduler mode is set to 16-priority. If the active port is on a Gen-1 card, then agg-rate and cir-rate are not applicable. For details on the behavior of a mix-and-match LAG SAP, refer to the “LAG Support on Third-Generation Ethernet Adapter Cards, Ports, and Platforms” and “Network LAG Traffic Management” sections in the 7705 SAR Interface Configuration Guide.
Note: From Release 7.0.R6, schedulers on Gen-3 adapter cards and platforms have been updated to better align with the scheduling behavior supported on the other 7705 SAR adapter cards and platforms. The updated scheduler mode is called "4-priority" scheduler-mode throughout the CLI. Prior to Release 7.0.R6, the CLI designation was "4-priority-hqos". In the updated mode of operation, arbitration among different flows at the second-tier aggregate (per-SAP or per-VLAN) and third-tier aggregate (per-customer (MSS)) levels are carried out in a round-robin manner, scheduling cir-rate first from the shapers, followed by the pir-rate. |
Caution: Any Gen-3 adapter card or platform running Release 7.0.R6 or later software uses 4-priority scheduling instead of 4-priority-hqos scheduling, which was supported previously. The migration of scheduler mode is automatic with an upgrade and there is no operator action required. As part of the migration, all CIR values at second-tier (per-SAP and per-VLAN) and third-tier (per-customer (MSS)) aggregate shaper levels are set to zero. Operators must exercise caution when performing an upgrade to Release 7.0.R6 or later from a previous Release 7.0 version, and must adjust the affected CIR values in accordance with the needs of their applications as soon as possible. |
The no form of the command sets the agg-rate to the maximum and the cir-rate to 0 kb/s.
no agg-rate-limit
This command associates an IPv4 or IPv6 filter policy with an egress or ingress IES SAP.
Filter policies control the forwarding and dropping of packets based on IP matching criteria. Only one filter can be applied to a SAP at a time.
The ip-filter-id or ipv6-filter-id must already be defined before the filter command is executed. If the filter policy does not exist, the operation will fail and an error message will be displayed.
The no form of the command removes any configured filter ID association with the SAP. The filter policy cannot be deleted until it is removed from all SAPs where it is applied.
no filter
Note: For information on configuring IP filter IDs, refer to the 7705 SAR Router Configuration Guide, “Filter Policies”. |
This command specifies which dot1q tag position (top or bottom) in a qinq-encapsulated packet should be used when QoS evaluates dot1p classification.
The no form of the command restores the default dot1p evaluation behavior for the SAP, which means that the inner (bottom) tag (second tag) dot1p bits are used for classification.
By default, the dot1p bits from the inner tag service-delineating dot1q tag are used.
Table 94 shows which set of dot1p bits are used for QoS purposes when match-qinq-dot1p is configured. To use the table, find the row that represents the settings for Port/SAP Type and Match-QinQ-Dot1q Setting. Use the Existing Packet Tags column to identify which dot1q tags are available in the packet. Then use the P-bits Used for Match column to identify which dot1q tag contains the dot1p bits that are used for QoS dot1p classification.
no match-qinq-dot1p
Port/ SAP Type | Match-QinQ-Dot1p Setting 1 | Existing Packet Tags | P-bits Used for Match |
Null | n/a | None | None |
Null | n/a | Dot1p (VLAN ID 0) | None 2 |
Null | n/a | Dot1q | None 2 |
Null | n/a | TopQ BottomQ | None 2 |
Dot1Q | n/a | None | None |
Dot1Q | n/a | Dot1p (default SAP VLAN ID 0) | Dot1p P-bits |
Dot1Q | n/a | Dot1q | Dot1q P-bits |
QinQ/ X.Y | Top | TopQ BottomQ | TopQ P-bits |
QinQ/ X.Y | Default or Bottom | TopQ BottomQ | BottomQ P-bits |
QinQ/ X.0 | Top | TopQ | TopQ P-bits |
QinQ/ X.0 | Default or Bottom | TopQ | TopQ P-bits |
QinQ/ X.0 | Top | TopQ BottomQ | TopQ P-bits |
QinQ/ X.0 | Default or Bottom | TopQ BottomQ | BottomQ P-bits |
QinQ/ X.* | Top | TopQ | TopQ P-bits |
QinQ/ X.* | Default or Bottom | TopQ | TopQ P-bits |
QinQ/ X.* | Top | TopQ BottomQ | TopQ P-bits |
QinQ/ X.* | Default or Bottom | TopQ BottomQ | BottomQ P-bits |
QinQ/ 0.* | Top | None | None |
QinQ/ 0.* | Default or Bottom | None | None |
QinQ/ 0.* | Top | TopQ | TopQ P-bits |
QinQ/ 0.* | Default or Bottom | TopQ | TopQ P-bits |
QinQ/ 0.* | Top | TopQ BottomQ | TopQ P-bits |
QinQ/ 0.* | Default or Bottom | TopQ BottomQ | BottomQ P-bits |
QinQ/ *.* | Top | None | None |
QinQ/ *.* | Default or Bottom | None | None |
QinQ/ *.* | Top | TopQ | TopQ P-bits |
QinQ/ *.* | Default or Bottom | TopQ | TopQ P-bits |
QinQ/ *.* | Top | TopQ BottomQ | TopQ P-bits |
QinQ/ *.* | Default or Bottom | TopQ BottomQ | BottomQ P-bits |
Notes:
When enabled, the qinq-mark-top-only command specifies which P-bits to mark during packet egress. When disabled, both sets of P-bits are marked. When enabled, only the P-bits in the top Q-tag are marked. The no form of the command is the default state (disabled).
