50. system Commands
50.1. system Command Descriptions
system
Synopsis
Enter the system context
Tree
Description
Commands in this context enable debugging of general system level functions and router management protocols.
Introduced
16.0.R1
Platforms
All
alarm-contact-in-power boolean
Synopsis
Power the output pin on the CPM alarm interface port
Context
configure system alarm-contact-in-power boolean
Default
false
Introduced
16.0.R1
Platforms
7750 SR-a
alarm-contact-input [input-pin-number] number
Synopsis
Enter the alarm-contact-input list instance
Context
configure system alarm-contact-input number
Tree
Introduced
16.0.R1
Platforms
7750 SR-a
[input-pin-number] number
Synopsis
Alarm contact input pin
Context
configure system alarm-contact-input number
Range
1 to 4
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
7750 SR-a
admin-state keyword
Synopsis
Administrative state of the alarm contact input
Context
configure system alarm-contact-input number admin-state keyword
Tree
Default
disable
Options
enable, disable
Introduced
16.0.R1
Platforms
7750 SR-a
clear-message string
Synopsis
Text message sent in the log event when an alarm clears
Context
configure system alarm-contact-input number clear-message string
Tree
String Length
1 to 80
Default
Alarm Input Cleared
Introduced
16.0.R1
Platforms
7750 SR-a
description string
Synopsis
Text description
Context
configure system alarm-contact-input number description string
Tree
String Length
1 to 160
Introduced
16.0.R1
Platforms
7750 SR-a
normal-state keyword
Synopsis
Normal state associated with the alarm contact input
Context
configure system alarm-contact-input number normal-state keyword
Tree
Default
open
Options
open, closed
Introduced
16.0.R1
Platforms
7750 SR-a
trigger-message string
Synopsis
Text message sent in the log event when input changes
Context
configure system alarm-contact-input number trigger-message string
Tree
String Length
1 to 80
Default
Alarm Input Triggered
Introduced
16.0.R1
Platforms
7750 SR-a
alarms
Synopsis
Enter the alarms context
Tree
Introduced
16.0.R4
Platforms
All
admin-state keyword
Synopsis
Administrative state of the system alarm
Context
configure system alarms admin-state keyword
Tree
Default
enable
Options
enable, disable
Introduced
16.0.R4
Platforms
All
max-cleared number
Synopsis
Maximum number of cleared alarms
Context
configure system alarms max-cleared number
Tree
Range
0 to 500
Default
500
Introduced
16.0.R4
Platforms
All
allow-boot-license-violations boolean
Synopsis
Allow boot license violations in boot-up configuration
Context
Default
true
Introduced
16.0.R4
Platforms
All
bluetooth
Synopsis
Enter the bluetooth context
Tree
Introduced
16.0.R1
Platforms
7750 SR-1, 7750 SR-s
admin-state keyword
Synopsis
Specifies the desired administrative state of the bluetooth module.
Context
configure system bluetooth admin-state keyword
Tree
Default
disable
Options
enable, disable
Introduced
20.2.R1
Platforms
7750 SR-1, 7750 SR-s
advertising-timeout number
Synopsis
Bluetooth advertising timeout
Context
Tree
Range
30 to 3600
Units
seconds
Introduced
16.0.R1
Platforms
7750 SR-1, 7750 SR-s
device [mac-address] string
Synopsis
Enter the device list instance
Tree
Max. Elements
5
Introduced
16.0.R1
Platforms
7750 SR-1, 7750 SR-s
[mac-address] string
Synopsis
Bluetooth client device MAC address
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
7750 SR-1, 7750 SR-s
description string
Synopsis
Text description
Context
configure system bluetooth device string description string
Tree
String Length
1 to 80
Introduced
16.0.R1
Platforms
7750 SR-1, 7750 SR-s
module [cpm-slot] string
Synopsis
Enter the module list instance
Tree
Introduced
16.0.R1
Platforms
7750 SR-1, 7750 SR-s
[cpm-slot] string
Synopsis
CPM slot on which the module resides
String Length
1
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
7750 SR-1, 7750 SR-s
provisioned-identifier string
Synopsis
Bluetooth module ID
Context
configure system bluetooth module string provisioned-identifier string
String Length
1 to 32
Introduced
16.0.R1
Platforms
7750 SR-1, 7750 SR-s
pairing-button boolean
Synopsis
Enable the pairing button
Context
configure system bluetooth pairing-button boolean
Tree
Default
false
Introduced
16.0.R1
Platforms
7750 SR-1, 7750 SR-s
passkey string
Synopsis
Bluetooth passkey
Tree
String Length
6
Default
123456
Introduced
16.0.R1
Platforms
7750 SR-1, 7750 SR-s
power-mode keyword
Synopsis
Bluetooth module(s) power mode.
Context
configure system bluetooth power-mode keyword
Tree
Default
automatic
Options
manual, automatic
Introduced
20.2.R1
Platforms
7750 SR-1, 7750 SR-s
boot-bad-exec string
Synopsis
CLI script file to execute following a failed boot-up
Context
configure system boot-bad-exec string
Tree
String Length
1 to 180
Introduced
16.0.R1
Platforms
All
boot-good-exec string
Synopsis
CLI script file to execute following successful boot-up
Context
configure system boot-good-exec string
Tree
String Length
1 to 180
Introduced
16.0.R1
Platforms
All
central-frequency-clock
Synopsis
Enter the central-frequency-clock context
Context
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
bits
Synopsis
Enter the bits context
Context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
input
Synopsis
Enter the input context
Context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
admin-state keyword
Synopsis
Administrative state of BITS input timing reference
Context
Tree
Default
disable
Options
enable, disable
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
interface-type keyword
Synopsis
Interface type of the BITS timing reference
Context
Tree
Default
ds1-esf
Options
ds1-esf, ds1-sf, e1-pcm30crc, e1-pcm31crc, g703-2048khz
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
output
Synopsis
Enter the output context
Context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
admin-state keyword
Synopsis
Administrative state of BITS output timing reference
Context
Tree
Options
enable, disable
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
line-length keyword
Synopsis
Line length for the BITS output timing reference
Context
Tree
Options
length-not-applicable, 110, 220, 330, 440, 550, 660
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
ql-minimum keyword
Synopsis
Minimum signal quality level for BITSout port
Context
Tree
Default
unused
Options
unused, prs, stu, st2, tnc, st3e, st3, prc, ssua, ssub, sec, eec1, eec2
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
source keyword
Synopsis
Source of the BITS output timing reference
Tree
Default
line-ref
Options
line-ref, internal-clock
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
squelch boolean
Synopsis
Squelch the signal of the BITS output timing reference
Tree
Default
false
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
ql-override keyword
Synopsis
Override for the quality level of the timing reference
Context
Tree
Default
unused
Options
unused, prs, stu, st2, tnc, st3e, st3, prc, ssua, ssub, sec
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
ssm-bit number
Synopsis
Sa bit to convey SSM information
Context
Tree
Range
4 to 8
Default
8
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
ptp
Synopsis
Enter the ptp context
Context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS-20, 7950 XRS-20e, 7950 XRS-40
admin-state keyword
Synopsis
Administrative state of the PTP timing reference
Context
Tree
Default
disable
Options
enable, disable
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS-20, 7950 XRS-20e, 7950 XRS-40
ql-minimum keyword
Synopsis
Minimum signal quality level for system timing module
Context
Tree
Default
unused
Options
unused, prs, stu, st2, tnc, st3e, st3, prc, ssua, ssub, sec, eec1, eec2
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
ql-selection boolean
Synopsis
Consider quality level in system and BITS output timing
Context
Tree
Default
false
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
ref-order
Synopsis
Enter the ref-order context
Tree
Description
Commands in this context specify the priority order of the synchronous equipment timing subsystem.
If a reference source is disabled, this command defines the next reference source for the clock. If all reference sources are disabled, clocking is derived from a local oscillator.
If a timing reference is linked to a source port that is operationally down, the port is no longer a qualified, valid reference.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
fifth keyword
Synopsis
The fifth most preferred timing reference source for the synchronous equipment timing subsystem.
Context
Tree
Options
ref1, ref2, bits, ptp, none, synce, gnss
Introduced
19.10.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-s, 7950 XRS-20, 7950 XRS-20e, 7950 XRS-40
first keyword
Synopsis
First preferred timing reference source
Context
Tree
Options
ref1, ref2, bits, ptp, none, synce, gnss
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
fourth keyword
Synopsis
Fourth preferred timing reference source
Context
Tree
Options
ref1, ref2, bits, ptp, none, synce, gnss
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
second keyword
Synopsis
Second preferred timing reference source
Context
Tree
Options
ref1, ref2, bits, ptp, none, synce, gnss
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
third keyword
Synopsis
Third preferred timing reference source
Context
Tree
Options
ref1, ref2, bits, ptp, none, synce, gnss
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
ref1
Synopsis
Enter the ref1 context
Context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
admin-state keyword
Synopsis
Administrative state of the first timing reference
Context
Tree
Default
disable
Options
enable, disable
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
ql-override keyword
Synopsis
Quality level override of a timing reference
Context
Tree
Default
unused
Options
unused, prs, stu, st2, tnc, st3e, st3, prc, ssua, ssub, sec, eec1, eec2
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
source-port string
Synopsis
Source port for the first timing reference
Context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
ref2
Synopsis
Enter the ref2 context
Context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
admin-state keyword
Synopsis
Administrative state of the second timing reference
Context
Tree
Default
disable
Options
enable, disable
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
ql-override keyword
Synopsis
Quality level override of a timing reference
Context
Tree
Default
unused
Options
unused, prs, stu, st2, tnc, st3e, st3, prc, ssua, ssub, sec, eec1, eec2
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
source-port string
Synopsis
Source port for the second timing reference
Context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
revert boolean
Synopsis
Revert to higher-priority reference source
Context
configure system central-frequency-clock revert boolean
Tree
Default
false
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
synce
Synopsis
Enter the synce context
Context
Tree
Introduced
19.10.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-s, 7950 XRS-20, 7950 XRS-20e, 7950 XRS-40
admin-state keyword
Synopsis
Administrative state of the SyncE timing reference
Context
Tree
Default
disable
Options
enable, disable
Introduced
19.10.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-s, 7950 XRS-20, 7950 XRS-20e, 7950 XRS-40
ql-override keyword
Synopsis
Override the quality level of a timing reference
Context
Tree
Default
unused
Options
unused, prs, stu, st2, tnc, st3e, st3, prc, ssua, ssub, sec, eec1, eec2
Introduced
19.10.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-s, 7950 XRS-20, 7950 XRS-20e, 7950 XRS-40
wait-to-restore number
Synopsis
Time to re-validate a previously failed input reference
Context
Tree
Range
1 to 12
Units
minutes
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
clli-code string
Synopsis
CLLI code value for the system
Tree
String Length
11
Introduced
16.0.R1
Platforms
All
congestion-management boolean
Synopsis
Enable Virtual Service Router congestion management
Context
configure system congestion-management boolean
Default
false
Introduced
16.0.R1
Platforms
VSR
contact string
Synopsis
Contact information for the managed node
Tree
String Length
1 to 80
Introduced
16.0.R1
Platforms
All
coordinates string
Synopsis
GPS coordinates for the system location
Context
configure system coordinates string
Tree
String Length
1 to 80
Introduced
16.0.R1
Platforms
All
cpm-http-redirect
Synopsis
Enter the cpm-http-redirect context
Context
Tree
Introduced
16.0.R4
Platforms
All
optimized-mode boolean
Synopsis
Enable optimized mode for CPM HTTP redirect messages
Context
Tree
Default
true
Introduced
16.0.R4
Platforms
All
cron
Synopsis
Enter the cron context
Tree
Introduced
16.0.R1
Platforms
All
schedule [schedule-name] string owner string
Synopsis
Enter the schedule list instance
Tree
Max. Elements
255
Introduced
16.0.R1
Platforms
All
[schedule-name] string
Synopsis
Schedule name
String Length
1 to 32
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
owner string
Synopsis
Schedule owner
String Length
1 to 32
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
admin-state keyword
Synopsis
Administrative state of the cron schedule
Tree
Default
disable
Options
enable, disable
Introduced
16.0.R1
Platforms
All
count number
Synopsis
Number of times to repeat a periodic schedule run
Tree
Range
1 to 65535
Introduced
16.0.R1
Platforms
All
day-of-month number
Synopsis
Days in a month when a schedule runs
Tree
Range
-31 to -1 | 1 to 31
Max. Elements
62
Introduced
16.0.R1
Platforms
All
description string
Synopsis
Text description
Tree
String Length
1 to 80
Introduced
16.0.R1
Platforms
All
end-time
Synopsis
Enter the end-time context
Tree
Introduced
16.0.R1
Platforms
All
date-and-time string
Synopsis
Date and time to stop triggering the schedule
Tree
Notes
The following are part of a choice: date-and-time or (day and time).
Introduced
16.0.R1
Platforms
All
day keyword
Synopsis
Day to stop triggering this schedule
Tree
Options
sunday, monday, tuesday, wednesday, thursday, friday, saturday
Notes
The following are part of a choice: date-and-time or (day and time).
Introduced
16.0.R1
Platforms
All
time string
Synopsis
Time to stop triggering the schedule
Tree
String Length
5
Notes
The following are part of a choice: date-and-time or (day and time).
Introduced
16.0.R1
Platforms
All
hour number
Synopsis
Hours within a day when the schedule runs
Tree
Range
0 to 23
Max. Elements
24
Introduced
16.0.R1
Platforms
All
interval number
Synopsis
Time between each periodic schedule run
Tree
Range
30 to 42949672
Units
seconds
Introduced
16.0.R1
Platforms
All
minute number
Synopsis
Minutes in an hour when the schedule runs
Tree
Range
0 to 59
Max. Elements
60
Introduced
16.0.R1
Platforms
All
month (keyword | number)
Synopsis
Months when the schedule runs
Tree
Range
1 to 12
Options
january, february, march, april, may, june, july, august, september, october, november, december
Max. Elements
12
Introduced
16.0.R1
Platforms
All
script-policy
Synopsis
Enter the script-policy context
Tree
Introduced
16.0.R1
Platforms
All
name string
Synopsis
Script policy name
Tree
String Length
1 to 32
Introduced
16.0.R1
Platforms
All
owner string
Synopsis
Script policy owner
Tree
String Length
1 to 32
Introduced
16.0.R1
Platforms
All
type keyword
Synopsis
Schedule type
Tree
Default
periodic
Options
periodic, calendar, oneshot
Introduced
16.0.R1
Platforms
All
weekday (keyword | number)
Synopsis
Weekdays when the schedule runs
Tree
Range
1 to 7
Options
sunday, monday, tuesday, wednesday, thursday, friday, saturday
Max. Elements
7
Introduced
16.0.R1
Platforms
All
dhcp6
Synopsis
Enter the dhcp6 context
Tree
Introduced
16.0.R4
Platforms
All
adv-noaddrs-global keyword
Synopsis
Applications to send NoAddrsAvail in Advertise messages
Context
configure system dhcp6 adv-noaddrs-global keyword
Tree
Options
esm-relay, server
Max. Elements
2
Introduced
16.0.R4
Platforms
All
dns
Synopsis
Enter the dns context
Tree
Introduced
16.0.R1
Platforms
All
address-pref keyword
Synopsis
Preference in DNS address resolving order
Context
configure system dns address-pref keyword
Tree
Options
ipv4-only, ipv6-first
Introduced
16.0.R1
Platforms
All
dnssec
Synopsis
Enter the dnssec context
Tree
Introduced
16.0.R1
Platforms
All
ad-validation keyword
Synopsis
Validation of AD-bit presence in DNS server responses
Context
configure system dns dnssec ad-validation keyword
Tree
Options
fall-through, drop
Introduced
16.0.R1
Platforms
All
efm-oam
Synopsis
Enter the efm-oam context
Tree
Introduced
16.0.R1
Platforms
All
dying-gasp-tx-on-reset boolean
Synopsis
Generate Information OAM PDU on soft reset notification
Context
configure system efm-oam dying-gasp-tx-on-reset boolean
Default
false
Introduced
16.0.R1
Platforms
All
grace-tx boolean
Synopsis
Send Grace TLVs for soft reset graceful recovery events
Tree
Default
false
Introduced
16.0.R1
Platforms
All
eth-cfm
Synopsis
Enter the eth-cfm context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
grace boolean
Synopsis
Allow system level capability of grace messaging
Tree
Default
true
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
md-auto-id
Synopsis
Enter the md-auto-id context
Context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
ma-index-range
Synopsis
Enable the ma-index-range context
Context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
end number
 | Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
Upper bound of the range
Context
Tree
Range
1 to max
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
start number
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
Lower bound of the range
Context
Tree
Range
1 to max
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
md-index-range
Synopsis
Enable the md-index-range context
Context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
end number
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
Upper bound of the range
Context
Tree
Range
1 to max
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
start number
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
Lower bound of the range
Context
Tree
Range
1 to max
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
redundancy
Synopsis
Enter the redundancy context
Context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
mc-lag
Synopsis
Enter the mc-lag context
Context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
propagate-hold-time (number | keyword)
Synopsis
Delay timer value for the fault propagation
Context
configure system eth-cfm redundancy mc-lag propagate-hold-time (number | keyword)
Tree
Range
1 to 60
Default
1
Units
seconds
Options
none
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
standby-mep boolean
Synopsis
Allow standby MC-LAG MEPs to act administratively down
Context
configure system eth-cfm redundancy mc-lag standby-mep boolean
Tree
Default
false
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
sender-id
Synopsis
Enter the sender-id context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
local-name string
Synopsis
Local name used in CFM PDUs
Context
configure system eth-cfm sender-id local-name string
Tree
String Length
1 to 45
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
type keyword
Synopsis
ETH-CFM sender ID to be used in CFM PDUs
Tree
Default
system
Options
system, local
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
slm
Synopsis
Enter the slm context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
inactivity-timer number
Synopsis
SLR inactivity timer to maintain the stale test data
Context
configure system eth-cfm slm inactivity-timer number
Tree
Range
10 to 100
Default
100
Units
seconds
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
grpc
Synopsis
Enter the grpc context
Tree
Introduced
16.0.R1
Platforms
All
admin-state keyword
Synopsis
Administrative state of gRPC server
Context
configure system grpc admin-state keyword
Tree
Default
disable
Options
enable, disable
Introduced
16.0.R1
Platforms
All
allow-unsecure-connection
Synopsis
Allow connection without secured transport protocol
Context
Description
When configured, this command allows an unsecured connection to remote managers; TCP connections are not encrypted, including username and password information.
Notes
The following are part of a choice: allow-unsecure-connection or tls-server-profile.
Introduced
16.0.R1
Platforms
All
gnmi
Synopsis
Enter the gnmi context
Tree
Introduced
16.0.R1
Platforms
All
admin-state keyword
Synopsis
Administrative state of gNMI service
Context
configure system grpc gnmi admin-state keyword
Tree
Default
enable
Options
enable, disable
Introduced
16.0.R1
Platforms
All
auto-config-save boolean
Synopsis
Automatically save configuration as part of operation
Context
configure system grpc gnmi auto-config-save boolean
Tree
Default
false
Introduced
16.0.R1
Platforms
All
gnoi
Synopsis
Enter the gnoi context
Tree
Introduced
19.10.R1
Platforms
All
cert-mgmt
Synopsis
Enter the cert-mgmt context
Tree
Introduced
19.10.R1
Platforms
All
admin-state keyword
Synopsis
Administrative state of gNOI CertificateManagement service.
Tree
Default
disable
Options
enable, disable
Introduced
19.10.R1
Platforms
All
file
Synopsis
Enter the file context
Tree
Introduced
21.2.R1
Platforms
All
admin-state keyword
Synopsis
Administrative state of gNOI File service.
Tree
Default
disable
Options
enable, disable
Introduced
21.2.R1
Platforms
All
system
Synopsis
Enter the system context
Tree
Introduced
20.5.R1
Platforms
All
admin-state keyword
Synopsis
Administrative state of gNOI System service.
Tree
Default
disable
Options
enable, disable
Introduced
20.5.R1
Platforms
All
max-msg-size number
Synopsis
Maximum size of received message
Context
configure system grpc max-msg-size number
Tree
Range
1 to 1024
Default
512
Units
megabytes
Introduced
16.0.R1
Platforms
All
md-cli
Synopsis
Enter the md-cli context
Tree
Introduced
20.5.R1
Platforms
All
admin-state keyword
Synopsis
Administrative state of the MD-CLI service
Context
configure system grpc md-cli admin-state keyword
Tree
Default
disable
Options
enable, disable
Introduced
20.5.R1
Platforms
All
rib-api
Synopsis
Enter the rib-api context
Tree
Introduced
16.0.R4
Platforms
All
admin-state keyword
Synopsis
Administrative state of RibAPI service
Context
configure system grpc rib-api admin-state keyword
Tree
Default
disable
Options
enable, disable
Introduced
16.0.R4
Platforms
All
purge-timeout number
Synopsis
Number of seconds until stale entries are purged
Context
configure system grpc rib-api purge-timeout number
Tree
Range
1 to 100000
Units
seconds
Introduced
16.0.R4
Platforms
All
tcp-keepalive
Synopsis
Enter the tcp-keepalive context
Context
Tree
Introduced
16.0.R4
Platforms
All
admin-state keyword
Synopsis
Administrative state of the TCP keepalive algorithm
Context
configure system grpc tcp-keepalive admin-state keyword
Tree
Default
disable
Options
enable, disable
Introduced
16.0.R4
Platforms
All
idle-time number
Synopsis
Time until the first TCP keepalive probe is sent
Context
configure system grpc tcp-keepalive idle-time number
Tree
Range
1 to 100000
Default
600
Units
seconds
Introduced
16.0.R4
Platforms
All
interval number
Synopsis
Interval between TCP keep-alive probes
Context
configure system grpc tcp-keepalive interval number
Tree
Range
1 to 100000
Default
15
Units
seconds
Introduced
16.0.R4
Platforms
All
retries number
Synopsis
Missed keepalives before the TCP connection is closed
Context
configure system grpc tcp-keepalive retries number
Tree
Range
3 to 100
Default
4
Introduced
16.0.R4
Platforms
All
tls-server-profile reference
Synopsis
Preferred TLS server profile
Context
configure system grpc tls-server-profile reference
Tree
Reference
configure system security tls server-tls-profile string
Notes
The following are part of a choice: allow-unsecure-connection or tls-server-profile.
Introduced
16.0.R1
Platforms
All
icmp-vse boolean
Synopsis
Enable vendor-specific extensions to ICMP
Tree
Default
false
Introduced
16.0.R1
Platforms
All
allow-qinq-network-interface boolean
Synopsis
Allow QinQ encapsulation for network interfaces
Context
Default
false
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
enforce-unique-if-index boolean
Synopsis
Create IP interface indexes that are globally unique
Context
configure system ip enforce-unique-if-index boolean
Default
false
Introduced
16.0.R1
Platforms
All
forward-6in4 boolean
Synopsis
Allows the 6in4 forwarding of traffic sent to the system IP address.
Context
configure system ip forward-6in4 boolean
Tree
Default
false
Introduced
19.10.R1
Platforms
All
forward-ip-over-gre boolean
Synopsis
Allows the forwarding of IP traffic encapsulated in GRE transport sent to the system IP address.
Context
configure system ip forward-ip-over-gre boolean
Tree
Default
false
Introduced
19.10.R1
Platforms
All
ipv6-eh keyword
Synopsis
Limit the number of IPv6 extension headers processed ingress/egress.
Tree
Default
max
Options
max, limited
Introduced
20.5.R1
Platforms
All
mpls
Synopsis
Enter the mpls context
Tree
Introduced
19.10.R3
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
label-stack-statistics-count number
Synopsis
Specifies the MPLS label stack statistics count.
Context
Range
1 to 2
Default
1
Introduced
19.10.R3
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
l2tp
Synopsis
Enter the l2tp context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
non-multi-chassis-tunnel-id-range
Synopsis
Enter the non-multi-chassis-tunnel-id-range context
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
end number
Synopsis
Upper bound of the range
Context
Tree
Range
0 to 16383
Default
16383
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
start number
Synopsis
Lower bound of the range
Context
Tree
Range
0 to 16383
Default
1
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
lacp
Synopsis
Enter the lacp context
Tree
Introduced
16.0.R1
Platforms
All
system-priority number
Synopsis
LACP system priority on aggregated Ethernet interfaces
Context
configure system lacp system-priority number
Tree
Range
1 to 65535
Default
32768
Introduced
16.0.R1
Platforms
All
lldp
Synopsis
Enter the lldp context
Tree
Introduced
16.0.R1
Platforms
All
admin-state keyword
Synopsis
Administrative state of LLDP
Context
configure system lldp admin-state keyword
Tree
Default
enable
Options
enable, disable
Introduced
16.0.R1
Platforms
All
message-fast-tx number
Synopsis
Interval at which LLDP frames are transmitted
Context
configure system lldp message-fast-tx number
Tree
Range
1 to 3600
Default
1
Units
seconds
Introduced
16.0.R1
Platforms
All
message-fast-tx-init number
Synopsis
PDUs to transmit during the fast transmission period
Context
configure system lldp message-fast-tx-init number
Tree
Range
1 to 8
Default
4
Introduced
16.0.R1
Platforms
All
notification-interval number
Synopsis
Minimum interval between change notifications
Context
configure system lldp notification-interval number
Range
5 to 3600
Default
5
Units
seconds
Introduced
16.0.R1
Platforms
All
reinit-delay number
Synopsis
Time required before re-initializing LLDP on a port
Context
configure system lldp reinit-delay number
Tree
Range
1 to 10
Default
2
Units
seconds
Introduced
16.0.R1
Platforms
All
tx-credit-max number
Synopsis
Maximum consecutive LLDPDUs that can be transmitted
Context
configure system lldp tx-credit-max number
Tree
Range
1 to 100
Default
5
Introduced
16.0.R1
Platforms
All
tx-hold-multiplier number
Synopsis
Transmit interval multiplier
Context
configure system lldp tx-hold-multiplier number
Tree
Range
2 to 10
Default
4
Introduced
16.0.R1
Platforms
All
tx-interval number
Synopsis
LLDP transmit interval
Context
configure system lldp tx-interval number
Tree
Range
5 to 32768
Default
30
Units
seconds
Introduced
16.0.R1
Platforms
All
load-balancing
Synopsis
Enter the load-balancing context
Context
Tree
Introduced
16.0.R1
Platforms
All
l2tp-load-balancing boolean
Synopsis
Include L2TP header information for load balancing
Context
Tree
Default
false
Introduced
16.0.R4
Platforms
All
l4-load-balancing boolean
Synopsis
Use load balancing based on Layer 4 fields
Context
Tree
Introduced
16.0.R1
Platforms
All
lsr-load-balancing keyword
Synopsis
Hashing algorithm for system-wide LSR load balancing
Context
Tree
Options
lbl-only, lbl-ip, ip-only, eth-encap-ip, lbl-ip-l4-teid
Introduced
16.0.R1
Platforms
All
mc-enh-load-balancing boolean
Synopsis
Enable enhanced egress multicast load balancing
Context
Default
false
Introduced
16.0.R1
Platforms
All
service-id-lag-hashing boolean
Synopsis
Enable enhanced VLL LAG service ID hashing
Context
Default
false
Introduced
16.0.R1
Platforms
All
system-ip-load-balancing boolean
Synopsis
Use system IP address for ECMP and LAG load balancing
Context
Introduced
16.0.R1
Platforms
All
location string
Synopsis
Site location of the system
Tree
String Length
1 to 80
Introduced
16.0.R1
Platforms
All
login-control
Synopsis
Enter the login-control context
Context
Tree
Introduced
16.0.R1
Platforms
All
exponential-backoff boolean
Synopsis
Enable exponential-backoff of the login prompt
Context
Tree
Default
false
Introduced
16.0.R1
Platforms
All
ftp
Synopsis
Enter the ftp context
Context
Tree
Introduced
16.0.R1
Platforms
All
inbound-max-sessions number
Synopsis
Maximum number of concurrent inbound FTP sessions
Context
Tree
Range
0 to 5
Default
3
Introduced
16.0.R1
Platforms
All
idle-timeout (keyword | number)
Synopsis
Idle timeout for FTP, console, or Telnet sessions
Context
configure system login-control idle-timeout (keyword | number)
Tree
Range
1 to 1440
Default
30
Units
minutes
Options
none
Introduced
16.0.R1
Platforms
All
login-banner boolean
Synopsis
Display login banner
Context
configure system login-control login-banner boolean
Tree
Default
false
Introduced
16.0.R1
Platforms
All
login-scripts
Synopsis
Enter the login-scripts context
Context
Tree
Introduced
16.0.R1
Platforms
All
global-script string
Synopsis
URL of the global CLI login script
Context
Tree
String Length
1 to 180
Introduced
16.0.R1
Platforms
All
per-user-script
Synopsis
Enter the per-user-script context
Tree
Introduced
16.0.R1
Platforms
All
file-name string
Synopsis
File name of the per-user login script
Context
Tree
String Length
1 to 180
Introduced
16.0.R1
Platforms
All
user-directory string
Synopsis
Directory name of user-defined login script
Context
Tree
String Length
1 to 180
Introduced
16.0.R1
Platforms
All
motd
Synopsis
Enter the motd context
Context
Tree
Introduced
16.0.R1
Platforms
All
text string
Synopsis
Message of the day displayed after console login
Context
configure system login-control motd text string
Tree
String Length
1 to 900
Notes
The following are part of a choice: text or url.
