This command specifies the range of indexes used by SROS to automatically assign an index to ETH-CFM associations that are created in model-driven interfaces without an index explicitly specified by the user or client.

An association created with an explicitly-specified index cannot use an index in this range. In classic CLI and SNMP, the ID range cannot be changed while objects exist inside the previous or new range. In MD interfaces, the range can be changed, which causes any previously existing objects in the previous ID range to be deleted and re-created using a new ID in the new range.

The no form of this command removes the range values.

See the md-auto-id command for further details.

This command specifies the MAC address to match.

The no form of this command reverts to the default.

This command assigns a specific MAC address to a VPRN IP interface.

The no form of this command returns the MAC address of the IP interface to the default value.

This command shows PPP packets for the specified MAC address.

This command specifies the 48-bit IEEE 802.3 MAC address.

The no form of the command reverts to the default.

This command assigns a specific MAC address to an IES IP interface.

For Routed Central Office (CO), a group interface has no IP address explicitly configured but inherits an address from the parent subscriber interface when needed. For example, a MAC will respond to an ARP request when an ARP is requested for one of the IPs associated with the subscriber interface through the group interface.

The no form of this command returns the MAC address of the IP interface to the default value.

This command relates to a system configured for Dual Homing in L2-TPSDA. It defines the MAC address used when the system sends out a gratuitous ARP on an active SAP after a ring heals or fails in order to attract traffic from subscribers on the ring with connectivity to that SAP.

The no form of this command reverts to the default.

This command assigns a specific MAC address to an Ethernet port, Link Aggregation Group (LAG), Ethernet tunnel, or BCP-enabled port or sub-port.

Only one MAC address can be assigned to a port. When multiple mac commands are entered, the last command overwrites the previous command. When the command is issued while the port is operational, IP will issue an ARP, if appropriate, and BPDUs are sent with the new MAC address.

The no form of this command returns the MAC address to the default value.

This command assigns a specific MAC address to an Ethernet port, Link Aggregation Group (LAG), Ethernet tunnel, or BCP-enabled port or sub-port.

Only one MAC address can be assigned to a port. When multiple mac commands are entered, the last command overwrites the previous command. When the command is issued while the port is operational, IP will issue an ARP, if appropriate, and BPDUs are sent with the new MAC address.

The no form of this command returns the MAC address to the default value.

This command configures the proxy ARP or ND MAC address information.

The no form of the command deletes the MAC address.

This command assigns a conditional static MAC address entry to an SPBM B-VPLS SAP/spoke-SDP allowing external MACs for single and multi-homed operation.

For the 7450 ESS or 7750 SR, this command also assigns a conditional static MAC address entry to an EVPN VPLS SAP/spoke-SDP.

Static MACs are used for PBB Epipe and I-VPLS services that may terminate external to SPBM. If this is configured under a Control B-VPLS the interface referenced will not use IS-IS for this neighbor. This may also be configured under a User B-VPLS where the corresponding interface is not supported under the Control B-VPLS.

This command assigns a specific MAC address to an Ipipe SAP.

The no form of this command returns the MAC address of the SAP to the default value.

This command associates an existing MAC filter policy with the template.

This command is only supported in 'classic' configuration-mode (configure system management-interface configuration-mode classic).

This command associates an existing IP filter policy with the template.

This command adds a protected MAC address entry.

The no form of this command removes the protected MAC address entry.

This command assigns a specific MAC address to a VPLS IP interface.

For Routed Central Office (CO), a group interface has no IP address explicitly configured but inherits an address from the parent subscriber interface when needed. For example, a MAC will respond to an ARP request when an ARP is requested for one of the IPs associated with the subscriber interface through the group interface.

The no form of this command returns the MAC address of the IP interface to the default value.

This command associates an existing IP filter policy with the template.

This command displays ARP host events for a particular MAC address.

This command shows IGMP packets for the specified MAC address.

The no form of this command disables the MAC debugging.

This command shows MLD packets for the specified MAC address.

The no form of this command disables the MAC debugging.

This command displays Subscriber Host Connectivity Verification (SHCV) events for a particular MAC address.

This command assigns a specific MAC address to an IES IP interface.

The no form of this command returns the MAC address of the IP interface to the default value.

This command assigns a specific MAC address to an IES IP interface.

The no form of this command returns the MAC address of the IP interface to the default value.

This command monitors the counters associated with the specified entry of the specified MAC filter policy.

This command enables MAC filter monitoring. The statistical information for the specified MAC filter entry displays at the configured interval until the configured count is reached.

The first screen displays the current statistics related to the specified MAC filter. The subsequent statistical information listed for each interval is displayed as a delta to the previous display. When the keyword rate is specified, the rate-per-second for each statistic is displayed instead of the delta.

Monitor commands are similar to show commands but only statistical information displays. Monitor commands display the selected statistics according to the configured number of times at the interval specified.

This command assigns a specific MAC address to an IP interface. Only one MAC address can be assigned to an IP interface. When multiple mac commands are entered, the last command overwrites the previous command.

The no form of this command returns the MAC address of the IP interface to the default value.

This command sets an explicit MAC address used by the virtual router instance overriding the VRRP default derived from the VRID.

Changing the default MAC address is useful when an existing HSRP or other non-VRRP default MAC is in use by the IP hosts using the virtual router IP address. Many hosts do not monitor unessential ARPs and continue to use the cached non-VRRP MAC address after the virtual router becomes master of the host’s gateway address.

The mac command sets the MAC address used in ARP responses when the virtual router instance is master. Routing of IP packets with mac-address as the destination MAC is also enabled. The mac setting must be the same for all virtual routers participating as a virtual router or indeterminate connectivity by the attached IP hosts will result. All VRRP advertisement messages are transmitted with mac-address as the source MAC.

The command can be configured in both non-owner and owner vrrp nodal contexts.

