21. filter Commands
21.1. filter Command Descriptions
filter
Synopsis
Enter the filter context
Tree
Introduced
16.0.R1
Platforms
All
dhcp-filter [filter-id] number
Synopsis
Enter the dhcp-filter list instance
Context
configure filter dhcp-filter number
Tree
Introduced
16.0.R1
Platforms
All
[filter-id] number
Synopsis
Unique DHCP filter policy ID
Context
configure filter dhcp-filter number
Range
1 to 65535
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
default-action
Synopsis
Enable the default-action context
Context
configure filter dhcp-filter number default-action
Tree
Introduced
16.0.R1
Platforms
All
bypass-host-creation
Synopsis
Host creation options to bypass
Context
Tree
Notes
The following are part of a mandatory choice: bypass-host-creation or drop.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
drop
Synopsis
DHCP host creation when the filter entry is matched
Context
configure filter dhcp-filter number default-action drop
Tree
Notes
The following are part of a mandatory choice: bypass-host-creation or drop.
Introduced
16.0.R1
Platforms
All
description string
Synopsis
Text description
Context
configure filter dhcp-filter number description string
Tree
String Length
1 to 80
Introduced
16.0.R1
Platforms
All
entry [entry-id] number
Synopsis
Enter the entry list instance
Context
configure filter dhcp-filter number entry number
Tree
Max. Elements
10
Introduced
16.0.R1
Platforms
All
[entry-id] number
Synopsis
DHCP filter entry index
Context
configure filter dhcp-filter number entry number
Range
1 to 65535
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
action
Synopsis
Enable the action context
Context
configure filter dhcp-filter number entry number action
Tree
Introduced
16.0.R1
Platforms
All
bypass-host-creation
Synopsis
Host creation options to bypass
Context
configure filter dhcp-filter number entry number action bypass-host-creation
Tree
Notes
The following are part of a mandatory choice: bypass-host-creation or drop.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
drop
Synopsis
DHCP host creation when the filter entry is matched
Tree
Notes
The following are part of a mandatory choice: bypass-host-creation or drop.
Introduced
16.0.R1
Platforms
All
option
Synopsis
Enable the option context
Context
configure filter dhcp-filter number entry number option
Tree
Introduced
16.0.R1
Platforms
All
absent
Synopsis
Require the absence of related option
Tree
Notes
The following are part of a mandatory choice: absent, match, or present.
Introduced
16.0.R1
Platforms
All
match
Synopsis
Enable the match context
Tree
Notes
The following are part of a mandatory choice: absent, match, or present.
Introduced
16.0.R1
Platforms
All
exact boolean
Synopsis
Use an exact match pattern (not partial)
Tree
Default
false
Introduced
16.0.R1
Platforms
All
hex string
Synopsis
Matching pattern for the filtered option
Tree
String Length
1 to 256
Notes
The following are part of a mandatory choice: hex or string.
Introduced
16.0.R1
Platforms
All
invert boolean
Synopsis
Invert (partial) matching criteria
Tree
Default
false
Introduced
16.0.R1
Platforms
All
string string
Synopsis
Matching pattern for the filtered option
Tree
String Length
1 to 127
Notes
The following are part of a mandatory choice: hex or string.
Introduced
16.0.R1
Platforms
All
number number
Synopsis
Number for DHCP or DHCPv6 option to filter on
Tree
Range
0 to 255
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
present
Synopsis
Require the presence of related option
Tree
Notes
The following are part of a mandatory choice: absent, match, or present.
Introduced
16.0.R1
Platforms
All
dhcp6-filter [filter-id] number
Synopsis
Enter the dhcp6-filter list instance
Context
configure filter dhcp6-filter number
Tree
Introduced
16.0.R1
Platforms
All
[filter-id] number
Synopsis
Unique DHCP filter policy ID
Context
configure filter dhcp6-filter number
Range
1 to 65535
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
default-action
Synopsis
Enable the default-action context
Context
Tree
Introduced
16.0.R1
Platforms
All
bypass-host-creation
Synopsis
Enable the bypass-host-creation context
Context
Tree
Notes
The following are part of a mandatory choice: bypass-host-creation or drop.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
na boolean
Synopsis
Bypass the DHCPv6 NA host creation
Context
configure filter dhcp6-filter number default-action bypass-host-creation na boolean
Tree
Default
true
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
pd boolean
Synopsis
Bypass the DHCPv6 PD host creation
Context
configure filter dhcp6-filter number default-action bypass-host-creation pd boolean
Tree
Default
true
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
drop
Synopsis
Drop DHCPv6 message (do not process)
Context
Tree
Notes
The following are part of a mandatory choice: bypass-host-creation or drop.
Introduced
16.0.R1
Platforms
All
description string
Synopsis
Text description
Context
configure filter dhcp6-filter number description string
Tree
String Length
1 to 80
Introduced
16.0.R1
Platforms
All
entry [entry-id] number
Synopsis
Enter the entry list instance
Context
configure filter dhcp6-filter number entry number
Tree
Max. Elements
10
Introduced
16.0.R1
Platforms
All
[entry-id] number
Synopsis
DHCP filter entry index
Context
configure filter dhcp6-filter number entry number
Range
1 to 65535
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
action
Synopsis
Enable the action context
Context
configure filter dhcp6-filter number entry number action
Tree
Introduced
16.0.R1
Platforms
All
bypass-host-creation
Synopsis
Enable the bypass-host-creation context
Context
configure filter dhcp6-filter number entry number action bypass-host-creation
Tree
Notes
The following are part of a mandatory choice: bypass-host-creation or drop.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
na boolean
Synopsis
Bypass the DHCPv6 NA host creation
Context
configure filter dhcp6-filter number entry number action bypass-host-creation na boolean
Tree
Default
true
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
pd boolean
Synopsis
Bypass the DHCPv6 PD host creation
Context
configure filter dhcp6-filter number entry number action bypass-host-creation pd boolean
Tree
Default
true
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
drop
Synopsis
Drop DHCPv6 message (do not process)
Tree
Notes
The following are part of a mandatory choice: bypass-host-creation or drop.
Introduced
16.0.R1
Platforms
All
option
Synopsis
Enable the option context
Context
configure filter dhcp6-filter number entry number option
Tree
Introduced
16.0.R1
Platforms
All
absent
Synopsis
Require the absence of related option
Tree
Notes
The following are part of a mandatory choice: absent, match, or present.
Introduced
16.0.R1
Platforms
All
match
Synopsis
Enable the match context
Tree
Notes
The following are part of a mandatory choice: absent, match, or present.
Introduced
16.0.R1
Platforms
All
exact boolean
Synopsis
Use an exact match pattern (not partial)
Tree
Default
false
Introduced
16.0.R1
Platforms
All
hex string
Synopsis
Matching pattern for the filtered option
Tree
String Length
1 to 256
Notes
The following are part of a mandatory choice: hex or string.
Introduced
16.0.R1
Platforms
All
invert boolean
Synopsis
Invert (partial) matching criteria
Tree
Default
false
Introduced
16.0.R1
Platforms
All
string string
Synopsis
Matching pattern for the filtered option
Tree
String Length
1 to 127
Notes
The following are part of a mandatory choice: hex or string.
Introduced
16.0.R1
Platforms
All
number number
Synopsis
Number for DHCP or DHCPv6 option to filter on
Tree
Range
0 to 255
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
present
Synopsis
Require the presence of related option
Tree
Notes
The following are part of a mandatory choice: absent, match, or present.
Introduced
16.0.R1
Platforms
All
gre-tunnel-template [gre-tunnel-template-name] string
Synopsis
Enter the gre-tunnel-template list instance
Context
configure filter gre-tunnel-template string
Tree
Max. Elements
1023
Introduced
16.0.R1
Platforms
All
[gre-tunnel-template-name] string
Synopsis
GRE tunnel template identifier
Context
configure filter gre-tunnel-template string
String Length
1 to 32
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
description string
Synopsis
Text description
Context
configure filter gre-tunnel-template string description string
Tree
String Length
1 to 80
Introduced
16.0.R2
Platforms
All
ipv4
Synopsis
Enter the ipv4 context
Context
configure filter gre-tunnel-template string ipv4
Tree
Introduced
16.0.R1
Platforms
All
destination-address [address] string
Synopsis
Add a list entry for destination-address
Context
configure filter gre-tunnel-template string ipv4 destination-address string
Tree
Max. Elements
32
Introduced
16.0.R1
Platforms
All
[address] string
Synopsis
Destination IP address
Context
configure filter gre-tunnel-template string ipv4 destination-address string
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
gre-key (keyword | number)
Synopsis
GRE key
Context
configure filter gre-tunnel-template string ipv4 gre-key (keyword | number)
Tree
Options
if-index
Introduced
16.0.R1
Platforms
All
skip-ttl-decrement boolean
Synopsis
Decrement TTL
Context
configure filter gre-tunnel-template string ipv4 skip-ttl-decrement boolean
Tree
Default
false
Introduced
16.0.R1
Platforms
All
source-address string
Synopsis
Source IP address of the GRE encapsulated
Context
configure filter gre-tunnel-template string ipv4 source-address string
Tree
Introduced
16.0.R1
Platforms
All
ip-exception [filter-name] string
Synopsis
Enter the ip-exception list instance
Context
configure filter ip-exception string
Tree
Introduced
20.10.R1
Platforms
VSR
[filter-name] string
Synopsis
Filter name
Context
configure filter ip-exception string
String Length
1 to 64
Notes
This element is part of a list key.
Introduced
20.10.R1
Platforms
VSR
description string
Synopsis
Text description
Context
configure filter ip-exception string description string
Tree
String Length
1 to 80
Introduced
20.10.R1
Platforms
VSR
entry [entry-id] number
Synopsis
Enter the entry list instance
Context
configure filter ip-exception string entry number
Tree
Introduced
20.10.R1
Platforms
VSR
[entry-id] number
Synopsis
ID for a match criteria and the corresponding action
Context
configure filter ip-exception string entry number
Range
1 to 2097151
Notes
This element is part of a list key.
Introduced
20.10.R1
Platforms
VSR
description string
Synopsis
Text description
Context
configure filter ip-exception string entry number description string
Tree
String Length
1 to 80
Introduced
20.10.R1
Platforms
VSR
match
Synopsis
Enter the match context
Context
configure filter ip-exception string entry number match
Tree
Introduced
20.10.R1
Platforms
VSR
dst-ip
Synopsis
Enter the dst-ip context
Tree
Introduced
20.10.R1
Platforms
VSR
address (ipv4-address | ipv4-prefix-with-host-bits)
Synopsis
Specifies IP address to match.
Context
Tree
Introduced
20.10.R1
Platforms
VSR
mask string
Synopsis
Specifies the mask that is applied as an AND to the IP address.
Tree
Introduced
20.10.R1
Platforms
VSR
dst-port
Synopsis
Enter the dst-port context
Tree
Introduced
20.10.R1
Platforms
VSR
eq number
Synopsis
Condition on equality to specified value.
Tree
Range
0 to 65535
Notes
The following are part of a choice: eq, gt, lt, or range.
Introduced
20.10.R1
Platforms
VSR
gt number
Synopsis
Condition on being greater than the specified value.
Tree
Range
0 to 65534
Notes
The following are part of a choice: eq, gt, lt, or range.
Introduced
20.10.R1
Platforms
VSR
lt number
Synopsis
Condition on being less than the specified value.
Tree
Range
1 to 65535
Notes
The following are part of a choice: eq, gt, lt, or range.
Introduced
20.10.R1
Platforms
VSR
range
Synopsis
Enable the range context
Tree
Notes
The following are part of a choice: eq, gt, lt, or range.
Introduced
20.10.R1
Platforms
VSR
end number
Synopsis
Specifies upper bound port to match.
Tree
Range
1 to 65535
Notes
This element is mandatory.
Introduced
20.10.R1
Platforms
VSR
start number
Synopsis
Specifies lower bound port to match.
Tree
Range
0 to 65534
Notes
This element is mandatory.
Introduced
20.10.R1
Platforms
VSR
icmp
Synopsis
Enter the icmp context
Tree
Introduced
20.10.R1
Platforms
VSR
code number
Synopsis
ICMP code value to match
Tree
Range
0 to 255
Introduced
20.10.R1
Platforms
VSR
type number
Synopsis
ICMP type value to match
Tree
Range
0 to 255
Introduced
20.10.R1
Platforms
VSR
protocol (number | keyword)
Synopsis
IP protocol to match.
Tree
Range
0 to 255
Options
tcp-udp, icmp, igmp, ip, tcp, egp, igp, udp, rdp, ipv6, ipv6-route, ipv6-frag, idrp, rsvp, gre, ipv6-icmp, ipv6-no-nxt, ipv6-opts, iso-ip, eigrp, ospf-igp, ether-ip, encap, pnni, pim, vrrp, l2tp, stp, ptp, isis, crtp, crudp, sctp
Introduced
20.10.R1
Platforms
VSR
src-ip
Synopsis
Enter the src-ip context
Tree
Introduced
20.10.R1
Platforms
VSR
address (ipv4-address | ipv4-prefix-with-host-bits)
Synopsis
Specifies IP address to match.
Context
Tree
Introduced
20.10.R1
Platforms
VSR
mask string
Synopsis
Specifies the mask that is applied as an AND to the IP address.
Tree
Introduced
20.10.R1
Platforms
VSR
src-port
Synopsis
Enter the src-port context
Tree
Introduced
20.10.R1
Platforms
VSR
eq number
Synopsis
Condition on equality to specified value.
Tree
Range
0 to 65535
Notes
The following are part of a choice: eq, gt, lt, or range.
Introduced
20.10.R1
Platforms
VSR
gt number
Synopsis
Condition on being greater than the specified value.
Tree
Range
0 to 65534
Notes
The following are part of a choice: eq, gt, lt, or range.
Introduced
20.10.R1
Platforms
VSR
lt number
Synopsis
Condition on being less than the specified value.
Tree
Range
1 to 65535
Notes
The following are part of a choice: eq, gt, lt, or range.
Introduced
20.10.R1
Platforms
VSR
range
Synopsis
Enable the range context
Tree
Notes
The following are part of a choice: eq, gt, lt, or range.
Introduced
20.10.R1
Platforms
VSR
end number
Synopsis
Specifies upper bound port to match.
Tree
Range
1 to 65535
Notes
This element is mandatory.
Introduced
20.10.R1
Platforms
VSR
start number
Synopsis
Specifies lower bound port to match.
Tree
Range
0 to 65534
Notes
This element is mandatory.
Introduced
20.10.R1
Platforms
VSR
filter-id number
 | Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
Configure ip-exception identifier.
Context
configure filter ip-exception string filter-id number
Tree
Range
1 to 65535
Introduced
20.10.R1
Platforms
VSR
ip-filter [filter-name] string
Synopsis
Enter the ip-filter list instance
Tree
Introduced
16.0.R1
Platforms
All
[filter-name] string
Synopsis
Filter name
String Length
1 to 64
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
chain-to-system-filter boolean
Synopsis
Chain filter policy to the active IPvX system filter policy
Context
configure filter ip-filter string chain-to-system-filter boolean
Default
false
Introduced
16.0.R1
Platforms
All
default-action keyword
Synopsis
Action for packets that do not match any entry
Context
configure filter ip-filter string default-action keyword
Tree
Default
drop
Options
drop, accept
Introduced
16.0.R1
Platforms
All
description string
Synopsis
Text description
Context
configure filter ip-filter string description string
Tree
String Length
1 to 80
Introduced
16.0.R1
Platforms
All
embed
Synopsis
Enter the embed context
Tree
Description
Commands in this context embed a previously defined IPv4 embedded filter policy or Hybrid OpenFlow switch instance into an exclusive, template, or system filter policy at the specified offset value. Rules derived from the BGP FlowSpec can also be embedded into template filter policies only.
Introduced
16.0.R1
Platforms
All
filter [name] reference offset number
Synopsis
Enter the filter list instance
Tree
Introduced
16.0.R1
Platforms
All
[name] reference
Synopsis
ID of the filter to insert
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
offset number
Synopsis
Offset of the inserted entries
Range
0 to 2097150
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
admin-state keyword
Synopsis
Administrative state of this embedding
Tree
Default
enable
Options
enable, disable
Introduced
16.0.R1
Platforms
All
offset number
Synopsis
Offset of the inserted entries
Range
0 to 2097151
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
admin-state keyword
Synopsis
Administrative state of this embedding
Tree
Default
enable
Options
enable, disable
Introduced
16.0.R1
Platforms
All
group number
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
Interface group ID for an external configured set of flowspec rules
Tree
Range
0 to 16383
Introduced
16.0.R1
Platforms
All
router-instance string
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
Virtual router for an external configured set of flowspec rules
Tree
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
openflow [of-switch] reference offset number
Synopsis
Enter the openflow list instance
Tree
Introduced
16.0.R4
Platforms
All
[of-switch] reference
Synopsis
Referenced Hybrid OpenFlow Switch (OFS) name
Notes
This element is part of a list key.
Introduced
16.0.R4
Platforms
All
offset number
Synopsis
Offset of the inserted entries
Range
0 to 2097150
Notes
This element is part of a list key.
Introduced
16.0.R4
Platforms
All
admin-state keyword
Synopsis
Administrative state of this embedding
Context
Tree
Default
enable
Options
enable, disable
Introduced
16.0.R4
Platforms
All
grt
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
Global routing context
Tree
Notes
This element is the default part of a choice.
The following are part of a choice: grt, system, (sap and vpls), or vprn.
Introduced
16.0.R4
Platforms
All
sap reference
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
SAP context
Tree
Notes
The following are part of a choice: grt, system, (sap and vpls), or vprn.