Introduced
16.0.R1
Platforms
All
url string
Synopsis
URL of the location of message of the day
Context
configure system login-control motd url string
Tree
String Length
1 to 180
Notes
The following are part of a choice: text or url.
Introduced
16.0.R1
Platforms
All
pre-login-message
Synopsis
Enter the pre-login-message context
Tree
Introduced
16.0.R1
Platforms
All
message string
Synopsis
Message displayed prior to the login prompt
Context
Tree
String Length
1 to 900
Introduced
16.0.R1
Platforms
All
name boolean
Synopsis
Display the system name before the pre-login message
Context
Tree
Default
false
Introduced
16.0.R1
Platforms
All
ssh
Synopsis
Enter the ssh context
Context
Tree
Introduced
16.0.R1
Platforms
All
graceful-shutdown boolean
Synopsis
Allow graceful shutdown of SSH sessions
Context
configure system login-control ssh graceful-shutdown boolean
Tree
Default
true
Introduced
16.0.R1
Platforms
All
inbound-max-sessions number
Synopsis
Maximum number of concurrent inbound sessions
Context
Tree
Range
0 to 50
Default
5
Introduced
16.0.R1
Platforms
All
outbound-max-sessions number
Synopsis
Maximum number of concurrent outbound sessions
Context
Range
0 to 15
Default
5
Introduced
16.0.R1
Platforms
All
ttl-security number
Synopsis
Minimum TTL value for incoming BGP packets
Context
configure system login-control ssh ttl-security number
Tree
Range
1 to 255
Introduced
16.0.R1
Platforms
All
telnet
Synopsis
Enter the telnet context
Context
Tree
Introduced
16.0.R1
Platforms
All
graceful-shutdown boolean
Synopsis
Allow graceful shutdown of Telnet sessions
Context
Tree
Default
false
Introduced
16.0.R1
Platforms
All
inbound-max-sessions number
Synopsis
Maximum number of concurrent inbound sessions
Context
Tree
Range
0 to 50
Default
5
Introduced
16.0.R1
Platforms
All
outbound-max-sessions number
Synopsis
Maximum number of concurrent outbound sessions
Context
Range
0 to 15
Default
5
Introduced
16.0.R1
Platforms
All
ttl-security number
Synopsis
Minimum TTL value for incoming BGP packets
Context
Tree
Range
1 to 255
Introduced
16.0.R1
Platforms
All
management-interface
Synopsis
Enter the management-interface context
Context
Tree
Introduced
16.0.R1
Platforms
All
cli
Synopsis
Enter the cli context
Context
Tree
Introduced
16.0.R1
Platforms
All
classic-cli
Synopsis
Enter the classic-cli context
Tree
Introduced
16.0.R1
Platforms
All
allow-immediate boolean
Synopsis
Allow writable access in classic CLI configure branch
Context
Tree
Default
true
Introduced
16.0.R1
Platforms
All
rollback
Synopsis
Enter the rollback context
Tree
Introduced
16.0.R1
Platforms
All
local-checkpoints number
Synopsis
Maximum number of rollback files on compact flash
Context
Tree
Range
1 to 50
Default
10
Introduced
16.0.R1
Platforms
All
location string
Synopsis
Location and filename of the rollback checkpoint files
Context
Tree
String Length
1 to 180
Introduced
16.0.R1
Platforms
All
remote-checkpoints number
Synopsis
Maximum rollback files saved at a remote location
Context
Tree
Range
1 to 200
Default
10
Introduced
16.0.R1
Platforms
All
rescue
Synopsis
Enter the rescue context
Tree
Introduced
16.0.R1
Platforms
All
location string
Synopsis
Location of the rollback rescue file
Context
Tree
String Length
1 to 180
Introduced
16.0.R1
Platforms
All
cli-engine keyword
Synopsis
System-wide CLI engine access configuration
Context
configure system management-interface cli cli-engine keyword
Tree
Default
md-cli
Options
classic-cli, md-cli
Max. Elements
2
Notes
This element is ordered by the user.
Introduced
16.0.R1
Platforms
All
md-cli
Synopsis
Enter the md-cli context
Context
Tree
Introduced
16.0.R1
Platforms
All
auto-config-save boolean
Synopsis
Automatically save configuration as part of operation
Context
Tree
Default
false
Introduced
16.0.R1
Platforms
All
environment
Synopsis
Enter the environment context
Tree
Introduced
16.0.R1
Platforms
All
command-completion
Synopsis
Enter the command-completion context
Tree
Introduced
16.0.R1
Platforms
All
enter boolean
Synopsis
Complete the command when the enter key is pressed
Context
Tree
Default
true
Introduced
16.0.R1
Platforms
All
space boolean
Synopsis
Complete the command when the space key is pressed
Context
Tree
Default
true
Introduced
16.0.R1
Platforms
All
tab boolean
Synopsis
Complete the command when the tab key is pressed
Context
Tree
Default
true
Introduced
16.0.R1
Platforms
All
console
Synopsis
Enter the console context
Tree
Introduced
16.0.R1
Platforms
All
length number
Synopsis
Number of lines displayed on the screen
Context
Tree
Range
24 to 512
Default
24
Introduced
16.0.R1
Platforms
All
width number
Synopsis
Number of columns displayed on the screen
Context
Tree
Range
80 to 512
Default
80
Introduced
16.0.R1
Platforms
All
message-severity-level
Synopsis
Enter the message-severity-level context
Introduced
16.0.R1
Platforms
All
cli keyword
Synopsis
Message severity threshold for CLI messages
Context
Tree
Default
info
Options
warning, info
Introduced
16.0.R1
Platforms
All
more boolean
Synopsis
Prompt to continue or stop when output text fills page
Context
Tree
Default
true
Introduced
16.0.R1
Platforms
All
progress-indicator
Synopsis
Enter the progress-indicator context
Tree
Introduced
16.0.R1
Platforms
All
admin-state keyword
Synopsis
Administrative state of the progress indicator
Context
Tree
Default
enable
Options
enable, disable
Introduced
16.0.R1
Platforms
All
delay number
Synopsis
Delay before progress indicator is displayed
Context
Tree
Range
0 to 10000
Default
1000
Units
milliseconds
Introduced
16.0.R1
Platforms
All
type keyword
Synopsis
Progress indicator output style
Context
Tree
Default
dots
Options
dots
Introduced
16.0.R1
Platforms
All
prompt
Synopsis
Enter the prompt context
Tree
Introduced
16.0.R1
Platforms
All
context boolean
Synopsis
Show the current command context in the prompt
Context
Tree
Default
true
Introduced
16.0.R1
Platforms
All
newline boolean
Synopsis
Add a new line before every prompt line
Context
Tree
Default
true
Introduced
16.0.R1
Platforms
All
timestamp boolean
Synopsis
Show the timestamp before the first prompt line
Context
Tree
Default
false
Introduced
16.0.R1
Platforms
All
uncommitted-changes-indicator boolean
Synopsis
Show an asterisk (*) when uncommitted changes exist
Context
Default
true
Introduced
16.0.R1
Platforms
All
time-display keyword
Synopsis
Time zone displayed before the prompt
Context
Tree
Default
local
Options
local, utc
Introduced
16.0.R1
Platforms
All
time-format keyword
Synopsis
Time format to display date and time
Context
Tree
Default
rfc-3339
Options
iso-8601, rfc-1123, rfc-3339
Introduced
20.5.R1
Platforms
All
configuration-mode keyword
Synopsis
Configuration mode for the system
Context
Tree
Default
classic
Options
classic, model-driven, mixed
Introduced
16.0.R1
Platforms
All
configuration-save
Synopsis
Enter the configuration-save context
Tree
Introduced
16.0.R1
Platforms
All
configuration-backups number
Synopsis
Maximum number of backup versions maintained
Context
Range
1 to 200
Default
5
Introduced
16.0.R1
Platforms
All
netconf
Synopsis
Enter the netconf context
Context
Tree
Introduced
16.0.R1
Platforms
All
admin-state keyword
Synopsis
Administrative state of NETCONF
Context
Tree
Default
disable
Options
enable, disable
Introduced
16.0.R1
Platforms
All
auto-config-save boolean
Synopsis
Automatically save configuration as part of operation
Context
Tree
Default
false
Introduced
16.0.R1
Platforms
All
capabilities
Synopsis
Enter the capabilities context
Tree
Introduced
16.0.R1
Platforms
All
candidate boolean
Synopsis
Allow the NETCONF server to access the candidate datastore
Context
Tree
Default
true
Introduced
16.0.R1
Platforms
All
writable-running boolean
Synopsis
Allow NETCONF server to access the running datastore
Context
Tree
Default
false
Introduced
16.0.R1
Platforms
All
port number
Synopsis
Choose port on which the NETCONF server will listen for new connections.
Context
Tree
Range
22 | 830
Default
830
Introduced
19.10.R1
Platforms
All
operations
Synopsis
Enter the operations context
Tree
Description
Commands in this context configure parameters associated with operational commands in model-driven interfaces.
Introduced
21.5.R1
Platforms
All
global-timeouts
Synopsis
Enter the global-timeouts context
Tree
Description
Commands in this context configure system timeout parameters for operational commands.
Timeout parameters provide default system-level control for various types of operational commands in model-driven interfaces. The timeout values are used when specific execution and retention timeouts are not requested for a specific operation.
Introduced
21.5.R1
Platforms
All
asynchronous-execution (number | keyword)
Synopsis
Timeout for asynchronous operation execution
Context
configure system management-interface operations global-timeouts asynchronous-execution (number | keyword)
Description
This command configures the period of time that operations launched as “asynchronous” are allowed to execute before being automatically stopped by the SR OS.
An asynchronous operation is not deleted from the system when it is stopped. See the asynchronous-retention command.
If a specific execution timeout is not included in the request for a particular asynchronous operation, this system-level timeout applies.
Note: This execution timeout is part of the general global operations infrastructure and is separate and independent from any operation-specific timeouts (for example, the ping operation also has its own timeout parameter).
Range
1 to 604800
Default
3600
Options
never
Introduced
21.5.R1
Platforms
All
asynchronous-retention (number | keyword)
Synopsis
Timeout for asynchronous operation data retention
Context
configure system management-interface operations global-timeouts asynchronous-retention (number | keyword)
Description
This command configures the period of time that data related to operations launched as “asynchronous” is retained in the system. After the retention timeout expires, all information related to the operation is deleted, including any status information and result data.
If a specific retention timeout is not included in the request for a particular asynchronous operation, this system-level timeout applies.
Range
1 to 604800
Default
86400
Options
never
Introduced
21.5.R1
Platforms
All
synchronous-execution (number | keyword)
Synopsis
Timeout for synchronous operation execution
Context
configure system management-interface operations global-timeouts synchronous-execution (number | keyword)
Description
This command configures the period of time that operations launched as “'synchronous” (the default method for all operations) are allowed to execute before they are automatically stopped, and their associated data is deleted.
If a specific execution timeout is not included in the request for a particular synchronous operation, this system-level timeout applies.
Note: This execution timeout is part of the general global operations infrastructure and is separate and independent from any operation-specific timeouts (for example, the ping operation also has its own timeout parameter).
Caution: If this command is set with a specific time value, MD-CLI operations are subject to the timeout and are interrupted if they execute longer than the time value. This situation can arise because the timeout also applies to operations requested in the MD-CLI interface (for example, ping, file dir, and so on).
Range
1 to 604800
Default
never
Options
never
Introduced
21.5.R1
Platforms
All
remote-management
Synopsis
Enter the remote-management context
Tree
Description
Commands in this context configure remote management to manage multiple SR OS nodes running different SR OS versions from the same MD-CLI shell.
Introduced
20.5.R1
Platforms
All
admin-state keyword
Synopsis
Administrative state of remote management registration
Context
Tree
Default
disable
Options
enable, disable
Introduced
20.5.R1
Platforms
All
allow-unsecure-connection
Synopsis
Allow connection without secured transport protocol
Description
When configured, this command allows an unsecured connection to remote managers; TCP connections are not encrypted, including username and password information.
Notes
The following are part of a choice: allow-unsecure-connection or client-tls-profile.
Introduced
20.5.R1
Platforms
All
client-tls-profile reference
Synopsis
TLS client profile name
Context
Tree
Description
This command specifies the client TLS profile to all remote managers.
Reference
configure system security tls client-tls-profile string
Notes
The following are part of a choice: allow-unsecure-connection or client-tls-profile.
Introduced
20.5.R1
Platforms
All
connection-timeout number
Synopsis
Time without a response before manager declared down
Context
Tree
Range
1 to 3600
Default
60
Units
seconds
Introduced
20.5.R1
Platforms
All
device-label string
Synopsis
Device label supplied to the remote manager
Context
Tree
Description
This command specifies a metadata label that is supplied to the manager. This label is used to group devices or network nodes with a common purpose or goal.
String Length
1 to 64
Introduced
20.5.R1
Platforms
All
device-name string
Synopsis
Device name supplied to the remote manager
Context
Tree
Description
This command specifies a device name that is supplied to the manager. The name identifies a specific SR OS node in the network.
When unconfigured, the default system name is used.
String Length
1 to 64
Introduced
20.5.R1
Platforms
All
hello-interval number
Synopsis
Time between hello messages from SR OS node to manager
Context
Tree
Range
10 to 3600
Default
10
Units
minutes
Introduced
20.5.R1
Platforms
All
manager [manager-name] string
Synopsis
Enter the manager list instance
Context
Tree
Description
Commands in this context configure specific manager-related commands. Commands configured in this context take precedence over command values specified directly in the configure management-interface remote-management context.
If a command is not configured in this context, the command setting is inherited from the higher level context.
Max. Elements
2
Introduced
20.5.R1
Platforms
All
[manager-name] string
Synopsis
Remote management manager name
Context
String Length
1 to 64
Notes
This element is part of a list key.
Introduced
20.5.R1
Platforms
All
admin-state keyword
Synopsis
Administrative state of remote management registration
Context
configure system management-interface remote-management manager string admin-state keyword
Tree
Default
disable
Options
enable, disable
Introduced
20.5.R1
Platforms
All
allow-unsecure-connection
Synopsis
Allow connection without secured transport protocol
Context
Description
When configured, this command allows an unsecured connection to remote managers; TCP connections are not encrypted, including username and password information.
Notes
The following are part of a choice: allow-unsecure-connection or client-tls-profile.
Introduced
20.5.R1
Platforms
All
client-tls-profile reference
Synopsis
TLS client profile name
Context
configure system management-interface remote-management manager string client-tls-profile reference
Tree
Description
This command assigns a profile name to a remote manager.
Reference
configure system security tls client-tls-profile string
Notes
The following are part of a choice: allow-unsecure-connection or client-tls-profile.
Introduced
20.5.R1
Platforms
All
connection-timeout number
Synopsis
Max time without response before manager declared down
Context
Tree
Range
1 to 3600
Units
seconds
Introduced
20.5.R1
Platforms
All
description string
Synopsis
Text description
Context
configure system management-interface remote-management manager string description string
Tree
String Length
1 to 80
Introduced
20.5.R1
Platforms
All
device-label string
Synopsis
Device label supplied to the remote manager
Context
configure system management-interface remote-management manager string device-label string
Tree
Description
This command specifies a metadata label that is supplied to the manager. This label is used to group devices or network nodes with a common purpose or goal.
String Length
1 to 64
Introduced
20.5.R1
Platforms
All
device-name string
Synopsis
Device name supplied to the remote manager
Context
configure system management-interface remote-management manager string device-name string
Tree
Description
This command specifies a device name that is supplied to the manager. The name identifies a specific SR OS node in the network.
When unconfigured, the default system name is used.
String Length
1 to 64
Introduced
20.5.R1
Platforms
All
manager-address (ipv4-address-no-zone | ipv6-address-no-zone | fully-qualified-domain-name)
Synopsis
Destination IP address of the manager
Context
configure system management-interface remote-management manager string manager-address (ipv4-address-no-zone | ipv6-address-no-zone | fully-qualified-domain-name)
Tree
String Length
1 to 255
Introduced
20.5.R1
Platforms
All
manager-port number
Synopsis
Destination TCP port for gRPC connections to manager
Context
configure system management-interface remote-management manager string manager-port number
Tree
Range
1 to 65535
Default
57400
Introduced
20.5.R1
Platforms
All
router-instance string
Synopsis
Reference to a router or VPRN service name
Context
configure system management-interface remote-management manager string router-instance string
Tree
Introduced
20.5.R1
Platforms
All
source-address (ipv4-address-no-zone | ipv6-address-no-zone)
Synopsis
Source IP address for connection to the manager
Context
configure system management-interface remote-management manager string source-address (ipv4-address-no-zone | ipv6-address-no-zone)
Tree
Introduced
20.5.R1
Platforms
All
source-port (number | keyword)
Synopsis
Source TCP destination port number
Context
configure system management-interface remote-management manager string source-port (number | keyword)
Tree
Range
1 to 65535
Options
grpc-default
Introduced
20.5.R1
Platforms
All
router-instance string
Synopsis
Router name or VPRN service name
Context
Tree
Default
management
Introduced
20.5.R1
Platforms
All
source-address (ipv4-address-no-zone | ipv6-address-no-zone)
Synopsis
Source IP address for connection to the manager
Context
configure system management-interface remote-management source-address (ipv4-address-no-zone | ipv6-address-no-zone)
Tree
Introduced
20.5.R1
Platforms
All
source-port (number | keyword)
Synopsis
Source TCP port number to connection to the manager
Context
configure system management-interface remote-management source-port (number | keyword)
Tree
Range
1 to 65535
Default
grpc-default
Options
grpc-default
Introduced
20.5.R1
Platforms
All
schema-path string
Synopsis
Schema path URL
Context
Tree
Description
This command specifies the schema path where the SR OS YANG modules can be manually copied by the user prior to using a <get-schema> request. It is recommended that the URL string not exceed 135 characters for the <get-schema> request to work properly with all schema files.
When unconfigured, the software upgrade process manages the YANG schema files to ensure the schema files are synchronized with the software image on both the primary and standby CPM.
String Length
1 to 180
Introduced
16.0.R4
Platforms
All
snmp
Synopsis
Enter the snmp context
Context
Tree
Introduced
16.0.R1
Platforms
All
admin-state keyword
Synopsis
Administrative state of the SNMP daemon
Context
Tree
Default
enable
Options
enable, disable
Introduced
16.0.R1
Platforms
All
engine-id string
Synopsis
SNMP engine ID that identifies the SNMPv3 node
Context
Tree
String Length
10 to 64
Introduced
16.0.R1
Platforms
All
general-port number
Synopsis
Port number to be used to send general SNMP messages.
Context
Tree
Range
0 | 1 to 65535
Default
161
Introduced
16.0.R1
Platforms
All
packet-size number
Synopsis
Maximum SNMP packet size generated by the node
Context
Tree
Range
484 to 9216
Default
1500
Introduced
16.0.R1
Platforms
All
streaming
Synopsis
Enter the streaming context
Context
Tree
Introduced
16.0.R1
Platforms
All
admin-state keyword
Synopsis
Administrative state of the streaming daemon
Context
Tree
Default
disable
Options
enable, disable
Introduced
16.0.R1
Platforms
All
yang-modules
Synopsis
Enter the yang-modules context
Tree
Description
Commands in this context determine the system support of the Nokia YANG models.
The settings affect the data sent in a NETCONF <hello>, data populated in the RFC 6022 /netconf-state/schemas list, data returned in a <get-schema> request, and data populated in the RFC 8525 /yang-library.
Introduced
16.0.R1
Platforms
All
base-r13-modules boolean
Synopsis
Support base release 13 YANG models
Context
Tree
Default
false
Introduced
16.0.R1
Platforms
All
nokia-combined-modules boolean
Synopsis
Support access to combined Nokia YANG models
Context
Description
When configured to true, the system supports the combined Nokia YANG files for both configuration and state data in the NETCONF server.
When the system is operating in classic configuration mode, attempts to access (read or write) the configuration using the Nokia configuration modules or namespace via NETCONF result in errors, even if this command is set to true.
When configured to false, access to the combined Nokia YANG files is not supported.
This command and the nokia-submodules command cannot both be set to true at the same time.
Introduced
16.0.R4
Platforms
All
nokia-submodules boolean
Synopsis
Support submodule-based packaging of Nokia YANG models
Context
Tree
Description
When configured to true, the system supports the alternative submodule-based packaging of the Nokia YANG files for both configuration and state data in the NETCONF server.
When the system is operating in classic configuration mode, attempts to access (read or write) the configuration using the Nokia configuration modules or namespace via NETCONF result in errors, even if this command is set to true.
When configured to false, access to the submodule-based packaging of the Nokia YANG files is not supported.
This command and the nokia-combined-modules command cannot both be set to true at the same time.
Introduced
21.2.R1
Platforms
All
openconfig-modules boolean
Synopsis
Support OpenConfig YANG models
Context
Tree
Default
false
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
name string
Synopsis
Administrative name assigned to the system
Tree
String Length
1 to 64
Introduced
16.0.R1
Platforms
All
network-element-discovery
Synopsis
Enter the network-element-discovery context
Context
Introduced
19.5.R1
Platforms
All
generate-traps boolean
Synopsis
Generate NE discovery traps
Context
Tree
Default
false
Introduced
19.5.R1
Platforms
All
profile [name] string
Synopsis
Enter the profile list instance
Context
Tree
Max. Elements
1
Introduced
19.5.R1
Platforms
All
[name] string
Synopsis
Profile name
Context
String Length
1 to 32
Notes
This element is part of a list key.
Introduced
19.5.R1
Platforms
All
neid string
Synopsis
Network element ID of the advertised node
Context
configure system network-element-discovery profile string neid string
Tree
String Length
7 to 8
Introduced
19.5.R1
Platforms
All
neip
Synopsis
Enter the neip context
Context
Tree
Introduced
19.5.R1
Platforms
All
auto-generate
Synopsis
Enter the auto-generate context
Context
Tree
Introduced
21.2.R1
Platforms
All
ipv4
Synopsis
Enable the ipv4 context
Context
Tree
Introduced
21.2.R1
Platforms
All
vendor-id-value number
Synopsis
Most significant byte if the NE IPv4 address
Context
configure system network-element-discovery profile string neip auto-generate ipv4 vendor-id-value number
Tree
Range
1 to 255
Default
140
Introduced
21.2.R1
Platforms
All
ipv6
Synopsis
Enable the ipv6 context
Context
Tree
Introduced
21.2.R1
Platforms
All
vendor-id-value number
Synopsis
Most significant byte of the NE IPv6 address
Context
configure system network-element-discovery profile string neip auto-generate ipv6 vendor-id-value number
Tree
Range
1 to 255
Default
140
Introduced
21.2.R1
Platforms
All
ipv4 string
Synopsis
NEIP IPv4 address
Tree
Introduced
19.5.R1
Platforms
All
ipv6 string
Synopsis
NEIP IPv6 address
Tree
Introduced
19.5.R1
Platforms
All
platform-type string
Synopsis
Platform name and chassis type to be advertised
Context
configure system network-element-discovery profile string platform-type string
Tree
String Length
1 to 255
Introduced
19.5.R1
Platforms
All
system-mac string
Synopsis
MAC address of the advertised node
Context
configure system network-element-discovery profile string system-mac string
Tree
Introduced
19.5.R1
Platforms
All
vendor-id string
Synopsis
Vendor ID to be advertised
Context
configure system network-element-discovery profile string vendor-id string
Tree
String Length
1 to 255
Default
Nokia
Introduced
19.5.R1
Platforms
All
ospf-dynamic-hostnames boolean
Synopsis
Process received OSPF dynamic hostname information
Context
configure system ospf-dynamic-hostnames boolean
Description
When configured to true, OSPF dynamic hostnames are enabled. The router receiving the new dynamic hostname within the OSPF Router Information (RI) LSA is instructed to process the received dynamic hostname information.
When configured to false, dynamic hostname information is not processed.
