3.8. VPRN Service Configuration Commands

3.8.1. Command Hierarchies

3.8.1.1. VPRN Service Configuration Commands

config
— service
vprn service-id [name name] [customer customer-id] [create]
— no vprn service-id
aggregate ip-prefix/ip-prefix-length [summary-only] [as-set] [aggregator as-number:ip-address] [black-hole [generate-icmp]] [community comm-id [comm-id]] [local-preference local-pref] [description description]
aggregate ip-prefix/ip-prefix-length [summary-only] [as-set] [aggregator as-number:ip-address] [community comm-id [comm-id]] [indirect ip-address] [local-preference local-pref] [description description]
— no aggregate ip-prefix/ip-prefix-length
ecmp max-ecmp-routes
— no ecmp
resolution {any | filter | disabled}
[no] resolution-filter {bgp | gre | ldp| rsvp | sr-isis | sr-ospf | sr-te | udp}
[no] weighted-ecmp
autonomous-system as-number
backup-path [ipv4] [ipv6] [label-ipv4]
confederation confed-as-num members as-number [as-number]
— no confederation confed-as-num members as-number [as-number]
description description-string
[no] dns
ipv4-source-address ipv4-address
ipv6-source-address ipv6-address
primary-dns ip-address
secondary-dns ip-address
[no] shutdown
tertiary-dns ip-address
ecmp max-ecmp-routes
— no ecmp
[no] entropy-label
tunnel-fault [accept | ignore]
export-grt plcy-or-long-expr [plcy-or-expr [plcy-or-expr... (up to 4 max)]]
— no export-grt
fib-priority {high | standard}
ip-filter-max-size {value | default}
ipv6-filter-max-size {value | default}
[no] enable-grt
export-grt plcy-or-long-expr [plcy-or-expr [plcy-or-expr]]
export-limit num-routes
[no] hash-label
expiry-time expiry-time
[no] shutdown
label-mode {vrf | next-hop}
— no label-mode
maximum-ipv6-routes number [log-only] [threshold percent]
maximum-routes number [log-only] [threshold percent]
mc-maximum-routes number [log-only] [threshold percent]
multicast-info-policy policy-name
mvpn
[no] nat
filter {ip ip-filter-id | ipv6 ipv6-filter-id}
— no filter [ip ip-filter-id] [ipv6 ipv6-filter-id]
qos network-policy-id fp-redirect-group queue-group-name instance instance-id
— no qos
[no] urpf-check
[no] ptp
peer a.b.c.d [create]
— no peer a.b.c.d
local-priority local-priority
[no] log-sync-interval log-interval
[no] shutdown
peer-limit limit
— no peer-limit
[no] shutdown
reassembly-group nat-group-id
route-distinguisher [ip-address:number1 | asn:number2 | auto-rd]
router-id ip-address
— no router-id
application dscp-app-name dscp {dscp-value | dscp-name}
application dot1p-app-name dot1p dot1p-priority
— no application {dscp-app-name | dot1p-app-name}
dscp dscp-name fc fc-name
— no dscp dscp-name
[no] shutdown
single-sfm-overload [holdoff-time holdoff-time]
snmp
[no] access
community community-name [hash | hash2] [access-permissions] [version SNMP-version] [src-access-list list-name]
— no community community-name [hash | hash2]
application app [ip-int-name | ip-address]
— no application app
application6 app ipv6-address
[no] spoke-sdp sdp-id
refresh-timer value
request-timer timer1 retry-timer timer2 [timeout-multiplier multiplier]
[no] control-word
[no] pw-path-id
agi agi
— no agi
saii-type2 global-id:node-id:ac-id
— no saii-type2
taii-type2 global-id:node-id:ac-id
— no taii-type2
[no] shutdown
[no] static-route-entry {ip-prefix/prefix-length | ip-prefix netmask} [mcast]
[no] black-hole
[no] community comm-id
[no] description description-string
[no] generate-icmp
[no] metric metric-value
[no] preference preference-value
[no] prefix-list name {all | none | any}
[no] shutdown
[no] tag tag-value
community comm-id [comm-id]
— no community
[no] grt
[no] description description-string
[no] metric metric-value
[no] preference preference-value
[no] shutdown
[no] indirect ip-address
[no] community comm-id
[no] cpe-check cpe-ip-address
[no] drop-count count
[no] interval seconds
[no] log
[no] padding-size padding-size
[no] description description-string
[no] destination-class dest-index
[no] priority {low | high}
[no] metric metric-value
[no] preference preference-value
[no] prefix-list name {all | none | any}
[no] shutdown
[no] source-class source-index
[no] tag tag-value
[no] ipsec-tunnel
[no] community comm-id
[no] description description-string
[no] destination-class dest-index
[no] forwarding-class {be | l2 | af | l1 | h2 | ef | h1 | nc}
[no] priority {low | high}
[no] metric metric-value
[no] preference preference-value
[no] shutdown
[no] source-class source-index
[no] tag tag-value
[no] next-hop {ip-address | ip-int-name | ipv6 address}
[no] bfd-enable
[no] community comm-id
[no] cpe-check cpe-ip-address
[no] drop-count count
[no] interval seconds
[no] log
[no] padding-size padding-size
[no] description description-string
[no] destination-class dest-index
[no] priority {low | high}
[no] metric metric-value
[no] preference preference-value
[no] prefix-list name {all | none | any}
[no] shutdown
[no] source-class source-index
[no] tag tag-value
tag tag
— no tag
local [inherit | none | vc-only | all]
transit [inherit | none | vc-only | all]
type {hub | spoke | subscriber-split-horizon}
— no type
vrf-export plcy-or-long-expr [plcy-or-expr [plcy-or-expr]]
— no vrf-export
vrf-import plcy-or-long-expr [plcy-or-expr [plcy-or-expr]]
— no vrf-import
vrf-target {ext-comm | {[export ext-comm] [import ext-comm]}}
— no vrf-target
[no] weighted-ecmp

3.8.1.2. L2TP Commands

config
— service
vprn service-id [customer customer-id]
— no vprn service-id
l2tp
— no l2tp
avp-hiding {sensitive | always}
— no avp-hiding
calling-number-format ascii-spec
challenge {always}
— no challenge
destruct-timeout destruct-timeout
exclude-avps calling-number
group tunnel-group-name [create]
— no group tunnel-group-name
avp-hiding {sensitive | always | never}
— no avp-hiding
challenge {always | never}
— no challenge
description description-string
destruct-timeout destruct-timeout
hello-interval hello-interval
idle-timeout idle-timeout
l2tpv3
cookie-length {4 | 8 | default}
digest-type {default | md5 | sha1 | none}
nonce-length {length | default}
password password [hash | hash2]
— no password
pw-cap-list {ethernet | ethernet-vlan}
rem-router-id ip-addr
lns-group lns-group-id
— no lns-group
local-address ip-address
local-name host-name
— no local-name
max-retries-estab max-retries
max-retries-not-estab max-retries
password password [hash | hash2]
— no password
ppp
authentication {chap | pap | pref-chap | pref-pap}
authentication-policy auth-policy-name
default-group-interface ip-int-name service-id service-id
default-group-interface ip-int-name service-name svc-name
keepalive seconds [hold-up-multiplier multiplier]
— no keepalive
mtu mtu-bytes
— no mtu
[no] proxy-lcp
user-db local-user-db-name
— no user-db
session-assign-method {existing-first | weighted | weighted-random}
session-limit session-limit
session-limit unlimited
tunnel tunnel-name [create]
— no tunnel tunnel-name
avp-hiding {never | sensitive | always}
— no avp-hiding
challenge {always | never}
— no challenge
description description-string
destruct-timeout destruct-timeout
hello-interval hello-interval
hello-interval infinite
idle-timeout idle-timeout
idle-timeout infinite
local-address ip-address
local-name host-name
— no local-name
max-retries-estab max-retries
max-retries-not-estab max-retries
password password [hash | hash2]
— no password
peer ip-address
— no peer
ppp
preference preference
— no preference
remote-name host-name
session-limit session-limit
session-limit unlimited
[no] shutdown
l2tpv3
cookie-length {4 | 8}
digest-type {md5 | sha1 | none}
nonce-length length
password password [hash | hash2]
— no password
peer-address-change-policy {accept | ignore | reject}
receive-window-size window-size
rtm-debounce-time debounce-time
session-limit session-limit
session-limit unlimited
[no] shutdown

3.8.1.3. DHCP Commands

config
— service
vprn service-id [customer customer-id]
— no vprn service-id
dhcp
local-dhcp-server server-name [create]
— no local-dhcp-server server-name
description description-string
maximum-client-lead-time [hrs hours] [min minutes] [sec seconds]
partner-down-delay [hrs hours] [min minutes] [sec seconds]
peer ip-address tag sync-tag-name
— no peer ip-address
[no] shutdown
[no] startup-wait-time [min minutes] [sec seconds]
[no] force-renews
pool pool-name [create]
— no pool pool-name
description description-string
maximum-client-lead-time [hrs hours] [min minutes] [sec seconds]
partner-down-delay [hrs hours] [min minutes] [sec seconds]
peer ip-address tag sync-tag-name
— no peer ip-address
[no] shutdown
[no] startup-wait-time [min minutes] [sec seconds]
max-lease-time [days days] [hrs hours] [min minutes] [sec seconds]
min-lease-time [days days] [hrs hours] [min minutes] [sec seconds]
minimum-free minimum-free [percent] [event-when-depleted]
offer-time [min minutes] [sec seconds]
— no offer-time
custom-option option-number address [ip-address]
custom-option option-number hex hex-string
custom-option option-number string ascii-string
— no custom-option option-number
dns-server ip-address [ip-address]
domain-name domain-name
lease-rebind-time [days days] [hrs hours] [min minutes] [sec seconds]
lease-renew-time [days days] [hrs hours] [min minutes] [sec seconds]
lease-time [days days] [hrs hours] [min minutes] [sec seconds]
— no lease-time
netbios-name-server ip-address [ip-address]
netbios-node-type netbios-node-type
subnet {ip-address/mask | ip-address netmask} [create]
— no subnet {ip-address/mask | ip-address netmask}
[no] address-range start-ip-address end-ip-address
[no] drain
[no] exclude-addresses start-ip-address [end-ip-address]
maximum-declined maximum-declined
minimum-free minimum-free [percent] [event-when-depleted]
custom-option option-number address [ip-address]
custom-option option-number hex hex-string
custom-option option-number string ascii-string
— no custom-option option-number
default-router ip-address [ip-address]
subnet-mask ip-address
[no] shutdown
user-db local-user-db-name
— no user-db
dhcp6
local-dhcp-server server-name [create]
— no local-dhcp-server server-name
description description-string
maximum-client-lead-time [hrs hours] [min minutes] [sec seconds]
partner-down-delay [hrs hours] [min minutes] [sec seconds]
peer ip-address tag sync-tag-name
— no peer ip-address
[no] shutdown
[no] startup-wait-time [min minutes] [sec seconds]
lease-hold-time [days days] [hrs hours] [min minutes] [sec seconds]
pool pool-name [create]
— no pool pool-name
description description-string
custom-option option-number address [ipv6-address]
custom-option option-number hex hex-string
custom-option option-number string ascii-string
— no custom-option option-number
delegated-prefix-length prefix-length
dns-server ipv6-address [ipv6-address]
domain-name domain-name
prefix ipv6-address/prefix-length [failover {local | remote}] [pd] [wan-host] [create]
— no prefix ipv6-address/prefix-length
preferred-lifetime [days days] [hrs hours] [min minutes] [sec seconds]
rebind-timer [days days] [hrs hours] [min minutes] [sec seconds]
renew-timer [days days] [hrs hours] [min minutes] [sec seconds]
valid-lifetime [days days] [hrs hours] [min minutes] [sec seconds]
use-link-address [scope scope]
user-ident user-ident
— no user-ident

3.8.1.4. GSMP Commands

config
— service
vprn service-id [customer customer-id]
— no vprn service-id
gsmp
[no] group name
ancp
[no] oam
description description-string
hold-multiplier multiplier
keepalive seconds
— no keepalive
[no] neighbor ip-address
description description-string
local-address ip-address
priority-marking dscp dscp-name
priority-marking prec ip-prec-value
[no] shutdown
[no] idle-filter
[no] shutdown
[no] shutdown

3.8.1.5. IGMP Commands

config
— service
vprn service-id [customer customer-id]
— no vprn service-id
[no] igmp
[no] group-interface ip-int-name
[no] group-interface fwd-service service-id ip-int-name
import policy-name
— no import
max-groups value
— no max-groups
max-grp-sources max-group-sources
max-sources max-sources
mcac
if-policy mcac-if-policy-name
— no if-policy
[no] shutdown
policy policy-name
— no policy
unconstrained-bw bandwidth mandatory-bw mandatory-bw
query-src-ip ip-address
[no] shutdown
[no] subnet-check
version version
— no version
grp-if-query-src-ip ip-address
[no] interface ip-int-name
import policy-name
— no import
max-groups value
— no max-groups
max-sources max-sources
max-grp-sources max-grp-sources
mcac
if-policy mcac-if-policy-name
— no if-policy
level level-id bw bandwidth
— no level level-id
number-down number-lag-port-down level level-id
— no number-down number-lag-port-down
[no] shutdown
policy policy-name
— no policy
unconstrained-bw bandwidth mandatory-bw mandatory-bw
[no] shutdown
[no] grp-range start end
[no] source ip-address
static
[no] group
[no] source ip-address
[no] starg
[no] group grp-ip-address
[no] group start grp-ipv6-address end grp-ipv6-address [step ipv6-address]
[no subnet-check
version version
— no version
[no] query-interval
query-interval seconds
[no] robust-count
robust-count robust-count
[no] shutdown
[no] grp-range start end
[no] source ip-address

3.8.1.6. IPSec Configuration Commands

config
— service
vprn service-id [customer customer-id]
— no vprn service-id
ipsec
security-policy security-policy-id [create]
— no security-policy security-policy-id
entry entry-id [create]
— no entry entry-id
local-ip {ip-prefix/prefix-length | ip-prefix netmask | any}
remote-ip {ip-prefix/prefix-length | ip-prefix netmask | any}
interface ip-int-name [create]
— no interface ip-int-name
[no] address {ip-address/mask | ip-address netmask}
description description-string
— no description
ip-mtu octets
— no ip-mtu
sap sap-id [create]
— no sap sap-id
description description-string
— no description
egress
[no] agg-rate
rate {max | rate}
— no rate
filter ip ip-filter-id
— no filter [ip ip-filter-id]
qos policy-id [port-redirect-group queue-group-name instance instance-id]
— no qos
[no] queue queue-id
adaptation-rule [pir adaptation-rule] [cir adaptation-rule]
avg-frame-overhead percentage
cbs size-in-kbytes
— no cbs
mbs {size [bytes | kilobytes] | default}
— no mbs
parent [weight weight] [cir-weight cir-weight]
— no parent
percent-rate pir-percent [cir cir-percent]
rate pir-rate [cir cir-rate]
— no rate
[no] scheduler scheduler-name
rate pir-rate [cir cir-rate]
— no rate
scheduler-policy scheduler-policy-name
filter ip ip-filter-id
— no filter [ip ip-filter-id]
match-qinq-dot1p {top | bottom}
qos policy-id [shared-queuing | multipoint-shared] [fp-redirect-group queue-group-name instance instance-id]
— no qos
[no] queue queue-id
adaptation-rule [pir adaptation-rule] [cir adaptation-rule]
cbs size-in-kbytes
— no cbs
mbs {size [bytes | kilobytes] | default}
— no mbs
rate pir-rate [cir cir-rate]
— no rate
[no] scheduler scheduler-name
rate pir-rate [cir cir-rate]
— no rate
scheduler-policy scheduler-policy-name
[no] shutdown
ipsec-tunnel ipsec-tunnel-name [create]
— no ipsec-tunnel ipsec-tunnel-name
[no] bfd-designate
bfd-enable service service-id interface interface-name dst-ip ip-address
bfd-enable service-name service-name interface interface-name dst-ip ip-address
— no bfd-enable
[no] clear-df-bit
description description-string
ike-policy ike-policy-id
— no ike-policy
local-id type {ipv4 v4address | fqdn fqdn-value}
— no local-id
transform transform-id [transform-id]
— no transform
local-gateway-address ip-address peer ip-address delivery-service service-id
local-gateway-address ip-address peer ip-address delivery-service-name service-name
[no] manual-keying
security-association security-entry-id authentication-key authentication-key encryption-key encryption-key spi spi transform transform-id direction {inbound | outbound}
— no security-association security-entry-id direction {inbound | outbound}
replay-window {32 | 64 | 128 | 256 | 512}
security-policy security-policy-id
[no] shutdown
[no] sap sap-id
ipsec-gw name
— no ipsec-gw
cert
cert-profile name
default-secure-service service-id interface ip-int-name
default-secure-service name service-name interface ip-int-name
default-tunnel-template ipsec template identifier
ike-policy ike-policy-id
— no ike-policy
local-gateway-address ip-address
local-id type {ipv4 | fqdn} [value [value]]
— no local-id
radius-accounting-policy policy-name
[no] shutdown

3.8.1.7. Log Commands

Refer to the 7450 ESS, 7750 SR, 7950 XRS, and VSR System Management Guide for information about configuring event and accounting logs.

config
— service
vprn service-id [customer customer-id]
— no vprn service-id
log
[no] filter filter-id
default-action {drop | forward}
description description-string
[no] entry entry-id
action {drop | forward}
— no action
description description-string
[no] match
application {eq | neq} application-id
message {eq | neq} pattern pattern [regexp]
— no message
number {eq | neq | lt | lte | gt | gte} event-id
— no number
severity {eq | neq | lt | lte | gt | gte} severity-level
— no severity
subject {eq | neq} subject [regexp]
— no subject
[no] log-id log-id
description description-string
filter filter-id
— no filter
from {[main] [change]}
— no from
[no] shutdown
time-format {local | utc}
to snmp [size]
to syslog syslog-id
[no] snmp-trap-group log-id
description description-string
trap-target name [address ip-address] [port port] [snmpv1 | snmpv2c | snmpv3] notify-community communityName | snmpv3SecurityName [security-level {no-auth-no-privacy | auth-no-privacy | privacy}] [replay]
— no trap-target name
[no] syslog syslog-id
address ip-address
— no address
description description-string
facility syslog-facility
— no facility
level {emergency | alert | critical | error | warning | notice | info | debug}
— no level
log-prefix log-prefix-string
— no log-prefix
port port
— no port

