1. Using the MD-CLI

This guide provides information about the Model-Driven Command Line Interface (MD-CLI).

This guide is organized into functional sections and provides concepts and descriptions of the MD-CLI environment, the configuration workflow, and the syntax and command usage within the MD-CLI. It also describes how the MD-CLI interacts with the classic CLI to perform non-configuration operations.

For a list of unsupported features by platform and chassis, refer to the SR OS 19.x.Rx Software Release Notes, part number 3HE 15407 000x TQZZA.

Command outputs shown in this guide are examples only; actual outputs may differ depending on supported functionality and user configuration.

Note:

This guide generically covers Release 19.x.Rx content and may contain some content that will be released in later maintenance loads. Refer to the SR OS 19.x.Rx Software Release Notes, part number 3HE 15407 000x TQZZA, for information about features supported in each load of the Release 19.x.Rx software.

1.1. MD-CLI Overview

All references to the term ‘CLI’ in the SR OS user documentation are generally referring to the classic CLI. The classic CLI is the CLI that has been supported in SR OS from the initial introduction of SR OS.

The MD-CLI is a management interface that can be used to manage Nokia SR OS routers. Some of the benefits of the MD-CLI include:

  1. follows the model-driven networking strategy, based on common YANG models for a structured configuration. Consistency is maintained between the MD-CLI, NETCONF, and the gRPC model-driven interfaces.
  2. uses the transactional configuration method which uses a candidate configuration to hold the current configuration changes before they are applied to the running configuration, and avoids configuration ordering requirements
  3. provides multiuser candidate configuration modes (global, exclusive, private, and read-only) that control access to the configuration, allowing a user exclusive access to the configuration such that no other configuration changes can be made
  4. allows the use of configuration groups with flexible templates that simplify the configuration process by applying the template instead of repeating the same configuration

For more information about NETCONF and gRPC, refer to the 7450 ESS, 7750 SR, 7950 XRS, and VSR System Management Guide.

Table 1 describes command syntax symbols used in this guide.

Table 1:  Command Syntax Symbols  

Symbol

Description

|

A vertical bar represents an OR, indicating that only one of the parameters in the brackets or parentheses can be selected.

( )

Parentheses indicate that one of the parameters must be selected.

[ ]

Brackets indicate optional parameters.

Bold

Commands in bold indicate commands and keywords.

Italic

Commands in italics indicate that you must enter text based on the parameter.

In the following examples, location and graceful-shutdown are command names. For the location command, keyword must be one of the keywords cf1, cf2, or cf3. For the graceful-shutdown command, boolean must be one of the keywords true or false, although explicitly using the keyword true is optional.

location keyword

keyword - (cf1 | cf2 | cf3)

graceful-shutdown boolean

boolean - ([true] | false)

1.2. Controlling the Management Interface Configuration Mode

Refer to the 7450 ESS, 7750 SR, 7950 XRS, and VSR System Management Guide for information about the management interface configuration mode.

1.2.1. Setting the Management Interface Configuration Mode

SR OS routers can be in different management interface configuration modes, which affects the management interfaces that can be used to configure the router. The following interfaces are available for configuration on SR OS:

  1. classic (default) — configuration via the classic CLI and SNMP, no model-driven interfaces are supported
  2. model-driven — configuration via model-driven interfaces, including NETCONF with Nokia YANG models, the MD-CLI, or gRPC, read-only access via the classic CLI and SNMP

Refer to the 7450 ESS, 7750 SR, 7950 XRS, and VSR System Management Guide for more information on management interface configuration mode features and the interactions between classic and model-driven modes.

1.2.1.1. Enabling the MD-CLI from the Classic CLI

The CLI engine refers to the CLI environment that is being used in a user session (for example, console, Telnet, or SSH) to configure and operate the router.

To enable the MD-CLI engine from the classic CLI, perform the following steps:

  1. Set the configuration mode to model-driven and leave cli-engine unconfigured.
    A:node-2>config>system>management-interface# configuration-mode model-driven
  2. Log out and start a new CLI session to access the MD-CLI engine.
    A:node-2>config>system>management-interface# logout

When a new user session begins, the MD-CLI engine is available and the MD-CLI prompt is displayed.

[]
A:admin@node-2#

When the configuration mode is changed to model-driven, the following applies:

  1. the configuration mode becomes immediately active
  2. access to configuration in the classic CLI is read-only (no modification)
  3. access to show configuration in the classic CLI is still available

1.2.1.2. Switching Between the Classic CLI and MD-CLI Engines

A single CLI command is available in both the classic CLI and MD-CLI engines to switch between the two engines in a user session. When authorized (cli-engine list contains both classic-cli and md-cli), the CLI engine switch command (“//”, the double forward slash) can be executed from any CLI context in both engines to switch to the other CLI engine.

A:node-2# //
INFO: CLI #2052: Switching to the MD-CLI engine
 
[]
A:admin@node-2# //
INFO: CLI #2051: Switching to the classic CLI engine
A:node-2#

The context in which the CLI engine switch command is executed is saved when toggling between CLI engines and returns to the same context when toggling back.

[]
A:admin@node-2# edit-config read-only
INFO: CLI #2066: Entering read-only configuration mode
 
(ro)[]
A:admin@node-2# configure router
 
(ro)[configure router "Base"]
A:admin@node-2# //
INFO: CLI #2051: Switching to the classic CLI engine
A:node-2# configure system management-interface
A:node-2>config>system>management-interface# //
INFO: CLI #2052: Switching to the MD-CLI engine
 
(ro)[configure router "Base"]
A:admin@node-2# //
INFO: CLI #2051: Switching to the classic CLI engine
A:node-2>config>system>management-interface#

If switching engines is not authorized (when cli-engine is only [classic-cli] or [md-cli]), the command is rejected.

A:node-2# //
MINOR: CLI #2053 Switching CLI engine is not authorized
A:node-2#

1.2.1.2.1. Executing Classic CLI Commands from the MD-CLI Engine

When switching engines is authorized, all classic CLI engine commands can be executed from the MD-CLI engine. Entering a classic CLI engine command preceded by the “//” command executes the command in the classic CLI engine and returns immediately to the MD-CLI engine. The MD-CLI context is preserved before the switch to the classic CLI engine, and the context is restored when the session returns to the MD-CLI engine. In the following example, the classic CLI command is executed from the configure aaa context in the MD-CLI. When the session returns to the MD-CLI engine, it is returned to the same context.

(ex)[configure aaa]
A:admin@node-2# //show router interface
INFO: CLI #2051: Switching to the classic CLI engine
A:node-2# /show router interface
 
===============================================================================
Interface Table (Router: Base)
===============================================================================
Interface-Name                   Adm       Opr(v4/v6)  Mode    Port/SapId
   IP-Address                                                  PfxState
-------------------------------------------------------------------------------
node-3                           Up        Down/Down   Network n/a
   -                                                           -
node-4                           Up        Down/Down   Network n/a
   -                                                           -
node-5                           Up        Down/Down   Network n/a
   -                                                           -
system                           Up        Up/Down     Network system
   10.10.10.1/32                                               n/a
-------------------------------------------------------------------------------
Interfaces : 4
===============================================================================
INFO: CLI #2052: Switching to the MD-CLI engine
 
(ex)[configure aaa]
A:admin@node-2#

It is acceptable to have a space between “//” and the CLI command. For example, //show users and // show users are equivalent commands.

User interactions, such as pagination, confirmation, or control characters (for example, CTRL-c to abort an ongoing command execution), are supported during CLI command execution. The CLI engine is switched back to the MD-CLI engine just before the CLI command prompt would normally appear.

(ex)[configure aaa]
A:admin@node-2# //ping 10.20.30.40
INFO: CLI #2051: Switching to the classic CLI engine
A:node-2# /ping 10.20.30.40
PING 10.20.30.40 56 data bytes
No route to destination. Address: 10.20.30.40, Router: Base
 
//Press CTRL-c
 
^C
ping aborted by user
 
---- 10.20.30.40 PING Statistics ----
1 packet transmitted, 0 packets received, 100% packet loss
INFO: CLI #2052: Switching to the MD-CLI engine
 
(ex)[configure aaa]
A:admin@node-2#

Executing MD-CLI commands from the classic CLI engine works in the same way as described for executing classic CLI commands from the MD-CLI engine.

1.2.1.2.2. MD-CLI and Classic CLI Engine Interactions

The following describes MD-CLI engine interactions with the classic CLI when using the “//” command:

  1. uncommitted changes in the MD-CLI are kept when switching to the classic CLI
  2. “//” appears in the history of the CLI engine where it is executed
    []
    A:admin@node-2# //
    INFO: CLI #2051: Switching to the classic CLI engine
    A:node-2# history
       1 history
    A:node-2# //
    INFO: CLI #2052: Switching to the MD-CLI engine
    []
    A:admin@node-2# history
           1 //
    []
    A:admin@node-2#
  3. “//command” appears in the history of both CLI engines
    []
    A:admin@node-2# //show time
    INFO: CLI #2051: Switching to the classic CLI engine
    A:node-2# /show time
    Tue Mar 13 19:52:37 UTC 2018
    INFO: CLI #2052: Switching to the MD-CLI engine
    []
    A:admin@node-2# history
           1 //show time
    []
    A:admin@node-2# //
    INFO: CLI #2051: Switching to the classic CLI engine
    A:node-2# history
       1 /show time
       2 history
    A:node-2#
  4. command completion, ? help, and redirection are not supported for the command following the “//”
  5. all control characters added on the same line when entering a “//” command have an effect on the CLI engine where they are entered
    []
    A:admin@node-2# //show system information //Press CTRL-w   # stay in MD-CLI engine
                                                               # delete word
    []
    A:admin@node-2# //show system information //Press CTRL-c   # stay in MD-CLI engine
                                                               # abort current command
    []
    A:admin@node-2#
    CTRL-z is the equivalent of Enter and exit all. When used on a command line with “//”, CTRL-z is the equivalent of just pressing Enter. Because the originating CLI engine is no longer available, exit all can no longer be executed.
    []
    A:admin@node-2# //show router policy //Press CTRL-z
    INFO: CLI #2051: Switching to the classic CLI engine
    A:node-2# /show router policy 
     
    ===============================================================================
    Route Policies
    ===============================================================================
    Policy                           Description
    -------------------------------------------------------------------------------
    BNG_internal
    all_loopbacks
    default_route
    -------------------------------------------------------------------------------
    Policies : 3
    ===============================================================================
    INFO: CLI #2052: Switching to the MD-CLI engine
     
    []
    A:admin@node-2#

A command history is maintained per CLI engine. CLI commands executed in the MD-CLI do not appear in the classic CLI history. CLI commands executed in the classic CLI do not appear in the MD-CLI history.

1.2.1.2.3. Switching to the Classic CLI Engine

The /!classic-cli command is available in both the classic CLI and MD-CLI engines to explicitly switch to the classic CLI engine in a session, as long as classic-cli is an authorized CLI engine. If switching to the classic CLI engine is not authorized, the command is rejected. Issuing the /!classic-cli command in the classic CLI engine has no effect.

The /!classic-cli switch command can be executed from any CLI context in both engines and the context is preserved for both engines. When the command is executed, the session enters the last saved working context of the classic CLI engine.

A:node-2>config>system>management-interface# //
INFO: CLI #2052: Switching to the MD-CLI engine
 
(ex)[configure router "Base" bgp]
A:admin@node-2# /!classic-cli
INFO: CLI #2051: Switching to the classic CLI engine
A:node-2>config>system>management-interface#

1.2.1.2.4. Switching to the MD-CLI Engine

The /!md-cli command is available in both the classic CLI and MD-CLI engines to explicitly switch to the MD-CLI engine in a session, as long as md-cli is an authorized CLI engine. If switching to the MD-CLI engine is not authorized, the command is rejected. Issuing the /!md-cli command in the MD-CLI engine has no effect.

The /!md-cli switch command can be executed from any CLI context in both engines and the context is preserved for both engines. When the command is executed, the session enters the last saved working context of the MD-CLI engine.

(ex)[configure router "Base" bgp]
A:admin@node-2# /!classic-cli
INFO: CLI #2051: Switching to the classic CLI engine
A:node-2>config>system>management-interface# /!md-cli
INFO: CLI #2052: Switching to the MD-CLI engine
 
(ex)[configure router "Base" bgp]
A:admin@node-2#

The /!md-cli and /!classic-cli commands can be useful when executing commands from a file, allowing the file to be executed in either CLI engine and ensuring the commands are run in the intended CLI engine.

1.3. Navigating in the MD-CLI

1.3.1. The MD-CLI Tree Structure

The MD-CLI tree contains the following elements from the Nokia YANG models:

  1. container — an element that contains other elements. In the following example, load-balancing and dns are containers.
        load-balancing {
            lsr-load-balancing lbl-only
            system-ip-load-balancing true
        }
        dns {
            address-pref ipv6-first
        }
  2. leaf — an element that does not contain any other elements and has a data type (for example, string or integer). A leaf can also be defined with no data type where the leaf takes no parameter value (that is, an empty leaf). The bold elements in the following example are leafs.
        load-balancing {
            lsr-load-balancing lbl-only
            system-ip-load-balancing true
        }
        dns {
            address-pref ipv6-first
        }
  3. list entry — an element similar to a container with multiple instances where each list entry is identified by the values of its keys (for example, interface “access-2”)
        interface "access-2" {
            description "This is a text description for access-2"
            ipv4 {
                qos-route-lookup destination
            }
            ipv6 {
            }
        }
        interface "access-3" {
            ipv4 {
                primary {
                    address 138.120.44.45
                    prefix-length 28
                }
            }
        }
  4. key — a unique identifier for a list entry (for example, “access-2” and “access-3”)
        interface "access-2" {
            description "This is a text description for access-2"
            ipv4 {
                qos-route-lookup destination
            }
            ipv6 {
            }
        }
        interface "access-3" {
            ipv4 {
                primary {
                    address 138.120.44.45
                    prefix-length 28
                }
            }
        }
  5. leaf-list — an element that contains a sequence of values of a particular data type (for example, “policy” is a leaf-list in the following example)
        policy ["policy-a" "policy-b" "policy-c"]
  6. list — a sequence of list entries. In the preceding example, the entire set of interfaces is a list.
        interface "access-2" {
            description "This is a text description for access-2"
            ipv4 {
                qos-route-lookup destination
            }
            ipv6 {
            }
        }
        interface "access-3" {
            ipv4 {
                primary {
                    address 192.168.44.45
                    prefix-length 28
                }
            }
        }
  7. leaf-list entry — one of the values of a leaf-list. For example, “policy-a”, “policy-b”, and “policy-c” are leaf-list entries in the following example.
        policy ["policy-a" "policy-b" "policy-c"]

The following terms are also used:

  1. keyword — an element with a name defined by SR OS; for example, enumerated values, leaf names, and container names)
  2. variable parameter — an element with a name defined by the user; for example, descriptions, names, integer or string leaf values)
  3. immutable element — an element that can only be configured in the transaction in which the parent element is created. It cannot be modified while the parent element exists.
  4. choice element — an element which is part of a set of mutually exclusive elements. Setting a choice element clears all configuration from the other choice elements.

In the following example, admin-state (leaf name), enable (enumerated value), and connect-retry (leaf name) are keywords, and “800” is a variable parameter.

*(ex)[configure router "Base" bgp]
A:admin@node-2# info
    admin-state enable
    connect-retry 800

Managing the router configuration using the MD-CLI involves accessing and configuring the appropriate elements (containers, lists, leafs, and leaf-lists).

The MD-CLI tree shows the commands and parameters (also known as elements) that are available in a hierarchical output. In the following tree detail command output, the bold elements are containers (or container lists) which contain leafs (or leaf-lists).

[ro:configure]
A:admin@node-3# tree detail
+-- aaa
|   +-- diameter
|   |   +-- node <string>
|   |   |   +-- connection
|   |   |   |   +-- ipv4
|   |   |   |   |   +-- allow-connections <boolean>
|   |   |   |   |   +-- local-address <unicast-ipv4-address>
|   |   |   |   +-- ipv6
|   |   |   |   |   +-- allow-connections <boolean>
|   |   |   |   |   +-- local-address <global-unicast-ipv6-address>
|   |   |   |   +-- timer <number>
|   |   |   +-- description <string>
|   |   |   +-- origin-realm <string>
|   |   |   +-- peer index <number>
|   |   |   |   +-- address <unicast-ipv4-address | global-unicast-ipv6-address>
|   |   |   |   +-- admin-state <keyword>
|   |   |   |   +-- connection-timer <number>
|   |   |   |   +-- destination-host <string>
|   |   |   |   +-- preference <number>
|   |   |   |   +-- watchdog-timer <number>
|   |   |   +-- python-policy <reference>
|   |   |   +-- router-instance <reference | reference>
|   |   +-- peer-policy <string>
|   |       +-- applications
|   |       |   +-- gx <boolean>
|   |       |   +-- gy <boolean>
|   |       |   +-- nasreq <boolean>
|   |       +-- connection-timer <number>
|   |       +-- description <string>
|   |       +-- ipv4-source-address <unicast-ipv4-address>
|   |       +-- ipv6-source-address <global-unicast-ipv6-address>
|   |       +-- origin-host <string>
|   |       +-- origin-realm <string>

1.3.2. The MD-CLI Command Prompt

The MD-CLI command prompt displays on two lines. The first line contains the following information:

  1. baseline status indicator
    This indicator displays an exclamation mark (!) to indicate an out-of-date baseline when in configuration mode.
  2. uncommitted changes indicator
    This indicator displays an asterisk (*) to indicate uncommitted configuration changes when in configuration mode.
  3. configuration mode reference
    When in configuration mode, a configuration mode reference is displayed:
    1. in round brackets for an explicit configuration workflow
    2. prepended to the context, separated by a colon for an implicit configuration workflow
    The configuration mode reference can be one of the following:
    1. pr — private mode
    2. ex — exclusive mode
    3. gl — global mode
    4. ro — read-only mode
  4. context
    The present working context is displayed in square brackets ([]) when in operational or configuration mode.

For an explicit configuration workflow, the format of the first line is as follows:

<baseline status indicator > <uncommitted changes indicator> (<configuration mode>) [context]

Examples:

(ro)[]
 
(ex)[configure router "Base" bgp]

For an implicit configuration workflow, the format of the first line is as follows:

<baseline status indicator > <uncommitted changes indicator> [<configuration mode>:context]

Examples:

[ro:configure]
 
*[pr:configure]

The second line contains the following information:

  1. CPM
    The active CPM slot can be A or B on 7750 SR routers, and A,B,C, or D on 7950 XRS routers.
  2. user
    The user is the name of the current user for this session.
  3. name
    The name is the system name, as configured with the configure system name command. The system name can change dynamically during the session if it is configured to a different name.

The format of the second line is as follows:

CPM:user@name#

The following examples display the two-line prompt in different modes.

  1. prompt in operational mode
    []
    A:admin@my-system#
  2. prompt in the operational root, with exclusive configuration mode
    (ex)[]
    A:admin@my-system#
  3. prompt in operational mode show router bgp
    [show router "Base" bgp]
    A:admin@my-system#
  4. prompt in exclusive configuration mode configure router bgp
    (ex)[configure router "Base" bgp]
    A:admin@my-system#
  5. prompt in exclusive configuration mode configure router bgp with uncommitted changes
    *(ex)[configure router "Base" bgp]
    A:admin@my-system#
  6. implicit configuration workflow prompt for a session in private configuration mode, with present working context of configure router bgp with uncommitted changes in the private candidate datastore, and the baseline datastore out-of-date
    !*[pr:configure router "Base" bgp]
    A:admin@my-system#

1.3.3. Environment Commands

The following portion of the MD-CLI command tree displays commands related to the environment variables under the context configure system management-interface cli md-cli.

— environment
— command-completion
— enter boolean
— space boolean
— tab boolean
— console
— length number
— width number
— message-severity-level
— cli keyword
— more boolean
— progress-indicator
— admin-state keyword
— delay number
— type keyword
— prompt
— context boolean
— newline boolean
— timestamp boolean
— uncommitted-changes-indicator boolean
— time-display keyword

Table 2 provides a brief description of the environment commands.

Table 2:   Environment Commands 

Environment command

Description

enter boolean

Use command completion for Enter. Default is true.

space boolean

Use command completion for Spacebar. Default is true.

tab boolean

Use command completion for Tab. Default is true.

length number

Number of lines displayed in the console window. Range is 24 to 512. Default is 24.

width number

Number of columns displayed in the console window. Range is 50 to 512. Default is 80.

cli keyword

Message type to display. If set to warning, INFO messages are suppressed. Default is info.

more boolean

Use pagination for the output text. Default is true.

admin-state keyword

Administrative state of the progress indicator. Default is enable.

delay number

Delay interval before the progress indicator is displayed. Default is 500 ms.

type keyword

Progress indicator type. Current mandatory type is dots.

context boolean

Show the current context in the first prompt line. Default is true.

newline boolean

Use a blank line before the first prompt line. Default is true.

timestamp boolean

Show the time before the first prompt line. Default is false.

uncommitted-changes-indicator boolean

Show the change indicator (*) in the first prompt line. Default is true.

time-display keyword

Show the time (if timestamp is set to true) as UTC or local (as defined in configure system time). Default is local.

The environment configuration for the MD-CLI is available in both the classic CLI and in the MD-CLI, but the configuration applies only to MD-CLI sessions.

In the MD-CLI:

[gl:configure system management-interface cli md-cli environment]
A:admin@node-2# ?
 command-completion   + Enter the command-completion context
 console              + Enter the console context
 message-severity-    + Enter the message-severity-level context
  level
 more                 - Paging control of the output text
 progress-indicator   + Enter the progress-indicator context
 prompt               + Enter the prompt context
 time-display         - Time to display timestamp before prompt

In the classic CLI:

*A:node-2>config>system>management-interface>cli>md>env#
      command-comple* + Configure keystrokes to trigger command completion
      console         + Configure console parameters
      message-severi* + Configure messages severity
 [no] more            - Configure paging of the output text
      progress-indic* + Settings for progress indicator during command
                        execution
      prompt          + Configure content of displayed prompt
      time-display    - Specify whether timestamp should be displayed in UTC or
                        local time
*A:node-2>config>system>management-interface>cli>md>env#

Changes made to the environment configuration apply only to new sessions and do not affect current sessions.

1.3.3.1. Customizing Per-Session Environment Settings

The environment can be customized for all sessions in the configuration under the configure system management-interface cli md-cli environment context, or per session using the environment command. When a new MD-CLI session is started, the per-session environment configuration is copied from the global environment configuration. Changes made to the global environment configuration after the session begins apply only to new sessions and do not affect current sessions. Changes made to the environment parameters for a session apply only for that session.

The per-session environment is accessed by entering environment at the operational root or with /environment from any other mode or context. Changes made in the per-session environment are immediate.

The info command displays the difference between the per-session environment and the configured global environment parameters. Therefore, for a new MD-CLI session, the info command has no output, as the per-session environment is the same as the global environment. The info detail command displays the current values in the global environment for all parameters.

1.3.3.2. Customizing the Session Prompt

1.3.3.2.1. Customizing the Uncommitted Changes Indicator

As the default setting of the environment configuration, the uncommitted changes indicator is displayed as part of the command prompt. This setting can be modified per session or it can be changed for all MD-CLI sessions by changing the environment configuration.

The uncommitted-changes-indicator command under the environment prompt context suppresses or displays the change indicator for an MD-CLI session. Environment changes are applied immediately and are lost when the session disconnects.

*[environment prompt]
A:admin@node-2# uncommitted-changes-indicator false
 
[environment prompt]
A:admin@node-2#
 
[environment prompt]
A:admin@node-2# uncommitted-changes-indicator true
 
*[environment prompt]
A:admin@node-2#

1.3.3.2.2. Customizing the Line Preceding the Command Prompt

By default, a blank line precedes the command prompt. This setting can be modified for each MD-CLI session.

The newline command under the environment prompt context suppresses or displays a new line before the prompt.

 
[]
A:admin@node-2# environment prompt
 
[environment prompt]
A:admin@node-2# newline false
[environment prompt]
A:admin@node-2# newline true
 
[environment prompt]
A:admin@node-2#

1.3.3.2.3. Customizing the Context Information in the Command Prompt

By default, the context is displayed in the command prompt. This setting can be modified for each MD-CLI session.

The context command under the environment prompt context suppresses or displays the current context.

[environment prompt]
A:admin@node-2# context false
 
[]
A:admin@node-2# context true
 
[environment prompt]
A:admin@node-2#

1.3.3.2.4. Customizing the Timestamp

By default, the timestamp is not displayed before the command prompt. This setting can be modified for each MD-CLI session.

The timestamp command under the environment prompt context suppresses or displays the timestamp.

[environment prompt]
A:admin@node-2# timestamp true
 
SUN 10 JUNE 2018 23:09:51 UTC
[environment prompt]
A:admin@node-2# timestamp false
 
[environment prompt]
A:admin@node-2#

The environment time-display command configures the time zone display to UTC or local time (as configured in configure system time).

[environment]
A:admin@node-3# time-display ?
 
 time-display <keyword>
 <keyword> - (local|utc)
 Default   - local
 
    Time to display timestamp before prompt

1.3.3.3. Customizing the Progress Indicator

The progress indicator appears on the line immediately following the command and disappears when the MD-CLI command completes or when output is available to display. The indicator is a display of dynamically changing dots.

(ex)[configure]
A:admin@node-2# compare
...                    // <- progress indicator displays here as dots

The delay interval can be configured with the delay command or the indicator can be disabled with the admin-state disable command under the environment progress-indicator context. For example, the user can disable the progress indicator for logged sessions.

[environment progress-indicator]
A:admin@node-2# ?
 
 admin-state          - Administrative state of the progress indicator
 delay                - Delay before progress indicator is displayed
 type                 - Progress indicator output style

1.3.3.4. Customizing the more Setting

The environment more command enables pagination when configured to true and disables pagination when configured to false. With pagination enabled, the display output can be paused and continued, based on the “Press Q to quit, Enter to print next line or any other key to print next page” message at the bottom of the screen.

[]
A:admin@node-2# environment more true
[]
A:admin@node-2# show system security profile user-profile-name administrative  
===============================================================================
User Profile
===============================================================================
 
User Profile          : administrative
Def. Action           : permit-all
LI                    : no
Netconf Kill
Authorization         : no
Netconf Lock
Authorization         : no
gRPC gNMI
Capabilities RPC
Authorization         : yes
gRPC gNMI Get RPC
Authorization         : yes
gRPC gNMI Set RPC
Authorization         : yes
gRPC gNMI Subscribe
RPC Authorization     : yes
-------------------------------------------------------------------------------
Cli Session Group     : no
Press Q to quit, Enter to print next line or any other key to print next page.

The pagination setting can be overridden by using | no-more for a single command. As with pagination disabled, the output is displayed completely without any prompts to continue.

[]
A:admin@node-2# show system security profile user-profile-name administrative | no-more

1.3.3.5. Customizing the Console Settings

The default size for a console window is 24 lines long by 80 characters wide. The environment console command can be used to change these settings.

(ex)[environment]
A:admin@node-2# console ?
 
 length               - Number of lines displayed on the screen
 width                - Number of columns displayed on the screen

1.3.3.6. Customizing the Message Level Security Settings

The INFO: CLI messages are displayed by default. The environment message-security-level command suppresses the INFO messages by changing the setting to warning.

[environment message-severity-level]
A:admin@node-3# cli ?
 
 cli <keyword>
 <keyword> - (warning|info)
 Default   - info
 
    Message severity threshold for CLI messages

Following are examples of INFO: CLI messages that are suppressed when the setting is changed to warning:

INFO: CLI #2051: Switching to the classic CLI engine
INFO: CLI #2052: Switching to the MD-CLI engine
INFO: CLI #2054: Entering global configuration mode
INFO: CLI #2056: Exiting global configuration mode 
INFO: CLI #2055: Uncommitted changes are present in the candidate configuration
INFO: CLI #2057: Uncommitted changes are kept in the candidate configuration

1.3.3.7. Preventing Changes to Environment Settings

The environment datastore is subject to AAA command authorization. A user can be prevented from modifying the global environment settings or the per-session environment settings, or both.

In the following configuration output, entry 113 blocks user “tstuser” from modifying the global environment settings. In addition, entry 114 prevents the user from changing the per-session environment settings.

(ro)[configure system security aaa local-profiles profile "tstuser"]
A:admin@node-2# info
    default-action permit-all
    entry 113 {
        action deny
        match "configure system management-interface cli md-cli environment"
    }
    entry 114 {
        action deny
        match "environment"
    }
(ex)[configure system management-interface cli md-cli environment]
A:tstuser@node-2# prompt timestamp
MINOR: MGMT_CORE #2020: Permission denied
 
(ex)[configure system management-interface cli md-cli environment]
A:tstuser@node-2# /environment
MINOR: MGMT_CORE #2020: Permission denied
 
(ex)[configure system management-interface cli md-cli environment]
A:tstuser@node-2#

1.3.4. Using Online Help

A short help description is displayed immediately when the question mark (?) is entered (without needing to press Return). The following displays help from the operational root level.

[]
A:admin@node-2# ?
 admin                + Enter the administrative context for system operations
 clear                + Clear statistics or reset operational state
 configure            + Enter the configuration context
 environment          + Enter the environment configuration context
 show                 + Show operational information
 tools                + Enter the tools context for troubleshooting and
                        debugging
 
 Global commands:
 back                 - Move back one or more levels
 delete               - Delete an element from the candidate datastore
 edit-config          - Enter a candidate configuration mode
 exec                 - Execute commands from a file
 exit                 - Return to the previous working context or to the
                        operational root
 history              - Show the most recently entered commands
 logout               - Exit the CLI session
 pwc                  - Show the present working context
 top                  - Move to the top level of the context
 tree                 - Show the command tree under the present working context

The ? help is context-sensitive. The following ? help output lists additional commands available in exclusive configuration mode.