Default
false
Introduced
20.2.R1
Platforms
All
persistence
Synopsis
Enter the persistence context
Context
Tree
Introduced
16.0.R1
Platforms
All
ancp
Synopsis
Enter the ancp context
Context
Tree
Introduced
16.0.R1
Platforms
All
description string
Synopsis
Text description
Context
configure system persistence ancp description string
Tree
String Length
1 to 80
Introduced
16.0.R1
Platforms
All
location keyword
Synopsis
CPM flash card where the information is stored
Context
configure system persistence ancp location keyword
Tree
Options
cf1, cf2, cf3
Introduced
16.0.R1
Platforms
All
application-assurance
Synopsis
Enter the application-assurance context
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
description string
Synopsis
Text description
Context
Tree
String Length
1 to 80
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
location keyword
Synopsis
CPM flash card where the information is stored
Context
Tree
Options
cf1, cf2, cf3
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
dhcp-server
Synopsis
Enter the dhcp-server context
Context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
description string
Synopsis
Text description
Context
Tree
String Length
1 to 80
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
location keyword
Synopsis
CPM flash card where the information is stored
Context
configure system persistence dhcp-server location keyword
Tree
Options
cf1, cf2, cf3
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
nat-port-forwarding
Synopsis
Enter the nat-port-forwarding context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
description string
Synopsis
Text description
Context
Tree
String Length
1 to 80
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
location keyword
Synopsis
CPM flash card where the information is stored
Context
Tree
Options
cf1, cf2, cf3
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
options
Synopsis
Enter the options context
Context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
dhcp-leasetime-threshold number
Synopsis
DHCP lease time limit to be eligible for persistence
Context
Range
1 to 631152000
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
python-policy-cache
Synopsis
Enter the python-policy-cache context
Tree
Introduced
16.0.R1
Platforms
All
description string
Synopsis
Text description
Context
Tree
String Length
1 to 80
Introduced
16.0.R1
Platforms
All
location keyword
Synopsis
CPM flash card where the information is stored
Context
Tree
Options
cf1, cf2, cf3
Introduced
16.0.R1
Platforms
All
subscriber-mgmt
Synopsis
Enter the subscriber-mgmt context
Context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
description string
Synopsis
Text description
Context
Tree
String Length
1 to 80
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
location keyword
Synopsis
CPM flash card where the information is stored
Context
Tree
Options
cf1, cf2, cf3
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR
power-management power-zone number
Synopsis
Enter the power-management list instance
Context
Tree
Introduced
16.0.R1
Platforms
7750 SR-s, 7950 XRS
power-zone number
Synopsis
Power zone
Context
Range
1 to 2
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
7750 SR-s, 7950 XRS
mode keyword
Synopsis
Power capacity mode algorithm
Context
configure system power-management power-zone number mode keyword
Tree
Default
basic
Options
none, basic, advanced
Introduced
16.0.R1
Platforms
7750 SR-s, 7950 XRS
power-safety-alert number
Synopsis
Power capacity to trigger a safety alert event
Context
configure system power-management power-zone number power-safety-alert number
Tree
Range
0 to 120000
Default
0
Units
watts
Introduced
16.0.R1
Platforms
7750 SR-s, 7950 XRS
power-safety-level number
Synopsis
Minimum threshold to power off devices
Context
configure system power-management power-zone number power-safety-level number
Tree
Range
0 to 100
Default
100
Units
percent
Introduced
16.0.R1
Platforms
7750 SR-s, 7950 XRS
script-control
Synopsis
Enter the script-control context
Context
Tree
Introduced
16.0.R1
Platforms
All
script [script-name] string owner string
Synopsis
Enter the script list instance
Context
configure system script-control script string owner string
Tree
Max. Elements
1500
Introduced
16.0.R1
Platforms
All
[script-name] string
Synopsis
Script name
Context
configure system script-control script string owner string
String Length
1 to 32
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
owner string
Synopsis
Script owner
Context
configure system script-control script string owner string
String Length
1 to 32
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
admin-state keyword
Synopsis
Administrative state of the policy
Context
configure system script-control script string owner string admin-state keyword
Tree
Default
disable
Options
enable, disable
Introduced
16.0.R1
Platforms
All
description string
Synopsis
Text description
Context
configure system script-control script string owner string description string
Tree
String Length
1 to 80
Introduced
16.0.R1
Platforms
All
location string
| Warning: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
Synopsis
Script location
Tree
String Length
1 to 255
Introduced
16.0.R1
Platforms
All
script-policy [policy-name] string owner string
Synopsis
Enter the script-policy list instance
Context
configure system script-control script-policy string owner string
Tree
Max. Elements
1500
Introduced
16.0.R1
Platforms
All
[policy-name] string
Synopsis
Script policy name
Context
configure system script-control script-policy string owner string
String Length
1 to 32
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
owner string
Synopsis
Script policy owner
Context
configure system script-control script-policy string owner string
String Length
1 to 32
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
admin-state keyword
Synopsis
Administrative state of the script policy
Context
configure system script-control script-policy string owner string admin-state keyword
Tree
Default
disable
Options
enable, disable
Introduced
16.0.R1
Platforms
All
expire-time (number | keyword)
Synopsis
Maximum amount of time to keep a run history status
Context
configure system script-control script-policy string owner string expire-time (number | keyword)
Tree
Range
0 to 21474836
Default
3600
Units
seconds
Options
forever
Introduced
16.0.R1
Platforms
All
lifetime (number | keyword)
Synopsis
Maximum amount of time the script may run
Context
configure system script-control script-policy string owner string lifetime (number | keyword)
Tree
Range
0 to 21474836
Default
3600
Units
seconds
Options
forever
Introduced
16.0.R1
Platforms
All
lock-override boolean
Synopsis
Allow EHS/CRON script to break database explicit lock
Context
configure system script-control script-policy string owner string lock-override boolean
Tree
Default
false
Introduced
19.10.R1
Platforms
All
max-completed number
Synopsis
Maximum number of script history status entries kept
Context
configure system script-control script-policy string owner string max-completed number
Tree
Range
1 to 1500
Default
1
Introduced
16.0.R1
Platforms
All
results string
Synopsis
Location to receive CLI output of a script run
Context
configure system script-control script-policy string owner string results string
Tree
String Length
1 to 255
Introduced
16.0.R1
Platforms
All
script
Synopsis
Enter the script context
Context
configure system script-control script-policy string owner string script
Tree
Introduced
16.0.R1
Platforms
All
name string
| Warning: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
Synopsis
Script name
Context
configure system script-control script-policy string owner string script name string
Tree
String Length
1 to 32
Introduced
16.0.R1
Platforms
All
owner string
| Warning: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
Synopsis
Script owner
Context
configure system script-control script-policy string owner string script owner string
Tree
String Length
1 to 32
Introduced
16.0.R1
Platforms
All
security
Synopsis
Enter the security context
Tree
Description
Commands in this context configure central security settings such as DDoS protection, users, authorization profiles, and certificates.
Access to these commands should be restricted to highly trusted users and device administrators.
Introduced
16.0.R1
Platforms
All
aaa
Synopsis
Enter the aaa context
Tree
Introduced
16.0.R1
Platforms
All
cli-session-group [cli-session-group-name] string
Synopsis
Enter the cli-session-group list instance
Context
configure system security aaa cli-session-group string
Tree
Max. Elements
16
Introduced
16.0.R1
Platforms
All
[cli-session-group-name] string
Synopsis
CLI session group name
Context
configure system security aaa cli-session-group string
String Length
1 to 32
Notes
This element is part of a list key.
Introduced
16.0.R2
Platforms
All
combined-max-sessions number
Synopsis
Maximum number of concurrent SSH and Telnet sessions
Context
configure system security aaa cli-session-group string combined-max-sessions number
Range
0 to 50
Introduced
16.0.R1
Platforms
All
description string
Synopsis
Text description
Context
configure system security aaa cli-session-group string description string
Tree
String Length
1 to 80
Introduced
16.0.R1
Platforms
All
ssh-max-sessions number
Synopsis
Maximum number of concurrent SSH sessions
Context
configure system security aaa cli-session-group string ssh-max-sessions number
Tree
Range
0 to 50
Introduced
16.0.R1
Platforms
All
telnet-max-sessions number
Synopsis
Maximum number of concurrent Telnet sessions
Context
configure system security aaa cli-session-group string telnet-max-sessions number
Tree
Range
0 to 50
Introduced
16.0.R1
Platforms
All
health-check (number | keyword)
Synopsis
Polling interval of RADIUS, TACACS+, and LDAP servers
Context
configure system security aaa health-check (number | keyword)
Tree
Range
6 to 1500
Default
30
Units
seconds
Options
none
Introduced
16.0.R1
Platforms
All
local-profiles
Synopsis
Enter the local-profiles context
Context
Tree
Introduced
16.0.R1
Platforms
All
profile [user-profile-name] string
Synopsis
Enter the profile list instance
Tree
Max. Elements
128
Introduced
16.0.R1
Platforms
All
[user-profile-name] string
Synopsis
User profile name
String Length
1 to 32
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
cli-session-group reference
Synopsis
CLI session group to which the profile belongs
Context
configure system security aaa local-profiles profile string cli-session-group reference
Tree
Reference
configure system security aaa cli-session-group string
Introduced
16.0.R1
Platforms
All
combined-max-sessions number
Synopsis
Maximum number of concurrent SSH and Telnet sessions
Context
configure system security aaa local-profiles profile string combined-max-sessions number
Range
0 to 50
Introduced
16.0.R1
Platforms
All
default-action keyword
Synopsis
Action for non-matching entry
Context
configure system security aaa local-profiles profile string default-action keyword
Tree
Default
none
Options
deny-all, permit-all, none, read-only-all
Introduced
16.0.R1
Platforms
All
[entry-id] number
Synopsis
User profile entry ID
Range
1 to 9999
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
action keyword
Synopsis
Action when a user command matches the entry
Tree
Default
none
Options
deny, permit, none, read-only
Introduced
16.0.R1
Platforms
All
description string
Synopsis
Text description
Context
configure system security aaa local-profiles profile string entry number description string
Tree
String Length
1 to 80
Introduced
16.0.R1
Platforms
All
match string
Synopsis
Command to match the entry
Tree
String Length
1 to 255
Introduced
16.0.R1
Platforms
All
grpc
Synopsis
Enter the grpc context
Tree
Introduced
16.0.R1
Platforms
All
rpc-authorization
Synopsis
Enter the rpc-authorization context
Context
Tree
Description
Commands in this context control the authorization of each RPC in gRPC interfaces.
Introduced
16.0.R1
Platforms
All
gnmi-capabilities keyword
Synopsis
gNMI Capabilities RPC authorization
Context
configure system security aaa local-profiles profile string grpc rpc-authorization gnmi-capabilities keyword
Tree
Default
permit
Options
permit, deny
Introduced
16.0.R1
Platforms
All
gnmi-get keyword
Synopsis
gNMI Get RPC authorization
Context
configure system security aaa local-profiles profile string grpc rpc-authorization gnmi-get keyword
Tree
Default
permit
Options
permit, deny
Introduced
16.0.R1
Platforms
All
gnmi-set keyword
Synopsis
gNMI Set RPC authorization
Context
configure system security aaa local-profiles profile string grpc rpc-authorization gnmi-set keyword
Tree
Default
permit
Options
permit, deny
Introduced
16.0.R1
Platforms
All
gnmi-subscribe keyword
Synopsis
gNMI Subscribe RPC authorization
Context
configure system security aaa local-profiles profile string grpc rpc-authorization gnmi-subscribe keyword
Tree
Default
permit
Options
permit, deny
Introduced
16.0.R1
Platforms
All
gnoi-cert-mgmt-cangenerate keyword
Synopsis
CanGenerateCSR RPC usage
Context
Default
deny
Options
permit, deny
Introduced
19.10.R1
Platforms
All
gnoi-cert-mgmt-getcert keyword
Synopsis
GetCertificates RPC usage
Context
configure system security aaa local-profiles profile string grpc rpc-authorization gnoi-cert-mgmt-getcert keyword
Default
deny
Options
permit, deny
Introduced
19.10.R1
Platforms
All
gnoi-cert-mgmt-install keyword
Synopsis
Install RPC usage
Context
configure system security aaa local-profiles profile string grpc rpc-authorization gnoi-cert-mgmt-install keyword
Default
deny
Options
permit, deny
Introduced
19.10.R1
Platforms
All
gnoi-cert-mgmt-revoke keyword
Synopsis
RevokeCertificates RPC usage
Context
configure system security aaa local-profiles profile string grpc rpc-authorization gnoi-cert-mgmt-revoke keyword
Default
deny
Options
permit, deny
Introduced
20.2.R1
Platforms
All
gnoi-cert-mgmt-rotate keyword
Synopsis
Rotate RPC usage
Context
configure system security aaa local-profiles profile string grpc rpc-authorization gnoi-cert-mgmt-rotate keyword
Default
deny
Options
permit, deny
Introduced
19.10.R1
Platforms
All
gnoi-file-get keyword
Synopsis
gNOI File Get RPC usage
Context
configure system security aaa local-profiles profile string grpc rpc-authorization gnoi-file-get keyword
Tree
Default
permit
Options
permit, deny
Introduced
21.2.R1
Platforms
All
gnoi-file-put keyword
Synopsis
gNOI File Put RPC usage
Context
configure system security aaa local-profiles profile string grpc rpc-authorization gnoi-file-put keyword
Tree
Default
permit
Options
permit, deny
Introduced
21.2.R1
Platforms
All
gnoi-file-remove keyword
Synopsis
gNOI File Remove RPC usage
Context
configure system security aaa local-profiles profile string grpc rpc-authorization gnoi-file-remove keyword
Tree
Default
permit
Options
permit, deny
Introduced
21.2.R1
Platforms
All
gnoi-file-stat keyword
Synopsis
gNOI File Stat RPC usage
Context
configure system security aaa local-profiles profile string grpc rpc-authorization gnoi-file-stat keyword
Tree
Default
permit
Options
permit, deny
Introduced
21.2.R1
Platforms
All
gnoi-system-cancelreboot keyword
Synopsis
gNOI System CancelReboot RPC usage
Context
configure system security aaa local-profiles profile string grpc rpc-authorization gnoi-system-cancelreboot keyword
Default
deny
Options
permit, deny
Introduced
20.5.R1
Platforms
All
gnoi-system-reboot keyword
Synopsis
gNOI System Reboot RPC authorization
Context
configure system security aaa local-profiles profile string grpc rpc-authorization gnoi-system-reboot keyword
Tree
Default
deny
Options
permit, deny
Introduced
20.5.R1
Platforms
All
gnoi-system-rebootstatus keyword
Synopsis
gNOI System RebootStatus RPC authorization
Context
configure system security aaa local-profiles profile string grpc rpc-authorization gnoi-system-rebootstatus keyword
Default
deny
Options
permit, deny
Introduced
20.5.R1
Platforms
All
gnoi-system-setpackage keyword
Synopsis
gNOI System SetPackage RPC usage
Context
configure system security aaa local-profiles profile string grpc rpc-authorization gnoi-system-setpackage keyword
Default
deny
Options
permit, deny
Introduced
20.5.R1
Platforms
All
gnoi-system-switchcontrolprocessor keyword
Synopsis
gNOI System SwitchControlProcessor RPC usage
Context
Default
deny
Options
permit, deny
Introduced
20.5.R1
Platforms
All
md-cli-session keyword
Synopsis
gNOI MdCli Session RPC authorization
Context
configure system security aaa local-profiles profile string grpc rpc-authorization md-cli-session keyword
Tree
Default
permit
Options
permit, deny
Introduced
20.5.R1
Platforms
All
rib-api-getversion keyword
Synopsis
RibApi GetVersion RPC authorization
Context
configure system security aaa local-profiles profile string grpc rpc-authorization rib-api-getversion keyword
Tree
Default
permit
Options
permit, deny
Introduced
16.0.R4
Platforms
All
rib-api-modify keyword
Synopsis
RibApi Modify RPC authorization
Context
configure system security aaa local-profiles profile string grpc rpc-authorization rib-api-modify keyword
Tree
Default
permit
Options
permit, deny
Introduced
16.0.R4
Platforms
All
li boolean
Synopsis
Allow lawful intercept profile ID
Tree
Default
false
Introduced
19.10.R1
Platforms
All
netconf
Synopsis
Enter the netconf context
Tree
Introduced
16.0.R1
Platforms
All
base-op-authorization
Synopsis
Enter the base-op-authorization context
Context
Introduced
16.0.R1
Platforms
All
kill-session boolean
Synopsis
Allow NETCONF kill-session operation
Context
configure system security aaa local-profiles profile string netconf base-op-authorization kill-session boolean
Tree
Default
false
Introduced
16.0.R1
Platforms
All
lock boolean
Synopsis
Allow NETCONF lock and unlock operations
Context
configure system security aaa local-profiles profile string netconf base-op-authorization lock boolean
Tree
Default
false
Introduced
16.0.R1
Platforms
All
ssh-max-sessions number
Synopsis
Maximum number of concurrent SSH sessions
Context
configure system security aaa local-profiles profile string ssh-max-sessions number
Tree
Range
0 to 50
Introduced
16.0.R1
Platforms
All
telnet-max-sessions number
Synopsis
Maximum number of concurrent Telnet sessions
Context
configure system security aaa local-profiles profile string telnet-max-sessions number
Tree
Range
0 to 50
Introduced
16.0.R1
Platforms
All
management-interface
Synopsis
Enter the management-interface context
Context
Tree
Introduced
20.10.R1
Platforms
All
md-cli
Synopsis
Enter the md-cli context
Tree
Introduced
20.10.R1
Platforms
All
command-accounting-during-load boolean
Synopsis
Perform remote command accounting during a load or rollback operation
Context
Default
true
Introduced
20.10.R1
Platforms
All
output-authorization
Synopsis
Enter the output-authorization context
Tree
Introduced
20.10.R1
Platforms
All
md-interfaces boolean
Synopsis
Perform output authorization
Context
Tree
Default
true
Introduced
20.10.R1
Platforms
All
telemetry-data boolean
Synopsis
Perform telemetry data notification authorization
Context
Tree
Default
false
Introduced
20.10.R1
Platforms
All
remote-servers
Synopsis
Enter the remote-servers context
Context
Tree
Introduced
16.0.R1
Platforms
All
ldap
Synopsis
Enter the ldap context
Tree
Introduced
16.0.R1
Platforms
All
admin-state keyword
Synopsis
Administrative state of the LDAP protocol
Context
configure system security aaa remote-servers ldap admin-state keyword
Tree
Default
enable
Options
enable, disable
Introduced
16.0.R1
Platforms
All
public-key-authentication boolean
Synopsis
Allow SSH public key authentication from LDAP server
Context
Default
false
Introduced
16.0.R1
Platforms
All
route-preference keyword
Synopsis
Route preference to reach the AAA server
Context
Tree
Description
This command specifies the routing preference to reach the AAA server. If the configured option is to use both in-band and out-of-band routes, the out-of-band routes in the Base routing instance are used to reach the server before the in-band routes in the management routing instance.
Default
both
Options
both, inband, outband
Introduced
21.5.R1
Platforms
All
server [index] number
Synopsis
Enter the server list instance
Tree
Max. Elements
5
Introduced
16.0.R1
Platforms
All
[index] number
Synopsis
LDAP server ID
Range
1 to 5
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
address [ip-address] (ipv4-address-no-zone | ipv6-address-no-zone)
Synopsis
Enter the address list instance
Context
Tree
Max. Elements
1
Introduced
16.0.R1
Platforms
All
[ip-address] (ipv4-address-no-zone | ipv6-address-no-zone)
Synopsis
LDAP server address
Context
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
port number
Synopsis
Port number on which to contact the LDAP server
Context
Tree
Range
1 to 65535
Default
389
Introduced
16.0.R1
Platforms
All
admin-state keyword
Synopsis
Administrative state of the LDAP server
Context
configure system security aaa remote-servers ldap server number admin-state keyword
Tree
Default
disable
Options
enable, disable
Introduced
16.0.R1
Platforms
All
bind-authentication
Synopsis
Enter the bind-authentication context
Context
Tree
Introduced
16.0.R1
Platforms
All
password string
Synopsis
Password used for authentication with the LDAP server
Context
configure system security aaa remote-servers ldap server number bind-authentication password string
Tree
String Length
1 to 199
Introduced
16.0.R1
Platforms
All
root-dn string
Synopsis
Root domain used for authentication with LDAP server
Context
configure system security aaa remote-servers ldap server number bind-authentication root-dn string
Tree
String Length
1 to 512
Introduced
16.0.R1
Platforms
All
search
Synopsis
Enter the search context
Tree
Introduced
16.0.R1
Platforms
All
base-dn string
Synopsis
LDAP server search base domain name
Tree
String Length
1 to 512
Introduced
16.0.R1
Platforms
All
server-name string
Synopsis
LDAP server name
Context
configure system security aaa remote-servers ldap server number server-name string
Tree
String Length
1 to 32
Introduced
16.0.R1
Platforms
All
tls-profile reference
Synopsis
TLS client profile used to encrypt the LDAP connection
Context
configure system security aaa remote-servers ldap server number tls-profile reference
Tree
Reference
configure system security tls client-tls-profile string
Introduced
16.0.R1
Platforms
All
server-retry number
Synopsis
Number of attempts to retry contacting the LDAP server
Context
Tree
Range
1 to 10
Default
3
Introduced
16.0.R1
Platforms
All
server-timeout number
Synopsis
Timeout for a response from the LDAP server
Context
Tree
Range
1 to 90
Default
3
Units
seconds
Introduced
16.0.R1
Platforms
All
use-default-template boolean
Synopsis
Apply the default template to LDAP
Context
Tree
Default
true
Introduced
16.0.R1
Platforms
All
radius
Synopsis
Enter the radius context
Tree
Introduced
16.0.R1
Platforms
All
access-algorithm keyword
Synopsis
Algorithm used to access the set of RADIUS servers
Context
Tree
Default
direct
Options
direct, round-robin
Introduced
16.0.R1
Platforms
All
accounting boolean
Synopsis
Enable RADIUS command accounting
Context
configure system security aaa remote-servers radius accounting boolean
Tree
Default
false
Introduced
16.0.R1
Platforms
All
accounting-port number
Synopsis
Port number on RADIUS server for accounting requests
Context
Tree
Range
1 to 65535
Default
1813
Introduced
16.0.R1
Platforms
All
admin-state keyword
Synopsis
Administrative state of RADIUS authentication
Context
Tree
Default
enable
Options
enable, disable
Introduced
16.0.R1
Platforms
All
authorization boolean
Synopsis
Enable RADIUS authorization
Context
Tree
Default
false
Introduced
16.0.R1
Platforms
All
interactive-authentication boolean
Synopsis
Enable RADIUS interactive authentication
Context
Default
false
Introduced
16.0.R1
Platforms
All
port number
Synopsis
TCP port number on which to contact RADIUS server
Tree
Range
1 to 65535
Default
1812
Introduced
16.0.R1
Platforms
All
route-preference keyword
Synopsis
Route preference to reach the AAA server
Context
Tree
Description
This command specifies the routing preference to reach the AAA server. If the configured option is to use both in-band and out-of-band routes, the out-of-band routes in the Base routing instance are used to reach the server before the in-band routes in the management routing instance.
Default
both
Options
both, inband, outband
Introduced
21.5.R1
Platforms
All
server [index] number
Synopsis
Enter the server list instance
Tree
Max. Elements
5
Introduced
16.0.R1
Platforms
All
[index] number
Synopsis
RADIUS server ID
Range
1 to 5
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
address (ipv4-address-no-zone | ipv6-address-no-zone)
Synopsis
IP address of the RADIUS server
Context
Tree
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
secret string
Synopsis
Secret key to access the RADIUS server
Tree
String Length
1 to 115
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
server-retry number
Synopsis
Number of attempts to retry contacting RADIUS server
Context
Tree
Range
1 to 10
Default
3
Introduced
16.0.R1
Platforms
All
server-timeout number
Synopsis
Time to wait for a response from the RADIUS server
Context
Tree
Range
1 to 90
Default
3
Units
seconds
Introduced
16.0.R1
Platforms
All
use-default-template boolean
Synopsis
Apply the RADIUS default user template to RADIUS user
Context
Tree
Default
false
Introduced
16.0.R1
Platforms
All
tacplus
Synopsis
Enter the tacplus context
Tree
Introduced
16.0.R1
Platforms
All
accounting
Synopsis
Enable the accounting context
Tree
Introduced
16.0.R1
Platforms
All
record-type keyword
Synopsis
Type of accounting record packet sent to TACACS+ server
Context
Tree
Default
stop-only
Options
start-stop, stop-only
Introduced
16.0.R1
Platforms
All
admin-control
Synopsis
Enter the admin-control context
Tree
Introduced
16.0.R1
Platforms
All
tacplus-map-to-priv-lvl number
Synopsis
Interactive authentication from node to TACACS+ server
Context
Range
0 to 15
Introduced
16.0.R1
Platforms
All
admin-state keyword
Synopsis
Administrative state of the TACACS+ protocol operation
Context
Tree
Default
enable
Options
enable, disable
Introduced
16.0.R1
Platforms
All
authorization
Synopsis
Enable the authorization context
Tree
Introduced
16.0.R1
Platforms
All
use-priv-lvl boolean
Synopsis
Allow privilege level mapping
Context
Tree
Default
false
Introduced
16.0.R1
Platforms
All
interactive-authentication boolean
Synopsis
Allows TACACS+ interactive authentication
Context
Default
false
Introduced
16.0.R1
Platforms
All
priv-lvl-map
Synopsis
Enter the priv-lvl-map context
Tree
Introduced
16.0.R1
Platforms
All
priv-lvl [level] number
Synopsis
Enter the priv-lvl list instance
Context
Tree
Introduced
16.0.R1
Platforms
All
[level] number
Synopsis
Privilege level for the mapping
Context
Range
0 to 15
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
user-profile-name reference
Synopsis
User profile for the mapping
Context
configure system security aaa remote-servers tacplus priv-lvl-map priv-lvl number user-profile-name reference
Tree
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
route-preference keyword
Synopsis
Route preference to reach the AAA server
Context
Tree
Description
This command specifies the routing preference to reach the AAA server. If the configured option is to use both in-band and out-of-band routes, the out-of-band routes in the Base routing instance are used to reach the server before the in-band routes in the management routing instance.
Default
both
Options
both, inband, outband
Introduced
21.5.R1
Platforms
All
server [index] number
Synopsis
Enter the server list instance
Tree
Max. Elements
5
Introduced
16.0.R1
Platforms
All
[index] number
Synopsis
TACACS+ server ID
Range
1 to 5
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
address (ipv4-address-no-zone | ipv6-address-no-zone)
Synopsis
IP address of TACACS+ server.