Introduced
16.0.R4
Platforms
All
system
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
System context
Tree
Notes
The following are part of a choice: grt, system, (sap and vpls), or vprn.
Introduced
16.0.R4
Platforms
All
vpls reference
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
VPLS context
Tree
Notes
The following are part of a choice: grt, system, (sap and vpls), or vprn.
Introduced
16.0.R4
Platforms
All
vprn reference
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
VPRN context
Tree
Notes
The following are part of a choice: grt, system, (sap and vpls), or vprn.
Introduced
16.0.R4
Platforms
All
[entry-id] number
Synopsis
ID for a match criteria and the corresponding action
Range
1 to 2097151
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
action
Synopsis
Enable the action context
Tree
Introduced
16.0.R1
Platforms
All
accept
Synopsis
Accept regular routing to forward a packet that matches this entry
Tree
Notes
The following are part of a mandatory choice: accept, drop, forward, gtp-local-breakout, http-redirect, ignore-match, nat, reassemble, or tcp-mss-adjust.
Introduced
16.0.R1
Platforms
All
accept-when
Synopsis
Enable the accept-when context
Tree
Introduced
19.5.R1
Platforms
All
pattern
Synopsis
Enable the pattern context
Tree
Introduced
19.5.R1
Platforms
All
expression string
Synopsis
Pattern expression to match
Context
configure filter ip-filter string entry number action accept-when pattern expression string
Tree
String Length
3 to 18
Notes
This element is mandatory.
Introduced
19.5.R1
Platforms
All
mask string
Synopsis
Mask for the pattern expression
Tree
String Length
3 to 18
Notes
This element is mandatory.
Introduced
19.5.R1
Platforms
All
offset-type keyword
Synopsis
Starting point reference for offset value of pattern
Context
configure filter ip-filter string entry number action accept-when pattern offset-type keyword
Tree
Options
layer-3, layer-4, data, dns-qtype
Notes
This element is mandatory.
Introduced
19.5.R1
Platforms
All
offset-value number
Synopsis
Offset value for the pattern expression
Context
configure filter ip-filter string entry number action accept-when pattern offset-value number
Tree
Range
0 to 255
Notes
This element is mandatory.
Introduced
19.5.R1
Platforms
All
drop
Synopsis
Drop a packet matching this entry
Tree
Notes
The following are part of a mandatory choice: accept, drop, forward, gtp-local-breakout, http-redirect, ignore-match, nat, reassemble, or tcp-mss-adjust.
Introduced
16.0.R1
Platforms
All
drop-when
Synopsis
Enable the drop-when context
Tree
Introduced
16.0.R1
Platforms
All
extracted-traffic
Synopsis
Drop traffic extracted to CPM
Tree
Introduced
16.0.R1
Platforms
All
packet-length
Synopsis
Enable the packet-length context
Tree
Notes
The following are part of a choice: packet-length or ttl.
Introduced
16.0.R1
Platforms
All
eq number
Synopsis
Exact match criterion for the length
Tree
Range
0 to 65535
Notes
The following are part of a mandatory choice: eq, gt, lt, or range.
Introduced
16.0.R1
Platforms
All
gt number
Synopsis
Greater than match criterion for the length
Tree
Range
min to 65534
Notes
The following are part of a mandatory choice: eq, gt, lt, or range.
Introduced
16.0.R1
Platforms
All
lt number
Synopsis
Less than match criterion for the length
Tree
Range
1 to max
Notes
The following are part of a mandatory choice: eq, gt, lt, or range.
Introduced
16.0.R1
Platforms
All
range
Synopsis
Enable the range context
Tree
Notes
The following are part of a mandatory choice: eq, gt, lt, or range.
Introduced
16.0.R1
Platforms
All
end number
Synopsis
Upper bound of the length range
Context
Tree
Range
1 to max
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
start number
Synopsis
Lower bound of the length range
Context
Tree
Range
min to 65534
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
pattern
Synopsis
Enable the pattern context
Tree
Introduced
16.0.R4
Platforms
All
expression string
Synopsis
Pattern expression to match
Tree
String Length
3 to 18
Notes
This element is mandatory.
Introduced
16.0.R4
Platforms
All
mask string
Synopsis
Mask for the pattern expression
Tree
String Length
3 to 18
Notes
This element is mandatory.
Introduced
16.0.R4
Platforms
All
offset-type keyword
Synopsis
Starting point reference for offset value of pattern
Tree
Options
layer-3, layer-4, data, dns-qtype
Notes
This element is mandatory.
Introduced
16.0.R4
Platforms
All
offset-value number
Synopsis
Offset value for the pattern expression
Tree
Range
0 to 255
Notes
This element is mandatory.
Introduced
16.0.R4
Platforms
All
ttl
Synopsis
Enable the ttl context
Tree
Notes
The following are part of a choice: packet-length or ttl.
Introduced
16.0.R1
Platforms
All
eq number
Synopsis
Value to compare against 'equal' condition for entry match criteria
Tree
Range
0 to 255
Notes
The following are part of a mandatory choice: eq, gt, lt, or range.
Introduced
16.0.R1
Platforms
All
gt number
Synopsis
Value to compare against 'greater than' condition for entry match criteria
Tree
Range
min to 254
Notes
The following are part of a mandatory choice: eq, gt, lt, or range.
Introduced
16.0.R1
Platforms
All
lt number
Synopsis
Value to compare against 'less than' condition for entry match criteria
Tree
Range
1 to max
Notes
The following are part of a mandatory choice: eq, gt, lt, or range.
Introduced
16.0.R1
Platforms
All
range
Synopsis
Enable the range context
Tree
Notes
The following are part of a mandatory choice: eq, gt, lt, or range.
Introduced
16.0.R1
Platforms
All
end number
Synopsis
Upper bound value
Tree
Range
1 to max
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
start number
Synopsis
Lower bound value
Tree
Range
min to 254
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
fc keyword
Synopsis
Class name to be forwarded for matching packets
Tree
Options
be, l2, af, l1, h2, ef, h1, nc
Introduced
16.0.R1
Platforms
All
forward
Synopsis
Enter the forward context
Tree
Notes
The following are part of a mandatory choice: accept, drop, forward, gtp-local-breakout, http-redirect, ignore-match, nat, reassemble, or tcp-mss-adjust.
Introduced
16.0.R1
Platforms
All
bonding-connection number
Synopsis
Connection ID over which packet is forwarded
Tree
Range
1 to 2
Notes
The following are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
esi-l2
Synopsis
Enable the esi-l2 context
Tree
Notes
The following are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target.
Introduced
16.0.R1
Platforms
All
esi-value string
Synopsis
ESI of the first ESI-identified appliance
Tree
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
vpls reference
Synopsis
VPLS service name
Tree
Notes
This element is mandatory.
Introduced
16.0.R3
Platforms
All
esi-l3
Synopsis
Enable the esi-l3 context
Tree
Notes
The following are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target.
Introduced
16.0.R1
Platforms
All
esi-value string
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
ESI of the first ESI-identified appliance
Tree
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
sf-ip string
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
IP address of the service function to forward traffic
Tree
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
vas-interface reference
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
Egress R-VPLS IP interface name
Context
Tree
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
vprn reference
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
VPRN service name
Tree
Notes
This element is mandatory.
Introduced
16.0.R4
Platforms
All
gre-tunnel reference
Synopsis
GRE tunnel template ID that sets the location where an encapsulated matching packet is transported
Tree
Reference
configure filter gre-tunnel-template string
Notes
The following are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target.
Introduced
16.0.R1
Platforms
All
lsp string
Synopsis
LSP that is specified to forward a packet matching this entry
Tree
String Length
1 to 64
Notes
The following are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target.
Introduced
16.0.R1
Platforms
All
mpls-policy
Synopsis
Enable the mpls-policy context
Tree
Notes
The following are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target.
Introduced
19.10.R1
Platforms
All
endpoint string
Synopsis
The MPLS forwarding policy endpoint IPv4 address
Tree
Notes
This element is mandatory.
Introduced
19.10.R1
Platforms
All
next-hop
Synopsis
Enable the next-hop context
Tree
Notes
The following are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target.
Introduced
16.0.R1
Platforms
All
interface-name string
Synopsis
IP interface name that forwards matching packets
Context
Tree
String Length
1 to 32
Notes
The following are part of a mandatory choice: interface-name, nh-ip, or nh-ip-vrf.
Introduced
16.0.R1
Platforms
All
nh-ip
Synopsis
Enable the nh-ip context
Tree
Notes
The following are part of a mandatory choice: interface-name, nh-ip, or nh-ip-vrf.
Introduced
16.0.R1
Platforms
All
address string
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
IPv4 address of next hop to forward matching packets
Tree
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
indirect boolean
Synopsis
Allow next hop to be indirectly reachable
Context
Tree
Default
false
Introduced
16.0.R1
Platforms
All
nh-ip-vrf
Synopsis
Enable the nh-ip-vrf context
Tree
Notes
The following are part of a mandatory choice: interface-name, nh-ip, or nh-ip-vrf.
Introduced
16.0.R1
Platforms
All
address string
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
IPv4 address of next hop to forward matching packets
Context
Tree
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
indirect boolean
Synopsis
Allow next hop to be indirectly reachable
Context
Tree
Default
false
Introduced
16.0.R1
Platforms
All
router-instance string
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
Routing context for route lookup for forwarding packets
Context
Tree
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
redirect-policy reference
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
Next hop or forward next hop router that forwards a packet that matches this entry
Tree
Reference
configure filter redirect-policy string
Notes
The following are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target.
Introduced
16.0.R1
Platforms
All
router-instance string
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
Specifies the routing context used for route lookup.
Tree
Notes
The following are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target.
Introduced
16.0.R1
Platforms
All
sap
Synopsis
Enable the sap context
Tree
Notes
The following are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target.
Introduced
16.0.R1
Platforms
All
sap-id reference
Synopsis
VPLS Ethernet SAP ID used to forward matching packets
Tree
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
vpls reference
Synopsis
VPLS associated with the SAP
Tree
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
sdp
Synopsis
Enable the sdp context
Tree
Notes
The following are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target.
Introduced
16.0.R1
Platforms
All
sdp-bind-id string
Synopsis
VPLS SDP bind ID used to forward matching packets
Tree
String Length
3 to 16
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
vpls reference
Synopsis
VPLS associated with the SDP
Tree
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
srte-policy
Synopsis
Enable the srte-policy context
Tree
Notes
The following are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target.
Introduced
19.10.R1
Platforms
All
color number
Synopsis
The SR-TE policy color value
Tree
Range
0 to 4294967295
Notes
This element is mandatory.
Introduced
19.10.R1
Platforms
All
endpoint string
Synopsis
The SR-TE policy endpoint IPv4 address
Tree
Notes
This element is mandatory.
Introduced
19.10.R1
Platforms
All
vprn-target
Synopsis
Enable the vprn-target context
Tree
Notes
The following are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target.
Introduced
16.0.R1
Platforms
All
adv-prefix string
Synopsis
Advertised IP prefix for target destination
Context
configure filter ip-filter string entry number action forward vprn-target adv-prefix string
Tree
Introduced
16.0.R1
Platforms
All
bgp-nh string
Synopsis
Target BGP next hop IP address
Tree
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
lsp string
Synopsis
LSP that is specified to forward a packet matching this entry
Tree
String Length
1 to 64
Introduced
16.0.R1
Platforms
All
vprn reference
Synopsis
Routing context used for route lookup
Tree
Notes
This element is mandatory.
Introduced
16.0.R4
Platforms
All
gtp-local-breakout
Synopsis
Break out matching traffic locally from a GTP tunnel for GTP-subscriber-hosts, or forward for other entities
Tree
Notes
The following are part of a mandatory choice: accept, drop, forward, gtp-local-breakout, http-redirect, ignore-match, nat, reassemble, or tcp-mss-adjust.
Introduced
16.0.R1
Platforms
7750 SR, 7750 SR-e, 7750 SR-s, VSR
http-redirect
Synopsis
Enable the http-redirect context
Tree
Notes
The following are part of a mandatory choice: accept, drop, forward, gtp-local-breakout, http-redirect, ignore-match, nat, reassemble, or tcp-mss-adjust.
Introduced
16.0.R1
Platforms
All
allow-override boolean
Synopsis
Override http-redirect by a RADIUS VSA
Context
configure filter ip-filter string entry number action http-redirect allow-override boolean
Tree
Default
false
Introduced
16.0.R1
Platforms
All
url (keyword | http-redirect-url)
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
URL that is used for redirecting
Context
Tree
String Length
1 to 255
Options
from-cpf
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
ignore-match
Synopsis
Ignore match criteria for the entry
Tree
Notes
The following are part of a mandatory choice: accept, drop, forward, gtp-local-breakout, http-redirect, ignore-match, nat, reassemble, or tcp-mss-adjust.
Introduced
16.0.R1
Platforms
All
l2-aware-nat-bypass boolean
Synopsis
Divert traffic from an L2-Aware NAT subscriber
Tree
Description
When configured to true, the filter action selectively diverts traffic from a L2-Aware NAT subscriber away from NAT. This action is only applicable to L2-Aware NAT subscribers and must be configured together with action accept. Traffic identified in the match condition bypasses L2-Aware NAT. An example is to bypass NAT for on-net destinations (within the customer network).
For selective NAT bypass to take effect, in addition to IP filter configuration, the L2-Aware NAT subscriber must be specifically enabled for selective bypass via the allow-bypass configuration option in the configure subscriber-mgmt sub-profile nat allow-bypass context.
When configured to false, traffic that is not classified for bypass automatically diverts to L2-Aware NAT, unless it is explicitly configured in the IP filter action to be dropped.
Default
false
Introduced
20.5.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
nat
Synopsis
Enable the nat context
Tree
Notes
The following are part of a mandatory choice: accept, drop, forward, gtp-local-breakout, http-redirect, ignore-match, nat, reassemble, or tcp-mss-adjust.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
nat-policy reference
| Warning: Modifying this element clears ISA state, such as flow state, for the new value to take effect. |
Synopsis
NAT policy name when action is NAT
Tree
Reference
configure service nat nat-policy string
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
rate-limit
Synopsis
Enable the rate-limit context
Tree
Introduced
16.0.R1
Platforms
All
packet-length
Synopsis
Enable the packet-length context
Context
configure filter ip-filter string entry number action rate-limit packet-length
Tree
Notes
The following are part of a choice: packet-length or ttl.
Introduced
16.0.R1
Platforms
All
eq number
Synopsis
Exact match criterion for the length
Context
configure filter ip-filter string entry number action rate-limit packet-length eq number
Tree
Range
0 to 65535
Notes
The following are part of a mandatory choice: eq, gt, lt, or range.
Introduced
16.0.R1
Platforms
All
gt number
Synopsis
Greater than match criterion for the length
Context
configure filter ip-filter string entry number action rate-limit packet-length gt number
Tree
Range
min to 65534
Notes
The following are part of a mandatory choice: eq, gt, lt, or range.
Introduced
16.0.R1
Platforms
All
lt number
Synopsis
Less than match criterion for the length
Context
configure filter ip-filter string entry number action rate-limit packet-length lt number
Tree
Range
1 to max
Notes
The following are part of a mandatory choice: eq, gt, lt, or range.
Introduced
16.0.R1
Platforms
All
range
Synopsis
Enable the range context
Context
configure filter ip-filter string entry number action rate-limit packet-length range
Tree
Notes
The following are part of a mandatory choice: eq, gt, lt, or range.
Introduced
16.0.R1
Platforms
All
end number
Synopsis
Upper bound of the length range
Context
configure filter ip-filter string entry number action rate-limit packet-length range end number
Tree
Range
1 to max
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
start number
Synopsis
Lower bound of the length range
Context
configure filter ip-filter string entry number action rate-limit packet-length range start number
Tree
Range
min to 65534
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
pattern
Synopsis
Enable the pattern context
Tree
Introduced
16.0.R4
Platforms
All
expression string
Synopsis
Pattern expression to match
Context
configure filter ip-filter string entry number action rate-limit pattern expression string
Tree
String Length
3 to 18
Notes
This element is mandatory.
Introduced
16.0.R4
Platforms
All
mask string
Synopsis
Mask for the pattern expression
Tree
String Length
3 to 18
Notes
This element is mandatory.
Introduced
16.0.R4
Platforms
All
offset-type keyword
Synopsis
Starting point reference for offset value of pattern
Context
configure filter ip-filter string entry number action rate-limit pattern offset-type keyword
Tree
Options
layer-3, layer-4, data, dns-qtype
Notes
This element is mandatory.
Introduced
16.0.R4
Platforms
All
offset-value number
Synopsis
Offset value for the pattern expression
Context
configure filter ip-filter string entry number action rate-limit pattern offset-value number
Tree
Range
0 to 255
Notes
This element is mandatory.
Introduced
16.0.R4
Platforms
All
pir (number | keyword)
Synopsis
Peak information rate
Tree
Range
0 to 2000000000
Units
kilobps
Options
max
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
ttl
Synopsis
Enable the ttl context
Tree
Notes
The following are part of a choice: packet-length or ttl.
Introduced
16.0.R1
Platforms
All
eq number
Synopsis
Value to compare against 'equal' condition for entry match criteria
Tree
Range
0 to 255
Notes
The following are part of a mandatory choice: eq, gt, lt, or range.
Introduced
16.0.R1
Platforms
All
gt number
Synopsis
Value to compare against 'greater than' condition for entry match criteria
Tree
Range
min to 254
Notes
The following are part of a mandatory choice: eq, gt, lt, or range.
Introduced
16.0.R1
Platforms
All
lt number
Synopsis
Value to compare against 'less than' condition for entry match criteria
Tree
Range
1 to max
Notes
The following are part of a mandatory choice: eq, gt, lt, or range.