(ex)[]
A:admin@node-2# ?
 
 admin                + Enter the administrative context for system operations
 clear                + Clear statistics or reset operational state
 configure            + Enter the configuration context
 environment          + Enter the environment configuration context
 show                 + Show operational information
 tools                + Enter the tools context for troubleshooting and
                        debugging
 
 Global commands:
 back                 - Move back one or more levels
 delete               - Delete an element from the candidate datastore
 edit-config          - Enter a candidate configuration mode
 exec                 - Execute commands from a file
 exit                 - Return to the previous working context or to the
                        operational root
 history              - Show the most recently entered commands
 logout               - Exit the CLI session
 pwc                  - Show the present working context
 quit-config          - Leave the candidate configuration mode
 top                  - Move to the top level of the context
 tree                 - Show the command tree under the present working context
 
 Configuration commands:
 commit               - Commit changes to the running datastore
 compare              - Show changes between datastores
 discard              - Discard changes in the candidate datastore
 info                 - Show the configuration from the present working context
 update               - Update candidate baseline
 validate             - Validate changes in the candidate datastore

The help results depend on the cursor position. For example, the output differs when a “?” is entered with a space preceding it:

[ex:configure]
A:admin@node-2# card?
 
 card [slot-number] <iom-card-slot>
 
 [slot-number]        - IOM slot within a chassis
 
 Immutable fields     - card-type, level
 
 admin-state          - Administrative state of the I/O module
 apply-groups         - Apply a configuration group at this level.
 card-type            - Card type
 fail-on-error        - Set the Operational State of the card to Failed when an
                        error is detected
 fp                   + Enter the fp context
 level                - Functional level of I/O module for slot
 mda                  + Enter the mda context
 reset-on-            - Reset card for fatal memory parity error on a Q-chip of
  recoverable-error     the card, regardless of fail-on-error setting
 upgrade              + Enter the upgrade context
 virtual-scheduler-   + Enter the virtual-scheduler-adjustment context
  adjustment
 
[ex:configure]
A:admin@node-admin-2# card ?
 
 [slot-number] <iom-card-slot>
 <iom-card-slot> - <iom>
 
    IOM slot within a chassis

1.3.4.1. Indicators in the Online Help

Table 3 describes the meaning of the indicators displayed in the online help.

Table 3:  Root Commands  

Symbol

Description

+

Indicates a container or list

-

Indicates a leaf, a leaf-list, a list or container with no leafs, or a global command (if in the operational root)

^

Indicates a mandatory element (an element that must be configured before the configuration is considered valid)

In the following help display example, admin-state, local-address, and router-instance are leafs, mcs-peer is a container, and address and sync-tag are mandatory elements.

[ex:configure]
A:admin@node-2# aaa diameter peer-policy plcyname proxy ?
 
 proxy
 
 admin-state          - Administrative state of Diameter proxy
 local-address        - Source IP address on which Diameter proxy listens for
                        client connections
 mcs-peer             + Enter the mcs-peer context
 router-instance      - Routing context associated with Diameter proxy
 
[ex:configure]
A:admin@node-2# aaa diameter peer-policy plcyname proxy mcs-peer ?
 
 mcs-peer
 
 Immutable fields     - address, sync-tag
 
 address              ^ IPv4 or IPv6 address of the Multi-Chassis
                        Synchronization (MCS) peer
 sync-tag             ^ Synchronization tag shared by Multi-Chassis
                        Synchronization (MCS) peers

1.3.4.1.1. Descriptions and Format Guidelines for Leafs and Leaf-lists

When online help is entered for a leaf or leaf-list, a short description of the element is displayed after the element type. The valid input values for the element are also listed, as shown in the following examples.

The description string for the VPRN service can have a length of 1 to 80 characters:

*[ex:configure service vprn "5"]
A:admin@node-2# description ?
 
 description <string>
 <string> - <1..80 characters>
 
    Text description

The ? help for the autonomous-system parameter lists the valid number range, followed by a short description of the parameter:

*[ex:configure service vprn "5"]
A:admin@node-2# autonomous-system ?
 
 autonomous-system <number>
 <number> - <1..4294967295>
 
    Autonomous System number that is advertised to peer

A parameter value may have a unit type associated with it, as shown in the following example of the ingress-buffer-allocation parameter:

*[pr:configure card 1 fp 2]
A:admin@node-3# ingress-buffer-allocation ?
 
 ingress-buffer-allocation <decimal-number>
 <decimal-number> - <20.0..80.0> - percent, 2 fraction digits
 Default          - 50.00
 
    Ingress buffer pool percentage for forwarding plane

This example shows a parameter that is a reference to another parameter. This slope-policy parameter refers to the slope policy name that is configured through the configure qos slope-policy context. The name is a string of 1 to 32 characters.

[ex:configure port 1/1/1 access ingress pool "default"]
A:admin@node-2# slope-policy ?
 
 slope-policy <reference>
 <reference> - <1..32            - configure qos slope-policy <slope-policy-
                characters>         name>
 
    Slope policy for high and low priority RED slope parameters and time
    average factor

1.3.4.1.2. Immutable Elements

An immutable element can only be configured in the transaction in which the parent element is created. It cannot be modified while the parent element exists. Any modification to an immutable element in model-driven interfaces causes SR OS to automatically delete the parent element and recreate it with the new value for the immutable element.

Immutable elements are identified in the online help, as seen in the following examples:

*(ex)[configure service vpls "5"]
A:admin@node-2# ?
 
 Immutable fields     - service-id, customer, vpn-id, etree, pbb-type
 
 admin-state          - Administrative state of the mirror destination service
 apply-groups         - Apply a configuration group at this level.
 bgp                  + Enter the bgp context
 bgp-ad               + Enter the bgp-ad context
 bgp-evpn             + Enter the bgp-evpn context
 bgp-mh-site          + Enter the bgp-mh-site context
 bgp-vpls             + Enter the bgp-vpls context
 capture-sap          + Enter the capture-sap context
 customer             ^ Service customer ID
 description          - Text description
 endpoint             + Enter the endpoint context
 eth-cfm              + Enter the eth-cfm context
 etree                - Use VPLS as an E-Tree VPLS
 fdb                  + Enter the fdb context
 gsmp                 + Enter the gsmp context
 igmp-host-tracking   + Enter the igmp-host-tracking context
 igmp-snooping        + Enter the igmp-snooping context
 
<snip>
*(ex)[configure service vpls "5"]
A:admin@node-2# customer ?
 
 customer <reference>
 <reference> - <1..64 characters> - configure service customer <customer-name>
 
 'customer' is: mandatory, immutable
 
    Service customer ID
 
    Warning: Modifying this element will cause the parent element
    'configure service vpls "5"' to be recreated automatically for the new
    value to take effect.
<snip>
 
[pr:configure router "Base" isis 0]
A:admin@node-3# lsp-lifetime ?
 
 lsp-lifetime <number>
 <number> - <350..65535> - seconds
 Default  - 1200
 
    Amount of time during which an LSP is considered valid
 
    Note: Modifying this element requires
    'configure router "Base" isis 0 admin-state' to be toggled manually for the
    new value to take effect.

Immutable elements also exist in the classic CLI. They are parameters that are on the command line with the create keyword. For example, in the following classic CLI command, all the parameters shown here on the command line are immutable. These parameters cannot be changed without deleting and recreating the service.

[]
A:admin@node-2# //
INFO: CLI #2051: Switching to the classic CLI engine
A:node-2# configure service vpls ?
  - no vpls <service-id>
  - vpls <service-id> [customer <customer-id>] [create] [vpn <vpn-id>] [m-vpls] [b-vpls|i-vpls] [etree] [name <name>]

1.3.4.1.3. Optional Indicators in the Online Help

The following help display is an example of optional indicators:

(ex)[configure]
A:admin@node-admin-2# port ?
 
 [port-id] (<ethernet-satellite-connector> | <ethernet-satellite-client-port> |
            <ethernet-satellite-uplink-port> | <flex-client-port> |
            <connector> | <connector-port> | <port> | <pxc-sub-port>)
 <ethernet-satellite-connector>   - esat-<id>/<slot>/c<connector>
 <ethernet-satellite-client-port> - esat-<id>/<slot>/<port>
 <ethernet-satellite-uplink-port> - (esat-<id>/<slot>/u<port>|esat-
                                     <id>/<slot>/c<connector>/u<connector-
                                     port>)
 <flex-client-port>               - <slot>/<mda>/f<flex>/<flex-client>
 <connector>                      - <slot>/<mda>/c<connector>
 <connector-port>                 - <slot>/<mda>/c<connector>/<connector-
                                     port>
 <port>                           - <slot>/<mda>/<port>
 <pxc-sub-port>                   - pxc-<id>.[a|b]
 
    Unique port ID

The square brackets ([]) around port-id indicate that the port-id keyword is optional when entering the command.

The angle brackets (<>) indicate a variable name and the pipe (|) indicates a choice. In the preceding example, the correct format of the port command contains one of four options: a port, a connector, a connector port, or a PXC port.

In the preceding example, any of the following would be valid formats for the port command:

port 1/1/1
port port-id 1/1/1
port port-id 1/1/c2
port 1/1/c1/5
port pxc-1.b

For an overall view of the configuration commands available in the MD-CLI, refer to the MD-CLI Command Reference Guide.

1.3.5. Operational Root and Global Commands

The commands in Table 4 are available at the operational root level of the MD-CLI hierarchy.

Table 4:  Operational Root Commands  

Command

Description

admin

Enter the administrative context for system operations

clear

Clear statistics or reset operational state

configure

Enter the configuration context

environment

Enter the environment configuration context

show

Show operational information

tools

Enter the tools context for troubleshooting and debugging

The global commands in Table 5 are available from various levels of the MD-CLI hierarchy.

Table 5:  Global Commands  

Command

Description

back

Move back one or more levels

delete

Delete an element from the candidate datastore

edit-config

Enter a candidate configuration mode

exec

Execute commands from a file

exit

Return to the previous context or to the operational root

history

Show the most recently entered commands

logout

Exit the CLI session

pwc

Show the present working context

quit-config

Leave the candidate configuration mode

top

Move to the top level of the context

tree

Show the command tree under the present working context

Table 6 lists configuration commands that are available in configuration mode.

Table 6:  Configuration Commands  

Command

Description

commit

Commit changes to the running datastore

compare

Show changes between datastores

discard

Discard changes in the candidate datastore

info

Show the running configuration from the present working context

load

Load a configuration from a file

rollback

Rollback to a previous configuration

update

Update the candidate baseline

validate

Validate changes in the candidate datastore

1.3.6. Navigating the MD-CLI Hierarchy Levels

The following commands can be used to navigate the MD-CLI hierarchy (context) levels:

  1. pwc
    The pwc command shows the present working context with all keyword and variable parameters. The pwc previous command displays the previous working context.
    (ex)[configure]
    A:admin@node-2# card 1 fp 2
     
    *(ex)[configure card 1 fp 2]
    A:admin@node-2# egress
     
    *(ex)[configure card 1 fp 2 egress]
    A:admin@node-2# wred-queue-control
     
    *(ex)[configure card 1 fp 2 egress wred-queue-control]
    A:admin@node-2# pwc
    Present Working Context:
      configure
      card 1
      fp 2
      egress
      wred-queue-control
     
    *(ex)[configure card 1 fp 2 egress wred-queue-control]
    A:admin@node-2# pwc previous
    Previous Working Context:
      configure
      card 1
      fp 2
      egress
     
    *(ex)[configure card 1 fp 2 egress wred-queue-control]
    A:admin@node-2#
  2. back
    The back command can be used to go back one or more levels. If no parameter value is specified for the number of levels to go back, the default is one level. Using back at the top of the current command tree moves the context to the operational root level. If the number of levels specified is greater than the current depth, the context moves to the operational root.
    *(ex)[configure card 1 fp 2 egress wred-queue-control]
    A:admin@node-2# back
     
    *(ex)[configure card 1 fp 2 egress]
    A:admin@node-2# back 2
     
    *(ex)[configure card 1]
    A:admin@node-2# back 5
     
    *(ex)[]
    A:admin@node-2#
  3. top
    The top command moves the context to the top of the current command tree without exiting the mode. This command can be used instead of executing the back command a number of times to move to the top of the command tree.
    *(ex)[]
    A:admin@node-2# configure
     
    *(ex)[configure]
    A:admin@node-2# card 1 fp 2
     
    *(ex)[configure card 1 fp 2]
    A:admin@node-2# egress
     
    *(ex)[configure card 1 fp 2 egress]
    A:admin@node-2# wred-queue-control
     
    *(ex)[configure card 1 fp 2 egress wred-queue-control]
    A:admin@node-2# top
     
    *(ex)[configure]
    A:admin@node-2#
  4. exit
    The exit command moves the context to the previous context in the current command tree. If the previous context was up one level, the exit command functions similarly to the back command. Using exit all moves the context to the operational root. Using exit at the operational root has no effect. To log out of the system, the logout command must be used.
    *(ex)[configure]
    A:admin@node-2# card 1 fp 2
     
    *(ex)[configure card 1 fp 2]
    A:admin@node-2# egress
     
    *(ex)[configure card 1 fp 2 egress]
    A:admin@node-2# wred-queue-control
     
    *(ex)[configure card 1 fp 2 egress wred-queue-control]
    A:admin@node-2# exit
     
    *(ex)[configure card 1 fp 2 egress]
    A:admin@node-2# exit all
     
    *(ex)[]
    A:admin@node-2#

1.3.7. Using the tree Command

The tree command displays the command tree under the present working context, excluding the present working context element. Hierarchy is indicated with a pipe (|) and a “+-- “ separator precedes each element. The tree output is in alphabetical order of elements.

[pr:configure aaa]
A:admin@node-3# tree
+-- diameter
|   +-- node
|   |   +-- connection
|   |   |   +-- ipv4
|   |   |   |   +-- allow-connections
|   |   |   |   +-- local-address
|   |   |   +-- ipv6
|   |   |   |   +-- allow-connections
|   |   |   |   +-- local-address
|   |   |   +-- timer
|   |   +-- description
|   |   +-- origin-realm
|   |   +-- peer
|   |   |   +-- address
|   |   |   +-- admin-state
|   |   |   +-- connection-timer
|   |   |   +-- destination-host
|   |   |   +-- preference
|   |   |   +-- watchdog-timer
|   |   +-- python-policy
|   |   +-- router-instance
|   +-- peer-policy
|       +-- applications
|       |   +-- gx
|       |   +-- gy
|       |   +-- nasreq
|       +-- connection-timer
|       +-- description
|       +-- ipv4-source-address
|       +-- ipv6-source-address
|       +-- origin-host
|       +-- origin-realm
 
<snip>
[]
A:admin@node-3# tree
+-- admin
|   +-- disconnect
|   |   +-- session-id
|   +-- reboot
|   |   +-- card
|   |   +-- now
|   +-- redundancy
|   |   +-- force-switchover
|   |       +-- now
|   +-- save
|   |   +-- url
|   +-- show
|   |   +-- configuration
|   +-- support-mode
|   +-- system
|       +-- security
|           +-- hash-control
|               +-- custom-hash
|                   +-- algorithm
|                   +-- key
+-- back
+-- clear
|   +-- aaa
|   |   +-- diameter-node
|   |   |   +-- origin-host-string
|   |   |   +-- peer
|   |   |   +-- statistics
|   |   +-- diameter-peer-policy
|   |   |   +-- client-side-peer-ip
|   |   |   +-- peer
|   |   |   +-- port
|   |   |   +-- proxy
|   |   |   +-- statistics
|   |   +-- isa-radius-policy
|   |   |   +-- statistics
|   |   +-- l2tp-accounting-policy
|   |   |   +-- statistics
|   |   +-- radius-server-policy
|   |   |   +-- acct-session-id
|   |   |   +-- msg-buffer
|   |   |   +-- msg-buffer-only
|   |   |   +-- server
|   |   |   +-- statistics
|   |   +-- route-downloader
|   |       +-- family
|   |       +-- router

1.3.7.1. Using the Flat Option

The flat option displays the command hierarchy under the present working context on one line, excluding the present working context element.

(ro)[]
A:admin@node-1# tree flat
admin
admin disconnect
admin disconnect session-id
admin reboot
admin reboot card
admin reboot now
admin redundancy
admin redundancy force-switchover
admin redundancy force-switchover now
admin save
admin save url
admin show
admin show configuration
admin support-mode
 
<snip>

1.3.7.2. Using the Detail Option

The detail option displays all key and field values in the output on every line.

(ro)[]
A:admin@node-1# tree detail
+-- admin
|   +-- disconnect
|   |   +-- session-id <number>
|   +-- reboot
|   |   +-- card <keyword>
|   |   +-- now
|   +-- redundancy
|   |   +-- force-switchover
|   |       +-- now
|   +-- save
|   |   +-- url <string>
|   +-- show
|   |   +-- configuration
|   +-- support-mode
 
<snip>

The flat and detail options can be combined in any order.

(ro)[]
A:admin@node-1# tree flat detail
admin
admin disconnect
admin disconnect session-id <number>
admin reboot
admin reboot card <keyword>
admin reboot now
admin redundancy
admin redundancy force-switchover
admin redundancy force-switchover now
admin save
admin save url <string>
admin show
admin show configuration
admin support-mode
 
<snip>

1.3.8. Using Control Characters and Editing Keystrokes on the Command Line

Table 7 lists the control characters and keystrokes available to execute and edit commands.

Table 7:  Control Characters  

Command

Description

/ (Slash)

Return to the operational root (equivalent to exit all) if used without parameters

Navigate into context or set the value and remain in current context if used at the beginning of a line (equivalent to exit all, and then the command)

CTRL-z

Execute command and return to the operational root (equivalent to Enter and exit all)

CTRL-c

Abort the pending command

CTRL-d

Delete the current character

CTRL-h

Delete the current character and move the cursor left

CTRL-u

Delete text up to the cursor and preserve the character under the cursor

CTRL-k

Delete text after the cursor. The character under the cursor is not preserved.

CTRL-a (or Home)

Move to the beginning of the line

CTRL-e (or End)

Move to the end of the line

CTRL-p (or Up arrow)

Display prior command from history

CTRL-n (or Down arrow)

Display next command from history

CTRL-b (or Left arrow)

Move the cursor one space to the left

CTRL-f (or Right arrow)

Move the cursor one space to the right

CTRL-w

Delete the word up to the cursor

ESC+b

Move back one word, or to the beginning of the current word if the cursor is not at the start of the word

1.3.9. Using Command Completion

The MD-CLI supports both command abbreviation and command completion. When typing a command, Tab, Spacebar, or Enter invokes auto-completion. If the text entered is enough to match a specific command, auto-completion completes the command. If the text entered is not sufficient to identify a specific command, pressing Tab or Spacebar displays options in alphabetical order matching the text entered.

The environment command-completion command controls what keystrokes can trigger command completion. Each keystroke is independently controlled with its own Boolean value.

(ex)[environment command-completion]
A:admin@node-2# info detail
    enter true
    space true
    tab true
Note:

If Spacebar completion has multiple matches and also matches an keyword, the space is considered a separator and auto-completion is not triggered.

  1. configure por+Spacebar displays auto-completion results
  2. configure port+Spacebar inserts a space and suppresses auto-completion results
  3. configure por+Tab displays auto-completion results
  4. configure port+Tab displays auto-completion results

1.3.9.1. Variable Parameter Completion

Variable parameter completion works only with the Tab key. All configured variables from the candidate and running configuration datastores are displayed. Line wrapping may occur for variables with long names. Parameters are displayed in alphabetical or numerical order. The variable parameter name is always displayed as the first line. In the following example, “interface-name” is the variable parameter name and “int-1” and “system” are configured names.

*(ex)[configure router "Base"]
A:admin@node-2# interface //Press Tab
 
 <interface-name>
 "int-1"
 "system"
 
*(ex)[configure router "Base"]
A:admin@node-2# interface

1.3.9.1.1. Completion for Lists with a Default Keyword

Some list elements have a default keyword defined, such as the router command, where the default keyword is “Base”. When the command completion parameters (enter, space, and tab) are at their default settings (true), and the initial input matches an element in the list and a unique command keyword, the matching keyword is completed instead of the variable.

For example, the router command has a default keyword defined as “Base”. If router “g” is created using the command configure router “g” (with quotation marks”), and there is an existing gtp protocol, the variable completion is as follows.

The following displays for router+Spacebar+Tab:

*[pr:configure]
A:admin@node-3# router //Press Tab
 
 <router-name>
 "Base"
 "g"
 "management"
 
 aggregates             allow-icmp-redirect    allow-icmp6-redirect
 apply-groups           autonomous-system      bfd
 bgp                    bier                   class-forwarding
 confederation          description            dhcp-server
 ecmp                   entropy-label          fib-priority
 fib-telemetry          firewall               flowspec
 gtm                    gtp                    icmp-tunneling
 igmp                   interface              ipv6
 
<snip>

The following displays for router g+Tab:

*(ex)[configure]
A:admin@node-2# router g //Press Tab
 
 "g"
 
 gtp

Entering router g+Enter completes to router gtp and enters the router “Base” gtp context:

*(ex)[configure]
A:admin@node-2# router g //Press Enter
 
*(ex)[configure]
A:admin@node-2# router gtp
 
*(ex)[configure router "Base" gtp]
A:admin@node-2#

Similarly, router g+Spacebar completes to router gtp and enters the router “Base” gtp context when Enter is pressed:

*(ex)[configure]
A:admin@node-2# router g //Press Space //Press Enter
 
*(ex)[configure]
A:admin@node-2# router gtp
 
*(ex)[configure router "Base" gtp]
A:admin@node-2#

To enter the context for router “g”, quotation marks are used to specify the variable:

*(ex)[configure]
A:admin@node-2# router "g"
 
*(ex)[configure router "g"]
A:admin@node-2#

If the command completion for enter is set to false, then router g+Enter allows the match to router “g”. Similarly, when the command completion for space is false, router g+Spacebar also matches to router “g” instead of the keyword gtp.

*(ex)[environment command-completion]
A:admin@node-2# info detail
    enter true
    space true
    tab true
 
*(ex)[environment command-completion]
A:admin@node-2# enter false
 
*(ex)[environment command-completion]
A:admin@node-2# space false
 
*(ex)[environment command-completion]
A:admin@node-2#
 
*(ex)[]
A:admin@node-2# configure
 
*(ex)[configure]
A:admin@node-2# router g//Press Enter
 
*(ex)[configure router "g"]
A:admin@node-2# back
 
*(ex)[configure]
A:admin@node-2# router g//Press Spacebar+Enter
 
*(ex)[configure router "g"]
A:admin@node-2#

In the next example, the completion parameters are at the default settings of true. If the user intends to navigate to configure router isis, but enters configure router is+Enter, router “is” is created.

(ex)[configure]
A:admin@node-2# router is //Press Enter
 
*(ex)[configure router "is"]
A:admin@node-2#

Entering router is+Tab in the configure context shows the “is” router, in addition to the keywords that begin with “is”:

*(ex)[configure]
A:admin@node-2# router is //Press Tab
 "is"
 
 isa-service-chaining  isis
 
*(ex)[configure]
A:admin@node-2# router is

Entering router is+Spacebar in the configure context shows the keywords that begin with “is”:

*(ex)[configure]
A:admin@node-2# router is //Space
 
 isa-service-chaining  isis
 
*(ex)[configure]
A:admin@node-2# router is

In this scenario, the entire “isis” keyword must be entered to navigate to the desired context:

*(ex)[configure]
A:admin@node-2# router isis
 
*(ex)[configure router "Base" isis 0]
A:admin@node-2#

1.3.9.1.2. Completion for Keyword-based Leaf-lists

For keyword-based leaf-lists, command completion displays all possible values, not only those that are configured. When deleting values in a leaf-list, only the values that are currently configured are displayed. In the following example, when defining the forwarding traffic classes, all keyword values are listed. When deleting the forwarding traffic classes, only the configured classes are displayed.

*(ex)[configure mirror mirror-source "mrsc" subscriber "subscr-str"]
A:admin@node-2# fc //Press Tab
 
 <fc>
 af
 be
 ef
 h1
 h2
 l1
 l2
 nc
 
*(ex)[configure mirror mirror-source "mrsc" subscriber "subscr-str"]
A:admin@node-2# fc [ef h2 l2 af]
 
*(ex)[configure mirror mirror-source "mrsc" subscriber "subscr-str"]
A:admin@node-2# info
    fc [l2 af h2 ef]
 
*(ex)[configure mirror mirror-source "mrsc" subscriber "subscr-str"]
A:admin@node-2# delete fc //Press Tab
 
 <fc>
 *
 af
 ef
 h2
 l2
 
*(ex)[configure mirror mirror-source "mrsc" subscriber "subscr-str"]
A:admin@node-2# delete fc

1.3.9.1.3. Completion for Boolean Elements

The explicit use of the keyword true for a Boolean element is optional. If neither true or false is entered, the keyword true is assumed.

(ex)[environment]
A:admin@node-3# more ?
 
 more <boolean>
 <boolean> - ([true]|false)
 Default   - true
 
    Paging control of the output text

When Tab is used for command completion with Boolean elements, the values of false and true are displayed, along with the names of possible elements that can follow. In the following example of the environment more command, the commands command-completion, console, message-severity-level, and so on, can be defined following the more command.

(ex)[environment]
A:admin@node-2# more //Press Tab
 
 <more>
 false
 true
 
 command-completion     console                message-severity-level
 progress-indicator     prompt                 time-display
 
 delete
 
(ex)[environment]
A:admin@node-2# more

1.3.10. Displaying Available Commands using Tab

Variables, keywords, global commands, and configuration commands and units are separated by a blank line in the output, in the following order:

  1. values or units (mutually exclusive)
  2. keywords
  3. global commands
  4. configuration commands
(ex)[configure aaa diameter]
A:admin@node-1#//Press Tab
 
 node         peer-policy
 
 back         delete       edit-config  exec         exit         history
 logout       pwc          top          tree
 
 commit       compare      discard      info         update       validate
 

1.3.11. Modifying the Idle Timeout Value for CLI Sessions

A single idle timeout applies to all CLI engines in a CLI session (classic and MD-CLI). The idle timeout can be modified to a value between 1 and 1440 minutes.

The following points apply.

  1. The idle timeout only affects new CLI sessions. Existing and current sessions retain the previous idle timeout.
  2. The idle timeout can be disabled by setting the value to none.
  3. The “Idle time” column in the show users display is reset after an action in either CLI engine.
    []
    A:admin@node-2# show users
    ===============================================================================
    User                             Type      Login time           Idle time
      Session ID   From
    ===============================================================================
                                     Console         --             6d 19:38:00 --
      6            --
    admin                            SSHv2     11OCT2018 14:35:19   0d 00:00:00 --
     #23           192.168.144.87
    admin                            SSHv2     11OCT2018 14:35:55   0d 00:07:46 --
      24           192.168.144.87
    -------------------------------------------------------------------------------
    Number of users: 2
    '#' indicates the current active session
    ===============================================================================

A warning message is displayed when a session reaches one-half the value of the idle timeout, and another message is displayed when the idle timeout expires.

1.3.11.1. Idle Timeout Interaction with the Classic CLI

The idle timeout configured in the classic CLI affects all new sessions as well as the current session. However, the current session is only affected if the classic CLI engine is active when the idle timeout expires. Configuration changes via the MD-CLI or any other interface, including SNMP, only affect new sessions that begin after the change.

1.3.12. Using Output Modifiers

Output modifiers provide support for post-processing of CLI output. Output modifiers are specified using a pipe (|) character. The following points apply when using output modifiers.

  1. Output modifiers can be appended to any CLI command in any command context.
  2. Output modifiers work across soft line breaks (visual lines) that are wrapped due to the terminal width; for example, using match or count. They do not work across hard line breaks (logical lines).
  3. Modifiers can be combined in any order. No hard limit exists for the number of combinations. Output is processed linearly and there is little impact on the system performance except to the operator session that entered the modifier combination.

1.3.12.1. Using | match Options

The following options are supported for use with the pipe (|) match command:

  1. ignore-case — specifies to ignore case in pattern match
  2. invert-match — specifies to invert the pattern match selection
  3. max-count — specifies the maximum number of displayed matches
  4. post-lines — specifies the number of lines to display following the matched line
  5. pre-lines — specifies the number of lines to display preceding the matched line

The following example matches on the pattern autonomous-system in the tree detail under the configure router “Base” context, and starts the display with seven lines preceding the pattern match.

(ex)[configure router "Base"]
A:admin@node-1# tree detail | match autonomous-system pre-lines 7
|   |   +-- indirect <unicast-ipv4-address | global-unicast-ipv6-address>
|   |   +-- local-preference <number>
|   |   +-- summary-only <boolean>
|   +-- apply-groups <reference>
+-- allow-icmp-redirect <boolean>
+-- allow-icmp6-redirect <boolean>
+-- apply-groups <reference>
+-- autonomous-system <number>
 
(ex)[configure router "Base"]
A:admin@node-1#

1.3.12.1.1. Using Regular Expressions with | match

Regular expressions (REs) used by the MD-CLI engine are delimited by apostrophes (‘); for example, ‘.*’. REs cannot be delimited by double quotation marks (“); for example, “.*”.