The mac command can be executed at any time and takes effect immediately. When the virtual router MAC on a master virtual router instance changes, a gratuitous ARP is immediately sent with a VRRP advertisement message. If the virtual router instance is disabled or operating as backup, the gratuitous ARP and VRRP advertisement message is not sent.

The no form of the command restores the default VRRP MAC address to the virtual router instance.

This command displays monitor command statistics for MAC filter entries.

This command monitors statistics for the MAF MAC filter entry.

This command allows the user to configure SSH MAC algorithms for SR OS as an SSH server or an SSH client.

The no form of this command removes the specified mac index.

This command enables the generation of the client MAC address RADIUS attribute.

The no form of this command disables the generation of the client MAC address RADIUS attribute.

This command enables matching on UEs with the specified MAC address.

The no form of this command disables matching on the MAC address.

This command specifies the MAC address of the MEP.

The no form of this command reverts the MAC address of the MEP back to that of the port (if the MEP is on a SAP) or the bridge (if the MEP is on a spoke SDP).

This command specifies the MAC address of the MEP.

The no form of this command reverts to the MAC address of the MEP back to the default, that of the port, since this is SAP based.

This command specifies the MAC address of the MEP.

The no form of this command reverts the MAC address of the MEP back to that of the port (if the MEP is on a SAP) or the bridge (if the MEP is on a spoke).

This command specifies the MAC address of the MEP.

The no form of this command reverts the MAC address of the MEP back to that of the port (if the MEP is on a SAP) or the bridge (if the MEP is on a spoke).

This command assigns a specific MAC address to an IP interface.

The no form of this command returns the MAC address of the IP interface to the default value.

This command enables the generation of the client MAC address RADIUS attribute.

This command configures the MAC address for the associated satellite chassis. This MAC address is used to validate the identity of an satellite that attempts to associate with the local host.

The no form of the command deletes the MAC address for the associated satellite.

The mac-advertisement command enables the advertisement in BGP of the learned macs on SAPs and SDP bindings. When the mac-advertisement is disabled, the local macs will be withdrawn in BGP.

The mac-criteria based SAP ingress policies are used to select the appropriate ingress queue and corresponding forwarding class for matched traffic.

This command is used to enter the node to create or edit policy entries that specify MAC criteria.

Router implementation will exit on the first match found and execute the actions in accordance with the accompanying action command. For this reason, entries must be sequenced correctly from most to least explicit.

The no form of this command deletes all the entries specified under this node. When mac-criteria entries are removed from a SAP ingress policy, the mac-criteria is removed from all services where that policy is applied.

This command specifies whether subscriber traffic egressing a LAG SAP has its egress LAG link selected by a function of the MAC destination address instead of the subscriber ID.

This command is only meaningful if subscriber management is enabled and can be configured for a VPLS service.

The no form of this command reverts to the default.

This command specifies whether subscriber traffic egressing a LAG SAP has its egress LAG link selected by a function of the MAC destination address instead of the subscriber ID.

The no form of this command reverts to the default setting.

This command enables the context to configure the BGP EVPN MAC duplication parameters.

This command enables mirroring of packets that match specific entries in an existing MAC filter.

The mac-filter command directs packets which match the defined list of entry IDs to be mirrored to the mirror destination referenced by the mirror-dest-service-id of the mirror-source.

The MAC filter must already exist in order for the command to execute. Filters are configured in the config>filter context. If the MAC filter does not exist, an error will occur. If the filter exists but has not been associated with a SAP or IP interface, an error is not be generated but mirroring will not be enabled (there are no packets to mirror). Once the filter is defined to a SAP or MAC interface, mirroring is enabled.

If the MAC filter is defined as ingress, only ingress packets are mirrored. Ingress mirrored packets are mirrored to the mirror destination prior to any ingress packet modifications.

If the MAC filter is defined as egress, only egress packets are mirrored. Egress mirrored packets are mirrored to the mirror destination after all egress packet modifications.

An entry-id within a MAC filter can only be mirrored to a single mirror destination. If the same entry-id is defined multiple times, an error occurs and only the first mirror-source definition is in effect.

By default, no packets matching any MAC filters are mirrored. Mirroring of MAC filter entries must be explicitly defined.

The no mac-filter command, without the entry keyword, removes mirroring on all entry-id’s within the mac-filter-id.

When the no command is executed with the entry keyword and one or more entry-id’s, mirroring of that list of entry-id’s is terminated within the mac-filter-id. If an entry-id is listed that does not exist, an error will occur and the command will not execute. If an entry-id is listed that is not currently being mirrored, no error will occur for that entry-id and the command will execute normally.

This command configures to which normal MAC filters the entry reservation is applied.

This command is only supported in 'classic' configuration-mode (configure system management-interface configuration-mode classic).

Specifies the MAC filter(s) into which the entries from the specified li-mac-filter are to be inserted. The li-mac-filter and mac-filter must already exist before the association is made. If the normal MAC filter is deleted then the association is also removed (and not re-created if the MAC filter comes into existence in the future).

The no form of this command removes the MAC filter ID from the configuration.

This command enables lawful interception (LI) of packets that match specific entries in an existing MAC filter. Multiple entries can be created using unique entry-id numbers within the filter. The router implementation exits the filter on the first match found and executes the actions in accordance with the accompanying action command. For this reason, entries must be sequenced correctly from most to least explicit.

An entry may not have any match criteria defined (in which case, everything matches) but must have at least the keyword action for it to be considered complete. Entries without the action keyword will be considered incomplete and hence will be rendered inactive.

An entry-id within an MAC filter can only be intercepted to a single destination. If the same entry-id is defined multiple times, an error occurs and only the first definition is in effect.

The no form of this command removes the specified entry from the IP or MAC filter. Entries removed from the IP or MAC filter are immediately removed from all services or network ports where that filter is applied.

This command enables mirroring of packets that match specific entries in an existing MAC filter.