Introduced
16.0.R1
Platforms
All
range
Synopsis
Enable the range context
Tree
Notes
The following are part of a mandatory choice: eq, gt, lt, or range.
Introduced
16.0.R1
Platforms
All
end number
Synopsis
Upper bound value
Tree
Range
1 to max
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
start number
Synopsis
Lower bound value
Tree
Range
min to 254
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
reassemble
Synopsis
Forward matching packets to reassembly function
Tree
Notes
The following are part of a mandatory choice: accept, drop, forward, gtp-local-breakout, http-redirect, ignore-match, nat, reassemble, or tcp-mss-adjust.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
remark
Synopsis
Enable the remark context
Tree
Introduced
16.0.R1
Platforms
All
dscp keyword
Synopsis
Destination SAP
Tree
Options
be, cp1, cp2, cp3, cp4, cp5, cp6, cp7, cs1, cp9, af11, cp11, af12, cp13, af13, cp15, cs2, cp17, af21, cp19, af22, cp21, af23, cp23, cs3, cp25, af31, cp27, af32, cp29, af33, cp31, cs4, cp33, af41, cp35, af42, cp37, af43, cp39, cs5, cp41, cp42, cp43, cp44, cp45, ef, cp47, nc1, cp49, cp50, cp51, cp52, cp53, cp54, cp55, nc2, cp57, cp58, cp59, cp60, cp61, cp62, cp63
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
secondary
Synopsis
Enable the secondary context
Tree
Introduced
16.0.R1
Platforms
All
forward
Synopsis
Enter the forward context
Tree
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
next-hop
Synopsis
Enable the next-hop context
Tree
Notes
The following are part of a choice: next-hop, sap, or sdp.
Introduced
16.0.R1
Platforms
All
nh-ip-vrf
Synopsis
Enable the nh-ip-vrf context
Tree
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
address string
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
IPv4 address of next hop to forward matching packets
Context
Tree
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
indirect boolean
Synopsis
Allow next hop to be indirectly reachable
Context
Tree
Default
false
Introduced
16.0.R1
Platforms
All
router-instance string
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
Routing context for route lookup for forwarding packets
Context
Tree
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
sap
Synopsis
Enable the sap context
Tree
Notes
The following are part of a choice: next-hop, sap, or sdp.
Introduced
16.0.R1
Platforms
All
sap-id reference
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
A packet matching the entry will be forwarded using the specified SAP
Context
Tree
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
vpls reference
Synopsis
VPLS the sdp-bind-id belongs to
Tree
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
sdp
Synopsis
Enable the sdp context
Tree
Notes
The following are part of a choice: next-hop, sap, or sdp.
Introduced
16.0.R1
Platforms
All
sdp-bind-id string
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
VPLS SDP bind ID used to forward matching packets
Context
Tree
String Length
3 to 16
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
vpls reference
Synopsis
VPLS associated with the SDP
Tree
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
remark
Synopsis
Enable the remark context
Tree
Introduced
16.0.R1
Platforms
All
dscp keyword
Synopsis
Destination SAP
Tree
Options
be, cp1, cp2, cp3, cp4, cp5, cp6, cp7, cs1, cp9, af11, cp11, af12, cp13, af13, cp15, cs2, cp17, af21, cp19, af22, cp21, af23, cp23, cs3, cp25, af31, cp27, af32, cp29, af33, cp31, cs4, cp33, af41, cp35, af42, cp37, af43, cp39, cs5, cp41, cp42, cp43, cp44, cp45, ef, cp47, nc1, cp49, cp50, cp51, cp52, cp53, cp54, cp55, nc2, cp57, cp58, cp59, cp60, cp61, cp62, cp63
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
tcp-mss-adjust
Synopsis
Adjust MSS option of TCP matching packets to configured value of tcp-mss in router interface context
Tree
Notes
The following are part of a mandatory choice: accept, drop, forward, gtp-local-breakout, http-redirect, ignore-match, nat, reassemble, or tcp-mss-adjust.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
description string
Synopsis
Text description
Context
configure filter ip-filter string entry number description string
Tree
String Length
1 to 80
Introduced
16.0.R1
Platforms
All
egress-pbr keyword
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
PBR that has an effect when this filter is applied on egress
Context
configure filter ip-filter string entry number egress-pbr keyword
Tree
Options
true, true-with-l4lb
Introduced
16.0.R1
Platforms
All
filter-sample boolean
Synopsis
Sample matching traffic if IP interface is set to cflowd ACL mode
Context
configure filter ip-filter string entry number filter-sample boolean
Tree
Default
false
Introduced
16.0.R1
Platforms
All
interface-sample boolean
Synopsis
Sample matching traffic if IP interface is set to cflowd interface mode
Context
configure filter ip-filter string entry number interface-sample boolean
Tree
Default
true
Introduced
16.0.R1
Platforms
All
log reference
Synopsis
Log that is used for packets matching this entry
Tree
Introduced
16.0.R1
Platforms
All
match
Synopsis
Enter the match context
Tree
Description
Commands in this context configure match criteria for the filter entry. When the match criteria are satisfied, the action associated with the match criteria is executed.
Introduced
16.0.R1
Platforms
All
destination-class number
Synopsis
Destination class as a match criterion
Tree
Description
This command configures the BGP destination class value as a match criterion. Filtering egress traffic on the destination class requires the destination-class-lookup command (under the ingress context for the service interface) to be enabled (set to true).
Range
1 to 255
Introduced
20.7.R1
Platforms
All
dscp keyword
Synopsis
DSCP used as an IP filter match criterion
Tree
Options
be, cp1, cp2, cp3, cp4, cp5, cp6, cp7, cs1, cp9, af11, cp11, af12, cp13, af13, cp15, cs2, cp17, af21, cp19, af22, cp21, af23, cp23, cs3, cp25, af31, cp27, af32, cp29, af33, cp31, cs4, cp33, af41, cp35, af42, cp37, af43, cp39, cs5, cp41, cp42, cp43, cp44, cp45, ef, cp47, nc1, cp49, cp50, cp51, cp52, cp53, cp54, cp55, nc2, cp57, cp58, cp59, cp60, cp61, cp62, cp63
Introduced
16.0.R1
Platforms
All
dst-ip
Synopsis
Enter the dst-ip context
Tree
Introduced
16.0.R1
Platforms
All
address (ipv4-address | ipv4-prefix-with-host-bits)
Synopsis
IP address used as the match criterion
Context
Tree
Notes
The following are part of a choice: (address and mask) or ip-prefix-list.
Introduced
16.0.R1
Platforms
All
ip-prefix-list reference
Synopsis
IP prefix list used as match criterion
Tree
Reference
configure filter match-list ip-prefix-list string
Notes
The following are part of a choice: (address and mask) or ip-prefix-list.
Introduced
16.0.R1
Platforms
All
mask string
Synopsis
Address mask as the match criterion
Tree
Notes
The following are part of a choice: (address and mask) or ip-prefix-list.
Introduced
16.0.R1
Platforms
All
dst-port
Synopsis
Enter the dst-port context
Tree
Notes
The following are part of a choice: port or (dst-port and src-port).
Introduced
16.0.R1
Platforms
All
eq number
Synopsis
Exact match criterion for the port number
Tree
Range
0 to 65535
Notes
The following are part of a choice: eq, gt, lt, port-list, or range.
Introduced
16.0.R1
Platforms
All
gt number
Synopsis
Greater than match criterion for the port number
Tree
Range
0 to 65534
Notes
The following are part of a choice: eq, gt, lt, port-list, or range.
Introduced
16.0.R1
Platforms
All
lt number
Synopsis
Less than match criterion for the port number
Tree
Range
1 to 65535
Notes
The following are part of a choice: eq, gt, lt, port-list, or range.
Introduced
16.0.R1
Platforms
All
port-list reference
Synopsis
Name of the port list as the match criterion
Tree
Reference
configure filter match-list port-list string
Notes
The following are part of a choice: eq, gt, lt, port-list, or range.
Introduced
16.0.R1
Platforms
All
range
Synopsis
Enable the range context
Tree
Notes
The following are part of a choice: eq, gt, lt, port-list, or range.
Introduced
16.0.R1
Platforms
All
end number
Synopsis
Upper bound of the port range as port match criterion
Tree
Range
1 to 65535
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
start number
Synopsis
Lower bound of the port range as port match criterion
Tree
Range
0 to 65534
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
fragment keyword
Synopsis
Match criterion for fragmented packets
Tree
Options
false, true, first-only, non-first-only
Introduced
16.0.R1
Platforms
All
icmp
Synopsis
Enter the icmp context
Tree
Introduced
16.0.R1
Platforms
All
code number
Synopsis
ICMP code value to match
Tree
Range
0 to 255
Introduced
16.0.R1
Platforms
All
type number
Synopsis
ICMP type value to match
Tree
Range
0 to 255
Introduced
16.0.R1
Platforms
All
ip-option
Synopsis
Enable the ip-option context
Tree
Introduced
16.0.R1
Platforms
All
mask number
Synopsis
Mask that is ANDed with ip-option value in the packet header
Tree
Range
1 to 255
Default
255
Introduced
16.0.R1
Platforms
All
type number
Synopsis
Specific IP option to match
Tree
Range
0 to 255
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
multiple-option boolean
Synopsis
Match based on presence of multiple options in header
Tree
Introduced
16.0.R1
Platforms
All
option-present boolean
Synopsis
Match on the presence of any IP option in the packet
Tree
Introduced
16.0.R1
Platforms
All
packet-length
Synopsis
Enable the packet-length context
Tree
Introduced
19.5.R1
Platforms
All
eq number
Synopsis
Exact match criterion for the length
Tree
Range
0 to 65535
Notes
The following are part of a mandatory choice: eq, gt, lt, or range.
Introduced
19.5.R1
Platforms
All
gt number
Synopsis
Greater than match criterion for the length
Tree
Range
min to 65534
Notes
The following are part of a mandatory choice: eq, gt, lt, or range.
Introduced
19.5.R1
Platforms
All
lt number
Synopsis
Less than match criterion for the length
Tree
Range
1 to max
Notes
The following are part of a mandatory choice: eq, gt, lt, or range.
Introduced
19.5.R1
Platforms
All
range
Synopsis
Enable the range context
Tree
Notes
The following are part of a mandatory choice: eq, gt, lt, or range.
Introduced
19.5.R1
Platforms
All
end number
Synopsis
Upper bound of the length range
Tree
Range
1 to max
Notes
This element is mandatory.
Introduced
19.5.R1
Platforms
All
start number
Synopsis
Lower bound of the length range
Tree
Range
min to 65534
Notes
This element is mandatory.
Introduced
19.5.R1
Platforms
All
port
Synopsis
Enter the port context
Tree
Notes
The following are part of a choice: port or (dst-port and src-port).
Introduced
16.0.R1
Platforms
All
eq number
Synopsis
Exact match criterion for the port number
Tree
Range
0 to 65535
Notes
The following are part of a choice: eq, gt, lt, port-list, or range.
Introduced
16.0.R1
Platforms
All
gt number
Synopsis
Greater than match criterion for the port number
Tree
Range
0 to 65534
Notes
The following are part of a choice: eq, gt, lt, port-list, or range.
Introduced
16.0.R1
Platforms
All
lt number
Synopsis
Less than match criterion for the port number
Tree
Range
1 to 65535
Notes
The following are part of a choice: eq, gt, lt, port-list, or range.
Introduced
16.0.R1
Platforms
All
port-list reference
Synopsis
Name of the port list as the match criterion
Tree
Reference
configure filter match-list port-list string
Notes
The following are part of a choice: eq, gt, lt, port-list, or range.
Introduced
16.0.R1
Platforms
All
range
Synopsis
Enable the range context
Tree
Notes
The following are part of a choice: eq, gt, lt, port-list, or range.
Introduced
16.0.R1
Platforms
All
end number
Synopsis
Upper bound of the port range as port match criterion
Tree
Range
1 to 65535
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
start number
Synopsis
Lower bound of the port range as port match criterion
Tree
Range
0 to 65534
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
protocol (number | keyword)
Synopsis
IP protocol identifier as a match criterion
Tree
Range
0 to 255
Options
tcp-udp, icmp, igmp, ip, tcp, egp, igp, udp, rdp, ipv6, ipv6-route, ipv6-frag, idrp, rsvp, gre, ipv6-icmp, ipv6-no-nxt, ipv6-opts, iso-ip, eigrp, ospf-igp, ether-ip, encap, pnni, pim, vrrp, l2tp, stp, ptp, isis, crtp, crudp, sctp
Notes
The following are part of a choice: protocol or protocol-list.
Introduced
16.0.R1
Platforms
All
protocol-list reference
Synopsis
Name of the protocol list as a match criterion
Tree
Reference
configure filter match-list protocol-list string
Notes
The following are part of a choice: protocol or protocol-list.
Introduced
20.7.R1
Platforms
All
src-ip
Synopsis
Enter the src-ip context
Tree
Introduced
16.0.R1
Platforms
All
address (ipv4-address | ipv4-prefix-with-host-bits)
Synopsis
IP address used as the match criterion
Context
Tree
Notes
The following are part of a choice: (address and mask) or ip-prefix-list.
Introduced
16.0.R1
Platforms
All
ip-prefix-list reference
Synopsis
IP prefix list used as match criterion
Tree
Reference
configure filter match-list ip-prefix-list string
Notes
The following are part of a choice: (address and mask) or ip-prefix-list.
Introduced
16.0.R1
Platforms
All
mask string
Synopsis
Address mask as the match criterion
Tree
Notes
The following are part of a choice: (address and mask) or ip-prefix-list.
Introduced
16.0.R1
Platforms
All
src-mac
Synopsis
Enable the src-mac context
Tree
Introduced
19.5.R1
Platforms
All
address string
Synopsis
MAC address used as the match criterion
Tree
Notes
This element is mandatory.
Introduced
19.5.R1
Platforms
All
mask string
Synopsis
MAC address mask as the match criterion
Tree
Default
ff:ff:ff:ff:ff:ff
Introduced
19.5.R1
Platforms
All
src-port
Synopsis
Enter the src-port context
Tree
Notes
The following are part of a choice: port or (dst-port and src-port).
Introduced
16.0.R1
Platforms
All
eq number
Synopsis
Exact match criterion for the port number
Tree
Range
0 to 65535
Notes
The following are part of a choice: eq, gt, lt, port-list, or range.
Introduced
16.0.R1
Platforms
All
gt number
Synopsis
Greater than match criterion for the port number
Tree
Range
0 to 65534
Notes
The following are part of a choice: eq, gt, lt, port-list, or range.
Introduced
16.0.R1
Platforms
All
lt number
Synopsis
Less than match criterion for the port number
Tree
Range
1 to 65535
Notes
The following are part of a choice: eq, gt, lt, port-list, or range.
Introduced
16.0.R1
Platforms
All
port-list reference
Synopsis
Name of the port list as the match criterion
Tree
Reference
configure filter match-list port-list string
Notes
The following are part of a choice: eq, gt, lt, port-list, or range.
Introduced
16.0.R1
Platforms
All
range
Synopsis
Enable the range context
Tree
Notes
The following are part of a choice: eq, gt, lt, port-list, or range.
Introduced
16.0.R1
Platforms
All
end number
Synopsis
Upper bound of the port range as port match criterion
Tree
Range
1 to 65535
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
start number
Synopsis
Lower bound of the port range as port match criterion
Tree
Range
0 to 65534
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
src-route-option boolean
Synopsis
Match based on presence of source route option
Tree
Introduced
16.0.R1
Platforms
All
tcp-flags
Synopsis
Enter the tcp-flags context
Tree
Introduced
16.0.R1
Platforms
All
ack boolean
Synopsis
Match TCP ACK as per value of the ACK TCP flag bit
Tree
Introduced
16.0.R1
Platforms
All
cwr boolean
Synopsis
Match TCP CWR as per value of the CWR TCP flag bit
Tree
Introduced
16.0.R1
Platforms
All
ece boolean
Synopsis
Match TCP ECE as per value of the ECE TCP flag bit
Tree
Introduced
16.0.R1
Platforms
All
fin boolean
Synopsis
Match TCP FIN as per value of the FIN TCP flag bit
Tree
Introduced
16.0.R1
Platforms
All
ns boolean
Synopsis
Match TCP NS as per value of the NS TCP flag bit
Tree
Introduced
16.0.R1
Platforms
All
psh boolean
Synopsis
Match TCP PSH as per value of the PSH TCP flag bit
Tree
Introduced
16.0.R1
Platforms
All
rst boolean
Synopsis
Match TCP RST as per value of the RST TCP flag bit
Tree
Introduced
16.0.R1
Platforms
All
syn boolean
Synopsis
Match TCP SYN as per value of the SYN TCP flag bit
Tree
Introduced
16.0.R1
Platforms
All
urg boolean
Synopsis
Match TCP URG as per value of the URG TCP flag bit
Tree
Introduced
16.0.R1
Platforms
All
pbr-down-action-override keyword
Synopsis
Action when PBR or PBF target for this entry is not available
Context
configure filter ip-filter string entry number pbr-down-action-override keyword
Options
drop, forward, filter-default-action
Introduced
16.0.R1
Platforms
All
sample-profile reference
Synopsis
Cflowd sample profile ID for matching packets
Context
configure filter ip-filter string entry number sample-profile reference
Tree
Description
This command allows traffic matching an IPv4 or IPv6 filter to be sampled for cflowd processing using a specific sample-profile sample-profile-id. This option is only compatible if the associated interface is configured for interface-based
sampling and in only supported for ingress sampling. An IP filter can only specify a single alternate sample-profile for cflowd sampling, but that sample-profile can be used in multiple entries.