MD-CLI REs are based on a subset of The Open Group Base Specifications Issue 7 and IEEE Std 1003.1-2008, 2016 Edition REs, as defined in chapter 9. MD-CLI REs only support Extended Regular Expression (ERE) notation as defined in section 9.4. Basic Regular Expression (BRE) notation as defined in section 9.3 is not supported.

In ERE notation, a backslash (\) before a special character is treated as a literal character. Backslashes are not supported before ( ) or { }, as they are in BREs to indicate a bracket expression or marked expression.

Table 8 describes the special characters that are supported in EREs.

Table 8:  Special Characters in Extended Regular Expressions 

Special character

Description

.

Matches any single character

*

Matches the preceding expression zero or more times

?

Matches the preceding expression zero or one time

+

Matches the preceding expression one or more times

[ ]

Matches a single character within the brackets

[^]

Matches a single character not within the brackets

^

Matches the starting position

$

Matches the ending position

( )

Defines a marked subexpression

{m,n}

Matches the preceding expression at least m and not more than n times

{m}

Matches the preceding expression exactly m times

{m, }

Matches the preceding expression at least m times

{ ,n}

Matches the preceding expression not more than n times

|

Matches either expression preceding or following the |

\

Treats the following character as a match criterion

-

Separates the start and end of a range

The following examples show the use of a bracket expression as a matching list expression.

The first output does not use any match expressions and therefore shows the entire output.

*(gl)[]
A:admin@node-2# show port
 
===============================================================================
Ports on Slot 1
===============================================================================
Port          Admin Link Port    Cfg  Oper LAG/ Port Port Port   C/QS/S/XFP/
Id            State      State   MTU  MTU  Bndl Mode Encp Type   MDIMDX
-------------------------------------------------------------------------------
1/1/1         Down  No   Ghost   8704 8704    - netw null xcme
1/1/2         Up    No   Ghost   1514 1514    - accs null xcme
1/1/3         Up    No   Ghost   1514 1514    - accs null xcme
1/1/4         Up    No   Ghost   1514 1514    - accs null xcme
1/1/5         Up    No   Ghost   1514 1514    - accs null xcme
1/1/6         Down  No   Ghost   8704 8704    - netw null xcme
1/1/7         Down  No   Ghost   8704 8704    - netw null xcme
1/1/8         Down  No   Ghost   8704 8704    - netw null xcme
1/1/9         Down  No   Ghost   8704 8704    - netw null xcme
1/1/10        Down  No   Ghost   8704 8704    - netw null xcme
1/1/11        Down  No   Ghost   8704 8704    - netw null xcme
1/1/12        Down  No   Ghost   8704 8704    - netw null xcme
1/2/1         Up    No   Ghost   8704 8704    - netw null xcme
1/2/2         Up    No   Ghost   1514 1514    - accs null xcme
1/2/3         Up    No   Ghost   1514 1514    - accs null xcme
1/2/4         Down  No   Ghost   8704 8704    - netw null xcme
Press Q to quit, Enter to print next line or any other key to print next page.

In this matching list expression, a match is any single character in the bracket expression, which in this case is 1, 3, or 5.

*(gl)[]
A:admin@node-2# show port | match '1/1/[135]'
1/1/1         Down  No   Ghost   8704 8704    - netw null xcme
1/1/3         Up    No   Ghost   1514 1514    - accs null xcme
1/1/5         Up    No   Ghost   1514 1514    - accs null xcme
1/1/10        Down  No   Ghost   8704 8704    - netw null xcme
1/1/11        Down  No   Ghost   8704 8704    - netw null xcme
1/1/12        Down  No   Ghost   8704 8704    - netw null xcme

In this non-matching list expression, a match is any single character not in the bracket expression, that is, not 1, 2, or 4.

*(gl)[]
A:admin@node-2# show port | match '1/1/[^124]'
1/1/3         Up    No   Ghost   1514 1514    - accs null xcme
1/1/5         Up    No   Ghost   1514 1514    - accs null xcme
1/1/6         Down  No   Ghost   8704 8704    - netw null xcme
1/1/7         Down  No   Ghost   8704 8704    - netw null xcme
1/1/8         Down  No   Ghost   8704 8704    - netw null xcme
1/1/9         Down  No   Ghost   8704 8704    - netw null xcme

The range operator (-) can be used in a matching or non-matching list expression.

*(ro)[]
A:admin@node-2# show port | match '1/1/[3-7]'
1/1/3         Up    No   Ghost   1514 1514    - accs null xcme
1/1/4         Up    No   Ghost   1514 1514    - accs null xcme
1/1/5         Up    No   Ghost   1514 1514    - accs null xcme
1/1/6         Down  No   Ghost   8704 8704    - netw null xcme
1/1/7         Down  No   Ghost   8704 8704    - netw null xcme
*(ro)[]
A:admin@node-2# show port | match '1/1/[^3-7]'
1/1/1         Down  No   Ghost   8704 8704    - netw null xcme
1/1/2         Up    No   Ghost   1514 1514    - accs null xcme
1/1/8         Down  No   Ghost   8704 8704    - netw null xcme
1/1/9         Down  No   Ghost   8704 8704    - netw null xcme
1/1/10        Down  No   Ghost   8704 8704    - netw null xcme
1/1/11        Down  No   Ghost   8704 8704    - netw null xcme
1/1/12        Down  No   Ghost   8704 8704    - netw null xcme

The alternation operator (|) can be used with or without a bracket expression to match against two or more alternative expressions.

*(ro)[]
A:admin@node-2# show port | match '1/1/[2-5|7-9]'
1/1/2         Up    No   Ghost   1514 1514    - accs null xcme
1/1/3         Up    No   Ghost   1514 1514    - accs null xcme
1/1/4         Up    No   Ghost   1514 1514    - accs null xcme
1/1/5         Up    No   Ghost   1514 1514    - accs null xcme
1/1/7         Down  No   Ghost   8704 8704    - netw null xcme
1/1/8         Down  No   Ghost   8704 8704    - netw null xcme
1/1/9         Down  No   Ghost   8704 8704    - netw null xcme

Without a bracket expression, an exact match is attempted against two or more alternative expressions.

*(ro)[]
A:admin@node-2# info | match 'mda|fp'
        mda 1 {
            mda-type m12-1gb-xp-sfp
        mda 2 {
            mda-type m10-1gb-sfp-b
        fp 1 {

MD-CLI REs match on the output format of an element, as shown in the configuration. For example, if the value of an element is shown in hexadecimal in info output, a decimal RE will not match the value. In the following example, the Ethertype is entered in decimal format, but is displayed in hexadecimal. Matching on the decimal format does not find a match.

*[ex:configure filter mac-filter "fn" entry 1 match]
A:admin@node-1# etype ?
 
 etype <number>
 <number> - <0x600..0xffff>
 
    Ethernet type
 
*[ex:configure filter mac-filter "fn" entry 1 match]
A:admin@node-1# etype 65535
 
*[ex:configure filter mac-filter "fn" entry 1 match]
A:admin@node-1# info
    etype 0xffff
 
*[ex:configure filter mac-filter "fn" entry 1 match]
A:admin@node-1# top
 
*[ex:configure]
A:admin@node-1# info | match 65535
 
*[ex:configure]
A:admin@node-1# info | match 0xffff
                    etype 0xffff
 
*[ex:configure]
A:admin@node-1#

MD-CLI REs are not implicitly anchored. The ^ or $ anchoring special characters can be used, as in the following example.

*(ex)[configure router "Base" bgp]
A:admin@node-2# info
    group "external" {
    }
    group "internal" {
    }
    neighbor 192.168.10.1 {
        group "external"
        keepalive 30
        peer-as 100
    }
    neighbor 192.168.10.2 {
        group "external"
        peer-as 100
        family {
            ipv4 true
        }
    }

This example uses the ^ anchor character to match on “group” preceded by four spaces at the beginning of the line.

*(ex)[configure router "Base" bgp]
A:admin@node-2# info | match '^    group' pre-lines 1
    group "external" {
    }
    group "internal" {

This example uses the ^ anchor character to match on “group” preceded by eight spaces at the beginning of the line.

*(ex)[configure router "Base" bgp]
A:admin@node-2# info | match '^        group' pre-lines 1
    neighbor 192.168.10.1 {
        group "external"
    neighbor 192.168.10.2 {
        group "external"
*(ex)[configure router "Base" bgp]
A:admin@node-2#

In the following configuration example using the compare command, the | match option filters out those commands to be deleted (configuration statements beginning with the minus sign (-)) and those to be added (configuration statements beginning with the plus sign (+)).

*(gl)[configure log accounting-policy 5]
A:admin@node-2# /compare
+   admin-state enable
-   collection-interval 105
+   collection-interval 75
-   include-system-info true
+   include-system-info false
 
*(gl)[configure log accounting-policy 5]
A:admin@node-2# /compare | match '^-'
-   collection-interval 105
-   include-system-info true

The backslash (\) is used to match the literal “+” character that denotes additions to the configuration seen in the compare command.

*(gl)[configure log accounting-policy 5]
A:admin@node-2# /compare | match '^\+'
+   admin-state enable
+   collection-interval 75
+   include-system-info false

A character class expression is expressed as a character class name enclosed within bracket colon (“[:” and “:]”) delimiters. Table 9 defines the character class expressions.

Table 9:  Character Class Expressions  

Character Class

Characters matched (delimited by ‘single quotation marks’)

Description

[:alnum:]

‘ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz 0123456789’

Alphanumeric characters

[:alpha:]

‘ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz’

Alphabetic characters

[:blank:]

‘ \t’

Space and Tab

[:cntrl:]

‘\007\b\t\n\v\f\r\1\2\3\4\5\6\16\17\20 \21\22\23\24\25\26\27\30 \31\32\33\34\35\36\37\177’

Control characters

[:digit:]

‘0123456789’

Digits

[:graph:]

‘ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz 0123456789 !\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~’

Visible characters

[:lower:]

‘abcdefghijklmnopqrstuvwxyz’

Lowercase letters

[:print:]

‘ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz 0123456789!\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~ ’

Visible characters and the Space character

[:punct:]

‘!\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~’

Punctuation characters

[:space:]

‘\t\n\v\f\r ‘

Whitespace (blank) characters

[:upper:]

‘ABCDEFGHIJKLMNOPQRSTUVWXYZ’

Uppercase letters

[:xdigit:]

‘0123456789ABCDEFabcdef’

Hexadecimal digits

Character class expressions must be enclosed within brackets. The expression ‘[[:digit:]]’ is treated as an RE containing the character class “digit”, while ‘[:digit:]’ is treated as an RE matching “:”, “d”, “i”, “g”, or “t”.

Collating symbols and equivalence classes are not supported in MD-CLI REs.

1.3.12.2. Using | count

The | count option displays the line count of the output.

(ro)[configure qos]
A:admin@node-2# tree flat detail | match wrr-policy
hsmda-wrr-policy <string>
hsmda-wrr-policy <string> apply-groups <reference>
hsmda-wrr-policy <string> class-agg-weight <number>
hsmda-wrr-policy <string> description <string>
hsmda-wrr-policy <string> include-queues <keyword>
hsmda-wrr-policy <string> schedule-using-class <number>
network-queue <string> egress-hsmda wrr-policy <reference>
queue-group-templates egress queue-group <string> hsmda-queues wrr-policy  <reference>
sap-egress <string> hsmda-queues wrr-policy <reference>
 
(ro)[configure qos]
A:admin@node-2# tree flat detail | match wrr-policy | count
Count: 9 lines
 
(ro)[configure qos]
A:admin@node-2#
Note:

Error messages are not processed by output modifiers. They are always displayed and are not affected by the count or match modifiers.

1.3.12.3. Using the | no-more Option

The | no-more option displays the output with pagination disabled. This option is similar to the environment more false setting, where the entire output text is printed without page interruptions.

1.3.12.4. Using the File Redirect Option

The > option can be used to redirect output to a local or remote file. The > redirect must be specified at the end of a command and cannot be combined with other redirects.

*(ex)[configure router "Base"]
A:admin@node-1# info detail | match leak-export > ?
 
 [url] <string>
 <string> - <1..255 characters>
 
 The location where the output should be saved.
 

1.3.13. Navigating Contexts in the MD-CLI

1.3.13.1. Entering Contexts

Configuring a container navigates into the context. In the following example, the first container is aaa, and the next is diameter. All containers are marked with a “+”.

(ex)[configure]
A:admin@node-2#?
 
 Nokia configuration branches:
 aaa                  + Enter the aaa context
 bfd                  + Enter the bfd context
 bmp                  + Enter the bmp context
 card                 + Enter the card context
 cflowd               + Enter the cflowd context
 chassis              + Enter the chassis context
 connection-profile   + Enter the connection-profile context
...
 
(ex)[configure]
A:admin@node-2# aaa
 
(ex)[configure aaa]
A:admin@node-2#?
 
 diameter             + Enter the diameter context
 radius               + Enter the radius context
 wpp                  + Enter the wpp context
 
(ex)[configure aaa]
A:admin@node-admin-2#

Alternatively, the same context can be entered on one line:

(ex)[]
A:admin@node-2# configure aaa diameter
 
(ex)[configure aaa diameter]
A:admin@node-2#

Configuring a leaf element maintains the present working context if there is no explicit opening brace. Entering an explicit opening brace navigates into the specified context.

(ex)[]
A:admin@node-2# configure card 1 fp 2
 
*(ex)[configure card 1 fp 2]
A:admin@node-2# hi-bw-mcast-src default-paths-only false
 
*(ex)[configure card 1 fp 2]
A:admin@node-2# hi-bw-mcast-src { group 23
 
*(ex)[configure card 1 fp 2 hi-bw-mcast-src]
A:admin@node-2#

Configuring a container navigates into the context.

(ex)[configure]
A:admin@node-2# card 1 fp 2
 
*(ex)[configure card 1 fp 2]
A:admin@node-2# egress
 
*(ex)[configure card 1 fp 2 egress]
A:admin@node-2# wred-queue-control
 
*(ex)[configure card 1 fp 2 egress wred-queue-control]
A:admin@node-2#

Configuring an empty container or a list where the only children are keys does not navigate into the context. These elements are displayed with aggregated braces with a space ({ }) on the same line. It is possible to enter the element name with an opening brace; however, no options are available in this context.

For example, configuring the list element sdp-include with a key of “ref_group_name” does not change the existing context.

*(ex)[configure service pw-template "tt"]
A:admin@node-1# sdp-include ref_group_name
 
*(ex)[configure service pw-template "tt"]
A:admin@node-1# info
    sdp-include "ref_group_name" { }
 
*(ex)[configure service pw-template "tt"]
A:admin@node-1#

1.3.13.2. Exiting Contexts

The back and top commands are used to navigate contexts, but it is also possible to use closing braces to navigate.

The behavior of an explicit closing brace depends on the contents of the current command line. If the command line contains an explicit opening brace, the closing brace exits to the parent context of the opening brace.

In the following example with an opening brace on the command line, the closing brace exits VPRN 1, and then enters the context of VPRN 2.

(ex)[]
A:admin@node-2# configure service vprn 1 { interface "intf1" description "vprn-if" } vprn 2
 
*(ex)[configure service vprn "2"]
A:admin@node-2#

In the following example without an opening brace on the command line, the first closing brace exits interface “int1”, and the second closing brace exits VPRN 1 and enters the VPRN 2 context.

*(ex)[configure service]
A:admin@node-2# vprn 1 interface "int1" description vprn-if } } vprn 2
 
*(ex)[configure service vprn "2"]
A:admin@node-2#

1.3.14. Executing Commands with a File

The exec command executes commands from a file as if the user typed or pasted the input into the MD-CLI without command completion. The syntax can be seen as follows:

(ex)[configure]
A:admin@node-2# exec ?
 
 [url] <string>
 <string> - <0..255 characters>
 
    The location of the file to be executed.
 
(ex)[configure]
A:admin@node-2# exec my-url-fn ?
 
 exec
 
 echo                 - Displays the commands on screen as they are being
                        executed.

The exec command:

  1. errors if it detects an interactive input
  2. terminates in the CLI engine in which it completes execution as follows:
    1. if there are no commands that switch CLI engines, the CLI engine is always the one in which exec started
    2. if there are commands that switch CLI engines, exec ends in the last CLI engine that was entered
    3. //exec returns to the engine in which it was started
  3. terminates execution and displays an error message if an error occurs, leaving the session in the same context as when the error occurred

The system executes the file as follows:

  1. disables pagination while the command is running
  2. disables command completion while the command is running
  3. suppresses the commands in the file from the command history

1.3.14.1. Using Commands that Switch Engines in an Executable File

When using commands that switch between CLI engines within an executable file, the following commands are recommended:

  1. use /!classic-cli to switch explicitly to the classic CLI engine and /!md-cli to switch explicitly to the MD-CLI engine, instead of // to toggle between engines
  2. use exit all to get to a known starting point: the operational root of the classic CLI or the MD-CLI engine
  3. include edit-config if the script needs to change the candidate configuration in the MD-CLI engine. Use quit-config after changes are committed in the script.
    Note:

    1. An executable with edit-config may fail if other users have locked the configuration.
    2. Issuing the quit-config command with changes in the candidate configuration while the session is in exclusive configuration mode fails the executable because of the “discard changes” prompt.

1.3.15. Displaying Information in the MD-CLI

1.3.15.1. Using the info Command

The info command shows the configuration for the present context. The command can only be executed while in a configuration mode. By default, all configured parameters in the candidate configuration datastore are displayed.

— info [[from] (candidate | running | baseline)]
— converted
— detail
— flat
— full-context
— inheritance

Table 10 describes the info command options.

Table 10:  Info Command Options  

Option

Description

[from] (candidate | running | baseline)

Specify the source datastore (default is from candidate)

converted

Include converted configuration values from third party modules

detail

Include default and unconfigured values in the output

flat

Show the hierarchy on each line starting from the present working context

full-context

Show the full hierarchy on each line

inheritance

Include configuration inherited from configuration groups

Note:

The flat and full-context options are mutually exclusive. Valid option combinations (in any order) are:

  1. flat detail
  2. full-context detail
  3. inheritance flat
  4. inheritance full-context
  5. converted detail
  6. converted flat
  7. converted full-context

The order of the configuration output is as follows:

  1. keys are displayed on the same line as the command element
  2. apply-groups is displayed, if applicable
  3. admin-state is displayed, if applicable
  4. description is displayed, if applicable
  5. other top-level elements are displayed in alphabetical order

The configuration output displays all elements that are configured, even if an element is set to the system default state or value.

In the following example, chassis has two key leafs (chassis-class (router) and chassis-number (9)). The double hash (##) indicates an unconfigured element or a dynamic default. Refer to section 1.4.5 for more information.

*(ex)[configure]
A:admin@node-2# info detail | match chassis post-lines 20
    chassis router chassis-number 9 {
        admin-state disable
     ## description
        mac-address 00:00:00:00:00:00
     ## sat-type
     ## software-repository
        sync-e false
     ## power-supply
     ## port-map
    }

The following displays configuration information for configure log accounting-policy 5:

*(ex)[configure log accounting-policy 5]
A:admin@node-3# info
    description "For aa-admint-deny statistics"
    collection-interval 65
    include-system-info true
    record aa-admit-deny
    custom-record {
        significant-change 0
    }

The detail option displays all data for the context, including default configurations.

*(ex)[configure log accounting-policy 5]
A:admin@node-3# info detail
 ## apply-groups
    admin-state disable
    description "For aa-admint-deny statistics"
    collection-interval 65
    default false
    include-system-info true
    record aa-admit-deny
    align false
    custom-record {
     ## apply-groups
        significant-change 0
        aa-specific {
            sub-attributes {
                app-service-options false
            }
            sub-counters {
                long-duration-flow-count false
                medium-duration-flow-count false
                short-duration-flow-count false
                total-flow-duration false
                total-flows-completed-count false
            }
            from-sub-counters {
Press Q to quit, Enter to print next line or any other key to print next page.

The flat option displays the context of every element in the present working context on a single line. Braces ensure that the context stays in the present working context for copy and paste purposes.

*(ex)[configure log accounting-policy 5]
A:admin@node-3# info flat detail
 ## apply-groups
    admin-state disable
    description "For aa-admint-deny statistics"
    collection-interval 65
    default false
    include-system-info true
    record aa-admit-deny
    align false
 ## custom-record apply-groups
    custom-record significant-change 0
    custom-record aa-specific sub-attributes app-service-options false
    custom-record aa-specific sub-counters long-duration-flow-count false
    custom-record aa-specific sub-counters medium-duration-flow-count false
    custom-record aa-specific sub-counters short-duration-flow-count false
    custom-record aa-specific sub-counters total-flow-duration false
    custom-record aa-specific sub-counters total-flows-completed-count false
    custom-record aa-specific from-sub-counters flows-active-count false
    custom-record aa-specific from-sub-counters flows-admitted-count false
    custom-record aa-specific from-sub-counters flows-denied-count false
    custom-record aa-specific from-sub-counters forwarding-class false
    custom-record aa-specific from-sub-counters max-throughput-octet-count false
    custom-record aa-specific from-sub-counters max-throughput-packet-count false
Press Q to quit, Enter to print next line or any other key to print next page.

The full-context option displays the full context of every element from the present working context on a single line.

*(ex)[configure log accounting-policy 5]
A:admin@node-3# info full-context
    /configure log accounting-policy 5 description "For aa-admint-deny statistics"
    /configure log accounting-policy 5 collection-interval 65
    /configure log accounting-policy 5 include-system-info true
    /configure log accounting-policy 5 record aa-admit-deny
    /configure log accounting-policy 5 custom-record significant-change 0
 
*(ex)[configure log accounting-policy 5]
A:admin@node-3# info full-context detail
 ## /configure log accounting-policy 5 apply-groups
    /configure log accounting-policy 5 admin-state disable
    /configure log accounting-policy 5 description "For aa-admint-deny statistics"
    /configure log accounting-policy 5 collection-interval 65
    /configure log accounting-policy 5 default false
    /configure log accounting-policy 5 include-system-info true
    /configure log accounting-policy 5 record aa-admit-deny
    /configure log accounting-policy 5 align false
 ## /configure log accounting-policy 5 custom-record apply-groups
    /configure log accounting-policy 5 custom-record significant-change 0
    /configure log accounting-policy 5 custom-record aa-specific sub-attributes app-service-options false
    /configure log accounting-policy 5 custom-record aa-specific sub-counters long-duration-flow-count false
    /configure log accounting-policy 5 custom-record aa-specific sub-counters medium-duration-flow-count false
    /configure log accounting-policy 5 custom-record aa-specific sub-counters short-duration-flow-count false
    /configure log accounting-policy 5 custom-record aa-specific sub-counters total-flow-duration false
    /configure log accounting-policy 5 custom-record aa-specific sub-counters total-flows-completed-count false
Press Q to quit, Enter to print next line or any other key to print next page.

1.3.15.1.1. Displaying Lists

The info command always displays all keys of the list on the same line. The first key of a list is unnamed in the MD-CLI, however, there are exceptions where the key is named and must be entered. (Refer to the online help for the correct syntax of the command, or the MD-CLI Command Reference Guide.) All other keys are named. For example, the collector list has two keys, ip-address and port. The name of the first key, ip-address, does not appear in the info display. The name of the second key and any subsequent keys are always displayed.

*(ex)[configure cflowd]
A:admin@node-2# info
    collector 10.10.20.30 port 7 {
    }
    collector 10.10.30.40 port 8 {
    }
 
*(ex)[configure cflowd]
A:admin@node-2#

1.3.15.2. Using the show Command

The classic CLI show commands can be used in the MD-CLI as well as in the classic CLI, in the following ways:

  1. use /show or show (while in the operational root []) in the MD-CLI engine
  2. use show in the classic CLI engine
  3. use // in the MD-CLI engine to switch to the classic CLI engine, then use show in the classic CLI engine
  4. use //show in the MD-CLI engine to execute /show in the classic CLI engine and switch back to the MD-CLI

1.3.15.2.1. Classic CLI Command Availability

Classic CLI commands that are accessible in the MD-CLI show outputs of the same information and provide the same functionality in the MD-CLI as they do in the classic CLI. No additional outputs or enhancements are included in the MD-CLI.

Note:

Follow the classic CLI context when using the show command. For example, route policy information is displayed using the show router policy command in both the MD-CLI and classic CLI engines, even though this information is configured in the configure policy-options context in the MD-CLI and in the configure router policy-options context in the classic CLI.

1.3.15.2.1.1. Classic CLI show commands not available in the MD-CLI

The following classic CLI show commands are currently blocked in the MD-CLI:

  1. show alias
  2. show bof
  3. show config
  4. show debug
  5. show system candidate
  6. show system rollback

1.3.15.2.2. Using the show Command in the MD-CLI Engine

The show command in the MD-CLI is applicable only in the operational root []. The /show command can be used from the root or any configuration context.

(ex)[]
A:admin@node-2# show port port-id 1/1/1 description
 
===============================================================================
Port Descriptions on Slot 1
===============================================================================
Port Id        Description
-------------------------------------------------------------------------------
1/1/1          10-Gig Ethernet
===============================================================================
 
(ex)[]
A:admin@node-2# configure router
 
(ex)[configure router "Base"]
A:admin@node-2# show port port-id 1/1/1 description
                ^^^^
MINOR: MGMT_CORE #2201: Unknown element - 'show'
 
(ex)[configure router "Base"]
A:admin@node-2# /show port port-id 1/1/1 description
===============================================================================
Port Descriptions on Slot 1
===============================================================================
Port Id        Description
-------------------------------------------------------------------------------
1/1/1          10-Gig Ethernet
===============================================================================

1.3.15.3. Using Output Modifiers

Output modifiers (match, count, and no-more) can also be used with the show command. See Using Output Modifiers.

1.3.16. MD-CLI Admin Tree

The following tree shows the available commands in the administrative branch in the MD-CLI. The admin commands are available only in the operational mode of the MD-CLI, or can be executed with /admin from a configuration branch.

— admin
— disconnect
— session-id session-id
— reboot
[card] keyword
— now
— redundancy
— force-switchover
— now
— save
[url] string
— show
— configuration
— support-mode

Table 11 describes the available commands in the MD-CLI admin tree.

Table 11:   Admin Tree Commands 

Admin command

Description

disconnect session-id session-id

Disconnect a user from a session, identified by a session identifier. The session identifiers can be obtained from one of the following commands. See Viewing the Status of the Local Datastores.

  1. show system management-interface datastore-locks detail
  2. show system management-interfaces configuration-sessions
  3. show users

reboot [[card] (active | standby | upgrade)] [now]

Reboot the active or standby CPM, or force an upgrade of the system boot ROMs. The now option forces a reboot immediately without an interactive confirmation.

redundancy force-switchover [now]

Force a switchover to the standby CPM. The primary CPM reloads its software images and becomes the secondary CPM. The now option forces the switchover immediately.

save [[url] string]

Save the running configuration to a configuration file. If a filename is not specified, the location is derived from bof.cfg.

Note: Classic CLI admin save is blocked when the management interface configuration mode is model-driven.

show configuration

Show the current running configuration.

support-mode

Enable the shell and kernel commands.

Note: To disable this command, log out of the CLI session, or disable in the classic CLI using admin no enable-tech.

1.4. Configuring in the MD-CLI

1.4.1. Configuration Workflow

1.4.1.1. MD-CLI Session Modes

There are two modes in the MD-CLI:

  1. operational — a user can run all commands to monitor or troubleshoot the router, but the router configuration cannot be changed
  2. configuration — a user can run all commands to monitor or troubleshoot the router. In private, exclusive, or global configuration mode, the router configuration can be changed. In read-only configuration mode, the user can only view the router configuration.

The first line of the user prompt indicates the active configuration mode. For example:

  1. [pr:configure] — indicates a user in private configuration mode (implicit configuration workflow)
  2. (ex) [configure] — indicates a user in exclusive configuration mode (explicit configuration workflow)

At login, an MD-CLI session always starts in operational mode. To configure the router, the user must enter a configuration mode using the explicit or implicit configuration workflow.

The configuration workflow (implicit vs explicit) determines if the user is restricted to the configure branch or if the user can navigate freely while in configuration mode. Configuration workflows are detailed in Implicit and Explicit Configuration Workflows.

The configuration mode (private, exclusive, global, or read-only) determines the interaction with other simultaneous configuration sessions. Candidate configuration modes are detailed in Candidate Configuration Modes.

1.4.1.2. Transactional Configuration Method

The MD-CLI transactional configuration method is a two-step process in which configuration changes are made in a candidate configuration. When the configuration is committed, the changes are copied to the running configuration and become active.

Figure 1 shows the flow of configuration changes from the candidate configuration to the running configuration.

Figure 1:  Flow of Configuration Changes  

Other non-router configuration operations, such as changing the MD-CLI session environment are active immediately.

The MD-CLI configuration method differs from the classic CLI in the following ways:

  1. In the classic CLI, changes to the router configuration are immediately activated in the running configuration. A strict configuration order must be maintained or the configuration fails.
  2. In the MD-CLI, the transactional configuration method allows multiple configuration changes to be made in any order in the candidate configuration. The system applies the correct ordering when the configuration is activated with the commit command.