Table 95 shows the dot1p re-marking behavior for different egress port type/SAP type combinations and qinq-mark-top-only state, where “False” represents the default (disabled) state.
If a new tag is pushed, the dot1p bits of the new tag will be zero (unless the new tag is re-marked by the egress policy. The dot1p bits are configured using the dot1p parameter under the config>qos context.
Egress Port Type/SAP Type | QinQ-mark-top-only State | Egress P-Bits Marked or Re-marked |
Null 1 | n/a | None |
Dot1q/ X 1 | n/a | Outer tag |
Dot1q/ * 2 | n/a | None |
Dot1q/ 0 2 | n/a | Outer tag |
QinQ/ X.Y 1 | False | Two outer tags 3 |
True | Outer tag 3 | |
QinQ/ X.* 1 | True or False | Outer tag |
QinQ/ X.0 1 | True or False | Outer tag |
QinQ/ 0.* 1 | True or False | None |
QinQ/ *.* 2 | True or False | None |
Notes:
no qinq-mark-top-only
This command associates a QoS policy with an ingress or egress IES SAP.
QoS ingress and egress policies are important for the enforcement of SLA agreements. The policy ID must be defined prior to associating the policy with a SAP. If the policy-id does not exist, an error will be returned.
The qos command associates both ingress and egress QoS policies. The qos command allows only ingress policies to be associated on the SAP ingress and only egress policies to be associated on the SAP egress. Attempts to associate a QoS policy of the wrong type returns an error.
Only one ingress and one egress QoS policy can be associated with an IES SAP at one time. Attempts to associate a second QoS policy of a given type returns an error.
By default, no specific QoS policy is associated with the SAP for ingress or egress; therefore, the default QoS policy is used.
The no form of this command removes the QoS policy association from the SAP, and the QoS policy reverts to the default.
This command sets the scheduler mode for the SAP and is part of the hierarchical QoS (H-QoS) feature on the 7705 SAR.
If the mode is 4-priority, then the SAP is considered an unshaped 4-priority SAP and the agg-rate-limit cannot be changed from its default values.
If the mode is 16-priority and the agg-rate limit parameters are configured to be non-default values, then the SAP is considered a shaped SAP. If the agg-rate limit parameters are left in their default settings, the SAP is considered an unshaped, 16-priority SAP.
This command is blocked on third-generation (Gen-3) Ethernet adapter cards and platforms, such as the 6-port Ethernet 10Gbps Adapter card and the 7705 SAR-X, which only support 4-priority scheduling mode.
If the specified SAP is a LAG SAP, scheduler-mode can be configured but is not applied to Gen-3 adapter cards and platforms. If one of the ports in the LAG is on a Gen-1 adapter card, then scheduler-mode cannot be configured.
4-priority
This command applies a shaper group to a SAP. The shaper group must already be created and must be within the shaper policy assigned to the Ethernet MDA (for ingress) or port (for egress). A shaper group is a dual-rate aggregate shaper used to shape aggregate access ingress or egress SAPs at a shaper group rate. Multiple aggregate shaper groups ensure fair sharing of available bandwidth among different aggregate shapers.
The default shaper group cannot be deleted.
The no form of this command removes the configured shaper-group.
shaper-group “default”
This command binds a service to an existing Service Distribution Point (SDP).
A spoke SDP is treated like the equivalent of a traditional bridge “port”, where flooded traffic received on the spoke SDP is replicated on all other “ports” (other spoke SDPs or SAPs) and not transmitted on the port it was received on.
The SDP has an operational state that determines the operational state of the SDP within the service. For example, if the SDP is administratively or operationally down, the SDP for the service is down.
The SDP must already be defined in the config>service>sdp context in order to associate it with a service. If the sdp sdp-id is not already configured, an error message is generated. If the sdp-id does exist, a binding between that sdp-id and the service is created.
SDPs must be explicitly associated and bound to a service. If an SDP is not bound to a service, no far-end devices can participate in the service.
Class-based forwarding is not supported on a spoke SDP used for termination on an IES or VPRN service. All packets are forwarded over the default LSP.
The no form of this command removes the SDP binding from the service. The SDP configuration is not affected; only the binding of the SDP to the service. Once the binding is removed, no packets are forwarded to the far-end router. The spoke SDP must be shut down first before it can be deleted from the configuration.
no sdp-id is bound to a service
This command enables the context to configure egress SDP parameters.