The mac-filter command directs packets which match the defined list of entry IDs to be mirrored to the mirror destination referenced by the mirror-dest-service-id of the mirror-source.

The MAC filter must already exist in order for the command to execute. Filters are configured in the config>filter context. If the MAC filter does not exist, an error will occur. If the filter exists but has not been associated with a SAP or IP interface, an error is not be generated but mirroring will not be enabled (there are no packets to mirror). Once the filter is defined to a SAP or MAC interface, mirroring is enabled.

If the MAC filter is defined as ingress, only ingress packets are mirrored. Ingress mirrored packets are mirrored to the mirror destination prior to any ingress packet modifications.

If the MAC filter is defined as egress, only egress packets are mirrored. Egress mirrored packets are mirrored to the mirror destination after all egress packet modifications.

An entry-id within a MAC filter can only be mirrored to a single mirror destination. If the same entry-id is defined multiple times, an error occurs and only the first mirror-source definition is in effect.

By default, no packets matching any MAC filters are mirrored. Mirroring of MAC filter entries must be explicitly defined.

The no mac-filter command, without the entry keyword, removes mirroring on all entry-id’s within the mac-filter-id.

When the no command is executed with the entry keyword and one or more entry-id’s, mirroring of that list of entry-id’s is terminated within the mac-filter-id. If an entry-id is listed that does not exist, an error will occur and the command will not execute. If an entry-id is listed that is not currently being mirrored, no error will occur for that entry-id and the command will execute normally.

This command, creates a configuration context for the specified MAC filter policy.

The no form of the command deletes the MAC filter policy. A filter policy cannot be deleted until it is removed from all objects where it is applied.

This command configures a management access MAC-filter.

This command enables the context to configure CPM MAC-filter parameters.

This command copies an existing filter entry for a specific filter ID to another filter ID. The copy command is a configuration level maintenance tool used to create new entries using an existing filter policy. If overwrite is not specified, an error will occur if the destination filter entry exists.

This command configures a MAC filter in which the reservation is done through name.

The no form of this command removes the MAC filter name.

This command associates a MAC filter with a specified LI MAC filter through its name.

The no form of this command removes the MAC filter name.

This command specifies the format of MAC address used for matching incoming DHCP DISCOVER against the RADIUS proxy cache.

The no form of this command reverts to the default.

This command configures the format of the MAC address when reported in Gx, Gy, or NASREQ application message AVPs such as Calling-Station-Id or User-Name.

The no form of this command resets the command to the default setting.

This command configures how the MAC address is represented by the RADIUS proxy server.

This command configures additional methods by which the BNG learns the subscriber host MAC.

This command associates this IPv6 host to the specified IPv4 host through the learned MAC address. A learned MAC from the IPv6 host is associated with the IPv4 host and vice versa.

The no form of this command removes the IP address from the configuration.

This command creates a list of MAC addresses that can be pointed at from the service for a specified IP. The list may contain up to 10 MAC addresses; an empty list is also allowed.

The MAC list allows on-the-fly changes, but a change in the list deletes the proxy entries for all the IPs using that list.

The no form of the command deletes the entire MAC-list. Deleting a MAC list is only possible if it is not referenced in the configuration.

This command associates a previously created MAC list to a dynamic IP. The MAC list is created using the config>service>proxy-arp-nd>mac-list command.

The no form of the command deletes the association of the MAC list and the dynamic IP.

This command configures a MAC list name. The MAC list is composed of a list of MAC addresses and masks, which along with Auto-Learn Mac Protect (ALMP) can be used to exclude certain MACs from being protected in a given object. This is typically used on SAPs and spoke SDPs configured with ALMP where certain MACs must be able to move to other objects (for example, VRRP virtual MACs).

The no form of this command removes the MAC list name.

This command enters the context to configure MAC move attributes. A sustained high re-learn rate can be a sign of a loop somewhere in the VPLS topology. Typically, STP detects loops in the topology, but for those networks that do not run STP, the mac-move feature is an alternative way to protect your network against loops.

When enabled in a VPLS, mac-move monitors the re-learn rate of each MAC. If the rate exceeds the configured maximum allowed limit, it disables the SAP where the source MAC was last seen. The SAP can be disabled permanently (until a shutdown/no shutdown command is executed) or for a length of time that grows linearly with the number of times the specified SAP was disabled. You have the option of marking a SAP as non-blockable in the config>service>vpls>sap>limit-mac-move or config>service>vpls>spoke-sdp>limit-mac-move contexts. This means that when the re-learn rate has exceeded the limit, another (blockable) SAP will be disabled instead.

The mac-move command enables the feature at the service level for SAPs and spoke-SDPs, as only those objects can be blocked by this feature. Mesh SDPs are never blocked, but their re-learn rates (sap-to-mesh/spoke-to-mesh or vice versa) are still measured.

The operation of this feature is the same on the SAP and spoke-SDP. For example, if a MAC address moves from SAP to SAP, from SAP to spoke-SDP, or between spoke-SDPs, one will be blocked to prevent thrashing. If the MAC address moves between a SAP and mesh SDP or spoke-SDP and mesh SDP combinations, the respective SAP or spoke-SDP will be blocked.

mac-move will disable a VPLS port when the number of relearns detected has reached the number of relearns needed to reach the move-frequency in the 5-second interval. For example, when the move-frequency is configured to 1 (relearn per second) mac-move will disable one of the VPLS ports when 5 relearns were detected during the 5-second interval because then the average move-frequency of 1 relearn per second has been reached. This can already occur in the first second if the real relearn rate is 5 relearns per second or higher.

The no form of this command disables MAC move.

When a sap is instantiated using vpls-sap-template, if the MAC move feature is enabled at VPLS level, the command mac-move-level indicates whether the sap should be populated as primary-port, secondary-port or tertiary-port in the instantiated VPLS.