1.4.1.3. Implicit and Explicit Configuration Workflows

The MD-CLI supports two configuration workflows:

  1. Implicit configuration workflow
    1. Navigation is restricted to the configure branch and its descendants.
    2. Operational commands require an absolute path and error when incomplete.
    3. configure {private | exclusive | global | read-only} enters configuration mode and navigates in the configure branch. There is no default configuration mode.
    4. exit all leaves configuration mode and navigates to the operational root.
  2. Explicit configuration workflow
    1. Navigation is unrestricted while in configuration mode.
    2. Operational commands while in the configure branch require an absolute path and navigate when incomplete.
    3. edit-config {private | exclusive | global | read-only} enters configuration mode without navigating. There is no default configuration mode.
    4. quit-config leaves configuration mode without navigating. The quit-config command is not available in the configure branch.

Table 12 compares the implicit and explicit configuration workflows.

Table 12:  Implicit and Explicit Configuration Mode Features 

Implicit Configuration Workflow

Explicit Configuration Workflow

Use

User focused on configuration tasks in the configure branch

Power user mode with unrestricted navigation capabilities

Flexibility

Run operational commands or configuration commands from the configure branch

Run operational commands or configuration commands anywhere

configure

Enters configuration mode 1 and navigates to the configure branch

Navigates to the configure branch (after edit-config command)

edit-config

Not applicable

Enters configuration mode 1

exit all or CTRL-z or /

Leaves configuration mode and navigates to the operational root

Navigates to the operational root

quit-config

Not applicable

Leaves configuration mode

Commands that result in an action or display output

Execute the command

Execute the command

Commands that navigate out of the configure branch

Not allowed

Navigate

info and configuration commands in the configure branch

Allowed

Allowed

info and configuration commands out of the configure branch

Not allowed

Allowed

    Notes:

  1. Requires specifying the configuration mode (private | exclusive | global | read-only)

1.4.1.3.1. Using the Implicit Configuration Workflow

In the implicit configuration workflow, navigation while in configuration mode is restricted to the configure branch and its descendants.

The configure {private | exclusive | global | read-only} command places the user session in the specified configuration mode and navigates to the top of the configuration tree (/configure). The first line of the session prompt indicates the configuration mode prepended to the context and separated with a colon.

[]
A:admin@node-2# configure exclusive
INFO: CLI #2060: Entering exclusive configuration mode
INFO: CLI #2061: Uncommitted changes are discarded on configuration mode exit
 
[ex:configure]
A:admin@node-2#

When the MD-CLI session is in operational mode, the configure command only accepts a configuration mode parameter and cannot be followed by a path to navigate nor by a configuration element to edit the router configuration.

[]
A:admin@node-2# configure exclusive router
                                    ^^^^^^
MINOR: CLI #2069: Operation not allowed - currently in operational mode
 
[]
A:admin@node-2#

The following navigation commands leave configuration mode if they cause navigation outside the configuration branch.

  1. back, or back with a number greater than the present working context depth
  2. exit, or exit all
  3. CTRL-z
  4. /
  5. }
[ex:configure router "Base"]
A:admin@node-2# exit all
INFO: CLI #2064: Exiting exclusive configuration mode
 
[]
A:admin@node-2#

Commands that do not navigate outside the configure branch or that result in an action or display output are allowed.

[ex:configure]
A:admin@node-2# /show uptime
System Up Time         : 3 days, 00:27:49.35 (hr:min:sec)
 
[ex:configure]
A:admin@node-2#
[ex:configure]
A:admin@node-2# /environment more false
 
[ex:configure]
A:admin@node-2#

Commands that navigate out of a configure branch are not allowed.

[ex:configure]
A:admin@node-2# /show router
MINOR: CLI #2069: Operation not allowed - cannot navigate out of configuration  region
 
[ex:configure]
A:admin@node-2#
[ex:configure]
A:admin@node-2# /tools dump
MINOR: CLI #2069: Operation not allowed - cannot navigate out of configuration  region
 
[ex:configure]
A:admin@node-2#

1.4.1.3.2. Using the Explicit Configuration Workflow

In the explicit configuration workflow, navigation while in configuration mode is unrestricted. Operational and configuration commands can be executed from any context.

The edit-config {private | exclusive | global | read-only} command places the user session in the specified configuration mode. The present working context is not changed. The first line of the session prompt indicates the configuration mode between round brackets.

[show router]
A:admin@node-3# edit-config exclusive
INFO: CLI #2060: Entering exclusive configuration mode
INFO: CLI #2061: Uncommitted changes are discarded on configuration mode exit
 
(ex)[show router]
A:admin@node-3#

When the MD-CLI session is in configuration mode, the configure command can be followed by a path to navigate or by a configuration element to edit the router configuration.

(ex)[]
A:admin@node-2# show router
 
(ex)[show router]
A:admin@node-2# /configure system time zone standard name utc
 
*(ex)[show router]
A:admin@node-2# /configure router
 
*(ex)[configure router "Base"]
A:admin@node-2#

Commands that result in an action or display output can be executed in the configure branch. Navigation outside the configure branch is allowed and does not exit the configuration mode.

(ex)[configure router "Base"]
A:admin@node-3# /show uptime
System Up Time         : 8 days, 23:16:45.01 (hr:min:sec)
 
(ex)[configure router "Base"]
A:admin@node-3# /tools
 
(ex)[tools]
A:admin@node-3#

Configuration commands, such as info and commit, can be executed outside the configure branch.

(ex)[tools]
A:admin@node-2# info
    configure {
        log {
            
--- snip ---
       
(ex)[tools]
A:admin@node-2# commit
 
(ex)[tools]
A:admin@node-2#

The quit-config command exits configuration mode and places the session in operational mode. The quit-config command must be executed from the operational root. The present working context does not change.

(ex)[tools]
A:admin@node-2# exit all
 
(ex)[]
A:admin@node-2# quit-config
INFO: CLI #2064: Exiting exclusive configuration mode
 
[]
A:admin@ndoe-2#

1.4.1.3.3. Transitioning from an Implicit to an Explicit Configuration Workflow

An MD-CLI configuration session can transition from an implicit to an explicit configuration workflow using the edit-config command while in configuration mode.

[]
A:admin@node-2# configure private
INFO: CLI #2070: Entering private configuration mode
INFO: CLI #2061: Uncommitted changes are discarded on configuration mode exit
 
[pr:configure]
A:admin@node-2# /show
MINOR: CLI #2069: Operation not allowed - cannot navigate out of configuration  region
 
[pr:configure]
A:admin@node-2# edit-config private
 
(pr)[configure]
A:admin@node-2# /show
 
(pr)[show]
A:admin@node-2#

Transitioning from an explicit to an implicit configuration workflow is not supported.

1.4.2. Candidate Configuration Modes

To configure the router using the MD-CLI, the user must enter a configuration mode using the explicit or implicit configuration workflow.

The configuration workflow (implicit vs explicit) determines if the user is restricted to the configure branch or if the user can navigate freely while in configuration mode. For more detailed information about configuration workflows, see Implicit and Explicit Configuration Workflows.

The configuration mode determines the interaction with other simultaneous configuration sessions. Table 13 provides an overview of the available configuration modes:

  1. private configuration mode — see Private Configuration Mode for details
  2. exclusive configuration mode — see Exclusive Configuration Mode for details
  3. global configuration mode — see Global Configuration Mode for details
  4. read-only configuration mode — see Read-Only Configuration Mode for details
Table 13:   Configuration Mode Overview 

Private Configuration Mode

Exclusive Configuration Mode

Global Configuration Mode

Read-only Configuration Mode

Candidate configuration accessed

Private candidate configuration

Global candidate configuration

Global candidate configuration

Global candidate configuration

Single vs multiple users

Multiple users can simultaneously configure their own private candidate

Only one user can configure the global candidate

Multiple users can simultaneously configure the shared global candidate

Multiple users can have simultaneous read-only access to the global candidate

Privacy

User can see own changes.

Changes are not visible for read-only sessions.

User can see own changes.

Changes are visible for read-only sessions.

User can see changes from other global configuration sessions.

Changes are visible for read-only sessions.

Users can see changes from global or exclusive configuration sessions

Commits

Own changes are committed

Own changes are committed.

Commits from other configuration changes are blocked.

Changes made by all global configuration sessions are committed

Users cannot commit

Update needed?

Yes - baseline can become out-of-date when another private or global configuration session commits

No - baseline is always up-to-date. Other configuration sessions cannot commit.

Yes - baseline can become out-of-date when a private configuration session commits

No - updates are not allowed in read-only configuration mode

1.4.2.1. Multiple Simultaneous Candidate Configurations

As introduced in Transactional Configuration Method, configuration changes are made in a candidate configuration and copied in the running configuration when the configuration changes are committed and become active.

This section describes:

  1. how the running configuration and a candidate configuration interact using a running datastore, a baseline datastore, and a candidate datastore
  2. how simultaneous configuration sessions access one or multiple candidate configurations as a function of their configuration mod

Figure 2 shows multiple candidate configurations.

Figure 2:  Multiple Candidate Configurations 

The running configuration is the active configuration of the router and is stored in the running datastore. There is only one running configuration in the router and therefore, only one running datastore. The running datastore is always instantiated.

The candidate configuration is a working configuration that contains changes before they are activated in the router. A candidate configuration uses two datastores:

  1. a baseline datastore that contains a snapshot copy of the running datastore at a given moment in time
  2. a candidate datastore that contains changes relative to its associated baseline datastore

Multiple candidate configurations can exist simultaneously in the router with one of the following:

  1. a single global candidate configuration that is accessed by one of the following:
    1. a single session in exclusive configuration mode
    2. one or multiple sessions in global configuration mode
    3. one or multiple sessions in read-only configuration mode
    An exclusive configuration session is mutually exclusive with a global configuration session. Read-only configuration sessions can co-exist with an exclusive configuration session or with one or multiple global configuration sessions.
    The global baseline datastore and global candidate datastore are always instantiated.
  2. up to eight private candidate configurations. A private candidate configuration is accessed by a single session in private configuration mode. The private baseline datastore and private candidate datastore are instantiated when the user enters the private configuration mode and the datastores are deleted from the router when the user exits the private configuration mode.
  3. one single private exclusive candidate configuration for system use only. Only one exclusive session can be active in the router at a time: either a user-started exclusive configuration session accessing the global candidate configuration, or a system-started private exclusive configuration session accessing a private candidate configuration. For more information, see Exclusive Private Configuration Session.

When a configuration session commits its candidate configuration, the router performs the following actions:

  1. verifies the running configuration has not been changed by another configuration session
  2. validates the candidate configuration by verifying the logic, constraints, and completeness of the candidate configuration
  3. activates the candidate configuration by sending the new candidate configuration to the corresponding applications

After a successful commit, the changes are copied to the running datastore, the baseline datastore contains a new copy of the running datastore, and the candidate datastore is empty.

Furthermore, when simultaneous configuration sessions access different candidate configurations:

  1. multiple private configuration sessions each access their own private candidate configuration
  2. one or multiple private configuration sessions each access their own private candidate configuration and one or multiple global configuration sessions all accessing the global candidate configuration
  3. one or multiple private configuration sessions each access their own private candidate configuration and one exclusive configuration session accessing the global candidate configuration
  4. one or multiple private configuration sessions each access their own private candidate configuration and one private exclusive configuration session accessing a private candidate configuration

Each configuration session adds changes in the candidate datastore relative to the baseline associated with the candidate configuration. The baseline datastore contains a snapshot copy of the running datastore at a given time. Therefore, multiple, simultaneous configuration sessions that are active in the router and that access different candidate configurations have their own unique view of the candidate configuration and cannot see other users’ changes, as shown in Figure 3.

Figure 3:  Simultaneous Configuration Sessions 

Changes in a candidate configuration can only be committed when the running configuration has not been changed or touched after the baseline snapshot was taken. In other words, the baseline must be up to date to commit the changes.

Figure 4 shows how the baseline datastore of user-2’s candidate configuration is out-of-date after user-1 committed its changes. An exclamation mark (!) is shown in the prompt to indicate an out-of-date baseline status.

Figure 4:  Simultaneous Configuration Sessions - Baseline Out-of-Date 

Because the baseline is out-of-date, user-2 must update its candidate configuration before committing. An update copies a new snapshot from the running datastore to the baseline datastore and merges the changes from the candidate datastore, as shown in Figure 5.

Figure 5:  Simultaneous Configuration Sessions - Update 

Conflicts can occur when merging changes are committed by more than one configuration session working on the same part of a configuration. A merge conflict occurs when a configuration element is added, deleted, or modified in the candidate configuration and the same configuration element is also added, deleted, or modified in the running configuration after the baseline snapshot was taken. With the update command, the router resolves each merge conflict and installs the result in the candidate configuration, as shown in Figure 6.

Figure 6:  Simultaneous Configuration Sessions - Merge Conflict 

When a commit operation is executed in a configuration session while the baseline is out-of-date, the router first attempts to automatically update the candidate configuration. If a merge conflict is detected, the commit operation is canceled, to allow the administrator to resolve the merge conflicts manually. The candidate configuration remains in the same state as before the commit operation.

In configuration mode, the administrator can use the following tools to check and resolve potential merge conflicts:

  1. compare baseline running - list the changes that were made in the running datastore since a snapshot copy was stored in the baseline datastore
  2. compare baseline candidate or compare - list the candidate configuration changes
  3. update check - perform a dry run update. The router reports all merge conflicts as if an update was performed. The candidate configuration, that is, the baseline candidate datastore, is not changed with this command.

Conflict detection and resolution is detailed in Updating the Candidate Configuration.

1.4.2.2. Private Configuration Mode

In private configuration mode, a private candidate configuration is reserved for editing by a single private configuration session. Each private configuration session works on its own copy of the running configuration. Only the changes made in the private configuration session are visible and can be committed. Private configuration mode can be used when multiple users are configuring simultaneously on different parts of the router configuration.

A private configuration session has the following characteristics:

  1. Each private configuration session accesses its own private candidate configuration. The private candidate configuration is instantiated when the user enters private configuration mode and is deleted form the router when the user exits private configuration mode.
  2. Changes can only be entered in its own private candidate configuration.
  3. Configuration changes are visible only in the private candidate configuration in which the changes are entered.
  4. Uncommitted changes in the private candidate configuration cannot be seen by other private, exclusive, global, or read-only configuration sessions.
  5. When the commit command is issued, only those changes entered in its own private candidate configuration are committed.
  6. When a private configuration session is started, a new private candidate configuration is instantiated and has no uncommitted changes.
  7. When a user leaves private configuration mode, uncommitted changes are discarded and the private candidate configuration is deleted. The user is prompted for confirmation to exit when uncommitted changes are present.

For simultaneous configuration sessions:

  1. Up to eight simultaneous private configuration sessions can co-exist. Each private configuration session accesses its own private candidate configuration. Private candidate configurations can have uncommitted changes when another private configuration session starts. A private configuration session can edit and commit its private candidate configuration while another private configuration session is active.
  2. An exclusive configuration session can co-exist with a private configuration session. The private candidate configuration can have uncommitted changes when an exclusive configuration session starts. The exclusive session can edit and commit changes while a private configuration session is active. The private configuration session can still edit the private candidate configuration, but changes cannot be committed because the exclusive session holds a lock on the running datastore.
  3. Multiple global configuration sessions can co-exist with a private configuration session. A global configuration session accesses the global candidate configuration. The private candidate configuration can have uncommitted changes when the global configuration session starts.
  4. Multiple read-only configuration sessions can co-exist with a private configuration session. Read-only configuration sessions access the global candidate configuration. A read-only configuration session cannot view the changes in the private candidate configuration. The private candidate configuration can have uncommitted changes when a read-only configuration session starts.

Datastore interactions include the following characteristics:

  1. The private baseline datastore becomes out-of-date when another private, exclusive, global, or private exclusive configuration session commits changes to the running datastore after the private baseline snapshot was taken. An out-of-date baseline is indicated in the prompt with an exclamation mark.
  2. An update of the private candidate configuration is needed when its private baseline datastore is out-of-date. An update copies a new snapshot of the running datastore in the private baseline datastore and merges the changes from the private candidate datastore. Merge conflicts detected in a manual update are reported and resolved. Merge conflicts detected in an automatic update as part of a commit operation result in the cancellation of the commit operation.
  3. A snapshot of the running datastore is copied in the private baseline datastore:
    1. at instantiation of the private candidate configuration when a user enters the private configuration mode
    2. when a manual update is performed
    3. after a commit, when no merge conflicts are detected during the automatic update and the updated candidate configuration is valid

When entering private configuration mode, the following messages are displayed:

[]
A:admin@node-2# configure private
INFO: CLI #2070: Entering private configuration mode
INFO: CLI #2061: Uncommitted changes are discarded on configuration mode exit
INFO: CLI #2075: Other configuration sessions are active
Note:

  1. CLI #2075 is shown only when applicable.
  2. To display the current active configuration sessions in the router, use the command show system management-interface configuration-sessions.

When leaving private configuration mode, the following messages are displayed.

  1. without uncommitted changes in the private candidate configuration:
    [pr:configure]
    A:admin@node-2# exit all
    INFO: CLI #2074: Exiting private configuration mode
  2. with uncommitted changes present in the private candidate configuration:
    *[pr:configure]
    A:admin@node-2# exit all
    INFO: CLI #2071: Uncommitted changes are present in the candidate configuration.  Exiting private configuration mode will discard those changes.
     
    Discard uncommitted changes? [y,n] n
    INFO: CLI #2072: Exit private configuration mode canceled
     
    *[pr:configure]
    A:admin@node-2# exit all
    INFO: CLI #2071: Uncommitted changes are present in the candidate configuration.  Exiting private configuration mode will discard those changes.
     
    Discard uncommitted changes? [y,n] y
    WARNING: CLI #2073: Exiting private configuration mode - uncommitted changes are  discarded

1.4.2.3. Exclusive Configuration Mode

In exclusive configuration mode, the global configuration is reserved for editing by a single read-write configuration session. In addition, the running datastore is locked such that no other configuration session can commit changes. Exclusive configuration mode can be used when important router configuration changes must be implemented that cannot be interrupted or delayed, and to avoid the risk of committing other users’ partial completed changes.

An exclusive configuration session has the following characteristics:

  1. An exclusive configuration session accesses the global candidate configuration.
  2. Only one user can enter exclusive configuration mode at a time.
  3. Configuration changes in the global candidate can only be entered by the user in exclusive configuration mode.
  4. Configuration changes in the global candidate are visible for read-only configuration sessions.
  5. Changes in the global candidate configuration can only be committed by the user in exclusive configuration mode
  6. Uncommitted changes cannot be present in the global candidate configuration when an exclusive configuration session starts.
  7. Uncommitted changes are discard from the global candidate configuration when a user leaves the exclusive configuration mode. The user is prompted for confirmation to exit when uncommitted changes are present.

For simultaneous configuration sessions:

  1. Multiple private configuration sessions can co-exist with an exclusive configuration session. Each private configuration session accesses its own private candidate configuration. The global candidate configuration can have uncommitted changes when a private configuration session starts. A private configuration session can edit its private candidate configuration but cannot commit the changes while an exclusive configuration session is active.
  2. Only one exclusive configuration session can be active in the router at a time.
  3. Global configuration sessions are mutually exclusive with an exclusive configuration session.
  4. Multiple read-only configuration sessions can co-exist with an exclusive configuration session. Read-only configuration sessions access the same global candidate configuration. The global candidate configuration can have uncommitted changes when a read-only configuration session starts.

Datastore interactions include the following characteristics:

  1. The global baseline datastore is always up to date. Commits from other configuration sessions are blocked while an exclusive configuration session is active.
  2. An update of the global candidate configuration is not needed in exclusive configuration mode.

When entering exclusive configuration mode, the following messages are displayed:

  1. with a global configuration session active:
    []
    A:admin@node-2# configure exclusive
    MINOR: MGMT_CORE #2052: Exclusive datastore access unavailable - model-driven   interface editing global candidate
  2. with uncommitted changes present in the global candidate configuration:
    []
    A:admin@node-2# configure exclusive
    MINOR: MGMT_CORE #2052: Exclusive datastore access unavailable - model-driven  interface has uncommitted changes in global candidate
  3. with a private configuration session active:
    []
    A:admin@node-3# edit-config exclusive
    INFO: CLI #2060: Entering exclusive configuration mode
    INFO: CLI #2061: Uncommitted changes are discarded on configuration mode exit
    INFO: CLI #2075: Other configuration sessions are active
Note:

  1. MGMT_CORE #2052 and CLI #2075 are shown only when applicable.
  2. To display the current active configuration sessions in the router, use the command show system management-interface configuration-sessions.

When leaving exclusive configuration mode, the following messages are displayed.

  1. without uncommitted changes in the global candidate configuration:
    [ex:configure]
    A:admin@node-2# exit all
    INFO: CLI #2064: Exiting exclusive configuration mode
  2. with uncommitted changes in the global candidate configuration:
    *[ex:configure]
    A:admin@node-2# exit all
    INFO: CLI #2063: Uncommitted changes are present in the candidate configuration.  Exiting exclusive configuration mode will discard those changes.
     
    Discard uncommitted changes? [y,n] n
    INFO: CLI #2065: Exit exclusive configuration mode canceled
     
    *[ex:configure]
    A:admin@node-2# exit all
    INFO: CLI #2063: Uncommitted changes are present in the candidate configuration.  Exiting exclusive configuration mode will discard those changes.
     
    Discard uncommitted changes? [y,n] y
    WARNING: CLI #2062: Exiting exclusive configuration mode - uncommitted changes are  discarded

1.4.2.4. Global Configuration Mode

In global configuration mode, the global configuration is shared with all global configuration sessions. When a user commits their changes, the changes from all users are also committed. Global configuration mode can be used when multiple users are working together on the same part of the router configuration.

A global configuration session has the following characteristics:

  1. A global configuration session accesses the global candidate configuration.
  2. Multiple users can enter global configuration mode simultaneously.
  3. Configuration changes made by one user are visible to all other users in global or read-only configuration mode. Configuration changes in private candidate configurations are not visible.
  4. All changes in the global candidate configuration, from all users, are committed to the running configuration when a user commits the global candidate configuration.
  5. Uncommitted changes can be present in the global candidate configuration when a global configuration session starts.
  6. Uncommitted changes are kept in the global candidate configuration when a user leaves the global configuration mode.

For simultaneous configuration sessions:

  1. Multiple private configuration sessions can co-exist with a global configuration session. Each private configuration session accesses its own private candidate configuration. The global candidate configuration can have uncommitted changes when a private configuration session starts.
  2. An exclusive configuration session is mutually exclusive with a global configuration session.
  3. Multiple global configuration sessions can co-exist. All global configuration sessions access the same global candidate configuration. The global candidate configuration can have uncommitted changes when another global configuration session starts.
  4. Multiple read-only configuration sessions can co-exist with a global configuration session. Read-only configuration sessions access the same global candidate configuration. The global candidate configuration can have uncommitted changes when a read-only configuration session starts.

Datastore interactions include the following characteristics:

  1. The global baseline datastore becomes out-of-date when another private or private exclusive configuration session commits changes to the running datastore after the global baseline snapshot was taken. An out-of-date baseline is indicated in the prompt with an exclamation mark.
  2. An update of the global candidate configuration is needed when its global baseline datastore is out-of-date. An update copies a new snapshot of the running datastore in the global baseline datastore and merges the changes from the global candidate datastore. Merge conflicts detected in a manual update are reported and resolved. Merge conflicts detected in an automatic update as part of a commit operation result in the cancellation of the commit operation.
  3. The baseline datastore tracks the running datastore, that is, changes in the running datastore are automatically copied in the baseline datastore:
    1. after a router reboot
    2. after a successful commit
    3. after a discard with an up to date global baseline
  4. A snapshot copy of the running datastore is copied in the global baseline datastore and tracking stops when the global candidate is touched, for example, when a configuration element has been added, deleted, or modified. A new snapshot of the running datastore is copied to the global baseline datastore when a manual update is performed.

When entering global configuration mode, the following messages are displayed:

[]
A:admin@node-2# configure global
INFO: CLI #2054: Entering global configuration mode
INFO: CLI #2055: Uncommitted changes are present in the candidate configuration
INFO: CLI #2075: Other configuration sessions are active
Note:

  1. CLI #2055 and CLI #2075 are shown only when applicable.
  2. To display the current active configuration sessions in the router, use the command show system management-interface configuration-sessions.

When leaving global configuration mode, the following messages are displayed.

*[gl:configure]
A:admin@node-2# exit all
INFO: CLI #2056: Exiting global configuration mode
INFO: CLI #2057: Uncommitted changes are kept in the candidate configuration
Note:

CLI #2057 is shown only when applicable.

1.4.2.5. Read-Only Configuration Mode

In read-only configuration mode, no changes can be made to the global candidate configuration and no changes can be committed to the running configuration. Read-only configuration mode can be used when reviewing or monitoring configuration changes from other users in the global candidate configuration.

A read-only configuration session has the following characteristics:

  1. A read-only configuration session accesses the global candidate configuration.
  2. Multiple users can enter read-only configuration mode simultaneously.
  3. All configuration changes in the global candidate configuration are visible. Configuration changes in private candidate configurations are not visible.
  4. The global configuration cannot be edited and changes in the global configuration cannot be committed.
  5. Uncommitted changes can be present in the global candidate configuration when a read-only configuration session starts.
  6. Uncommitted changes are kept in the global candidate configuration when a user leaves a read-only configuration mode.

For simultaneous configuration sessions:

  1. Multiple private configuration sessions can co-exist with a read-only configuration session. Each private configuration session accesses its own private candidate configuration. The global candidate configuration can have uncommitted changes when a private configuration session starts.
  2. An exclusive configuration session can co-exist with a read-only configuration session. The exclusive configuration session accesses the same global candidate configuration. The global candidate configuration cannot have uncommitted changes when an exclusive configuration session starts.
  3. Multiple global configuration sessions can co-exist with a read-only configuration session. Global configuration sessions access the same global candidate configuration. The global candidate configuration can have uncommitted changes when another global configuration session starts.
  4. Multiple read-only configuration sessions can co-exist. Read-only configuration sessions access the same global candidate configuration. The global candidate configuration can have uncommitted changes when another read-only configuration session starts.

When entering read-only configuration mode, the following message is displayed:

[]
A:admin@node-2# configure read-only
INFO: CLI #2066: Entering read-only configuration mode

When leaving read-only configuration mode, the following message is displayed.

*[ro:configure]
A:admin@node-2# exit all
INFO: CLI #2067: Exiting read-only configuration mode

1.4.2.6. Transitioning Between Candidate Configuration Modes

Exclusive, global, and read-only configuration sessions that access the global candidate configuration can transition between these configuration modes without exiting and re-entering the configuration mode.

Transitions from and to private configuration mode are not allowed.

Figure 7 summarizes the configuration mode transitions and transitions to operational mode.

Figure 7:  Configuration and Operational Mode Transitions 

Transitioning from exclusive to global or read-only configuration mode causes the candidate changes to be discarded.

[]
A:admin@node-2# edit-config exclusive
INFO: CLI #2060: Entering exclusive configuration mode
INFO: CLI #2061: Uncommitted changes are discarded on configuration mode exit
 
(ex)[]
A:admin@node-2# configure router interface my-int
 
*(ex)[configure router "Base" interface "my-int"]
A:admin@node-2# edit-config global
INFO: CLI #2063: Uncommitted changes are present in the candidate configuration.  Exiting exclusive configuration mode will discard those changes.
 
Discard uncommitted changes? [y,n] n
INFO: CLI #2065: Exit exclusive configuration mode canceled
 
*(ex)[configure router "Base" interface "my-int"]
A:admin@node-2# edit-config read-only
INFO: CLI #2063: Uncommitted changes are present in the candidate configuration.  Exiting exclusive configuration mode will discard those changes.
 
Discard uncommitted changes? [y,n] y
WARNING: CLI #2062: Exiting exclusive configuration mode - uncommitted changes are   discarded
INFO: CLI #2066: Entering read-only configuration mode
 
(ro)[configure router "Base" interface "my-int"]
A:admin@node-2#

Switching from global or read-only to exclusive configuration mode is allowed when no other global or exclusive configuration session is active. Uncommitted changes in the global candidate configuration are kept.

In the following example, the admin disconnect command is used to disconnect another active configuration session before the current session can switch to exclusive configuration.

[]
A:admin@node-2# edit-config global
INFO: CLI #2054: Entering global configuration mode
INFO: CLI #2075: Other configuration sessions are active
 
(gl)[]
A:admin@node-2# configure router interface new-int
 
*(gl)[configure router "Base" interface "new-int"]
A:admin@node-2# edit-config exclusive
MINOR: MGMT_CORE #2052: Exclusive datastore access unavailable - model-driven   interface editing global candidate
 
*(gl)[configure router "Base" interface "new-int"]
A:admin@node-2# /show system management-interface configuration-sessions
===============================================================================
Session ID  Region                 Datastore                     Lock State
   Username                        Session Mode                  Idle Time
   Session Type                    From
-------------------------------------------------------------------------------
#22         configure              Candidate                     Unlocked
   admin                           Global                        0d 00:00:00
   MD-CLI                          135.244.144.235
 23         configure              Candidate                     Unlocked
   user-1                          Global                        0d 00:00:42
   MD-CLI                          135.244.144.235
-------------------------------------------------------------------------------
Number of sessions: 2
'#' indicates the current active session
===============================================================================
 
*(gl)[configure router "Base" interface "new-int"]
A:admin@node-2#
 
*(gl)[configure router "Base" interface "new-int"]
A:admin@node-2# /admin disconnect session-id 23
 
*(gl)[configure router "Base" interface "new-int"]
A:admin@node-2# edit-config exclusive
INFO: CLI #2056: Exiting global configuration mode
INFO: CLI #2057: Uncommitted changes are kept in the candidate configuration
INFO: CLI #2060: Entering exclusive configuration mode
INFO: CLI #2061: Uncommitted changes are discarded on configuration mode exit
 
*(ex)[configure router "Base" interface "new-int"]
A:admin@node-2#

1.4.2.7. Exclusive Private Configuration Session

An exclusive private configuration session is reserved for system internal use.