Context
Tree
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
port number
Synopsis
TCP port ID on which to contact TACACS+ server
Tree
Range
0 | 1 to 65535
Default
49
Introduced
16.0.R1
Platforms
All
secret string
Synopsis
Secret key to access the TACACS+ server
Tree
String Length
1 to 199
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
server-timeout number
Synopsis
Time to wait for a response from the TACACS+ server
Context
Tree
Range
1 to 90
Default
3
Units
seconds
Introduced
16.0.R1
Platforms
All
use-default-template boolean
Synopsis
Apply TACACS+ default user-template to TACACS+ user
Context
Tree
Default
true
Introduced
16.0.R1
Platforms
All
user-template [user-template-name] keyword
Synopsis
Enter the user-template list instance
Context
configure system security aaa user-template keyword
Tree
Introduced
16.0.R1
Platforms
All
[user-template-name] keyword
Synopsis
Default user template applied to the system user
Context
configure system security aaa user-template keyword
Options
ldap-default, radius-default, tacplus-default
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
access
Synopsis
Enter the access context
Tree
Introduced
16.0.R1
Platforms
All
console boolean
Synopsis
Allow console access (serial port or Telnet)
Tree
Default
true
Introduced
16.0.R1
Platforms
All
ftp boolean
Synopsis
Allow FTP access
Tree
Default
false
Introduced
16.0.R1
Platforms
All
grpc boolean
Synopsis
Allow gRPC access
Tree
Default
false
Introduced
16.0.R1
Platforms
All
li boolean
Synopsis
Allow access to lawful intercept
Tree
Default
false
Introduced
19.10.R1
Platforms
All
netconf boolean
Synopsis
Allow NETCONF session access
Tree
Default
false
Introduced
16.0.R1
Platforms
All
console
Synopsis
Enter the console context
Tree
Introduced
16.0.R1
Platforms
All
login-exec string
Synopsis
File to execute for a successful user login via console
Context
configure system security aaa user-template keyword console login-exec string
Tree
String Length
1 to 200
Introduced
16.0.R1
Platforms
All
home-directory (sat-url | cflash-without-slot-url)
Synopsis
User local home directory based on the template
Context
configure system security aaa user-template keyword home-directory (sat-url | cflash-without-slot-url)
Tree
String Length
1 to 200
Introduced
16.0.R1
Platforms
All
profile string
Synopsis
User profile based on the template
Tree
String Length
1 to 32
Introduced
16.0.R1
Platforms
All
restricted-to-home boolean
Synopsis
Prevent user navigation above the home directory
Context
configure system security aaa user-template keyword restricted-to-home boolean
Tree
Default
false
Introduced
16.0.R1
Platforms
All
cli-script
Synopsis
Enter the cli-script context
Context
Tree
Introduced
16.0.R1
Platforms
All
authorization
Synopsis
Enter the authorization context
Context
Tree
Introduced
16.0.R1
Platforms
All
cron
Synopsis
Enter the cron context
Context
Tree
Introduced
16.0.R1
Platforms
All
cli-user reference
Synopsis
User profile name for CLI command script authorization
Context
configure system security cli-script authorization cron cli-user reference
Tree
Reference
configure system security user-params local-user user string
Introduced
16.0.R1
Platforms
All
event-handler
Synopsis
Enter the event-handler context
Tree
Introduced
16.0.R1
Platforms
All
cli-user reference
Synopsis
User profile name for CLI command script authorization
Context
Tree
Reference
configure system security user-params local-user user string
Introduced
16.0.R1
Platforms
All
vsd
Synopsis
Enter the vsd context
Context
Tree
Introduced
16.0.R1
Platforms
All
cli-user reference
Synopsis
User profile name for CLI command script authorization
Context
configure system security cli-script authorization vsd cli-user reference
Tree
Reference
configure system security user-params local-user user string
Introduced
16.0.R1
Platforms
All
cpm-filter
Synopsis
Enter the cpm-filter context
Context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
default-action keyword
Synopsis
Action for packets that do not match any filter entries
Context
configure system security cpm-filter default-action keyword
Tree
Default
accept
Options
drop, accept
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
ip-filter
Synopsis
Enter the ip-filter context
Context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
admin-state keyword
Synopsis
Administrative state of the CPM filter
Context
Tree
Default
disable
Options
enable, disable
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
entry [entry-id] number
Synopsis
Enter the entry list instance
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
[entry-id] number
Synopsis
Filter entry ID
Range
1 to 131072
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
action
Synopsis
Enter the action context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
accept
Synopsis
Forward matching packets
Tree
Notes
The following are part of a choice: accept, default, drop, or queue.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
default
Synopsis
Use default action for matching packets
Tree
Notes
The following are part of a choice: accept, default, drop, or queue.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
drop
Synopsis
Drop matching packets
Tree
Notes
The following are part of a choice: accept, default, drop, or queue.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
queue reference
Synopsis
Forward matching packets to the CPM hardware queue
Tree
Notes
The following are part of a choice: accept, default, drop, or queue.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
description string
Synopsis
Text description
Context
configure system security cpm-filter ip-filter entry number description string
Tree
String Length
1 to 80
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
log reference
Synopsis
Log ID where matching packets are entered
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
match
Synopsis
Enter the match context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
dscp keyword
Synopsis
DSCP used as the match criterion on the packet
Tree
Options
be, cp1, cp2, cp3, cp4, cp5, cp6, cp7, cs1, cp9, af11, cp11, af12, cp13, af13, cp15, cs2, cp17, af21, cp19, af22, cp21, af23, cp23, cs3, cp25, af31, cp27, af32, cp29, af33, cp31, cs4, cp33, af41, cp35, af42, cp37, af43, cp39, cs5, cp41, cp42, cp43, cp44, cp45, ef, cp47, nc1, cp49, cp50, cp51, cp52, cp53, cp54, cp55, nc2, cp57, cp58, cp59, cp60, cp61, cp62, cp63
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
dst-ip
Synopsis
Enter the dst-ip context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
address (ipv4-address | ipv4-prefix-with-host-bits)
Synopsis
IP address used as the match criterion
Context
Tree
Notes
The following are part of a choice: (address and mask) or ip-prefix-list.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
ip-prefix-list reference
Synopsis
IP prefix list used as match criterion
Context
configure system security cpm-filter ip-filter entry number match dst-ip ip-prefix-list reference
Tree
Reference
configure filter match-list ip-prefix-list string
Notes
The following are part of a choice: (address and mask) or ip-prefix-list.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
mask string
Synopsis
Address mask as the match criterion
Tree
Notes
The following are part of a choice: (address and mask) or ip-prefix-list.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
dst-port
Synopsis
Enter the dst-port context
Tree
Notes
The following are part of a choice: port or (dst-port and src-port).
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
eq number
Synopsis
Port number as the match criterion
Tree
Range
0 to 65535
Notes
The following are part of a choice: (eq and mask), port-list, or range.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
mask number
Synopsis
Port mask as the match criterion
Tree
Range
1 to 65535
Default
65535
Notes
The following are part of a choice: (eq and mask), port-list, or range.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
port-list reference
Synopsis
Port list as the match criterion
Context
Tree
Reference
configure filter match-list port-list string
Notes
The following are part of a choice: (eq and mask), port-list, or range.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
range
Synopsis
Enable the range context
Tree
Notes
The following are part of a choice: (eq and mask), port-list, or range.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
end number
Synopsis
Upper bound of the port number to match
Tree
Range
0 to 65535
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
start number
Synopsis
Lower bound of the port number to match
Context
Tree
Range
0 to 65535
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
fragment keyword
Synopsis
Match criterion based on presence of fragmented packets
Tree
Options
false, true
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
icmp
Synopsis
Enter the icmp context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
code number
Synopsis
ICMP code to match
Tree
Range
0 to 255
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
type number
Synopsis
ICMP type to match
Tree
Range
0 to 255
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
ip-option
Synopsis
Enable the ip-option context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
mask number
Synopsis
Mask that is ANDed with ip-option value in the packet header
Tree
Range
1 to 255
Default
255
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
type number
Synopsis
Specific IP option to match
Tree
Range
0 to 255
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
multiple-option boolean
Synopsis
Specifies whether multiple options are to be matched.
Context
configure system security cpm-filter ip-filter entry number match multiple-option boolean
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
option-present boolean
Synopsis
Specifies whether IP options matching is enabled.
Context
configure system security cpm-filter ip-filter entry number match option-present boolean
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
port
Synopsis
Enter the port context
Tree
Notes
The following are part of a choice: port or (dst-port and src-port).
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
eq number
Synopsis
Port number as the match criterion
Tree
Range
0 to 65535
Notes
The following are part of a choice: (eq and mask), port-list, or range.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
mask number
Synopsis
Port mask as the match criterion
Tree
Range
1 to 65535
Default
65535
Notes
The following are part of a choice: (eq and mask), port-list, or range.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
port-list reference
Synopsis
Port list as the match criterion
Tree
Reference
configure filter match-list port-list string
Notes
The following are part of a choice: (eq and mask), port-list, or range.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
range
Synopsis
Enable the range context
Tree
Notes
The following are part of a choice: (eq and mask), port-list, or range.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
end number
Synopsis
Upper bound of the port number to match
Tree
Range
0 to 65535
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
start number
Synopsis
Lower bound of the port number to match
Tree
Range
0 to 65535
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
protocol (number | keyword)
Synopsis
IP protocol as the match criterion
Context
Tree
Range
0 to 255
Options
tcp-udp, icmp, igmp, ip, tcp, egp, igp, udp, rdp, ipv6, ipv6-route, ipv6-frag, idrp, rsvp, gre, ipv6-icmp, ipv6-no-nxt, ipv6-opts, iso-ip, eigrp, ospf-igp, ether-ip, encap, pnni, pim, vrrp, l2tp, stp, ptp, isis, crtp, crudp, sctp
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
router-instance string
Synopsis
Router instance as the match criteria
Context
configure system security cpm-filter ip-filter entry number match router-instance string
Tree
String Length
1 to 64
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
src-ip
Synopsis
Enter the src-ip context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
address (ipv4-address | ipv4-prefix-with-host-bits)
Synopsis
IP address used as the match criterion
Context
Tree
Notes
The following are part of a choice: (address and mask) or ip-prefix-list.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
ip-prefix-list reference
Synopsis
IP prefix list used as match criterion
Context
configure system security cpm-filter ip-filter entry number match src-ip ip-prefix-list reference
Tree
Reference
configure filter match-list ip-prefix-list string
Notes
The following are part of a choice: (address and mask) or ip-prefix-list.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
mask string
Synopsis
Address mask as the match criterion
Tree
Notes
The following are part of a choice: (address and mask) or ip-prefix-list.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
src-port
Synopsis
Enter the src-port context
Tree
Notes
The following are part of a choice: port or (dst-port and src-port).
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
eq number
Synopsis
Port number as the match criterion
Tree
Range
0 to 65535
Notes
The following are part of a choice: (eq and mask), port-list, or range.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
mask number
Synopsis
Port mask as the match criterion
Tree
Range
1 to 65535
Default
65535
Notes
The following are part of a choice: (eq and mask), port-list, or range.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
port-list reference
Synopsis
Port list as the match criterion
Context
Tree
Reference
configure filter match-list port-list string
Notes
The following are part of a choice: (eq and mask), port-list, or range.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
range
Synopsis
Enable the range context
Tree
Notes
The following are part of a choice: (eq and mask), port-list, or range.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
end number
Synopsis
Upper bound of the port number to match
Tree
Range
0 to 65535
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
start number
Synopsis
Lower bound of the port number to match
Context
Tree
Range
0 to 65535
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
tcp-flags
Synopsis
Enter the tcp-flags context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
ack boolean
Synopsis
ACK bit in TCP header control bits as match criterion
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
syn boolean
Synopsis
SYN bit in TCP header control bits as match criterion
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
ipv6-filter
Synopsis
Enter the ipv6-filter context
Context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
admin-state keyword
Synopsis
Administrative state of the CPM filter
Context
Tree
Default
disable
Options
enable, disable
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
entry [entry-id] number
Synopsis
Enter the entry list instance
Context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
[entry-id] number
Synopsis
Filter entry ID
Context
Range
1 to 131072
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
action
Synopsis
Enter the action context
Context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
accept
Synopsis
Forward matching packets
Context
Tree
Notes
The following are part of a choice: accept, default, drop, or queue.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
default
Synopsis
Use default action for matching packets
Context
Tree
Notes
The following are part of a choice: accept, default, drop, or queue.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
drop
Synopsis
Drop matching packets
Context
Tree
Notes
The following are part of a choice: accept, default, drop, or queue.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
queue reference
Synopsis
Forward matching packets to the CPM hardware queue
Context
configure system security cpm-filter ipv6-filter entry number action queue reference
Tree
Notes
The following are part of a choice: accept, default, drop, or queue.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
description string
Synopsis
Text description
Context
configure system security cpm-filter ipv6-filter entry number description string
Tree
String Length
1 to 80
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
log reference
Synopsis
Log ID where matching packets are entered
Context
configure system security cpm-filter ipv6-filter entry number log reference
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
match
Synopsis
Enter the match context
Context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
dscp keyword
Synopsis
DSCP used as the match criterion on the packet
Context
configure system security cpm-filter ipv6-filter entry number match dscp keyword
Tree
Options
be, cp1, cp2, cp3, cp4, cp5, cp6, cp7, cs1, cp9, af11, cp11, af12, cp13, af13, cp15, cs2, cp17, af21, cp19, af22, cp21, af23, cp23, cs3, cp25, af31, cp27, af32, cp29, af33, cp31, cs4, cp33, af41, cp35, af42, cp37, af43, cp39, cs5, cp41, cp42, cp43, cp44, cp45, ef, cp47, nc1, cp49, cp50, cp51, cp52, cp53, cp54, cp55, nc2, cp57, cp58, cp59, cp60, cp61, cp62, cp63
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
dst-ip
Synopsis
Enter the dst-ip context
Context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
address (ipv6-address | ipv6-prefix-with-host-bits)
Synopsis
IP address as the match criterion
Context
configure system security cpm-filter ipv6-filter entry number match dst-ip address (ipv6-address | ipv6-prefix-with-host-bits)
Tree
Notes
The following are part of a choice: (address and mask) or ipv6-prefix-list.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
ipv6-prefix-list reference
Synopsis
IPv6 prefix list as match criterion for IP address
Context
configure system security cpm-filter ipv6-filter entry number match dst-ip ipv6-prefix-list reference
Tree
Reference
Notes
The following are part of a choice: (address and mask) or ipv6-prefix-list.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
mask string
Synopsis
IPv6 address mask as the match criterion
Context
configure system security cpm-filter ipv6-filter entry number match dst-ip mask string
Tree
Notes
The following are part of a choice: (address and mask) or ipv6-prefix-list.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
dst-port
Synopsis
Enter the dst-port context
Context
Tree
Notes
The following are part of a choice: port or (dst-port and src-port).
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
eq number
Synopsis
Port number as the match criterion
Context
configure system security cpm-filter ipv6-filter entry number match dst-port eq number
Tree
Range
0 to 65535
Notes
The following are part of a choice: (eq and mask), port-list, or range.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
mask number
Synopsis
Port mask as the match criterion
Context
configure system security cpm-filter ipv6-filter entry number match dst-port mask number
Tree
Range
1 to 65535
Default
65535
Notes
The following are part of a choice: (eq and mask), port-list, or range.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
port-list reference
Synopsis
Port list as the match criterion
Context
configure system security cpm-filter ipv6-filter entry number match dst-port port-list reference
Tree
Reference
configure filter match-list port-list string
Notes
The following are part of a choice: (eq and mask), port-list, or range.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
range
Synopsis
Enable the range context
Context
Tree
Notes
The following are part of a choice: (eq and mask), port-list, or range.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
end number
Synopsis
Upper bound of the port number to match
Context
configure system security cpm-filter ipv6-filter entry number match dst-port range end number
Tree
Range
0 to 65535
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
start number
Synopsis
Lower bound of the port number to match
Context
configure system security cpm-filter ipv6-filter entry number match dst-port range start number
Tree
Range
0 to 65535
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
extension-header
Synopsis
Enter the extension-header context
Context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
hop-by-hop boolean
Synopsis
Match on existence of Hop-By-Hop Options Header
Context
configure system security cpm-filter ipv6-filter entry number match extension-header hop-by-hop boolean
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
flow-label number
Synopsis
Flow label in the IPv6 header as the match criterion
Context
configure system security cpm-filter ipv6-filter entry number match flow-label number
Tree
Range
0 to 1048575
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
fragment keyword
Synopsis
Match criterion based on presence of fragmented packets
Context
configure system security cpm-filter ipv6-filter entry number match fragment keyword
Tree
Options
false, true
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
icmp
Synopsis
Enter the icmp context
Context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
code number
Synopsis
ICMP code as the match criterion
Context
configure system security cpm-filter ipv6-filter entry number match icmp code number
Tree
Range
0 to 255
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
type number
Synopsis
ICMP type as the match criterion
Context
configure system security cpm-filter ipv6-filter entry number match icmp type number
Tree
Range
0 to 255
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
next-header (number | keyword)
Synopsis
IP protocol to match
Context
configure system security cpm-filter ipv6-filter entry number match next-header (number | keyword)
Tree
Range
0 to 255
Options
tcp-udp, icmp, igmp, ip, tcp, egp, igp, udp, rdp, ipv6, ipv6-route, ipv6-frag, idrp, rsvp, gre, ipv6-icmp, ipv6-no-nxt, ipv6-opts, iso-ip, eigrp, ospf-igp, ether-ip, encap, pnni, pim, vrrp, l2tp, stp, ptp, isis, crtp, crudp, sctp
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
port
Synopsis
Enter the port context
Context
Tree
Notes
The following are part of a choice: port or (dst-port and src-port).
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
eq number
Synopsis
Port number as the match criterion
Context
configure system security cpm-filter ipv6-filter entry number match port eq number
Tree
Range
0 to 65535
Notes
The following are part of a choice: (eq and mask), port-list, or range.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
mask number
Synopsis
Port mask as the match criterion
Context
configure system security cpm-filter ipv6-filter entry number match port mask number
Tree
Range
1 to 65535
Default
65535
Notes
The following are part of a choice: (eq and mask), port-list, or range.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
port-list reference
Synopsis
Port list as the match criterion
Context
configure system security cpm-filter ipv6-filter entry number match port port-list reference
Tree
Reference
configure filter match-list port-list string
Notes
The following are part of a choice: (eq and mask), port-list, or range.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
range
Synopsis
Enable the range context
Context
Tree
Notes
The following are part of a choice: (eq and mask), port-list, or range.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
end number
Synopsis
Upper bound of the port number to match
Context
configure system security cpm-filter ipv6-filter entry number match port range end number
Tree
Range
0 to 65535
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
start number
Synopsis
Lower bound of the port number to match
Context
configure system security cpm-filter ipv6-filter entry number match port range start number
Tree
Range
0 to 65535
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
router-instance string
Synopsis
Router instance as the match criteria
Context
configure system security cpm-filter ipv6-filter entry number match router-instance string
Tree
String Length
1 to 64
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
src-ip
Synopsis
Enter the src-ip context
Context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
address (ipv6-address | ipv6-prefix-with-host-bits)
Synopsis
IP address as the match criterion
Context
configure system security cpm-filter ipv6-filter entry number match src-ip address (ipv6-address | ipv6-prefix-with-host-bits)
Tree
Notes
The following are part of a choice: (address and mask) or ipv6-prefix-list.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
ipv6-prefix-list reference
Synopsis
IPv6 prefix list as match criterion for IP address
Context
configure system security cpm-filter ipv6-filter entry number match src-ip ipv6-prefix-list reference
Tree
Reference
Notes
The following are part of a choice: (address and mask) or ipv6-prefix-list.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
mask string
Synopsis
IPv6 address mask as the match criterion
Context
configure system security cpm-filter ipv6-filter entry number match src-ip mask string
Tree
Notes
The following are part of a choice: (address and mask) or ipv6-prefix-list.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
src-port
Synopsis
Enter the src-port context
Context
Tree
Notes
The following are part of a choice: port or (dst-port and src-port).
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
eq number
Synopsis
Port number as the match criterion
Context
configure system security cpm-filter ipv6-filter entry number match src-port eq number
Tree
Range
0 to 65535
Notes
The following are part of a choice: (eq and mask), port-list, or range.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
mask number
Synopsis
Port mask as the match criterion
Context
configure system security cpm-filter ipv6-filter entry number match src-port mask number
Tree
Range
1 to 65535
Default
65535
Notes
The following are part of a choice: (eq and mask), port-list, or range.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
port-list reference
Synopsis
Port list as the match criterion
Context
configure system security cpm-filter ipv6-filter entry number match src-port port-list reference
Tree
Reference
configure filter match-list port-list string
Notes
The following are part of a choice: (eq and mask), port-list, or range.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
range
Synopsis
Enable the range context
Context
Tree
Notes
The following are part of a choice: (eq and mask), port-list, or range.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
end number
Synopsis
Upper bound of the port number to match
Context
configure system security cpm-filter ipv6-filter entry number match src-port range end number
Tree
Range
0 to 65535
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
start number
Synopsis
Lower bound of the port number to match
Context
configure system security cpm-filter ipv6-filter entry number match src-port range start number
Tree
Range
0 to 65535
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
tcp-flags
Synopsis
Enter the tcp-flags context
Context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
ack boolean
Synopsis
ACK bit in TCP header control bits as match criterion
Context
configure system security cpm-filter ipv6-filter entry number match tcp-flags ack boolean
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
syn boolean
Synopsis
SYN bit in TCP header control bits as match criterion
Context
configure system security cpm-filter ipv6-filter entry number match tcp-flags syn boolean
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
mac-filter
Synopsis
Enter the mac-filter context
Context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
admin-state keyword
Synopsis
Administrative state of the CPM filter
Context
Tree
Default
disable
Options
enable, disable
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
entry [entry-id] number
Synopsis
Enter the entry list instance
Context
configure system security cpm-filter mac-filter entry number
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
[entry-id] number
Synopsis
Filter entry ID
Context
configure system security cpm-filter mac-filter entry number
Range
1 to 131072
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
action
Synopsis
Enter the action context
Context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
accept
Synopsis
Forward matching packets
Context
Tree
Notes
The following are part of a choice: accept, default, drop, or queue.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
default
Synopsis
Use default action for matching packets
Context
Tree
Notes
The following are part of a choice: accept, default, drop, or queue.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
drop
Synopsis
Drop matching packets
Context
Tree
Notes
The following are part of a choice: accept, default, drop, or queue.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
queue reference
Synopsis
Forward matching packets to the CPM hardware queue
Context
configure system security cpm-filter mac-filter entry number action queue reference
Tree
Notes
The following are part of a choice: accept, default, drop, or queue.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
description string
Synopsis
Text description
Context
configure system security cpm-filter mac-filter entry number description string
Tree
String Length
1 to 80
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
log reference
Synopsis
Log ID where matching packets are entered
Context
configure system security cpm-filter mac-filter entry number log reference
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
match
Synopsis
Enter the match context
Context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
cfm-opcode
Synopsis
Enter the cfm-opcode context
Context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
eq number
Synopsis
Equal to comparison operator for the CFM opcode
Context
configure system security cpm-filter mac-filter entry number match cfm-opcode eq number
Tree
Range
0 to 255
Notes
The following are part of a choice: eq, gt, lt, or range.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
gt number
Synopsis
Greater than comparison operator for the CFM opcode
Context
configure system security cpm-filter mac-filter entry number match cfm-opcode gt number
Tree
Range
0 to 254
Notes
The following are part of a choice: eq, gt, lt, or range.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
lt number
Synopsis
Less than comparison operator for the CFM opcode
Context
configure system security cpm-filter mac-filter entry number match cfm-opcode lt number
Tree
Range
1 to 255
Notes
The following are part of a choice: eq, gt, lt, or range.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
range
Synopsis
Enable the range context
Context
Tree
Notes
The following are part of a choice: eq, gt, lt, or range.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
end number
Synopsis
Upper bound of the Opcode range to match
Context
configure system security cpm-filter mac-filter entry number match cfm-opcode range end number
Tree
Range
1 to 255
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
start number
Synopsis
Lower bound of the OpCode range to match
Context
configure system security cpm-filter mac-filter entry number match cfm-opcode range start number
Tree
Range
0 to 254
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
dst-mac
Synopsis
Enable the dst-mac context
Context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
address string
Synopsis
MAC address used as the match criterion
Context
configure system security cpm-filter mac-filter entry number match dst-mac address string
Tree
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
mask string
Synopsis
MAC address mask as the match criterion
Context
configure system security cpm-filter mac-filter entry number match dst-mac mask string
Tree
Default
ff:ff:ff:ff:ff:ff
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
etype string
Synopsis
Ethernet type as the match criterion
Context
configure system security cpm-filter mac-filter entry number match etype string
Tree
Description
This command specifies an Ethernet type II Ethertype value to be used as a MAC filter match criterion.
The Ethernet type field is used by the Ethernet version-II frames and does not apply to IEEE 802.3 Ethernet frames.
String Length
5 to 6
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
frame-type keyword
Synopsis
MAC frame type as the match criterion
Context
configure system security cpm-filter mac-filter entry number match frame-type keyword
Tree
Options
802dot2-llc, ethernet-ii
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
llc-dsap
Synopsis
Enable the llc-dsap context
Context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
dsap number
Synopsis
8-bit DSAP as the match criterion
Context
configure system security cpm-filter mac-filter entry number match llc-dsap dsap number
Tree
Range
0 to 255
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
mask number
Synopsis
Mask for DSAP value as the match criterion
Context
configure system security cpm-filter mac-filter entry number match llc-dsap mask number
Tree
Range
1 to 255
Default
255
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
llc-ssap
Synopsis
Enable the llc-ssap context
Context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
mask number
Synopsis
Mask for SSAP value as the match criterion
Context
configure system security cpm-filter mac-filter entry number match llc-ssap mask number
Tree
Range
1 to 255
Default
255
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
ssap number
Synopsis
8-bit SSAP as the match criterion
Context
configure system security cpm-filter mac-filter entry number match llc-ssap ssap number
Tree
Range
0 to 255
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
service reference
Synopsis
Service ID used as the match condition
Context
configure system security cpm-filter mac-filter entry number match service reference
Tree
Introduced
16.0.R4
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
src-mac
Synopsis
Enable the src-mac context
Context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
address string
Synopsis
MAC address used as the match criterion
Context
configure system security cpm-filter mac-filter entry number match src-mac address string
Tree
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
mask string
Synopsis
MAC address mask as the match criterion
Context
configure system security cpm-filter mac-filter entry number match src-mac mask string
Tree
Default
ff:ff:ff:ff:ff:ff
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
cpm-queue
Synopsis
Enter the cpm-queue context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
queue [queue-id] number
Synopsis
Enter the queue list instance
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
[queue-id] number
Synopsis
CPM queue ID
Range
33 to 2000
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
cbs number
Synopsis
Buffer size that can be drawn from queue buffer pool
Tree
Range
0 to 131072
Units
kilobps
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
mbs number
Synopsis
Maximum queue depth to which the queue can grow
Tree
Range
0 to 131072
Units
kilobps
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
rate
Synopsis
Enter the rate context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
cir (number | keyword)
Synopsis
Amount of bandwidth committed to the queue
Tree
Range
0 to 100000000
Default
max
Units
kilobps
Options
max
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
pir (number | keyword)
Synopsis
Peak information Rate for the queue
Tree
Range
1 to 100000000
Default
max
Units
kilobps
Options
max
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
cpu-protection
Synopsis
Enter the cpu-protection context
Context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS
ip-src-monitoring
Synopsis
Enter the ip-src-monitoring context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS
included-protocols
Synopsis
Enter the included-protocols context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS
dhcp boolean
Synopsis
Include extracted DHCP packets for IP source monitoring
Context
Tree
Default
true
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS
gtp boolean
Synopsis
Include extracted GTP packets for IP source monitoring
Context
Tree
Default
false
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS
icmp boolean
Synopsis
Include extracted ICMP packets for IP source monitoring
Context
Tree
Default
false
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS
igmp boolean
Synopsis
Include extracted IGMP packets for IP source monitoring
Context
Tree
Default
false
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS
link-specific-rate (number | keyword)
Synopsis
Packet arrival rate limit for link level protocols
Context
configure system security cpu-protection link-specific-rate (number | keyword)
Tree
Range
1 to 65535
Units
packets per second
Options
max
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS
policy [policy-id] number
Synopsis
Enter the policy list instance
Context
configure system security cpu-protection policy number
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS
[policy-id] number
Synopsis
Policy ID
Context
configure system security cpu-protection policy number
Range
1 to 255
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS
alarm boolean
Synopsis
Generate an event when the rate is exceeded
Tree
Default
true
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS
description string
Synopsis
Text description
Context
configure system security cpu-protection policy number description string
Tree
String Length
1 to 80
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS
eth-cfm
Synopsis
Enter the eth-cfm context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS
entry [id] number
Synopsis
Enter the entry list instance
Tree
Max. Elements
10
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS
[id] number
Synopsis
Entry ID
Range
1 to 100
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS
level start number end number
Synopsis
Add a list entry for level
Context
Tree
Min. Elements
1
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS
start number
Synopsis
Lower bound of the level range
Context
Range
0 to 7
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS
end number
Synopsis
Upper bound of the level range
Context
Range
0 to 7
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS
opcode start number end number
Synopsis
Add a list entry for opcode
Context
Tree
Min. Elements
1
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS
start number
Synopsis
Lower bound of the OpCode range
Context
Range
0 to 255
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS
end number
Synopsis
Upper bound of the OpCode range
Context
Range
0 to 255
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS
pir (number | keyword)
Synopsis
Packet arrival rate limit
Context
Tree
Range
0 to 65534
Default
max
Units
packets per second
Options
max
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS
out-profile-rate
Synopsis
Enter the out-profile-rate context
Context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS
log-events boolean
Synopsis
Generate a log event when the packet rate is exceeded
Context
configure system security cpu-protection policy number out-profile-rate log-events boolean
Tree
Default
false
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS
pir (number | keyword)
Synopsis
Packet arrival rate limit
Context
configure system security cpu-protection policy number out-profile-rate pir (number | keyword)
Tree
Range
1 to 65534
Units
packets per second
Options
max
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS
overall-rate (number | keyword)
Synopsis
Overall packet arrival rate limit to apply for all sources of packets
Context
configure system security cpu-protection policy number overall-rate (number | keyword)
Tree
Range
1 to 65534
Units
packets per second
Options
max
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS
per-source-parameters
Synopsis
Enter the per-source-parameters context
Context
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS
ip-src-monitoring
Synopsis
Enter the ip-src-monitoring context
Context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS
limit-dhcp-ci-addr-zero boolean
Synopsis
Apply per-source rate limiting to DHCP packets containing Client IP address zero
Context
Default
false
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS
per-source-rate (number | keyword)
Synopsis
Per-source packet arrival rate limit
Context
configure system security cpu-protection policy number per-source-rate (number | keyword)
Tree
Range
1 to 65534
Default
max
Units
packets per second
Options
max
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS
port-overall-rate
Synopsis
Enter the port-overall-rate context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS
action-low-priority boolean
Synopsis
Mark packets that exceed the rate as low-priority
Context
Tree
Default
false
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS
pir (number | keyword)
Synopsis
Per-port packet arrival rate limit
Context
configure system security cpu-protection port-overall-rate pir (number | keyword)
Tree
Range
1 to 65535
Units
packets per second
Options
max
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS
protocol-protection
Synopsis
Enable the protocol-protection context
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS
allow-sham-links boolean
Synopsis
Allow OSPF sham-link traffic over VPRN transport tunnels
Context
Tree
Default
false
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS
block-pim-tunneled boolean
Synopsis
Block extraction and processing of PIM packets that arrive inside a tunnel
Context
Tree
Default
false
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS
dist-cpu-protection
Synopsis
Enter the dist-cpu-protection context
Context
Tree
Introduced
16.0.R1
Platforms
All
policy [policy-name] string
Synopsis
Enter the policy list instance
Context
Tree
Description
Commands in this context configure the attributes of DCP policies. These policies can be applied to objects such as SAPs, network interfaces or ports
Max. Elements
18
Introduced
16.0.R1
Platforms
All
[policy-name] string
Synopsis
Policy name
Context
String Length
1 to 32
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
description string
Synopsis
Text description
Context
configure system security dist-cpu-protection policy string description string
Tree
String Length
1 to 80
Introduced
16.0.R1
Platforms
All
local-monitoring-policer [policer-name] string
Synopsis
Enter the local-monitoring-policer list instance
Context
configure system security dist-cpu-protection policy string local-monitoring-policer string
Max. Elements
1
Introduced
16.0.R1
Platforms
All
[policer-name] string
Synopsis
Local monitoring policer name
Context
configure system security dist-cpu-protection policy string local-monitoring-policer string
String Length
1 to 32
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
description string
Synopsis
Text description
Context
configure system security dist-cpu-protection policy string local-monitoring-policer string description string
Tree
String Length
1 to 80
Introduced
16.0.R1
Platforms
All
exceed-action keyword
Synopsis
Action taken when policer rates are exceeded
Context
configure system security dist-cpu-protection policy string local-monitoring-policer string exceed-action keyword
Tree
Default
none
Options
discard, low-priority, none
Introduced
16.0.R1
Platforms
All
log-events keyword
Synopsis
Control of log events creation for status and activity
Context
configure system security dist-cpu-protection policy string local-monitoring-policer string log-events keyword
Tree
Default
true
Options
false, true, verbose
Introduced
16.0.R1
Platforms
All
rate
Synopsis
Enter the rate context
Context
configure system security dist-cpu-protection policy string local-monitoring-policer string rate
Tree
Introduced
16.0.R1
Platforms
All
kbps
Synopsis
Enter the kbps context
Context
configure system security dist-cpu-protection policy string local-monitoring-policer string rate kbps
Tree
Notes
The following are part of a choice: kbps or packets.
