3. Classic and Model-Driven Management Interfaces

SR OS supports two basic classes of management interfaces:

classic management interfaces
model-driven management interfaces

Classic management interfaces include:

SNMP
the classic CLI
NETCONF using the Alcatel-Lucent Base-R13 SR OS YANG modules

Model-driven management interfaces include:

the MD-CLI
NETCONF using the Nokia SR OS YANG modules
the gRPC Network Management Interface (gNMI)

References to the term “CLI” in the SR OS user documentation are generally referring to the classic CLI. The classic CLI is the CLI that has been supported in SR OS from the initial introduction of SR OS.

The MD-CLI is a model-driven CLI introduced in SR OS Release 16.0.R1. Refer to The MD-CLI User Guide and The MD-CLI Command Reference Guide for details on using configuration commands in the MD-CLI.

3.1. Model-Driven Management Interfaces

Model-driven management interfaces are based on a common infrastructure that uses YANG models as the core definition for configuration, state, and operational actions. All model-driven interfaces take the same common underlying YANG modules and render them for the particular management interface.

The Nokia SR OS YANG modules of the model-driven infrastructure are similar to the classic CLI tree with the following notable differences:

the classic and model-driven configuration formats are incompatible; the system automatically converts the classic configuration to model-driven format when the management interface configuration mode is changed to model-driven
some classic CLI branches have been moved, renamed, or re-organized in the SR OS YANG modules
many elements use string names as keys in model-driven interfaces instead of the numerical identifiers used in the classic CLI and SNMP. The name can only be assigned or modified for these elements in releases prior to Release 15.1.R1. Elements without names are automatically assigned a name (the identifier converted to a string) during an upgrade to Release 15.1.R1 or later, and cannot be changed without manually deleting and recreating the element. It is recommended that the following elements are assigned names prior to an upgrade to Release 15.1 or later:
1. all services (configure service vprn, vpls, epipe, and so on)
2. configure mirror mirror-dest
3. configure service pw-templates
4. configure service customer
5. configure filter ip-filter, ipv6-filter, and mac-filter
6. configure qos network, sap-ingress, and sap-egress
7. configure eth-cfm domain and association
the classic CLI shutdown command has been replaced with admin-state in model-driven interfaces
the classic CLI commands with multiple parameters have been separated into individual leafs in model-driven interfaces
the model-driven interfaces make extensive use of Boolean values (true and false) for configuration settings

In model-driven configuration-mode, SR OS operates with 'explicit' default handling. Users can set a leaf to the same value as the default, and SR OS remembers that it was explicitly set, and displays it as part of the configuration. This is similar to what RFC6243 refers to as 'explicit' mode.

In the classic configuration-mode, the default handling is similar to RFC6243 'trim' mode. Configuration values are not reported if they are equal to the default value, even if the user explicitly configured the value.

In mixed configuration-mode, the system uses 'explicit' default handling but it is not persistent. Explicitly configured default values are lost or forgotten at a High-availability CPM switchover or a reboot. Nokia does not recommended setting any leaf explicitly to its default value in mixed configuration-mode (the leaf should be deleted instead).

3.1.1. Prerequisites for Using Model-Driven Management Interfaces

Before configuration editing is permitted in model-driven interfaces, the management interface configuration mode must be set to model-driven or mixed. Refer to Management Interface Configuration Mode for details.

All loose references using IDs to certain elements (elements which use IDs as keys in classic interfaces but string names in model-driven interfaces) must be replaced with references using string names. Refer to Loose References to IDs for details.

Strict routing policy validation is used for model-driven interfaces. The routing policy must exist for the management interface configuration mode to be changed. References to non-existent routing policies must be removed before attempting to switch modes. Strict policy validation is applied to the following routing policy references:

BGP: in the Base router and VPRN instances
IS-IS: in the Base router and VPRN instances
LDP
OSPF and OSPFv3: the Base router and VPRN instances
Policy-option: from, to, action, and default-action statements
Policy-option: sub-policies, prefix-list, as-path, as-path-group, damping, and community policies
RIP and RIPng: in the Base router and VPRN instances
Single policy-statement or logical policy expressions
VPLS: for BGP VSI
VPRN: for GRT, MVPN, and VRF

3.2. YANG Data Models

The SR OS supports:

SR OS YANG data models
OpenConfig YANG data models

3.2.1. SR OS YANG Data Models

The SR OS supports two similar proprietary YANG configuration data models. A unique set of XML namespaces is used for each of the two data models.