Note:

Exclusive private is not a configuration mode: an MD-CLI session cannot enter an exclusive private configuration mode.

Router configuration changes are made via an exclusive private configuration session as a result of the following scenarios:

  1. Management Interface Configuration Mode is set to mixed, with one of the following actions:
    1. an SNMP set operation
    2. any (immediate) configuration performed in the classic CLI engine
    3. a gNMI configuration operation
  2. Management Interface Configuration Mode is set to model-driven, with the following action:
    1. a gNMI configuration operation

It is important to be aware that an exclusive private configuration session can exist, as it interacts with other active configuration sessions in the following ways:

  1. An exclusive configuration session and a private exclusive configuration session are mutually exclusive, as they both require a lock on the running datastore.
  2. The global candidate configuration and private candidate configurations can become out-of-date when changes are committed via an exclusive private configuration session.
  3. Commits from global and private configuration sessions are blocked when an exclusive private configuration session is active.
  4. An exclusive private configuration session accesses its own private candidate configuration. Changes are not visible to other configuration sessions until they are committed and become active in the running configuration.

1.4.3. Modifying the Configuration

To modify the router configuration using the MD-CLI, enter (private, exclusive, or global) configuration mode and use the available configuration commands as described in the MD-CLI Command Reference Guide.

To add a new configuration or make changes to the existing configuration, see Adding Configuration Elements. To remove a particular configuration or to return a functionality to its default condition, see Deleting Configuration Elements.

Note:

When entering commands in the MD-CLI, whether from a load file or explicitly in the CLI prompt, all input after a hash (#) is treated as a comment and is ignored.

1.4.4. Adding Configuration Elements

To add configuration statements using the MD-CLI, enter the command or parameter name with a valid value for the parameter as specified by the data type. For some parameters, it is sufficient to type the parameter name to set the parameter configuration.

The current configuration of a parameter is available via the info detail command, even if it is the default value or if the parameter is in an unconfigured state (indicated by ##). The display of default values allows an administrator to view the configuration, particularly in a multi-vendor network with different default settings. An operator may choose to explicitly configure a setting that persists rather than using the default, in case the default changes.

Refer to the MD-CLI Command Reference Guide for configuration commands and their appropriate syntax.

1.4.4.1. Default Values for Key Leafs

A leaf is an element that does not contain any other elements and has a data type, for example, a string, an integer, or an IP address.

Key leafs may have an optional default value that can be used as shorthand notation where a certain default is assumed. For example, configure router bgp with no instance value expands to configure router “Base” bgp. Default values are implemented as follows:

  1. default values cannot be used in a reference
  2. multiple keys in a list can have default values
  3. the first, last, or any key in a list may have a default value
  4. if the first key has a default value, the other keys must be named keys
  5. default values can be used multiple times in any combination; for example, configure router isis expands to configure router “Base” isis 0, and configure router foo isis expands to configure router “foo” isis 0.
  6. the expansion is automatic and displayed in the command prompt context and pwc
(ex)[]
A:admin@node-2# configure router
 
(ex)[configure router "Base"]
A:admin@node-2# 
 
(ex)[]
A:admin@node-2# configure router isis
 
(ex)[configure router "Base" isis 0]
A:admin@node-2# 
 
(ex)[]
A:admin@node-2# configure router ospf
 
(ex)[configure router "Base" ospf 0]
A:admin@node-2#pwc
Present Working Context:
  configure
  router "Base"
  ospf 0
 
(ex)[configure router "Base" ospf 0]
A:admin@node-2#

1.4.4.2. Entering Integer Values

Integer values can be entered in any of the following formats:

  1. decimal
    Enter an integer (whole number) without spaces; for example, 123456.
  2. binary
    Enter 0b followed by the binary value without spaces; for example, 0b1111000100100000. Negative values are not accepted.
  3. hexadecimal
    Enter 0x followed by the hexadecimal value in lowercase or uppercase without spaces; for example, 0x1E240 or 0x1e240. Negative values are not accepted.

Integer values are displayed in decimal format, unless a different output format is specified internally by the system.

*(ex)[configure router "Base" bgp]
A:admin@node-2# connect-retry 0b100100101001
 
*(ex)[configure router "Base" bgp]
A:admin@node-2# info | match connect-retry
    connect-retry 2345
 
*(ex)[configure router "Base" bgp]
A:admin@node-2# connect-retry 0xd80
 
*(ex)[configure router "Base" bgp]
A:admin@node-2# info | match connect-retry
    connect-retry 3456
 
*(ex)[configure router "Base" bgp]
A:admin@node-2#

In this example, the etype parameter is a hexadecimal output value. A decimal value can be entered, but the value is displayed in hexadecimal format.

*[ex:configure filter mac-filter "fn" entry 1 match]
A:admin@node-1# etype ?
 
 etype <number>
 <number> - <0x600..0xffff>
 
   Ethernet type
 
*[ex:configure filter mac-filter "fn" entry 1 match]
A:admin@node-1# etype 65535
 
*[ex:configure filter mac-filter "fn" entry 1 match]
A:admin@node-1# info
    etype 0xffff
 
Note:

Unions of integer and enumerated values do not support binary or hexadecimal input.

In this example of a command with a union of data types, the rate-limit command can have an integer value representing the rate limit (for periodic RADIUS Interim-Update messages), or it can be defined with the unlimited enumerated value. If a numerical value is entered for rate-limit, it must be entered as a decimal number.

*(ex)[configure aaa radius isa-policy "isa-str" accounting nat-periodic-update]
A:admin@node-3# rate-limit ?
 
 rate-limit (<number> | <keyword>)
 <number>  - <1..100000> - packets per second
 <keyword> - unlimited   - packets per second
 Default   - unlimited
 
    Rate limit for periodic RADIUS Interim-Update messages
*(ex)[configure aaa radius isa-policy "isa-str" accounting nat-periodic-update]
A:admin@node-1# rate-limit 0b0010
                           ^^^^^^
MINOR: MGMT_CORE #2301: Invalid element value - 'rate limit' expected number '<1..100000>' (packets per second) or keyword 'unlimited' (packets per second)
 
*(ex)[configure aaa radius isa-policy "isa-str" accounting nat-periodic-update]
A:admin@node-1# rate-limit 2
 
*(ex)[configure aaa radius isa-policy "isa-str" accounting nat-periodic-update]
A:admin@node-1# info
    rate-limit 2

1.4.4.3. Configuring Lists

A list is a sequence of list entries, and all keys of a list are entered on the same line as the list command. In general, the first key of a list is unnamed in the MD-CLI. All other keys are named. The name of the first key is shown in square brackets in ? help. Entering the name of the first key is optional when it is shown in brackets. In the following example, ip-address is the first key and port is the second key. Entering ip-address in the MD-CLI is optional; entering port and any subsequent key names is mandatory.

*(ex)[configure cflowd]
A:admin@node-2# collector ?
 
 [ip-address] (<unicast-ipv4-address> | <global-unicast-ipv6-address>)
 <unicast-ipv4-address>        - <d.d.d.d>
 <global-unicast-ipv6-address> - (<x:x:x:x:x:x:x:x>|<x:x:x:x:x:x:d.d.d.d>)
 
    IP address of a remote Cflowd collector host to receive the exported Cflowd
    data
 
*(ex)[configure cflowd]
A:admin@node-2# collector 10.20.30.40 ?
 
 port <number>
 <number> - <1..65535>
 
    UDP port number on the remote Cflowd collector host to receive the exported
    Cflowd data

The IP address and port number can be entered in one of the following ways:

*(ex)[configure cflowd]
A:admin@node-2# collector ip-address 10.10.20.30 port 7
 
*(ex)[configure cflowd]
A:admin@node-2# collector 10.10.20.30 port 7

There are some exceptions where the first key of a list is named. In these cases, the key name must be entered. In the following example, the key name index must be entered.

*(ex)[configure aaa diameter node "orig-host-name"]
A:admin@node-2# peer ?
 
 index <number>
 <number> - <1..5>
 
    Index of this peer within the Node.
 
*(ex)[configure aaa diameter node "orig-host-name"]
A:admin@node-2# peer 5
                     ^
MINOR: MGMT_CORE #2201: Unknown element - expected key index but was 5
 
*(ex)[configure aaa diameter node "orig-host-name"]
A:admin@node-2# peer index 5
 
*(ex)[configure aaa diameter node "orig-host-name" peer index 5]
A:admin@node-2#

Auto-completion does not select or complete the name of the first key if it is optional. In the following example for configure aaa diameter, the key name for node (origin-host) is optional as indicated by the square brackets, and is not auto-completed when Tab is entered.

(ex)[configure aaa diameter]
A:admin@node-2# node ?
 
 [origin-host] <string>
 <string> - <1..80 characters>
 
    Origin-host name.
 
(ex)[configure aaa diameter]
A:admin@node-2# node //Press Tab
 <origin-host>

If the name of the first key is optional and is not entered as part of the command, the key name can be used as the actual value of the key if it is enclosed in quotation marks.

(ex)[configure aaa diameter]
A:admin@node-2# node "origin-host"
 
*(ex)[configure aaa diameter node "origin-host"]
A:admin@node-2# pwc
Present Working Context:
  configure
  aaa
  diameter
  node "origin-host"
 
*(ex)[configure aaa diameter node "origin-host"]
A:admin@node-2#

If the optional key name is entered, it can be specified as the actual value of the key with or without the quotation marks.

(ex)[configure aaa diameter]
A:admin@node-2# node origin-host origin-host
 
*(ex)[configure aaa diameter node "origin-host"]
A:admin@node-2# pwc
Present Working Context:
  configure
  aaa
  diameter
  node "origin-host"
 
*(ex)[configure aaa diameter node "origin-host"]
A:admin@node-2#

1.4.4.3.1. Special Handling for Lists with all Key Leafs

For lists in which the leafs are all keys (“key-only lists”), the creation of a single entry returns the user to the same context; that is, the MD-CLI session does not enter the context of the list member. This allows the user to enter multiple list items without the need to exit after each item. For example, prefix is a list with a single leaf that is the key. After each prefix entry, the session maintains the same context and other prefix entries can be added without applying the back or exit command.

*(ex)[configure filter match-list ip-prefix-list "my-prefix-list"]
A:admin@node-2# prefix 192.168.10.0/28
 
*(ex)[configure filter match-list ip-prefix-list "my-prefix-list"]
A:admin@node-2# prefix 192.168.20.0/28
 
*(ex)[configure filter match-list ip-prefix-list "my-prefix-list"]
A:admin@node-2# prefix 192.168.30.0/28
 
*(ex)[configure filter match-list ip-prefix-list "my-prefix-list"]
A:admin@node-2# info
    prefix 192.168.10.0/28 { }
    prefix 192.168.20.0/28 { }
    prefix 192.168.30.0/28 { }
 
*(ex)[configure filter match-list ip-prefix-list "my-prefix-list"]
A:admin@node-2#

1.4.4.4. Configuring Leaf-Lists

A leaf-list is an element that contains a sequence of values of a particular data type. Specifying a leaf-list entry in the MD-CLI is additive. New entries are added to existing entries and previous entries are not removed. If a duplicate entry is specified, the order remains. To minimize the number of CLI warnings, no message is displayed.

Single or multiple leaf-list entries can be added in a single command line with the use of brackets. For leaf-lists ordered by the system, the leaf-list entries are automatically reordered, as shown in the following example.

*(ex)[configure ipsec ike-policy 5]
A:admin@node-2# ike-transform 99
 
*(ex)[configure ipsec ike-policy 5]
A:admin@node-2# ike-transform [77 11 55]
 
*(ex)[configure ipsec ike-policy 5]
A:admin@node-2# info
    ike-transform [11 55 77 99]
 
*(ex)[configure ipsec ike-policy 5]
A:admin@node-2# ike-transform [88 22 11]
 
*(ex)[configure ipsec ike-policy 5]
A:admin@node-2# info
    ike-transform [11 22 55 77 88 99]
 
*(ex)[configure ipsec ike-policy 5]
A:admin@node-2# ike-transform [33]
 
*(ex)[configure ipsec ike-policy 5]
A:admin@node-2# info
    ike-transform [11 22 33 55 77 88 99]

For leaf-lists ordered by the user, new entries are appended to the end of the leaf-list.

*(ex)[configure policy-options policy-statement "plcy_str" entry 29]
A:admin@node-2# from prefix-list [ plcy5 plcy1 ]
 
*(ex)[configure policy-options policy-statement "plcy_str" entry 29]
A:admin@node-2# info
    from {
        prefix-list ["plcy5" "plcy1"]
    }
 
*(ex)[configure policy-options policy-statement "plcy_str" entry 29]
A:admin@node-2# from prefix-list plcy3
 
*(ex)[configure policy-options policy-statement "plcy_str" entry 29]
A:admin@node-2# info
    from {
        prefix-list ["plcy5" "plcy1" "plcy3"]
    }
 
*(ex)[configure policy-options policy-statement "plcy_str" entry 29]
A:admin@node-2# from prefix-list plcy1
 
*(ex)[configure policy-options policy-statement "plcy_str" entry 29]
A:admin@node-2# info
    from {
        prefix-list ["plcy5" "plcy1" "plcy3"]
    }
 
*(ex)[configure policy-options policy-statement "plcy_str" entry 29]
A:admin@node-2#

To reorder an ordered-by-user leaf-list, the leaf-list can be deleted and recreated using the desired order. Alternatively, the tilde (~) character can be used to replace a leaf-list, effectively deleting and recreating the leaf-list in one step.

(ex)[]
A:admin@node-6# configure router isis 5
 
*(ex)[configure router "Base" isis 5]
A:admin@node-6# export-policy [test5 test3 test2]
 
*(ex)[configure router "Base" isis 5]
A:admin@node-6# info
    export-policy ["test5" "test3" "test2"]
 
*(ex)[configure router "Base" isis 5]
A:admin@node-6# ~ export-policy [test1 test2 test3 test5]
 
*(ex)[configure router "Base" isis 5]
A:admin@node-6# info
    export-policy ["test1" "test2" "test3" "test5"]
 
*(ex)[configure router "Base" isis 5]
A:admin@node-6#

1.4.4.5. Configuring Leafs with Units

If a leaf is defined by a number value and an associated unit, the user can enter the value in a different base unit than is defined. For example, if a timer is defined in seconds, it is possible to enter a value based on the number of minutes, or a combination of minutes and seconds. These dynamic units in the MD-CLI can be entered in a format that is converted into the base unit based on a conversion factor.

Static units that have no conversion factor must always be entered in the base unit value; for example, a unit of packets per second, or bit errors.

Units are supported for:

  1. memory sizes, for example, bytes
  2. rates, for example, bps
  3. durations, for example, seconds
  4. dates, for example, FRI 11 MAY 2018 15:15:35 UTC

Dynamic units can be entered as a number in one of the following ways:

  1. as a value without a unit — the value is interpreted as the defined base unit. Decimal, binary, and hexadecimal numbers are supported. For example, timer has a base unit of seconds. Entering timer 5, without specifying a unit, configures the timer to 5 seconds.
    *[pr:configure aaa diameter node "node-str" connection]
    A:admin@node-3# timer ?
     
     timer <number>
     <number> - <1..1000> - seconds
     Default  - 30
     
        The value of the timer that determines how frequent connection will be
        attempted towards a peer without an active transport connection.
     
    *[pr:configure aaa diameter node "node-str" connection]
    A:admin@node-3# timer 5
     
    *[pr:configure aaa diameter node "node-str" connection]
    A:admin@node-3# info
        timer 5
     
    *[pr:configure aaa diameter node "node-str" connection]
    A:admin@node-3#
  2. as unique value-unit tuples — the units are separated by a space in any order, and the same unit cannot be used more than once. The value is interpreted as the specified unit and can only be entered as a decimal number. For example, there are many acceptable formats to enter 187 seconds for timer, including any of the following:
    *[pr:configure aaa diameter node "node-str" connection]
    A:admin@node-3# timer 3 minutes 7 seconds
     
    *[pr:configure aaa diameter node "node-str" connection]
    A:admin@node-3# timer 187
     
    *[pr:configure aaa diameter node "node-str" connection]
    A:admin@node-3# timer 1800 deciseconds 700 centiseconds
     
    *[pr:configure aaa diameter node "node-str" connection]
    A:admin@node-3# timer 180000 milliseconds 70 deciseconds
    The configured value is displayed as a positive integer in the defined base unit. Because the unit for timer is defined as seconds, the value displayed in the info command is in seconds, regardless of the format in which it was entered.
    *[pr:configure aaa diameter node "node-str" connection]
    A:admin@node-3# info
        timer 187

The input value is calculated based on the input of all input tuples and validated after Enter is pressed. For example, entering 200 minutes for timer results in an error display, as 12000 seconds is not in the element range.

*[pr:configure aaa diameter node "node-str" connection]
A:admin@node-3# timer 200 minutes
                      ^^^^^^^^^^^
MINOR: MGMT_CORE #2301: Invalid element value - 12000 out of range 1..1000

Entering a value followed by Space and Tab displays valid units for the value, as in the following example. For a value of 200 for timer, the system displays valid unit possibilities, listed in alphabetical order.

*[pr:configure aaa diameter node "node-str" connection]
A:admin@node-3# timer 200 //Press Tab
 centiseconds  deciseconds   seconds
...

If a unit is already present in the input, it is suppressed for any further input.

*[pr:configure aaa diameter node "node-str" connection]
A:admin@node-3# timer 200 //Press Tab
 centiseconds  deciseconds   seconds
 ipv4          ipv6
 delete
*[pr:configure aaa diameter node "node-str" connection]
A:admin@node-3# timer 200 centiseconds 200 //Press Tab
 deciseconds  seconds

The unit names can be singular or plural, depending on the numerical value entered. For a numerical value of 1, the unit names displayed are their singular form.

*[]
A:admin@node-2# commit confirmed timeout 1 //Press Tab
 day         hour        minute      week
 
 ...
 
*[]
A:admin@node-2# commit confirmed timeout 2 //Press Tab
 days        hours       minutes     weeks
 
 ...
 
*[]
A:admin@node-2#

Auto-completion is supported for valid units entered after a value.

Table 14, Table 15, and Table 16 list units that have a conversion factor that allows a leaf with a specific base unit to be defined in a dynamic unit. The valid unit keywords for each unit name are also provided.

Table 14 shows the valid inputs for memory sizes based on the dynamic unit.

Table 14:  Dynamic Units for Memory Sizes  

Unit Name

Valid MD-CLI Input

bytes

  1. bytes
  2. byte

kilobytes

  1. kilobytes
  2. kilobytes
  3. kbytes
  4. kbyte

megabytes

  1. megabytes
  2. megabyte
  3. mbytes
  4. mbyte

gigabytes

  1. gigabytes
  2. gigabyte
  3. gbytes
  4. gbyte

terabytes

  1. terabytes
  2. terabyte
  3. tbytes
  4. tbyte

Table 15 shows the valid inputs for rates of speed based on the dynamic unit.

Table 15:  Dynamic Units for Rates  

Unit Name

Valid MD-CLI Input

bps (bits per second)

  1. bps

kilobps (kilobits per second)

  1. kilobps
  2. kbps

megabps (megabits per second)

  1. megabps
  2. mbps

gigabps (gigabits per second

  1. gigabps
  2. gbps

terabps (terabits per second)

  1. terabps
  2. tbps

petabps (petabits per second)

  1. petabps
  2. pbps

exabps (exabits per second)

  1. exabps
  2. ebps

Table 16 shows the valid inputs for time durations based on the dynamic unit.

Table 16:  Dynamic Units for Duration  

Unit Name

Valid MD-CLI Input

picoseconds

  1. picoseconds
  2. picosecond
  3. psecs
  4. psec

nanoseconds

  1. nanoseconds
  2. nanosecond
  3. nsecs
  4. nsec

microseconds

  1. microseconds
  2. microsecond
  3. usecs
  4. usec

milliseconds

  1. milliseconds
  2. millisecond
  3. msecs
  4. msec

centiseconds

  1. centiseconds
  2. centisecond
  3. csecs
  4. csec

deciseconds

  1. deciseconds
  2. decisecond
  3. dsecs
  4. dsec

seconds

  1. seconds
  2. second
  3. secs
  4. sec

minutes

  1. minutes
  2. minute
  3. mins
  4. min

hours

  1. hours
  2. hour
  3. hrs
  4. hr

days

  1. days
  2. day

weeks

  1. weeks
  2. week
  3. wks
  4. wk

Table 17 shows the valid inputs for dates based on the time format.

Table 17:  Dynamic Units for Dates  

Time Format

Valid MD-CLI Input

“yyyy-mm-dd hh:mm[:ss] [TZ]”

For example: “2018-06-01 13:12:59 EDT”

yyyy is RFC 3339 date-fullyear

mm is RFC 3339 date-month

dd is RFC 3339 date-mday

hh is RFC 3339 time-hour

mm is RFC 3339 time-minute, requires preceding zeros

ss is RFC 3339 time-second, requires preceding zeros (optional)

TZ is the time-zone name (optional)

This format must be enclosed in double quotation marks.

“[DAY] dd MON yyyy hh:mm[:ss] [TZ]”

For example: “FRI 11 MAY 2018 13:21:11 EDT”

DAY is the name of the day of the week (SUN, MON, TUE, WED, THU, FR, SAT),(optional)

dd is RFC 3339 date-mday

MON is the name of the month (JAN, FEB, MAR, APR, MAY, JUN, JUL, AUG, SEP, OCT, NOV, DEC)

yyyy is RFC 3339 date-fullyear

hh is RFC 3339 time-hour

mm is RFC 3339 time-minute, requires preceding zeros

ss is RFC 3339 time-second, requires preceding zeros (optional)

TZ is the time-zone name (optional)

This format must be enclosed in double quotation marks.

yyyy-mm-ddThh:mm:ss[.fr][(Z|(+|-)hh:mm)]

For example: 2018-05-11T13:21:11-0400

or

2018-05-11T17:21:11Z

This format follows ISO 8601, and can be enclosed in double quotation marks.

1.4.4.6. Flexible Input for MAC and IPv6 Addresses

Flexible input is available for MAC and IPv6 addresses, where both uppercase and lowercase hexadecimal digits are accepted.

This example shows the hexadecimal digits in an IPv6 address entered in both uppercase and lowercase. IPv6 addresses are displayed in lowercase hexadecimal digits using zero compression, according to RFC 5952, A Recommendation for IPv6 Address Text Representation.

*(gl)[configure aaa diameter node "ns"]
A:admin@node-2# ipv6-source-address 2001:0Db8:aAa3:0000:0000:8a2E:3710:7335
 
*(gl)[configure aaa diameter node "ns"]
A:admin@node-2# info
    ipv6-source-address 2001:db8:aaa3::8a2e:3710:7335
 
*(gl)[configure aaa diameter node "ns"]
A:admin@node-2#

For MAC addresses, the dash (-) separator can also be used in place of the colon (:).

*(gl)[configure groups group "g" qos sap-ingress "str" mac-criteria entry "es" match  dst-mac]
A:admin@node-2# address aa-BB-cc-DD-eE-Ff
 
*(gl)[configure groups group "g" qos sap-ingress "str" mac-criteria entry "es" match  dst-mac]
A:admin@node-2# info
    address aa:bb:cc:dd:ee:ff
 
*(gl)[configure groups group "g" qos sap-ingress "str" mac-criteria entry "es" match  dst-mac]
A:admin@node-2#

Flexible input is also available for MAC addresses using dot (.) notation:

*(ex)[configure filter mac-filter "str" entry 33 match]
A:admin@node-2# dst-mac address aaBB.ccDD.eEFf
 
*(ex)[configure filter mac-filter "str" entry 33 match]
A:admin@node-2# info
    dst-mac {
        address aa:bb:cc:dd:ee:ff
    }
 
*(ex)[configure filter mac-filter "str" entry 33 match]
A:admin@node-2#

1.4.4.7. Input Translation

The MD-CLI supports the following input translation for UTF-8 character encoding:

  1. curly quotation mark to ASCII quotation mark (")
  2. curly apostrophe to ASCII apostrophe (')
  3. hyphens and dashes, including minus sign, en dash, em dash, and others to ASCII hyphen-minus (-)

The input translation allows copy and paste functionality from word processing applications that use UTF-8 curly quotation marks, hyphens, or dashes.

1.4.5. Deleting Configuration Elements

The delete command removes explicit configuration and returns the element configuration to the system default state or value. If there is no defined default for an element, the element returns to an unconfigured state.

The delete command can be used to delete any configuration element, such as:

  1. leafs
  2. containers
  3. lists
  4. leaf-lists

If an element has sub-elements (for example, a container with more containers and leafs), all of the sub-elements are also deleted as part of the parent deletion.

Note:

If the configuration element to be removed does not exist, no warning messages are displayed.

1.4.5.1. Deleting Leafs

The following configuration example deletes three leafs; admin-state and connect-retry return to their default values, and description returns to an unconfigured state.

*(gl)[configure router "Base" bgp]
A:admin@node-2# info
    admin-state disable
    description "BGP description"
    connect-retry 65535
 
*(gl)[configure router "Base" bgp]
A:admin@node-2# delete admin-state
 
*(gl)[configure router "Base" bgp]
A:admin@node-2# delete description
 
*(gl)[configure router "Base" bgp]
A:admin@node-2# delete connect-retry
 
*(gl)[configure router "Base" bgp]
A:admin@node-2# info detail
    admin-state enable
 ## description
    connect-retry 120
    keepalive 30
    damping false
    local-preference 100
    loop-detect ignore-loop
<snip>

1.4.5.2. Deleting Containers

To remove a container, the delete command is specified before the container name. The following examples show the deletion of the node container from two different contexts.

This example removes the container from context configure aaa diameter:

*[pr:configure aaa diameter]
A:admin@node-3# info
    node "node-str" {
        description "Diameter node node-str"
        connection {
            timer 999
        }
        peer index 5 {
            watchdog-timer 555
        }
    }
 
*[pr:configure aaa diameter]
A:admin@node-3# delete node "node-str"
 
[pr:configure aaa diameter]
A:admin@node-3# info detail
 ## node
 ## peer-policy

This example removes the container from context configure aaa:

*[pr:configure aaa diameter]
A:admin@node-3# info
    node "node-str2" {
        description "Diameter node node-str2"
        connection {
            timer 888
        }
        peer index 3 {
            watchdog-timer 345
        }
    }
*[pr:configure aaa diameter]
A:admin@node-3# back
 
*[pr:configure aaa]
A:admin@node-3# diameter delete node "node-str2"
 
*[pr:configure aaa]
A:admin@node-3# info
 
*[pr:configure aaa]
A:admin@node-3# info detail
    radius {
        coa-port 3799
     ## acct-on-off-group
     ## server-policy
     ## route-downloader
     ## l2tp-accounting-policy
     ## isa-policy
    }
    diameter {
     ## node
     ## peer-policy
    }
    wpp {
     ## system-name
     ## portal-group
    }

In both of the preceding examples above, the node container is returned to an unconfigured state, as indicated by the ##.

In the following example, the timers element is a container, which contains sub-elements that are also containers; the lsa-generate and spf-wait elements. The placement of the delete command determines whether the timers element (and all of its sub-elements) are deleted, or one of the sub-elements.

*(ex)[configure router "Base" ospf 0]
A:admin@node-2# info
    timers {
        lsa-generate {
            max-lsa-wait 8000
            lsa-initial-wait 10
            lsa-second-wait 1000
        }
        spf-wait {
            spf-max-wait 2000
            spf-initial-wait 50
            spf-second-wait 100
        }
    }
    area 0.0.0.0 {
    }

To delete the lsa-generate element and its parameters, the delete command is specified before the lsa-generate element. The info command shows that the spf-wait parameters are still configured.

*(ex)[configure router "Base" ospf 0]
A:admin@node-2# timers delete lsa-generate
 
*(ex)[configure router "Base" ospf 0]
A:admin@node-2# info
    timers {
        spf-wait {
            spf-max-wait 2000
            spf-initial-wait 50
            spf-second-wait 100
        }
    }
    area 0.0.0.0 {
    }

If the delete command is placed before the timers element, all elements within the timers element are also deleted.

*(ex)[configure router "Base" ospf 0]
A:admin@node-2# info
    timers {
        lsa-generate {
            max-lsa-wait 8000
            lsa-initial-wait 10
            lsa-second-wait 1000
        }
        spf-wait {
            spf-max-wait 2000
            spf-initial-wait 50
            spf-second-wait 100
        }
    }
    area 0.0.0.0 {
    }
 
*(ex)[configure router "Base" ospf 0]
A:admin@node-2# delete timers
 
(ex)[configure router "Base" ospf 0]
A:admin@node-2# info
    area 0.0.0.0 {
    }

1.4.5.3. Deleting List Entries and Lists

To remove a list entry, the delete operation is specified before the list name and the entry to be removed.

*(ex)[configure service]
A:admin@node-2# info | match pw-template
    pw-template "pw-1" {
    pw-template "pw-3" {
    pw-template "pw-5" {
    pw-template "pw-8" {
 
*(ex)[configure service]
A:admin@node-2# delete pw-template “pw-3”
 
*(ex)[configure service]
A:admin@node-2# info | match pw-template
    pw-template "pw-1" {
    pw-template "pw-5" {
    pw-template "pw-8" {
 
*(ex)[configure service]
A:admin@node-2#

An explicit wildcard (*) deletes all members of a list.