This command configures the MAC name for the MAC address. It associates an ASCII name with an IEEE MAC to improve the PBB Epipe configuration. It can also change the dest-BMAC in one place instead of 1000s of Epipe.

This command controls the settings for the MAC notification message.

The mac-notification message must be generated under the following events:

The MAC notification is not sent for the following events:

This command controls the settings for the MAC notification message.

The mac-notification message must be generated under the following events:

The MAC notification is not sent for the following events:

This command determines the existence of an egress SAP binding of a given MAC within a VPLS service.

A mac-ping packet is sent via the data plane.

A mac-ping is forwarded along the flooding domain if no MAC address bindings exist. If MAC address bindings exist, then the packet is forwarded along those paths, provided they are active. A response is generated only when there is an egress SAP binding for that MAC address or if the MAC address is a “local” OAM MAC address associated with the device’s control plan.

A mac-ping reply can be sent using the data plane or the control plane. The return-control option specifies the reply be sent using the control plane. If return-control is not specified, the request is sent using the data plane.

A mac-ping with data plane reply can only be initiated on nodes that can have an egress MAC address binding. A node without a FDB and without any SAPs cannot have an egress MAC address binding, so it is not a node where replies in the data plane are trapped and sent up to the control plane.

A control plane request is responded to via a control plane reply only.

By default, MAC OAM requests are sent with the system or chassis MAC address as the source MAC. The source option allows overriding of the default source MAC for the request with a specific MAC address.

When a source ieee-address value is specified and the source MAC address is locally registered within a split horizon group (SHG), then this SHG membership is used as if the packet originated from this SHG. In all other cases, SHG 0 (zero) is used. If the mac-trace is originated from a non-zero SHG, such packets do not go out to the same SHG.

This command disables re-learning of MAC addresses on other SAPs within the VPLS. The MAC address will remain attached to a given SAP for duration of its age-timer.

The age of the MAC address entry in the FDB is set by the age timer. If mac-aging is disabled on a given VPLS service, any MAC address learned on a SAP or SDP with mac-pinning enabled will remain in the FDB on this SAP or SDP forever.

Every event that would otherwise result in re-learning is logged (MAC address; original-SAP; new-SAP).

The no form of the command enables re-learning of MAC addresses.

Note: MAC addresses learned during DHCP address assignment (DHCP snooping enabled) are not impacted by this command. MAC-pinning for such addresses is implicit.

Enabling this command will disable re-learning of MAC addresses on other SAPs within the service. The MAC address will remain attached to a given SAP for duration of its age-timer.

The age of the MAC address entry in the FDB is set by the age timer. If mac-aging is disabled on a given VPLS service, any MAC address learned on a SAP or SDP with mac-pinning enabled will remain in the FDB on this SAP or SDP forever. Every event that would otherwise result in re-learning will be logged (MAC address; original-SAP; new-SAP).

Note: For 7750 SR and 7450 ESS, MAC addresses learned during DHCP address assignment (DHCP snooping enabled) are not impacted by this command. MAC-pinning for such addresses is implicit.

This command configures MAC address policy groups.

The no form of this command removes the MAC address policy group configuration.

This command populates the FDB with an OAM-type MAC entry indicating the node is the egress node for the MAC address and optionally floods the OAM MAC association throughout the service. The mac-populate command installs an OAM MAC into the service FDB indicating the device is the egress node for a MAC address. The MAC address can be bound to a SAP (the target-sap) or can be associated with the control plane in that any data destined to the MAC address is forwarded to the control plane (CPM). As a result, if the service on the node has neither a FDB nor an egress SAP, then it is not allowed to initiate a mac-populate.

The MAC address that is populated in the FDBs in the provider network is given a type OAM, so that it can be treated distinctly from regular dynamically learned or statically configured MACs. Note that OAM MAC addresses are operational MAC addresses and are not saved in the device configuration. An exec file can be used to define OAM MACs after system initialization.

The force option in mac-populate forces the MAC in the table to be type OAM in the case it already exists as a dynamic, static or an OAM induced learned MAC with some other type binding.

An OAM-type MAC cannot be overwritten by dynamic learning and allows customer packets with the MAC to either ingress or egress the network while still using the OAM MAC entry.

The flood option causes each upstream node to learn the MAC (that is, populate the local FDB with an OAM MAC entry) and to flood the request along the data plane using the flooding domain. The flooded mac-populate request is sent via the data plane.

An age can be provided to age an OAM MAC using a specific interval. By default, OAM MAC addresses are not aged and can be removed with a mac-purge or with an FDB clear operation.

When split horizon group (SHG) is configured, the flooding domain depends on which SHG the packet originates from. The target-sap sap-id value dictates the originating SHG information.

This command configures the unique MAC prefix per ISA and per outside service for all NAT group configured for service-chaining.

The no form of this command removes the MAC prefix from the configuration.

This command indicates if this MAC is protected on the MAC protect list. When enabled, the agent will protect the MAC from being learned or re-learned on a SAP, spoke SDP or mesh SDP that has restricted learning enabled. The MAC protect list is used in conjunction with restrict-protected-src, restrict-unprotected-dst and auto-learn-mac-protect.

The no form of the command reverts to the default.

This command removes an OAM-type MAC entry from the FDB and optionally floods the OAM MAC removal throughout the service. A mac-purge can be sent via the forwarding path or via the control plane.

When sending the MAC purge using the data plane, the TTL in the VC label is set to 1.

A MAC address is purged only if it is marked as OAM. A mac-purge request is an HVPLS OAM packet, with the following fields. The Reply Flags is set to 0 (since no reply is expected), the Reply Mode and Reserved fields are set to 0. The Ethernet header has source set to the (system) MAC address, the destination set to the broadcast MAC address. There is a VPN TLV in the FEC Stack TLV to identify the service domain.