3.8.1.8. Multicast VPN Commands

config
— service
vprn service-id [customer customer-id]
— no vprn service-id
mvpn
[no] auto-discovery [default | mdt-safi] [source-address ip-address]
c-mcast-signaling {bgp | pim}
intersite-shared [persistent-type5-adv] [kat-type5-adv-withdraw]
mdt-type {sender-receiver | sender-only | receiver-only}
src-prefix ip-address/mask [ip-address/mask]
— no src-prefix ip-address/mask
ipv6
src-prefix ipv6-ip-address/prefix-length [ipv6-ip-address/prefix-length]
— no src-prefix ipv6-ip-address/prefix-length
[no] core-mvpn service-id
group-prefix ip-address/mask [ip-address/mask] [starg]
— no group-prefix ip-address/mask
bsr {unicast | spmsi}
— no bsr
mldp
[no] shutdown
pim {asm | ssm} grp-ip-address
— no pim
hello-interval hello-interval
hello-multiplier deci-units
[no] shutdown
rsvp
enable-bfd-root [transmit-interval] [multiplier multiplier]
lsp-template lsp-template
[no] shutdown
data-threshold {c-grp-ip-addr/mask | c-grp-ip-addr netmask} s-pmsi-threshold [pe-threshold-add pe-threshold-add] [pe-threshold-delete pe-threshold-delete]
data-threshold c-grp-ipv6-addr/prefix-length s-pmsi-threshold [pe-threshold-add pe-threshold-add] [pe-threshold-delete pe-threshold-delete]
— no data-threshold {c-grp-ip-addr/mask | c-grp-ip-addr netmask}
— no data-threshold c-grp-ipv6-addr/prefix-length}
[no] multistream-spmsi index [create]
[no] group ip-address [/mask]
[no] source ip-address [/mask]
[no] source any
[no] lsp-template lsp-template-name
mdt-pim mode {asm | ssm} group-address group-ip-address
— no mdt-pim
[no] shutdown
[no] pim-asm {grp-ip-address/mask | grp-ip-address netmask}
pim-ssm {grp-ip-address/mask | grp-ip-address netmask}
— no rsvp
— no shutdown
— no mldp
— no shutdown
— no pim-asm
umh-pe ip-address standby ip-address
— no umh-pe ip-address
umh-selection {highest-ip| hash-based | tunnel-status | unicast-rt-pref}
vrf-export {unicast | policy-name [policy-name]}
— no vrf-export
vrf-import {unicast | plcy-or-long-expr [plcy-or-expr [plcy-or-expr]]}
— no vrf-import
vrf-target {unicast | ext-community | export unicast | ext-community | import unicast | ext-community}
— no vrf-target
export {unicast | ext-community}
import {unicast | ext-community}

3.8.1.9. Redundant Interface Commands

config
— service
vprn service-id [customer customer-id]
— no vprn service-id
[no] redundant-interface ip-int-name
address {ip-address/mask | ip-address netmask} [remote-ip ip-address]
— no address
description long-description-string
up ip seconds
— no up ip
up ipv6 seconds
— no up ipv6
down ip seconds [init-only]
— no down ip
down ipv6 seconds [init-only]
— no down ipv6
[no] shutdown
[no] spoke-sdp sdp-id:vc-id
egress
filter [ip ip-filter-id]
vc-label ingress-vc-label
— no vc-label [ingress-vc-label]
filter [ip ip-filter-id]
— no filter
vc-label ingress-vc-label
— no vc-label [ingress-vc-label]
[no] shutdown

3.8.1.10. Router Advertisement Commands

config
service
— vprn
[no] dns-options
server ipv6-address
— no server
rdnss-lifetime {seconds | infinite}
[no] interface ip-int-name
[no] dns-options
server ipv6-address
— no server
rdnss-lifetime seconds
[no] include-dns
mtu mtu-bytes
no mtu
prefix [ipv6-prefix/prefix-length]
no prefix
[no] autonomous
[no] on-link
preferred-lifetime {seconds | infinite}
valid-lifetime {seconds | infinite}
reachable-time milli-seconds
retransmit-time milli-seconds
router-lifetime seconds
[no] shutdown

3.8.1.11. NTP Commands

The ntp-server command is not supported in the vprn ntp context. Then NTP is configured in a VPRN service, the NTP server mode is assumed and is not optional.

config
— service
— vprn
[no] ntp
[no] authenticate
authentication-key key-id key key [hash | hash2] type {des | message-digest}
— no authentication-key key-id
[no] broadcast [router router-name] {interface ip-int-name} [key-id key-id] [version version] [ttl ttl]

3.8.1.12. NAT Commands

config
— service
vprn service-id [customer customer-id]
— no vprn service-id
[no] nat
inside
[no] destination-prefix ip-prefix/length
[no] address ipv6-address
tunnel-mtu mtu-bytes
— no tunnel-mtu
[no] shutdown
subscriber-prefix-length prefix-length
[no] address ip-address/mask
nat-policy nat-policy-name
— no nat-policy
peer ip-address
— no peer
steering-route ip-prefix/length
pool nat-pool-name [nat-group nat-group-id type pool-type [no-allocate] [create]
— no pool nat-pool-name
address-range start-ip-addr end-ip-addr [create]
— no address-range start-ip-address end-ip-address
description description-string
[no] drain
description description-string
mode {auto | n apt}
— no mode
port-forwarding-range range-end
port-reservation blocks num-blocks
port-reservation ports num-ports
export ip-prefix/length
— no export
follow router router-instance pool name
— no follow
monitor ip-prefix/length
— no monitor
[no] shutdown
watermarks high percentage-high low percentage-low
— no watermarks

3.8.1.13. Subscriber Interface Commands

config
— service
vprn service-id [customer customer-id]
— no vprn service-id
subscriber-interface ip-int-name [fwd-service service-id fwd-subscriber-interface ip-int-name] [create]
— no subscriber-interface ip-int-name
[no] address {ip-address/mask | ip-address netmask} [gw-ip-address ip-address] [populate-host-routes] [track-srrp srrp-instance [holdup-time msecs]]
description long-description-string
dhcp
client-applications dhcp ppp
description description-string
gi-address ip-address [src-ip-addr]
— no gi-address
lease-populate nbr-of-leases
[no] option
[no] sap-id
[no] service-id
string text
— no string
[no] system-id
emulated-server ip-address
lease-time [days days] [hrs hours] [min minutes] [sec seconds] [radius-override]
— no lease-time
[no] shutdown
python-policy name
relay-proxy [release-update-src-ip] [siaddr-override ip-address]
server server1 [server2]
— no server
[no] shutdown
[no] group-interface ip-int-name
host-limit max-num-hosts
— no host-limit
min-auth-interval min-auth-interval
sap-host-limit max-num-hosts-sap
[no] shutdown
[no] arp-populate
arp-timeout seconds
description long-description-string
dhcp
client-applications dhcp ppp
description description-string
filter filter-id
— no filter
gi-address ip-address [src-ip-addr]
— no gi-address
lease-populate nbr-of-leases
[no] option
action {replace | drop | keep}
— no action
circuit-id [ascii-tuple | ifindex | sap-id | vlan-ascii-tupl]
— no circuit-id
remote-id [mac | string string]
— no remote-id
[no] sap-id
[no] service-id
string text
— no string
[no] system-id
emulated-server ip-address
lease-time [days days] [hrs hours] [min minutes] [sec seconds] [override]
— no lease-time
[no] shutdown
python-policy name
relay-proxy [release-update-src-ip] [siaddr-override ip-address]
server server1 [server2]
— no server
[no] shutdown
[no] trusted
user-db local-user-db-name
— no user-db
host-connectivity-verify [interval interval] [action {remove | alarm}] [timeout retry-timeout] [retry-count count] [family family]
up ip seconds
— no up ip
up ipv6 seconds
— no up ipv6
down ip seconds [init-only]
— no down ip
down ipv6 seconds [init-only]
— no down ipv6
icmp
[no] mask-reply
redirects [number seconds]
— no redirects
ttl-expired [number seconds]
unreachables [number seconds]
[no] ipv6
[no] dhcp6
[no] option
interface-id ascii-tuple
interface-id ifindex
interface-id sap-id
interface-id string
— no interface-id
[no] remote-id
max-advertisement seconds
min-advertisement seconds
mtu bytes
— no mtu
[no] prefix-options
[no] autonomous
preferred-lifetime [seconds | infinite]
valid-lifetime [seconds | infinite]
reachable-time milliseconds
retransmit-time milliseconds
router-lifetime seconds
router-lifetime no-default-router
[no] proxy-server
renew-timer seconds
rebind-timer seconds
preferred-lifetime [seconds | infinite]
valid-lifetime [seconds | infinite]
client-applications [dhcp] [ppp]
[no] vprn
current-hop-limit hop-count
[no] mac ieee-address
[no] pppoe
description description-string
pap-chap-user-db local-user-db-name
policy pppoe-policy-name
— no policy
sap-session-limit sap-session-limit
session-limit session-limit
user-db local-user-db-name
— no user-db
[no] shutdown
[no] proxy-arp-policy policy-name [policy-name]
broadcast red-ip-int-name
[no] sap sap-id
accounting-policy acct-policy-id
— no accounting-policy [acct-policy-id]
anti-spoof {ip | ip-mac | nh-mac}
— no anti-spoof
app-profile app-profile-name
atm
egress
traffic-desc traffic-desc-profile-id
encapsulation atm-encap-type
traffic-desc traffic-desc-profile-id
oam
[no] alarm-cells
calling-station-id calling-station-id
[no] bfd-enable
cpu-protection {[mac-monitoring] | [eth-cfm-monitoring [aggregate] [car]]}
default-host ip-address/mask next-hop next-hop-ip
— no default-host ip-address/mask
description long-description-string
dist-cpu-protection policy-name
egress
[no] agg-rate
rate {max | rate}
— no rate
filter ip ip-filter-id
filter ipv6 ipv6-filter-id
— no filter [ip ip-filter-id] [ipv6 ipv6-filter-id]
— no filter
policer-control-policy policy-name
qos policy-id [port-redirect-group queue-group-name instance instance-id]
— no qos
scheduler-policy scheduler-policy-name
[no] fwd-wholesale
pppoe service-id
— no pppoe
expiry-time expiry-time
import policy-name
— no import
max-num-groups max-num-groups
max-num-grp-sources [number]
max-num-sources max-num-sources
filter ip ip-filter-id
filter ipv6 ipv6-filter-id
— no filter [ip ip-filter-id] [ipv6 ipv6-filter-id]
— no filter
match-qinq-dot1p {top | bottom}
qos policy-id [shared-queuing | multipoint-shared] [fp-redirect-group queue-group-name instance instance-id]
— no qos
scheduler-policy scheduler-policy-name
lag-link-map-profile link-map-profile-id
multi-service-site customer-site-name
static-host ip ip/did-address [mac ieee-address] [create]
static-host mac ieee-address [create]
— no static-host [ip ip-address] mac ieee-address
— no static-host all [force]
— no static-host ip ip-address
ancp-string ancp-string
app-profile app-profile-name [scope scope-type}]
inter-dest-id intermediate-destination-id
route {ip-prefix/length | ip-prefix netmask} [create]
— no route {ip-prefix/length | ip-prefix netmask}
[no] shutdown
sla-profile sla-profile-name
sub-profile sub-profile-name
subscriber sub-ident
— no subscriber
[no] shutdown
[no] sub-sla-mgmt
def-sla-profile default-sla-profile-name
def-sub-profile default-subscriber-profile-name
multi-sub-sap subscriber-limit
[no] shutdown
non-sub-traffic sub-profile sub-profile-name sla-profile sla-profile-name [subscriber sub-ident-string]
sub-ident-policy sub-ident-policy-name
shcv-policy-ipv4 policy-name
shcv-policy-ipv6 policy-name
[no] shutdown
[no] srrp srrp-id
[no] bfd-enable svc-id interface interface-name dst-ip ip-address
[no] bfd-enable interface interface-name dst-ip ip-address
[no] bfd-enable interface interface-name dst-ip ip-address name name
description description-string
gw-mac mac-address
— no gw-mac
keep-alive-interval interval
message-path sap-id
[no] policy vrrp-policy-id
priority priority
— no priority
send-fib-population-packets all | outer-tag-only
[no] shutdown
[no] wpp
initial-app-profile profile-name
initial-sla-profile profile-name
initial-sub-profile profile-name
portal router router-instance name wpp-portal-name
— no portal
[no] shutdown
[no] urpf-check
mode {strict | loose | strict-no-ecmp}
[no] ipv6
[no] delegated-prefix-length prefix-length
prefix ipv6-address/prefix-length [pd] [wan-host]
— no prefix ipv6-address/prefix-length
[no] shutdown

3.8.1.13.1. Group Interface SAP ETH-CFM Commands

config>service>vprn>sub-if>grp-if>sap
fc fc-name [fc-name]
— no fc
fc-in-profile fc-name [fc-name]
mep mep-id domain md-index association ma-index [direction {up | down}]
— no mep mep-id domain md-index association ma-index
[no] ais-enable
[no] ccm-enable
ccm-ltm-priority priority
[no] description
[no] test-pattern {all-zeros | all-ones} [crc-enable]
fault-propagation-enable {use-if-tlv | suspend-ccm}
grace
eth-ed
priority priority
— no priority
[no] rx-eth-ed
[no] tx-eth-ed
low-priority-defect {allDef | macRemErrXcon | remErrXcon | errXcon | xcon | noXcon}
[no] shutdown
squelch-ingress-levels [md-level [md-level]]
tunnel-fault [accept | ignore]

3.8.1.14. Interface Commands

config
— service
— vprn
[no] interface ip-int-name
address {ip-address/mask | ip-address netmask} [broadcast all-ones | host-ones] [track-srrp srrp-instance]
— no address [ip-address/mask | ip-address netmask]
arp-limit limit [log-only] [threshold percent]
— no arp-limit
[no] arp-populate
arp-retry-timer timer-multiple
arp-timeout [seconds]
— no arp-timeout
bfd transmit-interval [receive receive-interval] [multiplier multiplier] [echo-receive echo-interval] [type cpm-np]
— no bfd
sampling {unicast | multicast} type {acl | interface} [direction {ingress-only | egress-only | both}]
— no sampling {unicast | multicast}
cpu-protection policy-id
description long-description-string
— no description
dhcp
description description-string
gi-address ip-address [src-ip-addr]
— no gi-address
lease-populate [nbr-of-leases]
[no] option
action {replace | drop | keep}
— no action
circuit-id [ascii-tuple | ifindex | sap-id | vlan-ascii-tuple]
— no circuit-id
remote-id [mac | string string]
[no] pool-name
[no] sap-id
[no] service-id
string text
— no string
[no] system-id
emulated-server ip-address
lease-time [days days] [hrs hours] [min minutes] [sec seconds] [radius-override]
— no lease-time
[no] shutdown
relay-proxy [release-update-src-ip] [siaddr-override ip-address]
python-policy policy-name
— sap sap-id
server server1 [server2]
— no server
[no] shutdown
[no] trusted
[no] use-arp
host-connectivity-verify [source {vrrp | interface}] [interval interval] [action {remove | alarm}] [timeout retry-timeout] [retry-count count]
up ip seconds
— no up ip
up ipv6 seconds
— no up ipv6
down ip seconds [init-only]
— no down ip
down ipv6 seconds [init-only]
— no down ipv6
icmp
[no] mask-reply
param-problem number seconds
— no param-problem [number seconds]
redirects number seconds
— no redirects [number seconds]
ttl-expired number seconds
— no ttl-expired [number seconds]
unreachables number seconds
— no unreachables [number seconds]
[no] admin-group group-name [group-name]
srlg-group group-name [group-name]
— no srlg-group
policy-accounting template-name
ip-helper-address gateway-address
ip-mtu octets
— no ip-mtu
ipcp
dns ip-address [secondary ip-address]
dns secondary ip-address
— no dns [ip-address] [secondary ip-address]
peer-ip-address ip-address
[no] ipv6
address ipv6-address/prefix-length [eui-64] [track-srrp srrp-instance] [modifier cga-modifier] [dad-disable] [primary-preference primary-preference]
— no address ipv6-address/prefix-length
bfd transmit-interval [receive receive-interval] [multiplier multiplier] [echo-receive echo-interval] [type cpm-np]
— no bfd
[no] dad-disable
[no] dhcp6-relay
lease-populate [nbr-of-leases]
[no] dhcp6-server
icmp6
packet-too-big [number seconds]
param-problem [number seconds]
redirects [number seconds]
— no redirects
time-exceeded [number seconds]
unreachables number seconds
link-local-address ipv6-address [dad-disable]
nd-learn-unsolicited {global | link-local | both}
nd-proactive-refresh {global | link-local | both}
nd-route-tag tag
neighbor ipv6-address mac-address
— no neighbor ipv6-address
neighbor-limit limit [log-only] [threshold percent]
proxy-nd-policy policy-name [policy-name]
python-policy policy-name
stale-time seconds
— no stale-time
[no] secure-nd
link-local-modifier modifier
[no] shutdown
tcp-mss mss-value
[no] tcp-mss
[no] urpf-check
mode {strict | loose | strict-no-ecmp}}
— no mode
egr-ip-load-balancing {source | destination | inner-ip}
local-dhcp-server local-server-name
[no] loopback
mac ieee-address
— no mac [ieee-address]
[no] ptp-hw-assist
qos-route-lookup [source | destination]
secondary {ip-address/mask | ip-address netmask} [broadcast all-ones | host-ones] [igp-inhibit]
— no secondary {ip-address/mask | ip-address netmask}
shcv-policy-ipv4 policy-name
[no] shutdown
static-arp ip-address ieee-address
— no static-arp ip-address [ieee-address]
tcp-mss mss-value
[no] tcp-mss
tos-marking-state {trusted | untrusted}
unnumbered [ip-int-name | ip-address]
— no unnumbered
[no] urpf-check
mode {strict | loose | strict-no-ecmp}}
— no mode
vas-if-type {to-from-access | to-from-network | to-from-both}
vpls service-name
— no vpls
egress
reclassify-using-qos policy-id
v4-routed-override-filter ipv4-filter-id
v6-routed-override-filter ipv6-filter-id
v4-routed-override-filter ipv4-filter-id
v6-routed-override-filter ipv6-filter-id