This command configures the static MPLS VC label used by the 7705 SAR to send packets to the far-end device in this service via this SDP.
This command enables the context to configure ingress SDP parameters.
This command associates an IP filter policy with an ingress spoke SDP. Filter policies control the forwarding and dropping of packets based on IP or MAC matching criteria.
The filter policy must already be defined before the filter command is executed. If the filter policy does not exist, the operation will fail and an error message will be returned.
In general, filters applied to ingress spoke SDPs apply to all packets on the spoke SDP. One exception is that non-IP packets are not applied to IP match criteria, so the default action in the filter policy applies to these packets.
The no form of this command removes any configured filter ID association with the spoke SDP.
This command configures the static MPLS VC label used by the far-end device to send packets to the 7705 SAR in this service via this SDP.
This command within the IP interface context binds the IP interface to the specified VPLS service name.
The system does not attempt to resolve the service name until the IP interface is placed into the administratively up state (no shutdown). Once the IP interface is administratively up, the system scans the available VPLS services that have the allow-ip-int-binding flag set for a VPLS service associated with the service name. If the IP interface is already in the administratively up state, the system immediately attempts to resolve the given service name.
This command within the VPLS binding context defines the routed IPv4 optional filter override.
This command specifies an IPv4 filter ID applied to all ingress packets entering the VPLS service. The filter overrides the existing ingress IPv4 filter applied to SAPs or SDP bindings for packets associated with the routing IP interface. The override filter is optional, and if not defined or removed, the IPv4 routed packets use the existing ingress IPv4 filter on the VPLS virtual ports.
The no form of the command removes the IPv4 routed override filter from the ingress IP interface.
n/a
This command specifies an IPv6 filter ID applied to all ingress packets entering the VPLS service. The filter overrides the existing ingress IPv6 filter applied to SAPs or SDP bindings for packets associated with the routing IP interface. The override filter is optional, and if it is not defined or it is removed, the IPv6 routed packets use the existing ingress IPv6 filter on the VPLS virtual ports.
The no form of the command removes the IPv6 routed override filter from the ingress IP interface.
n/a
This command creates or specifies a security zone within an IES context. Each zone must have a unique ID.
All zones must be explicitly created with the create keyword.
Enter an existing zone without the create keyword to edit zone parameters.
The no form of this command deletes the zone. When a zone is deleted, all configuration parameters for the zone are also deleted.
This command discards changes made to a security feature.
n/a
This command enters the mode to create or edit security features.
n/a
This command saves changes made to security features.
n/a
This command enables the context to configure limit parameters on inbound firewall sessions.
n/a
This command enables the context to configure limit parameters for outbound firewall sessions on the CSM.
n/a
This command enables the context to configure limits on concurrent sessions for inbound or outbound firewall sessions on the CSM.
n/a
This command configures the maximum number of concurrent firewall sessions that can be established per zone, in either the inbound or outbound direction.
n/a
This command creates a logical IP routing interface for a zone. Once created, attributes such as an IP address can be associated with the IP interface. Multiple interfaces can be configured on a zone.
The no form of this command removes the IP interface and all the associated configurations.
This command configures a log identifier for the specified zone. A log identifier can be configured in the config>router>zone context and the config>security>policy context.
The no form of this command removes logging for the zone.
This command configures a zone name. The zone name is unique within the system. It can be used to refer to the zone under configure, show, and clear commands.
This command enters the context to configure NAT parameters for a zone.
This command configures the NAT pool for the security zone within an IES service. Each pool must have a unique ID.
All pools must be explicitly created with the create keyword.
Enter an existing pool without the create keyword to edit pool parameters.
The no form of this command deletes the specified NAT pool. When a pool is deleted, all configuration parameters for the pool will also be deleted.
This command configures the NAT pool direction for the security zone. A specific NAT pool can be configured for different directions while using the same policy. For example, if the security policy entry direction is set to both, separate inbound and outbound pools can be created for that policy.
This command configures a NAT pool entry within an IES service.
The no form of this command deletes the entry with the specified ID. When an entry is deleted, all configuration parameters for the entry will also be deleted.
This command configures the source IP address or IP address range to which packets that match NAT policy are routed using NAT. An interface can also be configured, in which case all packets that match NAT policy are routed to the interface IP address. If the interface IP address is changed dynamically, NAT is updated accordingly. Only one IP address can be associated with an IP interface. Source IP addresses and interfaces cannot be used together in a single NAT pool.
The IP address for the interface must be entered in dotted-decimal notation. The maximum IP address range limit is 255.
The no form of the command removes the IP address assignment. The no form of this command can only be performed when the IP interface is administratively shut down. Shutting down the IP interface brings the interface operationally down.
This command configures the UDP/TCP port or port range. Packets that match NAT policy undergo network port address translation (NPAT) and are routed to their source UDP/TCP port. Configuring a UDP/TCP port pool requires an IP-address pool because the 7705 SAR does not support port address translation (PAT) alone.
The no form of this command deletes the port or port range.
This command configures a zone pool name. Pool names must be unique within the group of pools defined for a zone. It can be used to refer to the pool under configure, show, and clear commands.