The YANG modules for the first configuration data model (Alcatel-Lucent Base-R13 SR OS YANG modules) have the following attributes.

The names of the modules are alu-conf-*-r13 (for example, alu-conf-log-r13). Note the –r13 suffix at the end of the names.
The Alcatel-Lucent Base-R13 model consists of a set of modules with groupings that are all used by a single top-level configuration module called alu-conf-r13. All configuration data in the Alcatel-Lucent Base-R13 models sits in the urn:alcatel-lucent.com:sros:ns:yang:conf-r13 XML namespace.
The Base-R13 modules can only be used in the NETCONF interface and only with the <running> datastore. They can not be used with the NETCONF <candidate> datastore or with any other management interface.
Although the Base-R13 modules were first introduced in SR OS Release 13.0, they do not only contain objects from Release 13.0. For example, features from any later release are also configurable using versions of the Base-R13 modules that are distributed with that release.
The Base-R13 modules align closely to the structure and behavior of the SR OS classic CLI.

The YANG modules for the second configuration data model (Nokia SR OS YANG modules) have the following attributes.

The names of the modules and submodules are nokia-conf-* (for example, nokia-conf-log). They have no –r13 suffix in the names.
The Nokia SR OS YANG configuration model is divided into a single top-level configuration module (nokia-conf), a set of submodules (for example, nokia-conf-system), and a set of nokia-types-* modules. All configuration data in the Nokia SR OS YANG models sit in the urn:nokia.com:sros:ns:yang:sr:conf XML namespace. All state data in the Nokia SR OS YANG models sits in the urn:nokia.com:sros:ns:yang:sr:state XML namespace.
The modules can be used with NETCONF with the <candidate> or <running> datastores, with telemetry, or with the Set/Get RPCs of the gRPC-based gNMI service. The modules map to the MD-CLI interface.
The modules and submodules indicate the SR OS major release stream using a YANG extension (for example, sros-ext:sros-major-release "rel16";). Module and submodule revisions form a contiguous series of revisions inside a major release stream. There may be two files for the same module with the same revision date but with different contents because they are from two different major release streams. Each active major release stream has revisions ongoing in parallel.
An alternative packaging of the entire Nokia configuration model is available in the single file called nokia-conf-combined.yang.

The two configuration data models are not interchangeable. An XML request based on the Alcatel-Lucent Base-R13 YANG modules will not work if applied to a router using the urn:nokia.com:sros:ns:yang:sr:conf namespace and vice versa.

There is a single YANG state model for SR OS with the following attributes.

The names of the modules and submodules are nokia-state-* (for example, nokia-state-log).
The Nokia SR OS YANG state model is divided into a single top-level statistics module (nokia-state), a set of submodules (for example, nokia-state-system), and a set of nokia-types-* modules. All state data in the Nokia SR OS YANG models sits in the urn:nokia.com:sros:ns:yang:sr:state XML namespace.
The modules can be used with NETCONF or telemetry.
An alternative packaging of the entire state model is available in the single file called nokia-state-combined.yang.

All configuration modules, state modules, and types modules are advertised in the SR OS NETCONF server <hello>. Submodules are not advertised in the <hello>.

The bof, admin, tools, debug, or clear branches of the CLI do not have equivalent YANG data models.

3.2.2. OpenConfig YANG Data Models

OpenConfig presents a vendor-independent set of YANG models. OpenConfig YANG model attributes are mapped to application-specific configuration and state. SR OS requires the following system management configuration to access the application configuration using the OpenConfig YANG models.

(ex)[configure system management-interface]

configuration-mode model-driven

cli {

cli-engine [md-cli]

}

yang-modules {

openconfig-modules true

}

OpenConfig YANG models are available for all model-driven interfaces. In MD-CLI, OpenConfig configuration is located in the configure openconfig context.

When a configuration is committed, the system checks to ensure that openconfig-modules is set to true. If openconfig-modules is set to false, a configuration error is raised.