3.8.1.15. Network Interface Commands

config
— service
— vprn
network-interface interface-name [create]
— no network-interface interface-name
address ip-address[/mask] [netmask] [broadcast {all-ones | host-ones}]
— no address
[no] arp-populate
arp-retry-timer timer-multiple
arp-timeout [seconds]
— no arp-timeout
bfd transmit-interval [receive receive-interval] [multiplier multiplier] [echo-receive echo-interval] [type cpm-np]
— no bfd
sampling {unicast | multicast} type {acl | interface} [direction {ingress-only | egress-only | both}]
— no sampling {unicast | multicast}
cpu-protection policy-id [mac-monitoring] | [eth-cfm-monitoring [aggregate] [car]]
description long-description-string
dist-cpu-protection policy-name
egress
filter ip ip-filter-id
filter ipv6 ipv6-filter-id
— no filter [ip ip-filter-id] [ipv6 ipv6-filter-id]
up ip seconds
— no up ip
up ipv6 seconds
— no up ipv6
down ip seconds [init-only]
— no down ip
down ipv6 seconds [init-only]
— no down ipv6
icmp
[no] mask-reply
redirects number seconds
— no redirects [number seconds]
ttl-expired number seconds
— no ttl-expired [number seconds]
unreachables number seconds
— no unreachables [number seconds]
filter ip ip-filter-id
filter ipv6 ipv6-filter-id
— no filter [ip ip-filter-id] [ipv6 ipv6-filter-id]
ip-mtu octets
— no ip-mtu
lag lag-id[:encap-val]
— no lag
lag-per-link-hash class {1 | 2 | 3} weight weight
[no] loopback
egr-ip-load-balancing {source | destination | inner-ip}
lsr-load-balancing hashing-algorithm
mac ieee-address
— no mac
qos network-policy-id port-redirect-group queue-group-name egress-instance instance-id fp-redirect-group queue-group-name ingress-instance instance-id
— no qos
secondary {ip-address/mask | ip-address netmask} [broadcast all-ones | host-ones] [igp-inhibit]
— no secondary {ip-address/mask | ip-address netmask}
static-arp ieee-mac-address unnumbered
— no static-arp unnumbered
tos-marking-state {trusted | untrusted}
[no] urpf-check
mode {strict | loose | strict-no-ecmp}

3.8.1.16. Interface Spoke SDP Commands

config
— service
vprn service-id [customer customer-id]
— no vprn service-id
[no] interface ip-int-name
spoke-sdp sdp-id [:vc-id] vc-type {ether | ipipe} [create]
— no spoke-sdp sdp-id [:vc-id] vc-type {ether | ipipe} [create]
aarp aarpId type type
— no aarp
accounting-policy acct-policy-id
app-profile app-profile-name
bfd-template name
[no] bfd-enable
refresh-timer value
request-timer timer1 retry-timer timer2 [timeout-multiplier multiplier]
[no] control-word
egress
filter ip ip-filter-id
filter ipv6 ipv6-filter-id}
— no filter
qos network-policy-id port-redirect-group queue-group-name [instance instance-id]
— no qos
vc-label egress-vc-label
— no vc-label [egress-vc-label]
[no] entropy-label
fc fc-name [fc-name]
— no fc
fc-in-profile fc-name [fc-name]
mep mep-id domain md-index association ma-index [direction {up | down}]
— no mep mep-id domain md-index association ma-index
[no] ais-enable
[no] ccm-enable
ccm-ltm-priority priority
grace
eth-ed
priority priority
— no priority
[no] rx-eth-ed
[no] tx-eth-ed
ccm-padding-size ccm-padding
— no ccm-padding-size ccm-padding
[no] csf-enable
multiplier multiplier-value
— no multiplier
description description-string
[no] test-pattern {all-zeros | all-ones} [crc-enable]
fault-propagation-enable {use-if-tlv | suspend-ccm}
low-priority-defect {allDef | macRemErrXcon | remErrXcon | errXcon | xcon | noXcon}
[no] squelch-ingress-levels [md-level [md-level…]]
[no] hash-label
qos
filter ip ip-filter-id
filter ipv6 ipv6-filter-id}
— no filter
ingress network-policy-id fp-redirect-group queue-group-name instance instance-id
— no qos
vc-label ingress-vc-label
— no vc-label [ingress-vc-label]
[no] shutdown
transit-policy {ip ip-aasub-policy-id | prefix prefix-aasub-policy-id}
[no] pw-path-id
agi agi
— no agi
saii-type2 global-id:node-id:ac-id
— no saii-type2
taii-type2 global-id:node-id:ac-id
— no taii-type2

3.8.1.17. Interface VRRP Commands

config
— service
vprn service-id [customer customer-id]
— no vprn service-id
interface ip-int-name
vrrp
vrrp virtual-router-id [owner] [passive]
— no vrrp virtual-router-id
[no] backup ip-address
[no] bfd-enable interface interface-name dst-ip ip-address
[no] bfd-enable interface interface-name dst-ip ip-address name name
[no] bfd-enable svc-id interface interface-name dst-ip ip-address
init-delay seconds
— no init-delay
mac ieee-address
— no mac
message-interval {[seconds] [milliseconds milliseconds]}
[no] ping-reply
policy vrrp-policy-id
— no policy
[no] preempt
priority priority
— no priority
[no] shutdown
[no] ssh-reply
[no] telnet-reply
— ipv6
vrrp virtual-router-id [owner] [passive]
— no vrrp virtual-router-id
authentication-key {authentication-key | hash-key} [hash | hash2]
[no] backup ip-address
[no] bfd-enable svc-id interface interface-name dst-ip ip-address
[no] bfd-enable interface interface-name dst-ip ip-address
[no] bfd-enable interface interface-name dst-ip ip-address name name
init-delay seconds
— no init-delay
mac ieee-address
— no mac
message-interval {[seconds] [milliseconds milliseconds]}
oper-group group-name
— no oper-group
[no] ping-reply
policy vrrp-policy-id
— no policy
[no] preempt
priority priority
— no priority
[no] shutdown
[no] ssh-reply
[no] telnet-reply

3.8.1.18. Interface SAP Commands

config
— service
vprn service-id [customer customer-id]
— no vprn service-id
[no] interface ip-int-name [create] [tunnel]
[no] sap sap-id
aarp aarpId type type
— no aarp
accounting-policy acct-policy-id
— no accounting-policy [acct-policy-id]
anti-spoof {ip | mac | ip-mac}
— no anti-spoof
app-profile app-profile-name
atm
egress
traffic-desc traffic-desc-profile-id
encapsulation atm-encap-type
traffic-desc traffic-desc-profile-id
oam
[no] alarm-cells
bandwidth bandwidth
— no bandwidth
calling-station-id calling-station-id
[no] bfd-enable
cpu-protection policy-id [mac-monitoring] | [eth-cfm-monitoring [aggregate] [car]]
description long-description-string
— no description
dist-cpu-protection policy-name
egress
[no] agg-rate
rate {max | rate}
— no rate
filter ip ip-filter-id
— no filter [ip ip-filter-id]
secondary-shaper secondary-shaper-name
wrr-policy hsmda-wrr-policy-name
— no wrr-policy
packet-byte-offset {add add-bytes | subtract sub-bytes}
queue queue-id
— no queue queue-id
wrr-weight weight
— no wrr-weight
mbs size {[bytes | kilobytes] | default}
— no mbs
[no] monitor-depth
rate pir-rate
— no rate
slope-policy hsmda-slope-policy-name allowable
policer policer-id [create]
— no policer policer-id
source ip-address
remote-ip ip-address
backup-remote-ip ip-address
qos policy-id [port-redirect-group queue-group-name instance instance-id]
— no qos [policy-id]
queue-group-redirect-list redirect-list-name
[no] queue queue-id
adaptation-rule [pir adaptation-rule] [cir adaptation-rule]
avg-frame-overhead percentage
burst-limit {default | size [bytes | kilobytes]}
cbs size-in-kbytes
— no cbs
mbs size {[bytes | kilobytes] | default}
— no mbs
parent [weight weight] [cir-weight cir-weight]
— no parent
percent-rate pir-percent [cir cir-percent]
rate pir-rate [cir cir-rate]
— no rate
[no] scheduler scheduler-name
parent [weight weight] [cir-weight cir-weight]
— no parent
rate pir-rate [cir cir-rate]
— no rate
scheduler-policy scheduler-policy-name
fc fc-name [fc-name]
— no fc
fc-in-profile fc-name [fc-name]
mep mep-id domain md-index association ma-index [direction {up | down}]
— no mep mep-id domain md-index association ma-index
[no] ais-enable
[no] ccm-enable
ccm-ltm-priority priority
[no] ccm-padding-size ccm-padding
[no] csf-enable
multiplier multiplier-value
— no multiplier
description description-string
[no] test-pattern {all-zeros | all-ones} [crc-enable]
fault-propagation-enable {use-if-tlv | suspend-ccm}
grace
eth-ed
priority priority
— no priority
[no] rx-eth-ed
[no] tx-eth-ed
low-priority-defect {allDef | macRemErrXcon | remErrXcon | errXcon | xcon | noXcon}
squelch-ingress-levels [md-level [md-level]]
tunnel-fault [accept | ignore]
[no] frf-12
[no] interleave
scheduling-class class-id
host-lockout-policy policy-name
[no] host-shutdown
filter ip ip-filter-id
— no filter [ip ip-filter-id]
match-qinq-dot1p {top | bottom}
policer policer-id [create]
— no policer policer-id
qos policy-id [shared-queuing | multipoint-shared] [fp-redirect-group queue-group-name instance instance-id]
— no qos [policy-id]
queue-group-redirect-list redirect-list-name
[no] queue queue-id
adaptation-rule [pir adaptation-rule] [cir adaptation-rule]
avg-frame-overhead percentage
cbs size-in-kbytes
— no cbs
mbs size {[bytes | kilobytes] | default}
— no mbs
monitor-depth
[no] monitor-depth
rate pir-rate [cir cir-rate]
— no rate
[no] scheduler scheduler-name
parent [weight weight] [cir-weight cir-weight]
— no parent
rate pir-rate [cir cir-rate]
— no rate
scheduler-policy scheduler-policy-name
ip-tunnel name [create]
— no ip-tunnel name
backup-remote-ip ip-address
[no] clear-df-bit
delivery-service service-id
delivery-service name service-name
description description-string
dscp dscp-name
— no dscp
remote-ip ip-address
— no remote-ip
source ip-address
— no source
lag-link-map-profile lag-link-map-profile-id
multi-service-site customer-site-name
[no] shutdown
static-host ip ip/did-address [mac ieee-address] [create]
static-host mac ieee-address [create]
— no static-host [ip ip-address] mac ieee-address
— no static-host all [force]
— no static-host ip ip-address
ancp-string ancp-string
app-profile app-profile-name
inter-dest-id intermediate-destination-id
[no] shutdown
sla-profile sla-profile-name
sub-profile sub-profile-name
subscriber sub-ident
— no subscriber
transit-policy {ip ip-aasub-policy-id | prefix prefix-aasub-policy-id}

3.8.1.19. Interface SAP Tunnel Commands

config
— service
vprn service-id [customer customer-id]
— no vprn service-id
[no] interface ip-int-name [create] [tunnel]
[no] sap sap-id
aarp aarpId type type
— no aarp
accounting-policy acct-policy-id
— no accounting-policy [acct-policy-id]
anti-spoof {ip | mac | ip-mac}
— no anti-spoof
app-profile app-profile-name
atm
atm
ingress traffic-desc-profile-id
— no ingress
encapsulation atm-encap-type
ingress traffic-desc-profile-id
— no ingress
oam
[no] alarm-cells
[no] alarm-cells
calling-station-id calling-station-id
[no] app-profile
cpu-protection policy-id [mac-monitoring] | [eth-cfm-monitoring [aggregate] [car]]
description description-string
— no description [description-string]
cpu-protection policy-name
egress
[no] agg-rate
[no] rate
rate {max | rate}
— no rate
secondary-shaper secondary-shaper-name
wrr-policy hsmda-wrr-policy-name
— no wrr-policy
packet-byte-offset {add add-bytes | subtract sub-bytes}
[no] queue queue-id
mbs size {[bytes | kilobytes] | default}
— no mbs
rate pir-rate
— no rate
slope-policy hsmda-slope-policy-name
wrr-weight weight
— no wrr-weight
source ip-address
source ip-address
backup-remote-ip ip-address
qos policy-id [port-redirect-group queue-group-name instance instance-id]
— no qos
[no] queue queue-id
adaptation-rule [pir adaptation-rule] [cir adaptation-rule]
adaptation-rule percentage
cbs size-in-kbytes
— no cbs
mbs size {[bytes | kilobytes] | default}
— no mbs
parent [weight weight] [cir-weight cir-weight]
— no parent
percent-rate pir-percent [cir cir-percent]
rate pir-rate [cir cir-rate]
— no rate
[no] scheduler scheduler-name
parent [weight weight] [cir-weight cir-weight]
— no parent
parent pir-rate [cir cir-rate]
— no parent
qos scheduler-policy-name
— no qos
collect-lmm-stats mep-id domain md-index association ma-index [direction {up | down}]
— no collect-lmm-stats mep-id domain md-index association ma-index
[no] ais-enable
ccm-ltm-priority priority
[no] ccm-padding-size ccm-padding
multiplier multiplier-value
— no multiplier
description description-string
[no] test-pattern {all-zeros | all-ones} [crc-enable]
fault-propagation-enable {use-if-tlv | suspend-ccm}
low-priority-defect {allDef | macRemErrXcon | remErrXcon | errXcon | xcon | noXcon}
squelch-ingress-levels [md-level [md-level]]
squelch-ingress-levels [accept | ignore]
[no] frf-12
frf-12 threshold
— no frf-12
[no] interleave
scheduling-class class-id
host-lockout-policy policy-name
[no] host-shutdown
host-shutdown name [create]
— no host-shutdown name
backup-remote-ip ip-address
[no] bfd-enable
delivery-serviceservice-id
description description-string
delivery-service dscp-name
remote-ip ip-address
— no remote-ip
source ip-address
— no source
lag-link-map-profile lag-link-map-profile-id
lag-link-map-profile customer-site-name
[no] shutdown
static-host ip ip/did-address [mac ieee-address] [create]
static-host mac ieee-address [create]
— no static-host [ip ip-address] mac ieee-address
— no static-host all [force]
— no static-host ip ip-address
ancp-string ancp-string
app-profile app-profile-name
app-profile intermediate-destination-id
[no] shutdown
route sla-profile-name
— no route
sub-profile sub-profile-name
subscriber sub-ident
— no subscriber
[no] subscriber
aarp aarpid type type
— no aarp
transit-policy ip ip-aasub-policy-id
transit-policy prefix prefix-aasub-policy-id

3.8.1.20. Routed VPLS Commands

Refer to the 7450 ESS, 7750 SR, 7950 XRS, and VSR Layer 2 Services and EVPN Guide: VLL, VPLS, PBB, and EVPN for more information.

config
— service
vprn service-id [customer customer-id]
— no vprn service-id
interface ip-interface-name [create]
— no interface ip-interface-name
vpls service-name
— no vpls
v4-routed-override-filter ipv4-filter-id
v6-routed-override-filter ipv6-filter-id
egress
reclassify-using-qos sap-egress-qos-id
v4-routed-override-filter ipv4-filter-id
v6-routed-override-filter ipv6-filter-id

3.8.1.21. Oper Group Commands

config
— service
— vprn service-id
— site name [create]
— no monitor-oper-group name

3.8.1.22. Network Ingress Commands

config
— service
— vprn [customer customer-id] [create]
— no vprn service-id
filter {ip ip-filter-id | ipv6 ipv6-filter-id}
— no filter [ip ip-filter-id] [ipv6 ipv6-filter-id]
qos network-policy-id fp-redirect-group queue-group-name instance instance-id
— no qos
[no] urpf-check

3.8.1.23. BGP Configuration Commands

config
— service
vprn service-id [customer customer-id]
— no vprn service-id
[no] bgp
auth-keychain name
authentication-key [authentication-key | hash-key] [hash | hash2]
[no] backup-path [ipv4] [label-ipv4] [ipv6]
always-compare-med [zero | infinity]
always-compare-med strict-as {zero | infinity}
as-path-ignore [ipv4] [label-ipv4] [ipv6]
ebgp-ibgp-equal [ipv4] [label-ipv4] [ipv6]
[no] bfd-enable
cluster cluster-id
— no cluster
[no] connect-retry seconds
[no] damp-peer-oscillations [idle-hold-time initial-wait second-wait max-wait] [error-interval minutes]
[no] damping
description description-string
disable-communities [standard] [extended] [large]
enable-bgp-vpn-backup [ipv4] [ipv6]
export plcy-or-long-expr [plcy-or-expr [plcy-or-expr]]
— no export
family [ipv4] [label-ipv4] [ipv6] [mcast-ipv4] [flow-ipv4]
— no family
[no] long-lived
advertise-stale-to-all-neighbors [without-no-export | no without-no-export]
[no] family {ipv4 | ipv6 | label-ipv4 | flow-ipv4 | flow-ipv6}
forwarding-bits-set {all | non-fwd}
restart-time seconds
hold-time seconds [min seconds2]
— no hold-time
[no] ibgp-multipath
import plcy-or-long-expr [plcy-or-expr [plcy-or-expr]]
— no import
keepalive seconds
— no keepalive
local-as as-number [private]
— no local-as
local-preference local-preference
loop-detect {drop-peer | discard-route | ignore-loop| off}
med-out {number | igp-cost}
— no med-out
multihop ttl-value
— no multihop
multipath max-paths [ebgp ebgp-max-paths] [ibgp ibgp-max-paths] [restrict {same-neighbor-as | exact-as-path}]
— no multipath
policy policy-name
peer-tracking-policy policy-name
preference preference
— no preference
remove-private [limited] [skip-peer-as]
— ipv4
leak-import plcy-or-long-expr [plcy-or-expr [plcy-or-expr]]
route-table-import policy-name
— ipv6
leak-import plcy-or-long-expr [plcy-or-expr [plcy-or-expr]]
route-table-import policy-name
— label-ipv4
leak-import plcy-or-long-expr [plcy-or-expr]
route-table-import policy-name
router-id ip-address
— no router-id
[no] shutdown
[no] split-horizon

3.8.1.24. BGP Group Configuration Commands

config
— service
vprn service-id [customer customer-id]
— no vprn service-id
[no] bgp
[no] group name [esm-dynamic-peer]
[no] as-override
auth-keychain name
authentication-key {authentication-key | hash-key} [hash | hash2]
[no] bfd-enable
cluster cluster-id
— no cluster
connect-retry seconds
[no] damp-peer-oscillations [idle-hold-time initial-wait second-wait max-wait] [error-interval minutes]
[no] damping
description description-string
disable-communities [standard] [extended] [large]
[no] prefix ip-prefix/prefix-length
ebgp-link-bandwidth [ipv4] [label-ipv4] [ipv6]
export policy-name [policy-name]
— no export
family [ipv4] [label-ipv4] [ipv6] [mcast-ipv4] [flow-ipv6] [flow-ipv4] [mcast-ipv6]
— no family
[no] long-lived
advertise-stale-to-all-neighbors [without-no-export | no without-no-export]
[no] family {ipv4 | ipv6 | label-ipv4 | flow-ipv4 | flow-ipv6}
forwarding-bits-set {all | non-fwd}
restart-time seconds
hold-time seconds [min seconds2]
— no hold-time
import policy-name [policy-name]
— no import
keepalive seconds
— no keepalive
local-address ip-address
local-as as-number [private] [no-prepend-global-as]
— no local-as
local-preference local-preference
loop-detect {drop-peer | discard-route | ignore-loop | off}
med-out {number | igp-cost}
— no med-out
multihop ttl-value
— no multihop
[no] next-hop-self
[no] passive
peer-as as-number
— no peer-as
preference preference
— no preference
prefix-limit family limit [log-only] [threshold percentage] [idle-timeout {minutes | forever}] [log-only] [post-import]
— no prefix-limit family
[no] remove-private [limited] [skip-peer-as]
[no] shutdown
ttl-security min-ttl-value
type {internal | external}
— no type