This command sets the policy to be used by the security zone to build its matching criteria for incoming packets.
The no form of this command deletes the specified policy.
This command creates an IP transport subservice within an IES service. An IP transport subservice is used to transmit serial raw socket data to and from a local host and remote host.
All IP transport subservices must be explicitly created using the create keyword. An IP transport subservice is owned by the service within which it is created. An IP transport subservice can only be associated with a single service. The create keyword is not needed when editing parameters for an existing IP transport subservice. An IP transport subservice must be first shut down before changes can be made to the configured parameters.
The no form of this command deletes the IP transport subservice with the specified ipt-id. When an IP transport subservice is deleted, all configured parameters for the IP transport subservice are also deleted.
no ip-transport
This command configures the DSCP name used to mark the DSCP field in IP transport packets originating from this node.
Raw socket traffic redirection to a specific queue is enabled by the fc command.
ef
dscp-name |
be, ef, cp1, cp2, cp3, cp4, cp5, cp6, cp7, cp9, cs1, cs2, cs3, cs4, cs5, nc1, nc2, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, cp11, cp13, cp15, cp17, cp19, cp21, cp23, cp25, cp27, cp29, cp31, cp33, cp35, cp37, cp39, cp41, cp42, cp43, cp44, cp45, cp47, cp49, cp50, cp51, cp52, cp53, cp54, cp55, cp57, cp58, cp59, cp60, cp61, cp62, cp63 |
This command configures the forwarding class and profile marking for IP transport packets originating from this node.
ef for fc, in for profile
This command filters connections from unknown hosts. An unknown host is any host that is not configured as a remote host.
The no form of this command disables the filter.
no filter-unknown-host
This command creates the local host within the IP transport subservice.
The local host is required to accept TCP/UDP sessions initiated from far-end remote hosts, and for the node to initiate sessions towards the far-end remote hosts.
The local host must be created before a remote host is created.
The no form of this command deletes the local host.
no local-host
This command creates a remote host within the IP transport subservice. Multiple remote hosts may be created in order to send serial raw socket IP transport data to multiple destinations. The create keyword must be used for each remote host that is created.
The no form of this command deletes the remote host.
no remote-host
This command configures a unique name for this remote host.
The no form of this command deletes the remote host name.
n/a
This command creates the context to configure TCP parameters within this IP transport subservice.
n/a
This command specifies how long to wait before disconnecting a TCP connection due to traffic inactivity over the connection.
30 s
This command specifies the number of times that a remote host, acting as a client, tries to establish a TCP connection after the initial attempt fails.
5
This command specifies how long to wait before each TCP max-retries attempt.
5 s
Note: The following command outputs are examples only; actual displays may differ depending on supported functionality and user configuration. |
This command displays service customer information.
The following output is an example of service customer information, and Table 97 describes the fields.
Label | Description |
Customer-ID | ID that uniquely identifies the customer |
Contact | Name or title of the primary contact person |
Description | Generic information about the customer |
Phone | Phone number by which to reach the contact person |
This command displays service information using the range of egress labels.
If only the mandatory start-label parameter is specified, only services using the specified label are displayed.
If both start-label and end-label parameters are specified, the services using the labels in the specified range are displayed.
Use the show router ldp bindings command to display dynamic labels.
The following output is an example of service egress label information, and Table 98 describes the fields.
In the example below, services 3, 5 and 6 are IES, and services 5000 and 5001 are VPLS services.
Label | Description |
Svc Id | The ID that identifies a service |
Sdp Binding | The ID that identifies an SDP |
Type | Indicates whether the SDP binding is a spoke or a mesh |
I. Lbl | The VC label used by the far-end device to send packets to 7705 SAR in this service by the SDP |
E. Lbl | The VC label used by 7705 SAR to send packets to the far-end device in this service by the SDP |
Number of Bindings Found | The total number of SDP bindings that exist within the specified label range |
This command displays information for a particular service ID
This command displays detailed information for all aspects of the service.
The following output is an example of service ID all information, and Table 99 describes the fields.