The openconfig-modules command behaves differently depending on the configuration access method, MD-CLI, gNMI, or NETCONF as follows:

Using the MD-CLI interface, users can configure and execute OpenConfig configuration edits.
1. During the interactive configuration of OpenConfig commands, only OpenConfig syntax is checked.
2. When a configuration is committed, the system verifies that openconfig-modules is set to true. If openconfig-modules is not set to true and there are OpenConfig configuration transactions, the commit fails.
3. The operator must set openconfig-modules to true and perform the commit again. Assuming the configuration information is complete and there are no other errors, the transaction succeeds.
For the gNMI and NETCONF interfaces, openconfig-module is checked to determine if OpenConfig models are being advertised and if the system can accept or send OpenConfig model configurations, states, or requests.
1. If the OpenConfig modules are not enabled, then the sending and accepting of OpenConfig edits, requests, and responses is blocked at the gNMI or NETCONF level.
2. A 'get' from the root without any declared namespace or branch succeeds but does not include any OpenConfig data. However, a 'get' that explicitly requests data from the OpenConfig namespace produces an error.

It is possible to configure the network element using both Nokia YANG and OpenConfig YANG models. Configuration ownership is a key concept, determining which model-driven access method can update a container or list entry. Only the access method that has claimed configuration ownership of an container or list entry can modify the configuration for that container or list entry. Individual applications define the required container or list entry based on their unique requirements. The applications also determines if and how ownership can change. It is possible to have both Nokia YANG and OpenConfig YANG commands in the same set transaction. Validation and commit functions apply to all transactions in a single set. If an access method attempts to configure elements under a part of the hierarchy it does not own, an error message is generated. An example of the error message is:

MINOR: MGMT_CORE #261: configure openconfig interfaces interface "1/1/1" -

Cannot access or modify element - managed by Nokia module

Configuration ownership also influences default imports. The owner imports their container or list entry defaults. In the case where OpenConfig is the container or list entry owner but the model has opted to omit configuration elements required for application functionality, the Nokia application defaults are imported. These defaults cannot be modified using OpenConfig if the configuration path is not included in the OpenConfig model. If an object in the OpenConfig model does not specify a default, the application can use any default available. Typically, this is the existing SR OS application default for the container or list entry.

In the case where the OpenConfig model includes a leaf but does not include a default, the Nokia default can be used as specified in Table 54.

Table 54: Default Behavior

Case	OpenConfig leaf value specified	OpenConfig leaf has YANG default	Action taken
1	yes	yes	Use OC leaf value specified
2	yes	no	Use OC leaf value specified
3	no	yes	Use OC leaf default value
4	no	no	Use Nokia default value

An operator action, such as the modification of a container or list entry using OpenConfig, may transition the container or list entry ownership to OpenConfig. Transitioning from OpenConfig to Nokia configuration ownership usually requires the deletion of the container or list entry through the OpenConfig model.

If the Nokia models are to be considered for configuration, the nokia-modules or nokia-combined-modules parameter must be set to true in the configure system management-interface yang-modules context.

When model-driven management interface configuration mode and OpenConfig YANG are enabled, the OpenConfig YANG configuration options become available. The openconfig-modules true command can be changed to openconfig-modules false during operation. However, all OpenConfig YANG configuration statements must be deleted prior to deleting the openconfig-modules leaf or setting it to openconfig-modules false, otherwise an error is generated. This protects the system from entering a state where an OpenConfig mismatch is possible.

The validate command validates the model-driven configuration against the model-specific definition, including any deviations. The commit command performs application-level mappings, another validation function, and activation of the candidate datastore. The application-specific mapping ensures the application requirements are met using the same criteria that is common for that application across all configuration actions.

In cases where there is an incomplete set of modeled data which results in an error, or there are other errors that arise from the commit operation, all transactions fail and produce an error message indicating the reason for the failure. A failure maintains the complete set of YANG parameters, as if the commit command had not been issued. This allows the administrator the option to correct the source of the error. Partial configurations are allowed as determined by the application and are not themselves invalid.

The transaction is tracked, including the OpenConfig Key and the Nokia Key. Both the OpenConfig path and the Nokia path are included in the returned error message. This error message uses the following format; Nokia:Normalized:OC-Key/path. This approach allows error message parsing and extraction of preference for the operator's model-driven-specific approach. A sample error message is shown below.

where <extra-context> could be the OpenConfig context or related key information.