3.8.1.25. BGP Group Neighbor Configuration Commands

config
— service
vprn service-id [customer customer-id]
— no vprn service-id
[no] bgp
[no] group name [esm-dynamic-peer]
[no] neighbor ip-address
[no] as-override
auth-keychain name
authentication-key authentication-key | hash-key [hash | hash2]
[no] bfd-enable
cluster cluster-id
— no cluster
connect-retry seconds
[no] damp-peer-oscillations [idle-hold-time initial-wait second-wait max-wait] [error-interval minutes]
[no] damping
description description-string
disable-communities [standard] [extended] [large]
ebgp-link-bandwidth [ipv4] [label-ipv4] [ipv6]
export policy-name [policy-name]
— no export
family [ipv4] [label-ipv4] [ipv6] [mcast-ipv4] [flow-ipv6] [flow-ipv4] [mcast-ipv6]
— no family
[no] long-lived
advertise-stale-to-all-neighbors [without-no-export | no without-no-export]
[no] family {ipv4 | ipv6 | label-ipv4 | flow-ipv4 | flow-ipv6}
forwarding-bits-set {all | non-fwd}
restart-time seconds
hold-time seconds [min seconds2]
— no hold-time
import policy-name [policy-name]
— no import
keepalive seconds
— no keepalive
local-address ip-address
local-as as-number [private] [no-prepend-global-as]
— no local-as
local-preference local-preference
loop-detect {drop-peer | discard-route | ignore-loop | off}
med-out {number | igp-cost}
— no med-out
multihop ttl-value
— no multihop
[no] next-hop-self
[no] passive
peer-as as-number
— no peer-as
preference preference
— no preference
prefix-limit family limit [log-only] [threshold percentage] [idle-timeout {minutes | forever}] [log-only] [post-import]
— no prefix-limit family
[no] remove-private [limited] [skip-peer-as]
[no] shutdown
ttl-security min-ttl-value
type {internal | external}
— no type

3.8.1.26. IS-IS Configuration Commands

config
— service
vprn service-id [customer customer-id]
— no vprn service-id
[no] isis [isis-instance]
all-l1isis ieee-address
— no all-l1isis
all-l2isis ieee-address
— no all-l2isis
[no] area-id area-address
auth-keychain name
authentication-key [authentication-key | hash-key] [hash | hash2]
authentication-type {password | message-digest}
export policy-name [policy-name]
— no export
export-limit number [log percentage]
[no] helper-disable
hello-padding {none | adaptive | loose | strict}
import policy-name [policy-name]
— no import
[no] interface ip-int-name
bfd-enable {ipv4 | ipv6} [include-bfd-tlv]
— no bfd-enable
csnp-interval seconds
hello-authentication-key authentication-key | hash-key [hash | hash2]
hello-authentication-type {password | message-digest}
hello-padding {none | adaptive | loose | strict}
interface-type {broadcast | point-to-point}
level {1 | 2}
hello-authentication-key authentication-key | hash-key [hash | hash2]
hello-authentication-type {password | message-digest}
hello-interval seconds
hello-multiplier multiplier
hello-padding {none | adaptive | loose | strict}
ipv4-multicast-metric IPv4 multicast metric
ipv6-unicast-metric ipv6-metric
metric ipv4-metric
— no metric
[no] passive
priority number
— no priority
sd-offset sd-offset
— no sd-offset
sf-offset sf-offset
— no sf-offset
level-capability {level-1 | level-2 | level-1/2}
lfa-policy-map route-nh-template template-name
lsp-pacing-interval milliseconds
mesh-group [value | blocked]
— no mesh-group
[no] passive
[no] shutdown
tag tag
— no tag
ipv4-multicast-routing {native | mt}
[no] ipv4-routing
ipv6-routing {native | mt}
level level
auth-keychain name
authentication-key authentication-key | hash-key [hash | hash2]
authentication-type {password | message-digest}
default-ipv4-multicast-metric ipv4 multicast metric
default-metric ipv4 metric
external-preference external-preference
hello-padding {none | adaptive | loose | strict}
lsp-mtu-size size
preference preference
— no preference
level-capability {level-1 | level-2 | level-1/2}
[no] link-group link-group name
description [256 chars max]
level {1 | 2}
[no] member interface-name
oper-members oper-members
revert-members revert-members
loopfree-alternate-exclude prefix-policy prefix-policy [prefix-policy]
lsp-lifetime seconds
lsp-mtu-size size
lsp-refresh-interval [seconds] [half-lifetime {enable | disable}]
[no] ipv6-unicast
[no] multicast-import [ipv4]
overload [timeout seconds] [max-metric]
— no overload
overload-on-boot [timeout seconds] [max-metric]
prefix-limit limit [log-only] [threshold percent] [overload-timeout {seconds | forever}]
— no prefix-limit
reference-bandwidth bandwidth-in-kbps
reference-bandwidth [tbps Tera-bps] [gbps Giga-bps] [mbps Mega-bps] [kbps Kilo-bps]
rib-priority {high} prefix-list-name | tag tag-value
router-id router-id
— no router-id
[no] shutdown
summary-address {ip-prefix/mask | ip-prefix [netmask]} [level] [tag tag]
— no summary-address {ip-prefix/mask | ip-prefix [netmask]}
system-id isis-system-id
— no system-id
[no] timers
lsp-wait lsp-wait [lsp-initial-wait initial-wait] [lsp-second-wait second wait]
— no lsp-wait
spf-wait spf-wait [spf-initial-wait initial-wait] [spf-second-wait second wait]
— no spf-wait

3.8.1.27. OSPF Configuration Commands

config
— service
vprn service-id [customer customer-id]
— no vprn service-id
ospf [router-id]
— no ospf
advertise-router-capability {link | area | as}
[no] area area-id
area-range ip-prefix/mask [advertise | not-advertise]
— no area-range ip-prefix/mask
export policy-name [policy-name]
— no export
import policy-name [policy-name]
— no import
interface ip-int-name [secondary]
— no interface ip-int-name
auth-keychain name
authentication-key [authentication-key | hash-key] [hash | hash2]
authentication-type {password | message-digest}
bfd-enable [remain-down-on-failure]
— no bfd-enable
dead-interval seconds
hello-interval seconds
interface-type {broadcast | point-to-point | non-broadcast}
lfa-policy-map route-nh-template template-name
lsa-filter-out [all | except-own-rtrlsa | except-own-rtrlsa-and-defaults]
message-digest-key key-id md5 [key | hash-key] [hash | hash2]
— no message-digest-key key-id
metric metric
— no metric
mtu bytes
— no mtu
[no] neighbor ip-address
[no] passive
poll-interval seconds
priority number
— no priority
rib-priority prefix-list-name
[no] shutdown
transit-delay seconds
[no] nssa
area-range ip-prefix/mask [advertise | not-advertise]
— no area-range ip-prefix/mask
originate-default-route [type-7] [no-adjacency-check]
[no] summaries
[no] sham-link ip-int-name ip-address
auth-keychain name
authentication-key {authentication-key | hash-key} [hash | hash2]
authentication-type {password | message-digest}
dead-interval seconds
hello-interval seconds
message-digest-key key-id md5 [key | hash-key] [hash | hash2]
— no message-digest-key key-id
metric metric
— no metric
[no] shutdown
transit-delay seconds
[no] stub
default-metric metric
[no] summaries
[no] virtual-link router-id transit-area area-id
auth-keychain name
authentication-key {authentication-key | hash-key} [hash | hash2]
authentication-type {password | message-digest}
dead-interval seconds
hello-interval seconds
message-digest-key key-id md5 {key | hash-key} [hash | hash2]
— no message-digest-key key-id
[no] shutdown
transit-delay seconds
export policy-name [policy-name]
— no export
export-limit number [log percentage]
external-db-overflow limit seconds
external-preference preference
[no] ignore-dn-bit
import policy-name [policy-name]
— no import
[no] ignore-dn-bit
loopfree-alternate-exclude prefix-policy prefix-policy [prefix-policy]
overload [timeout seconds]
no overload
overload-on-boot [timeout seconds]
preference preference
— no preference
reference-bandwidth bandwidth-in-kbps
rib-priority prefix-list-name
router-id ip-address
— no router-id
rtr-adv-lsa-limit [1..4294967295] [log-only] [threshold percent]
rtr-adv-lsa-limit [1..4294967295] [log-only] [threshold percent] overload-timeout forever
rtr-adv-lsa-limit [1..4294967295] [log-only] [threshold percent] overload-timeout seconds
[no] shutdown
timers
incremental-spf-wait inc-spf-wait
lsa-accumulate lsa-accum-time
lsa-arrival lsa-arrival-time
lsa-generate max-lsa-wait [lsa-initial-wait lsa-initial-wait [lsa-second-wait lsa-second-wait]]
redistribute-delay redist-wait
spf-wait max-spf-wait [spf-initial-wait [spf-second-wait]]
— no spf-wait
vpn-domain id {0005 | 0105 | 0205 | 8005}
— no vpn-domain
vpn-tag vpn-tag
— no vpn-tag
ospf3 [instance-id] [router-id]
[no] ospf3 instance-id
advertise-router-capability {link | area | as}
[no] area area-id
area-range ip-prefix/mask [advertise | not-advertise]
— no area-range ip-prefix/mask
export policy-name [policy-name]
— no export
import policy-name [policy-name]
— no import
interface ip-int-name [secondary]
— no interface ip-int-name
authentication bidirectional sa-name
authentication inbound sa-name outbound sa-name
bfd-enable [remain-down-on-failure]
— no bfd-enable
dead-interval seconds
hello-interval seconds
interface-type {broadcast | point-to-point | non-broadcast}
lfa-policy-map route-nh-template template-name
lsa-filter-out [all | except-own-rtrlsa | except-own-rtrlsa-and-defaults]
metric metric
— no metric
mtu bytes
— no mtu
[no] neighbor ip-address
[no] passive
poll-interval seconds
priority number
— no priority
rib-priority prefix-list-name
[no] shutdown
transit-delay seconds
key-rollover-interval key-rollover-interval
[no] nssa
area-range {ip-prefix/mask | ipv6-prefix/prefix-length} [advertise | not-advertise]
— no area-range {ip-prefix/mask | ipv6-prefix/prefix-length}
originate-default-route [type-7] [no-adjacency-check]
[no] summaries
[no] stub
default-metric metric
[no] summaries
[no] virtual-link router-id transit-area area-id
authentication bidirectional sa-name
authentication inbound sa-name outbound sa-name
dead-interval seconds
hello-interval seconds
[no] shutdown
transit-delay seconds
export policy-name [policy-name]
— no export
export-limit number [log percentage]
external-db-overflow limit seconds
external-preference preference
[no] ignore-dn-bit
import policy-name [policy-name]
— no import
loopfree-alternate-exclude prefix-policy prefix-policy [prefix-policy]
overload [timeout seconds]
no overload
overload-on-boot [timeout seconds]
preference preference
— no preference
reference-bandwidth bandwidth-in-kbps
rib-priority prefix-list-name
router-id ip-address
— no router-id
rtr-adv-lsa-limit [1..4294967295] [log-only] [threshold percent]
rtr-adv-lsa-limit [1..4294967295] [log-only] [threshold percent] overload-timeout forever
rtr-adv-lsa-limit [1..4294967295] [log-only] [threshold percent] overload-timeout seconds
[no] shutdown
timers
incremental-spf-wait inc-spf-wait
lsa-accumulate lsa-accum-time
lsa-arrival lsa-arrival-time
lsa-generate max-lsa-wait [lsa-initial-wait lsa-initial-wait [lsa-second-wait lsa-second-wait]]
redistribute-delay redist-wait
spf-wait max-spf-wait [spf-initial-wait spf-initial-wait] [spf-second-wait spf-second-wait]
— no spf-wait

3.8.1.28. PIM Configuration Commands

config
— service
vprn service-id [customer customer-id]
— no vprn service-id
[no] pim
apply-to {all | none}
[no] grt-extranet
group-prefix ip-address/mask [ip-address/mask] [starg]
group-prefix any
— no group-prefix ip-address/mask
— no group-prefix any
import {join-policy | register-policy} policy-name [policy-name]
— no import {join-policy | register-policy}
[no] interface ip-int-name
assert-period assert-period
[no] bfd-enable [ipv4 | ipv6]
hello-interval hello-interval
hello-multiplier deci-units
max-groups value
— no max-groups
mcac
if-policy mcac-if-policy-name
— no if-policy
level level-id bw bandwidth
— no level level-id
number-down number-lag-port-down level level-id
— no number-down number-lag-port-down
[no] shutdown
policy policy-name
— no policy
unconstrained-bw bandwidth mandatory-bw mandatory-bw
monitor-oper-group group-name family {ipv4 | ipv6} {add | set | subtract} value
— no monitor-oper-group [family {ipv4 | ipv6}]
multicast-senders {auto | always | never}
[no] p2mp-ldp-tree-join [ipv4] [ipv6]
priority dr-priority
— no priority
[no] shutdown
sticky-dr [priority dr-priority]
— no sticky-dr
three-way-hello [compatibility-mode]
[no] mc-ecmp-balance
mc-ecmp-hashing-enabled [rebalance]
rp
[no] anycast rp-ip-address
[no] rp-set-peer ip-address
bootstrap-export policy-name [policy-name]
bootstrap-import policy-name [policy-name]
address ip-address
— no address
hash-mask-len hash-mask-length
priority bootstrap-priority
— no priority
[no] shutdown
ipv6
[no] anycast ipv6-address
[no] rp-set-peer ipv6-address
address ipv6-address
[no] address
hash-mask-len hash-mask-length
[no] hash-mask-len
priority bootstrap-priority
— no priority
[no] shutdown
[no] embedded-rp
[no] group-range grp-ipv6-address/prefix-length
[no] shutdown
address ipv6-address
— no address
[no] group-range grp-ipv6-address/prefix-length
holdtime holdtime
— no holdtime 
priority priority
— no priority
[no] shutdown
static
[no] address ipv6-address
[no] group-prefix grp-ipv6-address/prefix-length
[no] override
address ip-address
— no address
[no] group-range {grp-ip-address/mask | grp-ip-address [netmask]}
holdtime holdtime
— no holdtime 
priority priority
— no priority
[no] shutdown
static
[no] address ip-address
[no] group-prefix {grp-ip-address/mask | grp-ip-address netmask}
[no] override
rpf-table {rtable-m | rtable-u | both}
— no rpf-table
rpf6-table {rtable6-m | rtable6-u | both}
— no rpf6-table
[no] shutdown
spt-switchover-threshold {grp-ip-address/mask | grp-ip-address netmask} spt-threshold
— no spt-switchover-threshold {grp-ip-address/mask | grp-ip-address netmask}
ssm-assert-compatible-mode [enable | disable]
[no] ssm-groups
[no] group-range {grp-ip-address/mask | grp-ip-address netmask}

3.8.1.29. MSDP Configuration Commands

config
— service
vprn service-id [customer customer-id]
— no vprn service-id
[no] msdp
export policy-name [policy-name]
— no export
[no] group group-name
export policy-name [policy-name]
— no export
import policy-name [policy-name]
— no import
local-address address
mode {mesh-group | standard}
[no] peer peer-address
authentication-key [authentication-key | hash-key] [hash | hash2]
[no] default-peer
export policy-name [policy-name]
— no export
import policy-name [policy-name]
— no import
local-address address
receive-msdp-msg-rate number interval seconds [threshold number]
[no] shutdown
receive-msdp-msg-rate number interval seconds [threshold number]
[no] shutdown
import policy-name [policy-name]
— no import
local-address address
[no] peer peer-address
authentication-key [authentication-key | hash-key] [hash | hash2]
[no] default-peer
export policy-name [policy-name]
— no export
import policy-name [policy-name]
— no import
local-address address
receive-msdp-msg-rate number interval seconds [threshold number]
[no] shutdown
receive-msdp-msg-rate number interval seconds [threshold number]
rpf-table {rtable-m | rtable-u | both}
— no rpf-table
sa-timeout seconds
— no sa-timeout
[no] shutdown
[no] source prefix/mask

3.8.1.30. MLD Configuration Commands

config
— service
vprn service-id [customer customer-id]
— no vprn service-id
[no] mld
[no] group-interface ip-int-name
mcac
if-policy mcac-if-policy-name
— no if-policy
[no] shutdown
policy policy-name
— no policy
unconstrained-bw bandwidth mandatory-bw mandatory-bw
[no] interface ip-int-name
import policy-name
— no import
max-groups value
— no max-groups
mcac
if-policy mcac-if-policy-name
— no if-policy
level level-id bw bandwidth
— no level level-id
number-down number-lag-port-down level level-id
[no] shutdown
policy policy-name
— no policy
unconstrained-bw bandwidth mandatory-bw mandatory-bw
query-interval seconds
[no] shutdown
static
[no] group grp-ipv6-address
[no] group start grp-ipv6-address end grp-ipv6-address [step ipv6-address]
[no] source src-ipv6-address
[no] starg
version version
— no version
query-interval seconds
robust-count robust-count
[no] shutdown
[no] grp-range start end
[no] source src-ipv6-address

3.8.1.31. RIP Configuration Commands

config
— service
vprn service-id [customer customer-id]
— no vprn service-id
[no] rip
[no] ripng
authentication-key [authentication-key | hash-key] [hash | hash2]
authentication-type {none | password | message-digest}
[no] bfd-enable
check-zero {enable | disable}
— no check-zero
description description-string
export policy-name [policy-name]
— no export
export-limit number [log percentage]
[no] group name
authentication-key [authentication-key | hash-key] [hash | hash2]
authentication-type {none | password | message-digest}
check-zero {enable | disable}
— no check-zero
description description-string
export policy-name [policy-name]
— no export
export-limit number [log percentage]
import policy-name [policy-name]
— no import
message-size max-num-of-routes
metric-in metric
— no metric-in
metric-out metric
— no metric-out
[no] neighbor ip-int-name
authentication-key authentication-key | hash-key [hash | hash2]
authentication-type {none | password | message-digest}
check-zero {enable | disable}
— no check-zero
description description-string
export policy-name [policy-name]
— no export
export-limit number [log percentage]
import policy-name [policy-name]
— no import
message-size max-num-of-routes
metric-in metric
— no metric-in
metric-out metric
— no metric-out
preference preference
— no preference
receive receive-type
— no receive
send send-type
— no send
[no] shutdown
split-horizon {enable | disable}
timers update timeout flush
— no timers
[no] unicast-address ipv6-address
preference preference
— no preference
receive receive-type
— no receive
send send-type
— no send
[no] shutdown
split-horizon {enable | disable}
timers update timeout flush
— no timers
import policy-name [policy-name]
— no import
message-size max-num-of-routes
metric-in metric
— no metric-in
metric-out metric
— no metric-out
preference preference
— no preference
receive receive-type
— no receive
send send-type
— no send
[no] shutdown
split-horizon {enable | disable}
timers update timeout flush
— no timers