If the register option is provided, the R bit in the Address Delete flags is turned on.

The flood option causes each upstream node to be sent the OAM MAC delete request and to flood the request along the data plane using the flooding domain. The flooded mac-purge request is sent via the data plane.

The register option reserves the MAC for OAM testing where it is no longer an active MAC in the FDB for forwarding, but it is retained in the FDB as a registered OAM MAC. Registering an OAM MAC prevents relearns for the MAC based on customer packets. Relearning a registered MAC can only be done through a mac-populate request. The originating SHG is always 0 (zero).

This command specifies the interval between ARP requests sent on this Ipipe SAP. When the SAP is first enabled, an ARP request will be sent to the attached CE device and the received MAC address will be used in addressing unicast traffic to the CE. Although this MAC address will not expire while the Ipipe SAP is enabled and operational, it is verified by sending periodic ARP requests at the specified interval.

The no form of this command restores mac-refresh to the default value.

This command specifies the number of bits to be considered when performing MAC learning (MAC source) and MAC switching (MAC destination). Specifically, this value identifies how many bits, starting from the beginning of the MAC address are used. For example, if the mask-value of 28 is used, MAC learning only performs a lookup for the first 28 bits of the source MAC address when comparing with existing FDB entries. Then, it installs the first 28 bits in the FDB while zeroing out the last 20 bits of the MAC address. When performing switching in the reverse direction, only the first 28 bits of the destination MAC address are used to perform a FDB lookup to determine the next hop.

The no form of this command switches back to full MAC lookup.

This command displays the hop-by-hop path for a destination MAC address within a VPLS.

The MAC traceroute operation is modeled after the IP traceroute utility which uses ICMP echo request and reply packets with increasing TTL values to determine the hop-by-hop route to a destination IP. The MAC traceroute command uses Nokia OAM packets with increasing TTL values to determine the hop-by-hop route to a destination MAC.

In a MAC traceroute, the originating device creates a MAC ping echo request packet for the MAC to be tested with increasing values of the TTL. The echo request packet is sent via the data plane and awaits a TTL exceeded response or the echo reply packet from the device with the destination MAC. The devices that reply to the echo request packets with the TTL exceeded and the echo reply are displayed.

When a source ieee-address value is specified and the source MAC address is locally registered within a split horizon group (SHG), then this SHG membership is used as if the packet originated from this SHG. In all other cases, SHG 0 (zero) is used. Note that if the mac-ping is originated from a non-zero SHG, such packets do not go out to the same SHG.

This command enables MAC address translation for HLE services.

The no form of this command disables MAC address translation for HLE services.

This command enables the context for MACsec configuration. The MACsec MKA profile can be configured under this command.

This command configures MACsec under this port.

This command specifies that all PDUs are encrypted and authenticated (ICV payload).

The no form of this command specifies that all PDUs are transmitted with clear text, but still authenticated and have the trailing ICV.

This command allows loopback detection to be enabled and disabled for MLPPP bundles. It is disabled by default. When the magic number option is disabled, the magic number option will not be requested when a member is trying to bring up the LCP layer on a member link; if the remote peer requests this option, it will be rejected. When transmitting echo-requests a magic number of 0 is used. When responding to echo-requests a magic number of 0 is sent.

The magic number option is sent to the remote peer during protocol negotiation. If this option is rejected by the remote peer, the router will bring the link up but will be unable to detect loopbacks since the router will always send a magic number of 0 in the echo messages. If this option is accepted by the remote peer, the router will send echo messages with randomly generated magic-numbers. If the SR receives a config-req with the same magic number that was sent out, the router will calculate a new magic number to use and send out another config-request. If the router is persistently seeing the randomly generated magic number in the received config-req, the router will declare a loopback.

The no form of this command disables the loopback detection.

This command configures the maximum number of retries the LSP primary path should be retried with the LSP Diff-Serv main Class Type (CT).

When an unmapped LSP primary path goes into retry, it uses the main CT until the number of retries reaches the value of the new main-ct-retry-limit parameter. If the path did not come up, it must start using the backup CT at that point in time. By default, this parameter is set to infinite value. The new main-ct-retry-limit parameter has no effect on an LSP primary path which retries due to a failure event.

An unmapped LSP primary path is a path which has never received a Resv in response to the first Path message sent. This can occur when performing a “shut/no-shut” on the LSP or LSP primary path or when the node reboots. An unmapped LSP primary path goes into retry if the retry timer expired or the head-end node received a PathErr message before the retry timer expired.

If the user entered a value of the main-ct-retry-limit parameter that is greater than the value of the LSP retry-limit, the number of retries will still stop when the LSP primary path reaches the value of the LSP retry-limit. In other words, the meaning of the LSP retry-limit parameter is not changed and always represents the upper bound on the number of retries. The unmapped LSP primary path behavior applies to both CSPF and non-CSPF LSPs.

The no form of this command sets the parameter to the default value of zero (0) which means the LSP primary path will retry forever.

This command configures a named maintenance policy that can be applied to SR Policy candidate paths that are either statically configured or imported via BGP. A maintenance policy is used to configure seamless BFD and protection for an SR Policy candidate path.

A maintenance policy must be administratively disabled in order to change any of the parameters.

A maintenance policy cannot be enabled unless a mode, bfd-enable, and bfd-template are configured.

If a maintenance-template is administratively disabled, then all candidate paths to which it is applied are deprogrammed from the data path.

The no form of this command removes the specified maintenance policy.

This command applies a named maintenance policy to the static SR policy path. The maintenance policy must exist under the config>router>segment-routing context.

The no form of this command removes the specified maintenance policy.

This command sets or resets managed address configuration flag for this group-interface. This flag indicates that DHCPv6 is available for address configuration in addition to any address auto-configured using stateless address auto-configuration. See RFC 3315 for additional details.

The no form of this command reverts to the default.

This command enables the context to configure managed route parameters.