Label | Description |
Service Detailed Information | |
Service Id | Service ID number |
Service Type | Type of service (IES) |
Name | The service name |
Description | Generic information about the service |
Customer Id | Customer ID number |
Last Status Change | Date and time of the most recent status change to this service |
Last Mgmt Change | Date and time of the most recent management-initiated change to this service |
Admin State | Desired state of the service |
Oper State | Operating state of the service |
MTU | Service MTU |
SAP Count | Number of SAPs specified for this service |
Service Access Points | |
Service Id | Service Identifier |
SAP | ID of the access port where this SAP is defined |
Encap | Encapsulation type for this SAP on the access port |
Admin State | Desired state of the SAP |
Oper State | Operating state of the SAP |
Flags | Conditions that affect the operating status of this SAP. Display output includes ServiceAdminDown, PortOperDown, and so on. |
Multi Svc Site | Indicates the multi-service site that the SAP is a member |
Last Status Change | Date and time of the most recent status change to this SAP |
Last Mgmt Change | Date and time of the most recent management-initiated change to this SAP |
Admin MTU | Desired largest service frame size (in octets) that can be transmitted through this SAP to the far-end router, without requiring the packet to be fragmented |
Oper MTU | Actual largest service frame size (in octets) that can be transmitted through this SAP to the far-end router, without requiring the packet to be fragmented |
Ingr IP Fltr-Id | Ingress IP filter policy ID assigned to the SAP |
Egr IP Fltr-Id | Egress IP filter policy ID assigned to the SAP |
Ingr Mac Fltr-Id | Ingress MAC filter policy ID assigned to the SAP (not applicable) |
Egr Mac Fltr-Id | Egress MAC filter policy ID assigned to the SAP (not applicable) |
Ingr IPv6 Fltr-Id | Specifies the ingress IPv6 filter policy ID assigned to the SAP |
Egr IPv6 Fltr-Id | Specifies the egress IPv6 filter policy ID assigned to the SAP |
tod-suite | n/a |
qinq-pbit-marking | Indicates the qinq P-bit marking for the SAP: both or top |
Ing Scheduler Mode | Indicates the ingress scheduler mode for the SAP |
Egr Scheduler Mode | Indicates the egress scheduler mode for the SAP |
Ing Agg Rate Limit | Indicates the PIR rate limit in the access ingress direction for the aggregate of the SAP queues |
Egr Agg Rate Limit | Indicates the PIR rate limit in the access egress direction for the aggregate of the SAP queues |
Ing Agg cir | Indicates the CIR rate limit in the access ingress direction for the aggregate of the SAP queues |
Egr Agg cir | Indicates the CIR rate limit in the access egress direction for the aggregate of the SAP queues |
Ing Shaper Group | Indicates the ingress shaper group for the SAP |
Egr Shaper Group | Indicates the egress shaper group for the SAP |
Acct. Pol | Accounting policy applied to the SAP |
Collect Stats | Specifies whether accounting statistics are collected on the SAP |
QOS | |
Ingress qos-policy | SAP ingress QoS policy ID |
Egress qos-policy | SAP egress QoS policy ID |
Sap Statistics | |
Last Cleared Time | Date and time that a clear command was issued on statistics |
Forwarding Engine Stats | |
Dropped | Number of packets or octets dropped by the forwarding engine |
Off. HiPrio | Number of high-priority packets or octets offered to the forwarding engine |
Off. LowPrio | Number of low-priority packets offered to the forwarding engine |
Queueing Stats (Ingress QoS Policy) | |
Dro. HiPrio | Number of high-priority packets or octets discarded, as determined by the SAP ingress QoS policy |
Dro. LowPrio | Number of low-priority packets discarded, as determined by the SAP ingress QoS policy |
For. InProf | Number of in-profile packets or octets (rate below CIR) forwarded, as determined by the SAP ingress QoS policy |
For. OutProf | Number of out-of-profile packets or octets (rate above CIR) forwarded, as determined by the SAP ingress QoS policy |
Queueing Stats (Egress QoS Policy) | |
Dro. InProf | Number of in-profile packets or octets discarded, as determined by the SAP egress QoS policy |
Dro. OutProf | Number of out-of-profile packets or octets discarded, as determined by the SAP egress QoS policy |
For. InProf | Number of in-profile packets or octets (rate below CIR) forwarded, as determined by the SAP egress QoS policy |
For. OutProf | Number of out-of-profile packets or octets (rate above CIR) forwarded, as determined by the SAP egress QoS policy |
Sap per Queue stats | |
Ingress Queue n | Index of the ingress QoS queue of this SAP, where n is the index number |
Off. HiPrio | Number of packets or octets of high-priority traffic for the SAP (offered) |
Off. LoPrio | Number of packets or octets count of low-priority traffic for the SAP (offered) |
Dro. HiPrio | Number of high-priority traffic packets or octets dropped |
Dro. LoPrio | Number of low-priority traffic packets or octets dropped |
For. InProf | Number of in-profile packets or octets (rate below CIR) forwarded |
For. OutProf | Number of out-of-profile packets or octets (rate above CIR) forwarded |
Egress Queue n | Index of the egress QoS queue of the SAP, where n is the index number |
For. InProf | Number of in-profile packets or octets (rate below CIR) forwarded |
For. OutProf | Number of out-of-profile packets or octets (rate above CIR) forwarded |
Dro. InProf | Number of in-profile packets or octets dropped for the SAP |
Dro. OutProf | Number of out-of-profile packets or octets discarded |
ATM SAP Configuration Information | |
Ingress TD Profile | Profile ID of the traffic descriptor applied to the ingress SAP |
Egress TD Profile | Profile ID of the traffic descriptor applied to the egress SAP |
Alarm Cell Handling | Indicates that OAM cells are being processed |
AAL-5 Encap | AAL-5 encapsulation type—this is always mux-ip |
OAM Termination | Indicates whether this SAP is an OAM termination point |
Services Interfaces | |
If Name | Name used to refer to the IES interface |
Admin State | Administrative state of the interface |