Introduced
16.0.R1
Platforms
All
limit (keyword | number)
Synopsis
Rate limit
Context
configure system security dist-cpu-protection policy string local-monitoring-policer string rate kbps limit (keyword | number)
Tree
Range
1 to 20000000
Default
max
Units
kilobps
Options
max
Introduced
16.0.R1
Platforms
All
mbs number
Synopsis
Tolerance for the rate
Context
configure system security dist-cpu-protection policy string local-monitoring-policer string rate kbps mbs number
Tree
Range
0 to 4194304
Units
bytes
Introduced
16.0.R1
Platforms
All
packets
Synopsis
Enter the packets context
Context
configure system security dist-cpu-protection policy string local-monitoring-policer string rate packets
Tree
Notes
This element is the default part of a choice.
The following are part of a choice: kbps or packets.
Introduced
16.0.R1
Platforms
All
initial-delay number
Synopsis
Additional packets allowed in an initial burst
Context
configure system security dist-cpu-protection policy string local-monitoring-policer string rate packets initial-delay number
Tree
Range
0 to 255
Default
0
Units
packets
Introduced
16.0.R1
Platforms
All
limit (keyword | number)
Synopsis
Packets per interval limit
Context
configure system security dist-cpu-protection policy string local-monitoring-policer string rate packets limit (keyword | number)
Tree
Range
0 to 8000
Default
max
Units
packets per interval
Options
max
Introduced
16.0.R1
Platforms
All
within number
Synopsis
Measurement interval for packets rate
Context
configure system security dist-cpu-protection policy string local-monitoring-policer string rate packets within number
Tree
Range
1 to 32767
Default
1
Units
seconds
Introduced
16.0.R1
Platforms
All
protocol [protocol-name] keyword
Synopsis
Enter the protocol list instance
Tree
Introduced
16.0.R1
Platforms
All
[protocol-name] keyword
Synopsis
Protocol name
Options
arp, dhcp, http-redirect, icmp, igmp, mld, ndis, pppoe-pppoa, all-unspecified, mpls-ttl, bfd-cpm, bgp, eth-cfm, isis, ldp, ospf, pim, rsvp, icmp-ping-check, lacp
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
dynamic-parameters
Synopsis
Enter the dynamic-parameters context
Context
configure system security dist-cpu-protection policy string protocol keyword dynamic-parameters
Tree
Introduced
16.0.R1
Platforms
All
detection-time number
Synopsis
Minimum time the dynamic policer remains allocated
Context
configure system security dist-cpu-protection policy string protocol keyword dynamic-parameters detection-time number
Tree
Range
1 to 128000
Default
30
Units
seconds
Introduced
16.0.R1
Platforms
All
exceed-action
Synopsis
Enter the exceed-action context
Context
configure system security dist-cpu-protection policy string protocol keyword dynamic-parameters exceed-action
Tree
Introduced
16.0.R1
Platforms
All
action keyword
Synopsis
Action taken on control packets when rates are exceeded
Context
configure system security dist-cpu-protection policy string protocol keyword dynamic-parameters exceed-action action keyword
Tree
Default
none
Options
discard, low-priority, none
Introduced
16.0.R1
Platforms
All
hold-down (keyword | number)
Synopsis
Hold down behavior
Context
configure system security dist-cpu-protection policy string protocol keyword dynamic-parameters exceed-action hold-down (keyword | number)
Tree
Range
1 to 10080
Default
none
Units
seconds
Options
indefinite, none
Introduced
16.0.R1
Platforms
All
log-events keyword
Synopsis
Control of log events creation for status and activity
Context
configure system security dist-cpu-protection policy string protocol keyword dynamic-parameters log-events keyword
Tree
Default
true
Options
false, true, verbose
Introduced
16.0.R1
Platforms
All
rate
Synopsis
Enter the rate context
Context
configure system security dist-cpu-protection policy string protocol keyword dynamic-parameters rate
Tree
Introduced
16.0.R1
Platforms
All
kbps
Synopsis
Enter the kbps context
Context
configure system security dist-cpu-protection policy string protocol keyword dynamic-parameters rate kbps
Tree
Notes
The following are part of a choice: kbps or packets.
Introduced
16.0.R1
Platforms
All
limit (keyword | number)
Synopsis
Rate limit
Context
configure system security dist-cpu-protection policy string protocol keyword dynamic-parameters rate kbps limit (keyword | number)
Tree
Range
1 to 20000000
Default
max
Units
kilobps
Options
max
Introduced
16.0.R1
Platforms
All
mbs number
Synopsis
Tolerance for the rate
Context
configure system security dist-cpu-protection policy string protocol keyword dynamic-parameters rate kbps mbs number
Tree
Range
0 to 4194304
Units
bytes
Introduced
16.0.R1
Platforms
All
packets
Synopsis
Enter the packets context
Context
configure system security dist-cpu-protection policy string protocol keyword dynamic-parameters rate packets
Tree
Notes
This element is the default part of a choice.
The following are part of a choice: kbps or packets.
Introduced
16.0.R1
Platforms
All
initial-delay number
Synopsis
Additional packets allowed in an initial burst
Context
configure system security dist-cpu-protection policy string protocol keyword dynamic-parameters rate packets initial-delay number
Tree
Range
0 to 255
Default
0
Units
packets
Introduced
16.0.R1
Platforms
All
limit (keyword | number)
Synopsis
Packets per interval limit
Context
configure system security dist-cpu-protection policy string protocol keyword dynamic-parameters rate packets limit (keyword | number)
Tree
Range
0 to 8000
Default
max
Units
packets per interval
Options
max
Introduced
16.0.R1
Platforms
All
within number
Synopsis
Measurement interval for packets rate
Context
configure system security dist-cpu-protection policy string protocol keyword dynamic-parameters rate packets within number
Tree
Range
1 to 32767
Default
1
Units
seconds
Introduced
16.0.R1
Platforms
All
enforcement
Synopsis
Enter the enforcement context
Context
configure system security dist-cpu-protection policy string protocol keyword enforcement
Tree
Introduced
16.0.R1
Platforms
All
dynamic
Synopsis
Enter the dynamic context
Context
configure system security dist-cpu-protection policy string protocol keyword enforcement dynamic
Tree
Notes
The following are part of a choice: dynamic, dynamic-local-mon-bypass, or static.
Introduced
16.0.R1
Platforms
All
mon-policer-name reference
Synopsis
Dynamic enforcement policer for the protocol
Context
configure system security dist-cpu-protection policy string protocol keyword enforcement dynamic mon-policer-name reference
Tree
Reference
configure system security dist-cpu-protection policy string local-monitoring-policer string
Introduced
16.0.R1
Platforms
All
dynamic-local-mon-bypass
Synopsis
Do not include packets in the local monitoring function
Context
Notes
This element is the default part of a choice.
The following are part of a choice: dynamic, dynamic-local-mon-bypass, or static.
Introduced
16.0.R1
Platforms
All
static
Synopsis
Enter the static context
Context
configure system security dist-cpu-protection policy string protocol keyword enforcement static
Tree
Notes
The following are part of a choice: dynamic, dynamic-local-mon-bypass, or static.
Introduced
16.0.R1
Platforms
All
policer-name reference
Synopsis
Static policer enforced by the protocol
Context
configure system security dist-cpu-protection policy string protocol keyword enforcement static policer-name reference
Tree
Reference
configure system security dist-cpu-protection policy string static-policer string
Introduced
16.0.R1
Platforms
All
static-policer [policer-name] string
Synopsis
Enter the static-policer list instance
Context
configure system security dist-cpu-protection policy string static-policer string
Tree
Max. Elements
18
Introduced
16.0.R1
Platforms
All
[policer-name] string
Synopsis
Static policer name
Context
configure system security dist-cpu-protection policy string static-policer string
String Length
1 to 32
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
description string
Synopsis
Text description
Context
configure system security dist-cpu-protection policy string static-policer string description string
Tree
String Length
1 to 80
Introduced
16.0.R1
Platforms
All
detection-time number
Synopsis
Minimum time the dynamic policer remains allocated
Context
configure system security dist-cpu-protection policy string static-policer string detection-time number
Tree
Range
1 to 128000
Default
30
Units
seconds
Introduced
16.0.R1
Platforms
All
exceed-action
Synopsis
Enter the exceed-action context
Context
configure system security dist-cpu-protection policy string static-policer string exceed-action
Tree
Introduced
16.0.R1
Platforms
All
action keyword
Synopsis
Action taken on control packets when rates are exceeded
Context
configure system security dist-cpu-protection policy string static-policer string exceed-action action keyword
Tree
Default
none
Options
discard, low-priority, none
Introduced
16.0.R1
Platforms
All
hold-down (keyword | number)
Synopsis
Hold down behavior
Context
configure system security dist-cpu-protection policy string static-policer string exceed-action hold-down (keyword | number)
Tree
Range
1 to 10080
Default
none
Units
seconds
Options
indefinite, none
Introduced
16.0.R1
Platforms
All
log-events keyword
Synopsis
Control of log events creation for status and activity
Context
configure system security dist-cpu-protection policy string static-policer string log-events keyword
Tree
Default
true
Options
false, true, verbose
Introduced
16.0.R1
Platforms
All
rate
Synopsis
Enter the rate context
Context
configure system security dist-cpu-protection policy string static-policer string rate
Tree
Introduced
16.0.R1
Platforms
All
kbps
Synopsis
Enter the kbps context
Context
configure system security dist-cpu-protection policy string static-policer string rate kbps
Tree
Notes
The following are part of a choice: kbps or packets.
Introduced
16.0.R1
Platforms
All
limit (keyword | number)
Synopsis
Rate limit
Context
configure system security dist-cpu-protection policy string static-policer string rate kbps limit (keyword | number)
Tree
Range
1 to 20000000
Default
max
Units
kilobps
Options
max
Introduced
16.0.R1
Platforms
All
mbs number
Synopsis
Tolerance for the rate
Context
configure system security dist-cpu-protection policy string static-policer string rate kbps mbs number
Tree
Range
0 to 4194304
Units
bytes
Introduced
16.0.R1
Platforms
All
packets
Synopsis
Enter the packets context
Context
configure system security dist-cpu-protection policy string static-policer string rate packets
Tree
Notes
This element is the default part of a choice.
The following are part of a choice: kbps or packets.
Introduced
16.0.R1
Platforms
All
initial-delay number
Synopsis
Additional packets allowed in an initial burst
Context
configure system security dist-cpu-protection policy string static-policer string rate packets initial-delay number
Tree
Range
0 to 255
Default
0
Units
packets
Introduced
16.0.R1
Platforms
All
limit (keyword | number)
Synopsis
Packets per interval limit
Context
configure system security dist-cpu-protection policy string static-policer string rate packets limit (keyword | number)
Tree
Range
0 to 8000
Default
max
Units
packets per interval
Options
max
Introduced
16.0.R1
Platforms
All
within number
Synopsis
Measurement interval for packets rate
Context
configure system security dist-cpu-protection policy string static-policer string rate packets within number
Tree
Range
1 to 32767
Default
1
Units
seconds
Introduced
16.0.R1
Platforms
All
type keyword
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
Policy type
Tree
Options
access-network, port
Introduced
21.5.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
dot1x
Synopsis
Enter the dot1x context
Tree
Introduced
16.0.R1
Platforms
All
admin-state keyword
Synopsis
Administrative state of port access control in a system
Context
configure system security dot1x admin-state keyword
Tree
Default
disable
Options
enable, disable
Introduced
16.0.R1
Platforms
All
radius-policy [policy-name] string
Synopsis
Enter the radius-policy list instance
Context
configure system security dot1x radius-policy string
Tree
Introduced
16.0.R1
Platforms
All
[policy-name] string
Synopsis
RADIUS server policy to use for 802.1X authentication
Context
configure system security dot1x radius-policy string
String Length
1 to 32
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
admin-state keyword
Synopsis
Administrative state of this RADIUS server policy
Context
configure system security dot1x radius-policy string admin-state keyword
Tree
Default
disable
Options
enable, disable
Introduced
16.0.R1
Platforms
All
retry number
Synopsis
Number of RADIUS requests toward the same RADIUS server
Tree
Range
1 to 10
Default
3
Introduced
16.0.R1
Platforms
All
server [server-index] number
Synopsis
Enter the server list instance
Tree
Max. Elements
5
Introduced
16.0.R1
Platforms
All
[server-index] number
Synopsis
RADIUS server index
Range
1 to 5
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
accounting-port number
Synopsis
UDP port number on which to contact the RADIUS server for accounting requests
Context
configure system security dot1x radius-policy string server number accounting-port number
Tree
Range
1 to 65535
Default
1813
Introduced
16.0.R1
Platforms
All
address string
Synopsis
IP address of the RADIUS server
Tree
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
authentication-port number
Synopsis
UDP port number on which to contact the RADIUS server for authentication
Context
configure system security dot1x radius-policy string server number authentication-port number
Tree
Range
1 to 65535
Default
1812
Introduced
16.0.R1
Platforms
All
secret string
Synopsis
Secret key associated with the RADIUS server
Tree
String Length
1 to 54
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
type keyword
Synopsis
RADIUS server type
Tree
Default
authorization
Options
authorization, accounting, combined
Introduced
16.0.R1
Platforms
All
source-address string
Synopsis
Source address of the RADIUS packet
Context
configure system security dot1x radius-policy string source-address string
Tree
Introduced
16.0.R1
Platforms
All
timeout number
Synopsis
Time assigned between the request retries toward the same RADIUS server
Tree
Range
1 to 90
Default
5
Units
seconds
Introduced
16.0.R1
Platforms
All
ftp-server boolean
Synopsis
Enable FTP servers running on the system
Context
configure system security ftp-server boolean
Tree
Default
false
Introduced
16.0.R1
Platforms
All
hash-control
Synopsis
Enter the hash-control context
Context
Tree
Introduced
16.0.R4
Platforms
All
management-interface
Synopsis
Enter the management-interface context
Tree
Description
Commands in this context configure encryption parameters for different management interfaces.
Introduced
16.0.R4
Platforms
All
classic-cli
Synopsis
Enter the classic-cli context
Tree
Introduced
16.0.R4
Platforms
All
read-algorithm keyword
Synopsis
Global read algorithm for the system
Context
Tree
Description
This command specifies how encrypted configuration secrets are interpreted and which encryption types are accepted when secrets are input into the system or read from a configuration file (for example, at system bootup time).
Default
all-hash
Options
all-hash, hash, hash2, custom
Introduced
16.0.R4
Platforms
All
write-algorithm keyword
Synopsis
Global write algorithm for the system
Context
Tree
Description
This command specifies the format of the output for encrypted configuration secrets (for example, in the saved configuration file, or in the output of the info or show commands).
Default
hash2
Options
cleartext, hash, hash2, custom
Introduced
16.0.R4
Platforms
All
grpc
Synopsis
Enter the grpc context
Tree
Introduced
16.0.R4
Platforms
All
hash-algorithm keyword
Synopsis
Encryption format for configuration secrets
Context
Tree
Description
This command specifies the format of the input and output for encrypted configuration secrets.
Default
hash2
Options
cleartext, hash, hash2, custom
Introduced
16.0.R4
Platforms
All
md-cli
Synopsis
Enter the md-cli context
Tree
Introduced
16.0.R4
Platforms
All
hash-algorithm keyword
Synopsis
Encryption format for configuration secrets
Context
Tree
Description
This command specifies the format of the input and output for encrypted configuration secrets.
Default
hash2
Options
cleartext, hash, hash2, custom
Introduced
16.0.R4
Platforms
All
netconf
Synopsis
Enter the netconf context
Tree
Introduced
16.0.R4
Platforms
All
hash-algorithm keyword
Synopsis
Encryption format for configuration secrets
Context
Tree
Description
This command specifies the format of the input and output for encrypted configuration secrets.
Default
hash2
Options
cleartext, hash, hash2, custom
Introduced
16.0.R4
Platforms
All
keychains
Synopsis
Enter the keychains context
Tree
Introduced
16.0.R1
Platforms
All
keychain [keychain-name] string
Synopsis
Enter the keychain list instance
Tree
Max. Elements
256
Introduced
16.0.R1
Platforms
All
[keychain-name] string
Synopsis
Keychain name
String Length
1 to 32
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
admin-state keyword
Synopsis
Administrative state of the keychain
Tree
Default
enable
Options
enable, disable
Introduced
16.0.R1
Platforms
All
bidirectional
Synopsis
Enter the bidirectional context
Tree
Introduced
16.0.R1
Platforms
All
entry [keychain-entry-index] number
Synopsis
Enter the entry list instance
Tree
Introduced
16.0.R1
Platforms
All
[keychain-entry-index] number
Synopsis
Keychain identifier
Range
0 to 63 | 255
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
admin-state keyword
Synopsis
Administrative state of the keychain entry
Context
configure system security keychains keychain string bidirectional entry number admin-state keyword
Tree
Default
enable
Options
enable, disable
Introduced
16.0.R1
Platforms
All
algorithm keyword
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
Encryption algorithm used by the keychain key
Context
Tree
Options
aes-128-cmac-96, hmac-sha-1-96, password, message-digest, hmac-md5, hmac-sha-1, hmac-sha-256
Introduced
16.0.R1
Platforms
All
authentication-key string
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
The key used by the encryption algorithm to sign and authenticate protocol packets.
Context
configure system security keychains keychain string bidirectional entry number authentication-key string
Tree
String Length
1 to 54
Introduced
16.0.R1
Platforms
All
begin-time string
Synopsis
Calendar date and time when the system starts using the key
Context
configure system security keychains keychain string bidirectional entry number begin-time string
Tree
Introduced
16.0.R1
Platforms
All
option keyword
Synopsis
Keychain key option
Context
Tree
Default
none
Options
none, basic, isis-enhanced
Introduced
16.0.R1
Platforms
All
tolerance (number | keyword)
Synopsis
Time within which an eligible receive key should overlap with the active send key
Context
Tree
Range
0 to 4294967294
Default
300
Options
infinite
Introduced
16.0.R1
Platforms
All
description string
Synopsis
Text description
Tree
String Length
1 to 80
Introduced
16.0.R1
Platforms
All
receive
Synopsis
Enter the receive context
Tree
Introduced
16.0.R1
Platforms
All
entry [keychain-entry-index] number
Synopsis
Enter the entry list instance
Tree
Introduced
16.0.R1
Platforms
All
[keychain-entry-index] number
Synopsis
Keychain identifier
Range
0 to 63 | 255
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
admin-state keyword
Synopsis
Administrative state of the keychain entry
Context
Tree
Default
enable
Options
enable, disable
Introduced
16.0.R1
Platforms
All
algorithm keyword
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
Encryption algorithm used by the keychain key
Tree
Options
aes-128-cmac-96, hmac-sha-1-96, password, message-digest, hmac-md5, hmac-sha-1, hmac-sha-256
Introduced
16.0.R1
Platforms
All
authentication-key string
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
The key used by the encryption algorithm to sign and authenticate protocol packets.
Context
Tree
String Length
1 to 54
Introduced
16.0.R1
Platforms
All
begin-time string
Synopsis
Calendar date and time when the system starts using the key
Tree
Introduced
16.0.R1
Platforms
All
end-time string
Synopsis
Calendar date and time when the system should stop using the key
Tree
Introduced
16.0.R1
Platforms
All
tolerance (number | keyword)
Synopsis
Time within which an eligible receive key should overlap with the active send key
Context
Tree
Range
0 to 4294967294
Default
300
Options
infinite
Introduced
16.0.R1
Platforms
All
send
Synopsis
Enter the send context
Tree
Introduced
16.0.R1
Platforms
All
entry [keychain-entry-index] number
Synopsis
Enter the entry list instance
Tree
Introduced
16.0.R1
Platforms
All
[keychain-entry-index] number
Synopsis
Keychain identifier
Range
0 to 63 | 255
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
admin-state keyword
Synopsis
Administrative state of the keychain entry
Tree
Default
enable
Options
enable, disable
Introduced
16.0.R1
Platforms
All
algorithm keyword
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
Encryption algorithm used by the keychain key
Tree
Options
aes-128-cmac-96, hmac-sha-1-96, password, message-digest, hmac-md5, hmac-sha-1, hmac-sha-256
Introduced
16.0.R1
Platforms
All
authentication-key string
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
The key used by the encryption algorithm to sign and authenticate protocol packets.
Context
Tree
String Length
1 to 54
Introduced
16.0.R1
Platforms
All
begin-time string
Synopsis
Calendar date and time when the system starts using the key
Tree
Introduced
16.0.R1
Platforms
All
tcp-option-number
Synopsis
Enter the tcp-option-number context
Tree
Introduced
16.0.R1
Platforms
All
receive keyword
Synopsis
TCP option value expected in the TCP header of received packets
Tree
Default
option-254
Options
option-253, option-254, both, tcp-ao
Introduced
16.0.R1
Platforms
All
send keyword
Synopsis
TCP option value assigned in the TCP header of transmitted packets
Tree
Default
option-254
Options
option-253, option-254, tcp-ao
Introduced
16.0.R1
Platforms
All
management
Synopsis
Enter the management context
Context
Tree
Description
Commands in this context control which management protocols can be used to access the SR OS router via the 'Base' and 'management' router instances.
Introduced
16.0.R5
Platforms
All
allow-ftp boolean
Synopsis
Allow access to the FTP server
Context
configure system security management allow-ftp boolean
Tree
Description
When configured to true, this command allows FTP access to the SR OS router via the 'Base' and 'management' router instances.
When configured to false, this command disallows access to the SR OS FTP server.
Default
true
Introduced
16.0.R6
Platforms
All
allow-grpc boolean
Synopsis
Allow access to the gRPC server
Context
configure system security management allow-grpc boolean
Tree
Description
When configured to true, this command allows access to the gRPC server via the 'Base' and 'management' router instances.
When configured to false, this command disallows gRPC server access.
Default
true
Introduced
19.5.R1
Platforms
All
allow-netconf boolean
Synopsis
Allow access to the NETCONF server
Context
configure system security management allow-netconf boolean
Tree
Description
When configured to true, this command allows NETCONF server access to the SR OS router via the 'Base' and 'management' router instances.
When configured to false, this command disallows access to the NETCONF server.
Default
true
Introduced
19.5.R1
Platforms
All
allow-ssh boolean
Synopsis
Allow access to the SSH server
Context
configure system security management allow-ssh boolean
Tree
Description
When configured to true, this command allows SSH server access to the SR OS router via the 'Base' and 'management' router instances.
When configured to false, this command disallows SSH server access.
Default
true
Introduced
16.0.R5
Platforms
All
allow-telnet boolean
Synopsis
Allow access to the IPv4 Telnet server
Context
configure system security management allow-telnet boolean
Tree
Description
When configured to true, this command allows IPv4 Telnet server access to the SR OS router via the 'Base' and 'management' router instances.
When configured to false, this command disallows access to the IPv4 Telnet server.
Default
true
Introduced
16.0.R5
Platforms
All
allow-telnet6 boolean
Synopsis
Allow access to the Telnet IPv6 server
Context
configure system security management allow-telnet6 boolean
Tree
Description
When configured to true, this command allows IPv6 Telnet server access to the SR OS router via the 'Base' and 'management' router instances.
When configured to false, this command disallows access to the IPv6 Telnet server.
Default
true
Introduced
16.0.R5
Platforms
All
management-access-filter
Synopsis
Enter the management-access-filter context
Introduced
16.0.R4
Platforms
All
ip-filter
Synopsis
Enter the ip-filter context
Tree
Introduced
16.0.R4
Platforms
All
admin-state keyword
Synopsis
Administrative state of management-access filters
Context
Tree
Default
enable
Options
enable, disable
Introduced
16.0.R4
Platforms
All
default-action keyword
Synopsis
Default action for the management access filter
Context
Tree
Default
ignore-match
Options
ignore-match, accept, drop, reject
Introduced
16.0.R4
Platforms
All
[entry-id] number
Synopsis
The id used to uniquely identify this filter entry.