Reference
configure cflowd sample-profile number
Introduced
20.10.R1
Platforms
All
sticky-dest (number | keyword)
Synopsis
Time before action with available PBR or PBF destination and highest priority
Context
configure filter ip-filter string entry number sticky-dest (number | keyword)
Tree
Range
0 to 65535
Units
seconds
Options
no-hold-time-up
Introduced
16.0.R1
Platforms
All
filter-id number
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
IP filter ID
Tree
Range
1 to 65535
Introduced
16.0.R1
Platforms
All
scope keyword
Synopsis
Scope of this filter definition
Tree
Default
template
Options
exclusive, template, embedded, system
Introduced
16.0.R1
Platforms
All
subscriber-mgmt
Synopsis
Enter the subscriber-mgmt context
Context
configure filter ip-filter string subscriber-mgmt
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
host-specific-entry
Synopsis
Enter the host-specific-entry context
Context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
credit-control
Synopsis
Enter the credit-control context
Context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
range
Synopsis
Enable the range context
Context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
end number
Synopsis
Upper bound of range for entries from Credit Control
Context
configure filter ip-filter string subscriber-mgmt host-specific-entry credit-control range end number
Tree
Range
1 to 2097151
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
start number
Synopsis
Lower bound of range for entries from Credit Control
Context
configure filter ip-filter string subscriber-mgmt host-specific-entry credit-control range start number
Tree
Range
1 to 2097151
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
filter-rule
Synopsis
Enter the filter-rule context
Context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
range
Synopsis
Enable the range context
Context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
end number
Synopsis
Upper bound of range for filter-rule entries from RADIUS/Diameter
Context
configure filter ip-filter string subscriber-mgmt host-specific-entry filter-rule range end number
Tree
Range
1 to 2097151
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
start number
Synopsis
Lower bound of range for subscriber host filter-rule entries from RADIUS/Diameter
Context
configure filter ip-filter string subscriber-mgmt host-specific-entry filter-rule range start number
Tree
Range
1 to 2097151
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
watermark
Synopsis
Enter the watermark context
Context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
high number
Synopsis
High watermark for host-specific entries, to raise a table full alarm
Context
configure filter ip-filter string subscriber-mgmt host-specific-entry watermark high number
Tree
Range
0 to 100
Default
95
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
low number
Synopsis
Low watermark for host-specific entries, to clear a table full alarm
Context
configure filter ip-filter string subscriber-mgmt host-specific-entry watermark low number
Tree
Range
0 to 100
Default
90
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
shared-entry
Synopsis
Enter the shared-entry context
Context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
filter-rule
Synopsis
Enter the filter-rule context
Context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
range
Synopsis
Enable the range context
Context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
end number
Synopsis
Upper bound of range for shared-filter rules from RADIUS
Context
configure filter ip-filter string subscriber-mgmt shared-entry filter-rule range end number
Tree
Range
1 to 2097151
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
start number
Synopsis
Lower bound of range for shared filter-rules from RADIUS
Context
configure filter ip-filter string subscriber-mgmt shared-entry filter-rule range start number
Tree
Range
1 to 2097151
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
pcc-rule
Synopsis
Enter the pcc-rule context
Context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
range
Synopsis
Enable the range context
Context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
end number
Synopsis
Upper bound of range for pcc-rule filter entries from Diameter
Context
configure filter ip-filter string subscriber-mgmt shared-entry pcc-rule range end number
Tree
Range
1 to 2097151
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
start number
Synopsis
Lower bound of range for pcc-rule filter entries from Diameter
Context
configure filter ip-filter string subscriber-mgmt shared-entry pcc-rule range start number
Tree
Range
1 to 2097151
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
watermark
Synopsis
Enable the watermark context
Context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
high number
Synopsis
Limit of RADIUS shared filters before generating high watermark notification
Context
configure filter ip-filter string subscriber-mgmt shared-entry watermark high number
Tree
Range
1 to 8000
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
low number
Synopsis
Limit of RADIUS or Diameter shared filters before clearing high watermark notification
Context
configure filter ip-filter string subscriber-mgmt shared-entry watermark low number
Tree
Range
0 to 7999
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
type keyword
Synopsis
Set of match criteria for the filter policy
Tree
Default
normal
Options
normal, src-mac, packet-length, destination-class
Introduced
19.5.R1
Platforms
All
ipv6-exception [filter-name] string
Synopsis
Enter the ipv6-exception list instance
Context
configure filter ipv6-exception string
Tree
Introduced
20.10.R1
Platforms
VSR
[filter-name] string
Synopsis
Filter name
Context
configure filter ipv6-exception string
String Length
1 to 64
Notes
This element is part of a list key.
Introduced
20.10.R1
Platforms
VSR
description string
Synopsis
Text description
Context
configure filter ipv6-exception string description string
Tree
String Length
1 to 80
Introduced
20.10.R1
Platforms
VSR
entry [entry-id] number
Synopsis
Enter the entry list instance
Context
configure filter ipv6-exception string entry number
Tree
Introduced
20.10.R1
Platforms
VSR
[entry-id] number
Synopsis
ID for a match criteria and the corresponding action
Context
configure filter ipv6-exception string entry number
Range
1 to 2097151
Notes
This element is part of a list key.
Introduced
20.10.R1
Platforms
VSR
description string
Synopsis
Text description
Context
configure filter ipv6-exception string entry number description string
Tree
String Length
1 to 80
Introduced
20.10.R1
Platforms
VSR
match
Synopsis
Enter the match context
Context
configure filter ipv6-exception string entry number match
Tree
Introduced
20.10.R1
Platforms
VSR
dst-ip
Synopsis
Enter the dst-ip context
Tree
Introduced
20.10.R1
Platforms
VSR
address (ipv6-address | ipv6-prefix-with-host-bits)
Synopsis
IP address as the match criterion
Context
Tree
Notes
The following are part of a choice: (address and mask) or ipv6-prefix-list.
Introduced
20.10.R1
Platforms
VSR
ipv6-prefix-list reference
Synopsis
IPv6 prefix list as match criterion for IP address
Context
configure filter ipv6-exception string entry number match dst-ip ipv6-prefix-list reference
Tree
Reference
Notes
The following are part of a choice: (address and mask) or ipv6-prefix-list.
Introduced
20.10.R1
Platforms
VSR
mask string
Synopsis
IPv6 address mask as the match criterion
Tree
Notes
The following are part of a choice: (address and mask) or ipv6-prefix-list.
Introduced
20.10.R1
Platforms
VSR
dst-port
Synopsis
Enter the dst-port context
Tree
Notes
The following are part of a choice: port or (dst-port and src-port).
Introduced
20.10.R1
Platforms
VSR
eq number
Synopsis
Exact match criterion for the port number
Tree
Range
0 to 65535
Notes
The following are part of a choice: eq, gt, lt, port-list, or range.
Introduced
20.10.R1
Platforms
VSR
gt number
Synopsis
Greater than match criterion for the port number
Tree
Range
0 to 65534
Notes
The following are part of a choice: eq, gt, lt, port-list, or range.
Introduced
20.10.R1
Platforms
VSR
lt number
Synopsis
Less than match criterion for the port number
Tree
Range
1 to 65535
Notes
The following are part of a choice: eq, gt, lt, port-list, or range.
Introduced
20.10.R1
Platforms
VSR
port-list reference
Synopsis
Name of the port list as the match criterion
Tree
Reference
configure filter match-list port-list string
Notes
The following are part of a choice: eq, gt, lt, port-list, or range.
Introduced
20.10.R1
Platforms
VSR
range
Synopsis
Enable the range context
Tree
Notes
The following are part of a choice: eq, gt, lt, port-list, or range.
Introduced
20.10.R1
Platforms
VSR
end number
Synopsis
Upper bound of the port range as port match criterion
Tree
Range
1 to 65535
Notes
This element is mandatory.
Introduced
20.10.R1
Platforms
VSR
start number
Synopsis
Lower bound of the port range as port match criterion
Tree
Range
0 to 65534
Notes
This element is mandatory.
Introduced
20.10.R1
Platforms
VSR
icmp
Synopsis
Enter the icmp context
Tree
Introduced
20.10.R1
Platforms
VSR
code number
Synopsis
ICMPv6 code value to match
Tree
Range
0 to 255
Introduced
20.10.R1
Platforms
VSR
type number
Synopsis
ICMPv6 type value to match
Tree
Range
0 to 255
Introduced
20.10.R1
Platforms
VSR
next-header (number | keyword)
Synopsis
IP protocol to match
Context
configure filter ipv6-exception string entry number match next-header (number | keyword)
Tree
Range
0 to 255
Options
tcp-udp, icmp, igmp, ip, tcp, egp, igp, udp, rdp, ipv6, ipv6-route, ipv6-frag, idrp, rsvp, gre, ipv6-icmp, ipv6-no-nxt, ipv6-opts, iso-ip, eigrp, ospf-igp, ether-ip, encap, pnni, pim, vrrp, l2tp, stp, ptp, isis, crtp, crudp, sctp
Introduced
20.10.R1
Platforms
VSR
port
Synopsis
Enter the port context
Tree
Notes
The following are part of a choice: port or (dst-port and src-port).
Introduced
20.10.R1
Platforms
VSR
eq number
Synopsis
Exact match criterion for the port number
Tree
Range
0 to 65535
Notes
The following are part of a choice: eq, gt, lt, port-list, or range.
Introduced
20.10.R1
Platforms
VSR
gt number
Synopsis
Greater than match criterion for the port number
Tree
Range
0 to 65534
Notes
The following are part of a choice: eq, gt, lt, port-list, or range.
Introduced
20.10.R1
Platforms
VSR
lt number
Synopsis
Less than match criterion for the port number
Tree
Range
1 to 65535
Notes
The following are part of a choice: eq, gt, lt, port-list, or range.
Introduced
20.10.R1
Platforms
VSR
port-list reference
Synopsis
Name of the port list as the match criterion
Tree
Reference
configure filter match-list port-list string
Notes
The following are part of a choice: eq, gt, lt, port-list, or range.
Introduced
20.10.R1
Platforms
VSR
range
Synopsis
Enable the range context
Tree
Notes
The following are part of a choice: eq, gt, lt, port-list, or range.
Introduced
20.10.R1
Platforms
VSR
end number
Synopsis
Upper bound of the port range as port match criterion
Tree
Range
1 to 65535
Notes
This element is mandatory.
Introduced
20.10.R1
Platforms
VSR
start number
Synopsis
Lower bound of the port range as port match criterion
Tree
Range
0 to 65534
Notes
This element is mandatory.
Introduced
20.10.R1
Platforms
VSR
src-ip
Synopsis
Enter the src-ip context
Tree
Introduced
20.10.R1
Platforms
VSR
address (ipv6-address | ipv6-prefix-with-host-bits)
Synopsis
IP address as the match criterion
Context
Tree
Notes
The following are part of a choice: (address and mask) or ipv6-prefix-list.
Introduced
20.10.R1
Platforms
VSR
ipv6-prefix-list reference
Synopsis
IPv6 prefix list as match criterion for IP address
Context
configure filter ipv6-exception string entry number match src-ip ipv6-prefix-list reference
Tree
Reference
Notes
The following are part of a choice: (address and mask) or ipv6-prefix-list.
Introduced
20.10.R1
Platforms
VSR
mask string
Synopsis
IPv6 address mask as the match criterion
Tree
Notes
The following are part of a choice: (address and mask) or ipv6-prefix-list.
Introduced
20.10.R1
Platforms
VSR
src-port
Synopsis
Enter the src-port context
Tree
Notes
The following are part of a choice: port or (dst-port and src-port).
Introduced
20.10.R1
Platforms
VSR
eq number
Synopsis
Exact match criterion for the port number
Tree
Range
0 to 65535
Notes
The following are part of a choice: eq, gt, lt, port-list, or range.
Introduced
20.10.R1
Platforms
VSR
gt number
Synopsis
Greater than match criterion for the port number
Tree
Range
0 to 65534
Notes
The following are part of a choice: eq, gt, lt, port-list, or range.
Introduced
20.10.R1
Platforms
VSR
lt number
Synopsis
Less than match criterion for the port number
Tree
Range
1 to 65535
Notes
The following are part of a choice: eq, gt, lt, port-list, or range.
Introduced
20.10.R1
Platforms
VSR
port-list reference
Synopsis
Name of the port list as the match criterion
Tree
Reference
configure filter match-list port-list string
Notes
The following are part of a choice: eq, gt, lt, port-list, or range.
Introduced
20.10.R1
Platforms
VSR
range
Synopsis
Enable the range context
Tree
Notes
The following are part of a choice: eq, gt, lt, port-list, or range.
Introduced
20.10.R1
Platforms
VSR
end number
Synopsis
Upper bound of the port range as port match criterion
Tree
Range
1 to 65535
Notes
This element is mandatory.
Introduced
20.10.R1
Platforms
VSR
start number
Synopsis
Lower bound of the port range as port match criterion
Tree
Range
0 to 65534
Notes
This element is mandatory.
Introduced
20.10.R1
Platforms
VSR
filter-id number
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
Filter ID
Context
configure filter ipv6-exception string filter-id number
Tree
Range
1 to 65535
Introduced
20.10.R1
Platforms
VSR
ipv6-filter [filter-name] string
Synopsis
Enter the ipv6-filter list instance
Context
configure filter ipv6-filter string
Tree
Introduced
16.0.R1
Platforms
All
[filter-name] string
Synopsis
Filter name
Context
configure filter ipv6-filter string
String Length
1 to 64
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
chain-to-system-filter boolean
Synopsis
Chain filter policy to the active IPvX system filter policy
Context
configure filter ipv6-filter string chain-to-system-filter boolean
Default
false
Introduced
16.0.R1
Platforms
All
default-action keyword
Synopsis
Action for packets that do not match any entry
Context
configure filter ipv6-filter string default-action keyword
Tree
Default
drop
Options
drop, accept
Introduced
16.0.R1
Platforms
All
description string
Synopsis
Text description
Context
configure filter ipv6-filter string description string
Tree
String Length
1 to 80
Introduced
16.0.R1
Platforms
All
embed
Synopsis
Enter the embed context
Context
configure filter ipv6-filter string embed
Tree
Description
Commands in this context embed a previously defined IPv6 embedded filter policy or Hybrid OpenFlow switch instance into an exclusive, template, or system filter policy at the specified offset value. Rules derived from the BGP FlowSpec can also be embedded into template filter policies only.
Introduced
16.0.R1
Platforms
All
filter [name] reference offset number
Synopsis
Enter the filter list instance
Tree
Introduced
16.0.R1
Platforms
All
[name] reference
Synopsis
ID of the filter to insert
Reference
configure filter ipv6-filter string
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
offset number
Synopsis
Offset of the inserted entries
Range
0 to 2097150
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
admin-state keyword
Synopsis
Administrative state of this embedding
Context
configure filter ipv6-filter string embed filter reference offset number admin-state keyword
Tree
Default
enable
Options
enable, disable
Introduced
16.0.R1
Platforms
All
offset number
Synopsis
Offset of the inserted entries
Range
0 to 2097151
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
admin-state keyword
Synopsis
Administrative state of this embedding
Context
configure filter ipv6-filter string embed flowspec offset number admin-state keyword
Tree
Default
enable
Options
enable, disable
Introduced
16.0.R1
Platforms
All
group number
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
Interface group ID for an external configured set of flowspec rules
Tree
Range
0 to 16383
Introduced
16.0.R1
Platforms
All
router-instance string
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
Virtual router for an external configured set of flowspec rules
Context
configure filter ipv6-filter string embed flowspec offset number router-instance string
Tree
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
openflow [of-switch] reference offset number
Synopsis
Enter the openflow list instance
Tree
Introduced
16.0.R4
Platforms
All
[of-switch] reference
Synopsis
Referenced Hybrid OpenFlow Switch (OFS) name
Notes
This element is part of a list key.
Introduced
16.0.R4
Platforms
All
offset number
Synopsis
Offset of the inserted entries
Range
0 to 2097150
Notes
This element is part of a list key.
Introduced
16.0.R4
Platforms
All
admin-state keyword
Synopsis
Administrative state of this embedding
Context
configure filter ipv6-filter string embed openflow reference offset number admin-state keyword
Tree
Default
enable
Options
enable, disable
Introduced
16.0.R4
Platforms
All
grt
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
Global routing context
Tree
Notes
This element is the default part of a choice.
The following are part of a choice: grt, system, (sap and vpls), or vprn.
Introduced
16.0.R4
Platforms
All
sap reference
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
SAP context
Tree
Notes
The following are part of a choice: grt, system, (sap and vpls), or vprn.
Introduced
16.0.R4
Platforms
All
system
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
System context
Tree
Notes
The following are part of a choice: grt, system, (sap and vpls), or vprn.
Introduced
16.0.R4
Platforms
All
vpls reference
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
VPLS context
Tree
Notes
The following are part of a choice: grt, system, (sap and vpls), or vprn.
Introduced
16.0.R4
Platforms
All
vprn reference
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
VPRN context
Tree
Notes
The following are part of a choice: grt, system, (sap and vpls), or vprn.
Introduced
16.0.R4
Platforms
All
entry [entry-id] number
Synopsis
Enter the entry list instance
Context
configure filter ipv6-filter string entry number
Tree
Introduced
16.0.R1
Platforms
All
[entry-id] number
Synopsis
ID for a match criteria and the corresponding action
Context
configure filter ipv6-filter string entry number
Range
1 to 2097151
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
action
Synopsis
Enable the action context
Context
configure filter ipv6-filter string entry number action
Tree
Introduced
16.0.R1
Platforms
All
accept
Synopsis
Accept regular routing to forward a packet that matches this entry
Tree
Notes
The following are part of a mandatory choice: accept, drop, forward, http-redirect, ignore-match, nat, or tcp-mss-adjust.