Oper State | Operational state of the interface |
IP Addr/mask | IP address and subnet mask length of the interface |
Address Type | Specifies whether the IP address for the interface is the primary or secondary address on the interface (this is always primary) |
Broadcast Address | Broadcast address of the interface |
If Index | Interface index corresponding to the IES interface |
Virt. If Index | Virtual interface index of the IES interface |
Last Oper Chg | Date and time of the last operating state change on the interface |
Global IF Index | Global interface index of the IES interface |
SAP Id | SAP identifier |
TOS Marking | Specifies whether the ToS marking state is trusted or untrusted for the IP interface |
If Type | Type of interface: IES |
IES ID | Service identifier |
MAC Address | IEEE 802.3 MAC address |
Arp Timeout | Timeout for an ARP entry learned on the interface |
IP MTU | IP maximum transmit unit for the interface |
ICMP Mask Reply | Specifies whether the IP interface replies to a received ICMP mask request |
ARP Populate | Indicates if ARP is enabled or disabled |
Proxy ARP Details | |
Rem Proxy ARP | Indicates whether remote proxy ARP is enabled or disabled |
Local Proxy ARP | Indicates whether local proxy ARP is enabled or disabled |
Policies | Specifies the policy statements applied to proxy ARP |
ICMP Details | |
Unreachables | Maximum number of ICMP destination unreachable messages that the IP interface will issue in a given period of time, in seconds Disabled—indicates that the IP interface will not generate ICMP destination unreachable messages |
TTL Expired | Maximum number of ICMP TTL expired messages that the IP interface will issue in a given period of time, in seconds Disabled—indicates that the IP interface will not generate ICMP TTL expired messages |
This command displays the ARP table for the IES instance.
The following output is an example of service ID ARP information, and Table 100 describes the fields.
Label | Description |
ARP Table | |
IP Address | Specified IP address |
MAC Address | Specified MAC address |
Type | Static—FDB entries created by management |
Learned—dynamic entries created by the learning process | |
OAM—entries created by the OAM process | |
Other—local entries created for the IP interfaces | |
Expiry | Age of the ARP entry |
Interface | Interface applied to the service |
SAP | SAP ID |
This command displays basic information about the service specified by the ID.
The following output is an example of service ID base information, and Table 101 describes the fields.
Label | Description |
Service Basic Information | |
Service Id | Service ID number |
Service Type | Type of service |
Name | The service name |
Description | Generic information about the service |
Customer Id | Customer ID number |
Last Status Change | Date and time of the most recent status change to this service |
Last Mgmt Change | Date and time of the most recent management-initiated change to this service |
Admin State | Desired state of the service |
Oper State | Operating state of the service |
SAP Count | Number of SAPs specified for this service |
Service Access & Destination Points | |
Identifier | SAP ID |
Type | Signaling protocol used to obtain the ingress and egress labels used in frames transmitted and received |
AdmMTU | Desired largest service frame size (in octets) that can be transmitted to the far-end router without requiring the packet to be fragmented |
OprMTU | Actual largest service frame size (in octets) that can be transmitted to the far-end router without requiring the packet to be fragmented |
Adm | Administrative state of the SAP |
Opr | Operating state of the SAP |
This command enables the context to display DHCP information for the IES service.
This command displays DHCP statistics information.
The following output is an example of service ID DHCP statistics information, and Table 102 describes the fields.
Label | Description |
DHCP Global Statistics, service x | |
Rx Packets | Number of packets received |
Tx Packets | Number of packets transmitted |
Rx Malformed Packets | Number of malformed packets received |
Rx Untrusted Packets | Number of untrusted packets received |
Client Packets Discarded | Number of packets from the DHCP client that were discarded |
Client Packets Relayed | Number of packets from the DHCP client that were forwarded |
Server Packets Discarded | Number of packets from the DHCP server that were discarded |
Server Packets Relayed | Number of packets from the DHCP server that were forwarded |
This command displays a summary of DHCP configuration.
The following output is an example of service ID DHCP summary information, and Table 103 describes the fields.
Label | Description |
DHCP Summary, service x | |
Interface Name SapID/Sdp | Name of the interface |
Arp Populate | Specifies whether ARP populate is enabled |
Used/Provided: | Used—number of lease-states that are currently in use on the specified interface; that is, the number of clients on the interface that got an IP address by DHCP. This number is always less than or equal to the “Provided” field. |
Provided—lease-populate value configured for the specified interface | |
Info Option | Specifies whether Option 82 processing is enabled on the interface |
Admin State | Administrative state |
This command displays information for the IP interfaces associated with the IES service.
The following output is an example of service ID interface information, and Table 104 describes the fields.
Label | Description |
Interface Table | |
Interface-Name | Name of the interface |
IP-Address | IP address of the interface |
Adm | Administrative state of the interface |
Opr (v4/v6) | Operational state of the interface |
Type | Service type |
Port/SapId PfxState | Port or SAP associated with the interface |
This command displays information for a specified IP transport subservice within this IES service. If no IP transport subservice is specified, summary information is displayed for all IP transport subservices associated with the IES service.