Range
1 to 9999
Notes
This element is part of a list key.
Introduced
16.0.R4
Platforms
All
action keyword
Synopsis
Specifies the default action for management access in the absence of a specific management access filter entry match.
Tree
Default
ignore-match
Options
ignore-match, accept, drop, reject
Introduced
16.0.R4
Platforms
All
description string
Synopsis
Text description
Context
configure system security management-access-filter ip-filter entry number description string
Tree
String Length
1 to 80
Introduced
16.0.R4
Platforms
All
log-events boolean
Synopsis
Enable match logging
Context
configure system security management-access-filter ip-filter entry number log-events boolean
Tree
Default
false
Introduced
16.0.R4
Platforms
All
match
Synopsis
Enter the match context
Tree
Introduced
16.0.R4
Platforms
All
dst-port
Synopsis
Enable the dst-port context
Tree
Introduced
16.0.R4
Platforms
All
mask number
Synopsis
IP address mask as the match criterion
Context
Tree
Range
1 to 65535
Default
65535
Introduced
16.0.R4
Platforms
All
port number
Synopsis
TCP or UDP port number as the match criterion
Context
Tree
Range
1 to 65535
Notes
This element is mandatory.
Introduced
16.0.R4
Platforms
All
mgmt-port
Synopsis
Enter the mgmt-port context
Tree
Introduced
16.0.R4
Platforms
All
cpm
Synopsis
Specifies source cpm.
Context
Tree
Notes
The following are part of a choice: cpm, (lag and lag-id), or port-id.
Introduced
16.0.R4
Platforms
All
lag string
Synopsis
LAG ID as the match criterion
Context
Tree
String Length
1 to 27
Notes
The following are part of a choice: cpm, (lag and lag-id), or port-id.
Introduced
21.2.R1
Platforms
All
port-id string
Synopsis
Port ID as the match criterion
Context
Tree
Notes
The following are part of a choice: cpm, (lag and lag-id), or port-id.
Introduced
16.0.R4
Platforms
All
protocol (number | keyword)
Synopsis
IP protocol as the match criterion
Context
Tree
Range
0 to 255
Options
tcp-udp, icmp, igmp, ip, tcp, egp, igp, udp, rdp, ipv6, ipv6-route, ipv6-frag, idrp, rsvp, gre, ipv6-icmp, ipv6-no-nxt, ipv6-opts, iso-ip, eigrp, ospf-igp, ether-ip, encap, pnni, pim, vrrp, l2tp, stp, ptp, isis, crtp, crudp, sctp
Introduced
16.0.R4
Platforms
All
router-instance string
Synopsis
Router instance as the match criterion
Context
configure system security management-access-filter ip-filter entry number match router-instance string
Tree
Introduced
16.0.R4
Platforms
All
src-ip
Synopsis
Enter the src-ip context
Tree
Introduced
16.0.R4
Platforms
All
address (ipv4-prefix | ipv4-address)
Synopsis
IP address or IP prefix as the match criterion
Context
Tree
Notes
The following are part of a choice: (address and mask) or ip-prefix-list.
Introduced
16.0.R4
Platforms
All
ip-prefix-list reference
Synopsis
IP prefix list as the match criterion
Context
configure system security management-access-filter ip-filter entry number match src-ip ip-prefix-list reference
Tree
Reference
configure filter match-list ip-prefix-list string
Notes
The following are part of a choice: (address and mask) or ip-prefix-list.
Introduced
20.7.R1
Platforms
All
mask string
Synopsis
IP address mask as the match criterion
Context
Tree
Notes
The following are part of a choice: (address and mask) or ip-prefix-list.
Introduced
16.0.R4
Platforms
All
ipv6-filter
Synopsis
Enter the ipv6-filter context
Tree
Introduced
16.0.R4
Platforms
All
admin-state keyword
Synopsis
Administrative state of management-access filters
Context
Tree
Default
enable
Options
enable, disable
Introduced
16.0.R4
Platforms
All
default-action keyword
Synopsis
Default action for the management access filter
Context
Tree
Default
ignore-match
Options
ignore-match, accept, drop, reject
Introduced
16.0.R4
Platforms
All
entry [entry-id] number
Synopsis
Enter the entry list instance
Context
Tree
Introduced
16.0.R4
Platforms
All
[entry-id] number
Synopsis
The id used to uniquely identify this filter entry.
Context
Range
1 to 9999
Notes
This element is part of a list key.
Introduced
16.0.R4
Platforms
All
action keyword
Synopsis
Specifies the default action for management access in the absence of a specific management access filter entry match.
Context
configure system security management-access-filter ipv6-filter entry number action keyword
Tree
Default
ignore-match
Options
ignore-match, accept, drop, reject
Introduced
16.0.R4
Platforms
All
description string
Synopsis
Text description
Context
configure system security management-access-filter ipv6-filter entry number description string
Tree
String Length
1 to 80
Introduced
16.0.R4
Platforms
All
log-events boolean
Synopsis
Enable match logging
Context
configure system security management-access-filter ipv6-filter entry number log-events boolean
Tree
Default
false
Introduced
16.0.R4
Platforms
All
match
Synopsis
Enter the match context
Context
Tree
Introduced
16.0.R4
Platforms
All
dst-port
Synopsis
Enable the dst-port context
Context
Tree
Introduced
16.0.R4
Platforms
All
mask number
Synopsis
IP address mask as the match criterion
Context
configure system security management-access-filter ipv6-filter entry number match dst-port mask number
Tree
Range
1 to 65535
Default
65535
Introduced
16.0.R4
Platforms
All
port number
Synopsis
TCP or UDP port number as the match criterion
Context
configure system security management-access-filter ipv6-filter entry number match dst-port port number
Tree
Range
1 to 65535
Notes
This element is mandatory.
Introduced
16.0.R4
Platforms
All
flow-label number
Synopsis
Specifies the flow label to be matched.
Context
configure system security management-access-filter ipv6-filter entry number match flow-label number
Tree
Range
0 to 1048575
Introduced
16.0.R4
Platforms
All
mgmt-port
Synopsis
Enter the mgmt-port context
Context
Tree
Introduced
16.0.R4
Platforms
All
cpm
Synopsis
Specifies source cpm.
Context
Tree
Notes
The following are part of a choice: cpm, (lag and lag-id), or port-id.
Introduced
16.0.R4
Platforms
All
lag string
Synopsis
LAG ID as the match criterion
Context
configure system security management-access-filter ipv6-filter entry number match mgmt-port lag string
Tree
String Length
1 to 27
Notes
The following are part of a choice: cpm, (lag and lag-id), or port-id.
Introduced
21.2.R1
Platforms
All
port-id string
Synopsis
Port ID as the match criterion
Context
configure system security management-access-filter ipv6-filter entry number match mgmt-port port-id string
Tree
Notes
The following are part of a choice: cpm, (lag and lag-id), or port-id.
Introduced
16.0.R4
Platforms
All
next-header (number | keyword)
Synopsis
IP protocol to match
Context
configure system security management-access-filter ipv6-filter entry number match next-header (number | keyword)
Tree
Range
0 to 255
Options
tcp-udp, icmp, igmp, ip, tcp, egp, igp, udp, rdp, ipv6, ipv6-route, ipv6-frag, idrp, rsvp, gre, ipv6-icmp, ipv6-no-nxt, ipv6-opts, iso-ip, eigrp, ospf-igp, ether-ip, encap, pnni, pim, vrrp, l2tp, stp, ptp, isis, crtp, crudp, sctp
Introduced
16.0.R4
Platforms
All
router-instance string
Synopsis
Router instance as the match criterion
Context
configure system security management-access-filter ipv6-filter entry number match router-instance string
Tree
Introduced
16.0.R4
Platforms
All
src-ip
Synopsis
Enter the src-ip context
Context
Tree
Introduced
16.0.R4
Platforms
All
address (ipv6-prefix | ipv6-address)
Synopsis
IPv6 address or IPv6 prefix to match
Context
configure system security management-access-filter ipv6-filter entry number match src-ip address (ipv6-prefix | ipv6-address)
Tree
Notes
The following are part of a choice: (address and mask) or ipv6-prefix-list.
Introduced
16.0.R4
Platforms
All
ipv6-prefix-list reference
Synopsis
IPv6 prefix list as the match criterion
Context
configure system security management-access-filter ipv6-filter entry number match src-ip ipv6-prefix-list reference
Tree
Reference
Notes
The following are part of a choice: (address and mask) or ipv6-prefix-list.
Introduced
20.7.R1
Platforms
All
mask string
Synopsis
IPv6 address mask as the match criterion
Context
configure system security management-access-filter ipv6-filter entry number match src-ip mask string
Tree
Notes
The following are part of a choice: (address and mask) or ipv6-prefix-list.
Introduced
16.0.R4
Platforms
All
mac-filter
Synopsis
Enter the mac-filter context
Tree
Introduced
16.0.R4
Platforms
All
admin-state keyword
Synopsis
Administrative state of management access MAC filter
Context
Tree
Default
enable
Options
enable, disable
Introduced
16.0.R4
Platforms
All
default-action keyword
Synopsis
Default action for the management access filter
Context
Tree
Default
ignore-match
Options
ignore-match, accept, drop
Introduced
16.0.R4
Platforms
All
entry [entry-id] number
Synopsis
Enter the entry list instance
Context
Tree
Introduced
16.0.R4
Platforms
All
[entry-id] number
Synopsis
The id used to uniquely identify this filter entry.
Context
Range
1 to 9999
Notes
This element is part of a list key.
Introduced
16.0.R4
Platforms
All
action keyword
Synopsis
Action associated with the management access filter
Context
configure system security management-access-filter mac-filter entry number action keyword
Tree
Default
ignore-match
Options
ignore-match, accept, drop
Introduced
16.0.R4
Platforms
All
description string
Synopsis
Text description
Context
configure system security management-access-filter mac-filter entry number description string
Tree
String Length
1 to 80
Introduced
16.0.R4
Platforms
All
log-events boolean
Synopsis
If is 'true', entry match logging is enabled.
Context
configure system security management-access-filter mac-filter entry number log-events boolean
Tree
Default
false
Introduced
16.0.R4
Platforms
All
match
Synopsis
Enter the match context
Context
Tree
Introduced
16.0.R4
Platforms
All
cfm-opcode
Synopsis
Enter the cfm-opcode context
Context
Tree
Introduced
16.0.R4
Platforms
All
eq number
Synopsis
Equal to comparison operator for the CFM opcode
Context
configure system security management-access-filter mac-filter entry number match cfm-opcode eq number
Tree
Range
0 to 255
Notes
The following are part of a choice: eq, gt, lt, or range.
Introduced
16.0.R4
Platforms
All
gt number
Synopsis
Greater than comparison operator for the CFM opcode
Context
configure system security management-access-filter mac-filter entry number match cfm-opcode gt number
Tree
Range
0 to 254
Notes
The following are part of a choice: eq, gt, lt, or range.
Introduced
16.0.R4
Platforms
All
lt number
Synopsis
Less than comparison operator for the CFM opcode
Context
configure system security management-access-filter mac-filter entry number match cfm-opcode lt number
Tree
Range
1 to 255
Notes
The following are part of a choice: eq, gt, lt, or range.
Introduced
16.0.R4
Platforms
All
range
Synopsis
Enable the range context
Context
Tree
Notes
The following are part of a choice: eq, gt, lt, or range.
Introduced
16.0.R4
Platforms
All
end number
Synopsis
Upper bound of the range for the OpCode to match
Context
configure system security management-access-filter mac-filter entry number match cfm-opcode range end number
Tree
Range
1 to 255
Notes
This element is mandatory.
Introduced
16.0.R4
Platforms
All
start number
Synopsis
Lower bound of the range for the OpCode to match
Context
configure system security management-access-filter mac-filter entry number match cfm-opcode range start number
Tree
Range
0 to 254
Notes
This element is mandatory.
Introduced
16.0.R4
Platforms
All
dot1p
Synopsis
Enable the dot1p context
Context
Tree
Introduced
16.0.R4
Platforms
All
mask number
Synopsis
3-bit mask as the match criterion
Context
configure system security management-access-filter mac-filter entry number match dot1p mask number
Tree
Range
1 to 7
Default
7
Introduced
16.0.R4
Platforms
All
priority number
Synopsis
IEEE 802.1p value as the match criterion
Context
configure system security management-access-filter mac-filter entry number match dot1p priority number
Tree
Range
0 to 7
Notes
This element is mandatory.
Introduced
16.0.R4
Platforms
All
dst-mac
Synopsis
Enable the dst-mac context
Context
Tree
Introduced
16.0.R4
Platforms
All
address string
Synopsis
MAC address used as the match criterion
Context
configure system security management-access-filter mac-filter entry number match dst-mac address string
Tree
Notes
This element is mandatory.
Introduced
16.0.R4
Platforms
All
mask string
Synopsis
MAC address mask as the match criterion
Context
configure system security management-access-filter mac-filter entry number match dst-mac mask string
Tree
Default
ff:ff:ff:ff:ff:ff
Introduced
16.0.R4
Platforms
All
etype string
Synopsis
Ethernet type II Ethertype value as the match criterion
Context
configure system security management-access-filter mac-filter entry number match etype string
Tree
String Length
5 to 6
Introduced
16.0.R4
Platforms
All
frame-type keyword
Synopsis
MAC frame type as the match criterion
Context
configure system security management-access-filter mac-filter entry number match frame-type keyword
Tree
Default
802dot3
Options
802dot3, 802dot2-llc, 802dot2-snap, ethernet-ii, 802dot1-ag
Introduced
16.0.R4
Platforms
All
llc-dsap
Synopsis
Enable the llc-dsap context
Context
Tree
Introduced
16.0.R4
Platforms
All
dsap number
Synopsis
8-bit DSAP as the match criterion
Context
configure system security management-access-filter mac-filter entry number match llc-dsap dsap number
Tree
Range
0 to 255
Notes
This element is mandatory.
Introduced
16.0.R4
Platforms
All
mask number
Synopsis
Mask for DSAP value as the match criterion
Context
configure system security management-access-filter mac-filter entry number match llc-dsap mask number
Tree
Range
1 to 255
Default
255
Introduced
16.0.R4
Platforms
All
llc-ssap
Synopsis
Enable the llc-ssap context
Context
Tree
Introduced
16.0.R4
Platforms
All
mask number
Synopsis
Mask for SSAP value as the match criterion
Context
configure system security management-access-filter mac-filter entry number match llc-ssap mask number
Tree
Range
1 to 255
Default
255
Introduced
16.0.R4
Platforms
All
ssap number
Synopsis
8-bit SSAP as the match criterion
Context
configure system security management-access-filter mac-filter entry number match llc-ssap ssap number
Tree
Range
0 to 255
Notes
This element is mandatory.
Introduced
16.0.R4
Platforms
All
service string
Synopsis
Service ID used as the match condition
Context
configure system security management-access-filter mac-filter entry number match service string
Tree
String Length
1 to 64
Introduced
16.0.R4
Platforms
All
snap-oui keyword
Synopsis
IEEE 802.3 LLC SNAP Ethernet Frame OUI value for match
Context
configure system security management-access-filter mac-filter entry number match snap-oui keyword
Tree
Options
zero, non-zero
Introduced
16.0.R4
Platforms
All
snap-pid number
Synopsis
IEEE 802.3 LLC SNAP Ethernet Frame PID as the match
Context
configure system security management-access-filter mac-filter entry number match snap-pid number
Tree
Range
0 to 65535
Introduced
16.0.R4
Platforms
All
src-mac
Synopsis
Enable the src-mac context
Context
Tree
Introduced
16.0.R4
Platforms
All
address string
Synopsis
MAC address used as the match criterion
Context
configure system security management-access-filter mac-filter entry number match src-mac address string
Tree
Notes
This element is mandatory.
Introduced
16.0.R4
Platforms
All
mask string
Synopsis
MAC address mask as the match criterion
Context
configure system security management-access-filter mac-filter entry number match src-mac mask string
Tree
Default
ff:ff:ff:ff:ff:ff
Introduced
16.0.R4
Platforms
All
per-peer-queuing boolean
Synopsis
Allow a separate control plane queue for each LDP and BGP peering session to improve DoS protection
Context
configure system security per-peer-queuing boolean
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
pki
Synopsis
Enter the pki context
Tree
Introduced
16.0.R1
Platforms
All
ca-profile [ca-profile-name] string
Synopsis
Enter the ca-profile list instance
Context
configure system security pki ca-profile string
Tree
Max. Elements
128
Introduced
16.0.R1
Platforms
All
[ca-profile-name] string
Synopsis
Certificate Authority (CA) profile name
Context
configure system security pki ca-profile string
String Length
1 to 32
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
admin-state keyword
Synopsis
Administrative state of the CA profile
Context
configure system security pki ca-profile string admin-state keyword
Tree
Default
disable
Options
enable, disable
Introduced
16.0.R1
Platforms
All
auto-crl-update
| Warning: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
Synopsis
Enable the auto-crl-update context
Context
Tree
Introduced
16.0.R1
Platforms
All
admin-state keyword
| Warning: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
Synopsis
Administrative state of the automatic CRL update
Context
configure system security pki ca-profile string auto-crl-update admin-state keyword
Tree
Default
disable
Options
enable, disable
Introduced
16.0.R1
Platforms
All
crl-urls
| Warning: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
Synopsis
Enter the crl-urls context
Context
Tree
Introduced
16.0.R1
Platforms
All
url-entry [entry-id] number
| Warning: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
Synopsis
Enter the url-entry list instance
Context
configure system security pki ca-profile string auto-crl-update crl-urls url-entry number
Tree
Introduced
16.0.R1
Platforms
All
[entry-id] number
Synopsis
URL on this system
Context
configure system security pki ca-profile string auto-crl-update crl-urls url-entry number
Range
1 to 8
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
transmission-profile reference
| Warning: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
Synopsis
File transmission profile to update CRL
Context
configure system security pki ca-profile string auto-crl-update crl-urls url-entry number transmission-profile reference
Tree
Reference
configure system transmission-profile string
Introduced
16.0.R4
Platforms
All
url http-url-path-loose
| Warning: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
Synopsis
Location of updated CRL
Context
configure system security pki ca-profile string auto-crl-update crl-urls url-entry number url http-url-path-loose
Tree
String Length
1 to 180
Introduced
16.0.R1
Platforms
All
periodic-update-interval number
| Warning: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
Synopsis
Interval between two consecutive CRL updates
Context
configure system security pki ca-profile string auto-crl-update periodic-update-interval number
Range
3600 to 31622400
Default
86400
Units
seconds
Introduced
16.0.R1
Platforms
All
pre-update-time number
| Warning: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
Synopsis
Time prior to the next update time of the current CRL
Context
configure system security pki ca-profile string auto-crl-update pre-update-time number
Tree
Range
0 to 31622400
Default
3600
Units
seconds
Introduced
16.0.R1
Platforms
All
retry-interval number
| Warning: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
Synopsis
Interval before retrying to update CRL
Context
configure system security pki ca-profile string auto-crl-update retry-interval number
Tree
Range
0 to 31622400
Default
3600
Units
seconds
Introduced
16.0.R1
Platforms
All
schedule-type keyword
| Warning: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
Synopsis
Time scheduler type for an automated CRL update
Context
configure system security pki ca-profile string auto-crl-update schedule-type keyword
Tree
Default
next-update-based
Options
next-update-based, periodic
Introduced
16.0.R1
Platforms
All
cert-file string
| Warning: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
Synopsis
Certificate file name
Tree
String Length
1 to 95
Introduced
16.0.R1
Platforms
All
cmpv2
| Warning: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
Synopsis
Enter the cmpv2 context
Tree
Introduced
16.0.R1
Platforms
All
accept-unprotected-message
| Warning: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
Synopsis
Enter the accept-unprotected-message context
Context
Introduced
16.0.R1
Platforms
All
error-message boolean
| Warning: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
Synopsis
Accept unprotected error messages
Context
configure system security pki ca-profile string cmpv2 accept-unprotected-message error-message boolean
Tree
Default
false
Introduced
16.0.R1
Platforms
All
pkiconf-message boolean
| Warning: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
Synopsis
Accept unprotected PKI confirmation messages
Context
configure system security pki ca-profile string cmpv2 accept-unprotected-message pkiconf-message boolean
Tree
Default
false
Introduced
16.0.R1
Platforms
All
always-set-sender-for-ir boolean
| Warning: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
Synopsis
Subject name in CMPv2 header for all Initial Registration (IR) messages
Context
configure system security pki ca-profile string cmpv2 always-set-sender-for-ir boolean
Default
false
Introduced
16.0.R1
Platforms
All
http
| Warning: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
Synopsis
Enter the http context
Tree
Introduced
16.0.R1
Platforms
All
response-timeout number
| Warning: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
Synopsis
HTTP response timeout
Context
configure system security pki ca-profile string cmpv2 http response-timeout number
Tree
Range
1 to 3600
Default
30
Units
seconds
Introduced
16.0.R1
Platforms
All
version keyword
| Warning: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
Synopsis
HTTP version for CMPv2 messages
Tree
Default
1.1
Options
1.0, 1.1
Introduced
16.0.R1
Platforms
All
key-list
| Warning: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
Synopsis
Enter the key-list context
Tree
Introduced
16.0.R1
Platforms
All
key [reference-number] string
| Warning: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
Synopsis
Enter the key list instance
Tree
Max. Elements
128
Introduced
16.0.R1
Platforms
All
[reference-number] string
Synopsis
Unique identifier for the CA initial authentication key
String Length
1 to 64
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
password string
| Warning: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
Synopsis
Shared secret for this CA initial authentication key
Tree
String Length
1 to 115
Introduced
16.0.R1
Platforms
All
response-signing-cert string
| Warning: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
Synopsis
File name of the certificate to verify the signature of received CMPv2 responses
Context
configure system security pki ca-profile string cmpv2 response-signing-cert string
String Length
1 to 95
Introduced
16.0.R1
Platforms
All
same-recipient-nonce-for-poll-request boolean
| Warning: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
Synopsis
Same recipNonce as the last CMPv2 response for a poll request
Context
configure system security pki ca-profile string cmpv2 same-recipient-nonce-for-poll-request boolean
Default
false
Introduced
16.0.R1
Platforms
All
url
| Warning: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
Synopsis
Enter the url context
Tree
Introduced
16.0.R1
Platforms
All
service-name string
| Warning: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
Synopsis
Administrative service name
Context
configure system security pki ca-profile string cmpv2 url service-name string
Tree
String Length
1 to 64
Introduced
16.0.R1
Platforms
All
url-string http-optional-url-loose
| Warning: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
Synopsis
URL for CMPv2
Context
configure system security pki ca-profile string cmpv2 url url-string http-optional-url-loose
Tree
String Length
1 to 180
Introduced
16.0.R1
Platforms
All
crl-file string
| Warning: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
Synopsis
Certificate Revocation List (CRL) file name
Tree
String Length
1 to 95
Introduced
16.0.R1
Platforms
All
description string
Synopsis
Text description
Context
configure system security pki ca-profile string description string
Tree
String Length
1 to 80
Introduced
16.0.R1
Platforms
All
ocsp
| Warning: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
Synopsis
Enter the ocsp context
Tree
Introduced
16.0.R1
Platforms
All
responder-url http-optional-url-loose
| Warning: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
Synopsis
HTTP URL of the OCSP responder for the CA
Context
configure system security pki ca-profile string ocsp responder-url http-optional-url-loose
Tree
String Length
1 to 180
Introduced
16.0.R1
Platforms
All
service-name string
| Warning: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
Synopsis
Administrative service name
Context
configure system security pki ca-profile string ocsp service-name string
Tree
String Length
1 to 64
Introduced
16.0.R1
Platforms
All
transmission-profile reference
| Warning: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
Synopsis
The transmission profile for OCSP.
Context
configure system security pki ca-profile string ocsp transmission-profile reference
Tree
Reference
configure system transmission-profile string
Introduced
16.0.R6
Platforms
All
revocation-check keyword
| Warning: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
Synopsis
Method to verify the revocation status of certificates issued by the CA
Context
configure system security pki ca-profile string revocation-check keyword
Tree
Default
crl
Options
crl, crl-optional
Introduced
16.0.R1
Platforms
All
certificate-display-format keyword
Synopsis
Display format for certificates and Certificate Revocation Lists (CRLs)
Context
Default
ascii
Options
ascii, utf8
Introduced
16.0.R1
Platforms
All
certificate-expiration-warning
Synopsis
Enter the certificate-expiration-warning context
Introduced
16.0.R1
Platforms
All
hours number
Synopsis
Time at which the system generates the certificate expiration warning trap for in-use certificates
Tree
Range
0 to 8760
Units
hours
Introduced
16.0.R1
Platforms
All
repeat-hours number
Synopsis
Time period when the system repeatedly generates the certificate expiration warning trap
Context
Tree
Range
0 to 8760
Default
0
Units
hours
Introduced
16.0.R1
Platforms
All
common-name-list [cn-list-name] string
Synopsis
Enter the common-name-list list instance
Context
configure system security pki common-name-list string
Tree
Max. Elements
64
Introduced
16.0.R1
Platforms
All
[cn-list-name] string
Synopsis
Name for the common name list
Context
configure system security pki common-name-list string
String Length
1 to 32
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
common-name [cn-index] number
Synopsis
Enter the common-name list instance
Context
configure system security pki common-name-list string common-name number
Tree
Introduced
16.0.R1
Platforms
All
[cn-index] number
Synopsis
Common name index
Context
configure system security pki common-name-list string common-name number
Range
1 to 128
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
cn-type keyword
Synopsis
Common name type
Context
configure system security pki common-name-list string common-name number cn-type keyword
Tree
Options
ip-address, domain-name
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
cn-value string
Synopsis
Common name value
Context
configure system security pki common-name-list string common-name number cn-value string
Tree
String Length
1 to 255
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
crl-expiration-warning
Synopsis
Enter the crl-expiration-warning context
Context
Introduced
16.0.R1
Platforms
All
hours number
Synopsis
Time when the system generates the Certificate Revocation List (CRL) expiration warning trap
Tree
Range
0 to 8760
Units
hours
Introduced
16.0.R1
Platforms
All
repeat-hours number
Synopsis
Time when the system repeatedly generates the Certificate Revocation List (CRL) expiration warning trap
Context
Tree
Range
0 to 8760
Default
0
Units
hours
Introduced
16.0.R1
Platforms
All
imported-format keyword
Synopsis
The supported encrypted file formats
Context
configure system security pki imported-format keyword
Tree
Default
any
Options
any, secure
Introduced
16.0.R6
Platforms
All
maximum-cert-chain-depth number
Synopsis
Maximum depth of certificate chain verification
Context
Range
1 to 7
Default
7
Introduced
16.0.R1
Platforms
All
snmp
Synopsis
Enter the snmp context
Tree
Introduced
16.0.R1
Platforms
All
access [group] string context string security-model keyword security-level keyword
Synopsis
Enter the access list instance
Context
configure system security snmp access string context string security-model keyword security-level keyword
Tree
Introduced
16.0.R1
Platforms
All
[group] string
Synopsis
Group name
Context
configure system security snmp access string context string security-model keyword security-level keyword
String Length
1 to 32
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
context string
Synopsis
String against which the context name should match to gain access rights
Context
configure system security snmp access string context string security-model keyword security-level keyword
String Length
1 to 32
Default
_sros_none
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
security-model keyword
Synopsis
Security model
Context
configure system security snmp access string context string security-model keyword security-level keyword
Options
snmpv1, snmpv2c, usm
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
security-level keyword
Synopsis
Minimum level of security required to gain the access rights allowed by this entry
Context
configure system security snmp access string context string security-model keyword security-level keyword
Options
no-auth-no-privacy, auth-no-privacy, privacy
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
notify string
Synopsis
SNMP view for notification access
Context
configure system security snmp access string context string security-model keyword security-level keyword notify string
Tree
Description
This command specifies the SNMP view used to control which MIB objects can be accessed for notifications.