3.8.1.32. RADIUS Commands

config
— service
vprn service-id [customer customer-id]
— no vprn service-id
server server-name [create] [purpose {[accounting] [authentication]}]
— no server server-name
cache
key packet-type {accept | request} attribute-type attribute-type [vendor-id vendor-id]
— no key
[no] shutdown
timeout [hrs hours] [min minutes] [sec seconds]
— no timeout
track-accounting [start] [stop] [interim-update]
description description-string
[no] interface ip-int-name
load-balance-key vendor vendor-id [vendor-id] attribute-type attribute-type [attribute-type]
load-balance-key source-ip-udp
python-policy name
secret secret [hash | hash2]
— no secret
[no] shutdown
username user-name prefix-string [128 chars max] [accounting-server-policy policy-name] [authentication-server-policy policy-name]
— no username user-name
server server-name [address ip-address] [secret key] [hash | hash2] [port port] [create]
— no server server-name
[no] accept-coa
coa-script-policy script-policy-name
description description-string
python-policy name

3.8.1.33. Web Portal Protocol Configuration Commands

config
— service
vprn service-id [customer customer-id]
— no vprn service-id
[no] wpp
portal name address ip-address [create]
[no] portal name
[no] shutdown
[no] shutdown

3.8.1.34. AARP Interface Commands

config
— service
vprn service-id [customer customer-id]
— no vprn service-id
aarp-interface arp-int-name [create]
— no aarp-interface arp-int-name
description long-description-string
— no description
ip-mtu octets
— no ip-mtu
[no] shutdown
spoke-sdp sdp-id:vc-id [create]
— no spoke-sdp sdp-id:vc-id
aarp aarp-id type {subscriber-side-shunt | network-side-shunt}
— no aarp
description description-string
— no description
egress
filter ip ip-filter-id
— no filter
vc-label vc-label
— no vc-label [vc-label]
ingress
filter ip ip-filter-id
— no filter
vc-label vc-label
— no vc-label [vc-label]
[no] shutdown

3.8.2. Command Descriptions

3.8.2.1. Generic Commands

shutdown

Syntax 
[no] shutdown
Context 
config>service>vprn
config>service>vprn>aarp-interface
config>service>vprn>aarp-interface>spoke-sdp
config>service>vprn>dhcp6>server>failover
config>service>vprn>igmp-trk
config>service>vprn>red-if
config>service>vprn>router-advert>if
config>service>vprn>gsmp
config>service>vprn>gsmp>group
config>service>vprn>gsmp>group>neighbor
config>service>vprn>igmp
config>service>vprn>igmp>grp-if>mcac>mc-constraints
config>service>vprn>igmp>if
config>service>vprn>igmp>if>mcac
config>service>vprn>igmp>if>mcac>mc-constraints
config>service>vprn>if
config>service>vprn>if>dhcp
config>service>vprn>if>dhcp>proxy
config>service>vprn>if>vrrp
config>service>vprn>if>ipv6>vrrp
config>service>vprn>if>sap
config>service>vprn>if>sap>static-host
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
config>service>vprn>isis
config>service>vprn>isis>if
config>service>vprn>mld>grp-if>mcac>mc-constraints
config>service>vprn>mld>interface>mcac>mc-constraints
config>service>vprn>msdp
config>service>vprn>msdp>group
config>service>vprn>msdp>group>peer
config>service>vprn>msdp>peer
config>service>vprn>mvpn>provider-tunnel>inclusive>pim
config>service>vprn>ospf
config>service>vprn>ospf>area>if
config>service>vprn>ospf3
config>service>vprn>ospf3>area>if
config>service>vprn>ospf3>area>virtual-link
config>service>vprn>ospf>area>virtual-link
config>service>vprn>ospf>area>sham-link
config>service>vprn>red-if>spoke-sdp
config>service>vprn>rip
config>service>vprn>rip>group
config>service>vprn>rip>group>neighbor
config>service>vprn>pim
config>service>vprn>pim>if
config>service>vprn>pim>if>mcac>mc-constraints
config>service>vprn>pim>rp>bsr-candidate
config>service>vprn>pim>rp>ipv6>bsr-candidate
config>service>vprn>pim>rp>ipv6>embedded-rp
config>service>vprn>pim>rp>ipv6>rp-candidate
config>service>vprn>sub-if>grp-if
config>service>vprn>sub-if>grp-if>dhcp
config>service>vprn>sub-if>grp-if>dhcp>proxy-server
config>service>vprn>sub-if>grp-if>sap
config>service>vprn>sub-if>grp-if>arp-host
config>service>vprn>sub-if>grp-if>sap>sub-sla-mgmt
config>service>vprn>sub-if>grp-if>wpp
config>service>vprn>dhcp>server>failover
config>service>vprn>nw-if>dhcp
config>service>vprn>nw-if>eth-cfm>mep
config>service>vprn>radius-proxy>server>cache
config>service>vprn>radius-proxy>server
config>service>vprn>radius-server
config>service>vprn>if>sap>ipsec-tunnel
config>service>vprn>log>log-id
Description 

This command administratively disables an entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics.

The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted.

Services are created in the administratively down (shutdown) state. When a no shutdown command is entered, the service becomes administratively up and then tries to enter the operationally up state. Default administrative states for services and service entities is described below in Special Cases.

The no form of this command places the entity into an administratively enabled state.

If the AS number was previously changed, the BGP AS number inherits the new value.

Special Cases 
Service Admin State—
Bindings to an SDP within the service will be put into the out-of-service state when the service is shutdown. While the service is shutdown, all customer packets are dropped and counted as discards for billing and debugging purposes.

A service is regarded as operational providing that one IP Interface SAP and one SDP is operational.

VPRN BGP and RIP—
This command disables the BGP or RIP instance on the given IP interface. Routes learned from a neighbor that is shutdown are immediately removed from the BGP or RIP database and RTM. If BGP or RIP is globally shutdown, then all RIP group and neighbor interfaces are shutdown operationally. If a BGP or RIP group is shutdown, all member neighbor interfaces are shutdown operationally. If a BGP or RIP neighbor is shutdown, just that neighbor interface is operationally shutdown.

description

Syntax 
description description-string
no description
Context 
config>service>vprn
config>service>vprn>aarp-interface>spoke-sdp
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
config>service>vprn>dhcp
config>service>vprn>dhcp>server>pool
config>service>vprn>if>dhcp
config>service>vprn>if>dhcp5
config>service>vprn>if>sap>ipsec-tunnel
config>service>vprn>l2tp
config>service>vprn>radius-proxy>server
config>service>vprn>rip
config>service>vprn>rip>group
config>service>vprn>rip>group>neighbor
config>service>vprn>ripng
config>service>vprn>ripng>group
config>service>vprn>ripng>group>neighbor
config>service>vprn>sub-if>dhcp
config>service>vprn>sub-if>grp-if>dhcp
config>service>vprn>sub-if>grp-if>pppoe
config>service>vprn>sub-if>grp-if>sap>atm
Description 

This command creates a text description stored in the configuration file for a configuration context.

The description command associates a text string with a configuration context to help identify the content in the configuration file.

The no form of this command removes the string from the configuration.

Default 

no description

Parameters 
string—
The description character string. Allowed values are any string up to 80 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes.

description

Syntax 
description long-description-string
no description
Context 
config>service>vprn>aarp-interface
config>service>vprn>if
config>service>vprn>if>sap
config>service>vprn>nw-if
config>service>vprn>red-if
config>service>vprn>subscriber-interface
config>service>vprn>sub-if>grp-if
config>service>vprn>sub-if>grp-if>sap
Description 

This command creates a text description stored in the configuration file for a configuration context.

The description command associates a text string with a configuration context to help identify the content in the configuration file.

The no form of this command removes the string from the configuration.

Default 

no description

Parameters 
string—
The description character string. Allowed values are any string up to 160 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes.

3.8.2.2. Global Commands

vprn

Syntax 
vprn service-id [name name] [customer customer-id] [create]
no vprn service-id
Context 
config>service
Description 

This command creates or edits a Virtual Private Routed Network (VPRN) service instance.

If the service-id does not exist, a context for the service is created. If the service-id exists, the context for editing the service is entered.

VPRN services allow the creation of customer-facing IP interfaces in the same routing instance used for service network core routing connectivity. VPRN services require that the IP addressing scheme used by the subscriber must be unique between it and other addressing schemes used by the provider and potentially the entire Internet.

IP interfaces defined within the context of an VPRN service ID must have a SAP created as the access point to the subscriber network.

When a service is created, the customer keyword and customer-id must be specified and associates the service with a customer. The customer-id must already exist having been created using the customer command in the service context. When a service is created with a customer association, it is not possible to edit the customer association. The service must be deleted and re-created with a new customer association.

When a service is created, the use of the customer customer-id is optional to navigate into the service configuration context. Attempting to edit a service with the incorrect customer-id results in an error.

Multiple VPRN services are created to separate customer-owned IP interfaces. More than one VPRN service can be created for a single customer ID. More than one IP interface can be created within a single VPRN service ID. All IP interfaces created within a VPRN service ID belong to the same customer.

The no form of the command deletes the VPRN service instance with the specified service-id. The service cannot be deleted until all the IP interfaces and all routing protocol configurations defined within the service ID have been shutdown and deleted.

Parameters 
service-id—
The unique service identification number or string identifying the service in the service domain. This ID must be unique to this service and may not be used for any other service of any type. The service-id must be the same number used for every 7750 SR on which this service is defined.
Values—

service-id:

1 to 2147483647

svc-name:

64 characters maximum

 

name name—
Configures an optional service name identifier, up to 64 characters, to a given service. This service name can then be used in configuration references, display, and show commands throughout the system. A defined service name can help the service provider or administrator to identify and manage services within the SR OS platforms.

To create a service, you must assign a service ID; however, after it is created, either the service ID or the service name can be used to identify and reference a service.

If a name is not specified at creation time, then SR OS assigns a string version of the service-id as the name.

Values—
name: 64 characters maximum

 

customer customer-id —
Specifies an existing customer identification number to be associated with the service. This parameter is required on service creation and optional for service editing or deleting.
Values—
1 to 2147483647

 

aggregate

Syntax 
aggregate ip-prefix/ip-prefix-length [summary-only] [as-set] [aggregator as-number:ip-address] [black-hole [generate-icmp]] [community comm-id [comm-id] [local-preference local-pref]] [description description]
aggregate ip-prefix/ip-prefix-length [summary-only] [as-set] [aggregator as-number:ip-address] [community comm-id [comm-id]] [indirect ip-address] [local-preference local-pref]] [description description]
no aggregate ip-prefix/ip-prefix-length
Context 
config>service>vprn
Description 

This command creates an aggregate route.

Use this command to automatically install an aggregate route in the routing table when there are one or more component routes. A component route is any route used for forwarding that is a more specific match of the aggregate.

The use of aggregate routes can reduce the number of routes that need to be advertised to neighbor routers, leading to smaller routing table sizes.

Overlapping aggregate routes may be configured; in this case a route becomes a component of only the one aggregate route with the longest prefix match. For example if one aggregate is configured as 10.0.0.0/16 and another as 10.0.0.0/24, then route 10.0.128/17 would be aggregated into 10.0.0.0/16, and route 10.0.0.128/25 would be aggregated into 10.0.0.0/24. If multiple entries are made with the same prefix and the same mask the previous entry is overwritten.

A list of up to 12 BGP communities (any mix of standard, extended, and large communities) may be associated with an aggregate route. These communities can be matched in route policies and are automatically added to BGP routes that are created from the aggregate route.

By default, aggregate routes are not installed in the forwarding table, however there are configuration options that allow an aggregate route to be installed with a black-hole next hop or with an indirect IP address as next hop.

The no form of the command removes the aggregate.

Default 

no aggregate

Parameters 
ip-prefix—
The destination address of the aggregate route in dotted decimal notation.a
Values—

ipv4-prefix

a.b.c.d (host bits must be 0)

ipv4-prefix-length

0 to 32

ipv6-prefix

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0 to FFFF]H

d: [0 to 255]D

ipv6-prefix-length

0 to 128

the ipv6-prefix and ipv6-prefix-length apply only to the 7750 SR and 7950 XRS
the mask associated with the network address expressed as a mask length
Values: 0 to 32

 

summary-only—
This optional parameter suppresses advertisement of more specific component routes for the aggregate.

To remove the summary-only option, enter the same aggregate command without the summary-only parameter.

as-set—
This optional parameter is only applicable to BGP and creates an aggregate where the path advertised for this route will be an AS_SET consisting of all elements contained in all paths that are being summarized. Use this feature carefully as it can increase the amount of route churn due to best path changes.
aggregator as-number:ip-address
This optional parameter specifies the BGP aggregator path attribute to the aggregate route. When configuring the aggregator, a two-octet AS number used to form the aggregate route must be entered, followed by the IP address of the BGP system that created the aggregate route.
community—
This configuration option associates a BGP community with the aggregate route. The community can be matched in route policies and is automatically added to BGP routes exported from the aggregate route.
comm-id—
Specifies a BGP community value, up to 72 characters.
Values—
[as-num:comm-val | well-known-comm | ext-comm | large-comm]
where:
  1. as-num — 0 to 65535
  2. comm-val — 0 to 65535
  3. well-known-commnull | no-export | no-export-subconfed | no-advertise | llgr-stale | no-llgr | blackhole
  4. ext-comm — the extended community, defined as one of the following:
    1. {target | origin}:ip-address:comm-val
    2. {target | origin}:asnum:ext-comm-val
    3. {target | origin}:ext-asnum:comm-val
    4. bandwidth:asnum:val-in-mbps
    5. ext:4300:ovstate
    6. ext:value1:value2
    7. color:co-bits:color-value
    where:
    1. target — route target
    2. origin — route origin
    3. ip-address — a.b.c.d
    4. ext-comm-val — 0 to 4294967295
    5. ext-asnum — 0 to 4294967295
    6. val-in-mbps — 0 to 16777215
    7. ovstate — 0, 1, or 2 (0 for valid, 1 for not found, 2 for invalid)
    8. value1 — 0000 to FFFF
    9. value2 — 0 to FFFFFFFFFFFF
    10. co-bits — 00, 01, 10 or 11
    11. color-value — 0 to 4294967295
  5. large-commasn-or-ex:val-or-ex:val-or-ex

 

black-hole—
This optional parameter installs the aggregate route, when activated, in the FIB with a black-hole next-hop, where packets matching this route are discarded.
generate-icmp—
This optional parameter keyword generates an ICMP.
indirect ip-address—
This configuration option specifies that the aggregate route should be installed in the FIB with a next-hop taken from the route used to forward packets to ip-address.
Values—

ipv4-prefix

a.b.c.d

ipv6-prefix

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0 to FFFF]H

d: [0 to 255]D

The ipv6-prefix applies only to the 7750 SR and 7950 XRS.

 

local-preference local-pref
Specifies a BGP local-preference value with the aggregate route. The local-preference overrides the default local preference value of a BGP route originated by exporting the aggregate route.
Values—
0 to 4294967295

 

description description-text
Specifies a text description stored in the configuration file for a configuration context.

allow-export-bgp-vpn

Syntax 
allow-export-bgp-vpn
no allow-export-bgp-vpn
Context 
config>service>vprn
Description 

This command causes the vrf-export and vrf-target functions of the VPRN to include BGP-VPN routes installed in the VPRN route table. For split–horizon reasons, these routes are normally not re-advertisable as VPN-IP routes.

When a BGP-VPN route is re-exported, the route-distinguisher and label values are rewritten per the configuration of the re-exporting VPRN.

Caution:

Ensure that routing updates do not loop back to the source when this command is used, otherwise the routes could become unstable.

Default 

no allow-export-bgp-vpn

auto-bind-tunnel

Syntax 
auto-bind-tunnel
Context 
config>service>vprn
Description 

This command enters the context to configure automatic binding of a VPRN service using tunnels to MP-BGP peers.

The auto-bind-tunnel node is simply a context to configure the binding of VPRN routes to tunnels. The user must configure the resolution option to enable auto-bind resolution to tunnels in TTM. If the resolution option is explicitly set to disabled, the auto-binding to tunnel is removed.

If resolution is set to any, any supported tunnel type in VPRN context will be selected following TTM preference. If one or more explicit tunnel types are specified using the resolution-filter option, then only these tunnel types will be selected again following the TTM preference.

The user must set resolution to filter to activate the list of tunnel-types configured under resolution-filter.

When an explicit SDP to a BGP next-hop is configured in a VPRN service (config>service>vprn>spoke-sdp), it overrides the auto-bind-tunnel selection for that BGP next-hop only. There is no support for reverting automatically to the auto-bind-tunnel selection if the explicit SDP goes down. The user must delete the explicit spoke-sdp in the VPRN service context to resume using the auto-bind-tunnel selection for the BGP next-hop.

ecmp

Syntax 
ecmp max-ecmp-routes
no ecmp
Context 
config>service>vprn>auto-bind-tunnel
Description 

This command configures the maximum number of tunnels that may be used as ECMP next-hops for the VPRN. This value overrides any values that have been configured using the config>service>vprn>ecmp command.

The no form of the command removes the configured overriding value, and the value configured using the config>service>vprn>ecmp command will be used.

Default 

no ecmp

Parameters 
max-ecmp-routes—
Specifies the maximum number of tunnels that may be used as ECMP next-hops for the VPRN.
Values—
0 to 32

 

enforce-strict-tunnel-tagging

Syntax 
[no] enforce-strict-tunnel-tagging
Context 
config>service>vprn>auto-bind-tunnel
Description 

This command forces the system to only consider LSPs marked with an admin-tag for next hop resolution. Untagged LSPs are not be considered.

The no form of this command reverts to the default behavior. While tagged RSVP and SR-TE LSPs are considered first, the system can fall back to using untagged LSP of other types and not exclude them as per the auto-bind-tunnel configuration.

Default 

no enforce-strict-tunnel-tagging

resolution

Syntax 
resolution {any | filter | disabled}
Context 
config>service>vprn>auto-bind-tunnel
Description 

This command configures the resolution mode in the automatic binding of a VPRN service to tunnels to MP-BGP peers.

Parameters 
any—
Enables the binding to any supported tunnel type in VPRN context following TTM preference.
filter—
Enables the binding to the subset of tunnel types configured under resolution-filter.
disabled—
Disables the automatic binding of a VPRN service to tunnels to MP-BGP peers.

resolution-filter

Syntax 
resolution-filter
Context 
config>service>vprn>auto-bind-tunnel
Description 

This command configures the subset of tunnel types which can be used in the resolution of VPRN prefixes within the automatic binding of VPRN service to tunnels to MP-BGP peers.