Deviation files are available for each model where there are differences from the published OpenConfig model. These deviations can include not-supported, add, replace, granularity mismatches, and different ranges. The OpenConfig YANG file contains text descriptions when different units or ranges are in place. Deviations are not raised for OpenConfig “must” statements as the “must” statement in OpenConfig models is not supported in SR OS. The deviation file follows this format nokia-sr-<ocmodule>-deviations.yang, for example, nokia-sr-openconfig-network-instance-deviations.yang.

There are several places where ranges and units may not be aligned between OpenConfig YANG and SR OS application implementation.

When a mapping exists for an attribute but the configuration is out of range, an error is generated. For example, the application configuration leafB has a range of (1..100), where OpenConfig leafB specifies a range of (1...300). When an OpenConfig set above 100 is requested, an unsupported value error is returned.

As an example of a granularity mismatch, application leafC supports centiseconds and OpenConfig leafC supports milliseconds. If the OpenConfig value in milliseconds can be converted to a valid application value, the OpenConfig value is accepted (for example, OpenConfig leafC 100 ms is converted to application leafC 1 centisecond). However, if the OpenConfig value cannot be converted to a valid application value, an error is produced (for example, OpenConfig leafC 125ms cannot be mapped into centiseconds).

3.3. System-Provisioned Configuration (SPC) Objects

There is a set of configuration objects (configuration list elements and their descendants) that are provisioned (added to the <running> datastore) automatically by SR OS; for example, log-id 99. Some SPC objects are created at bootup time, and some are created or removed dynamically based on configuration. The dynamically created SPC objects are typically children objects created as a side effect of the creation of their parent object.

Some of these objects can be deleted/removed by a user (Deletable SPC Objects).

In the classic CLI these are removed by specifying the keyword no, which is then visible in an info command or in a saved config (admin save); for example, no log-id 99.
The Deletable SPC Objects can be removed or recreated via NETCONF <edit-config> requests, but they are not visible in a <get-config> response in the “urn:alcatel-lucent.com:sros:ns:yang:conf-*-r13” namespace (the Alcatel-Lucent Base-R13 SR OS YANG modules) when they are:
1. set to their default values (including all child leaves and objects)
2. removed or deleted
The Deletable SPC Objects are visible in a <get-config> response in the “urn:alcatel-lucent.com:sros:ns:yang:conf-*-r13” namespace (the Alcatel-Lucent Base-R13 SR OS YANG modules) if a child leaf or object is changed away from the default value; for example, changing log-99 to time-format local.
The Deletable SPC objects are not visible in a <get-config> response in the “urn:nokia.com:sros:ns:yang:sr:conf” namespace (the Nokia SR OS YANG modules) if the child leaves are all at default values.
Some example deletable SPC objects (shown in Classic CLI format) are:

Config system security profile default

Config system security profile default entry 10-100

Config system security profile administrative

Config system security profile administrative entry 10-112

Config system security user "admin"

Config system security user console member "default"

Config system security ssh client-cipher-list protocol-version 1 cipher 200-210

Config system security ssh client-cipher-list protocol-version 2 cipher 190-235

Config system security ssh server-cipher-list protocol-version 1 cipher 200-205

Config system security ssh server-cipher-list protocol-version 2 cipher 190-235

Config log filter 1001

Config log filter 1001 entry 10

Config log log-id 99 & 100

Some SPC objects cannot be deleted (Non-Deletable SPC Objects).

Although these objects cannot be deleted, some of them contain leaves that can be modified.
The Non-Deletable SPC Objects are not visible in a <get-config> response in the “urn:alcatel-lucent.com:sros:ns:yang:conf-*-r13” namespace (the Alcatel-Lucent Base-R13 SR OS YANG modules) when they are set to their default values (including all child leaves and objects).
The Non-Deletable SPC Objects are visible in a <get-config> response in the “urn:alcatel-lucent.com:sros:ns:yang:conf-*-r13” namespace (the Alcatel-Lucent Base-R13 SR OS YANG modules) if a child leaf or object is changed away from the default value; for example, setting the card-type.
The Non-Deletable SPC objects are not visible in a <get-config> response in the “urn:nokia.com:sros:ns:yang:sr:conf” namespace (the Nokia SR OS YANG modules) if the child leaves are all at default values.
Some example non-deletable SPC objects (shown in Classic CLI format) are:

Config system security user-template {tacplus_default|radius_default}

Config system security snmp view iso …

Config system security snmp view li-view …

Config system security snmp view mgmt-view …

Config system security snmp view vprn-view …

Config system security snmp view no-security-view …

Config system security snmp access group xyz (a set of access groups)

Config log event-control …

Config filter log 101

Config qos … various default policies can’t be deleted

Config qos queue-group-templates … these can’t be deleted

Config card <x>

Config router network-domains network-domain “default”

Config oam-pm bin-group 1

Config call-trace trace-profile “default”

Config eth-cfm default-domain bridge-identifier <x>

Some Non-Deletable SPC Objects are visible in a <get-config> request in the “urn:alcatel-lucent.com:sros:ns:yang:conf-*-r13” namespace (the Alcatel-Lucent Base-R13 SR OS YANG modules), even if they are set to default values:

Config system security cpu-protection policy 254 and 255

Config router interface “system"

Config service customer 1

3.4. Management Interface Configuration Mode

Management interface configuration mode controls how classic management interfaces, such as SNMP and the classic CLI, and model-driven (MD) interfaces, such as the MD-CLI and NETCONF, are used to modify the configuration of the router. The configure system management-interface configuration-mode command must be used to enable configuration editing by MD interfaces.

Table 55: Management Interface Configuration Mode

		Configuration Mode
		Classic	Mixed	Model-driven
Classic Interfaces	Classic CLI: configuration write/edit	OK	OK	—
	Classic CLI: configuration read	OK	OK	OK
	Classic CLI: non-configuration commands	OK	OK	OK
	SNMP: configuration write/edit	OK	OK	—
	SNMP: non-configuration writes (such as admin reboot)	OK	OK	—
	SNMP: configuration read	OK	OK	OK
	SNMP: state read	OK	OK	OK
	SNMP: notifications (traps)	OK	OK	OK
	NETCONF (Base-R13 model): configuration write/edit	OK	OK	—
	NETCONF (Base-R13 model): configuration read	OK	OK	OK
Model-driven Interfaces	NETCONF (Nokia model): configuration write and read	—	OK	OK
	NETCONF (Nokia model): state read	OK	OK	OK
	Telemetry: configuration nodes	—	OK	OK
	Telemetry: state nodes	OK	OK	OK
	gNMI Set/Get: configuration write and read	—	OK	OK
	gNMI Get: state read	OK	OK	OK
Features	OpenConfig YANG models	—	—	OK
	Configuration Groups	—	—	OK
	MD-CLI rollback command	—	—	OK
	Classic CLI admin rollback revert command	OK	OK	—
	Explicit defaults 1	—	—	OK
	Configuration changes accepted immediately after a CPM high-availability switchover 2	OK	—	OK

Note:

In model-driven mode, users can set a leaf to the same value as the default, and SR OS remembers that it was explicitly set and displays it as part of the configuration. In mixed mode these values are not persistent and they are lost or forgotten at a CPM high-availability switchover or a reboot.
In mixed configuration-mode, changes to configuration are blocked for a few minutes after a CPM high-availability switchover event while the model-driven database is synchronized with the application layer of SR OS. There is no impact to running services.

3.4.1. Mixed Configuration Mode

Mixed configuration mode is useful for operators to migrate from classic management interfaces to operating in a full model-driven mode. It allows the use of previous classic CLI scripts or other OSS integration (for configuration) although with some pre-requisites (see Prerequisites for Using Model-Driven Management Interfaces) and some limitations (see Table 55).

3.4.2. Loose References to IDs

A loose reference is a reference where the target of the reference does not have to exist. For example, configure service pw-template 23 egress filter ip 37 can be configured (when the management interface configuration mode is classic) even if ip-filter 37 does not yet exist in the configuration.

Before switching the management interface configuration mode to model-driven or mixed, all loose references using IDs must be replaced with references using string names (or removed from the configuration) for the following elements:

all services (configure service vprn, vpls, epipe, and so on)
configure mirror mirror-dest
configure service pw-templates
configure service customer
configure filter ip-filter, ipv6-filter, and mac-filter
configure qos network, sap-ingress, and sap-egress
configure eth-cfm domain and association

In the following configuration example,

configure service pw-template 23 egress filter ip 37

can be changed to

configure service pw-template 23 egress filter-name ip ops-sec-filter-a33

Because ip-filter 37 is a loose reference, it does not require a name for the configuration to be valid. However, it may be desirable to assign a name as follows, to make the binding operational.

configure filter ip-filter 37 name ops-sec-filter-a33

Note:

A name can only be assigned to a filter or any element in the above list of elements which use IDs as keys in classic interfaces but string names in model-driven interfaces. It is recommended to assign names to the elements prior to an upgrade to Release 15.1.R1.