This command enables the context to configure VLAN ranges to be managed by a management VPLS. The list indicates, for each SAP, the ranges of associated VLANs that are affected when the SAP changes state.

This command is only valid when the VPLS in which it is entered was created as a management VPLS.

This command enters the context to configure VLAN ranges to be managed by a management VPLS. The list indicates, for each SAP, the ranges of associated VLANs that will be affected when the SAP changes state. This managed-vlan-list is not used when STP mode is MSTP in which case the vlan-range is taken from the config>service>vpls>stp>msti configuration.

This command is only valid when the VPLS in which it is entered was created as a management VPLS.

This command enters the node management configuration within VPRN.

This command enables the context to allow access to management servers.

This command enables the context to monitor management-access filters. These filters are configured in the config>system>security>mgmt-access-filter context.

This command creates the context to edit management access filters and to reset match criteria.

Management access filters control all traffic in and out of the CPM. They can be used to restrict management of the router by other nodes outside either specific (sub)networks or through designated ports.

Management filters, as opposed to other traffic filters, are enforced by system software.

The no form of this command removes management access filters from the configuration.

This command enables the context to configure management interface parameters.

This command enables the context for choosing a management interface for hash configuration. The management interfaces are classic-cli, md-cli, netconf, or grpc.

This command configures a name for the manager. This name identifies the given SR OS node in the network.

The no form of this command removes the manager configuration.

This command configures the destination IP address or FQDN of the manager.

The no form of this command removes the configured IP address or FQDN of the configured manager.

This command assigns a destination TCP port to be used for opening gRPC connections to the specified manager.

The no form of this command reverts the destination TCP port for the manager to the default gRPC port (57400).

This command enables the context to manually configure the service-carving algorithm, that is, configure the EVIs or ISIDs for which the PE is DF.

This command configures Security Association (SA) for manual keying. When enabled, the command specifies whether this SA entry is created manually, by the user, or dynamically by the IPsec sub-system.

This command is applicable to prefixes in deterministic NAT (LSN44 and DS-Lite) and static 1:1 NAT (LSN44). In deterministic NAT, its purpose is to split the number of subscribers within the configured prefix over available sequence of outside IP addresses. In static 1:1 NAT, its purpose it to statically map source IPv4 address of an LSN44 subscriber to a configured IPv4 address on the public side.

In deterministic NAT, there are several rules guiding the usage of the map statement:

To modify map statements in classic CLI, the corresponding prefix must be in a shutdown mode.

In classic CLI, map statements can be configured automatically by the system, as soon as the prefix is enabled (no shutdown state) or they can be configured manually by the operator while the prefix is disabled.

In MD-CLI, the map statement must be configured by the operator, but the tools perform nat deterministic calculate-maps command can be used to produce system-generated maps. The calculate-maps command outputs a set of system-generated map statements. The map parameters can then be copied and pasted into an MD-CLI candidate configuration by the operator.

The following is an example of the map statement for the LSN44 case:

Since each outside IP address can accommodate only 128 hosts, the subscribers (IPv4 addresses in LSN44) from the 10.0.0.0/24 prefix will be split and mapped into two outside IP addresses

10.0.0.0 – 10.0.0.127 (10.0.0.0/25) - 192.168.0.1

10.0.0.128 – 10.0.0.255 (10.0.0.128/25) - 192.168.0.2

The first IP address range will be mapped to the ‘to’ address in the map statement => 192.168.0.1. The second IP address range will be mapped into the next consecutive IP address in the pool assuming that this IP address is free. In this case this consecutive address (192.168.0,2) would not be shown in the map statement.

For Deterministic DS-Lite, the example would be:

There are 256 DS-Lite subscribers within the 2001:db8::/56 prefix. Each subscriber will be a /64 IPv6 prefix as dictated by the subscriber-prefix-length command.

Since each outside IP address can accommodate only 128 hosts, the subscribers from the 2001:db8::/56 prefix will be split and mapped into two outside IP addresses

2001:db8:: – 2001:db8:0:7F:: (2001:db8::/57) - 192.168.0.1

2001:db8:0:80:: – 2001:db8:0:FF::(2001:db8:0:FF::/57) - 192.168.0.2

The first IP prefix range will be mapped to the ‘to’ address in the map statement => 192.168.0.1. The second IP prefix range will be mapped into the next consecutive IP address in the pool assuming that this IP address is free. In this case this consecutive address (192.168.0,2) would not be shown in the map statement.

This command enables/disables support for the map opcode.

This command creates a MAP domain template, which is used to define MAP rules and parameters specific to the MAP domain. A MAP domain represents a set of CEs that share the same default gateway (BR's IPv6 prefix - DMR rule) and a set of basic MAP rules (BMRs). As a bordering node between the IPv6 and IPv4 realm, the BR performs stateless IPv4 and IPv6 translation based on MAP rules.

A MAP domain can be instantiated within a routing context by referencing an existing MAP domain template in the context.

This command instantiates a MAP-T domain within a routing context, assuming that the MAP-T domain template is administratively enabled (no shutdown). When the MAP-T is instantiated, the forwarding for the MAP-T domain is enabled and its routes can be exported in routing protocols.

Multiple MAP-T domains can be instantiated within a routing context.

Interactions:

The referenced MAP domain is defined under the config>service>nat hierarchy.

This command configures the ATM cell mapping for DS-3 channels. The mapping value specifies the cell mapping that is to be used on this ATM interface.

This command specifies the maximum number of UPnP mapping per subscriber.

The no form of the command reverts to the default.

This command provides a CLI context for configuring MAP rules.

This command configures the context for the Segment Routing mapping server feature in an IS-IS instance.

SR mapping server enables the configuration and advertisement, via IS-IS, of the node SID index for IS-IS prefixes of routers which are in the LDP domain. This is performed in the router acting as a mapping server, which uses a prefix-SID sub-TLV within the SID/Label binding TLV in IS-IS.