The following output is an example of IP transport subservice summary information for a specified service, and Table 105 describes the fields.
Label | Description |
IP Transport (Summary), Service x | |
IptId | The IP transport subservice physical port identifier |
LocalIP | The IP address (IPv4) that is used for the local host |
LocalPort | The port number that is used by remote hosts to establish TCP/UDP sessions to the local host |
Proto | The protocol type that is used for all sessions to and from the local host (either TCP or UDP) |
RemHost | The number of remote hosts associated with the IP transport subservice |
DSCP | The DSCP name used to mark the DSCP field in IP transport packets |
FC | The FC name used for IP transport packets |
FltrUnkn | Indicates whether the filter-unknown-host command is enabled or disabled on the IP transport subservice |
Adm | The administrative state of the IP transport subservice |
Opr | The operational state of the IP transport subservice |
Entries found: | The number of IP transport subservices associated with this service |
The following output is an example of detailed information for a specified IP transport subservice within a specified service, and Table 106 describes the fields.
Label | Description |
IP Transport | |
Service Id | The ID that identifies the service (the service type is shown in brackets) |
IP Transport Id | The physical port identifier for this IP transport subservice |
Description | The description associated with this IP transport subservice |
Admin State | The administrative state of this IP transport subservice |
Oper State | The operational state of this IP transport subservice |
Oper Flags | The operational flags associated with this IP transport subservice |
Local IP Address | The IP address (IPv4) that is used for the local host |
Local Port Number | The port number that is used by remote hosts to establish TCP/UDP sessions to the local host |
Local IP Protocol | The protocol type that is used for all sessions to/from the local host (either TCP or UDP) |
DSCP | The DSCP name used to mark the DSCP field in IP transport packets |
Filter Unknown Host | Indicates whether the filter-unknown-host command is enabled or disabled for this IP transport subservice |
FC | The FC name used for IP transport packets |
Profile | The profile marking for the IP transport packets (in or out) |
TCP Inact Timeout | The configured inactivity timeout value for TCP connections |
TCP Max Retries | The configured maximum retry value for TCP connections |
TCP Retry Interval | The configured retry interval value for TCP connections |
Num Remote Hosts | The number of remote hosts associated with this IP transport subservice |
Last Mgmt Change | The date and time of the most recent management-initiated change to this IP transport subservice |
Last Oper Change | The date and time of the most recent operational status change for this IP transport subservice |
IP Transport Accumulated Statistics | |
Known Remote Hosts | |
Packets sent | The number of packets sent to the host |
Characters sent | The number of data characters sent to the host |
Packets received | The number of packets received from the host |
Characters received | The number of data characters received from the host |
Connections To From | The number of connections to and from the host |
Connection retries | The number of connection retries to the host |
Connection failures | The number of connection failures to the host |
Currently connected | The number of hosts currently connected |
Unknown Remote Hosts | |
Packets sent | The number of packets sent to the host |
Characters sent | The number of data characters sent to the host |
Packets received | The number of packets received from the host |
Characters received | The number of data characters received from the host |
Successful connections from | The number of successful connections from the host |
Rejected due to unknown host filter | The number of rejected connection attempts from the host due to the filter-unknown-host command being enabled |
Rejected due to out of resource | The number of connection attempts from the host that were rejected due to the unavailability of resources |
Inactivity timeouts | The number of connections from the host that timed out due to inactivity |
Last RemIp:RemPort | The IP address (IPv4) and port number used by the host for the last connection |
Currently connected | The number of hosts that are currently connected |
Dropped packets due to no remote hosts | The number of packets dropped due to no hosts being connected |
This command displays information for a specified remote host within this IP transport subservice within this service. If no remote host is specified, summary information is displayed for all remote hosts within this IP transport subservice.
The following output is an example of IP transport subservice remote host summary information when no remote host is specified, and Table 107 describes the fields.
Label | Description |
IP Remote Host (Summary), Service x IPT x/x/x.x | |
RemId | The remote host identifier |
RemIp:RemPort | The IP address (IPv4) and port number used by the remote host |
Rcvd Chars | The number of data characters received from the remote host |
Sent Chars | The number of data characters sent to the remote host |
Drop Chars | The number of data characters destined for the remote host that were dropped |
State | The operational state of the packet transport session connection to the remote host |
Rcvd Pkts | The number of packets received from the remote host |
Sent Pkts | The number of packets sent to the remote host |
Drop Pkts | The number of packets destined for the remote host that were dropped |
Up Time | The amount of time that the remote host has been connected |
Number of known remote hosts | The number of known remote hosts associated with the IP transport subservice |
Number of unknown remote hosts | The number of unknown remote hosts associated with the IP transport subservice |
Total entries found | The total number of hosts associated with the IP-Transport subservice |
The following output is an example of IP transport subservice detailed information for a specified remote host, and Table 108 describes the fields.