Introduced
16.0.R1
Platforms
All
accept-when
Synopsis
Enable the accept-when context
Context
configure filter ipv6-filter string entry number action accept-when
Tree
Introduced
19.5.R1
Platforms
All
pattern
Synopsis
Enable the pattern context
Context
configure filter ipv6-filter string entry number action accept-when pattern
Tree
Introduced
19.5.R1
Platforms
All
expression string
Synopsis
Pattern expression to match
Context
configure filter ipv6-filter string entry number action accept-when pattern expression string
Tree
String Length
3 to 18
Notes
This element is mandatory.
Introduced
19.5.R1
Platforms
All
mask string
Synopsis
Mask for the pattern expression
Context
configure filter ipv6-filter string entry number action accept-when pattern mask string
Tree
String Length
3 to 18
Notes
This element is mandatory.
Introduced
19.5.R1
Platforms
All
offset-type keyword
Synopsis
Starting point reference for offset value of pattern
Context
configure filter ipv6-filter string entry number action accept-when pattern offset-type keyword
Tree
Options
layer-3, layer-4, data, dns-qtype
Notes
This element is mandatory.
Introduced
19.5.R1
Platforms
All
offset-value number
Synopsis
Offset value for the pattern expression
Context
configure filter ipv6-filter string entry number action accept-when pattern offset-value number
Tree
Range
0 to 255
Notes
This element is mandatory.
Introduced
19.5.R1
Platforms
All
drop
Synopsis
Drop a packet matching this entry
Tree
Notes
The following are part of a mandatory choice: accept, drop, forward, http-redirect, ignore-match, nat, or tcp-mss-adjust.
Introduced
16.0.R1
Platforms
All
drop-when
Synopsis
Enable the drop-when context
Tree
Introduced
16.0.R1
Platforms
All
extracted-traffic
Synopsis
Drop traffic extracted to CPM
Context
configure filter ipv6-filter string entry number action drop-when extracted-traffic
Tree
Introduced
16.0.R1
Platforms
All
hop-limit
Synopsis
Enable the hop-limit context
Tree
Notes
The following are part of a choice: hop-limit or payload-length.
Introduced
16.0.R1
Platforms
All
eq number
Synopsis
Value to compare against 'equal' condition for entry match criteria
Tree
Range
0 to 255
Notes
The following are part of a mandatory choice: eq, gt, lt, or range.
Introduced
16.0.R1
Platforms
All
gt number
Synopsis
Value to compare against 'greater than' condition for entry match criteria
Tree
Range
min to 254
Notes
The following are part of a mandatory choice: eq, gt, lt, or range.
Introduced
16.0.R1
Platforms
All
lt number
Synopsis
Value to compare against 'less than' condition for entry match criteria
Tree
Range
1 to max
Notes
The following are part of a mandatory choice: eq, gt, lt, or range.
Introduced
16.0.R1
Platforms
All
range
Synopsis
Enable the range context
Tree
Notes
The following are part of a mandatory choice: eq, gt, lt, or range.
Introduced
16.0.R1
Platforms
All
end number
Synopsis
Upper bound value
Context
Tree
Range
1 to max
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
start number
Synopsis
Lower bound value
Context
Tree
Range
min to 254
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
pattern
Synopsis
Enable the pattern context
Tree
Introduced
16.0.R4
Platforms
All
expression string
Synopsis
Pattern expression to match
Context
configure filter ipv6-filter string entry number action drop-when pattern expression string
Tree
String Length
3 to 18
Notes
This element is mandatory.
Introduced
16.0.R4
Platforms
All
mask string
Synopsis
Mask for the pattern expression
Tree
String Length
3 to 18
Notes
This element is mandatory.
Introduced
16.0.R4
Platforms
All
offset-type keyword
Synopsis
Starting point reference for offset value of pattern
Context
configure filter ipv6-filter string entry number action drop-when pattern offset-type keyword
Tree
Options
layer-3, layer-4, data, dns-qtype
Notes
This element is mandatory.
Introduced
16.0.R4
Platforms
All
offset-value number
Synopsis
Offset value for the pattern expression
Context
configure filter ipv6-filter string entry number action drop-when pattern offset-value number
Tree
Range
0 to 255
Notes
This element is mandatory.
Introduced
16.0.R4
Platforms
All
payload-length
Synopsis
Enable the payload-length context
Context
configure filter ipv6-filter string entry number action drop-when payload-length
Tree
Notes
The following are part of a choice: hop-limit or payload-length.
Introduced
16.0.R1
Platforms
All
eq number
Synopsis
Exact match criterion for the length
Context
configure filter ipv6-filter string entry number action drop-when payload-length eq number
Tree
Range
0 to 65535
Notes
The following are part of a mandatory choice: eq, gt, lt, or range.
Introduced
16.0.R1
Platforms
All
gt number
Synopsis
Greater than match criterion for the length
Context
configure filter ipv6-filter string entry number action drop-when payload-length gt number
Tree
Range
min to 65534
Notes
The following are part of a mandatory choice: eq, gt, lt, or range.
Introduced
16.0.R1
Platforms
All
lt number
Synopsis
Less than match criterion for the length
Context
configure filter ipv6-filter string entry number action drop-when payload-length lt number
Tree
Range
1 to max
Notes
The following are part of a mandatory choice: eq, gt, lt, or range.
Introduced
16.0.R1
Platforms
All
range
Synopsis
Enable the range context
Context
configure filter ipv6-filter string entry number action drop-when payload-length range
Tree
Notes
The following are part of a mandatory choice: eq, gt, lt, or range.
Introduced
16.0.R1
Platforms
All
end number
Synopsis
Upper bound of the length range
Context
configure filter ipv6-filter string entry number action drop-when payload-length range end number
Tree
Range
1 to max
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
start number
Synopsis
Lower bound of the length range
Context
configure filter ipv6-filter string entry number action drop-when payload-length range start number
Tree
Range
min to 65534
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
fc keyword
Synopsis
Class name to be forwarded for matching packets
Tree
Options
be, l2, af, l1, h2, ef, h1, nc
Introduced
16.0.R1
Platforms
All
forward
Synopsis
Enter the forward context
Tree
Notes
The following are part of a mandatory choice: accept, drop, forward, http-redirect, ignore-match, nat, or tcp-mss-adjust.
Introduced
16.0.R1
Platforms
All
bonding-connection number
Synopsis
Connection ID over which packet is forwarded
Context
configure filter ipv6-filter string entry number action forward bonding-connection number
Tree
Range
1 to 2
Notes
The following are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
esi-l2
Synopsis
Enable the esi-l2 context
Tree
Notes
The following are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target.
Introduced
16.0.R1
Platforms
All
esi-value string
Synopsis
ESI of the first ESI-identified appliance
Tree
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
vpls reference
Synopsis
VPLS service name
Tree
Notes
This element is mandatory.
Introduced
16.0.R3
Platforms
All
esi-l3
Synopsis
Enable the esi-l3 context
Tree
Notes
The following are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target.
Introduced
16.0.R1
Platforms
All
esi-value string
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
ESI of the first ESI-identified appliance
Tree
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
sf-ip string
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
IP address of the service function to forward traffic
Tree
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
vas-interface reference
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
Egress R-VPLS IP interface name
Context
configure filter ipv6-filter string entry number action forward esi-l3 vas-interface reference
Tree
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
vprn reference
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
VPRN service name
Tree
Notes
This element is mandatory.
Introduced
16.0.R4
Platforms
All
gre-tunnel reference
Synopsis
GRE tunnel template ID that sets the location where an encapsulated matching packet is transported
Context
configure filter ipv6-filter string entry number action forward gre-tunnel reference
Tree
Reference
configure filter gre-tunnel-template string
Notes
The following are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target.
Introduced
16.0.R1
Platforms
All
lsp string
Synopsis
LSP that is specified to forward a packet matching this entry
Tree
String Length
1 to 64
Notes
The following are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target.
Introduced
16.0.R1
Platforms
All
mpls-policy
Synopsis
Enable the mpls-policy context
Context
configure filter ipv6-filter string entry number action forward mpls-policy
Tree
Notes
The following are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target.
Introduced
19.10.R1
Platforms
All
endpoint string
Synopsis
The MPLS forwarding policy endpoint IPv6 address
Context
configure filter ipv6-filter string entry number action forward mpls-policy endpoint string
Tree
Notes
This element is mandatory.
Introduced
19.10.R1
Platforms
All
next-hop
Synopsis
Enable the next-hop context
Tree
Notes
The following are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target.
Introduced
16.0.R1
Platforms
All
nh-ip
Synopsis
Enable the nh-ip context
Tree
Notes
The following are part of a mandatory choice: nh-ip or nh-ip-vrf.
Introduced
16.0.R1
Platforms
All
address string
Synopsis
IPv6 address of next hop to forward matching packets
Context
Tree
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
indirect boolean
Synopsis
Allow next hop to be indirectly reachable
Context
Tree
Default
false
Introduced
16.0.R1
Platforms
All
nh-ip-vrf
Synopsis
Enable the nh-ip-vrf context
Tree
Notes
The following are part of a mandatory choice: nh-ip or nh-ip-vrf.
Introduced
16.0.R1
Platforms
All
address string
Synopsis
IPv6 address of next hop to forward matching packets
Context
Tree
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
indirect boolean
Synopsis
Allow next hop to be indirectly reachable
Context
Tree
Default
false
Introduced
16.0.R1
Platforms
All
router-instance string
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
Routing context for route lookup for forwarding packets
Context
configure filter ipv6-filter string entry number action forward next-hop nh-ip-vrf router-instance string
Tree
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
redirect-policy reference
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
Next hop or forward next hop router that forwards a packet that matches this entry
Context
configure filter ipv6-filter string entry number action forward redirect-policy reference
Tree
Reference
configure filter redirect-policy string
Notes
The following are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target.
Introduced
16.0.R1
Platforms
All
router-instance string
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
Specifies the routing context used for route lookup.
Context
configure filter ipv6-filter string entry number action forward router-instance string
Tree
Notes
The following are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target.
Introduced
16.0.R1
Platforms
All
sap
Synopsis
Enable the sap context
Tree
Notes
The following are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target.
Introduced
16.0.R1
Platforms
All
sap-id reference
Synopsis
VPLS Ethernet SAP ID used to forward matching packets
Tree
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
vpls reference
Synopsis
VPLS associated with the SAP
Tree
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
sdp
Synopsis
Enable the sdp context
Tree
Notes
The following are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target.
Introduced
16.0.R1
Platforms
All
sdp-bind-id string
Synopsis
VPLS SDP bind ID used to forward matching packets
Context
configure filter ipv6-filter string entry number action forward sdp sdp-bind-id string
Tree
String Length
3 to 16
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
vpls reference
Synopsis
VPLS associated with the SDP
Tree
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
srte-policy
Synopsis
Enable the srte-policy context
Context
configure filter ipv6-filter string entry number action forward srte-policy
Tree
Notes
The following are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target.
Introduced
19.10.R1
Platforms
All
color number
Synopsis
The SR-TE policy color value
Context
configure filter ipv6-filter string entry number action forward srte-policy color number
Tree
Range
0 to 4294967295
Notes
This element is mandatory.
Introduced
19.10.R1
Platforms
All
endpoint string
Synopsis
The SR-TE policy endpoint IPv6 address
Context
configure filter ipv6-filter string entry number action forward srte-policy endpoint string
Tree
Notes
This element is mandatory.
Introduced
19.10.R1
Platforms
All
vprn-target
Synopsis
Enable the vprn-target context
Context
configure filter ipv6-filter string entry number action forward vprn-target
Tree
Notes
The following are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, or vprn-target.
Introduced
16.0.R1
Platforms
All
adv-prefix string
Synopsis
Advertised IP prefix for target destination
Context
configure filter ipv6-filter string entry number action forward vprn-target adv-prefix string
Tree
Introduced
16.0.R1
Platforms
All
bgp-nh string
Synopsis
Target BGP next hop IP address
Context
configure filter ipv6-filter string entry number action forward vprn-target bgp-nh string
Tree
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
lsp string
Synopsis
LSP that is specified to forward a packet matching this entry
Context
configure filter ipv6-filter string entry number action forward vprn-target lsp string
Tree
String Length
1 to 64
Introduced
16.0.R1
Platforms
All
vprn reference
Synopsis
Routing context used for route lookup
Context
configure filter ipv6-filter string entry number action forward vprn-target vprn reference
Tree
Notes
This element is mandatory.
Introduced
16.0.R4
Platforms
All
http-redirect
Synopsis
Enable the http-redirect context
Context
configure filter ipv6-filter string entry number action http-redirect
Tree
Notes
The following are part of a mandatory choice: accept, drop, forward, http-redirect, ignore-match, nat, or tcp-mss-adjust.
Introduced
16.0.R1
Platforms
All
allow-override boolean
Synopsis
Override http-redirect by a RADIUS VSA
Context
configure filter ipv6-filter string entry number action http-redirect allow-override boolean
Tree
Default
false
Introduced
16.0.R1
Platforms
All
url (keyword | http-redirect-url)
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
URL that is used for redirecting
Context
configure filter ipv6-filter string entry number action http-redirect url (keyword | http-redirect-url)
Tree
String Length
1 to 255
Options
from-cpf
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
ignore-match
Synopsis
Ignore match criteria for the entry
Context
configure filter ipv6-filter string entry number action ignore-match
Tree
Notes
The following are part of a mandatory choice: accept, drop, forward, http-redirect, ignore-match, nat, or tcp-mss-adjust.
Introduced
16.0.R1
Platforms
All
nat
Synopsis
Enable the nat context
Tree
Notes
The following are part of a mandatory choice: accept, drop, forward, http-redirect, ignore-match, nat, or tcp-mss-adjust.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
nat-policy reference
| Warning: Modifying this element clears ISA state, such as flow state, for the new value to take effect. |
Synopsis
NAT policy name when action is NAT
Context
configure filter ipv6-filter string entry number action nat nat-policy reference
Tree
Reference
configure service nat nat-policy string
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
nat-type keyword
| Warning: Modifying this element clears ISA state, such as flow state, for the new value to take effect. |
Synopsis
NAT type to assign when action is NAT
Tree
Options
dslite, nat64
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
rate-limit
Synopsis
Enable the rate-limit context
Context
configure filter ipv6-filter string entry number action rate-limit
Tree
Introduced
16.0.R1
Platforms
All
hop-limit
Synopsis
Enable the hop-limit context
Context
configure filter ipv6-filter string entry number action rate-limit hop-limit
Tree
Notes
The following are part of a choice: hop-limit or payload-length.
Introduced
16.0.R1
Platforms
All
eq number
Synopsis
Value to compare against 'equal' condition for entry match criteria
Context
configure filter ipv6-filter string entry number action rate-limit hop-limit eq number
Tree
Range
0 to 255
Notes
The following are part of a mandatory choice: eq, gt, lt, or range.
Introduced
16.0.R1
Platforms
All
gt number
Synopsis
Value to compare against 'greater than' condition for entry match criteria
Context
configure filter ipv6-filter string entry number action rate-limit hop-limit gt number
Tree
Range
min to 254
Notes
The following are part of a mandatory choice: eq, gt, lt, or range.
Introduced
16.0.R1
Platforms
All
lt number
Synopsis
Value to compare against 'less than' condition for entry match criteria
Context
configure filter ipv6-filter string entry number action rate-limit hop-limit lt number
Tree
Range
1 to max
Notes
The following are part of a mandatory choice: eq, gt, lt, or range.
Introduced
16.0.R1
Platforms
All
range
Synopsis
Enable the range context
Context
configure filter ipv6-filter string entry number action rate-limit hop-limit range
Tree
Notes
The following are part of a mandatory choice: eq, gt, lt, or range.
Introduced
16.0.R1
Platforms
All
end number
Synopsis
Upper bound value
Context
configure filter ipv6-filter string entry number action rate-limit hop-limit range end number
Tree
Range
1 to max
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
start number
Synopsis
Lower bound value
Context
configure filter ipv6-filter string entry number action rate-limit hop-limit range start number
Tree
Range
min to 254
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
pattern
Synopsis
Enable the pattern context
Context
configure filter ipv6-filter string entry number action rate-limit pattern
Tree
Introduced
16.0.R4
Platforms
All
expression string
Synopsis
Pattern expression to match
Context
configure filter ipv6-filter string entry number action rate-limit pattern expression string
Tree
String Length
3 to 18
Notes
This element is mandatory.
Introduced
16.0.R4
Platforms
All
mask string
Synopsis
Mask for the pattern expression
Context
configure filter ipv6-filter string entry number action rate-limit pattern mask string
Tree
String Length
3 to 18
Notes
This element is mandatory.
Introduced
16.0.R4
Platforms
All
offset-type keyword
Synopsis
Starting point reference for offset value of pattern
Context
configure filter ipv6-filter string entry number action rate-limit pattern offset-type keyword
Tree
Options
layer-3, layer-4, data, dns-qtype
Notes
This element is mandatory.
Introduced
16.0.R4
Platforms
All
offset-value number
Synopsis
Offset value for the pattern expression
Context
configure filter ipv6-filter string entry number action rate-limit pattern offset-value number
Tree
Range
0 to 255
Notes
This element is mandatory.
Introduced
16.0.R4
Platforms
All
payload-length
Synopsis
Enable the payload-length context
Context
configure filter ipv6-filter string entry number action rate-limit payload-length
Tree
Notes
The following are part of a choice: hop-limit or payload-length.
Introduced
16.0.R1
Platforms
All
eq number
Synopsis
Exact match criterion for the length
Context
configure filter ipv6-filter string entry number action rate-limit payload-length eq number
Tree
Range
0 to 65535
Notes
The following are part of a mandatory choice: eq, gt, lt, or range.