*(ex)[configure service]
A:admin@node-2# info | match pw-template
    pw-template "pw-1" {
    pw-template "pw-5" {
    pw-template "pw-8" {
 
*(ex)[configure service]
A:admin@node-2# delete pw-template *
 
*(ex)[configure service]
A:admin@node-2# info | match pw-template
 
*(ex)[configure service]
A:admin@node-2#

If the list is a multi-key list, a combination of specific members and wildcards (*) can be used. In the following example, mep is a multikey list, where the keys are md-admin-name, ma-admin-name, and mep-id.

*(ex)[configure service epipe "svc-name" sap 1/1/4:1 eth-cfm]
A:admin@node-2# info
    mep md-admin-name "ref1" ma-admin-name "ref2" mep-id 5 {
    }  
    mep md-admin-name "ref1" ma-admin-name "ref3" mep-id 5 {
    }
    mep md-admin-name "ref6" ma-admin-name "ref3" mep-id 99 {
    }
 
*(ex)[configure service epipe "svc-name" sap 1/1/4:1 eth-cfm]
A:admin@node-2#

The following delete operation deletes all lists with mep-id of 5, regardless of the md-admin-name or ma-admin-name.

*(ex)[configure service epipe "svc-name" sap 1/1/4:1 eth-cfm]
A:admin@node-2# delete mep md-admin-name * ma-admin-name * mep-id 5
 
*(ex)[configure service epipe "svc-name" sap 1/1/4:1 eth-cfm]
A:admin@node-2# info
    mep md-admin-name "ref6" ma-admin-name "ref3" mep-id 99 {
    }
 
*(ex)[configure service epipe "svc-name" sap 1/1/4:1 eth-cfm]
A:admin@node-2#

The following delete operation removes all lists where ma-admin-name is “ref3” and mep-id is 5.

*(ex)[configure service epipe "svc-name" sap 1/1/4:1 eth-cfm]
A:admin@node-2# info
    mep md-admin-name "ref1" ma-admin-name "ref2" mep-id 5 {
    }
    mep md-admin-name "ref1" ma-admin-name "ref3" mep-id 5 {
    }
    mep md-admin-name "ref6" ma-admin-name "ref3" mep-id 99 {
    }
 
*(ex)[configure service epipe "svc-name" sap 1/1/4:1 eth-cfm]
A:admin@node-2# delete mep md-admin-name * ma-admin-name “ref3” mep-id 5
 
*(ex)[configure service epipe "svc-name" sap 1/1/4:1 eth-cfm]
A:admin@node-2# info
    mep md-admin-name "ref1" ma-admin-name "ref2" mep-id 5 {
    }
    mep md-admin-name "ref6" ma-admin-name "ref3" mep-id 99 {
    }
 
*(ex)[configure service epipe "svc-name" sap 1/1/4:1 eth-cfm]
A:admin@node-2#

The following delete operation removes all lists where md-admin-name is “ref1”.

*(ex)[configure service epipe "svc-name" sap 1/1/4:1 eth-cfm]
A:admin@node-2# info
    mep md-admin-name "ref1" ma-admin-name "ref2" mep-id 5 {
    }
    mep md-admin-name "ref1" ma-admin-name "ref3" mep-id 5 {
    }
    mep md-admin-name "ref6" ma-admin-name "ref3" mep-id 99 {
    }
 
*(ex)[configure service epipe "svc-name" sap 1/1/4:1 eth-cfm]
A:admin@node-2# delete mep md-admin-name “ref1” ma-admin-name * mep-id *
 
*(ex)[configure service epipe "svc-name" sap 1/1/4:1 eth-cfm]
A:admin@node-2# info
    mep md-admin-name "ref6" ma-admin-name "ref3" mep-id 99 {
    }
 
*(ex)[configure service epipe "svc-name" sap 1/1/4:1 eth-cfm]
A:admin@node-2#

1.4.5.3.1. Deleting Leaf-List Entries and Leaf-Lists

To remove a leaf-list entry, the delete operation is specified before the leaf-list name and the entry to be removed.

*(ex)[configure system security user-params local-user user "test" console]
A:admin@node-2# info
    member ["profile-a" "profile-b" "profile-x"]
 
*(ex)[configure system security user-params local-user user "test" console]
A:admin@node-2# delete member “profile-a”
 
*(ex)[configure system security user-params local-user user "test" console]
A:admin@node-2# info
    member ["profile-b" "profile-x"]
 
*(ex)[configure system security user-params local-user user "test" console]
A:admin@node-2#

Multiple leaf-list entries can be deleted in a single command with the use of brackets. The entries do not need to be in any specific order.

*(ex)[configure system security user-params local-user user "test" console]
A:admin@node-2# info
    member ["profile-a" "profile-b" "profile-f" "profile-x" "profile-c"]
 
*(ex)[configure system security user-params local-user user "test" console]
A:admin@node-2# delete member [“profile-c” “profile-f”]
 
*(ex)[configure system security user-params local-user user "test" console]
A:admin@node-2# info
    member ["profile-a" "profile-b" "profile-x"]
 
*(ex)[configure system security user-params local-user user "test" console]
A:admin@node-2#

An explicit wildcard (*) deletes all members of a leaf-list.

*(ex)[configure system security user-params local-user user "test" console]
A:admin@node-2# info
    member ["profile-b" "profile-x"]
 
*(ex)[configure system security user-params local-user user "test" console]
A:admin@node-2# delete member *
 
*(ex)[configure system security user-params local-user user "test" console]
A:admin@node-2# info
 
*(ex)[configure system security user-params local-user user "test" console]
A:admin@node-2#

The wildcard can optionally be enclosed in brackets.

*(ex)[configure system security user-params local-user user "test" console]
A:admin@node-2# delete member [*]

Deleting all members of a leaf-list sets the list to the unconfigured state (as indicated in the info detail display by the “##”).

*(ex)[configure system security user-params local-user user "test" console]
A:admin@node-2# delete member *
 
*(ex)[configure system security user-params local-user user "test" console]
A:admin@node-2# info detail | match member
 ## member
 
*(ex)[configure system security user-params local-user user "test" console]
A:admin@node-2# 

1.4.6. Copying Configuration Elements

The output from the info commands can be copied and pasted and used as a direct input to another MD-CLI session, or loaded from a file.

The following example shows the output from the info command, displaying the following configuration for the profile of the user “guest1”.

*(ex)[configure system security aaa local-profiles profile "guest1"]
A:admin@node-2# info
    default-action permit-all
    entry 10 {
        action deny
        match "configure system security"
    }
    entry 20 {
        action deny
        match "configure li"
    }
    entry 30 {
        action deny
        match "show li"
    }
    entry 40 {
        action deny
        match "tools"
    }

The output can be copied and pasted to configure an identical profile for another user; for example, “guest2”. The working context must be at the same hierarchy level, as the info command output is context-sensitive.

Enter the context for configuring the profile for guest2:

(ex)[]
A:admin@node-2# configure system security aaa local-profiles profile guest2
 
*(ex)[configure system security aaa local-profiles profile "guest2"]
A:admin@node-2#

Copy the info command output and paste each line into the command line:

*(ex)[configure system security aaa local-profiles profile "guest2"]
A:admin@node-2#     default-action permit-all
 
*(ex)[configure system security aaa local-profiles profile "guest2"]
A:admin@node-2#     entry 10 {
 
*(ex)[configure system security aaa local-profiles profile "guest2" entry 10]
A:admin@node-2#         action deny
 
*(ex)[configure system security aaa local-profiles profile "guest2" entry 10]
A:admin@node-2#         match "configure system security"
 
*(ex)[configure system security aaa local-profiles profile "guest2" entry 10]
A:admin@node-2#     }
 
*(ex)[configure system security aaa local-profiles profile "guest2"]
A:admin@node-2#     entry 20 {
 
*(ex)[configure system security aaa local-profiles profile "guest2" entry 20]
A:admin@node-2#         action deny
 
*(ex)[configure system security aaa local-profiles profile "guest2" entry 20]
A:admin@node-2#         match "configure li"
 
*(ex)[configure system security aaa local-profiles profile "guest2" entry 20]
A:admin@node-2#     }
 
*(ex)[configure system security aaa local-profiles profile "guest2"]
A:admin@node-2#     entry 30 {
 
*(ex)[configure system security aaa local-profiles profile "guest2" entry 30]
A:admin@node-2#         action deny
 
*(ex)[configure system security aaa local-profiles profile "guest2" entry 30]
A:admin@node-2#         match "show li"
 
*(ex)[configure system security aaa local-profiles profile "guest2" entry 30]
A:admin@node-2#     }
 
*(ex)[configure system security aaa local-profiles profile "guest2"]
A:admin@node-2#     entry 40 {
 
*(ex)[configure system security aaa local-profiles profile "guest2" entry 40]
A:admin@node-2#         action deny
 
*(ex)[configure system security aaa local-profiles profile "guest2" entry 40]
A:admin@node-2#         match "tools"
 
*(ex)[configure system security aaa local-profiles profile "guest2" entry 40]
A:admin@node-2#     }
 
*(ex)[configure system security aaa local-profiles profile "guest2"]
A:admin@node-2#

The info command displays the configuration changes for profile “guest2”, which are identical to the configuration for profile “guest1”.

*(ex)[configure system security aaa local-profiles profile "guest2"]
A:admin@node-2# info
    default-action permit-all
    entry 10 {
        action deny
        match "configure system security"
    }
    entry 20 {
        action deny
        match "configure li"
    }
    entry 30 {
        action deny
        match "show li"
    }
    entry 40 {
        action deny
        match "tools"
    }
 
*(ex)[configure system security aaa local-profiles profile "guest2"]
A:admin@node-2#

Similarly, the info flat command output can be copied and pasted for the user profile for “guest3”; for example:

*(ex)[configure system security aaa local-profiles profile "guest2"]
A:admin@node-2# info flat
    default-action permit-all
    entry 10 action deny
    entry 10 match "configure system security"
    entry 20 action deny
    entry 20 match "configure li"
    entry 30 action deny
    entry 30 match "show li"
    entry 40 action deny
    entry 40 match "tools"
*(ex)[configure system security aaa local-profiles profile "guest2"]
A:admin@node-2#
*(ex)[configure system security aaa local-profiles profile "guest1"]
A:admin@node-2# /configure system security aaa local-profiles profile "guest3"
 
*(ex)[configure system security aaa local-profiles profile "guest3"]
A:admin@node-2#  default-action permit-all
 
*(ex)[configure system security aaa local-profiles profile "guest3"]
A:admin@node-2#     entry 10 action deny
 
*(ex)[configure system security aaa local-profiles profile "guest3"]
A:admin@node-2#     entry 10 match "configure system security"
 
*(ex)[configure system security aaa local-profiles profile "guest3"]
A:admin@node-2#     entry 20 action deny
 
*(ex)[configure system security aaa local-profiles profile "guest3"]
A:admin@node-2#     entry 20 match "configure li"
 
*(ex)[configure system security aaa local-profiles profile "guest3"]
A:admin@node-2#     entry 30 action deny
 
*(ex)[configure system security aaa local-profiles profile "guest3"]
A:admin@node-2#     entry 30 match "show li"
 
*(ex)[configure system security aaa local-profiles profile "guest3"]
A:admin@node-2#     entry 40 action deny
 
*(ex)[configure system security aaa local-profiles profile "guest3"]
A:admin@node-2#     entry 40 match "tools"
 
*(ex)[configure system security aaa local-profiles profile "guest3"]
A:admin@node-2# info
    default-action permit-all
    entry 10 {
        action deny
        match "configure system security"
    }
    entry 20 {
        action deny
        match "configure li"
    }
    entry 30 {
        action deny
        match "show li"
    }
    entry 40 {
        action deny
        match "tools"
    }
 
*(ex)[configure system security aaa local-profiles profile "guest3"]
A:admin@node-2#

The output from the info full-context command contains the full configuration path for the configuration statements. This output can be used to reconfigure the same user profile on another router, or to rebuild the user profile if it was deleted or discarded. The following example begins with a “guest1” user profile, which is subsequently deleted and re-added using the output from the info full-context command.

The following output shows the “guest1” user profile:

*(ex)[configure system security aaa local-profiles profile "guest1"]
A:admin@node-2# info full-context
    /configure system security aaa local-profiles profile "guest1" default-action  permit-all
    /configure system security aaa local-profiles profile "guest1" entry 10 action deny
    /configure system security aaa local-profiles profile "guest1" entry 10 match "configure system security"
    /configure system security aaa local-profiles profile "guest1" entry 20 action deny
    /configure system security aaa local-profiles profile "guest1" entry 20 match "configure li"
    /configure system security aaa local-profiles profile "guest1" entry 30 action deny
    /configure system security aaa local-profiles profile "guest1" entry 30 match "show li"
    /configure system security aaa local-profiles profile "guest1" entry 40 action deny
    /configure system security aaa local-profiles profile "guest1" entry 40 match "tools"
 
*(ex)[configure system security aaa local-profiles profile "guest1"]
A:admin@node-2#

The “guest1” user profile is deleted, and the info full-context command after the delete shows no matches for profile “guest1”:

*(ex)[configure system security aaa local-profiles profile "guest1"]
A:admin@node-2# back
 
*(ex)[configure system security aaa local-profiles]
A:admin@node-2# delete profile “guest1”
 
*(ex)[configure system security aaa local-profiles]
A:admin@node-2# info full-context | match guest1
 
*(ex)[configure system security aaa local-profiles]
A:admin@node-2# 

In the next step, the original full-context output for “guest1” is copied and pasted. Since the output contains the full configuration path, the statements can be pasted from any configuration context.

*(ex)[configure system security aaa local-profiles]
A:admin@node-2# top
 
*(ex)[configure]
A:admin@node-2#  /configure system security aaa local-profiles profile "guest1" default-action permit-all
 
(ex)[configure]
A:admin@node-2#     /configure system security aaa local-profiles profile "guest1" entry 10 { }
 
*(ex)[configure system security aaa local-profiles profile "guest1"]
A:admin@node-2#     /configure system security aaa local-profiles profile "guest1" entry 10 action deny
 
*(ex)[configure system security aaa local-profiles profile "guest1"]
A:admin@node-2#     /configure system security aaa local-profiles profile "guest1" entry 10 match "configure system security"
 
*(ex)[configure system security aaa local-profiles profile "guest1"]
A:admin@node-2#     /configure system security aaa local-profiles profile "guest1" entry 20 { }
 
*(ex)[configure system security aaa local-profiles profile "guest1"]
A:admin@node-2#     /configure system security aaa local-profiles profile "guest1" entry 20 action deny
 
*(ex)[configure system security aaa local-profiles profile "guest1"]
A:admin@node-2#     /configure system security aaa local-profiles profile "guest1" entry 20 match "configure li"
 
*(ex)[configure system security aaa local-profiles profile "guest1"]
A:admin@node-2#     /configure system security aaa local-profiles profile "guest1" entry 30 { }
 
*(ex)[configure system security aaa local-profiles profile "guest1"]
A:admin@node-2#     /configure system security aaa local-profiles profile "guest1" entry 30 action deny
 
*(ex)[configure system security aaa local-profiles profile "guest1"]
A:admin@node-2#     /configure system security aaa local-profiles profile "guest1" entry 30 match "show li"
 
*(ex)[configure system security aaa local-profiles profile "guest1"]
A:admin@node-2#     /configure system security aaa local-profiles profile "guest1" entry 40 { }
 
*(ex)[configure system security aaa local-profiles profile "guest1"]
A:admin@node-2#     /configure system security aaa local-profiles profile "guest1" entry 40 action deny
 
*(ex)[configure system security aaa local-profiles profile "guest1"]
A:admin@node-2#     /configure system security aaa local-profiles profile "guest1" entry 40 match "tools"
 
*(ex)[configure system security aaa local-profiles profile "guest1"]
A:admin@node-2#
 
*(ex)[configure system security aaa local-profiles profile "guest1"]
A:admin@node-2# info
    default-action permit-all
    entry 10 {
        action deny
        match "configure system security"
    }
    entry 20 {
        action deny
        match "configure li"
    }
    entry 30 {
        action deny
        match "show li"
    }
    entry 40 {
        action deny
        match "tools"
    }
 
*(ex)[configure system security aaa local-profiles profile "guest1"]
A:admin@node-2#

The displayed output from the compare command can also be used to copy and paste statements in the MD-CLI. See section 1.4.7.1 for information about using the compare command.

1.4.7. Committing a Configuration

1.4.7.1. Viewing the Uncommitted Configuration Changes

The compare command in the MD-CLI compares configurations and displays the difference in one output. The command can only be executed from within the configuration context.

— compare [[from] configuration-source] [[to] configuration-source]
— flat
— full-context
— lines number
— summary

Table 18 provides a description of the compare command options.

Table 18:  Compare Command Options  

Option

Description

[from] configuration-source

Specify the reference datastore or configuration source to compare (default is from baseline). Options are:

  1. running
  2. candidate
  3. baseline
  4. url string
  5. rollback checkpoint-id
  6. startup

[to] configuration-source

Specify the datastore or configuration source to compare against (default is to candidate). Options are:

  1. running
  2. candidate
  3. baseline
  4. url string
  5. rollback checkpoint-id
  6. startup

flat

Show the context starting from the present working context

full-context

Show the context starting at the branch root

lines number

Show the specified number of lines before and after the changed element

summary

Suppress specific differences and display a summarized comparison

The following characters are used at the beginning of the output lines, to indicate the status of the element in the configuration:

  1. - (minus) — element is only in the first (from) configuration, displayed first
  2. + (plus) — element is only in the second (to) configuration, displayed second
  3. (space) — element is unchanged
  4. ~ (tilde) — new value of the element that changed (only used in the summary option)
  5. {...} — deleted elements compressed to its highest container (only used in the summary option)
*(ex)[configure]
A:admin@node-2# compare
    log {
+       accounting-policy 5 {
+           description "For aa-admit-deny statistics"
+           collection-interval 69
+           include-system-info true
+           record aa-admit-deny
+       }
+       accounting-policy 8 {
+       }
    }
 
Note:

The +/-/~ output from the compare command can be copied and pasted, or loaded from a file. Refer to section 1.4.7.1.1 for an example.

Because the compare command uses the default from running, the command compare to candidate is equivalent to compare from running to candidate. Executing compare to running, without specifying the from option is equivalent to compare from running to running, which shows no differences.

 
*(ex)[configure]
A:admin@node-2# compare to running
 
*(ex)[configure]
A:admin@node-2# compare to candidate
    log {
+       accounting-policy 5 {
+           description "For aa-admit-deny statistics"
+           collection-interval 69
+           include-system-info true
+           record aa-admit-deny
+       }
+       accounting-policy 8 {
+       }
    }
 
*(ex)[configure]
A:admin@node-2# compare from running to candidate
    log {
+       accounting-policy 5 {
+           description "For aa-admit-deny statistics"
+           collection-interval 69
+           include-system-info true
+           record aa-admit-deny
+       }
+       accounting-policy 8 {
+       }
    }

The following displays the output using the flat and full-context options.

*(ex)[configure]
A:admin@node-2# compare flat
+   log { accounting-policy 5 }
+   log accounting-policy 5 description "For aa-admit-deny statistics"
+   log accounting-policy 5 collection-interval 69
+   log accounting-policy 5 include-system-info true
+   log accounting-policy 5 record aa-admit-deny
+   log { accounting-policy 8 }
 
*(ex)[configure]
A:admin@node-2# compare full-context
+   /configure log { accounting-policy 5 }
+   /configure log accounting-policy 5 description "For aa-admit-deny statistics"
+   /configure log accounting-policy 5 collection-interval 69
+   /configure log accounting-policy 5 include-system-info true
+   /configure log accounting-policy 5 record aa-admit-deny
+   /configure log { accounting-policy 8 }
 
*(ex)[configure]
A:admin@node-2#

The following example shows the difference between the compare and compare summary commands. The compare command shows the deletion and addition of configuration changes, each on its own line, and the compare summary command shows the configuration change summarized on one line with a ~ character.

*(ex)[]
A:admin@node-2# compare
    router "Base" {
        interface "system" {
            ipv4 {
                primary {
-                   address 1.1.1.1
+                   address 10.243.5.96
                }
            }
        }
    }
 
*(ex)[]
A:admin@node-2# compare summary
    router "Base" {
        interface "system" {
            ipv4 {
                primary {
~                   address 10.243.5.96
                }
            }
        }
    }
 
*(ex)[]
A:admin@node-2#

When the compare command is executed with url, rollback, or startup for the from or to configuration source option, a temporary private configuration session is used, referred to as a scratchpad session. A scratchpad session requires a resource from a pool of eight available private configuration sessions. Scratchpad sessions are usually short-lived, however, it is possible that a session could consume a private configuration resource for a longer time. The show system management-interface configuration-sessions command displays the active private configuration sessions as well as the active scratchpad sessions.

[pr:configure]
A:user-2@node-1# /show system management-interface configuration-sessions
===============================================================================
Session ID  Region                 Datastore                     Lock State
   Username                        Session Mode                  Idle Time
   Session Type                    From
-------------------------------------------------------------------------------
 28         configure              Candidate                     Unlocked
   user-1                          Private                       0d 00:00:12
   MD-CLI (2)                      192.0.2.1
#30         configure              Candidate                     Unlocked
   user-2                          Private                       0d 00:00:00
   MD-CLI                          192.0.2.2
-------------------------------------------------------------------------------
Number of sessions: 2
'#' indicates the current active session
'(n)' indicates the number of scratchpad sessions
===============================================================================

A CLI warning is generated when the pool of private configuration sessions is exhausted.

[pr:configure]
A:user-2@node-1# compare rollback 1 startup
MINOR: MGMT_CORE #2053: Private datastore access unavailable - reached maximum number of private sessions
 
[]
A:user-3@node-1# configure private
MINOR: MGMT_CORE #2053: Private datastore access unavailable - reached maximum number of private sessions

1.4.7.1.1. Using the compare Outputs to Copy and Paste

In the following example, the compare command shows the timers that have been modified. After the commit command has been issued to add these to the running configuration, the lsa-generate container is deleted. The following displays the output for the compare command.

*(ex)[configure router "Base" ospf 0 timers]
A:admin@node-2# compare
+   lsa-generate {
+       max-lsa-wait 500000
+       lsa-initial-wait 100000
+       lsa-second-wait 200000
+   }
+   spf-wait {
+       spf-max-wait 120000
+       spf-initial-wait 50000
+       spf-second-wait 60000
+   }

The compare command, using the candidate configuration as the reference, displays the same configuration statements with a preceding minus (-) character. These statements will be used in a subsequent copy and paste function to delete some of the configuration. The minus (-) character at the beginning of the configuration statement takes the place of the delete keyword.

*(ex)[configure router "Base" ospf 0 timers]
A:admin@node-2# compare from candidate to running full-context
-   /configure router "Base" ospf 0 timers lsa-generate max-lsa-wait 500000
-   /configure router "Base" ospf 0 timers lsa-generate lsa-initial-wait 100000
-   /configure router "Base" ospf 0 timers lsa-generate lsa-second-wait 200000
-   /configure router "Base" ospf 0 timers spf-wait spf-max-wait 120000
-   /configure router "Base" ospf 0 timers spf-wait spf-initial-wait 50000
-   /configure router "Base" ospf 0 timers spf-wait spf-second-wait 60000
 
*(ex)[configure router "Base" ospf 0 timers]
A:admin@node-2# validate
 
*(ex)[configure router "Base" ospf 0 timers]
A:admin@node-2# commit

In the next step, the lsa-generate parameters are deleted, using a copy and paste of the first three configuration statements:

(ex)[configure]
A:admin@node-2# -   /configure router "Base" ospf 0 timers lsa-generate max-lsa-wait 500000
 
*(ex)[configure]
A:admin@node-2# -   /configure router "Base" ospf 0 timers lsa-generate lsa-initial-wait 100000
 
*(ex)[configure]
A:admin@node-2# -   /configure router "Base" ospf 0 timers lsa-generate lsa-second-wait 200000

The compare summary command shows that the deleted lsa-generate parameters are compressed to its highest container, shown with an ellipsis in braces ({}).

*(ex)[configure]
A:admin@node-2# compare summary
    router "Base" {
        ospf 0 {
            timers {
-               lsa-generate { ... }
            }
        }
    }

If the timers container is deleted, which holds both the lsa-generate and spf-wait containers, the compare summary command now shows the timers container as the highest deleted container:

*(ex)[configure router "Base" ospf 0]
A:admin@node-2# delete timers
*(ex)[configure router "Base" ospf 0]
A:admin@node-2# compare
-   timers {
-       lsa-generate {
-           max-lsa-wait 500000
-           lsa-initial-wait 100000
-           lsa-second-wait 200000
-       }
-       spf-wait {
-           spf-max-wait 120000
-           spf-initial-wait 50000
-           spf-second-wait 60000
-       }
-   }
 
*(ex)[configure router "Base" ospf 0]
A:admin@node-2# compare summary
-   timers { ... }
 
*(ex)[configure router "Base" ospf 0]
A:admin@node-2#

1.4.7.2. Discarding Configuration Changes

The discard command in configuration mode cancels all changes made to the candidate configuration without impacting the running configuration or applications. The command is available only when the MD-CLI session is in a read/write configuration mode (private, exclusive, or global configuration mode) and only from the top of the configure branch (that is, /configure).

The following example shows the error that occurs when the discard operation is attempted from read-only configuration mode. The command is successful when the session is in global configuration mode, but only from the top of the configuration branch.

*(ro)[configure]
A:admin@node-2# compare
    log {
+       accounting-policy 5 {
+           description "For aa-admit-deny statistics"
+           collection-interval 69
+           include-system-info true
+           record aa-admit-deny
+       }
+       accounting-policy 8 {
+       }
    }
 
*(ro)[configure]
A:admin@node-2# discard
MINOR: CLI #2069: Operation not allowed - currently in read-only mode
 
*(ro)[configure]
A:admin@node-2# exit
 
*(ro)[]
A:admin@node-2# quit-config
INFO: CLI #2067: Exiting read-only configuration mode
 
[]
A:admin@node-2# edit-config global
INFO: CLI #2054: Entering global configuration mode
INFO: CLI #2055: Uncommitted changes are present in the candidate configuration
 
*(gl)[]
A:admin@node-2# compare
    log {
+       accounting-policy 5 {
+           description "For aa-admit-deny statistics"
+           collection-interval 69
+           include-system-info true
+           record aa-admit-deny
+       }
+       accounting-policy 8 {
+       }
    }
 
*(gl)[]
A:admin@node-2# configure log
 
*(gl)[configure log]
A:admin@node-2# discard
MINOR: MGMT_CORE #2203: Invalid element - 'discard' not allowed in 'log'
 
*(gl)[configure log]
A:admin@node-2# discard /configure
 
(gl)[configure log]
A:admin@node-2# /compare
 
(gl)[configure log]
A:admin@node-2#

Uncommitted changes from a global configuration session are kept in the candidate configuration when leaving configuration mode. Uncommitted changes from an exclusive or private configuration session are discarded when leaving configuration mode and a confirmation message is displayed:

*(ex)[]
A:admin@node-2# quit-config
INFO: CLI #2063: Uncommitted changes are present in the candidate configuration. Exiting exclusive configuration mode will discard those changes.
 
Discard uncommitted changes? [y,n] y
WARNING: CLI #2062: Exiting exclusive configuration mode - uncommitted changes are discarded
INFO: CLI #2064: Exiting exclusive configuration mode

It is possible to discard the changes made by a session that obtained an explicit lock by disconnecting the remote session. Uncommitted changes from an exclusive configuration mode session are discarded when the session disconnects. See Viewing the Status of the Local Datastores for information about disconnecting a session.

1.4.7.3. Validating the Candidate Configuration

The validate command verifies the logic, constraints, and completeness of the candidate configuration without activating any changes. A successful validation returns no errors. If the validation fails, detailed failure reasons are provided. The validate command can be executed from any working directory and in any configuration mode.

*(ro)[]
A:admin@node-2# compare
    log {
+       accounting-policy 7 {
+           description "seven"
+           collection-interval 77
+       }
    }
 
*(ro)[]
A:admin@node-2# validate
 
*(ro)[]
*(ex)[]
A:admin@node-2# compare
+   eth-cfm {
+       domain "mdn" {
+           association "man" {
+               ccm-interval 10ms
+           }
+       }
+   }
 
*(ex)[]
A:admin@node-2# validate
MINOR: MGMT_CORE #236: configure eth-cfm domain "mdn" level - Missing mandatory fields
MINOR: ETH_CFM #12: configure eth-cfm domain "mdn" format - Inconsistent Value error - One of dns, mac, name or format must be provided
 
*(ex)[]
A:admin@node-2#

The commit command also runs validation on the configuration. Therefore, it is not necessary to execute the validate command as a separate step when committing the candidate configuration.

1.4.7.4. Updating the Candidate Configuration

As described in Multiple Simultaneous Candidate Configurations, a candidate configuration uses two datastores:

  1. a baseline datastore that contains a snapshot copy of the running configuration at a specific time
  2. a candidate datastore that contains changes relative to its associated baseline datastore

For a private candidate configuration, access by MD-CLI sessions in private configuration mode, a snapshot of the running configuration is copied in the private baseline datastore:

  1. when a private candidate configuration is instantiated, when a user enters the private configuration mode
  2. when a manual update is performed
  3. after a commit, when no merge conflicts are detected during the automatic update and the updated candidate configuration is valid

For the global candidate configuration, accessed by MD-CLI sessions in global and exclusive configuration mode, a tracking mechanism exists.