The no form of this command deletes all node SID entries in the IS-IS instance.

This command configures the context for the Segment Routing mapping server feature in an OSPF instance.

The mapping server feature allows the configuration and advertisement in OSPF of the node SID index for OSPF prefixes of routers which are in the LDP domain. This is performed in the router acting as a mapping server and using a prefix-SID sub-TLV within the Extended Prefix Range TLV in OSPF.

The no form of this command deletes all node SID entries in the OSPF instance.

This command remaps the forwarding class and profile state of an egress policed packet that is to be mapped to another forwarding class and profile, where the profile state is that of the resulting profile after the packet has been processed by the egress policer.

The new forwarding class is used to select the egress queue on which the post-policer traffic is placed. The new profile is used to determine the congestion control handling in that queue, specifically the drop tail or slope that is applied to the traffic.

The maps-to command parameters can be overwritten by reissuing the command with a different FC or profile.

The traffic remarking is based on the marking configured for the forwarding class and profile of the traffic after being policed but before it is remapped.

This command enables a watermark notification. If the watermark is set, it generates a notification when the corresponding resource consumption goes above the high percentage. No additional notifications are sent until resource consumption goes under the low watermark, upon which, a notification is sent indicating the high watermark is no longer hit.

The no form of this command disables the watermark notification.

This command configures the IPoE mask.

The no form of this command removes the mask parameters from the configuration.

The mask value and the mask type, along with the oid-value configured in the view command, determines the access of each sub-identifier of an object identifier (MIB subtree) in the view.

Each bit in the mask corresponds to a sub-identifier position. For example, the most significant bit for the first sub-identifier, the next most significant bit for the second sub-identifier, and so on. If the bit position on the sub-identifier is available, it can be included or excluded.

For example, the MIB subtree that represents MIB-II is 1.3.6.1.2.1. The mask that catches all MIB-II would be 0xfc or 0b11111100.

Only a single mask may be configured per view and OID value combination. If more than one entry is configured, each subsequent entry overwrites the previous entry.

The no form of this command removes the mask from the configuration.

This command enables responses to Internet Control Message Protocol (ICMP) mask requests on the router interface.

If a local node sends an ICMP mask request to the router interface, the mask-reply command configures the router interface to reply to the request.

By default, the router instance replies to mask requests.

The no form of this command disables replies to ICMP mask requests on the router interface.

This command enables responses to ICMP mask requests on the router interface. If a local node sends an ICMP mask request to the router interface, the router interface replies to the request.

By default, the router instance replies to mask requests.

The no form of this command disables replies to ICMP mask requests on the router interface.

This command enables responses to ICMP mask requests on the router interface.

If a local node sends an ICMP mask request to the router interface, the mask-reply command configures the router interface to reply to the request.

The no form of this command disables replies to ICMP mask requests on the router interface.

This command allows the master instance to dictate the master down timer (non-owner context only).

This command allows the master instance to dictate the master down timer (non-owner context only).

This command allows the master instance to dictate the master down timer (non-owner context only).

This command enables the virtual router instance to inherit the master VRRP router’s advertisement interval timer which is used by backup routers to calculate the master down timer.

The master-int-inherit command is only available in the non-owner nodal context and is used to allow the current virtual router instance master to dictate the master down timer for all backup virtual routers. The master-int-inherit command has no effect when the virtual router instance is operating as master.

If master-int-inherit is not enabled, the locally configured message-interval must match the master’s VRRP advertisement message advertisement interval field value or the message is discarded.

The no form of the command restores the default operating condition which requires the locally configured message-interval to match the received VRRP advertisement message advertisement interval field value.

This command is used to restrict the local port to never enter the slave state. Use the command to ensure that the 7750 SR never draws synchronization from the attached external device.

This parameter is only effective when the profile is set to g8275dot1-2014.

Note: The ITU-T G.8275.1 (07/2014) recommendation used the term notSlave for this functionality; however, the IEEE has added this capability into the next edition of the 1588 standard using the term masterOnly. These are equivalent.

This command configures the AARP mode of operation with the peer instance. The modes affect the AARP state machine behavior according to the desired behavior. Minimize-switchover will change AARP state based on Master ISA failure, and be non-revertive in that when the priority ISA returns a switch does not occur, which is optimal for AA flow identification. Inter-chassis efficiency mode considers both priority (revertive) and the endpoint status of the AARP instance and will switch activity in case of EP failure in order to avoid sending all the traffic over the ICL. The priority-based-balance mode will be revertive after a priority master returns to service, but excludes EP status. The master-selection-mode configuration must match on both peer AARP instances, or the AARP operational status will stay down.

This command specifies in what DHCPv6 option to retrieve the value to be used as lookup key in the RADIUS proxy cache.

The no form of this command reverts to the default.

This command enables the context to configure the match criterion for a VAS filter entry.

This command configures the match criteria for this IP filter entry.

The no form of this command reverts to the default.

This command creates a match context for this entry. The protocol value specifies which Layer-4 protocol the packet should match.

The no form of this command removes the match context of this entry.

This command creates the context for entering/editing match criteria for the mrp-policy entry. When the match criteria have been satisfied the action associated with the match criteria is executed. In the current implementation just one match criteria (ISID based) is possible in the entry associated with the mrp-policy. Only one match statement can be entered per entry.

The no form of this command removes the match criteria for the entry-id.

This command configures match conditions for the dynamic neighbors.

This command creates context to enter/edit match criteria for a filter entry. When the match criteria is satisfied, the action associated with the entry is executed.

If more than one match parameter (within one match statement) is specified, then all the criteria must be satisfied (AND functional) before the action associated with the match is executed.

Use the match command to display a list of the valid applications.

Match context can consist of multiple match parameters (application, event-number, severity, subject), but multiple match statements cannot be entered per entry.