Introduced
16.0.R1
Platforms
All
gt number
Synopsis
Greater than match criterion for the length
Context
configure filter ipv6-filter string entry number action rate-limit payload-length gt number
Tree
Range
min to 65534
Notes
The following are part of a mandatory choice: eq, gt, lt, or range.
Introduced
16.0.R1
Platforms
All
lt number
Synopsis
Less than match criterion for the length
Context
configure filter ipv6-filter string entry number action rate-limit payload-length lt number
Tree
Range
1 to max
Notes
The following are part of a mandatory choice: eq, gt, lt, or range.
Introduced
16.0.R1
Platforms
All
range
Synopsis
Enable the range context
Context
configure filter ipv6-filter string entry number action rate-limit payload-length range
Tree
Notes
The following are part of a mandatory choice: eq, gt, lt, or range.
Introduced
16.0.R1
Platforms
All
end number
Synopsis
Upper bound of the length range
Context
configure filter ipv6-filter string entry number action rate-limit payload-length range end number
Tree
Range
1 to max
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
start number
Synopsis
Lower bound of the length range
Context
configure filter ipv6-filter string entry number action rate-limit payload-length range start number
Tree
Range
min to 65534
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
pir (number | keyword)
Synopsis
Peak information rate
Context
configure filter ipv6-filter string entry number action rate-limit pir (number | keyword)
Tree
Range
0 to 2000000000
Units
kilobps
Options
max
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
remark
Synopsis
Enable the remark context
Tree
Introduced
16.0.R1
Platforms
All
dscp keyword
Synopsis
Destination SAP
Tree
Options
be, cp1, cp2, cp3, cp4, cp5, cp6, cp7, cs1, cp9, af11, cp11, af12, cp13, af13, cp15, cs2, cp17, af21, cp19, af22, cp21, af23, cp23, cs3, cp25, af31, cp27, af32, cp29, af33, cp31, cs4, cp33, af41, cp35, af42, cp37, af43, cp39, cs5, cp41, cp42, cp43, cp44, cp45, ef, cp47, nc1, cp49, cp50, cp51, cp52, cp53, cp54, cp55, nc2, cp57, cp58, cp59, cp60, cp61, cp62, cp63
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
secondary
Synopsis
Enable the secondary context
Tree
Introduced
16.0.R1
Platforms
All
forward
Synopsis
Enter the forward context
Tree
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
next-hop
Synopsis
Enable the next-hop context
Tree
Notes
The following are part of a choice: next-hop, sap, or sdp.
Introduced
16.0.R1
Platforms
All
nh-ip-vrf
Synopsis
Enable the nh-ip-vrf context
Context
Tree
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
address string
Synopsis
IPv6 address of next hop to forward matching packets
Context
Tree
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
indirect boolean
Synopsis
Allow next hop to be indirectly reachable
Context
Tree
Default
false
Introduced
16.0.R1
Platforms
All
router-instance string
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
Routing context for route lookup for forwarding packets
Context
configure filter ipv6-filter string entry number action secondary forward next-hop nh-ip-vrf router-instance string
Tree
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
sap
Synopsis
Enable the sap context
Tree
Notes
The following are part of a choice: next-hop, sap, or sdp.
Introduced
16.0.R1
Platforms
All
sap-id reference
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
A packet matching the entry will be forwarded using the specified SAP
Context
Tree
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
vpls reference
Synopsis
VPLS the sdp-bind-id belongs to
Context
Tree
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
sdp
Synopsis
Enable the sdp context
Tree
Notes
The following are part of a choice: next-hop, sap, or sdp.
Introduced
16.0.R1
Platforms
All
sdp-bind-id string
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
VPLS SDP bind ID used to forward matching packets
Context
configure filter ipv6-filter string entry number action secondary forward sdp sdp-bind-id string
Tree
String Length
3 to 16
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
vpls reference
Synopsis
VPLS associated with the SDP
Context
Tree
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
remark
Synopsis
Enable the remark context
Tree
Introduced
16.0.R1
Platforms
All
dscp keyword
Synopsis
Destination SAP
Tree
Options
be, cp1, cp2, cp3, cp4, cp5, cp6, cp7, cs1, cp9, af11, cp11, af12, cp13, af13, cp15, cs2, cp17, af21, cp19, af22, cp21, af23, cp23, cs3, cp25, af31, cp27, af32, cp29, af33, cp31, cs4, cp33, af41, cp35, af42, cp37, af43, cp39, cs5, cp41, cp42, cp43, cp44, cp45, ef, cp47, nc1, cp49, cp50, cp51, cp52, cp53, cp54, cp55, nc2, cp57, cp58, cp59, cp60, cp61, cp62, cp63
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
tcp-mss-adjust
Synopsis
Adjust MSS option of TCP matching packets to configured value of tcp-mss in router interface context
Context
configure filter ipv6-filter string entry number action tcp-mss-adjust
Tree
Notes
The following are part of a mandatory choice: accept, drop, forward, http-redirect, ignore-match, nat, or tcp-mss-adjust.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
description string
Synopsis
Text description
Context
configure filter ipv6-filter string entry number description string
Tree
String Length
1 to 80
Introduced
16.0.R1
Platforms
All
egress-pbr keyword
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
PBR that has an effect when this filter is applied on egress
Context
configure filter ipv6-filter string entry number egress-pbr keyword
Tree
Options
true, true-with-l4lb
Introduced
16.0.R1
Platforms
All
filter-sample boolean
Synopsis
Sample matching traffic if IP interface is set to cflowd ACL mode
Context
configure filter ipv6-filter string entry number filter-sample boolean
Tree
Default
false
Introduced
16.0.R1
Platforms
All
interface-sample boolean
Synopsis
Sample matching traffic if IP interface is set to cflowd interface mode
Context
configure filter ipv6-filter string entry number interface-sample boolean
Tree
Default
true
Introduced
16.0.R1
Platforms
All
log reference
Synopsis
Log that is used for packets matching this entry
Context
configure filter ipv6-filter string entry number log reference
Tree
Introduced
16.0.R1
Platforms
All
match
Synopsis
Enter the match context
Context
configure filter ipv6-filter string entry number match
Tree
Description
Commands in this context provide match criteria for the filter entry. When the match criteria are satisfied, the action associated with the match criteria is executed.
Introduced
16.0.R1
Platforms
All
destination-class number
Synopsis
Destination class as a match criterion
Context
configure filter ipv6-filter string entry number match destination-class number
Tree
Description
This command configures the BGP destination class value as a match criterion. Filtering egress traffic on the destination class requires the destination-class-lookup command (under the ingress context for the service interface) to be enabled (set to true).
Range
1 to 255
Introduced
20.7.R1
Platforms
All
dscp keyword
Synopsis
DSCP used as an IP filter match criterion
Tree
Options
be, cp1, cp2, cp3, cp4, cp5, cp6, cp7, cs1, cp9, af11, cp11, af12, cp13, af13, cp15, cs2, cp17, af21, cp19, af22, cp21, af23, cp23, cs3, cp25, af31, cp27, af32, cp29, af33, cp31, cs4, cp33, af41, cp35, af42, cp37, af43, cp39, cs5, cp41, cp42, cp43, cp44, cp45, ef, cp47, nc1, cp49, cp50, cp51, cp52, cp53, cp54, cp55, nc2, cp57, cp58, cp59, cp60, cp61, cp62, cp63
Introduced
16.0.R1
Platforms
All
dst-ip
Synopsis
Enter the dst-ip context
Tree
Introduced
16.0.R1
Platforms
All
address (ipv6-address | ipv6-prefix-with-host-bits)
Synopsis
IP address as the match criterion
Context
Tree
Notes
The following are part of a choice: (address and mask) or ipv6-prefix-list.
Introduced
16.0.R1
Platforms
All
ipv6-prefix-list reference
Synopsis
IPv6 prefix list as match criterion for IP address
Context
configure filter ipv6-filter string entry number match dst-ip ipv6-prefix-list reference
Tree
Reference
Notes
The following are part of a choice: (address and mask) or ipv6-prefix-list.
Introduced
16.0.R1
Platforms
All
mask string
Synopsis
IPv6 address mask as the match criterion
Tree
Notes
The following are part of a choice: (address and mask) or ipv6-prefix-list.
Introduced
16.0.R1
Platforms
All
dst-port
Synopsis
Enter the dst-port context
Tree
Notes
The following are part of a choice: port or (dst-port and src-port).
Introduced
16.0.R1
Platforms
All
eq number
Synopsis
Exact match criterion for the port number
Tree
Range
0 to 65535
Notes
The following are part of a choice: eq, gt, lt, port-list, or range.
Introduced
16.0.R1
Platforms
All
gt number
Synopsis
Greater than match criterion for the port number
Tree
Range
0 to 65534
Notes
The following are part of a choice: eq, gt, lt, port-list, or range.
Introduced
16.0.R1
Platforms
All
lt number
Synopsis
Less than match criterion for the port number
Tree
Range
1 to 65535
Notes
The following are part of a choice: eq, gt, lt, port-list, or range.
Introduced
16.0.R1
Platforms
All
port-list reference
Synopsis
Name of the port list as the match criterion
Tree
Reference
configure filter match-list port-list string
Notes
The following are part of a choice: eq, gt, lt, port-list, or range.
Introduced
16.0.R1
Platforms
All
range
Synopsis
Enable the range context
Tree
Notes
The following are part of a choice: eq, gt, lt, port-list, or range.
Introduced
16.0.R1
Platforms
All
end number
Synopsis
Upper bound of the port range as port match criterion
Tree
Range
1 to 65535
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
start number
Synopsis
Lower bound of the port range as port match criterion
Tree
Range
0 to 65534
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
extension-header
Synopsis
Enter the extension-header context
Context
configure filter ipv6-filter string entry number match extension-header
Tree
Introduced
16.0.R1
Platforms
All
ah boolean
Synopsis
Match a packet as per the existence of an AH Extension Header
Context
configure filter ipv6-filter string entry number match extension-header ah boolean
Tree
Introduced
16.0.R1
Platforms
All
esp boolean
Synopsis
Match a packet as per the existence of an Encapsulation security payload extension header
Context
configure filter ipv6-filter string entry number match extension-header esp boolean
Tree
Introduced
16.0.R1
Platforms
All
hop-by-hop boolean
Synopsis
Match on Hop-by-Hop Options Extension Header existence
Context
configure filter ipv6-filter string entry number match extension-header hop-by-hop boolean
Tree
Introduced
16.0.R2
Platforms
All
routing-type0 boolean
Synopsis
Match a packet as per the existence of a routing Extension Header
Context
configure filter ipv6-filter string entry number match extension-header routing-type0 boolean
Tree
Introduced
16.0.R1
Platforms
All
flow-label
Synopsis
Enable the flow-label context
Context
configure filter ipv6-filter string entry number match flow-label
Tree
Introduced
16.0.R1
Platforms
All
mask number
Synopsis
Flow label mask for this policy IP filter entry
Context
configure filter ipv6-filter string entry number match flow-label mask number
Tree
Range
1 to 1048575
Default
1048575
Introduced
16.0.R1
Platforms
All
value number
Synopsis
Flow label as match criterion
Context
configure filter ipv6-filter string entry number match flow-label value number
Tree
Range
0 to 1048575
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
fragment keyword
Synopsis
Match criterion for fragmented packages
Tree
Options
false, true, first-only, non-first-only
Introduced
16.0.R1
Platforms
All
icmp
Synopsis
Enter the icmp context
Tree
Introduced
16.0.R1
Platforms
All
code number
Synopsis
ICMPv6 code value to match
Tree
Range
0 to 255
Introduced
16.0.R1
Platforms
All
type number
Synopsis
ICMPv6 type value to match
Tree
Range
0 to 255
Introduced
16.0.R1
Platforms
All
next-header (number | keyword)
Synopsis
IP protocol to match
Context
configure filter ipv6-filter string entry number match next-header (number | keyword)
Tree
Range
0 to 255
Options
tcp-udp, icmp, igmp, ip, tcp, egp, igp, udp, rdp, ipv6, ipv6-route, ipv6-frag, idrp, rsvp, gre, ipv6-icmp, ipv6-no-nxt, ipv6-opts, iso-ip, eigrp, ospf-igp, ether-ip, encap, pnni, pim, vrrp, l2tp, stp, ptp, isis, crtp, crudp, sctp
Notes
The following are part of a choice: next-header or next-header-list.
Introduced
16.0.R1
Platforms
All
next-header-list reference
Synopsis
Name of the protocol list as a match criterion
Context
configure filter ipv6-filter string entry number match next-header-list reference
Tree
Reference
configure filter match-list protocol-list string
Notes
The following are part of a choice: next-header or next-header-list.
Introduced
20.7.R1
Platforms
All
packet-length
Synopsis
Enable the packet-length context
Context
configure filter ipv6-filter string entry number match packet-length
Tree
Introduced
19.5.R1
Platforms
All
eq number
Synopsis
Exact match criterion for the length
Context
configure filter ipv6-filter string entry number match packet-length eq number
Tree
Range
40 to 65575
Notes
The following are part of a mandatory choice: eq, gt, lt, or range.
Introduced
19.5.R1
Platforms
All
gt number
Synopsis
Greater than match criterion for the length
Context
configure filter ipv6-filter string entry number match packet-length gt number
Tree
Range
min to 65574
Notes
The following are part of a mandatory choice: eq, gt, lt, or range.
Introduced
19.5.R1
Platforms
All
lt number
Synopsis
Less than match criterion for the length
Context
configure filter ipv6-filter string entry number match packet-length lt number
Tree
Range
41 to max
Notes
The following are part of a mandatory choice: eq, gt, lt, or range.
Introduced
19.5.R1
Platforms
All
range
Synopsis
Enable the range context
Context
configure filter ipv6-filter string entry number match packet-length range
Tree
Notes
The following are part of a mandatory choice: eq, gt, lt, or range.
Introduced
19.5.R1
Platforms
All
end number
Synopsis
Upper bound of packet length range as match criterion
Context
configure filter ipv6-filter string entry number match packet-length range end number
Tree
Range
41 to max
Notes
This element is mandatory.
Introduced
19.5.R1
Platforms
All
start number
Synopsis
Lower bound of packet length range as match criterion
Context
configure filter ipv6-filter string entry number match packet-length range start number
Tree
Range
min to 65574
Notes
This element is mandatory.
Introduced
19.5.R1
Platforms
All
port
Synopsis
Enter the port context
Tree
Notes
The following are part of a choice: port or (dst-port and src-port).
Introduced
16.0.R1
Platforms
All
eq number
Synopsis
Exact match criterion for the port number
Tree
Range
0 to 65535
Notes
The following are part of a choice: eq, gt, lt, port-list, or range.
Introduced
16.0.R1
Platforms
All
gt number
Synopsis
Greater than match criterion for the port number
Tree
Range
0 to 65534
Notes
The following are part of a choice: eq, gt, lt, port-list, or range.
Introduced
16.0.R1
Platforms
All
lt number
Synopsis
Less than match criterion for the port number
Tree
Range
1 to 65535
Notes
The following are part of a choice: eq, gt, lt, port-list, or range.
Introduced
16.0.R1
Platforms
All
port-list reference
Synopsis
Name of the port list as the match criterion
Tree
Reference
configure filter match-list port-list string
Notes
The following are part of a choice: eq, gt, lt, port-list, or range.
Introduced
16.0.R1
Platforms
All
range
Synopsis
Enable the range context
Tree
Notes
The following are part of a choice: eq, gt, lt, port-list, or range.
Introduced
16.0.R1
Platforms
All
end number
Synopsis
Upper bound of the port range as port match criterion
Tree
Range
1 to 65535
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
start number
Synopsis
Lower bound of the port range as port match criterion
Tree
Range
0 to 65534
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
src-ip
Synopsis
Enter the src-ip context
Tree
Introduced
16.0.R1
Platforms
All
address (ipv6-address | ipv6-prefix-with-host-bits)
Synopsis
IP address as the match criterion
Context
Tree
Notes
The following are part of a choice: (address and mask) or ipv6-prefix-list.
Introduced
16.0.R1
Platforms
All
ipv6-prefix-list reference
Synopsis
IPv6 prefix list as match criterion for IP address
Context
configure filter ipv6-filter string entry number match src-ip ipv6-prefix-list reference
Tree
Reference
Notes
The following are part of a choice: (address and mask) or ipv6-prefix-list.
Introduced
16.0.R1
Platforms
All
mask string
Synopsis
IPv6 address mask as the match criterion
Tree
Notes
The following are part of a choice: (address and mask) or ipv6-prefix-list.
Introduced
16.0.R1
Platforms
All
src-mac
Synopsis
Enable the src-mac context
Tree
Introduced
19.5.R1
Platforms
All
address string
Synopsis
MAC address used as the match criterion
Tree
Notes
This element is mandatory.
Introduced
19.5.R1
Platforms
All
mask string
Synopsis
MAC address mask as the match criterion
Tree
Default
ff:ff:ff:ff:ff:ff
Introduced
19.5.R1
Platforms
All
src-port
Synopsis
Enter the src-port context
Tree
Notes
The following are part of a choice: port or (dst-port and src-port).
Introduced
16.0.R1
Platforms
All
eq number
Synopsis
Exact match criterion for the port number
Tree
Range
0 to 65535
Notes
The following are part of a choice: eq, gt, lt, port-list, or range.
Introduced
16.0.R1
Platforms
All
gt number
Synopsis
Greater than match criterion for the port number
Tree
Range
0 to 65534
Notes
The following are part of a choice: eq, gt, lt, port-list, or range.
Introduced
16.0.R1
Platforms
All
lt number
Synopsis
Less than match criterion for the port number
Tree
Range
1 to 65535
Notes
The following are part of a choice: eq, gt, lt, port-list, or range.