String Length
1 to 32
Introduced
16.0.R1
Platforms
All
prefix-match keyword
Synopsis
Match type for the context
Context
configure system security snmp access string context string security-model keyword security-level keyword prefix-match keyword
Tree
Options
exact, prefix
Introduced
16.0.R1
Platforms
All
read string
Synopsis
SNMP view for read access
Context
configure system security snmp access string context string security-model keyword security-level keyword read string
Tree
Description
This command specifies the SNMP view used to control which MIB objects can be accessed using a read (get) operation.
String Length
1 to 32
Introduced
16.0.R1
Platforms
All
write string
Synopsis
SNMP view for write access
Context
configure system security snmp access string context string security-model keyword security-level keyword write string
Tree
Description
This command specifies the SNMP view used to control which MIB objects can be accessed using a write (set) operation.
String Length
1 to 32
Introduced
16.0.R1
Platforms
All
attempts
Synopsis
Enter the attempts context
Tree
Introduced
16.0.R1
Platforms
All
count number
Synopsis
Maximum unsuccessful SNMP attempts that are allowed for the specified time
Tree
Range
1 to 64
Default
20
Introduced
16.0.R1
Platforms
All
lockout number
Synopsis
Lockout period during which the host is not allowed to log in
Tree
Range
0 to 1440
Default
10
Units
minutes
Introduced
16.0.R1
Platforms
All
time number
Synopsis
Time when a number of unsuccessful attempts are made before the host is locked out
Tree
Range
0 to 60
Default
5
Units
minutes
Introduced
16.0.R1
Platforms
All
community [community-string] string
Synopsis
Enter the community list instance
Tree
Introduced
16.0.R1
Platforms
All
[community-string] string
Synopsis
Management information that is accessed when using the community string
String Length
1 to 114
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
access-permissions keyword
Synopsis
SNMP community name(s) to be used with the associated VPRN instance
Tree
Options
r, rw, rwa, mgmt, vpls-mgmt
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
source-access-list reference
Synopsis
Management information to be accessed when using the community string
Tree
Reference
Introduced
16.0.R1
Platforms
All
version keyword
Synopsis
SNMP version
Tree
Default
both
Options
v1, v2c, both
Introduced
16.0.R1
Platforms
All
source-access-list [list-name] string
Synopsis
Enter the source-access-list list instance
Context
Tree
Max. Elements
16
Introduced
16.0.R1
Platforms
All
[list-name] string
Synopsis
Value for the name given to source access list
Context
String Length
1 to 32
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
source-host [host-name] string
Synopsis
Enter the source-host list instance
Context
configure system security snmp source-access-list string source-host string
Tree
Max. Elements
16
Introduced
16.0.R1
Platforms
All
[host-name] string
Synopsis
Source host entry name
Context
configure system security snmp source-access-list string source-host string
String Length
1 to 32
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
address (ipv4-address-no-zone | ipv6-address-no-zone)
Synopsis
Address of the source host entry
Context
configure system security snmp source-access-list string source-host string address (ipv4-address-no-zone | ipv6-address-no-zone)
Tree
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
usm-community [community-string] string
Synopsis
Enter the usm-community list instance
Context
configure system security snmp usm-community string
Tree
Introduced
16.0.R1
Platforms
All
[community-string] string
Synopsis
SNMPv1/SNMPv2 community string to determine the SNMPv3 access permission
Context
configure system security snmp usm-community string
String Length
1 to 114
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
group string
Synopsis
Group to manage the access rights of the community string
Tree
String Length
1 to 32
Introduced
16.0.R1
Platforms
All
source-access-list reference
Synopsis
Management information to be accessed when using the community string
Context
configure system security snmp usm-community string source-access-list reference
Tree
Reference
Introduced
16.0.R1
Platforms
All
view [view-name] string subtree string
Synopsis
Enter the view list instance
Tree
Introduced
16.0.R1
Platforms
All
[view-name] string
Synopsis
Name of the view to display output
String Length
1 to 32
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
subtree string
Synopsis
Object Identifier (OID) value
String Length
1 to 256
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
mask string
Synopsis
Mask value as binary value, or hex value
Tree
String Length
1 to 16
Introduced
16.0.R1
Platforms
All
type keyword
Synopsis
Type of SNMP security view mask
Tree
Options
included, excluded
Introduced
16.0.R1
Platforms
All
source-address
Synopsis
Enter the source-address context
Context
Tree
Introduced
16.0.R1
Platforms
All
ipv4 [application] keyword
Synopsis
Enter the ipv4 list instance
Context
configure system security source-address ipv4 keyword
Tree
Introduced
16.0.R1
Platforms
All
[application] keyword
Synopsis
Application that uses the source IP address
Context
configure system security source-address ipv4 keyword
Options
telnet, ftp, ssh, radius, tacplus, snmptrap, syslog, ping, traceroute, dns, sntp, ntp, cflowd, ptp, mcreporter, sflow, icmp-error, ldap
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
address string
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
Source IPv4 address
Tree
Notes
The following are part of a mandatory choice: address or interface-name.
Introduced
16.0.R1
Platforms
All
interface-name string
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
Interface name whose IP address to be used in all packets sent by the application
Context
configure system security source-address ipv4 keyword interface-name string
Tree
String Length
1 to 32
Notes
The following are part of a mandatory choice: address or interface-name.
Introduced
16.0.R1
Platforms
All
ipv6 [application] keyword
Synopsis
Enter the ipv6 list instance
Context
configure system security source-address ipv6 keyword
Tree
Introduced
16.0.R1
Platforms
All
[application] keyword
Synopsis
Application which uses the source IPv6 address
Context
configure system security source-address ipv6 keyword
Options
telnet, ftp, radius, tacplus, snmptrap, syslog, ping, traceroute, dns, cflowd, ntp, sflow, icmp6-error, ldap
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
address string
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
Source IPv6 address
Tree
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
ssh
Synopsis
Enter the ssh context
Tree
Introduced
16.0.R1
Platforms
All
client-cipher-list-v1
Synopsis
Enter the client-cipher-list-v1 context
Context
Introduced
16.0.R1
Platforms
All
[index] number
Synopsis
Cipher index in the list
Range
1 to 255
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
name keyword
Synopsis
Cipher name value
Tree
Options
des, 3des, blowfish
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
client-cipher-list-v2
Synopsis
Enter the client-cipher-list-v2 context
Context
Introduced
16.0.R1
Platforms
All
[index] number
Synopsis
Cipher index in the list
Range
1 to 255
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
name keyword
Synopsis
Cipher name value
Tree
Options
3des-cbc, blowfish-cbc, cast128-cbc, arcfour, aes128-cbc, aes192-cbc, aes256-cbc, rijndael-cbc, aes128-ctr, aes192-ctr, aes256-ctr
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
client-kex-list-v2
Synopsis
Enter the client-kex-list-v2 context
Context
Tree
Introduced
19.10.R3
Platforms
All
[index] number
Synopsis
SSHv2 KEX algorithm index
Range
1 to 255
Notes
This element is part of a list key.
Introduced
19.10.R3
Platforms
All
name keyword
Synopsis
KEX algorithm for computing a shared secret key
Tree
Options
diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha256, diffie-hellman-group16-sha512
Notes
This element is mandatory.
Introduced
19.10.R3
Platforms
All
client-mac-list-v2
Synopsis
Enter the client-mac-list-v2 context
Context
Tree
Introduced
16.0.R1
Platforms
All
[index] number
Synopsis
MAC algorithm index
Range
1 to 255
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
name keyword
Synopsis
MAC algorithm that performs encryption or decryption
Tree
Options
hmac-sha2-512, hmac-sha2-256, hmac-sha1, hmac-sha1-96, hmac-md5, hmac-ripemd160, hmac-ripemd160-openssh-com, hmac-md5-96
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
key-re-exchange
Synopsis
Enter the key-re-exchange context
Context
Tree
Introduced
16.0.R1
Platforms
All
client
Synopsis
Enter the client context
Tree
Introduced
16.0.R1
Platforms
All
admin-state keyword
Synopsis
Administrative state of the key re-exchange
Context
Tree
Default
enable
Options
enable, disable
Introduced
16.0.R1
Platforms
All
mbytes (number | keyword)
Synopsis
Maximum bytes transmitted before key re-exchange begins
Tree
Range
1 to 64000
Default
1024
Units
megabytes
Options
infinite
Introduced
16.0.R1
Platforms
All
minutes (number | keyword)
Synopsis
Maximum time before key re-exchange is initiated
Tree
Range
1 to 1440
Default
60
Units
minutes
Options
infinite
Introduced
16.0.R1
Platforms
All
server
Synopsis
Enter the server context
Tree
Introduced
16.0.R1
Platforms
All
admin-state keyword
Synopsis
Administrative state of the key re-exchange
Context
Tree
Default
enable
Options
enable, disable
Introduced
16.0.R1
Platforms
All
mbytes (number | keyword)
Synopsis
Maximum bytes transmitted before key re-exchange begins
Tree
Range
1 to 64000
Default
1024
Units
megabytes
Options
infinite
Introduced
16.0.R1
Platforms
All
minutes (number | keyword)
Synopsis
Maximum time before key re-exchange is initiated
Tree
Range
1 to 1440
Default
60
Units
minutes
Options
infinite
Introduced
16.0.R1
Platforms
All
preserve-key boolean
Synopsis
Preserve keys and restore on system or server restart
Context
configure system security ssh preserve-key boolean
Tree
Default
false
Introduced
16.0.R1
Platforms
All
server-admin-state keyword
Synopsis
Administrative state of the SSH server
Context
configure system security ssh server-admin-state keyword
Tree
Default
enable
Options
enable, disable
Introduced
16.0.R1
Platforms
All
server-cipher-list-v1
Synopsis
Enter the server-cipher-list-v1 context
Context
Introduced
16.0.R1
Platforms
All
[index] number
Synopsis
Cipher index in the list
Range
1 to 255
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
name keyword
Synopsis
Cipher name value
Tree
Options
des, 3des, blowfish
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
server-cipher-list-v2
Synopsis
Enter the server-cipher-list-v2 context
Context
Introduced
16.0.R1
Platforms
All
[index] number
Synopsis
Cipher index in the list
Range
1 to 255
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
name keyword
Synopsis
Cipher name value
Tree
Options
3des-cbc, blowfish-cbc, cast128-cbc, arcfour, aes128-cbc, aes192-cbc, aes256-cbc, rijndael-cbc, aes128-ctr, aes192-ctr, aes256-ctr
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
server-kex-list-v2
Synopsis
Enter the server-kex-list-v2 context
Context
Tree
Introduced
19.10.R3
Platforms
All
[index] number
Synopsis
SSHv2 KEX algorithm index
Range
1 to 255
Notes
This element is part of a list key.
Introduced
19.10.R3
Platforms
All
name keyword
Synopsis
KEX algorithm for computing a shared secret key
Tree
Options
diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha256, diffie-hellman-group16-sha512
Notes
This element is mandatory.
Introduced
19.10.R3
Platforms
All
server-mac-list-v2
Synopsis
Enter the server-mac-list-v2 context
Context
Tree
Introduced
16.0.R1
Platforms
All
[index] number
Synopsis
MAC algorithm index
Range
1 to 255
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
name keyword
Synopsis
MAC algorithm that performs encryption or decryption
Tree
Options
hmac-sha2-512, hmac-sha2-256, hmac-sha1, hmac-sha1-96, hmac-md5, hmac-ripemd160, hmac-ripemd160-openssh-com, hmac-md5-96
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
version keyword
Synopsis
SSH protocol version supported by the SSH server
Tree
Default
2
Options
1, 2, 1-2
Introduced
16.0.R1
Platforms
All
system-passwords
Synopsis
Enter the system-passwords context
Context
Tree
Introduced
16.0.R1
Platforms
All
admin-password string
Synopsis
Password that assigns the user as administrator
Context
Tree
String Length
3 to 136
Introduced
16.0.R1
Platforms
All
vsd-password string
Synopsis
Password that allows the user to assign VSD services
Context
Tree
String Length
3 to 136
Introduced
16.0.R1
Platforms
All
tech-support
Synopsis
Enter the tech-support context
Context
Tree
Introduced
16.0.R1
Platforms
All
ts-location (ts-sat-url | cflash-url | string)
Synopsis
Default file path for generated tech-support files
Context
configure system security tech-support ts-location (ts-sat-url | cflash-url | string)
Tree
String Length
1 to 180
Introduced
16.0.R1
Platforms
All
telnet-server boolean
Synopsis
Enable Telnet servers running on the system
Context
configure system security telnet-server boolean
Tree
Default
false
Introduced
16.0.R1
Platforms
All
telnet6-server boolean
Synopsis
Enable Telnet IPv6 servers running on the system
Context
configure system security telnet6-server boolean
Tree
Default
false
Introduced
16.0.R1
Platforms
All
tls
Synopsis
Enter the tls context
Tree
Introduced
16.0.R1
Platforms
All
cert-profile [cert-profile-name] string
Synopsis
Enter the cert-profile list instance
Context
configure system security tls cert-profile string
Tree
Max. Elements
16
Introduced
16.0.R1
Platforms
All
[cert-profile-name] string
Synopsis
TLS certificate profile name
Context
configure system security tls cert-profile string
String Length
1 to 32
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
admin-state keyword
Synopsis
Administrative state of the certificate profile
Context
configure system security tls cert-profile string admin-state keyword
Tree
Default
disable
Options
enable, disable
Introduced
16.0.R1
Platforms
All
entry [entry-id] number
Synopsis
Enter the entry list instance
Tree
Max. Elements
8
Introduced
16.0.R1
Platforms
All
[entry-id] number
Synopsis
Certificate profile ID
Range
1 to 8
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
certificate-file string
Synopsis
Certificate file name
Context
configure system security tls cert-profile string entry number certificate-file string
Tree
String Length
1 to 95
Introduced
16.0.R1
Platforms
All
key-file string
Synopsis
Key file name
Tree
String Length
1 to 95
Introduced
16.0.R1
Platforms
All
send-chain
Synopsis
Enter the send-chain context
Context
configure system security tls cert-profile string entry number send-chain
Tree
Introduced
16.0.R1
Platforms
All
ca-profile [ca-profile-name] reference
Synopsis
Add a list entry for ca-profile
Context
configure system security tls cert-profile string entry number send-chain ca-profile reference
Tree
Max. Elements
7
Introduced
16.0.R1
Platforms
All
[ca-profile-name] reference
Synopsis
Certificate Authority (CA) profile name
Context
configure system security tls cert-profile string entry number send-chain ca-profile reference
Reference
configure system security pki ca-profile string
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
client-cipher-list [client-cipher-list-name] string
Synopsis
Enter the client-cipher-list list instance
Context
configure system security tls client-cipher-list string
Tree
Max. Elements
16
Introduced
16.0.R1
Platforms
All
[client-cipher-list-name] string
Synopsis
TLS client cipher list
Context
configure system security tls client-cipher-list string
String Length
1 to 32
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
[index] number
Synopsis
Index of the cipher
Range
1 to 255
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
name keyword
Synopsis
Value for the cipher suite code
Tree
Options
tls-rsa-with3des-ede-cbc-sha, tls-rsa-with-aes128-cbc-sha, tls-rsa-with-aes256-cbc-sha, tls-rsa-with-aes128-cbc-sha256, tls-rsa-with-aes256-cbc-sha256
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
client-tls-profile [client-profile-name] string
Synopsis
Enter the client-tls-profile list instance
Context
configure system security tls client-tls-profile string
Tree
Max. Elements
16
Introduced
16.0.R1
Platforms
All
[client-profile-name] string
Synopsis
Name of TLS client profile.
Context
configure system security tls client-tls-profile string
String Length
1 to 32
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
admin-state keyword
Synopsis
Administrative state of the client TLS profile
Context
configure system security tls client-tls-profile string admin-state keyword
Tree
Default
disable
Options
enable, disable
Introduced
16.0.R1
Platforms
All
cert-profile reference
Synopsis
Certificate profile ID
Context
configure system security tls client-tls-profile string cert-profile reference
Tree
Reference
configure system security tls cert-profile string
Introduced
16.0.R1
Platforms
All
cipher-list reference
Synopsis
Specifies the ordered list of supported cipher suite codes associated with this TLS client profile.
Context
configure system security tls client-tls-profile string cipher-list reference
Tree
Reference
configure system security tls client-cipher-list string
Introduced
16.0.R1
Platforms
All
trust-anchor-profile reference
Synopsis
Trust anchor profile
Context
configure system security tls client-tls-profile string trust-anchor-profile reference
Tree
Reference
Introduced
16.0.R1
Platforms
All
server-cipher-list [server-cipher-list-name] string
Synopsis
Enter the server-cipher-list list instance
Context
configure system security tls server-cipher-list string
Tree
Max. Elements
16
Introduced
16.0.R1
Platforms
All
[server-cipher-list-name] string
Synopsis
Name of TLS server cipher list.
Context
configure system security tls server-cipher-list string
String Length
1 to 32
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
[index] number
Synopsis
Index of the cipher
Range
1 to 255
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
name keyword
Synopsis
Value for the cipher suite code
Tree
Options
tls-rsa-with3des-ede-cbc-sha, tls-rsa-with-aes128-cbc-sha, tls-rsa-with-aes256-cbc-sha, tls-rsa-with-aes128-cbc-sha256, tls-rsa-with-aes256-cbc-sha256
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
server-tls-profile [server-profile-name] string
Synopsis
Enter the server-tls-profile list instance
Context
configure system security tls server-tls-profile string
Tree
Max. Elements
16
Introduced
16.0.R1
Platforms
All
[server-profile-name] string
Synopsis
Name of TLS server profile.
Context
configure system security tls server-tls-profile string
String Length
1 to 32
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
admin-state keyword
Synopsis
Administrative state of the server TLS profile
Context
configure system security tls server-tls-profile string admin-state keyword
Tree
Default
disable
Options
enable, disable
Introduced
16.0.R1
Platforms
All
authenticate-client
Synopsis
Enter the authenticate-client context
Context
Tree
Introduced
16.0.R1
Platforms
All
common-name-list reference
Synopsis
Common name list for TLS client certificate authentication
Context
configure system security tls server-tls-profile string authenticate-client common-name-list reference
Tree
Reference
configure system security pki common-name-list string
Introduced
16.0.R1
Platforms
All
trust-anchor-profile reference
Synopsis
Trust anchor profile for TLS client certificate authentication
Context
configure system security tls server-tls-profile string authenticate-client trust-anchor-profile reference
Tree
Reference
Introduced
16.0.R1
Platforms
All
cert-profile reference
Synopsis
Certificate profile ID
Context
configure system security tls server-tls-profile string cert-profile reference
Tree
Reference
configure system security tls cert-profile string
Introduced
16.0.R1
Platforms
All
cipher-list reference
Synopsis
Specifies the ordered list of supported cipher suite codes associated with this TLS client profile.
Context
configure system security tls server-tls-profile string cipher-list reference
Tree
Reference
configure system security tls server-cipher-list string
Introduced
16.0.R1
Platforms
All
tls-re-negotiate-timer number
Synopsis
TLS HELLO request timer
Context
configure system security tls server-tls-profile string tls-re-negotiate-timer number
Range
0 to 65000
Default
0
Units
minutes
Introduced
16.0.R1
Platforms
All
trust-anchor-profile [trust-anchor-profile-name] string
Synopsis
Enter the trust-anchor-profile list instance
Context
Tree
Max. Elements
16
Introduced
16.0.R1
Platforms
All
[trust-anchor-profile-name] string
Synopsis
Name of TLS trust anchor profile
Context
String Length
1 to 32
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
trust-anchor [ca-profile-name] reference
Synopsis
Add a list entry for trust-anchor
Context
configure system security tls trust-anchor-profile string trust-anchor reference
Tree
Max. Elements
8
Introduced
16.0.R1
Platforms
All
[ca-profile-name] reference
Synopsis
Trusted CA profile
Context
configure system security tls trust-anchor-profile string trust-anchor reference
Reference
configure system security pki ca-profile string
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
user-params
Synopsis
Enter the user-params context
Context
Tree
Introduced
16.0.R1
Platforms
All
attempts
Synopsis
Enter the attempts context
Context
Tree
Introduced
16.0.R1
Platforms
All
count number
Synopsis
Number of unsuccessful login attempts
Tree
Range
1 to 64
Default
3
Introduced
16.0.R1
Platforms
All
lockout number
Synopsis
Lockout period after unsuccessful login attempts
Tree
Range
0 to 1440
Default
10
Units
minutes
Introduced
16.0.R1
Platforms
All
time number
Synopsis
Time frame of unsuccessful login attempts
Tree
Range
0 to 60
Default
5
Units
minutes
Introduced
16.0.R1
Platforms
All
authentication-order
Synopsis
Enter the authentication-order context
Tree
Introduced
16.0.R1
Platforms
All
exit-on-reject boolean
Synopsis
Ignore subsequent AAA methods in authentication order when a reject is received
Context
Tree
Default
false
Introduced
16.0.R1
Platforms
All
order keyword
Synopsis
Sequence of password authentication, authorization, and accounting
Context
Tree
Options
local, radius, tacplus, ldap
Max. Elements
4
Notes
This element is ordered by the user.
Introduced
16.0.R1
Platforms
All
local-user
Synopsis
Enter the local-user context
Context
Tree
Introduced
16.0.R1
Platforms
All
password
Synopsis
Enter the password context
Context
Tree
Introduced
16.0.R1
Platforms
All
aging number
Synopsis
Maximum time during which a user password is valid
Context
Tree
Range
1 to 500
Units
days
Introduced
16.0.R1
Platforms
All
complexity-rules
Synopsis
Enter the complexity-rules context
Tree
Introduced
16.0.R1
Platforms
All
allow-user-name boolean
Synopsis
User name as part of the password
Context
Tree
Default
false
Introduced
16.0.R1
Platforms
All
credits
Synopsis
Enter the credits context
Tree
Notes
The following are part of a choice: credits or required.
Introduced
16.0.R1
Platforms
All
lowercase number
Synopsis
Maximum credits given for the usage of lowercase letters
Context
Tree
Range
1 to 10
Introduced
16.0.R1
Platforms
All
numeric number
Synopsis
Maximum credits given for the usage of numeric characters
Context
Tree
Range
1 to 10
Introduced
16.0.R1
Platforms
All
special-character number
Synopsis
Maximum credits given for the usage of special characters
Context
Tree
Range
1 to 10
Introduced
16.0.R1
Platforms
All
uppercase number
Synopsis
Maximum credits given for the usage of uppercase letters
Context
Tree
Range
1 to 10
Introduced
16.0.R1
Platforms
All
minimum-classes number
Synopsis
Force the use of different character classes for a minimum number
Context
Tree
Range
2 to 4
Introduced
16.0.R1
Platforms
All
minimum-length number
Synopsis
Minimum length required for local passwords
Context
Tree
Range
6 to 50
Default
6
Introduced
16.0.R1
Platforms
All
repeated-characters number
Synopsis
Number of times the same character appears consecutively
Context
Tree
Range
2 to 8
Introduced
16.0.R1
Platforms
All
required
Synopsis
Enter the required context
Tree
Notes
The following are part of a choice: credits or required.
Introduced
16.0.R1
Platforms
All
lowercase number
Synopsis
Number required for lowercase letters
Context
Tree
Range
1 to 10
Introduced
16.0.R1
Platforms
All
numeric number
Synopsis
Number required for numeric characters
Context
Tree
Range
1 to 10
Introduced
16.0.R1
Platforms
All
special-character number
Synopsis
Number required for special characters
Context
Tree
Range
1 to 10
Introduced
16.0.R1
Platforms
All
uppercase number
Synopsis
Number required for uppercase letters
Context
Tree
Range
1 to 10
Introduced
16.0.R1
Platforms
All
hashing keyword
Synopsis
Password hashing algorithm
Context
Tree
Default
bcrypt
Options
bcrypt, sha2-pbkdf2, sha3-pbkdf2
Introduced
20.7.R1
Platforms
All
history-size number
Synopsis
New password to match against previous ones
Context
Tree
Range
0 to 20
Introduced
16.0.R1
Platforms
All
minimum-age number
Synopsis
Minimum age required for a password before changing it
Context
Tree
Range
0 to 86400
Default
600
Units
seconds
Introduced
16.0.R1
Platforms
All
minimum-change number
Synopsis
Minimum distance required between the old and the new password
Context
Tree
Range
1 to 20
Default
5
Introduced
16.0.R1
Platforms
All
user [user-name] string
Synopsis
Enter the user list instance
Context
configure system security user-params local-user user string
Tree
Introduced
16.0.R1
Platforms
All
[user-name] string
Synopsis
Local user name
Context
configure system security user-params local-user user string
String Length
1 to 32
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
access
Synopsis
Enter the access context
Context
Tree
Introduced
16.0.R1
Platforms
All
console boolean
Synopsis
Allow console access (serial port or Telnet)
Context
configure system security user-params local-user user string access console boolean
Tree
Default
false
Introduced
16.0.R1
Platforms
All
ftp boolean
Synopsis
Allow FTP access
Context
configure system security user-params local-user user string access ftp boolean
Tree
Default
false
Introduced
16.0.R1
Platforms
All
grpc boolean
Synopsis
Allow gRPC access
Context
configure system security user-params local-user user string access grpc boolean
Tree
Default
false
Introduced
16.0.R1
Platforms
All
li boolean
Synopsis
Enable/disable access to LI.
Context
configure system security user-params local-user user string access li boolean
Tree
Default
false
Introduced
19.10.R1
Platforms
All
netconf boolean
Synopsis
Allow NETCONF session access
Context
configure system security user-params local-user user string access netconf boolean
Tree
Default
false
Introduced
16.0.R1
Platforms
All
snmp boolean
Synopsis
Allow SNMP access
Context
configure system security user-params local-user user string access snmp boolean
Tree
Default
false
Introduced
16.0.R1
Platforms
All
cli-engine keyword
Synopsis
User level override for CLI engine access
Context
configure system security user-params local-user user string cli-engine keyword
Tree
Default
md-cli
Options
classic-cli, md-cli
Max. Elements
2
Notes
This element is ordered by the user.
Introduced
16.0.R1
Platforms
All
console
Synopsis
Enter the console context
Context
Tree
Introduced
16.0.R1
Platforms
All
cannot-change-password boolean
Synopsis
Change password privileges
Context
configure system security user-params local-user user string console cannot-change-password boolean
Default
false
Introduced
16.0.R1
Platforms
All
login-exec (sat-url | cflash-url | ftp-tftp-url | filename)
Synopsis
File to execute when a user successfully logs in
Context
configure system security user-params local-user user string console login-exec (sat-url | cflash-url | ftp-tftp-url | filename)
Tree
String Length
1 to 200
Introduced
16.0.R1
Platforms
All
member reference
Synopsis
User profiles for this user
Context
configure system security user-params local-user user string console member reference
Tree
Max. Elements
8
Notes
This element is ordered by the user.