The following tunnel types are supported in a VPRN context in order of preference: RSVP, Segment Routing TE, LDP, Segment Routing (SR), BGP, MPLSoUDP and GRE.

The ldp value instructs BGP to search for an LDP LSP with a FEC prefix corresponding to the address of the BGP next-hop.

The rsvp value instructs BGP to search for the best metric RSVP LSP to the address of the BGP next-hop. This address can correspond to the system interface or to another loopback used by the BGP instance on the remote node. The LSP metric is provided by MPLS in the tunnel table. In the case of multiple RSVP LSPs with the same lowest metric, BGP selects the LSP with the lowest tunnel-id.

When the sr-isis (sr-ospf) value is enabled, a SR tunnel to the BGP next-hop is selected in the TTM from the lowest numbered ISIS (OSPF) instance.

The sr-te value instructs the code to search for the best metric SR-TE LSP to the address of the BGP next-hop. The LSP metric is provided by MPLS in the tunnel table. In the case of multiple SR-TE LSPs with the same lowest metric, BGP selects the LSP with the lowest tunnel-id.

The bgp value instructs BGP IP-VPN to search for a BGP LSP to the address of the BGP next-hop. If the user does not enable the BGP tunnel type, inter-area or inter-as prefixes will not be resolved.

The udp value instructs BGP IP-VPN to search for a UDP LSP to the address of the BGP next-hop.

Parameters 
bgp—
Selects the BGP tunnel type.
gre—
Selects the GRE tunnel type. The GRE encapsulation of the MPLS service packet uses the base 4-byte header as per RFC 2890. The optional fields Checksum (plus Reserved field), Key, and Sequence Number are not inserted.
ldp—
Selects the LDP tunnel type.
rsvp—
Selects the RSVP-TE tunnel type.
sr-isis—
Selects the Segment Routing (SR) tunnel type programed by an IS-IS instance in TTM.
sr-ospf—
Selects the SR-OSPF tunnel type.
sr-te—
Selects the SR-TE tunnel type.
udp—
Selects the UDP tunnel type.

weighted-ecmp

Syntax 
[no] weighted-ecmp
Context 
config>service>vprn>auto-bind-tunnel
Description 

This command enables weighted ECMP for packets using tunnels that a VPRN automatically binds to. When weighted ECMP is enabled, packets are sprayed across LSPs in the ECMP according to the outcome of the hash algorithm and the configured load-balancing-weight of each LSP.

The no form of the command disables weighted ECMP for next-hop tunnel selection.

Default 

no weighted-ecmp

autonomous-system

Syntax 
autonomous-system as-number
no autonomous-system
Context 
config>service>vprn
Description 

This command defines the autonomous system (AS) to be used by this VPN routing/forwarding (VRF). This command defines the autonomous system to be used by this VPN routing

The no form of the command removes the defined AS from this VPRN context.

Default 

no autonomous-system

Parameters 
as-number —
Specifies the AS number for the VPRN service.
Values—
1 to 4294967295

 

backup-path

Syntax 
[no] backup-path [ipv4] [ipv6] [label-ipv4] [label-ipv6]
Context 
config>router
config>service>vprn
config>service>vprn>bgp
Description 

This command enables the computation and use of a backup path for IPv4 and/or IPv6 BGP-learned prefixes belonging to the base router or a particular VPRN. Multiple paths must be received for a prefix in order to take advantage of this feature. When a prefix has a backup path and its primary path(s) fail the affected traffic is rapidly diverted to the backup path without waiting for control plane re-convergence to occur. When many prefixes share the same primary path(s), and in some cases also the same backup path, the time to failover traffic to the backup path is independent of the number of prefixes.

By default, IPv4 and IPv6 prefixes do not have a backup path installed in the IOM.

Default 

no backup-path

Parameters 
ipv4 —
Enables the use of a backup path for BGP-learned unlabeled IPv4 prefixes.
ipv6 —
Enables the use of a backup path for BGP-learned unlabeled IPv6 prefixes.
label-ipv4 —
Enables the use of a backup path for BGP-learned labeled-IPv4 prefixes.
label-ipv6 —
Enables the use of a backup path for BGP-learned labeled-IPv6 prefixes. label-ipv6 is not supported within the config>service>vprn context.

carrier-carrier-vpn

Syntax 
[no] carrier-carrier-vpn
Context 
config>service>vprn
Description 

This command configures a VPRN service to support a Carrier Supporting Carrier model. It should be configured on a network provider’s CSC-PE device.

This command cannot be applied to a VPRN unless it has no SAP or spoke-SDP interfaces. Once this command has been entered one or more MPLS-capable CSC interfaces can be created in the VPRN.

The no form of the command removes the Carrier Supporting Carrier capability from a VPRN.

Default 

no carrier-carrier-vpn

confederation

Syntax 
confederation confed-as-num members as-number [as-number]
no confederation confed-as-num members as-number [as-number]
no confederation
Context 
config>service>vprn
Description 

This command configures the VPRN BGP instance to participate in a BGP confederation. BGP confederations can be used to reduce the number of IBGP sessions required within an AS.

When a VPRN BGP instance is part of a confederation, it can form confederation-EBGP sessions with CE router peers in a different sub-autonomous systems of the same confederation as well as regular EBGP sessions with CE router peers outside the confederation. A VPRN BGP instance that is part of a confederation cannot import or export its routes to the base router instance (as VPN-IP routes).

The no form of the command deletes the specified member AS from the confederation. When members are not specified in the no statement, the entire list is removed and confederations is disabled. When the last member of the list is removed, confederations is disabled.

Default 

no confederation

Parameters 
confed-as-num—
The confederation AS number defined as a decimal value.
Values—
1 to 4294967295

 

members as-number
The AS number(s) that are members of the confederation, each expressed as a decimal integer. Configure up to 15 members per confed-as-num.
Values—
1 to 4294967295

 

dns

Syntax 
[no] dns
Context 
config>service>vprn
Description 

This command enters the context to configure domain name servers.

The no form of the command disables DNS for this service.

ipv4-source-address

Syntax 
ipv4-source-address ipv4-address
no ipv4-source-address
Context 
config>service>vprn>dns
Description 

This command configures the IPv4 address of the default secondary DNS server for the subscribers using this interface. Subscribers that cannot obtain an IPv4 DNS server address by other means, can use this for DNS name resolution.

The ipv4-address value can only be set to a nonzero value if the value of VPRN type is set to subscriber-split-horizon.

The no form of the command reverts to the default.

Parameters 
ipv4-address—
Specifies the IPv4 address of the default secondary DNS server.
Values—
ipv4-address - a.b.c.d

 

ipv6-source-address

Syntax 
ipv6-source-address ipv6-address
no ipv6-source-address
Context 
config>service>vprn>dns
Description 

This command configures the IPv6 address of the default secondary DNS server for the subscribers using this interface. Subscribers that cannot obtain an IPv6 DNS server address by other means, can use this for DNS name resolution.

The ipv6-address value can only be set to a nonzero value if the value of VPRN type is set to subscriber-split-horizon.

The no form of the command reverts to the default.

Parameters 
ipv4-address—
Specifies the IPv6 address of the default secondary DNS server.
Values—
ipv4-address - a.b.c.d

 

primary-dns

Syntax 
primary-dns ip-address
no primary-dns
Context 
config>service>vprn>dns
Description 

This command configures the primary DNS server used for DNS name resolution. DNS name resolution can be used when executing ping, traceroute, and service-ping, and also when defining file URLs. DNS name resolution is not supported when DNS names are embedded in configuration files.

The no form of the command removes the primary DNS server from the configuration.

Default 

no primary-dns — No primary DNS server is configured.

Parameters 
ip-address—
The IP or IPv6 address of the primary DNS server.
Values—

ipv4-address -a.b.c.d

ipv6-address:

x:x:x:x:x:x:x:x[-interface]

x:x:x:x:x:x:d.d.d.d[-interface]

x: [0..FFFF]H

d: [0..255]D

interface - 32 characters max, for link local addresses.

 

secondary-dns

Syntax 
secondary-dns ip-address
no secondary-dns
Context 
config>service>vprn>dns
Description 

This command configures the secondary DNS server for DNS name resolution. The secondary DNS server is used only if the primary DNS server does not respond.

DNS name resolution can be used when executing ping, traceroute, and service-ping, and also when defining file URLs. DNS name resolution is not supported when DNS names are embedded in configuration files.

The no form of the command removes the secondary DNS server from the configuration.

Default 

no secondary-dns — No secondary DNS server is configured.

Parameters 
ip-address—
The IP or IPv6 address of the secondary DNS server.
Values—

ipv4-address -a.b.c.d

ipv6-address:

x:x:x:x:x:x:x:x[-interface]

x:x:x:x:x:x:d.d.d.d[-interface]

x: [0 to FFFF]H

d: [0 to 255]D

interface - 32 characters max, for link local addresses.

 

tertiary-dns

Syntax 
tertiary-dns ip-address
no tertiary-dns
Context 
config>service>vprn>dns
Description 

This command configures the tertiary DNS server for DNS name resolution. The tertiary DNS server is used only if the primary DNS server and the secondary DNS server do not respond.

DNS name resolution can be used when executing ping, traceroute, and service-ping, and also when defining file URLs. DNS name resolution is not supported when DNS names are embedded in configuration files.

The no form of the command removes the tertiary DNS server from the configuration.

Default 

no tertiary-dns — No tertiary DNS server is configured.

Parameters 
ip-address—
The IP or IPv6 address of the tertiary DNS server.
Values—

ipv4-address -a.b.c.d

ipv6-address:

x:x:x:x:x:x:x:x[-interface]

x:x:x:x:x:x:d.d.d.d[-interface]

x: [0 to FFFF]H

d: [0 to 255]D

interface - 32 characters max, for link local addresses.

 

ecmp

Syntax 
ecmp max-ecmp-routes
no ecmp
Context 
config>service>vprn
Description 

This command enables equal-cost multipath (ECMP) and configures the number of routes for path sharing. For example, the value of 2 means that 2 equal cost routes will be used for cost sharing.

ECMP groups form when the system routes to the same destination with equal cost values. Routing table entries can be entered manually (as static routes), or they can be formed when neighbors are discovered and routing table information is exchanged by routing protocols. The system can balance traffic across the groups with equal costs.

ECMP can only be used for routes learned with the same preference and same protocol. See the discussion on preferences in the application6 command.

When more ECMP routes are available at the best preference than configured by the max-ecmp-routes parameter, then the lowest next-hop IP address algorithm is used to select the number of routes configured.

The no form of the command disables ECMP path sharing. If ECMP is disabled and multiple routes are available at the best preference and equal cost, the newly updated route is used.

Default 

no ecmp

Parameters 
max-ecmp-routes —
Specifies the maximum number of routes for path sharing.
Values—
0 to 32

 

export-grt

Syntax 
export-grt plcy-or-long-expr [plcy-or-expr [plcy-or-expr... (up to 4 max)]]
no export-grt
Context 
config>service>vprn
Description 

This command is used to specify route policies that control how routes are exported from the local VRF route table to the base router (GRT) route table. The leaked routes show as protocol VPN-Leak in the GRT and allow traffic to ingress on a GRT interface and egress on a VPRN interface.

The export-grt command can reference up to 5 objects, where each object is either a policy logical expression or the name of a single policy. The objects are evaluated in the specified order to determine final action to accept or reject the route.

Only one of the 5 objects referenced by the export-grt command can be a policy logical expression consisting of policy names (enclosed in square brackets) and logical operators (AND, OR, NOT). The first of the 5 objects has a maximum length of 255 characters while the remaining 4 objects have a maximum length of 64 characters each.

When multiple export-grt commands are issued, the last command entered overrides the previous command.

The no form of the command removes all route policy names from the export-grt list.

Default 

no export-grt

Parameters 
plcy-or-long-expr—
The route policy name (up to 64 characters long) or a policy logical expression (up to 255 characters long).
plcy-or-expr—
The route policy name (up to 64 characters long) or a policy logical expression (up to 255 characters long).

export-inactive-bgp

Syntax 
export-inactive-bgp
no export-inactive-bgp
Context 
config>service>vprn
Description 

This command allows the best BGP route learned by a VPRN to be exported as a VPN-IP route even when that BGP route is inactive in the route table due to the presence of a preferred BGP-VPN route from another PE. In order for the BGP route to be exported, it must be accepted by the VRF export policy.

This “best-external” type of route advertisement is useful in active/standby multi-homing scenarios because it can ensure that all PEs have knowledge of the backup path provided by the standby PE.

By default, an inactive BGP route cannot be exported from a VPRN.

Default 

no export-inactive-bgp

fib-priority

Syntax 
fib-priority {high | standard}
Context 
config>service>vprn
Description 

This command specifies the FIB priority for VPRN BGP routes.

Parameters 
high—
Specifies high FIB priority for VPRN.
standard—
Specifies standard FIB priority for VPRN.

flowspec

Syntax 
flowspec
Context 
config>service>vprn
Description 

This command enters the context to configure flowspec-related parameters for the specified routing instance.

ip-filter-max-size

Syntax 
ip-filter-max-size {value | default}
Context 
config>service>vprn>flowspec
Description 

This command configures the maximum number of flowspec routes or rules that can be embedded into an ingress IP filter policy for a specified routing instance. Flowspec filter entries embedded in a filter policy in this routing instance will use filter entries from the range between the embedding offset and “offset + ip-filter-max-size – 1”.

The sum of the ip-filter-max-size value parameter and the highest offset in any IPv4 filter that embeds IPv4 flowspec rules from this routing instance (excluding filters that embed at offset 262143) must not exceed 262143.

The ip-filter-max-size configuration can be adjusted up or down at any time. If the number of IPv4 flowspec rules that are currently installed is M, and the new limit is N, where N<M, then the last set of rules from N to M (by flowspec order) are immediately removed, but are retained in the BGP RIB. If the limit is increased, new rules are programmed only as they are received again in new BGP updates.

Default 

ip-filter-max-size default

Parameters 
value—
The maximum number of flowspec routes or rules that can be embedded into an ingress IP filter policy.
Values—
0 to 262143

 

default—
Configures the maximum size as 512.

ipv6-filter-max-size

Syntax 
ipv6-filter-max-size {value | default}
Context 
config>service>vprn>flowspec
Description 

This command configures the maximum number of IPv6 flowspec routes or rules that can be embedded into an ingress IPv6 filter policy for a specified routing instance. Flowspec filter entries embedded in a filter policy in this routing instance will use filter entries from the range between the embedding offset and “offset + ip-filter-max-size – 1”.

The sum of the ip-filter-max-size value parameter and the highest offset in any IPv6 filter that embeds IPv6 flowspec rules from this routing instance (excluding filters that embed at offset 262143) must not exceed 262143.

The ip-filter-max-size configuration can be adjusted up or down at any time. If the number of IPv6 flowspec rules that are currently installed is M, and the new limit is N, where N<M, then the last set of rules from N to M (by flowspec order) are immediately removed, but are retained in the BGP RIB. If the limit is increased, new rules are programmed only as they are received again in new BGP updates.

Default 

ipv6-filter-max-size default

Parameters 
value—
The maximum number of flowspec routes or rules that can be embedded into an ingress IP filter policy.
Values—
0 to 262143

 

default—
Configures the maximum size as 512.

grt-lookup

Syntax 
grt-lookup
Context 
config>service>vprn
Description 

This command provides the context under which all Global Route Table (GRT) leaking commands are configured. If all the supporting commands in the context are removed, this command will also be removed.

enable-grt

Syntax 
[no] enable-grt
Context 
config>service>vprn>grt-lookup
Description 

This command enables the functions required for looking up routes in the Global Route Table (GRT) when the lookup in the local VRF fails. If this command is enabled without the use of a static-route option (as subcommand to this parent), a lookup in the local VRF is preferred over the GRT. When the local VRF returns no route table lookup matches, the result from the GRT is preferred.

The no form of this command disables the lookup in the GRT when the lookup in the local VRF fails.

Default 

no enable-grt

allow-local-management

Syntax 
[no] allow-local-management
Context 
config>service>vprn>grt-lookup>enable-grt
Description 

Enables the support of specific management protocols over VPRN interfaces that terminate on Base routing context IPv4 and IPv6 interface addresses, including Base loopback and system addresses. Global Routing Table (GRT) leaking is used to enable visibility/access of the Base interface addresses in the VPRN. The supported protocols are Telnet, FTP, SNMP, and SSH (including applications that ride over SSH such as SCP and SFTP) and TACAS+.

Ping and traceroute responses from the Base router interfaces are supported and are not configurable.

The allow-local-management command does not control the support for management protocols terminating on VPRN interfaces directly. See the config>service>vprn>snmp>access CLI command for SNMP support on VPRN interface addresses.

export-grt

Syntax 
export-grt plcy-or-long-expr [plcy-or-expr [plcy-or-expr]
no export-grt
Context 
config>service>vprn>grt-lookup
Description 

This command uses route policy to determine which routes are exported from the VRF to the GRT along with all the forwarding information. These entries will be marked as BGP-VPN routes in the GRT. Routes must be in the GRT in order for proper routing to occur from the GRT to the VRF.

Default 

no export-grt

Parameters 
plcy-or-long-expr—
The route policy name (up to 64 characters long) or a policy logical expression (up to 255 characters long).
plcy-or-expr—
The route policy name (up to 64 characters long) or a policy logical expression (up to 255 characters long). Up to 4 policy names or logical expressions can be specified in a single statement.

export-limit

Syntax 
export-limit num-routes
no export-limit
Context 
config>service>vprn>grt-lookup
config>service>vprn>ospf
config>service>vprn>ospf3
config>service>vprn>rip
Description 

This command provides the ability to limit the total number of routes exported from the VRF to the GRT. The value zero (0) provides an override that disables the maximum limit. Setting this value to zero (0) will not limit the number of routes exported from the VRF to the GRT. Configuring a range of one (1) to 1000 will limit the number of routes to the specified value.

The no form of the command sets the export-limit to a default of five (5).

Default 

export-limit 5

Parameters 
num-routes—
Specifies the maximum number of routes that can be exported.
Values—
0 to 1000

 

export-v6-limit

Syntax 
export-v6-limit num-routes
no export-v6-limit
Context 
config>service>vprn>grt-lookup
Description 

The export-limit range provides the ability to limit the total number of IPv6 routes exported from the VPRN to the GRT. The value “0” provides an override that disables the maximum limit. Setting this value to “0” will not limit the number of routes exported from the VPRN to the GRT. Configuring a range of 1-1000 will limit the number of routes to the specified value.

The no form of the command sets the export-limit to a default of 5.

Default 

export-v6-limit 5

Parameters 
num-routes—
Specifies maximum number of routes that can be exported.
Values—
0 to 1000

 

gsmp

Syntax 
gsmp
Context 
config>service>vprn
Description 

This command enters the context to configure GSMP connections maintained in this service.

Default 

not enabled

group

Syntax 
[no] group name
Context 
config>service>vprn>gsmp
Description 

This command specifies a GSMP name. A GSMP group name is unique only within the scope of the service in which it is defined.