Introduced
16.0.R1
Platforms
All
port-list reference
Synopsis
Name of the port list as the match criterion
Tree
Reference
configure filter match-list port-list string
Notes
The following are part of a choice: eq, gt, lt, port-list, or range.
Introduced
16.0.R1
Platforms
All
range
Synopsis
Enable the range context
Tree
Notes
The following are part of a choice: eq, gt, lt, port-list, or range.
Introduced
16.0.R1
Platforms
All
end number
Synopsis
Upper bound of the port range as port match criterion
Tree
Range
1 to 65535
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
start number
Synopsis
Lower bound of the port range as port match criterion
Tree
Range
0 to 65534
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
tcp-flags
Synopsis
Enter the tcp-flags context
Tree
Introduced
16.0.R1
Platforms
All
ack boolean
Synopsis
Match TCP ACK as per value of the ACK TCP flag bit
Tree
Introduced
16.0.R1
Platforms
All
cwr boolean
Synopsis
Match TCP CWR as per value of the CWR TCP flag bit
Tree
Introduced
16.0.R1
Platforms
All
ece boolean
Synopsis
Match TCP ECE as per value of the ECE TCP flag bit
Tree
Introduced
16.0.R1
Platforms
All
fin boolean
Synopsis
Match TCP FIN as per value of the FIN TCP flag bit
Tree
Introduced
16.0.R1
Platforms
All
ns boolean
Synopsis
Match TCP NS as per value of the NS TCP flag bit
Tree
Introduced
16.0.R1
Platforms
All
psh boolean
Synopsis
Match TCP PSH as per value of the PSH TCP flag bit
Tree
Introduced
16.0.R1
Platforms
All
rst boolean
Synopsis
Match TCP RST as per value of the RST TCP flag bit
Tree
Introduced
16.0.R1
Platforms
All
syn boolean
Synopsis
Match TCP SYN as per value of the SYN TCP flag bit
Tree
Introduced
16.0.R1
Platforms
All
urg boolean
Synopsis
Match TCP URG as per value of the URG TCP flag bit
Tree
Introduced
16.0.R1
Platforms
All
pbr-down-action-override keyword
Synopsis
Action when PBR or PBF target for this entry is not available
Context
configure filter ipv6-filter string entry number pbr-down-action-override keyword
Options
drop, forward, filter-default-action
Introduced
16.0.R1
Platforms
All
sample-profile reference
Synopsis
Cflowd sample profile ID for matching packets
Context
configure filter ipv6-filter string entry number sample-profile reference
Tree
Description
This command allows traffic matching an IPv4 or IPv6 filter to be sampled for cflowd processing using a specific sample-profile sample-profile-id. This option is only compatible if the associated interface is configured for interface-based
sampling and in only supported for ingress sampling. An IP filter can only specify a single alternate sample-profile for cflowd sampling, but that sample-profile can be used in multiple entries.
Reference
configure cflowd sample-profile number
Introduced
20.10.R1
Platforms
All
sticky-dest (number | keyword)
Synopsis
Time before action with available PBR or PBF destination and highest priority
Context
configure filter ipv6-filter string entry number sticky-dest (number | keyword)
Tree
Range
0 to 65535
Units
seconds
Options
no-hold-time-up
Introduced
16.0.R1
Platforms
All
filter-id number
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
IPv6 filter identifier
Context
configure filter ipv6-filter string filter-id number
Tree
Range
1 to 65535
Introduced
16.0.R1
Platforms
All
scope keyword
Synopsis
Scope of this filter definition
Context
configure filter ipv6-filter string scope keyword
Tree
Default
template
Options
exclusive, template, embedded, system
Introduced
16.0.R1
Platforms
All
subscriber-mgmt
Synopsis
Enter the subscriber-mgmt context
Context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
host-specific-entry
Synopsis
Enter the host-specific-entry context
Context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
credit-control
Synopsis
Enter the credit-control context
Context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
range
Synopsis
Enable the range context
Context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
end number
Synopsis
Upper bound of range for entries from Credit Control
Context
configure filter ipv6-filter string subscriber-mgmt host-specific-entry credit-control range end number
Tree
Range
1 to 2097151
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
start number
Synopsis
Lower bound of range for entries from Credit Control
Context
configure filter ipv6-filter string subscriber-mgmt host-specific-entry credit-control range start number
Tree
Range
1 to 2097151
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
filter-rule
Synopsis
Enter the filter-rule context
Context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
range
Synopsis
Enable the range context
Context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
end number
Synopsis
Upper bound of range for filter-rule entries from RADIUS/Diameter
Context
configure filter ipv6-filter string subscriber-mgmt host-specific-entry filter-rule range end number
Tree
Range
1 to 2097151
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
start number
Synopsis
Lower bound of range for subscriber host filter-rule entries from RADIUS/Diameter
Context
configure filter ipv6-filter string subscriber-mgmt host-specific-entry filter-rule range start number
Tree
Range
1 to 2097151
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
watermark
Synopsis
Enter the watermark context
Context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
high number
Synopsis
High watermark for host-specific entries, to raise a table full alarm
Context
configure filter ipv6-filter string subscriber-mgmt host-specific-entry watermark high number
Tree
Range
0 to 100
Default
95
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
low number
Synopsis
Low watermark for host-specific entries, to clear a table full alarm
Context
configure filter ipv6-filter string subscriber-mgmt host-specific-entry watermark low number
Tree
Range
0 to 100
Default
90
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
shared-entry
Synopsis
Enter the shared-entry context
Context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
filter-rule
Synopsis
Enter the filter-rule context
Context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
range
Synopsis
Enable the range context
Context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
end number
Synopsis
Upper bound of range for shared-filter rules from RADIUS
Context
configure filter ipv6-filter string subscriber-mgmt shared-entry filter-rule range end number
Tree
Range
1 to 2097151
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
start number
Synopsis
Lower bound of range for shared filter-rules from RADIUS
Context
configure filter ipv6-filter string subscriber-mgmt shared-entry filter-rule range start number
Tree
Range
1 to 2097151
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
pcc-rule
Synopsis
Enter the pcc-rule context
Context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
range
Synopsis
Enable the range context
Context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
end number
Synopsis
Upper bound of range for pcc-rule filter entries from Diameter
Context
configure filter ipv6-filter string subscriber-mgmt shared-entry pcc-rule range end number
Tree
Range
1 to 2097151
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
start number
Synopsis
Lower bound of range for pcc-rule filter entries from Diameter
Context
configure filter ipv6-filter string subscriber-mgmt shared-entry pcc-rule range start number
Tree
Range
1 to 2097151
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
watermark
Synopsis
Enable the watermark context
Context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
high number
Synopsis
Limit of RADIUS shared filters before generating high watermark notification
Context
configure filter ipv6-filter string subscriber-mgmt shared-entry watermark high number
Tree
Range
1 to 8000
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
low number
Synopsis
Limit of RADIUS or Diameter shared filters before clearing high watermark notification
Context
configure filter ipv6-filter string subscriber-mgmt shared-entry watermark low number
Tree
Range
0 to 7999
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
type keyword
Synopsis
Set of match criteria for the filter policy
Context
configure filter ipv6-filter string type keyword
Tree
Default
normal
Options
normal, src-mac, packet-length, destination-class
Introduced
19.5.R1
Platforms
All
[log-id] number
Synopsis
Filter log identifier
Range
101 to 199
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
admin-state keyword
Synopsis
Administrative state of filter logging
Context
configure filter log number admin-state keyword
Tree
Default
enable
Options
enable, disable
Introduced
16.0.R1
Platforms
All
description string
Synopsis
Text description
Context
configure filter log number description string
Tree
String Length
0 to 80
Introduced
16.0.R1
Platforms
All
destination
Synopsis
Enter the destination context
Context
configure filter log number destination
Tree
Introduced
16.0.R1
Platforms
All
memory
Synopsis
Enter the memory context
Context
configure filter log number destination memory
Tree
Notes
This element is the default part of a choice.
The following are part of a choice: memory or syslog.
Introduced
16.0.R1
Platforms
All
max-entries number
Synopsis
Maximum number of memory entries that the log can store
Context
configure filter log number destination memory max-entries number
Tree
Range
1 to 50000
Default
1000
Introduced
16.0.R1
Platforms
All
stop-on-full boolean
Synopsis
Stop logging when maximum number of memory entries is reached or wrap-around is used
Context
configure filter log number destination memory stop-on-full boolean
Tree
Default
false
Introduced
16.0.R1
Platforms
All
syslog
Synopsis
Enter the syslog context
Context
configure filter log number destination syslog
Tree
Notes
The following are part of a choice: memory or syslog.
Introduced
16.0.R1
Platforms
All
name reference
Synopsis
Specifies the syslog Id to be used as destination.
Tree
Introduced
21.2.R1
Platforms
All
summary
Synopsis
Enter the summary context
Tree
Introduced
16.0.R1
Platforms
All
admin-state keyword
Synopsis
Administrative state of the summarization of filter log entries
Context
configure filter log number destination syslog summary admin-state keyword
Tree
Default
disable
Options
enable, disable
Introduced
16.0.R1
Platforms
All
summary-crit keyword
Synopsis
Summary for filter log entries
Context
configure filter log number destination syslog summary summary-crit keyword
Tree
Default
src-addr
Options
src-addr, dst-addr
Introduced
16.0.R1
Platforms
All
mac-filter [filter-name] string
Synopsis
Enter the mac-filter list instance
Context
configure filter mac-filter string
Tree
Introduced
16.0.R1
Platforms
All
[filter-name] string
Synopsis
Filter name
Context
configure filter mac-filter string
String Length
1 to 64
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
default-action keyword
Synopsis
Action for packets that do not match any entry
Context
configure filter mac-filter string default-action keyword
Tree
Default
drop
Options
drop, accept
Introduced
16.0.R1
Platforms
All
description string
Synopsis
Text description
Context
configure filter mac-filter string description string
Tree
String Length
1 to 80
Introduced
16.0.R1
Platforms
All
embed
Synopsis
Enter the embed context
Context
configure filter mac-filter string embed
Tree
Description
Commands in this context embed a previously defined MAC embedded filter policy or Hybrid OpenFlow switch instance into an exclusive, template, or system filter policy at the specified offset value. Rules derived from the BGP FlowSpec can also be embedded into template filter policies only.
For MAC filters, embedding is supported for VSD filters or filter entries only.
Introduced
16.0.R1
Platforms
All
entry [entry-id] number
Synopsis
Enter the entry list instance
Context
configure filter mac-filter string entry number
Tree
Introduced
16.0.R1
Platforms
All
[entry-id] number
Synopsis
ID for a match criteria and the corresponding action
Context
configure filter mac-filter string entry number
Range
1 to 2097151
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
action
Synopsis
Enable the action context
Context
configure filter mac-filter string entry number action
Tree
Introduced
16.0.R1
Platforms
All
accept
Synopsis
Accept regular routing to forward a packet that matches this entry
Tree
Notes
The following are part of a mandatory choice: accept, drop, forward, http-redirect, or ignore-match.
Introduced
16.0.R1
Platforms
All
drop
Synopsis
Drop a packet matching this entry
Tree
Notes
The following are part of a mandatory choice: accept, drop, forward, http-redirect, or ignore-match.
Introduced
16.0.R1
Platforms
All
forward
Synopsis
Enter the forward context
Tree
Notes
The following are part of a mandatory choice: accept, drop, forward, http-redirect, or ignore-match.
Introduced
16.0.R1
Platforms
All
esi-l2
Synopsis
Enable the esi-l2 context
Tree
Notes
The following are part of a choice: esi-l2, sap, or sdp.
Introduced
16.0.R1
Platforms
All
esi-value string
Synopsis
ESI of the first ESI-identified appliance
Tree
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
vpls reference
Synopsis
VPLS service name
Tree
Notes
This element is mandatory.
Introduced
16.0.R3
Platforms
All
sap
Synopsis
Enable the sap context
Tree
Notes
The following are part of a choice: esi-l2, sap, or sdp.
Introduced
16.0.R1
Platforms
All
sap-id reference
Synopsis
VPLS Ethernet SAP ID used to forward matching packets
Tree
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
vpls reference
Synopsis
VPLS associated with the SAP
Tree
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
sdp
Synopsis
Enable the sdp context
Tree
Notes
The following are part of a choice: esi-l2, sap, or sdp.
Introduced
16.0.R1
Platforms
All
sdp-bind-id string
Synopsis
VPLS SDP bind ID used to forward matching packets
Context
configure filter mac-filter string entry number action forward sdp sdp-bind-id string
Tree
String Length
3 to 16
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
vpls reference
Synopsis
VPLS associated with the SDP
Tree
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
http-redirect
Synopsis
Enable the http-redirect context
Context
configure filter mac-filter string entry number action http-redirect
Tree
Notes
The following are part of a mandatory choice: accept, drop, forward, http-redirect, or ignore-match.
Introduced
16.0.R1
Platforms
All
url string
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
URL that is used for redirecting
Context
configure filter mac-filter string entry number action http-redirect url string
Tree
String Length
1 to 255
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
ignore-match
Synopsis
Ignore match criteria for the entry
Context
configure filter mac-filter string entry number action ignore-match
Tree
Notes
The following are part of a mandatory choice: accept, drop, forward, http-redirect, or ignore-match.
Introduced
16.0.R1
Platforms
All
rate-limit
Synopsis
Enable the rate-limit context
Context
configure filter mac-filter string entry number action rate-limit
Tree
Introduced
16.0.R1
Platforms
All
pir (number | keyword)
Synopsis
Peak information rate
Context
configure filter mac-filter string entry number action rate-limit pir (number | keyword)
Tree
Range
0 to 2000000000
Units
kilobps
Options
max
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
secondary
Synopsis
Enable the secondary context
Tree
Introduced
16.0.R1
Platforms
All
forward
Synopsis
Enter the forward context
Tree
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
sap
Synopsis
Enable the sap context
Tree
Notes
The following are part of a choice: sap or sdp.
Introduced
16.0.R1
Platforms
All
sap-id reference
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
A packet matching the entry will be forwarded using the specified SAP
Context
Tree
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
vpls reference
Synopsis
VPLS the sdp-bind-id belongs to
Tree
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
sdp
Synopsis
Enable the sdp context
Tree
Notes
The following are part of a choice: sap or sdp.
Introduced
16.0.R1
Platforms
All
sdp-bind-id string
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
VPLS SDP bind ID used to forward matching packets
Context
configure filter mac-filter string entry number action secondary forward sdp sdp-bind-id string
Tree
String Length
3 to 16
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
vpls reference
Synopsis
VPLS associated with the SDP
Tree
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
description string
Synopsis
Text description
Context
configure filter mac-filter string entry number description string
Tree
String Length
1 to 80
Introduced
16.0.R1
Platforms
All
log reference
Synopsis
Log that is used for packets matching this entry
Context
configure filter mac-filter string entry number log reference
Tree
Introduced
16.0.R1
Platforms
All
match
Synopsis
Enter the match context
Context
configure filter mac-filter string entry number match
Tree
Introduced
16.0.R1
Platforms
All
dot1p
Synopsis
Enable the dot1p context
Tree
Introduced
16.0.R1
Platforms
All
mask number
Synopsis
802.1p mask value used as a MAC filter match criterion
Tree
Range
1 to 7
Default
7
Introduced
16.0.R1
Platforms
All
priority number
Synopsis
IEEE 802.1p value used as a MAC filter match criterion
Tree
Range
0 to 7
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
dst-mac
Synopsis
Enable the dst-mac context
Tree
Introduced
16.0.R1
Platforms
All
address string
Synopsis
MAC address used as the match criterion
Tree
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
mask string
Synopsis
MAC address mask as the match criterion
Tree
Default
ff:ff:ff:ff:ff:ff
Introduced
16.0.R1
Platforms
All
etype string
Synopsis
Ethernet type
Tree
String Length
5 to 6
Introduced
16.0.R1
Platforms
All
frame-type keyword
Synopsis
MAC frame as match criteria
Context
configure filter mac-filter string entry number match frame-type keyword
Tree
Options
802dot3, 802dot2-llc, 802dot2-snap, ethernet-ii
Introduced
16.0.R1
Platforms
All
inner-tag
Synopsis
Enable the inner-tag context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
mask number
Synopsis
Mask to VID of the inner VLAN tag before comparing it with the inner-tag or outer-tag value
Tree
Range
1 to 4095
Default
4095
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
tag number
Synopsis
Matching value against VID of the second or first VLAN tag in the packet carried transparently
Tree
Range
0 to 4095
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
isid
Synopsis
Enter the isid context
Tree
Introduced
16.0.R1
Platforms
All
range
Synopsis
Enable the range context
Tree
Notes
The following are part of a choice: range or value.
Introduced
16.0.R1
Platforms
All
end number
Synopsis
Highest value of 24-bit service instance identifier for the service matching this entry
Tree
Range
0 to 16777215
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
start number
Synopsis
Lowest value of 24-bit service instance identifier for the service matching this entry
Tree
Range
0 to 16777215
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
value number
Synopsis
Lowest value of 24-bit service instance identifier for the service matching this entry
Tree
Range
0 to 16777215
Notes
The following are part of a choice: range or value.