A name can also be changed in releases prior to Release 15.1.R1. Elements without names are automatically assigned a name (the ID converted to a string) during an upgrade to Release 15.1.R1 or later, and cannot be changed without manually deleting and recreating the element.

Loose references to IDs for the objects listed above cannot be created while in mixed or model-driven configuration mode. Any classic CLI scripts must also be updated to avoid the use of any of the commands below.

The following lists the set of affected loose references. Some items take a service-name as an input. SR OS converts these service-names to IDs, and stores the IDs in the configuration. In these cases, the service-name becomes an alias at configuration edit time and is not stored as a reference.

IPSec related configuration:

configure service vprn interface sap ipsec-tunnel local-gateway-address

configure service vprn interface sap ip-tunnel delivery-service

configure service vprn interface sap l2tpv3-session router

configure service epipe sap l2tpv3-session router

configure service vpls sap l2tpv3-session router

configure service vprn interface sap ipsec-gw default-secure-service

configure service ies interface sap ipsec-gw default-secure-service

configure service vprn interface sap ipsec-gw dhcp server

configure service ies interface sap ipsec-gw dhcp server

configure service vprn interface sap ipsec-gw dhcp6 server

configure service ies interface sap ipsec-gw dhcp6 server

configure service vprn interface sap ipsec-gw local-address-assignment ipv4 address-source

configure service vprn interface sap ipsec-gw local-address-assignment ipv6 address-source

configure service ies interface sap ipsec-gw local-address-assignment ipv4 address-source

configure service ies interface sap ipsec-gw local-address-assignment ipv6 address-source

configure service vprn interface sap ipsec-tunnel bfd-enable

configure ipsec client-db client private-service

configure system file-transmission-profile router

Eth-cfm, oam-pm, and saa:

configure eth-cfm default-domain bridge-identifier

configure eth-cfm domain association bridge-identifier

configure oam-pm session ip router

configure oam-pm session ip router service-name

configure saa test type cpe-ping service

configure saa test type icmp-ping router

configure saa test type icmp-ping service-name

configure saa test type icmp-trace router

configure saa test type icmp-trace service-name

configure saa test type mac-ping service

configure saa test type mac-trace service

configure saa test type vprn-ping

configure saa test type vprn-ping service

configure saa test type vprn-trace

configure saa test type vprn-trace service

Filters:

configure service pw-template egress filter ipv6

configure service pw-template egress filter ip

configure service pw-template egress filter mac

configure service pw-template ingress filter ipv6

configure service pw-template ingress filter ip

configure service pw-template ingress filter mac

configure service template epipe-sap-template egress filter ip

configure service template epipe-sap-template egress filter ipv6

configure service template epipe-sap-template egress filter mac

configure service template epipe-sap-template ingress filter ip

configure service template epipe-sap-template ingress filter ipv6

configure service template epipe-sap-template ingress filter mac

configure service template vpls-sap-template egress filter ip

configure service template vpls-sap-template egress filter ipv6

configure service template vpls-sap-template egress filter mac

configure service template vpls-sap-template ingress filter ip

configure service template vpls-sap-template ingress filter ipv6

configure service template vpls-sap-template ingress filter mac

configure li li-filter-block-reservation li-reserved-block ip-filter

configure li li-filter-block-reservation li-reserved-block ipv6-filter

configure li li-filter-block-reservation li-reserved-block mac-filter

PKI:

configure system security pki ca-profile cmpv2 url

configure system security pki ca-profile ocsp service

QoS:

configure service template epipe-sap-template ingress qos

configure service template epipe-sap-template egress qos

configure service template vpls-sap-template ingress qos

configure service template vpls-sap-template egress qos

configure service pw-template ingress qos

configure service pw-template egress qos

Subscriber Management:

configure service ies subscriber-interface group-interface srrp bfd-enable

configure service vprn subscriber-interface group-interface srrp bfd-enable

configure subscriber-mgmt local-user-db ipoe host host-identification service-id

configure subscriber-mgmt local-user-db ipoe host interface service-id

configure subscriber-mgmt local-user-db ipoe host match-radius-proxy-cache server