The no form of this command removes the match criteria for the entry-id.

This command enables the context to configure flow match rules for this AQP entry. A flow matches this AQP entry only if it matches all the match rules defined (logical and of all rules). If no match rule is specified, the entry will match all flows.

This command enables the context to configure session conditions for this entry.

This command enables the context to configure transit prefix policy entry match criteria.

This command configures debugging for traffic match criteria.

This command configures an IP protocol to be used as a nat-classifier match criterion. When the match criteria have been satisfied the action associated with the match criteria is executed.

The no form of the command removes the match criteria for the entry-id.

This command enables the context to configure match criteria for the filter entry and specifies an Ethernet frame type for the entry.

If more than one match criteria (within one match statement) are configured then all criteria must be satisfied (and function) for a match to occur.

A match context may consist of multiple match criteria, but multiple match statements cannot be entered per entry.

The no form of this command removes the match criteria for the entry.

This command enables context to enter match criteria for LI IPv4 filter and optionally allows specifying protocol value to match on.

If more than one match criterion are configured then all criteria must be satisfied for a match to occur (logical “AND”). Multiple criteria must be configured within a single match context for a given entry.

The no form of this command removes the match criteria for the entry.

This command enables context to enter match criteria for LI IPv6 filter and optionally allows specifying IPv6 next-header value to match on.

If more than one match criterion are configured then all criteria must be satisfied for a match to occur (logical “AND”). Multiple criteria must be configured within a single match context for a given entry.

The no form removes the match criteria for the entry.

This command creates a context to configure match criteria for SAP QoS policy match criteria. When the match criteria have been satisfied, the action associated with the match criteria is executed.

If more than one match criteria (within one match statement) are configured, all criteria must be satisfied (AND function) before the action associated with the match is executed.

A match context can consist of multiple match criteria, but multiple match statements cannot be entered per entry.

It is possible that a SAP policy includes the dscp map command, the dot1p map command, and an IP match criteria. When multiple matches occur for the traffic, the order of precedence is used to arrive at the final action. The order of precedence is as follows:

The no form of this command removes the match criteria for the entry-id.

This command creates a context to configure match criteria for ingress SAP QoS policy match IPv6 criteria. When the match criteria have been satisfied, the action associated with the match criteria is executed.

If more than one match criteria (within one match statement) are configured, all criteria must be satisfied (AND function) before the action associated with the match is executed.

A match context can consist of multiple match criteria, but multiple match statements cannot be entered per entry.

It is possible that a SAP ingress policy includes the dscp map command, the dot1p map command, and an IPv6 match criteria. When multiple matches occur for the traffic, the order of precedence is used to arrive at the final action. The order of precedence is as follows:

The no form of this command removes the match criteria for the entry-id.

This command creates a context for entering/editing match MAC criteria for ingress SAP QoS policy match criteria. When the match criteria have been satisfied, the action associated with the match criteria is executed.

If more than one match criteria (within one match statement) are configured, all criteria must be satisfied (AND function) before the action associated with the match will be executed.

A match context can consist of multiple match criteria, but multiple match statements cannot be entered per entry.

The no form of this command removes the match criteria for the entry-id.

This command creates a context to configure match criteria for a network QoS policy. When the match criteria have been satisfied, the action associated with it is executed.

If more than one match criteria (within one match statement) are configured, then all criteria must be satisfied before the associated action with the match is executed.

A match context can consist of multiple match criteria, but multiple match statements cannot be entered per entry.

A network QoS policy can include the DSCP map command, the dot1p map command (ingress only), the prec map command (egress only), and an IP match criteria. When multiple matches occur for the traffic, the order of precedence is used to arrive at the final action. The order of precedence is as follows:

The no form of this command removes the match criteria for the entry identifier.

This command creates a context to configure match criteria for a network QoS policy match IPv6 criteria. When the match criteria have been satisfied, the action associated with the match criteria is executed.

If more than one match criteria (within one match statement) are configured, all criteria must be satisfied (AND function) before the action associated with the match is executed.

A match context can consist of multiple match criteria, but multiple match statements cannot be entered per entry.

A network policy can include the DSCP map command, the dot1p map command (ingress only), the prec map command (egress only), and an IPv6 match criteria. When multiple matches occur for the traffic, the order of precedence is used to arrive at the final action. The order of precedence is as follows:

The no form of this command removes the match criteria for the entry identifier.

This command configures the value of the field in the ingress or egress packet which, when matched, will cause the packet to be redirected to the specified queue group instance. The field-value is dependent on the setting of the type and therefore must be a valid VXLAN VNI.

A maximum of 16 match statements are supported in a queue group redirect list.

The no form of this command removes the match statement from the redirect list.

This command enables the context to enter match criteria for the filter entry. When the match criteria have been satisfied the action associated with the match criteria is executed.

A match context may consist of multiple match criteria, but multiple match statements cannot be entered per entry. More precisely, the command can be entered multiple times but this only results in modifying the protocol-id. and does not affect the underlying match criteria configuration.

The no form of the command removes all the match criteria from the filter entry and sets the protocol-id of the match command to none (keyword). As per above, match protocol none is however not equivalent to no match.

This command enables the context to enter match criteria for the filter entry. When the match criteria have been satisfied, the action associated with the match criteria is executed.

A match context may consist of multiple match criteria, but multiple match statements cannot be created per entry. More precisely, the protocol command can be entered multiple times but this only results in modifying the protocol-id. Matching on more than one protocol can be achieved using the protocol-list match criteria in an IP filter policy.

The no form of the command removes all the match criteria from the filter entry and sets the protocol-id of the match command to none. However, match protocol none is not equivalent to no match.

This command enables the context to enter match criteria for the IPv6 filter exception. When the match criteria have been satisfied, the action associated with the match criteria is executed.

The no form of the command removes all the match criteria from the IPv6 filter exception.