Introduced
16.0.R1
Platforms
All
llc-dsap
Synopsis
Enable the llc-dsap context
Tree
Introduced
16.0.R1
Platforms
All
dsap number
Synopsis
DSAP value
Tree
Range
0 to 255
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
mask number
Synopsis
Destination SAP mask
Tree
Range
1 to 255
Default
255
Introduced
16.0.R1
Platforms
All
llc-ssap
Synopsis
Enable the llc-ssap context
Tree
Introduced
16.0.R1
Platforms
All
mask number
Synopsis
Source SAP mask
Tree
Range
1 to 255
Default
255
Introduced
16.0.R1
Platforms
All
ssap number
Synopsis
Source or destination SAP value
Tree
Range
0 to 255
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
outer-tag
Synopsis
Enable the outer-tag context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
mask number
Synopsis
Mask to VID of the inner VLAN tag before comparing it with the inner-tag or outer-tag value
Tree
Range
1 to 4095
Default
4095
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
tag number
Synopsis
Matching value against VID of the second or first VLAN tag in the packet carried transparently
Tree
Range
0 to 4095
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
snap-oui keyword
Synopsis
Parameter snap-oui as a MAC filter match criteria
Tree
Options
zero, non-zero
Introduced
16.0.R1
Platforms
All
snap-pid number
Synopsis
Parameter snap-pid as a MAC filter match criteria
Tree
Range
0 to 65535
Introduced
16.0.R1
Platforms
All
src-mac
Synopsis
Enable the src-mac context
Tree
Introduced
16.0.R1
Platforms
All
address string
Synopsis
MAC address used as the match criterion
Tree
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
mask string
Synopsis
MAC address mask as the match criterion
Tree
Default
ff:ff:ff:ff:ff:ff
Introduced
16.0.R1
Platforms
All
pbr-down-action-override keyword
Synopsis
Action when PBR or PBF target for this entry is not available
Context
configure filter mac-filter string entry number pbr-down-action-override keyword
Options
drop, forward, filter-default-action
Introduced
16.0.R1
Platforms
All
sticky-dest (number | keyword)
Synopsis
Time before action with available PBR or PBF destination and highest priority
Context
configure filter mac-filter string entry number sticky-dest (number | keyword)
Tree
Range
0 to 65535
Units
seconds
Options
no-hold-time-up
Introduced
16.0.R1
Platforms
All
filter-id number
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
MAC filter ID
Context
configure filter mac-filter string filter-id number
Tree
Range
1 to 65535
Introduced
16.0.R1
Platforms
All
scope keyword
Synopsis
Scope of this filter definition
Context
configure filter mac-filter string scope keyword
Tree
Default
template
Options
exclusive, template, embedded, system
Introduced
16.0.R1
Platforms
All
type keyword
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
MAC filter policy
Context
configure filter mac-filter string type keyword
Tree
Default
normal
Options
normal, isid, vid
Introduced
16.0.R1
Platforms
All
match-list
Synopsis
Enter the match-list context
Context
Tree
Introduced
16.0.R1
Platforms
All
ip-prefix-list [prefix-list-name] string
Synopsis
Enter the ip-prefix-list list instance
Context
configure filter match-list ip-prefix-list string
Tree
Introduced
16.0.R1
Platforms
All
[prefix-list-name] string
Synopsis
Prefix list name that is used for this prefix list
Context
configure filter match-list ip-prefix-list string
String Length
1 to 32
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
apply-path
Synopsis
Enter the apply-path context
Context
Tree
Introduced
16.0.R1
Platforms
All
bgp-peers [criterion-index] number
Synopsis
Enter the bgp-peers list instance
Context
configure filter match-list ip-prefix-list string apply-path bgp-peers number
Tree
Introduced
16.0.R1
Platforms
All
[criterion-index] number
Synopsis
Value of the enumerating BGP peers autogeneration configuration within list
Context
configure filter match-list ip-prefix-list string apply-path bgp-peers number
Range
1 to 255
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
group string
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
Regular expression to match against the base router BGP instance group configuration
Context
configure filter match-list ip-prefix-list string apply-path bgp-peers number group string
Tree
String Length
1 to 255
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
neighbor string
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
Regular expression to match against the base router BGP instance neighbor configuration
Context
configure filter match-list ip-prefix-list string apply-path bgp-peers number neighbor string
Tree
String Length
1 to 255
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
router-instance string
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
Target routing instance
Context
configure filter match-list ip-prefix-list string apply-path bgp-peers number router-instance string
Tree
Default
Base
Introduced
16.0.R1
Platforms
All
description string
Synopsis
Text description
Context
configure filter match-list ip-prefix-list string description string
Tree
String Length
1 to 80
Introduced
16.0.R1
Platforms
All
prefix [ip-prefix] string
Synopsis
Add a list entry for prefix
Context
configure filter match-list ip-prefix-list string prefix string
Tree
Max. Elements
8192
Introduced
16.0.R1
Platforms
All
[ip-prefix] string
Synopsis
IPv4 prefix to be added to the prefix list
Context
configure filter match-list ip-prefix-list string prefix string
Notes
This element is part of a list key.
Introduced
16.0.R3
Platforms
All
prefix-exclude [ip-prefix] string
Synopsis
Add a list entry for prefix-exclude
Context
configure filter match-list ip-prefix-list string prefix-exclude string
Tree
Max. Elements
512
Introduced
16.0.R4
Platforms
All
[ip-prefix] string
Synopsis
IPv4 prefix to be added to the prefix list
Context
configure filter match-list ip-prefix-list string prefix-exclude string
Notes
This element is part of a list key.
Introduced
16.0.R4
Platforms
All
ipv6-prefix-list [prefix-list-name] string
Synopsis
Enter the ipv6-prefix-list list instance
Context
Tree
Introduced
16.0.R1
Platforms
All
[prefix-list-name] string
Synopsis
Prefix list name that is used for this prefix list
Context
String Length
1 to 32
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
apply-path
Synopsis
Enter the apply-path context
Context
Tree
Introduced
16.0.R1
Platforms
All
bgp-peers [criterion-index] number
Synopsis
Enter the bgp-peers list instance
Context
configure filter match-list ipv6-prefix-list string apply-path bgp-peers number
Tree
Introduced
16.0.R1
Platforms
All
[criterion-index] number
Synopsis
Value of the enumerating BGP peers autogeneration configuration within list
Context
configure filter match-list ipv6-prefix-list string apply-path bgp-peers number
Range
1 to 255
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
group string
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
Regular expression to match against the base router BGP instance group configuration
Context
configure filter match-list ipv6-prefix-list string apply-path bgp-peers number group string
Tree
String Length
1 to 255
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
neighbor string
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
Regular expression to match against the base router BGP instance neighbor configuration
Context
configure filter match-list ipv6-prefix-list string apply-path bgp-peers number neighbor string
Tree
String Length
1 to 255
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
router-instance string
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
Target routing instance
Context
configure filter match-list ipv6-prefix-list string apply-path bgp-peers number router-instance string
Tree
Default
Base
Introduced
16.0.R1
Platforms
All
description string
Synopsis
Text description
Context
configure filter match-list ipv6-prefix-list string description string
Tree
String Length
1 to 80
Introduced
16.0.R1
Platforms
All
prefix [ipv6-prefix] string
Synopsis
Add a list entry for prefix
Context
configure filter match-list ipv6-prefix-list string prefix string
Tree
Max. Elements
8192
Introduced
16.0.R1
Platforms
All
[ipv6-prefix] string
Synopsis
Add IPv6 prefix to the list.
Context
configure filter match-list ipv6-prefix-list string prefix string
Notes
This element is part of a list key.
Introduced
16.0.R3
Platforms
All
prefix-exclude [ipv6-prefix] string
Synopsis
Add a list entry for prefix-exclude
Context
configure filter match-list ipv6-prefix-list string prefix-exclude string
Tree
Max. Elements
512
Introduced
16.0.R4
Platforms
All
[ipv6-prefix] string
Synopsis
Add IPv6 prefix to the list.
Context
configure filter match-list ipv6-prefix-list string prefix-exclude string
Notes
This element is part of a list key.
Introduced
16.0.R4
Platforms
All
port-list [port-list-name] string
Synopsis
Enter the port-list list instance
Context
configure filter match-list port-list string
Tree
Max. Elements
1024
Introduced
16.0.R1
Platforms
All
[port-list-name] string
Synopsis
Port list name
Context
configure filter match-list port-list string
String Length
1 to 32
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
description string
Synopsis
Text description
Context
configure filter match-list port-list string description string
Tree
String Length
1 to 80
Introduced
16.0.R1
Platforms
All
port [value] number
Synopsis
Add a list entry for port
Context
configure filter match-list port-list string port number
Tree
Introduced
16.0.R1
Platforms
All
[value] number
Synopsis
Port value
Context
configure filter match-list port-list string port number
Range
0 to 65535
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
range start number end number
Synopsis
Add a list entry for range
Tree
Introduced
16.0.R1
Platforms
All
start number
Synopsis
Highest value for TCP/UDP port range
Range
0 to 65534
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
end number
Synopsis
Highest value for TCP/UDP port range
Range
1 to 65535
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
protocol-list [protocol-list-name] string
Synopsis
Enter the protocol-list list instance
Context
configure filter match-list protocol-list string
Tree
Max. Elements
512
Introduced
20.7.R1
Platforms
All
[protocol-list-name] string
Synopsis
Protocol list name
Context
configure filter match-list protocol-list string
String Length
1 to 32
Notes
This element is part of a list key.
Introduced
20.7.R1
Platforms
All
description string
Synopsis
Text description
Context
configure filter match-list protocol-list string description string
Tree
String Length
1 to 80
Introduced
20.7.R1
Platforms
All
protocol [protocol-id] (number | keyword)
Synopsis
Add a list entry for protocol
Context
configure filter match-list protocol-list string protocol (number | keyword)
Tree
Max. Elements
32
Introduced
20.7.R1
Platforms
All
[protocol-id] (number | keyword)
Synopsis
IP protocol identifier
Context
configure filter match-list protocol-list string protocol (number | keyword)
Range
0 to 255
Options
icmp, igmp, ip, tcp, egp, igp, udp, rdp, ipv6, ipv6-route, ipv6-frag, idrp, rsvp, gre, ipv6-icmp, ipv6-no-nxt, ipv6-opts, iso-ip, eigrp, ospf-igp, ether-ip, encap, pnni, pim, vrrp, l2tp, stp, ptp, isis, crtp, crudp, sctp
Notes
This element is part of a list key.
Introduced
20.7.R1
Platforms
All
md-auto-id
Synopsis
Enter the md-auto-id context
Context
Tree
Introduced
16.0.R1
Platforms
All
filter-id-range
Synopsis
Enable the filter-id-range context
Context
Tree
Introduced
16.0.R1
Platforms
All
end number
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
Upper value of the ID range, must be greater than or equal to start value
Context
configure filter md-auto-id filter-id-range end number
Tree
Range
1 to 65535
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
start number
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
Lower value of the ID range, must be less than or equal to end value
Context
Tree
Range
1 to 65535
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
redirect-policy [redirect-policy-name] string
Synopsis
Enter the redirect-policy list instance
Context
configure filter redirect-policy string
Tree
Introduced
16.0.R1
Platforms
All
[redirect-policy-name] string
Synopsis
Redirect policy name
Context
configure filter redirect-policy string
String Length
1 to 32
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
admin-state keyword
Synopsis
Administrative state of the policy
Context
configure filter redirect-policy string admin-state keyword
Tree
Default
disable
Options
enable, disable
Introduced
16.0.R1
Platforms
All
description string
Synopsis
Text description
Context
configure filter redirect-policy string description string
Tree
String Length
1 to 80
Introduced
16.0.R1
Platforms
All
destination [destination-address] (ipv4-address-no-zone | ipv6-address-no-zone)
Synopsis
Enter the destination list instance
Context
configure filter redirect-policy string destination (ipv4-address-no-zone | ipv6-address-no-zone)
Tree
Introduced
16.0.R1
Platforms
All
[destination-address] (ipv4-address-no-zone | ipv6-address-no-zone)
Synopsis
IP address and type of destination
Context
configure filter redirect-policy string destination (ipv4-address-no-zone | ipv6-address-no-zone)
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
admin-state keyword
Synopsis
Administrative state of the destination
Context
configure filter redirect-policy string destination (ipv4-address-no-zone | ipv6-address-no-zone) admin-state keyword
Tree
Default
disable
Options
enable, disable
Introduced
16.0.R1
Platforms
All
description string
Synopsis
Text description
Context
configure filter redirect-policy string destination (ipv4-address-no-zone | ipv6-address-no-zone) description string
Tree
String Length
1 to 80
Introduced
16.0.R1
Platforms
All
ping-test
Synopsis
Enable the ping-test context
Context
configure filter redirect-policy string destination (ipv4-address-no-zone | ipv6-address-no-zone) ping-test
Tree
Introduced
16.0.R1
Platforms
All
drop-count number
Synopsis
Number of consecutive requests that fail before destination is declared unreachable
Context
configure filter redirect-policy string destination (ipv4-address-no-zone | ipv6-address-no-zone) ping-test drop-count number
Tree
Range
1 to 60
Default
3
Introduced
16.0.R1
Platforms
All
hold-down number
Synopsis
Time for the system to be held down if this test has marked it unreachable
Context
configure filter redirect-policy string destination (ipv4-address-no-zone | ipv6-address-no-zone) ping-test hold-down number
Tree
Range
0 to 86400
Default
0
Units
seconds
Introduced
16.0.R1
Platforms
All
interval number
Synopsis
Time between consecutive requests which are sent to the far end host
Context
configure filter redirect-policy string destination (ipv4-address-no-zone | ipv6-address-no-zone) ping-test interval number
Tree
Range
1 to 60
Default
1
Units
seconds
Introduced
16.0.R1
Platforms
All
source-address (ipv4-address-no-zone | ipv6-address-no-zone)
Synopsis
Source address to use in the IP packet of the ping test
Context
configure filter redirect-policy string destination (ipv4-address-no-zone | ipv6-address-no-zone) ping-test source-address (ipv4-address-no-zone | ipv6-address-no-zone)
Tree
Introduced
16.0.R4
Platforms
All
timeout number
Synopsis
Time required to receive a response from the far end host
Context
configure filter redirect-policy string destination (ipv4-address-no-zone | ipv6-address-no-zone) ping-test timeout number
Tree
Range
1 to 60
Default
1
Units
seconds
Introduced
16.0.R1
Platforms
All
priority number
Synopsis
Priority for this destination
Context
configure filter redirect-policy string destination (ipv4-address-no-zone | ipv6-address-no-zone) priority number
Tree
Range
1 to 255
Default
100
Introduced
16.0.R1
Platforms
All
unicast-rt-test
Synopsis
Enable the unicast-rt-test context
Context
configure filter redirect-policy string destination (ipv4-address-no-zone | ipv6-address-no-zone) unicast-rt-test
Tree
Introduced
16.0.R1
Platforms
All
notify-dest-change boolean
Synopsis
The value of the object indicates whether to send tFilterRPActiveDestChangeEvent notification for this redirect policy active destination changes.
Context
configure filter redirect-policy string notify-dest-change boolean
Tree
Default
false
Introduced
16.0.R4
Platforms
All
router-instance string
Synopsis
Routing context to use for route lookup
Context
configure filter redirect-policy string router-instance string
Tree
Introduced
16.0.R1
Platforms
All
sticky-dest (number | keyword)
Synopsis
Time required by system before applying the current best destination as active destination
Context
configure filter redirect-policy string sticky-dest (number | keyword)
Tree
Range
0 to 65535
Units
seconds
Options
no-hold-time-up
Introduced
16.0.R1
Platforms
All
redirect-policy-binding [binding-name] string
Synopsis
Enter the redirect-policy-binding list instance
Context
Max. Elements
16
Introduced
16.0.R4
Platforms
All
[binding-name] string
Synopsis
Binding name
Context
String Length
1 to 32
Notes
This element is part of a list key.
Introduced
16.0.R4
Platforms
All
binding-operator keyword
Synopsis
The value of the this object indicates the logical operator to use when combining result of different destinations' tests.
Context
configure filter redirect-policy-binding string binding-operator keyword
Tree
Default
and
Options
and, or
Introduced
16.0.R4
Platforms
All
redirect-policy [redirect-policy-name] reference
Synopsis
Enter the redirect-policy list instance
Context
configure filter redirect-policy-binding string redirect-policy reference
Tree
Introduced
16.0.R4
Platforms
All
[redirect-policy-name] reference
Synopsis
The redirect-policy identifier.
Context
configure filter redirect-policy-binding string redirect-policy reference
Reference
configure filter redirect-policy string
Notes
This element is part of a list key.
Introduced
16.0.R4
Platforms
All
destination [destination-address] reference
Synopsis
Add a list entry for destination
Context
configure filter redirect-policy-binding string redirect-policy reference destination reference
Tree
Min. Elements
1
Introduced
16.0.R4
Platforms
All
[destination-address] reference
Synopsis
IP address of redirect policy destination to binding
Context
configure filter redirect-policy-binding string redirect-policy reference destination reference
Reference
configure filter redirect-policy string destination (ipv4-address-no-zone | ipv6-address-no-zone)
Notes
This element is part of a list key.
Introduced
16.0.R4
Platforms
All
system-filter
Synopsis
Enter the system-filter context
Context
Tree
Introduced
16.0.R1
Platforms
All
ip [ip-filter] reference
Synopsis
Add a list entry for ip
Context
configure filter system-filter ip reference
Tree
Max. Elements
1
Introduced
16.0.R1
Platforms
All
[ip-filter] reference
Synopsis
The name of the IPv4 filter policy to be selected as the active system filter policy
Context
configure filter system-filter ip reference
Notes
This element is part of a list key.
Introduced
16.0.R3
Platforms
All
ipv6 [ipv6-filter] reference
Synopsis
Add a list entry for ipv6
Context
configure filter system-filter ipv6 reference
Tree
Max. Elements
1
Introduced
16.0.R1
Platforms
All
[ipv6-filter] reference
Synopsis
The name of the IPv6 filter policy to be selected as the active system filter policy
Context
configure filter system-filter ipv6 reference
Reference
configure filter ipv6-filter string
Notes
This element is part of a list key.
Introduced
16.0.R3
Platforms
All