configure subscriber-mgmt local-user-db ipoe host msap-defaults service

configure subscriber-mgmt local-user-db ipoe host retail-service-id

configure subscriber-mgmt local-user-db ppp host interface service-id

configure subscriber-mgmt local-user-db ppp host l2tp group service-id

configure subscriber-mgmt local-user-db ppp host msap-defaults service

configure subscriber-mgmt local-user-db ppp host retail-service-id

configure subscriber-mgmt msap-policy vpls-only-sap-parameters igmp-snooping mvr from-vpls

configure service vpls sap msap-defaults service

Miscellaneous:

configure vrrp policy

configure service vprn interface vrrp bfd-enable

configure service vprn interface ipv6 vrrp bfd-enable

configure router l2tp group ppp default-group-interface service-id

configure router l2tp group tunnel ppp default-group-interface service-id

configure service vprn l2tp group ppp default-group-interface service-id

configure service vprn l2tp group tunnel ppp default-group-interface service-id

configure redundancy multi-chassis peer mc-ring l3-ring in-band-control-path service-id

configure redundancy multi-chassis peer mc-ring l3-ring ring-node connectivity-verify service-id

configure redundancy multi-chassis peer mc-ring ring in-band-control-path service-id

configure redundancy multi-chassis peer mc-ring ring ring-node connectivity-verify service-id

configure open-flow of-switch controller vprn

3.4.3. Transitioning Between Modes

Depending on the size of the system configuration, transitioning away from classic mode may take several seconds to several minutes while the model-driven database is populated and synchronized to the current configuration. During the transition period, configuration changes are not allowed and service is not affected.

Transitioning to classic mode is immediate with no impact to services on the router.

3.5. Configuring the CLI Engine

The CLI engine refers to the CLI environment that is being used in a user session (for example, console, Telnet, or SSH) to configure and operate the router. The CLI engine is either the classic CLI engine or the MD-CLI engine. The following terms are also used:

preferred CLI engine — the CLI engine that is started at user login
authorized CLI engine — a CLI engine that a user can switch to (using the CLI engine switch command (“//”)) or where a user can execute commands
active CLI engine — the CLI engine that is currently in use for a user session

The default preferred CLI engine and authorized CLI engines for a session are determined by the management interface configuration mode, which eliminates the need to explicitly configure the CLI engine. With the use of these dynamic defaults, it is possible to transition between the different configuration modes. Table 56 summarizes the CLI engines for the management interface configuration modes.

Table 56: Management Interface Configuration Modes and CLI Engines

Management Interface Configuration Mode	Default Preferred CLI Engine	Default Authorized CLI Engines
classic	classic-cli	classic-cli
model-driven	md-cli	md-cli, classic-cli (read-only)

The preferred CLI engine, and the authorized CLI engines for a session can be changed to use either the classic CLI or the MD-CLI engine.

In the classic CLI, the first engine configured is the preferred CLI engine. The default is no cli-engine.

A:node-2>config>system>management-interface>cli# cli-engine ?

- cli-engine <engine-type> [<engine-type>...(upto 2 max)]

- no cli-engine

<engine-type> : classic-cli|md-cli

In the MD-CLI, the cli-engine parameter is a user-ordered list, and the first engine from that list is configured as the preferred CLI engine. Leaving the cli-engine parameter unconfigured (or deleting the cli-engine values) maintains or reverts to the dynamic default. Table 57 summarizes the possible actions available with the MD-CLI cli-engine configuration.

Note:

In order for the changes to the cli-engine parameter to take effect, log out of the CLI session and start a new session.

Table 57: MD-CLI cli-engine Configurations

cli-engine Configuration	Preferred CLI engine	Authorized CLI engines	Description
[classic-cli]	classic-cli	classic-cli	User is restricted to the classic CLI engine
[classic-cli md-cli]	classic-cli	classic-cli, md-cli	User can switch between classic CLI and MD-CLI engines in a session
[md-cli classic-cli]	md-cli	md-cli, classic-cli	User can switch between MD-CLI and classic CLI engines in a session
[md-cli]	md-cli	md-cli	User is restricted to the MD-CLI engine

Refer to the MD-CLI User Guide for information about using the MD-CLI to manage to router.