Label | Description |
IP Remote Host | |
Service Id | The ID that identifies the service (the service type is shown in brackets) |
IP Transport Id | The physical port identifier for the IP transport subservice |
Remote host Id | The host identifier associated with this remote host |
Name | The name associated with this remote host |
Description | The description associated with this remote host |
IP Address | The IP address associated with this remote host |
Port Number | The port number associated with this remote host |
Last Mgmt Change | The date and time of the most recent management-initiated change to this remote host |
Session State | The operational state of the packet transport session to this host |
Up Time | The amount of time that this remote host has been connected |
Last Connect | Indicates whether the last connection attempt to this remote host was successful or unsuccessful |
IP Remote Host Statistics | |
Sent Pkts | The number of packets sent to this remote host |
Sent Chars | The number of data characters sent to this remote host |
Dropped Pkts | The number of packets destined for this remote host that were dropped |
Dropped Chars | The number of data characters destined for this remote host that were dropped |
Rcvd Pkts | The number of packets received from this remote host |
Rcvd Chars | The number of data characters received from this remote host |
Session information | |
Connections To From | The number of connections to and from the host |
Connection retries | The number of connection retries to the host |
Connection failures | The number of connection failures to this host |
Closed by far end | The number of connections closed by the far end |
Inactivity timeouts | The number of connections that were timed out due to inactivity |
This command displays information for the SAP associated with the IES service.
The following output is an example of IES service SAP information. See Table 50 in VLL Services Command Reference for field descriptions.
This command displays service information using the range of ingress labels.
If only the mandatory start-label parameter is specified, only services using the specified label are displayed.
If both start-label and end-label parameters are specified, the services using the labels in the specified range are displayed.
Use the show router ldp bindings command to display dynamic labels.
The following output is an example of service ingress label information, and Table 109 describes the fields.
In the example below, services 3, 5 and 6 are IES, and services 5000 and 5001 are VPLS services.
Label | Description |
Svc Id | The ID that identifies a service |
Sdp Binding | The ID that identifies an SDP |
Type | Indicates whether the SDP binding is a spoke or a mesh |
I. Lbl | The VC label used by the far-end device to send packets to the 7705 SAR in this service by the SDP |
E. Lbl | The VC label used by the 7705 SAR to send packets to the far-end device in this service by the SDP |
Number of Bindings Found | The total number of SDP bindings that exist within the specified label range |
This command displays IP transport subservice information for a specified port. If no port is specified, the command displays a summary of all IP transport subservices defined for the IES service.
The following output is an example of ip-transport-using information, and Table 110 describes the fields.
Label | Description |
IP Transports | |
IptId | The IP transport subservice physical port identifier |
SvciD | The service identifier |
Type | The type of service |
Adm | The administrative state of the IP transport subservice |
Opr | The operational state of the IP transport subservice |
Entries found | The number of IP transport subservices using this service |
This command displays SAP information.
If no optional parameters are specified, the command displays a summary of all defined SAPs.
The atm-td-profile command applies only to HSDPA offload (that is, IES management service).
The following output is an example of service SAP-using information, and Table 111 describes the fields.
Label | Description |
Service Access Point Using... | |
PortID | ID of the access port where the SAP is defined |
SvcID | Service identifier |
Ing.QoS | SAP ingress QoS policy number specified on the ingress SAP |
Ing. Fltr | IP filter policy applied to the ingress SAP |
Egr.QoS | SAP egress QoS policy number specified on the egress SAP |
Egr. Fltr | IP filter policy applied to the egress SAP |
Scheduler Mode | The scheduler mode of the SAP: 4-priority or 16-priority |
Shaper Policy | Identifies the shaper policy that the shaper group belongs to |
Adm | Desired state of the SAP |
Opr | Actual state of the SAP |
Description | The description of the SAP |
Number of SAPs/Saps | Number of SAPs using this service |
This command displays the services matching certain usage properties. If no optional parameters are specified, all services defined on the system are displayed.
The following output is an example of service-using information, and Table 112 describes the fields.
Label | Description |
ServiceID | ID that defines the service |
Type | Service type configured for the service ID |
Adm | Administrative state of the service |
Opr | Operational state of the service |
CustomerId | ID of the customer owning the service |
Last Mgmt Change | Date and time of the most recent management-initiated change to this service |
Matching Services | Number of services of the same type |
This command clears commands for a specific service.
This command enables the context to clear DHCP parameters.
This command enables the context to clear DHCPv6 parameters.
This command clears statistics for DHCP and DHCPv6 Relay.
If no interface name or IP address is specified, statistics are cleared for all configured interfaces.
If an interface name or IP address is specified, statistics are cleared only for that interface.
This command clears configured information pertaining to a specified IP transport subservice.
If no port identifier is specified, information is cleared for all IP transport subservices.
This command clears configured information pertaining to a specified remote host assigned to this IP transport subservice.
This command clears statistics-related information pertaining to all configured IP transport subservices or to all configured remote hosts for a specified IP transport subservice.
This command debugs commands for a specific service. The no form of the command disables debugging.