  1. The baseline datastore tracks the running datastore, that is, changes in the running datastore are automatically copied in the baseline datastore:
    1. after a router reboot
    2. after a successful commit
    3. after a discard with an up to date global baseline
  2. Tracking stops and a snapshot of the running datastore is copied in the global baseline datastore when the global candidate is touched (for example, a configuration element is added, deleted, or modified). A new snapshot of the running datastore is copied in the global baseline datastore when a manual update is performed.

With two simultaneous active configuration sessions that access different candidate configurations, a commit from one configuration session changes the running configuration and causes the candidate configuration of the other session to be out of date and must be updated.

To update a candidate configuration, the following tasks are performed.

  1. a new snapshot of the running configuration is copied in the baseline datastore
  2. the candidate configuration changes are merged in the new baseline:
    1. The changes in the candidate datastore are applied to the new baseline datastore.
    2. Merge conflicts are detected and resolved. A merge conflict occurs when a configuration element is added, deleted, or modified in the candidate configuration and the same configuration element was also added, deleted, or modified in the running configuration after the baseline snapshot was taken.
    3. The resulting changes are stored in the candidate datastore as new changes relative to the updated baseline.

An update can be performed manually with the update command. The update must be executed at the configuration root (/configure). Merge conflicts are reported and resolved according to the conflict resolution rules. The update command does not provide output when no conflicts are detected.

The following is an example of a merge conflict reported in an update:

+   /configure router "Base" interface "int-1" ipv4 primary address 10.2.3.4
##  address - exists with different value: address 10.1.2.3 - change updated:  replace existing value

The first line lists the candidate configuration change that caused the merge conflict, in this case, adding an interface IPv4 address.

The second line describes the merge conflict and starts with a double hash (##) followed by the description:

  1. A merge conflict is detected for the configuration element address.
  2. The address already exists in the running configuration, but has a different value.
  3. The candidate configuration change as shown on the first line is updated; instead of adding an interface address, the interface address is replaced.

An update is automatically started when the candidate configuration is committed. The commit is canceled when merge conflicts are detected to give the administrator the opportunity to resolve the conflicts before committing again. The update, in this case, is not executed, the candidate configuration is unchanged, and the baseline datastore is not updated.

The update check command performs a dry-run update of the candidate configuration. Merge conflicts are reported the same way as for the update command, but the update is not executed. The update check command must be executed at the configuration root (/configure) or it can be executed in any configure branch descendant as update check /configure.

1.4.7.4.1. Example Update Scenario With Merge Conflicts

The private candidate configuration of user-1 is out-of-date. The running configuration has interface backbone-1 configured. The private baseline datastore does not have the interface configured. The interface backbone-1 configured by user-1 has a different address in its candidate configuration.

!*[pr:configure router "Base"]
A:user-1@node-3# info running
    interface "backbone-1" {
        ipv4 {
            primary {
                address 10.2.2.2
                prefix-length 24
            }
        }
    }
 
!*[pr:configure router "Base"]
A:user-1@node-3# info baseline
 
!*[pr:configure router "Base"]
A:user-1@node-3# info
    interface "backbone-1" {
        ipv4 {
            primary {
                address 10.1.1.1
                prefix-length 24
            }
        }
    }

The following is the list of changes entered in the private candidate configuration of user-1:

!*[pr:configure router "Base"]
A:user-1@node-3# compare baseline candidate full-context summary
+   /configure router "Base" interface "backbone-1" { }
+   /configure router "Base" interface "backbone-1" { ipv4 primary }
+   /configure router "Base" interface "backbone-1" ipv4 primary address 10.1.1.1
+   /configure router "Base" interface "backbone-1" ipv4 primary prefix-length 24

A commit command starts an automatic update. Because merge conflicts are detected, the commit is canceled:

!*[pr:configure router "Base"]
A:user-1@node-3# commit
MINOR: MGMT_CORE #2703: Commit canceled - conflicts detected, use update

A dry-run update detects the merge conflicts without executing the update. Each configuration element that is changed in both the candidate configuration and the running configuration after the last baseline snapshot was taken results in a conflict and is reported.

!*[pr:configure]
A:user-1@node-3# update check
+   /configure router "Base" { interface "backbone-1" }
##  interface "backbone-1" { } - already exists - change removed
 
+   /configure router "Base" { interface "backbone-1" ipv4 primary }
##  primary { } - already exists - change removed
 
+   /configure router "Base" interface "backbone-1" ipv4 primary address 10.1.1.1
##  address - exists with different value: address 10.2.2.2 - change updated:  replace existing value
 
+   /configure router "Base" interface "backbone-1" ipv4 primary prefix-length 24
##  prefix-length - exists with same value - change removed

After verifying that the merge conflict resolution is acceptable, the update can be executed. The reporting is the same as for a dry-run update.

!*[pr:configure]
A:user-1@node-3# update
+   /configure router "Base" { interface "backbone-1" }
##  interface "backbone-1" { } - already exists - change removed
 
+   /configure router "Base" { interface "backbone-1" ipv4 primary }
##  primary { } - already exists - change removed
 
+   /configure router "Base" interface "backbone-1" ipv4 primary address 10.1.1.1
##  address - exists with different value: address 10.2.2.2 - change updated: replace existing value
 
+   /configure router "Base" interface "backbone-1" ipv4 primary prefix-length 24
##  prefix-length - exists with same value - change removed

The candidate configuration is now updated: the baseline datastore equals the running datastore and the candidate datastore contains the updated list of changes as described in the update report.

*[pr:configure router "Base"]
A:user-1@node-3# compare baseline candidate
    interface "backbone-1" {
        ipv4 {
            primary {
-               address 10.2.2.2
+               address 10.1.1.1
            }
        }
    }
 
*[pr:configure router "Base"]
A:user-1@node-3# info
    interface "backbone-1" {
        ipv4 {
            primary {
                address 10.1.1.1
                prefix-length 24
            }
        }
    }
 
*[pr:configure router "Base"]
A:user-1@node-3# info baseline
    interface "backbone-1" {
        ipv4 {
            primary {
                address 10.2.2.2
                prefix-length 24
            }
        }
    }
 
*[pr:configure router "Base"]
A:user-1@node-3# info running
    interface "backbone-1" {
        ipv4 {
            primary {
                address 10.2.2.2
                prefix-length 24
            }
        }
    }

1.4.7.4.2. Example Update Scenario Without Merge Conflicts

The private candidate configuration of user-1 is out-of-date. The running configuration has interface backbone-1 configured. The private baseline datastore does not have the interface configured. The interface backbone-2 is configured by user-1.

!*[pr:configure router "Base"]
A:user-1@node-3# info running
    interface "backbone-1" {
        ipv4 {
            primary {
                address 10.1.1.1
                prefix-length 24
            }
        }
    }
 
!*[pr:configure router "Base"]
A:user-1@node-3# info baseline
 
!*[pr:configure router "Base"]
A:user-1@node-3# info
    interface "backbone-2" {
        ipv4 {
            primary {
                address 10.2.2.2
                prefix-length 24
            }
        }
    }

The following shows the list of changes entered in the private candidate configuration of user-1:

!*[pr:configure]
A:user-1@node-3# compare baseline candidate full-context summary
+   /configure router "Base" { }
+   /configure router "Base" { interface "backbone-2" }
+   /configure router "Base" { interface "backbone-2" ipv4 primary }
+   /configure router "Base" interface "backbone-2" ipv4 primary address 10.2.2.2
+   /configure router "Base" interface "backbone-2" ipv4 primary prefix-length 24

A dry-run update detects merge conflicts without executing the update. There are no conflicts detected in this case.

!*[pr:configure]
A:user-1@node-3# update check
 
!*[pr:configure]
A:user-1@node-3#

A commit operation starts an automatic update. Without merge conflicts, the commit succeeds.

!*[pr:configure]
A:user-1@node-3# commit
 
[pr:configure]
A:user-1@node-3#

After a commit operation, the candidate configuration is updated; the baseline datastore equals the running datastore and the candidate datastore is empty.

[pr:configure]
A:user-1@node-3# compare baseline candidate
 
[pr:configure]
A:user-1@node-3# compare baseline running
 
[pr:configure router "Base"]
A:user-1@node-3# info
    interface "backbone-1" {
        ipv4 {
            primary {
                address 10.1.1.1
                prefix-length 24
            }
        }
    }
    interface "backbone-2" {
        ipv4 {
            primary {
                address 10.2.2.2
                prefix-length 24
            }
        }
    }

1.4.7.5. Committing the Candidate Configuration

The commit command can be executed from any hierarchy level within any configuration branch.

— commit
— confirmed
[timeout] minutes
— accept
— cancel
— persist-id string

When a commit operation is initiated while the baseline is out-of-date, the router first attempts to update the candidate configuration. When a merge conflict is detected, the commit operation is canceled to allow the administrator to resolve the merge conflicts manually.

!*[pr:configure]
A:admin@node-2# commit
MINOR: MGMT_CORE #2703: Commit canceled - conflicts detected, use update
 
!*[pr:configure]
A:admin@node-2#

The update is executed and the commit operation proceeds when no merge conflict is detected. See Updating the Candidate Configuration for the update process.

A validation is subsequently performed on the candidate configuration.

With a successful validation, the changes are copied to the running configuration, which becomes the current, operational router configuration. The candidate configuration is reset to its initial state; an empty candidate datastore and an up-to-date baseline.

If the commit operation fails, an automatic rollback occurs, which returns the running state to the state before the commit was applied. An automatic rollback does not use a rollback checkpoint file, so is not dependent on persistency to be enabled. Instead, a list of changes is kept in memory until the automatic rollback is completed. The uncommitted changes remain in the candidate configuration.

1.4.7.5.1. Using the commit confirmed Command

Executing the commit command with no options performs the operation immediately. the confirmed option can be used to activate configuration changes without making them persistent, to give the user time to verify that the configuration is working as intended. By default, the commit confirmed command executes the commit operation with an automatic rollback of 10 minutes. Within this time, an explicit confirmation (commit confirmed accept) must be issued for the changes to become persistent. Other configuration commands issued during this time interval are blocked.

While the commit confirmed timer is running, the remaining time before an automatic rollback is shown before each prompt of all active MD-CLI sessions.

*(gl)[configure log accounting-policy 5]
A:admin@node-2# commit confirmed
 
INFO: CLI #2090: Commit confirmed - automatic rollback in 9 minutes 59 seconds
(gl)[configure log accounting-policy 5]
A:admin@node-2#
 
INFO: CLI #2090: Commit confirmed - automatic rollback in 9 minutes 47 seconds
(gl)[configure log accounting-policy 5]
A:admin@node-2# pwc
Present Working Context:
  configure
  log
  accounting-policy 5
 
INFO: CLI #2090: Commit confirmed - automatic rollback in 9 minutes 45 seconds
(gl)[configure log accounting-policy 5]
A:admin@node-2# back
 
INFO: CLI #2090: Commit confirmed - automatic rollback in 9 minutes 41 seconds
(gl)[configure log]
A:admin@node-2# accounting-policy 9
MINOR: MGMT_CORE #2604: Commit confirmed in progress - changes to the candidate  configuration are not allowed
 
INFO: CLI #2090: Commit confirmed - automatic rollback in 9 minutes 38 seconds
(gl)[configure log]
A:admin@node-2#
 
INFO: CLI #2090: Commit confirmed - automatic rollback in 8 minutes 44 seconds
(gl)[configure log]
A:admin@node-2#

If the initial commit fails, the commit confirmed operation is canceled and no timer is started.

*(ex)[configure log accounting-policy 5]
A:admin@node-1# collection-interval 3
 
*(ex)[configure log accounting-policy 5]
A:admin@node-1# commit confirmed
MINOR: LOG #12: configure log accounting-policy 5 collection-interval - Inconsistent Value error - Minimum value is 5 minutes for this record type.
 
*(ex)[configure log accounting-policy 5]
A:admin@node-1#

The timeout option for the commit confirmed operation can override the default value of 10 minutes. While a commit confirmed timer is running, a subsequent commit confirmed or commit confirmed operation with a timeout option restarts the timer.

*(gl)[configure log accounting-policy 5]
A:admin@node-2# commit confirmed
 
INFO: CLI #2090: Commit confirmed - automatic rollback in 10 minutes
(gl)[configure log accounting-policy 5]
A:admin@node-2# commit confirmed 33
 
INFO: CLI #2090: Commit confirmed - automatic rollback in 33 minutes
(gl)[configure log accounting-policy 5]
A:admin@node-2#

Once the commit confirmed operation is underway, the timer starts. A commit confirmed cancel command terminates an ongoing confirmed commit and immediately performs an automatic rollback to the previous state before the initial commit confirmed command was issued.

If the commit confirmed accept command is not issued within the specified timeout period after a successful commit, all changes are automatically discarded from the running configuration. If the configuration session from which the commit confirmed was initiated is still active, the candidate configuration maintains all uncommitted configuration changes.

1.4.7.5.1.1. Non-persistent Operation

The commit confirmed and commit confirmed accept or commit confirmed cancel commands must be executed from the same MD-CLI configuration session. Commit commands executed from another configuration session while the commit confirmed timer is running generate an error.

Leaving the configuration mode or logging out from the MD-CLI session cancels the ongoing commit confirmed and starts an automatic rollback. The user must acknowledge the request to exit configuration mode or logout.

*(gl)[]
A:admin@node-2# commit confirmed
INFO: CLI #2090: Commit confirmed - automatic rollback in 10 minutes
(gl)[]
A:admin@test-node# exit all
 
INFO: CLI #2090: Commit confirmed - automatic rollback in 9 minutes 55 seconds
(gl)[]
A:admin@test-node# quit-config
INFO: CLI #2095: Commit confirmed in progress - exiting configuration mode will  cancel the commit confirmed and start configuration rollback
 
Cancel commit confirmed and rollback immediately? [y,n] n
INFO: CLI #2076: Exit global configuration mode canceled
 
INFO: CLI #2090: Commit confirmed - automatic rollback in 9 minutes 48 seconds
(gl)[]
A:admin@test-node# logout
INFO: CLI #2095: Commit confirmed in progress - logout will cancel the commit  confirmed and start configuration rollback
 
Cancel commit confirmed and rollback immediately? [y,n] y
WARNING: CLI #2077: Exiting global configuration mode - commit confirmed canceled
INFO: CLI #2057: Uncommitted changes are kept in the candidate configuration

1.4.7.5.1.2. Persistent Identifier

Note:

In private configuration mode, commit confirmed with a persistent identifier cannot be used. Instead, use the non-persistent commit confirmed command.

A persistence identifier can be specified with the initial commit confirmed command. A commit confirmed accept or cancel command can then be executed from the same or a different MD-CLI configuration session, NETCONF, or gRPC session, from where the commit confirmed persist-id command was initiated. The persistence identifier must then be included with the subsequent commit confirmed commands. The persistence identifier is a user-defined string of up to 255 characters or an empty string (“”).

*(ex)[configure]
A:admin@node-2# commit confirmed persist-id my-commit
 
INFO: CLI #2090: Commit confirmed - automatic rollback in 10 minutes
(ex)[configure]
A:admin@node-2# commit confirmed cancel
MINOR: MGMT_CORE #2603: Commit confirmed - persist-id expected
 
INFO: CLI #2090: Commit confirmed - automatic rollback in 9 minutes 53 seconds
(ex)[configure]
A:admin@node-2# commit confirmed accept
MINOR: MGMT_CORE #2603: Commit confirmed - persist-id expected
 
INFO: CLI #2090: Commit confirmed - automatic rollback in 9 minutes 45 seconds
(ex)[configure]
A:admin@node-2# commit confirmed cancel persist-id my-commit
 
*(ex)[configure]
A:admin@node-2#

1.4.8. Saving Changes

The running configuration can be saved to a local or remote file location with the admin save [url] location command, where location is a character string specifying the local or remote location where the configuration is to be saved.

To make the running configuration persistent, the configuration should be saved to the startup configuration location specified in the Boot Options File (BOF) as primary-config. This is achieved with the admin save command without specifying a location that defaults to the BOF primary-config.

The MD-CLI has an implicit persistency option linked to the commit command: the auto-config-save command in configure system management-interface cli md-cli. When candidate configuration changes are successfully committed, the configuration is automatically saved if auto-config-save is set to true.

*(ex)[configure system management-interface]
A:admin@node-2# info detail
    
    <snip>
        md-cli {
            auto-config-save true
            environment {
                more true
                time-display local
                command-completion {
                    enter true
                    space true
                    tab true
                }

When auto-config-save is set to false, the admin save command must be issued to make the configuration persistent.

1.4.9. Rolling Back a Configuration from a Checkpoint File

A rollback checkpoint is an MD-CLI configuration file that can be loaded in the candidate configuration with the rollback command.

A rollback checkpoint is created automatically after every successful commit when automatic save is enabled via the MD-CLI auto-config-save command.

*(ex)[configure system management-interface]
A:admin@node-2# info detail
    
    <snip>
    
        md-cli {
            auto-config-save true
            environment {
                more true
                time-display local
                command-completion {
                    enter true
                    space true
                    tab true
                }

A rollback checkpoint is also created if an operator issues the admin save command, regardless of the MD-CLI auto-config save setting.

The rollback command loads a previously saved MD-CLI configuration file in the candidate configuration. Loading the file does not automatically initiate a commit command, which means that the file can be examined before committing. This rollback command is the equivalent of a load full-replace of the configuration file, but is identified with a checkpoint identifier. If no identifier is specified, the latest saved configuration file identified with index identifier 0 is used as the default.

The rollback command is available only for the model-driven management interface configuration mode.

[pr:configure]
A:admin@node-3# rollback ?
 
 rollback
 
 [checkpoint] (<number> | <keyword>)
 <number>  - <0..200>
 <keyword> - startup
 
 [checkpoint]         -

Configuration files loaded with the rollback checkpoint-id command are identified with a number that corresponds to the configuration file and location specified as primary-config in the active Boot Option File (BOF). For example, the configuration file executed for a rollback 3 command corresponds to the file named config.cfg.3. The checkpoint identifier 0 corresponds to the last saved configuration file and does not have a suffix. This is also the default when no checkpoint identifier is specified with the rollback command. By default, five configuration files are saved. The configuration-backups command can be used to save a different number of configuration files.

The startup option of the rollback command loads the contents of the current admin save file set with the primary configuration and not the version of the startup file that was booted.

[pr:configure system management-interface configuration-save]
A:admin@node-3# info detail
 ## apply-groups
    configuration-backups 5
 
[pr:configure system management-interface configuration-save]
A:admin@node-3# configuration-backups ?
 
 configuration-backups <number>
 
 <number> - <1..200>
 Default  - 5
 
    Maximum number of backup revisions maintained for a configuration file
 
    This value also applies to the number of revisions maintained for the BOF
    file and debug save files.

The //show bof command executed from the MD-CLI shows the name of the file as config.cfg.

(ro)[]
A:admin@node-2# //show bof
INFO: CLI #2051: Switching to the classic CLI engine
A:node-2# /show bof
===============================================================================
BOF (Memory)
===============================================================================
    primary-image    <snip>
    primary-config   <snip>/config.cfg
    license-file     <snip>/license

In the MD-CLI, the rollback command references the same filename with an appended suffix of the checkpoint identifier, in this case, identifier 3:

(ex)[configure]
A:admin@node-2# rollback 3
Executed 386 lines in 0.4 seconds from file <snip>/config.cfg.3

The rollback command is available in global or exclusive configuration mode and can only be executed from the root of the configuration branch.

When the auto-config-save parameter is set to true, the rollback command (without an index) is the equivalent of executing the discard command for the current candidate configuration changes.

The following figures show the relationship between the candidate and running configurations, the commit command, the setting of the auto-config-save parameter, and the rollback checkpoint files.

In Figure 8, the auto-config-save parameter is set to true. With a successful commit, a rollback checkpoint is created.

Figure 8:  Successful Commit with auto-config-save true 

In Figure 9, the auto-config-save parameter is set to false. The admin save command creates a rollback checkpoint of the running configuration before the commit. However, a rollback checkpoint is not created after the successful commit.

Figure 9:  Successful commit with auto-config-save false 

In Figure 10, the commit fails and no rollback checkpoint is created, regardless of the setting of the auto-config-save parameter.

Figure 10:  Failed commit 

1.4.10. Loading a Configuration File

The load command loads the contents of a local or remote file into the candidate configuration. The command can only be executed at the top of the configure region when the MD-CLI session is in private, exclusive, or global configuration mode and does not result in a context change. The command can be issued regardless of whether uncommitted changes are present in the candidate configuration datastore.

The syntax of the load command is as follows:

load [mode] (full-replace | merge) [url] filename

The full-replace option replaces the current candidate configuration with the specified file.

The merge option merges the contents of the specified file into the candidate configuration. If there are conflicts, the configuration statements in the specified file override the existing configuration statements.

The file to be loaded is not a CLI script to be executed and cannot include:

  1. MD-CLI commands such as commit, delete, or tools
  2. navigation commands such as exit, back, or top

See Executing Commands with a File to perform such actions from a file.

If the loaded file encounters errors, parsing terminates at the first error. Statements before the error are loaded into the candidate configuration. Configuration statements in the loaded file are also subject to AAA command authorization. An authorization check failure also terminates the execution of further statements in the file.

Note:

The load command is not atomic in global configuration mode, and configuration statements may be interleaved with other changes being made in the candidate configuration. To avoid conflicts, use exclusive or private configuration mode with the load command.

Note:

If the router fails to boot due to an invalid configuration syntax, it is recommended to correct the syntax and reboot the router, which also reloads persistent indices. This procedure is preferred over using load full-replace to restore the configuration without a reboot.

1.4.10.1. Using info Outputs in Load Files

The output from the info full-context or info commands can be copied and pasted into a load file. Both the full-replace and merge options support this type of content.

The following shows the output from the info full-context command. This output can be copied and pasted into a file; for example, cf1:\bgp.cfg.

*(ex)[configure router "Base" bgp]
A:admin@node-2# info full-context
    /configure router "Base" bgp neighbor 192.168.89.8 { }
    /configure router "Base" bgp neighbor 192.168.89.8 { prefix-limit ipv4 }
    /configure router "Base" bgp neighbor 192.168.89.8 prefix-limit ipv4 prefix-limit 1000
    /configure router "Base" bgp neighbor 192.168.89.8 prefix-limit ipv4 log-only true
    /configure router "Base" bgp neighbor 192.168.89.8 prefix-limit ipv4 threshold 80

From the MD-CLI, the //file type command displays the contents of the file:

(ro)[]
A:admin@node-2# //file type cf1:\bgp.cfg
INFO: CLI #2051: Switching to the classic CLI engine
A:node-2# /file type cf1:\bgp.cfg
File: bgp.cfg
-------------------------------------------------------------------------------
    /configure router "Base" bgp group "external" { }
    /configure router "Base" bgp neighbor 192.168.89.8 { }
    /configure router "Base" bgp neighbor 192.168.89.8 group "external"
    /configure router "Base" bgp neighbor 192.168.89.8 { prefix-limit ipv4 }
    /configure router "Base" bgp neighbor 192.168.89.8 prefix-limit ipv4 prefix-limit 1000
    /configure router "Base" bgp neighbor 192.168.89.8 prefix-limit ipv4 log-only true
    /configure router "Base" bgp neighbor 192.168.89.8 prefix-limit ipv4 threshold 80
 
===============================================================================
A:node-2#

The load merge command can be used to merge the contents of the file into the candidate configuration. The following example shows no current candidate configuration changes for BGP before the command is executed. The compare command shows the candidate configuration changes after the file is merged.

(ex)[configure router "Base" bgp]
A:admin@node-2# info
 
(ex)[configure router "Base" bgp]
A:admin@node-2#
 
(ex)[configure]
A:admin@node-2# load merge cf1:\bgp.cfg
Executed 7 lines in 0.0 seconds from file cf1:\bgp.cfg
 
*(ex)[configure]
A:admin@node-2# compare
    router "Base" {
+       bgp {
+           group "external" {
+           }
+           neighbor 192.168.89.8 {
+               group "external"
+               prefix-limit ipv4 {
+                   prefix-limit 1000
+                   log-only true
+                   threshold 80
+               }
+           }
+       }
    }

The output from the info flat command can be copied into a file; for example, cf1:\bgp2.cfg:

*(ex)[configure router "Base" bgp]
A:admin@node-2# info flat
    group "external" { }
    neighbor 192.168.89.8 group "external"
    neighbor 192.168.89.8 prefix-limit ipv4 prefix-limit 1000
    neighbor 192.168.89.8 prefix-limit ipv4 log-only true
    neighbor 192.168.89.8 prefix-limit ipv4 threshold 80
 
*(ex)[configure router "Base" bgp]
A:admin@node-2#

An additional context line is added to specify the context /configure router “Base” bgp, as shown in the file display:

(ro)[]
A:admin@node-2# //file type cf1:\bgp2.cfg
INFO: CLI #2051: Switching to the classic CLI engine
A:node-2# /file type cf1:\bgp2.cfg
File: bgp2.cfg
-------------------------------------------------------------------------------
/configure router bgp
    group "external" { }
    neighbor 192.168.89.8 { }
    neighbor 192.168.89.8 group "external"
    neighbor 192.168.89.8 { prefix-limit ipv4 }
    neighbor 192.168.89.8 prefix-limit ipv4 prefix-limit 1000
    neighbor 192.168.89.8 prefix-limit ipv4 log-only true
    neighbor 192.168.89.8 prefix-limit ipv4 threshold 80
 
 
===============================================================================
A:node-1#

The file is merged and the compare command shows the resulting candidate configuration changes.

(ex)[configure router "Base" bgp]
A:admin@node-1# info
 
(ex)[configure router "Base" bgp]
A:admin@node-1# top
 
(ex)[configure]
A:admin@node-1# load merge cf1:\bgp2.cfg
Executed 9 lines in 0.0 seconds from file cf1:\bgp2.cfg
 
*(ex)[configure]
A:admin@node-1# compare
    router "Base" {
        bgp {
+           group "external" {
+           }
+           neighbor 192.168.89.8 {
+               group "external"
+               prefix-limit ipv4 {
+                   prefix-limit 1000
+                   log-only true
+                   threshold 80
+               }
+           }
        }
    }
 
*(ex)[configure]
A:admin@node-1#

The following shows the output from the info command. To use the output in a load file, the context must be added through a manual edit, similar to the edit of file bgp2.cfg in the preceding example, or use the output from the info full-context command.

*(ex)[configure router "Base" bgp]
A:admin@node-2# info
    neighbor 192.168.89.8 {
        prefix-limit ipv4 {
            prefix-limit 1000
            log-only true
            threshold 80
        }
    }

The contents of the load file with the info output include the following:

/configure router "Base" bgp
    neighbor 192.168.89.8 {
        prefix-limit ipv4 {
            prefix-limit 1000
            log-only true
            threshold 80
        }
    }

1.4.11. Using Configuration Groups

The SR OS MD-CLI supports the creation of configuration templates called configuration groups, which can be applied at different branches in the configuration, where the configuration elements are inherited. This is shown in Figure 11.

Figure 11:  Configuration Groups 

The advantage of using configuration groups is that similar configurations can be grouped in a template that is applied at multiple branches in the configuration tree. Subsequent configuration updates are only required in one location. Using groups, configurations can be organized in a logical fashion, such as regional (East vs West) or functional (core-facing vs access-facing parameters). The result is a more compact configuration that is easier to maintain and that reduces the number of configuration and operational errors.

Configuration groups are supported for the following configuration branches and its descendants (this includes the configuration groups definition and applying the groups with the apply-groups command):

  1. configure card iom-card-slot fp fp-number
  2. configure port port ethernet egress
  3. configure port port ethernet network
  4. configure qos
  5. configure router router-name aggregates
  6. configure router router-name bgp group group-name prefix-limit family
  7. configure router router-name bgp neighbor ip-address prefix-limit family
  8. configure router router-name interface interface-name qos
  9. configure router router-name isis isis-instance
  10. configure router router-name mpls
  11. configure router router-name rsvp
  12. configure service vpls service-name
  13. configure service vprn service-name aggregates
  14. configure service vprn service-name bgp group group-name prefix-limit family
  15. configure service vprn service-name bgp neighbor ip-address prefix-limit family
  16. configure service vprn service-name interface interface-name sap sap-id

Configuration groups can also be applied using the apply-groups command in the following configuration branches:

  1. configure card iom-card-slot
  2. configure port port
  3. configure port port ethernet
  4. configure router router-name
  5. configure router router-name bgp
  6. configure router router-name bgp group group-name
  7. configure router router-name bgp neighbor ip-address
  8. configure router router-name interface interface-name
  9. configure service
  10. configure service vprn service-name
  11. configure service vprn service-name bgp
  12. configure service vprn service-name bgp group group-name
  13. configure service vprn service-name bgp neighbor ip-address
  14. configure service vprn service-name interface interface-name

1.4.11.1. Creating Configuration Groups

Configuration groups are created in the groups branch of the configuration tree.

(ex)[configure]
A:admin@pe1# info
    groups {
        group "isis-backbone" {
            router "Base" {
                isis "0" {
                    interface "int-pe1-pe2" {
                        hello-authentication-key "KrbVPnF6Dg13PM/biw6ErHmrkAHk" hash
                        hello-authentication-type message-digest
                        hello-authentication true
                        interface-type point-to-point
                    }
                }
            }
        }
    }

Multiple configuration groups can be created, each with a unique name.