Parameters 
name—
Specifies the group name up to 32 characters in length.

ancp

Syntax 
ancp
Context 
config>service>vprn>gsmp>group
Description 

This command configures ANCP parameters for this GSMP group.

dynamic-topology-discover

Syntax 
[no] dynamic-topology-discover
Context 
config>service>vprn>gsmp>group>ancp
Description 

This command enables the ANCP dynamic topology discovery capability.

The no form of this command disables the feature.

oam

Syntax 
[no] oam
Context 
config>service>vprn>gsmp>group>ancp
Description 

This command specifies whether or not the GSMP ANCP OAM capability should be negotiated at startup of the GSMP connection.

The no form of this command disables the feature.

hold-multiplier

Syntax 
hold-multiplier multiplier
no hold-multiplier
Context 
config>service>vprn>gsmp>group
Description 

This command configures the hold-multiplier for the GSMP connections in this group.

Parameters 
multiplier—
Specifies the GSMP hold multiplier value.
Values—
1 to 100

 

idle-filter

Syntax 
idle-filter
no idle-filter
Context 
config>service>vprn>gsmp
Description 

This command when applied will filter out new subscriber’s ANCP messages from subscriber with “DSL-line-state” IDLE.

Default 

no idle-filter

keepalive

Syntax 
keepalive seconds
no keepalive
Context 
config>service>vprn>gsmp>group
Description 

This command configures keepalive values for the GSMP connections in this group.

Parameters 
seconds—
Specifies the GSMP keepalive timer value in seconds.
Values—
1 to 25

 

neighbor

Syntax 
[no] neighbor ip-address
Context 
config>service>vprn>gsmp>group
Description 

This command adds or removes a neighbor in this group.

Parameters 
ip-address—
Specifies the IP address in dotted decimal notation.

local-address

Syntax 
local-address ip-address
no local-address
Context 
config>service>vprn>gsmp>group>neighbor
Description 

This command configures the source ip-address used in the connection towards the neighbor.

Parameters 
ip-address—
Specifies the IP address in dotted decimal notation.

priority-marking

Syntax 
priority-marking dscp dscp-name
priority-marking prec ip-prec-value
no priority-marking
Context 
config>service>vprn>gsmp>group>neighbor
Description 

This command configures the type of priority marking to be used.

Parameters 
dscp dscp-name—
Specifies the DSCP code-point to be used.
Values—
be, cp1, cp2, cp3, cp4, cp5, cp6, cp7, cs1, cp9, af11, cp11, af12, cp13, af13, cp15, cs2, cp17, af21, cp19, af22, cp21, af23, cp23, cs3, cp25, af31, cp27, af32, cp29, af33, cp31, cs4, cp33, af41, cp35, af42, cp37, af43, cp39, cs5, cp41, cp42, cp43, cp44, cp45, ef, cp47, nc1, cp49, cp50, cp51, cp52, cp53, cp54, cp55, nc2, cp57, cp58, cp59, cp60, cp61, cp62, cp63

 

prec ip-prec-value—
Specifies the precedence value to be used.
Values—
0 to 7

 

persistency-database

Syntax 
[no] persistency-database
Context 
config>service>vprn>gsmp
Description 

This command enables the system to store DSL line information in memory. If the GSMP connection terminates, the DSL line information will remain in memory and accessible for Radius authentication and accounting.

Default 

no persistency-database

3.8.2.3. Router L2TP Commands

l2tp

Syntax 
[no] l2tp
Context 
config>service>vprn
Description 

This command enters the context to configure L2TP parameters. L2TP extends the PPP model by allowing Layer 2 and PPP endpoints to reside on different devices interconnected by a packet-switched network.

avp-hiding

Syntax 
avp-hiding sensitive | always
no avp-hiding
Context 
config>service>vprn>l2tp
Description 

This command configures Attribute Value Pair (AVP) hiding. This capability can be used to avoid the passing of sensitive data, such as user passwords, as clear text in an AVP.

The no form of the command returns the value to never allow AVP hiding.

Default 

no avp-hiding

Parameters 
avp-hiding—
Specifies the method to be used for the authentication of the tunnels in this L2TP group.
Values—
sensitive — AVP hiding is used only for sensitive information (such as username/password).
always — AVP hiding is always used.

 

calling-number-format

Syntax 
calling-number-format ascii-spec
no calling-number-format
Context 
config>service>vprn>l2tp
Description 

This command what string to put in the Calling Number AVP, for L2TP control messages related to a session in this L2TP protocol instance.

Parameters 
ascii-spec—
Specifies the L2TP calling number AVP.
Values—

ascii-spec

char-specification ascii-spec

char-specification

ascii-char | char-origin

ascii-char

a printable ASCII character

char-origin

%origin

origin

S | c | r | s | l

S

- system name, the value of TIMETRA-CHASSIS-MIB::tmnxChassisName

c

- Agent Circuit Id

r

- Agent Remote Id

s

- SAP ID, formatted as a character string

l

- Logical Line ID

 

challenge

Syntax 
challenge {always | never}
no challenge
Context 
config>service>vprn>l2tp
Description 

This command configures the use of challenge-response authentication.

The no form of the command reverts to the default never value.

Default 

no challenge

Parameters 
always—
Specifies that challenge-response authentication is always used.
never—
Specifies that challenge-response authentication is never used.

destruct-timeout

Syntax 
destruct-timeout destruct-timeout
no destruct-timeout
Context 
config>service>vprn>l2tp
Description 

This command configures the period of time that the data of a disconnected tunnel will persist before being removed.

The no form of the command removes the value from the configuration.

Default 

no destruct-timeout

Parameters 
destruct-timeout—
Specifies the automatic removal of dynamic L2TP sessions, in seconds, that are no longer active.
Default—
no destruct-timeout
Values—
60 to 86400

 

exclude-avps

Syntax 
exclude-avps calling-number
no exclude-avps
Context 
config>service>vprn>l2tp
Description 

This command configures the L2TP AVPs to exclude.

ipcp-subnet-negotiation

Syntax 
[no] ipcp-subnet-negotiation
Context 
config>service>vprn>l2tp>group>ppp
config>service>vprn>l2tp>group>tunnel>ppp
Description 

Enables IPCP negotiation for PPPoE hosts. If not enabled (default setting), the current behavior will apply even if subnet is allocated to the host. Enables IPCP negotiation for PPPoE hosts. If not enabled (default setting), the current behavior will apply even if subnet is allocated in the host.

peer-address-change-policy

Syntax 
peer-address-change-policy {accept | ignore | reject}
Context 
config>service>vprn>l2tp
Description 

This command configures the reaction to a change of tunnel peer address in this router.

receive-window-size

Syntax 
receive-window-size window-size
no receive-window-size
Context 
config>service>vprn>l2tp
Description 

This command configures the L2TP receive window size.

Parameters 
window-size—
Specifies the window size.
Values—
4 to 1024

 

rtm-debounce-time

Syntax 
rtm-debounce-time debounce-time
no rtm-debounce-time
Context 
config>service>vprn>l2tp
Description 

This command configures the amount of time, in milliseconds, that the system will wait before declaring an L2TP tunnel down when the remote endpoint IP address cannot be resolved to an active IP route in the local routing table.

The default behavior is for the L2TP tunnel to not be declared down based on the remote endpoint IP address reachability.

The no form of this command returns the rtm-debounce-time to the default value of zero.

Default 

no rtm-debounce-time

Parameters 
debounce-time—
Specifies the amount of time, in milliseconds, that the system will wait before declaring the associated L2TP tunnel as down.
Values—
0 to 5000

 

group

Syntax 
group tunnel-group-name [create]
no group tunnel-group-name
Context 
config>service>vprn>l2tp
Description 

This command configures an L2TP tunnel group.

Parameters 
tunnel-group-name—
Specifies a name string to identify a L2TP group up to 63 characters in length.
create—
This keyword is mandatory when creating a tunnel group name. The create keyword requirement can be enabled/disabled in the environment>create context.

session-limit

Syntax 
session-limit session-limit
session-limit unlimited
no session-limit
Context 
config>service>vprn>l2tp
Description 

This command configures the L2TP session limit for the router. L2TP is connection-oriented. The L2TP Network Server (LNS) and LAC maintain state for each call that is initiated or answered by an LAC. An L2TP session is created between the LAC and LNS when an end-to-end PPP connection is established between a remote system and the LNS. Datagrams related to the PPP connection are sent over the tunnel between the LAC and LNS. There is a one to one relationship between established L2TP sessions and their associated calls.

Default 

no session-limit

Parameters 
session-limit—
Specifies the number of sessions allowed.
Values—
1 to 131071

 

unlimited—
Specifies the use of the maximum available number of sessions allowed.

avp-hiding

Syntax 
avp-hiding sensitive | always
no avp-hiding
Context 
config>service>vprn>l2tp>group
Description 

This command configures Attribute Value Pair (AVP) hiding. This capability can be used to avoid the passing of sensitive data, such as user passwords, as clear text in an AVP.

The no form of the command returns the value to never allow AVP hiding.

Default 

no avp-hiding

Parameters 
avp-hiding—
Specifies the method to be used for the authentication of the tunnels in this L2TP group.
Values—
sensitive — AVP hiding is used only for sensitive information (such as username/password).
always — AVP hiding is always used.

 

challenge

Syntax 
challenge always
no challenge
Context 
config>service>vprn>l2tp>group
Description 

This command configures the use of challenge-response authentication.

The no form of the command reverts to the default never value.

Default 

no challenge

Parameters 
always—
Specifies when challenge-response is to be used for the authentication of the tunnels in this L2TP group.
Values—
always

 

destruct-timeout

Syntax 
destruct-timeout destruct-timeout
no destruct-timeout
Context 
config>service>vprn>l2tp>group
config>service>vprn>l2tp>group>tunnel
Description 

This command configures the period of time that the data of a disconnected tunnel will persist before being removed.

The no form of the command removes the value from the configuration.

Default 

no destruct-timeout

Parameters 
destruct-timeout—
Specifies the automatic removal of dynamic L2TP sessions, in seconds, that are no longer active.
Values—
60 to 86400

 

hello-interval

Syntax 
hello-interval hello-interval
no hello-interval
Context 
config>service>vprn>l2tp>group
Description 

This command configures the time interval between two consecutive tunnel Hello messages. The Hello message is an L2TP control message sent by either peer of a LAC-LNS control connection. This control message is used as a keepalive for the tunnel.

The no form of the command removes the interval from the configuration.

Default 

no hello-interval

Parameters 
hello-interval—
Specifies the time interval, in seconds, between two consecutive tunnel Hello messages.
Values—
60 to 3600

 

Default—
60

idle-timeout

Syntax 
idle-timeout idle-timeout
no idle-timeout
Context 
config>service>vprn>l2tp>group
Description 

This command configures the period of time that an established tunnel with no active sessions will persist before being disconnected.

Enter the no form of the command to maintain a persistent tunnel.

The no form of the command removes the idle timeout from the configuration.

Default 

no idle-timeout

Parameters 
idle-timeout—
Specifies the idle timeout value, in seconds until the group is removed.
Values—
0 to 3600

 

l2tpv3

Syntax 
l2tpv3
Context 
config>service>vprn>l2tp
config>service>vprn>l2tp>group
Description 

This command enters the context to configure L2TPv3 parameters.

cookie-length

Syntax 
cookie-length {4 | 8 | default}
no cookie-length
Context 
config>service>vprn>l2tp>l2tpv3
config>service>vprn>l2tp>group>l2tpv3
Description 

This command configures the length of the optional cookie field.

The no form of the command returns the cookie-length to a default of none.

Default 

no cookie-length

Parameters 
4—
Specifies the cookie length as 4 bytes.
8—
Specifies the cookie length as 8 bytes.
default—
When specified within the config>service>vprn>l2tp>group>l2tpv3 context, this is referencing to the cookie-length configuration within the config>service>vprn>l2tp>l2tpv3 context.

digest-type

Syntax 
digest-type {default | none | md5 | sha1}
no digest-type
Context 
config>service>vprn>l2tp>l2tpv3
config>service>vprn>l2tp>group>l2tpv3
Description 

This command configures the hashing algorithm used to calculate the message digest.

The no form of the command returns the digest-type to none.

Default 

no digest-type

Parameters 
none—
Specifies that no digest should be used.
md5—
Specifies that the MD5 algorithm should be used.
sha1—
Specifies that the SHA1 algorithm should be used.
default—
When specified within the config>service>vprn>l2tp>group>l2tpv3 context, this is referencing to the digest-type configuration within the config>service>vprn>l2tp>l2tpv3 context.

nonce-length

Syntax 
nonce-length {length | default}
no nonce-length
Context 
config>service>vprn>l2tp>l2tpv3
config>service>vprn>l2tp>group>l2tpv3
Description 

This command configures the length for the local L2TPv3 nonce (random number) value used in the Nonce AVP.

The no form of the command returns the nonce-length to a default of none.

Default 

no nonce-length

Parameters 
length—
Specifies the length of the Nonce AVP value.
Values—
16 to 64

 

default—
When specified within the config>service>vprn>l2tp>group>l2tpv3 context, this is referencing to the nonce-length configuration within the config>service>vprn>l2tp>l2tpv3 context.

private-tcp-mss-adjust

Syntax 
private-tcp-mss-adjust octets
no private-tcp-mss-adjust
Context 
config>service>vprn>l2tp>l2tpv3
Description 

This command enables TCP MSS adjust for L2TPv3 tunnels on the private side of the service level. When this command is configured, the system updates the TCP MSS option value of the received TCP SYN packet on the private side.

Note that this command can be overridden by the corresponding configuration on the group or tunnel level.

The no form of this command disables TCP MSS adjust on the private side.

Default 

no private-tcp-mcc-adjust

Parameters 
octets—
Specifies the new TCP MSS value in octets.
Values—
512 to 9000

 

public-tcp-mss-adjust

Syntax 
public-tcp-mss-adjust octets
no public-tcp-mss-adjust
Context 
config>service>vprn>l2tp>l2tpv3
Description 

This command enables TCP MSS adjust for L2TPv3 tunnels on the public side on the service level. When the command is configured, the system updates the TCP MSS option value of the received TCP SYN packet on the public side that is encapsulated in the L2TPv3 tunnel.

Note that this command can be overridden by the corresponding configuration on the group or tunnel level.

The no form of this command disables TCP MSS adjust on the public side.

Default 

no public-tcp-mss-adjust

Parameters 
octets—
Specifies the new TCP MSS value in octets
Values—
512 to 9000

 

rem-router-id

Syntax 
rem-router-id ip-addr
no rem-router-id
Context 
config>service>vprn>l2tp>group>l2tpv3
Description 

This command configures the IP address that should be used within the Remote Router-ID AVP.

The no form of this command removes the configured IP address.

Default 

no rem-router-id

Parameters 
ip-addr—
Specifies an IP address to be used within the Remote Router-ID AVP.

pw-cap-list

Syntax 
pw-cap-list {ethernet | ethernet-vlan}
no pw-cap-list
Context 
config>service>vprn>l2tp>group>l2tpv3
Description 

This command configures the allowable pseudowire capability list that is advertised to the far end. An empty list results in both pseudowire capabilities being advertised.

The no form of this command removes the list and advertises both pseudowire capabilities to the far end.

Default 

no pw-cap-list

Parameters 
ethernet—
Specifies that the Ethernet pseudo-wire type is advertised.
ethernet-vlan—
Specifies that the Ethernet-VLAN pseudo-wire type is advertised.

track-password-change

Syntax 
[no] track-password-change
Context 
config>service>vprn>l2tp>group>l2tpv3
Description 

This command enables tracking of password changes, allowing password tunnel passwords to be changed without bringing down active tunnels or sessions. This is only supported with L2TPv3.

The no form of the command disables password change tracking.

Default 

no track-password-change

transport-type

Syntax 
transport-type ip
no transport-type
Context 
config>service>vprn>l2tp>l2tpv3
Description 

This command configures the transport type to be used to carry the L2TPv3 tunnel. Currently, only IP transport is supported.

The no form of this command returns the transport-type to the default value.

Default 

no transport-type

Parameters 
ip—
Specifies that IP should be used as the transport type for the L2TPv3 tunnel.

lns-group

Syntax 
lns-group lns-group-id
no lns-group
Context 
config>service>vprn>l2tp>group
Description 

This command configures the ISA LNS group.

Parameters 
lns-group-id—
Specifies the LNS group ID.
Values—
1 to 4

 

local-address

Syntax 
local-address ip-address
no local-address
Context 
config>service>vprn>l2tp>group>tunnel
Description 

This command configures the local address.

Parameters 
ip-address—
Specifies the IP address used during L2TP authentication.

local-name

Syntax 
local-name host-name
no local-name
Context 
config>service>vprn>l2tp>group
config>service>vprn>l2tp>group>tunnel
Description 

This command creates the local host name used by this system for the tunnels in this L2TP group during the authentication phase of tunnel establishment. It can be used to distinguish tunnels.

The no form of the command removes the name from the configuration.

Default 

no local-name

Parameters 
host-name—
Specifies the host name, up to 64 characters in length, that the router will use to identify itself during L2TP authentication.

max-retries-estab

Syntax 
max-retries-estab max-retries
no max-retries-estab
Context 
config>service>vprn>l2tp>group
config>service>vprn>l2tp>group>tunnel
Description 

This command configures the number of retries allowed for this L2TP tunnel while it is established, before its control connection goes down.

The no form of the command removes the value from the configuration.

Default 

no max-retries-estab

Parameters 
max-retries—
Specifies the maximum number of retries for an established tunnel.
Values—
2 to 7

 

max-retries-not-estab

Syntax 
max-retries-not-estab max-retries
no max-retries-not-estab
Context 
config>service>vprn>l2tp>group
config>service>vprn>l2tp>group>tunnel
Description 

This command configures the number of retries allowed for this L2TP tunnel while it is not established, before its control connection goes down.

The no form of the command removes the value from the configuration.

Default 

no max-retries-not-estab

Parameters 
max-retries—
Specifies the maximum number of retries for non-established tunnels.
Values—
2 to 7

 

password

Syntax 
password password [hash | hash2]
no password
Context 
config>service>vprn>l2tp>group
config>service>vprn>l2tp>group>tunnel
config>service>vprn>l2tp>group>l2tpv3
config>service>vprn>l2tp>l2tpv3
Description 

This command configures the password between L2TP LAC and LNS

The no form of the command removes the password.

Default 

no password

Parameters 
password —
Configures the password used for challenge/response calculation and AVP hiding. The maximum length can be up to 20 characters if unhashed, 32 characters if hashed, 54 characters if the hash2 keyword is specified.
hash—
Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
hash2—
Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

ppp

Syntax 
ppp
Context 
config>service>vprn>l2tp>group
Description 

This command configures PPP for the L2TP tunnel group.

authentication

Syntax 
authentication {chap | pap | pref-chap | pref-pap}
Context 
config>service>vprn>l2tp>group>ppp
Description 

This command configures the PPP authentication protocol to negotiate.

authentication-policy

Syntax 
authentication-policy auth-policy-name
no authentication-policy
Context 
config>service>vprn>l2tp>group>ppp
Description 

This command configures the authentication policy.