(ex)[configure]
A:admin@pe1# info
    groups {
        group "isis-backbone" {
            router "Base" {
                # configuration elements
            }
        }
        group "isis-access” {
            router "Base" {
                # configuration elements
            }
        }      
        group "qos-backbone” {
            card "1" {
                # configuration elements
            }
            port "1/1/1" {
                # configuration elements
            }
            qos {
                # configuration elements
            }
            router "Base" {
                # configuration elements
            }
        }      
    }

The configuration elements in a configuration group always start at a top-level configuration branch, such as router, qos, or card.

To match on a key of a list entry in a configuration group, an exact match or a regular expression match can be used.

1.4.11.1.1. Exact Match

With an exact match, configuration elements can only be inherited by the list entry that matches the specified key value. When no list entry is matched, a new list entry is created with the specified key value.

In the following example, interface “int-pe1-pe2” is an exact match. When the group is applied and IS-IS interface “int-pe1-pe2” exists in IS-IS instance 0, the interface-type leaf is inherited. If the IS-IS interface does not exist, it is created with the interface-type set to point-to-point.

(ex)[configure]
A:admin@pe1# info
    groups {
        group "isis-backbone" {
            router "Base" {
                isis "0" {
                    interface "int-pe1-pe2" {
                        interface-type point-to-point
                    }
                }
            }
        }
    }

1.4.11.1.2. Regular Expression Match

With a regular expression match, configuration elements can be inherited by all list entries for which the key value matches the regular expression. A list entry cannot be created with a regular expression match.

In the following example, interface “<.*>” is a regular expression match that matches any interface name. When the group is applied, all configured IS-IS interfaces in IS-IS instance 0 inherit the interface-type leaf.

(ex)[configure]
A:admin@pe1# info
    groups {
        group "isis-backbone" {
            router "Base" {
                isis "0" {
                    interface "<.*>" {
                        interface-type point-to-point
                    }
                }
            }
        }
    }

1.4.11.1.2.1. Regular Expression Match Format

A regular expression match is specified as a string with the regular expression enclosed in angle brackets: “<regex-match>”.

The regular expression match is implicitly anchored: a ^ (match-starting position) is added at the beginning of the regular expression and a $ (match-ending position) is added at the end.

The regular expression is a subset of the Extended Regular Expression (ERE) notation as described in section 1.3.12.1.1.

For example:

  1. interface “<int-.*>” — matches all interfaces that start with “int-”
  2. interface “<.*>” — matches all interfaces
  3. interface “<.*pe[1-3].*>” — matches all interfaces that have “pe1”, “pe2”, or “pe3” in their name

1.4.11.1.3. Conflicting Match Criteria Within a Configuration Group

With a regular expression match, a match criteria conflict can occur if two regular expressions match or if a regular expression and an exact match both match on the same list entry. Conflicting matches within a configuration group are not supported and result in a validation error.

In the following configuration example, both interface “<int-.*>” and interface “int-pe1-pe2” are matching isis 0 interface “int-pe1-pe2”. At validation, this results in a configuration group inheritance failure because of conflicting match criteria:

(ex)[configure]
A:admin@pe1# info 
    groups {
        group "isis-backbone" {
            router "Base" {
                isis "0" {
                    interface "<int-.*>" {
                        interface-type point-to-point
                        level-capability 2
                    }
                    interface "int-pe1-pe2" {
                        level 2 {
                            hello-interval 1
                        }
                    }
                }
            }
        }
    }
 
---snip---
 
    router "Base" {
 
---snip---
 
        isis 0 {
            apply-groups ["isis-backbone"]
 
---snip---
            interface "int-pe1-pe2" {
---snip---
 
           }
        }
    }
 
(ex)[configure]
A:admin@pe1# validate
MINOR: MGMT_CORE #2901: configure router "Base" isis 0 interface "int-pe1-pe2" - Configuration group inheritance failed - conflicting match criteria within group  "isis-backbone"

Conflicting match criteria within a configuration group can be avoided by applying multiple configuration groups.

*(ex)[configure]
A:admin@pe1# info 
    groups {
        group "isis-backbone-common" {
            router "Base" {
                isis "0" {
                    interface "<int-.*>" {
                        interface-type point-to-point
                        level-capability 2
                    }
                }
            }
        }
        group "isis-backbone-custom" {
            router "Base" {
                isis "0" {
                    interface "int-pe1-pe2" {
                        level 2 {
                            hello-interval 1
                        }
                    }
                }
            }
        }
    }
 
---snip---
 
    router "Base" {
 
---snip---
 
        isis 0 {
            apply-groups ["isis-backbone-custom" "isis-backbone-common"]
 
---snip---
 
            interface "int-pe1-pe2" {
---snip---
           }
        }
    }
 
*(ex)[configure router "Base" isis 0]
A:admin@pe1# validate
 
*(ex)[configure router "Base" isis 0]
A:admin@pe1# info inheritance
    apply-groups ["isis-backbone-custom" "isis-backbone-common"]
    interface "int-pe1-pe2" {
        ## 'interface-type' inherited from group "isis-backbone-common"
        interface-type point-to-point
        ## 'level-capability' inherited from group "isis-backbone-common"
        level-capability 2
        level 2 {
            ## 'hello-interval' inherited from group "isis-backbone-custom"
            hello-interval 1
        }
    }

1.4.11.2. Applying Configuration Groups

To inherit configuration elements from a configuration group, apply the group in a branch of the configuration tree with the apply-groups statement. For example:

(ex)[configure router "Base" isis 0]
A:admin@pe1# info
    apply-groups ["isis-1"]

Configuration elements from the corresponding branches where the group is applied are inherited. In the following example, the configuration group “isis-3” has configuration elements in both the router isis interface and router isis level branch. Because the configuration group is applied at the router isis interface branch, only these configuration elements are inherited.

(ex)[configure]
A:admin@pe1# info
    groups {
        group "isis-3" {
            router "Base" {
                isis "0" {
                    interface "<int-.*>" {
                        interface-type point-to-point
                        level "2" {
                            metric 30
                        }
                    }
                    level "2" {
                        wide-metrics-only true
                    }
                }
            }
        }
    }
 
<snip>
 
   router "Base" {
        isis 0 {
            admin-state enable
            level-capability 2
            area-address [49.0001.0001]
            interface "int-pe1-pe2" {
                apply-groups ["isis-3"]
            }
        }
    }

The resulting expanded configuration can be shown with the info inheritance command:

(ex)[configure]
A:admin@pe1# info inheritance
   router "Base" {
        isis 0 {
            admin-state enable
            level-capability 2
            area-address [49.0001.0001]
            interface "int-pe1-pe2" {
                apply-groups ["isis-3"]
                ## 'interface-type' inherited from group "isis-3"
                interface-type point-to-point
                level 2 {
                    ## 'metric' inherited from group "isis-3"
                    metric 30
                }
            }
        }
    }

The following notes apply to configuration groups and the apply-groups statements:

  1. configuration groups cannot be nested; therefore, apply-groups statements cannot be part of a configuration group
  2. configuration groups that are not applied in the configuration do not functionally change the configuration
  3. configuration groups and apply-groups statements are part of the running configuration and are saved in the MD-CLI configuration file

1.4.11.3. Inheritance Rules

Local configuration elements have precedence over configuration group inheritance.

In the following example, the configuration group “isis-1” contains the configuration element level-capability 1, which is not inherited because a corresponding local configuration element exists.

(ex)[configure]
A:admin@pe1# info
    groups {
        group "isis-1" {
            router "Base" {
                isis "0" {
                    level-capability 1
                    interface "<int-.*>" {
                        interface-type point-to-point
                        level "2" {
                            metric 10
                        }
                    }
                }
            }
        }
    }
 
<snip>
 
   router "Base" {
        isis 0 {
            apply-groups ["isis-1"]
            admin-state enable
            level-capability 2
            area-address [49.0001.0001]
            interface "int-pe1-pe2" {
            }
        }
    }

The resulting expanded configuration after inheritance is shown as follows:

(ex)[configure]
A:admin@pe1# info inheritance
   router "Base" {
        isis 0 {
            apply-groups ["isis-1"]
            admin-state enable
            level-capability 2
            area-address [49.0001.0001]
            interface "int-pe1-pe2" {
                ## 'interface-type' inherited from group "isis-1"
                interface-type point-to-point
                level 2 {
                    ## 'metric' inherited from group "isis-1"
                    metric 10
                }
            }
        }
    }

Up to eight configuration groups can be applied to a configuration branch. The configuration order determines the inheritance precedence:

  1. configuration elements in the first listed group have the highest precedence
  2. configuration elements in the last listed group have the lowest precedence

In the following example, both configuration groups “isis-1” and “isis-2” set an interface level 2 metric. Because configuration group “isis-2” is listed first in the apply-groups, its configuration elements have precedence. The interface-type configuration element is inherited from group “isis-1” because a corresponding configuration element is not present in group “isis-2” nor is it locally configured.

(ex)[configure]
A:admin@pe1# info
    groups {
        group "isis-1" {
            router "Base" {
                isis "0" {
                    level-capability 1
                    interface "<int-.*>" {
                        interface-type point-to-point
                        level "2" {
                            metric 10
                        }
                    }
                }
            }
        }
        group "isis-2" {
            router "Base" {
                isis "0" {
                    interface "<int-.*>" {
                        level "2" {
                            metric 20
                        }
                    }
                }
            }
        }
    }
 
<snip>
 
   router "Base" {
        isis 0 {
            apply-groups ["isis-2" "isis-1"]
            admin-state enable
            level-capability 2
            area-address [49.0001.0001]
            interface "int-pe1-pe2" {
            }
        }
    }

The resulting expanded configuration after inheritance is shown as follows:

(ex)[configure]
A:admin@pe1# info inheritance
   router "Base" {
        isis 0 {
            apply-groups ["isis-2" "isis-1"]
            admin-state enable
            level-capability 2
            area-address [49.0001.0001]
            interface "int-pe1-pe2" {
                ## 'interface-type' inherited from group "isis-1"
                interface-type point-to-point
                level 2 {
                    ## 'metric' inherited from group "isis-2"
                    metric 20
                }
            }
        }
    }

Configuration groups can be applied at different hierarchical branches. The hierarchy determines the inheritance precedence.

Configuration elements in groups applied at a lower-level branch have precedence over configuration elements in groups applied at a higher-level branch.

In the following example, all configuration groups set an interface level 2 metric. Because configuration group “isis-3” is applied at the lowest level, its configuration elements have precedence. The interface-type configuration element is also inherited from group “isis-3” for the same reason. As explained earlier, the level-capability configuration element from group “isis-1” has lower precedence than the local configured value. The wide-metric-only configuration element from group “isis-3” is not inherited because the group is applied at the interface branch and only configuration elements at that level or lower can be inherited.

(ex)[configure]
A:admin@pe1# info
    groups {
        group "isis-1" {
            router "Base" {
                isis "0" {
                    level-capability 1
                    interface "<int-.*>" {
                        interface-type point-to-point
                        level "2" {
                            metric 10
                        }
                    }
                }
            }
        }
        group "isis-2" {
            router "Base" {
                isis "0" {
                    interface "<int-.*>" {
                        level "2" {
                            metric 20
                        }
                    }
                }
            }
        }
        group "isis-3" {
            router "Base" {
                isis "0" {
                    interface "<int-.*>" {
                        interface-type point-to-point
                        level "2" {
                            metric 30
                        }
                    }
                    level "2" {
                        wide-metrics-only true
                    }
                }
            }
        }
    }
 
<snip>
 
   router "Base" {
        isis 0 {
            apply-groups ["isis-2" "isis-1"]
            admin-state enable
            level-capability 2
            area-address [49.0001.0001]
            interface "int-pe1-pe2" {
                apply-groups ["isis-3"]
            }
        }
    }

The resulting expanded configuration after inheritance is shown as follows:

(ex)[configure]
A:admin@pe1# info inheritance
   router "Base" {
        isis 0 {
            apply-groups ["isis-2" "isis-1"]
            admin-state enable
            level-capability 2
            area-address [49.0001.0001]
            interface "int-pe1-pe2" {
                apply-groups ["isis-3"]
                ## 'interface-type' inherited from group "isis-3"
                interface-type point-to-point
                level 2 {
                    ## 'metric' inherited from group "isis-3"
                    metric 30
                }
            }
        }
    }
Note:

Inheritance rules for a leaf-list are the same as for a single leaf.

It is not possible to add values to an existing leaf-list through configuration group inheritance.

1.4.11.4. Displaying the Expanded Configuration

After configuring and applying configuration groups, the expanded configuration should be reviewed before commit. The expanded configuration at a configuration branch can be displayed with the info inheritance command. By default, this command displays the expanded candidate configuration. To display the expanded running configuration, use info running inheritance.

All statements that are inherited from a configuration group are tagged with a system comment.

(ex)[configure router "Base" isis 0 interface "int-pe1-pe2"]
A:admin@pe1# info inheritance
    ## 'interface-type' inherited from group "isis-1"
    interface-type point-to-point
    level 2 {
        ## 'metric' inherited from group "isis-2"
        metric 20
    }

Use the regular expression pattern match info inheritance | match '^[ ]*##' invert-match to suppress the system comments in the output of info inheritance.

(ex)[configure router "Base" isis 0 interface "int-pe1-pe2"]
A:admin@pe1# info inheritance | match '^[ ]*##' invert-match
    interface-type point-to-point
    level 2 {
        metric 20
    }
Note:

Conflicting matches are detected at validation. The info inheritance command may display an inherited configuration element that is part of a conflicting match criteria.

1.4.11.5. Authentication, Authorization, and Accounting (AAA) in Configuration Groups

User profiles can restrict the configuration branches that a user can change. When configuration groups are used, these user profiles should be enhanced to restrict the creation or inheritance of configuration elements in these branches.

In the following example, user admin2 has no access to the sap-egress configuration branch.

(ex)[configure qos]
A:admin2@pe1# sap-egress high-bw
MINOR: MGMT_CORE #2020: Permission denied - unauthorized use of 'sap-egress'

This is enforced via the following entry in the local user profile:

(ro)[configure system security aaa local-profiles profile "restricted-admin"]
A:admin@pe1# info
<snip>
    entry 200 {
        action deny
        match "configure qos sap-egress"
    }

Using configuration groups, user admin2 can still create or change sap-egress QoS policies:

(ex)[configure groups]
A:admin2@pe1# info
    group "qos-1" {
        qos {
            sap-egress "high-bw" {
                queue "1" {
                    rate {
                        pir 200000
                    }
                }
            }
        }
    }
 
(ex)[configure qos]
A:admin2@pe1# info
    apply-groups ["qos-1"]
 
<snip>

The result of the inheritance is not visible to user admin2 because the info command is also subject to the user profile rules.

(ex)[configure qos]
A:admin2@pe1# info inheritance
    apply-groups ["qos-1"]
    md-auto-id {
        qos-policy-id-range {
            start 1000
            end 2000
        }
    }

The admin user who has full privileges can see the inherited configuration, which includes the sap-egress policy created by user admin2.

(ro)[configure qos]
A:admin@pe1# info inheritance
    apply-groups ["qos-1"]
    md-auto-id {
        qos-policy-id-range {
            start 1000
            end 2000
        }
    }
    ## 'sap-egress "high-bw"' inherited from group "qos-1"
    sap-egress "high-bw" {
        ## 'queue 1' inherited from group "qos-1"
        queue 1 {
            ## 'rate' inherited from group "qos-1"
            rate {
                ## 'pir' inherited from group "qos-1"
                pir 200000
            }
        }
    }
 

To prevent user admin2 from creating sap-egress QoS policies using configuration groups, the AAA profile of the user can be enhanced. For example, an entry can be added in the local user profile:

(ro)[configure system security aaa local-profiles profile "restricted-admin"]
A:admin@pe1# info
<snip>
    entry 200 {
        action deny
        match "configure qos sap-egress"
    }
    entry 210 {
        action deny
        match "configure groups group qos sap-egress"
    }

This configuration removes the privileges for user admin2 to create sap-egress QoS policies using configuration groups:

(ex)[configure groups group "qos-1" qos]
A:admin2@pe1# sap-egress high-bw
MINOR: MGMT_CORE #2020: Permission denied - unauthorized use of 'sap-egress'
 

1.4.11.6. Configuration Group Example

The following configuration is an example of configuring IS-IS interface parameters using configuration groups.

In this example, all backbone IS-IS interface configuration parameters are part of the “isis-bb-interface” configuration group. A regular expression match “<int-.*>” is used to match on all backbone IS-IS interface names that start with “int-“. The system loopback interface does not match the regular expression, so cannot inherit the configuration elements from the group.

The “isis-bb-interface” configuration group is applied at the router “Base”, IS-IS instance 0 branch. When a new IS-IS backbone interface is added with a name that starts with “int-“, it also inherits the configuration elements from the configuration group.

(ex)[configure]
A:admin@pe1# info
    groups {
        group "isis-bb-interface" {
            router "Base" {
                isis "0" {
                    interface "<int-.*>" {
                        hello-authentication-key "KrbVPnF6Dg13PM/biw6ErHmrkAHk" hash
                        hello-authentication-type message-digest
                        hello-padding adaptive
                        hello-authentication true
                        interface-type point-to-point
                    }
                }
            }
        }
    }
 
<snip>
 
    router "Base" {
        isis 0 {
            apply-groups ["isis-bb-interface"]
            admin-state enable
            ipv4-routing true
            ipv6-routing native
            level-capability 2
            area-address [49.0001.0001]
            multi-topology {
                ipv6-unicast true
            }
            interface "int-pe1-pe2" {
            }
            interface "int-pe1-pe3" {
            }
            interface "system" {
                passive true
            }
            level 2 {
                wide-metrics-only true
            }
        }
    }

The resulting expanded configuration after inheritance is shown as follows:

(ex)[configure router "Base" isis 0]
A:admin@pe1# info inheritance
    apply-groups ["isis-bb-interface"]
    admin-state enable
    ipv4-routing true
    ipv6-routing native
    level-capability 2
    area-address [49.0001.0001]
    multi-topology {
        ipv6-unicast true
    }
    interface "int-pe1-pe2" {
        ## 'hello-authentication-key' inherited from group "isis-bb-interface"
        hello-authentication-key "KrbVPnF6Dg13PM/biw6ErHmrkAHk" hash
        ## 'hello-authentication-type' inherited from group "isis-bb-interface"
        hello-authentication-type message-digest
        ## 'hello-padding' inherited from group "isis-bb-interface"
        hello-padding adaptive
        ## 'hello-authentication' inherited from group "isis-bb-interface"
        hello-authentication true
        ## 'interface-type' inherited from group "isis-bb-interface"
        interface-type point-to-point
    }
    interface "int-pe1-pe3" {
        ## 'hello-authentication-key' inherited from group "isis-bb-interface"
        hello-authentication-key "KrbVPnF6Dg13PM/biw6ErHmrkAHk" hash
        ## 'hello-authentication-type' inherited from group "isis-bb-interface"
        hello-authentication-type message-digest
        ## 'hello-padding' inherited from group "isis-bb-interface"
        hello-padding adaptive
        ## 'hello-authentication' inherited from group "isis-bb-interface"
        hello-authentication true
        ## 'interface-type' inherited from group "isis-bb-interface"
        interface-type point-to-point
    }
    interface "system" {
        passive true
    }
    level 2 {
        wide-metrics-only true
    }

The resulting expanded configuration after inheritance is shown as follows, without system comments:

(ex)[configure router "Base" isis 0]
A:admin@pe1# info inheritance | match '^[ ]*##' invert-match
    apply-groups ["isis-bb-interface"]
    admin-state enable
    ipv4-routing true
    ipv6-routing native
    level-capability 2
    area-address [49.0001.0001]
    multi-topology {
        ipv6-unicast true
    }
    interface "int-pe1-pe2" {
        hello-authentication-key "KrbVPnF6Dg13PM/biw6ErHmrkAHk" hash
        hello-authentication-type message-digest
        hello-padding adaptive
        hello-authentication true
        interface-type point-to-point
    }
    interface "int-pe1-pe3" {
        hello-authentication-key "KrbVPnF6Dg13PM/biw6ErHmrkAHk" hash
        hello-authentication-type message-digest
        hello-padding adaptive
        hello-authentication true
        interface-type point-to-point
    }
    interface "system" {
        passive true
    }
    level 2 {
        wide-metrics-only true
    }

1.4.11.7. Caveats

The following caveats apply to configuration groups.

  1. Configuration groups are available only for the model-driven management interface configuration mode.
  2. When configuration groups are used with NETCONF, the <get-config> operation returns the pre-expanded configuration, including the configuration groups definitions and apply-groups configuration elements. The expanded configuration, including the inherited configuration elements, cannot be returned with NETCONF.
  3. When configuration groups are used with gNMI, the Get RPC command returns the pre-expanded configuration, including the configuration groups definitions and apply-groups configuration elements. The expanded configuration, including the inherited configuration elements, cannot be returned with gNMI.

For more information about NETCONF and gNMI, refer to the 7450 ESS, 7750 SR, 7950 XRS, and VSR System Management Guide.

1.4.12. Viewing the Status of the Local Datastores

An MD-CLI session in exclusive configuration mode acquires an explicit lock for both the global candidate and running configuration datastores. This is achieved by executing the edit-config exclusive command.

An explicit lock can also be obtained via:

  1. NETCONF or gRPC sessions. Refer to the 7450 ESS, 7750 SR, 7950 XRS, and VSR System Management Guide for more information.
  2. a private exclusive configuration session. See Exclusive Private Configuration Session for more information.

To view the lock status of the datastores, the following show command is available:

show system management-interface datastore-locks [detail]

The detail option displays information about any model-driven interface session that impacts the datastore locks. MD-CLI read-only sessions, for example, do not impact the datastore locks.

(pr)[]
A:admin@node-1# show system management-interface datastore-locks detail
===============================================================================
Session ID  Region                 Datastore                     Lock State
   Username                        Session Mode                  Idle Time
   Session Type                    From
-------------------------------------------------------------------------------
 69         configure              Candidate, Running            Locked
   admin                           Exclusive                     0d 00:01:48
   MD-CLI                          192.168.144.87
-------------------------------------------------------------------------------
Number of sessions: 1
'#' indicates the current active session
===============================================================================

The configuration-sessions command displays the same information as the datastore-locks detail command, but for all configuration sessions regardless of whether the session has a lock on the datastore.

(pr)[]
A:admin@node-1# show system management-interface configuration-sessions
===============================================================================
Session ID  Region                 Datastore                     Lock State
   Username                        Session Mode                  Idle Time
   Session Type                    From
-------------------------------------------------------------------------------
#65         configure              Candidate                     Unlocked
   admin                           Private                       0d 00:00:00
   MD-CLI                          192.168.144.87
 66         configure              Candidate                     Unlocked
   admin                           Private                       0d 00:05:41
   MD-CLI                          192.168.144.87
 67         configure              Candidate                     Unlocked
   admin                           Private                       0d 00:05:08
   MD-CLI                          192.168.144.87
 68         configure              Candidate                     Unlocked
   admin                           Read-Only                     0d 00:02:25
   MD-CLI                          192.168.144.87
 69         configure              Candidate, Running            Locked
   admin                           Exclusive                     0d 00:01:54
   MD-CLI                          192.168.144.87
-------------------------------------------------------------------------------
Number of sessions: 5
'#' indicates the current active session
===============================================================================

1.4.12.1. Unlocking a Locked Datastore

A datastore lock that has been acquired by any model-driven session can be administratively removed by using the following admin command:

admin disconnect session-id session-id

For example, to disconnect the MD-CLI session indicated in the preceding show command output, issue the admin command as follows:

[]
A:admin@node-2# admin disconnect session-id 10

Disconnecting an MD-CLI session (or any model-driven session, including NETCONF and gRPC) that acquired a datastore lock has the following results:

  1. any uncommitted changes in the candidate configuration datastore are discarded
  2. the session is terminated
  3. the explicit lock is released

1.5. Troubleshooting

1.5.1. Debug commands

The debug command is not natively supported in the MD-CLI. The command can be executed from the classic CLI. The // command can be used to switch to the classic CLI engine from the MD-CLI engine. Both debug and /debug are supported in the classic CLI.

[]
A:admin@node-2# //
INFO: CLI #2051: Switching to the classic CLI engine
A:node-2# debug router bgp packets
A:node-2#
A:node-2# /debug router bgp packets
A:node-2#

1.5.2. Logging Debug Events in the MD-CLI

The following MD-CLI commands can be used to log debug events to an active CLI session.

— configure
— log
— log-id [id] number
— source
— debug boolean
— destination
— cli
— max-entries number

The following example shows the configuration for debug events to be stored in destination CLI log identifier 7. The log entries wrap at 50 entries (the configured value of max-entries).

(ex)[configure log]
A:admin@node-2# log-id 7
 
*(ex)[configure log log-id 7]
A:admin@node-2# source debug
 
*(ex)[configure log log-id 7]
A:admin@node-2# destination cli max-entries 50
 
*(ex)[configure log log-id 7]
A:admin@node-2# info
    source {
        debug true
    }
    destination {
        cli {
            max-entries 50
        }
    }

After the commit command has been issued to include the log in the running configuration, the following tools command can be executed in the CLI session that will be used to display outputs of the debug events. Refer to the 7450 ESS, 7750 SR, 7950 XRS, and VSR System Management Guide for more information about the tools command.

(ex)[tools perform log]
A:admin@node-2# subscribe-to log-id 7
 
(ex)[]
A:admin@node-2#

The events can be displayed using the /show log command and cleared using the /clear log command.

[]
A:admin@node-2# show log log-id log-id 7
===============================================================================
Event Log 7
===============================================================================
Description : (Not Specified)
Log contents  [size=50   next event=2  (not wrapped)]
 
<snip>
 
[]
A:admin@node-2# clear log log-id 7
 
[]
A:admin@node-2#

To terminate the output of the logs to the CLI session, use the unsubscribe-from command as shown.

(ex)[]
A:admin@node-2# tools perform log unsubscribe-from log-id 7
 
(ex)[]
A:admin@node-2#

1.6. MD-CLI Advanced Tips and Features

1.6.1. Discarding Changes in Specific Contexts

The discard command can be used only from the top level of the configuration branch. From any working context (including the configure context), the discard /configure command can be used.

*(ex)[configure router "Base" ospf 0 timers spf-wait]
A:admin@node-2# discard
MINOR: MGMT_CORE #2203: Invalid element - 'discard' not allowed in 'spf-wait'
 
*(ex)[configure router "Base" ospf 0 timers spf-wait]
A:admin@node-2# discard /configure
 
(ex)[configure router "Base" ospf 0 timers spf-wait]
A:admin@node-2#

However, the discard /configure command removes all configuration statements from the candidate configuration datastore. To discard changes from a specific context, the output from the compare command can be used to copy and paste configuration statements from within a working context.

By default, the compare command uses the baseline datastore as the base reference. Therefore, any new configuration in the candidate datastore is displayed with a preceding plus (+) sign. When the compare command uses the candidate datastore as the base reference, the compare output displays any new configuration in the candidate datastore with a preceding minus (-) sign, indicating that these configuration elements are not present in the baseline datastore. The configuration elements preceded with a minus (-) sign can be used to discard configurations from the specific context from which the compare command was issued.

In the following configuration example, the lsa-generate timers are modified.

(ex)[configure router "Base" ospf 0 timers lsa-generate]
A:admin@node-2# info detail
    max-lsa-wait 5000
    lsa-initial-wait 5000
    lsa-second-wait 5000
 
(ex)[configure router "Base" ospf 0 timers lsa-generate]
A:admin@node-2# lsa-initial-wait 1000
 
*(ex)[configure router "Base" ospf 0 timers lsa-generate]
A:admin@node-2# lsa-second-wait 2000
 
*(ex)[configure router "Base" ospf 0 timers lsa-generate]
A:admin@node-2# max-lsa-wait 3000
*(ex)[configure router "Base" ospf 0 timers lsa-generate]
A:admin@node-2# info
    max-lsa-wait 3000
    lsa-initial-wait 1000
    lsa-second-wait 2000

By default, the compare command shows the new configuration using the baseline datastore as the reference:

*(ex)[configure router "Base" ospf 0 timers lsa-generate]
A:admin@node-2# compare
+   max-lsa-wait 3000
+   lsa-initial-wait 1000
+   lsa-second-wait 2000

The following shows the compare command output when the command is executed with the candidate datastore as the reference.

*(ex)[configure router "Base" ospf 0 timers lsa-generate]
A:admin@node-2# compare from candidate to baseline
-   max-lsa-wait 3000
-   lsa-initial-wait 1000
-   lsa-second-wait 2000

To discard the max-lsa-wait and lsa-initial-wait timer changes, the first two lines from the compare command output can be copied and pasted while in the specified context. The info detail command shows that the timer changes have reverted to their default values.

*(ex)[configure router "Base" ospf 0 timers lsa-generate]
A:admin@node-2# -   max-lsa-wait 3000
 
*(ex)[configure router "Base" ospf 0 timers lsa-generate]
A:admin@node-2# -   lsa-initial-wait 1000
 
*(ex)[configure router "Base" ospf 0 timers lsa-generate]
A:admin@node-2#
 
*(ex)[configure router "Base" ospf 0 timers lsa-generate]
A:admin@node-2# info detail
    max-lsa-wait 5000
    lsa-initial-wait 5000
    lsa-second-wait 2000
 
*(ex)[configure router "Base" ospf 0 timers lsa-generate]
A:admin@node-2#