Parameters 
auth-policy-name—
Specifies the authentication policy name up to 32 characters in length.

default-group-interface

Syntax 
default-group-interface ip-int-name service-id service-id
default-group-interface ip-int-name service-name svc-name
no default-group-interface
Context 
config>service>vprn>l2tp>group>ppp
Description 

This command configures the default group interface.

Parameters 
ip-int-name—
Specifies the interface name up to 32 characters in length.
service-id service-id—
Specifies the service.

This variant of the command is only supported in 'classic' configuration-mode (configure system management-interface configuration-mode classic). The default-group-interface ip-int-name service-name svc-name variant can be used in all configuration modes.

Values—
{id | svc-name}

id:

1 to 2147483647

svc-name:

up to 64 characters (svc-name is an alias for input only. The svc-name gets replaced with an id automatically by SR OS in the configuration).

 

service-name svc-name—
Specifies the service name (instead of service ID) up to 64 characters in length.

keepalive

Syntax 
keepalive seconds [hold-up-multiplier multiplier]
no keepalive
Context 
config>service>vprn>l2tp>group>ppp
Description 

This command configures the PPP keepalive interval and multiplier.

Parameters 
seconds—
Specifies in seconds the interval.
Values—
10 to 300

 

multiplier—
Specifies the multiplier.
Values—
1 to 5

 

lcp-force-ack-accm

Syntax 
[no] lcp-force-ack-accm
Context 
config>service>vprn>l2tp>group>ppp
config>service>vprn>l2tp>group>tunnel>ppp
Description 

This command enables or disables the LCP Asynchronous Control Character Map (ACCM) configuration option. When the ACCM configuration option is enabled, the option is acknowledged during the LCP negotiation between the LNS and the PPP client, but no ACCM mapping is performed. By default, the ACCM configuration option is rejected.

The no form of this command reverts to the default value.

Default 

no lcp-force-ack-accm

mtu

Syntax 
mtu mtu-bytes
no mtu
Context 
config>service>vprn>l2tp>group>ppp
Description 

This command configures the maximum PPP MTU size.

Parameters 
mtu-bytes—
Specifies, in bytes, the maximum PPP MTU size.
Values—
512 to 9212

 

proxy-authentication

Syntax 
[no] proxy-authentication
Context 
config>service>vprn>l2tp>group>ppp
Description 

This command configures the use of the authentication AVPs received from the LAC.

proxy-lcp

Syntax 
[no] proxy-lcp
Context 
config>service>vprn>l2tp>group>ppp
Description 

This command configures the use of the proxy LCP AVPs received from the LAC.

user-db

Syntax 
user-db local-user-db-name
no user-db
Context 
config>service>vprn>l2tp>group>ppp
Description 

This command configures the local user database to use for PPP PAP/CHAP authentication.

Parameters 
local-user-db-name—
Specifies the local user database name.
Values—
32 chars max

 

session-assign-method

Syntax 
session-assign-method {existing-first | weighted | weighted-random}
no session-assign-method
Context 
config>service>vprn>l2tp>group
Description 

This command specifies how new sessions are assigned to one of the set of suitable tunnels that are available or could be made available.

Default 

session-assign-method existing-first

Parameters 
existing-first—
All new sessions are placed by preference in existing tunnels.
weighted—
Enables weighted preference to tunnels in the group.
weighted-random—
Enhances the weighted algorithm so that when there are multiple tunnels with an equal number of sessions (equal weight), LAC randomly selects a tunnel.

session-limit

Syntax 
session-limit session-limit
session-limit unlimited
no session-limit
Context 
config>service>vprn>l2tp>group
config>service>vprn>l2tp>group>tunnel
Description 

This command configures the session limit. The value controls how many L2TP session will be allowed within a given context (system, group, tunnel).

The no form of the command removes the value from the configuration.

Default 

no session-limit

Parameters 
session-limit—
Specifies the allowed number of sessions within the given context.
Values—
1 to 131071

 

unlimited—
Specifies the use of the maximum available number of sessions allowed.

3.8.2.3.1. Router L2TP Tunnel Commands

tunnel

Syntax 
tunnel tunnel-name [create]
no tunnel tunnel-name
Context 
config>service>vprn>l2tp>group
Description 

This command configures an L2TP tunnel. A tunnel exists between a LAC-LNS pair and consists of a Control Connection and zero or more L2TP sessions. The tunnel carries encapsulated PPP datagrams and control messages between the LAC and the L2TP Network Server (LNS).

Parameters 
tunnel-name—
Specifies a valid string to identify a L2TP up to 32 characters in length.
create—
Mandatory while creating a new tunnel.

auto-establish

Syntax 
[no] auto-establish
Context 
config>service>vprn>l2tp>group>tunnel
Description 

This command specifies if this tunnel is to be automatically set up by the system.

Default 

no auto-establish

avp-hiding

Syntax 
avp-hiding {never | sensitive | always}
no avp-hiding
Context 
config>service>vprn>l2tp>group>tunnel
Description 

This command configures Attribute Value Pair (AVP) hiding. This capability can be used to avoid the passing of sensitive data, such as user passwords, as clear text in an AVP.

Caution:

Nokia recommends that sensitive information not be sent in clear text.

The no form of the command removes the parameter of the configuration and indicates that the value on group level will be taken.

Default 

no avp-hiding

Parameters 
avp-hiding—
Specifies the method to be used for the authentication of the tunnel.
Values—
never — AVP hiding is not used.
sensitive — AVP hiding is used only for sensitive information (such as username/password).
always — AVP hiding is always used.

 

challenge

Syntax 
challenge {always | never}
no challenge
Context 
config>service>vprn>l2tp>group>tunnel
Description 

This command configures the use of challenge-response authentication.

The no form of the command removes the parameter from the configuration and indicates that the value on group level will be taken.

Default 

no challenge

Parameters 
always—
Specifies that challenge-response authentication should always be used for the tunnel.
never—
Specifies that challenge-response authentication should never be used for the tunnel.

hello-interval

Syntax 
hello-interval hello-interval
hello-interval infinite
no hello-interval
Context 
config>service>vprn>l2tp>group>tunnel
Description 

This command configures the number of seconds between sending Hellos for a L2TP tunnel.

The no form removes the parameter from the configuration and indicates that the value on group level will be taken.

Parameters 
hello-interval—
Specifies the time interval, in seconds, between two consecutive tunnel Hello messages.
Values—
60 to 3600

 

infinite—
Specifies that no Hello messages are sent.

idle-timeout

Syntax 
idle-timeout idle-timeout
idle-timeout infinite
no idle-timeout
Context 
config>service>vprn>l2tp>group>tunnel
Description 

This command configures the idle timeout to wait before being disconnect.

The no form indicates that the parameter will be removed from the configuration and that the value specified on group level will be taken.

Parameters 
idle-timeout—
Specifies the idle timeout, in seconds.
Values—
0 to 3600

 

infinite—
Specifies that the tunnel will not be closed when idle.

peer

Syntax 
peer ip-address
no peer
Context 
config>service>vprn>l2tp>group>tunnel
Description 

This command configures the peer address.

The no form of the command removes the IP address from the tunnel configuration.

Default 

no peer

Parameters 
ip-address—
Sets the LNS IP address for the tunnel.

preference

Syntax 
preference preference
no preference
Context 
config>service>vprn>l2tp>group>tunnel
Description 

This command configures a preference number that indicates the relative preference assigned to a tunnel when using a weighted session assignment.

The no form of the command removes the preference value from the tunnel configuration.

Default 

no preference

Parameters 
preference—
Specifies the tunnel preference number with its group. The value 0 corresponds to the highest preference.
Values—
0 to 16777215

 

remote-name

Syntax 
remote-name host-name
no remote-name
Context 
config>service>vprn>l2tp>group>tunnel
Description 

This command configures a string to be compared to the host name used by the tunnel peer during the authentication phase of tunnel establishment.

Parameters 
host-name—
Specifies a remote host name for the tunnel up to 64 characters in length.

3.8.2.4. Router DHCP Configuration Commands

dhcp

Syntax 
dhcp
Context 
config>service>vprn
Description 

This command enters the context to configure DHCP parameters.

dhcp6

Syntax 
dhcp6
Context 
config>service>vprn
Description 

This command enters the context to configure DHCP6 parameters.

local-dhcp-server

Syntax 
local-dhcp-server server-name [create]
no local-dhcp-server server-name
Context 
config>service>vprn>dhcp
config>service>vprn>dhcp6
config>service>vprn>if
config>service>vprn>nw-if
Description 

This command instantiates a local DHCP server. A local DHCP server can serve multiple interfaces but is limited to the routing context it was which it was created.

Parameters 
server-name —
Specifies the name of local DHCP server.
create—
Creates the server name. The create keyword requirement can be enabled/disabled in the environment>create context.

failover

Syntax 
failover
Context 
config>service>vprn>dhcp
Description 

This command enters the context to configure failover parameters.

ignore-mclt-on-takeover

Syntax 
ignore-mclt-on-takeover
no ignore-mclt-on-takeover
Context 
config>service>vprn>dhcp>server>failover
config>router>dhcp6>server>failover
config>router>dhcp6>server>pool
config>service>vprn>dhcp6>server>failover
config>service>vprn>dhcp6>server>pool
Description 

With this flag enabled, the ‘remote’ IP address/prefix can be taken over immediately upon entering the PARTNER-DOWN state of the intercommunication link, without having to wait for the MCLT to expire. By setting this flag, the lease times of the existing DHCP clients, while the intercommunication link is in the PARTNER-DOWN state, will still be reduced to the MCLT over time and all new lease times will be set to MCLT. This behavior remain the same as originally intended for MCLT.

Some deployments require that the ‘remote’ IP address/prefix range starts delegating new IP addresses/prefixes upon the failure of the intercommunication link, without waiting for the intercommunication link to transition from the COMM-INT state into the PARTNER-DOWN state and the MCLT to expire while in PARTNER-DOWN state.

This can be achieved by enabling the ignore-mclt-on-takeover flag and by configuring the partner-down-delay to 0.

Enabling this functionality must be exercised with caution. One needs to keep in mind that the partner-down-delay and MCLT timers were originally introduced to prevent IP address duplication in cases where DHCP redundant nodes transition out-of-sync due to the failure of intercommunication link. These timers (partner-down-delay and MCLT) would ensure that during their duration, the new IP addresses/prefixes are delegated only from one node – the one with local IP address-range/prefix. The drawback is of course that the new IP address delegation is delayed and thus service is impacted.

But if one could ensure that the intercommunication link is always available, then the DHCP nodes would stay in sync and the two timers would not be needed. This is why it is of utmost importance that in this mode of operation, the intercommunication link is well protected by providing multiple paths between the two DHCP nodes. The only event that should cause intercommunication link to fail is the entire nodal failure. This failure is acceptable since in this case only one DHCP node is available to provide new IP addresses/prefixes.

Default 

no ignore-mclt-on-takeover

maximum-client-lead-time

Syntax 
maximum-client-lead-time [hrs hours] [min minutes] [sec seconds]
no maximum-client-lead-time
Context 
config>service>vprn>dhcp>server>failover
config>service>vprn>dhcp>server>pool
config>router>vprn>dhcp6>server>failover
config>router>vprn>dhcp6>server>pool
config>service>vprn>dhcp6>server>failover
config>service>vprn>dhcp6>server>pool
Description 

The maximum-client-lead-time (MCLT) is the maximum time that a DHCP server can extend client’s lease time beyond the lease time currently known by the DHCP partner node. In dual-homed environment, the initial lease time for all DHCP clients is by default restricted to MCLT. Consecutive DHCP renews are allowed to extend the lease time beyond the MCLT.

The MCLT is a safeguard against IP address/prefix duplication in cases of a lease synchronization failure when local-remote failover model is deployed

Once the intercommunication link failure between the redundant DHCP servers is detected, the DHCP IP address range configured as remote will not be allowed to start delegating new leases until the MCLT + partner-down-delay intervals expire. This is to ensure that the new lease that was delegated from the ‘local’ IP address-range/prefix on one node, but was never synchronized due to the intercommunication link failure, will expire before the same IP address/prefix is allocated from the remote IP address-range/prefix on the other node.

However, the already existing (and synchronized) lease times can be renewed from the remote IP address range at any time, regardless of the state of the intercommunication link (operational or failed).

Lease synchronization failure can be caused either by a node failure, or a failure of the link over which the DHCP leases are synchronized (intercommunication link). Synchronization failure detection can take up to 3 seconds.

During the failure, the DHCP lease time for the new clients will be restricted to MCLT while for the existing clients the lease time will over time (by consecutive DHCP renews) be gradually reduced to the MCLT.

Default 

maximum-client-lead-time min 10

Parameters 
hrs hours
Specifies the hour parameter of the MCLT.
Values—
1 to 23

 

min minutes
Specifies the minute parameter of the MCLT.
Values—
1 to 59

 

sec seconds
Specifies the seconds parameter of the MCLT.
Values—
1 to 59

 

partner-down-delay

Syntax 
partner-down-delay [hrs hours] [min minutes] [sec seconds]
no partner-down-delay
Context 
config>service>vprn>dhcp>server>failover
config>router>dhcp6>server>failover
config>router>dhcp6>server>pool
config>service>vprn>dhcp6>server>failover
config>service>vprn>dhcp6>server>pool
Description 

Since the DHCP lease synchronization failure can be caused by the failure of the intercommunication link (and not necessary the entire node), there is a possibility the redundant DHCP servers become isolated in the network. In other words, they can serve DHCP clients but they cannot synchronize the lease. This can lead to duplicate assignment of IP addresses, since the servers have configured overlapping IP address ranges but they are not aware of each other’s leases.

The purpose of the partner-down-delay is to prevent the IP lease duplication during the intercommunication link failure by not allowing new IP addresses to be assigned from the remote IP address range. This timer is intended to provide the operator with enough time to remedy the failed situation and to avoid duplication of IP addresses/prefixes during the failure.

During the partner-down-delay time, the prefix designated as remote will be eligible only for renewals of the existing DHCP leases that have been synchronized by the peering node. Only after the sum of the partner-down-delay and the maximum-client-lead-time will the prefix designated as remote be eligible for delegation of the new DHCP leases. When this occurs, we say that the remote IP address range has been taken over.

It is possible to expedite the takeover of a remote IP address range so that the new IP leases can start being delegated from that range shortly after the intercommunication failure is detected. This can be achieved by configuring the partner-down-delay timer to 0 seconds, along with enabling the ignore-mclt-on-takeover CLI flag. Caution must be taken before enabling this functionality. It is safe to bypass safety timers (partner-down-delay + MCLT) only in cases where the operator is certain that the intercommunication between the nodes has failed due to the entire node failure and not due to the intercommunication (MCS) link failure. Failed intercommunication due to the nodal failure would ensure that only one node is present in the network for IP address delegation (as opposed to two isolated nodes with overlapping IP address ranges where address duplication can occur). For this reason, the operator must ensure that there are redundant paths between the nodes to ensure uninterrupted synchronization of DHCP leases.

In access-driven mode of operation, partner-down-delay has no effect.

Default 

partner-down-delay hrs 23 min 59 sec 59

Parameters 
hrs hours
Specifies the hour parameter of the partner down delay feature.
Values—
1 to 23

 

min minutes
Specifies the minute parameter of the partner down delay feature.
Values—
1 to 59

 

sec seconds
Specifies the seconds parameter of the partner down delay feature.
Values—
1 to 59

 

peer

Syntax 
peer ip-address tag sync-tag-name
no peer ip-address
Context 
config>service>vprn>dhcp>server>failover
config>router>dhcp6>server>failover
config>router>dhcp6>server>pool
config>service>vprn>dhcp6>server>failover
config>service>vprn>dhcp6>server>pool
Description 

DHCP leases can be synchronized per DHCP server of DHCP pool. The pair of synchronizing servers or pools is identified by a tag. The synchronization information is carried over the Multi-Chassis Synchronization (MCS) link between the two peers. MCS link is a logical link (IP, or MPLS).

MCS runs over TCP, port 45067 and it is using either data traffic or keepalives to detect failure on the communication link between the two nodes. In the absence of any MCS data traffic for more than 0.5sec, MCS will send its own keepalive to the peer. If a reply is not received within 3sec, MCS will declare its operation state as DOWN and the DB Sync state as out-of-sync. MCS will consequently notify its clients (DHCP Server being one of them) of this. It can take up to 3 seconds before the DHCP client realizes that the inter-chassis communication link has failed.

The inter-chassis communication link failure does not necessarily assume the same failed fate for the access links. In other words the two redundant nodes can become isolated from each other in the network. This would occur in cases where only the intercommunication (MCS) link fails. It is of utmost importance that this MCS link be highly redundant.

Parameters 
ip-address—
Specifies the IPv4 address of the peer.
sync-tag sync-tag
Specifies a synchronization tag to be used while synchronizing DHCP server or pools.

startup-wait-time

Syntax 
[no] startup-wait-time [min minutes] [sec seconds]
Context 
config>service>vprn>dhcp6>server>failover
config>service>vprn>dhcp6>server>pool
config>router>dhcp6>server>failover
config>router>dhcp6>server>pool
Description 

This command enables startup-wait-time during which each peer waits after the initialization process before assuming the active role for the prefix designated as local or access-driven. This is to avoid transient issues during the initialization process.

Default 

startup-wait-time min 2

Parameters 
min minutes
Specifies the minute parameter of the startup wait time feature.
Values—
1 to 10

 

sec seconds
Specifies the seconds parameter of the startup wait time feature.
Values—
1 to 59

 

ignore-rapid-commit

Syntax 
[no] ignore-rapid-commit
Context 
config>service>vprn>dhcp6>local-dhcp-server
Description 

This command specifies whether the Rapid Commit Option (RCO) sent by the DHCPv6 client is processed.

If enabled and the client has included an RCO in the solicit, the server ignores the option and processes the remainder of the message as if no RCO were present.

The no form of the command disables ignore-rapid-commit.

lease-hold-time

Syntax 
lease-hold-time [days days] [hrs hours] [min minutes] [sec seconds]
no lease-hold-time
Context 
config>service>vprn>dhcp6>server
Description 

This command configures the time to remember this lease.

Parameters 
[days days] [hrs hours] [min minutes] [sec seconds]
The lease hold time.
Values—

days:

0 to 3650

hours:

0 to 23

minutes:

0 to 59

seconds:

0 to 5

 

force-renews

Syntax 
[no] force-renews
Context 
config>service>vprn>dhcp>server
Description 

This command enables the sending of sending force-renew messages.

The no form of the command disables the sending of force-renew messages.

Default 

no force-renews

pool

Syntax 
pool