Introduced
16.0.R1
Platforms
All
new-password-at-login boolean
Synopsis
Prompt a user to change password at next console login
Context
configure system security user-params local-user user string console new-password-at-login boolean
Default
false
Introduced
16.0.R1
Platforms
All
home-directory (sat-url | cflash-without-slot-url)
Synopsis
Home directory for the user
Context
configure system security user-params local-user user string home-directory (sat-url | cflash-without-slot-url)
Tree
String Length
1 to 200
Introduced
16.0.R1
Platforms
All
password string
Synopsis
Password to authenticate the user for console and FTP access
Context
configure system security user-params local-user user string password string
Tree
String Length
3 to 136
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
public-keys
Synopsis
Enter the public-keys context
Context
Tree
Introduced
16.0.R1
Platforms
All
ecdsa
Synopsis
Enter the ecdsa context
Context
Tree
Introduced
16.0.R1
Platforms
All
ecdsa-key [ecdsa-public-key-id] number
Synopsis
Enter the ecdsa-key list instance
Context
configure system security user-params local-user user string public-keys ecdsa ecdsa-key number
Tree
Introduced
16.0.R1
Platforms
All
[ecdsa-public-key-id] number
Synopsis
Number of the Secure Shell version 2 (SSHv2) ECDSA public key that is associated with system user
Context
configure system security user-params local-user user string public-keys ecdsa ecdsa-key number
Range
1 to 32
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
description string
Synopsis
Text description
Context
configure system security user-params local-user user string public-keys ecdsa ecdsa-key number description string
Tree
String Length
1 to 80
Introduced
16.0.R1
Platforms
All
key-value string
Synopsis
Number of the Secure Shell version 2 (SSHv2) ECDSA public key that is associated with system user
Context
configure system security user-params local-user user string public-keys ecdsa ecdsa-key number key-value string
Tree
String Length
1 to 255
Introduced
16.0.R1
Platforms
All
rsa
Synopsis
Enter the rsa context
Context
Tree
Introduced
16.0.R1
Platforms
All
rsa-key [rsa-public-key-id] number
Synopsis
Enter the rsa-key list instance
Context
configure system security user-params local-user user string public-keys rsa rsa-key number
Tree
Introduced
16.0.R1
Platforms
All
[rsa-public-key-id] number
Synopsis
Number of the Secure Shell version 2 (SSHv2) RSA public key that is associated with system user
Context
configure system security user-params local-user user string public-keys rsa rsa-key number
Range
1 to 32
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
description string
Synopsis
Text description
Context
configure system security user-params local-user user string public-keys rsa rsa-key number description string
Tree
String Length
1 to 80
Introduced
16.0.R1
Platforms
All
key-value string
Synopsis
Number of the Secure Shell version 2 (SSHv2) RSA public key that is associated with system user
Context
configure system security user-params local-user user string public-keys rsa rsa-key number key-value string
Tree
String Length
1 to 800
Introduced
16.0.R1
Platforms
All
restricted-to-home boolean
Synopsis
Users prevented from navigating above their home directories to access file
Context
configure system security user-params local-user user string restricted-to-home boolean
Tree
Default
false
Introduced
16.0.R1
Platforms
All
snmp
Synopsis
Enter the snmp context
Context
configure system security user-params local-user user string snmp
Tree
Introduced
16.0.R1
Platforms
All
authentication
Synopsis
Enable the authentication context
Context
Tree
Introduced
16.0.R1
Platforms
All
authentication-key string
Synopsis
Authentication key for authentication protocol
Context
configure system security user-params local-user user string snmp authentication authentication-key string
Tree
String Length
1 to 54
Introduced
16.0.R1
Platforms
All
authentication-protocol keyword
Synopsis
Authentication protocol
Context
configure system security user-params local-user user string snmp authentication authentication-protocol keyword
Options
md5, sha
Introduced
16.0.R1
Platforms
All
privacy
Synopsis
Enable the privacy context
Context
Tree
Introduced
16.0.R1
Platforms
All
privacy-key string
Synopsis
Localized privacy key for authentication
Context
configure system security user-params local-user user string snmp authentication privacy privacy-key string
Tree
String Length
1 to 51
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
privacy-protocol keyword
Synopsis
Encryption protocol for authentication
Context
configure system security user-params local-user user string snmp authentication privacy privacy-protocol keyword
Tree
Options
des, aes-128-cfb
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
group string
Synopsis
User to associate with a group name
Context
configure system security user-params local-user user string snmp group string
Tree
String Length
1 to 32
Introduced
16.0.R1
Platforms
All
vprn-network-exceptions
Synopsis
Enable the vprn-network-exceptions context
Introduced
16.0.R1
Platforms
All
count number
Synopsis
Limit of exception messages received
Context
Tree
Range
10 to 1000
Default
100
Introduced
16.0.R1
Platforms
All
window number
Synopsis
Time interval to measure exception messages
Context
Tree
Range
1 to 60
Default
10
Units
seconds
Introduced
16.0.R1
Platforms
All
selective-fib boolean
Synopsis
FIB assigned to the system
Context
configure system selective-fib boolean
Tree
Default
false
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
software-repository [repository-name] string
Synopsis
Enter the software-repository list instance
Context
configure system software-repository string
Tree
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
[repository-name] string
Synopsis
Unique name for the system software repository
Context
configure system software-repository string
String Length
1 to 32
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
description string
Synopsis
Text description
Context
configure system software-repository string description string
Tree
String Length
1 to 80
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
primary-location string
Synopsis
Primary location for the files in the software repository
Context
configure system software-repository string primary-location string
Tree
String Length
1 to 180
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
secondary-location string
Synopsis
Secondary location for the files in the software repository
Context
configure system software-repository string secondary-location string
Tree
String Length
1 to 180
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
tertiary-location string
Synopsis
Tertiary location for the files in the software repository
Context
configure system software-repository string tertiary-location string
Tree
String Length
1 to 180
Introduced
16.0.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS
switch-fabric
Synopsis
Enter the switch-fabric context
Context
Tree
Description
Commands in this context configure system level attributes related to the switch fabric.
Introduced
20.5.R1
Platforms
7450 ESS, 7750 SR-7, 7750 SR-7s, 7750 SR-14s, 7950 XRS-20, 7950 XRS-20e, 7950 XRS-40
failure-recovery
Synopsis
Enter the failure-recovery context
Context
Tree
Description
Commands in this context configure the attributes related to the automatic switch fabric recovery process. This process is triggered when there are two resets of an IOM/XCM due to ICC failures within a small time frame. The recovery process involves the sequential resetting of SFM in case the issues are due to one of the SFM in the ICC communication path. As the final step in the recovery process, a CPM switchover is triggered to reset the active CPM.
Introduced
21.2.R1
Platforms
7450 ESS, 7750 SR-7, 7950 XRS-20, 7950 XRS-20e, 7950 XRS-40
admin-state keyword
Synopsis
Administrative state of the failure recovery process
Context
Tree
Default
disable
Options
enable, disable
Introduced
21.2.R1
Platforms
7450 ESS, 7750 SR-7, 7950 XRS-20, 7950 XRS-20e, 7950 XRS-40
sfm-loss-threshold number
Synopsis
Number of SFMs that can fail before SFM overload state
Context
Tree
Description
This command specifies the number of SFMs that are permitted to fail before the system goes into SFM overload state.
The default value for the 7750 SR-7s is 1 and the default value for the 7750 SR-14s is 2. Users can select the SFM limit based on the number possible for the system minus one. For the 7750 SR-7s, the limit is 3 and the limit for the 7750 SR-14s is 7.
Range
1 to 7
Introduced
20.5.R1
Platforms
7750 SR-7s, 7750 SR-14s
telemetry
Synopsis
Enter the telemetry context
Tree
Description
Commands in this context configure the parameters for the dial-out telemetry functionality.
Introduced
20.2.R1
Platforms
All
destination-group [name] string
Synopsis
Enter the destination-group list instance
Context
Tree
Description
Commands in this context configure parameters for destination groups.
Max. Elements
225
Introduced
20.5.R1
Platforms
All
[name] string
Synopsis
Destination group name
Context
String Length
1 to 32
Notes
This element is part of a list key.
Introduced
20.5.R1
Platforms
All
allow-unsecure-connection
Synopsis
Allow unsecured operation of gRPC connections
Context
Notes
The following are part of a choice: allow-unsecure-connection or tls-client-profile.
Introduced
20.5.R1
Platforms
All
description string
Synopsis
Text description
Context
configure system telemetry destination-group string description string
Tree
String Length
1 to 80
Introduced
20.5.R1
Platforms
All
destination [address] (ipv4-address-no-zone | ipv6-address-no-zone | fully-qualified-domain-name) port number
Synopsis
Enter the destination list instance
Context
configure system telemetry destination-group string destination (ipv4-address-no-zone | ipv6-address-no-zone | fully-qualified-domain-name) port number
Tree
Max. Elements
4
Notes
This element is ordered by the user.
Introduced
20.5.R1
Platforms
All
[address] (ipv4-address-no-zone | ipv6-address-no-zone | fully-qualified-domain-name)
Synopsis
Address of the destination within the destination group
Context
configure system telemetry destination-group string destination (ipv4-address-no-zone | ipv6-address-no-zone | fully-qualified-domain-name) port number
String Length
1 to 255
Notes
This element is part of a list key.
Introduced
20.5.R1
Platforms
All
port number
Synopsis
TCP port number for the destination
Context
configure system telemetry destination-group string destination (ipv4-address-no-zone | ipv6-address-no-zone | fully-qualified-domain-name) port number
Range
0 | 1 to 65535
Notes
This element is part of a list key.
Introduced
20.5.R1
Platforms
All
router-instance string
Synopsis
Router instance for the destination group
Context
configure system telemetry destination-group string destination (ipv4-address-no-zone | ipv6-address-no-zone | fully-qualified-domain-name) port number router-instance string
Tree
Introduced
20.5.R1
Platforms
All
tcp-keepalive
Synopsis
Enter the tcp-keepalive context
Context
Tree
Introduced
20.5.R1
Platforms
All
admin-state keyword
Synopsis
Administrative state of the TCP keep-alive algorithm
Context
configure system telemetry destination-group string tcp-keepalive admin-state keyword
Tree
Default
disable
Options
enable, disable
Introduced
20.5.R1
Platforms
All
idle-time number
Synopsis
Time until the first TCP keepalive probe is sent
Context
configure system telemetry destination-group string tcp-keepalive idle-time number
Tree
Range
1 to 100000
Default
600
Units
seconds
Introduced
20.5.R1
Platforms
All
interval number
Synopsis
Time between TCP keepalive probes
Context
configure system telemetry destination-group string tcp-keepalive interval number
Tree
Range
1 to 100000
Default
15
Units
seconds
Introduced
20.5.R1
Platforms
All
retries number
Synopsis
Number of probe retries before closing the connection
Context
configure system telemetry destination-group string tcp-keepalive retries number
Tree
Description
This command configures the number of missed TCP keepalive probes before closing the TCP connection and attempting to reach the other destinations within the same destination group.
Range
3 to 100
Default
4
Introduced
20.5.R1
Platforms
All
tls-client-profile reference
Synopsis
TLS client profile assigned to the destination group
Context
configure system telemetry destination-group string tls-client-profile reference
Tree
Reference
configure system security tls client-tls-profile string
Notes
The following are part of a choice: allow-unsecure-connection or tls-client-profile.
Introduced
20.5.R1
Platforms
All
persistent-subscriptions
Synopsis
Enter the persistent-subscriptions context
Introduced
20.5.R1
Platforms
All
subscription [name] string
Synopsis
Enter the subscription list instance
Context
Tree
Max. Elements
225
Introduced
20.5.R1
Platforms
All
[name] string
Synopsis
Persistent subscription name
Context
String Length
1 to 32
Notes
This element is part of a list key.
Introduced
20.5.R1
Platforms
All
admin-state keyword
Synopsis
Administrative state of the persistent subscription
Context
configure system telemetry persistent-subscriptions subscription string admin-state keyword
Tree
Default
disable
Options
enable, disable
Introduced
20.5.R1
Platforms
All
description string
Synopsis
Text description
Context
configure system telemetry persistent-subscriptions subscription string description string
Tree
String Length
1 to 80
Introduced
20.5.R1
Platforms
All
destination-group reference
Synopsis
Name of the destination group used in the subscription
Context
configure system telemetry persistent-subscriptions subscription string destination-group reference
Tree
Reference
Introduced
20.5.R1
Platforms
All
encoding keyword
Synopsis
Encoding used for telemetry notifications
Context
configure system telemetry persistent-subscriptions subscription string encoding keyword
Tree
Description
This command specifies the encoding used for telemetry notifications as defined by the gNMI OpenConfig standard.
Default
json
Options
json, bytes, proto, json-ietf
Introduced
20.5.R1
Platforms
All
local-source-address (ipv4-address-no-zone | ipv6-address-no-zone)
Synopsis
Local IP address of packets sent from the source
Context
configure system telemetry persistent-subscriptions subscription string local-source-address (ipv4-address-no-zone | ipv6-address-no-zone)
Tree
Introduced
20.5.R1
Platforms
All
mode keyword
Synopsis
Mode for telemetry notifications
Context
configure system telemetry persistent-subscriptions subscription string mode keyword
Tree
Description
This command specifies the subscription path mode for telemetry notifications sent out for the persistent subscription.
Options
target-defined, on-change, sample
Introduced
20.5.R1
Platforms
All
originated-qos-marking keyword
Synopsis
QoS marking used for telemetry notification packets
Context
Options
be, cp1, cp2, cp3, cp4, cp5, cp6, cp7, cs1, cp9, af11, cp11, af12, cp13, af13, cp15, cs2, cp17, af21, cp19, af22, cp21, af23, cp23, cs3, cp25, af31, cp27, af32, cp29, af33, cp31, cs4, cp33, af41, cp35, af42, cp37, af43, cp39, cs5, cp41, cp42, cp43, cp44, cp45, ef, cp47, nc1, cp49, cp50, cp51, cp52, cp53, cp54, cp55, nc2, cp57, cp58, cp59, cp60, cp61, cp62, cp63
Introduced
20.5.R1
Platforms
All
sample-interval number
Synopsis
Sampling interval for the persistent subscription
Context
configure system telemetry persistent-subscriptions subscription string sample-interval number
Tree
Description
This command configures the sampling interval for the persistent subscription. The interval applies only in sampling or target-defined modes.
Range
1000 to max
Default
10000
Units
milliseconds
Introduced
20.5.R1
Platforms
All
sensor-group reference
Synopsis
Sensor group used in the persistent subscription
Context
configure system telemetry persistent-subscriptions subscription string sensor-group reference
Tree
Description
This command specifies the sensor group to be used in the persistent subscription. If no valid paths exist in the sensor group, the configuration is accepted, however, no gRPC connection is established when persistent subscription is activated.
Reference
Introduced
20.5.R1
Platforms
All
sensor-groups
Synopsis
Enter the sensor-groups context
Context
Tree
Introduced
20.5.R1
Platforms
All
sensor-group [name] string
Synopsis
Enter the sensor-group list instance
Context
Tree
Max. Elements
225
Introduced
20.5.R1
Platforms
All
[name] string
Synopsis
Sensor group name
Context
String Length
1 to 32
Notes
This element is part of a list key.
Introduced
20.5.R1
Platforms
All
description string
Synopsis
Text description
Context
configure system telemetry sensor-groups sensor-group string description string
Tree
String Length
1 to 80
Introduced
20.5.R1
Platforms
All
path [xpath] string
Synopsis
Add a list entry for path
Context
configure system telemetry sensor-groups sensor-group string path string
Tree
Max. Elements
4500
Introduced
20.5.R1
Platforms
All
[xpath] string
Synopsis
YANG model path indicating the data to be streamed
Context
configure system telemetry sensor-groups sensor-group string path string
Description
The command specifies the path from which data is streamed to the collector. Streamed data includes all descendants of the tree indicated by the path.
String Length
1 to 512
Notes
This element is part of a list key.
Introduced
20.5.R1
Platforms
All
thresholds
Synopsis
Enter the thresholds context
Context
Tree
Introduced
16.0.R1
Platforms
All
cflash-cap-alarm-percent [cflash-id] string
Synopsis
Enter the cflash-cap-alarm-percent list instance
Context
Introduced
16.0.R1
Platforms
All
[cflash-id] string
Synopsis
Capacity that monitors the cflash (compact flash) assigned in this command
Context
String Length
1 to 200
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
falling-threshold number
Synopsis
Specifies the falling threshold percentage value for sampled statistics of cflash capacity alarm entry.
Context
configure system thresholds cflash-cap-alarm-percent string falling-threshold number
Tree
Range
0 to 100
Units
percent
Introduced
16.0.R4
Platforms
All
interval number
Synopsis
Polling period over which data is sampled and compared
Context
configure system thresholds cflash-cap-alarm-percent string interval number
Tree
Range
1 to 2147483647
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
rising-threshold number
Synopsis
Specifies the rising threshold percentage value for sampled statistics of cflash capacity alarm entry.
Context
configure system thresholds cflash-cap-alarm-percent string rising-threshold number
Tree
Range
0 to 100
Units
percent
Notes
This element is mandatory.
Introduced
16.0.R4
Platforms
All
rmon-event-type keyword
Synopsis
Notification type specifying action when event occurs
Context
configure system thresholds cflash-cap-alarm-percent string rmon-event-type keyword
Tree
Default
both
Options
none, log, trap, both
Introduced
16.0.R1
Platforms
All
startup-alarm keyword
Synopsis
Alarm type when the alarm is first created
Context
configure system thresholds cflash-cap-alarm-percent string startup-alarm keyword
Tree
Default
either
Options
rising, falling, either
Introduced
16.0.R1
Platforms
All
cflash-cap-warn-percent [cflash-id] string
Synopsis
Enter the cflash-cap-warn-percent list instance
Context
Introduced
16.0.R1
Platforms
All
[cflash-id] string
Synopsis
Capacity that monitors the cflash (compact flash) assigned in this command
Context
String Length
1 to 200
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
falling-threshold number
Synopsis
Specifies the falling threshold percentage value for sampled statistics of cflash capacity alarm entry.
Context
configure system thresholds cflash-cap-warn-percent string falling-threshold number
Tree
Range
0 to 100
Units
percent
Introduced
16.0.R4
Platforms
All
interval number
Synopsis
Polling period over which data is sampled and compared
Context
configure system thresholds cflash-cap-warn-percent string interval number
Tree
Range
1 to 2147483647
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
rising-threshold number
Synopsis
Specifies the rising threshold percentage value for sampled statistics of cflash capacity alarm entry.
Context
configure system thresholds cflash-cap-warn-percent string rising-threshold number
Tree
Range
0 to 100
Units
percent
Notes
This element is mandatory.
Introduced
16.0.R4
Platforms
All
rmon-event-type keyword
Synopsis
Notification type specifying action when event occurs
Context
configure system thresholds cflash-cap-warn-percent string rmon-event-type keyword
Tree
Default
both
Options
none, log, trap, both
Introduced
16.0.R1
Platforms
All
startup-alarm keyword
Synopsis
Alarm type when the alarm is first created
Context
configure system thresholds cflash-cap-warn-percent string startup-alarm keyword
Tree
Default
either
Options
rising, falling, either
Introduced
16.0.R1
Platforms
All
kb-memory-use-alarm
Synopsis
Enable the kb-memory-use-alarm context
Context
Tree
Introduced
16.0.R4
Platforms
All
falling-threshold number
Synopsis
Specifies the threshold for the sampled statistic for the falling threshold event.
Context
Tree
Range
-2147483648 to 2147483647
Introduced
16.0.R4
Platforms
All
interval number
Synopsis
Polling period over which data is sampled and compared
Context
Tree
Range
1 to 2147483647
Notes
This element is mandatory.
Introduced
16.0.R4
Platforms
All
rising-threshold number
Synopsis
Specifies the threshold for the sampled statistic for the rising threshold event.
Context
Tree
Range
-2147483648 to 2147483647
Notes
This element is mandatory.
Introduced
16.0.R4
Platforms
All
rmon-event-type keyword
Synopsis
Notification type specifying action when event occurs
Context
Tree
Default
both
Options
none, log, trap, both
Introduced
16.0.R4
Platforms
All
startup-alarm keyword
Synopsis
Alarm type when the alarm is first created
Context
Tree
Default
either
Options
rising, falling, either
Introduced
16.0.R4
Platforms
All
kb-memory-use-warn
Synopsis
Enable the kb-memory-use-warn context
Context
Tree
Introduced
16.0.R4
Platforms
All
falling-threshold number
Synopsis
Specifies the threshold for the sampled statistic for the falling threshold event.
Context
Tree
Range
-2147483648 to 2147483647
Introduced
16.0.R4
Platforms
All
interval number
Synopsis
Polling period over which data is sampled and compared
Context
Tree
Range
1 to 2147483647
Notes
This element is mandatory.
Introduced
16.0.R4
Platforms
All
rising-threshold number
Synopsis
Specifies the threshold for the sampled statistic for the rising threshold event.
Context
Tree
Range
-2147483648 to 2147483647
Notes
This element is mandatory.
Introduced
16.0.R4
Platforms
All
rmon-event-type keyword
Synopsis
Notification type specifying action when event occurs
Context
Tree
Default
both
Options
none, log, trap, both
Introduced
16.0.R4
Platforms
All
startup-alarm keyword
Synopsis
Alarm type when the alarm is first created
Context
Tree
Default
either
Options
rising, falling, either
Introduced
16.0.R4
Platforms
All
rmon
Synopsis
Enter the rmon context
Context
Tree
Introduced
16.0.R1
Platforms
All
alarm [rmon-alarm-id] number
Synopsis
Enter the alarm list instance
Context
configure system thresholds rmon alarm number
Tree
Max. Elements
1200
Introduced
16.0.R1
Platforms
All
[rmon-alarm-id] number
Synopsis
Index ID for an entry in the alarm table
Context
configure system thresholds rmon alarm number
Range
0 to 65400
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
falling-event number
Synopsis
RMON event ID used when a falling threshold crossing event occurs
Context
configure system thresholds rmon alarm number falling-event number
Tree
Range
0 to 65400
Introduced
16.0.R1
Platforms
All
falling-threshold number
Synopsis
Falling threshold for the sampled statistic
Context
configure system thresholds rmon alarm number falling-threshold number
Tree
Description
This command specifies a falling threshold for the sampled statistic. When the current sampled value is less than or equal to this threshold and the value at the last sampling interval was greater than this threshold, a single threshold crossing event is generated. A single threshold crossing event is also generated if the first sample taken is less than or equal to this threshold and the associated startup-alarm command is set to falling or either.
After a falling threshold crossing event is generated, another such event is not generated until the sampled value exceeds this threshold and reaches or exceeds the rising-threshold command setting.
Range
-2147483648 to 2147483647
Introduced
16.0.R1
Platforms
All
interval number
Synopsis
Polling period over which data is sampled and compared
Tree
Description
This command specifies the polling interval over which the data is sampled and compared with the rising and falling thresholds
Range
1 to 2147483647
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
owner string
Synopsis
Owner that created this entry and uses the resources
Tree
String Length
1 to 80
Default
TiMOS CLI
Introduced
16.0.R1
Platforms
All
rising-event number
Synopsis
RMON event ID used when a rising event threshold event occurs
Context
configure system thresholds rmon alarm number rising-event number
Tree
Range
0 to 65400
Introduced
16.0.R1
Platforms
All
rising-threshold number
Synopsis
Rising threshold for the sampled statistic
Context
configure system thresholds rmon alarm number rising-threshold number
Tree
Description
This command specifies the rising threshold for the sampled statistic. When the current sampled value is greater than or equal to this threshold and the value at the last sampling interval was below this threshold, a single threshold crossing event is generated. A single threshold crossing event is also generated if the first sample taken is greater than or equal to this threshold and the associated startup-alarm command is set to rising or either.
After a rising threshold crossing event is generated, another such event is not generated until the sampled value falls below this threshold and reaches or falls below the falling-threshold command setting.
Range
-2147483648 to 2147483647
Introduced
16.0.R1
Platforms
All
sample-type keyword
Synopsis
Method to sample the selected variable and calculate the value comparing against the thresholds
Context
configure system thresholds rmon alarm number sample-type keyword
Tree
Default
absolute
Options
absolute, delta
Introduced
16.0.R1
Platforms
All
startup-alarm keyword
Synopsis
Alarm to send when this entry is first set to valid
Context
configure system thresholds rmon alarm number startup-alarm keyword
Tree
Default
either
Options
rising, falling, either
Introduced
16.0.R1
Platforms
All
variable-oid string
Synopsis
Object identifier to sample the specific variable
Context
configure system thresholds rmon alarm number variable-oid string
Tree
String Length
1 to 255
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
event [rmon-event-id] number
Synopsis
Enter the event list instance
Context
configure system thresholds rmon event number
Tree
Max. Elements
1200
Introduced
16.0.R1
Platforms
All
[rmon-event-id] number
Synopsis
Index ID for an entry in the event table
Context
configure system thresholds rmon event number
Range
1 to 65400
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
description string
Synopsis
Text description
Context
configure system thresholds rmon event number description string
Tree
String Length
1 to 80
Introduced
16.0.R1
Platforms
All
event-type keyword
Synopsis
Type of notification action to be taken when this event occurs
Context
configure system thresholds rmon event number event-type keyword
Tree
Default
both
Options
none, log, trap, both
Introduced
16.0.R1
Platforms
All
owner string
Synopsis
Owner that created this entry and uses the resources
Tree
String Length
1 to 80
Default
TiMOS CLI
Introduced
16.0.R1
Platforms
All
time
Synopsis
Enter the time context
Tree
Introduced
16.0.R1
Platforms
All
dst-zone [summer-time-zone] string
Synopsis
Enter the dst-zone list instance
Tree
Max. Elements
1
Introduced
16.0.R1
Platforms
All
[summer-time-zone] string
Synopsis
Name of a summer time zone
String Length
1 to 5
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
end
Synopsis
Enter the end context
Tree
Introduced
16.0.R1
Platforms
All
day keyword
Synopsis
Day of the week when the daylight savings time setting ends
Tree
Default
sunday
Options
sunday, monday, tuesday, wednesday, thursday, friday, saturday
Introduced
16.0.R1
Platforms
All
hours-minutes string
Synopsis
Hour and number of minutes after which the daylight savings time ends
Tree
String Length
5
Default
00:00
Introduced
16.0.R1
Platforms
All
month keyword
Synopsis
Month of the week when the daylight savings time setting ends
Tree
Default
january
Options
january, february, march, april, may, june, july, august, september, october, november, december
Introduced
16.0.R1
Platforms
All
week keyword
Synopsis
Week of the month when the daylight savings time setting ends
Tree
Default
first
Options
first, second, third, fourth, last
Introduced
16.0.R1
Platforms
All
offset number
Synopsis
Offset for summer time setting
Tree
Range
0 to 60
Default
60
Units
minutes
Introduced
16.0.R1
Platforms
All
start
Synopsis
Enter the start context
Tree
Introduced
16.0.R1
Platforms
All
day keyword
Synopsis
Day of the week when the daylight savings time setting starts
Tree
Default
sunday
Options
sunday, monday, tuesday, wednesday, thursday, friday, saturday
Introduced
16.0.R1
Platforms
All
hours-minutes string
Synopsis
Hour and number of minutes after which the daylight savings time starts
Tree
String Length
5
Default
00:00
Introduced
16.0.R1
Platforms
All
month keyword
Synopsis
Month of the week when the daylight savings time setting starts
Tree
Default
january
Options
january, february, march, april, may, june, july, august, september, october, november, december
Introduced
16.0.R1
Platforms
All
week keyword
Synopsis
Week of the month when the daylight savings time setting starts
Tree
Default
first
Options
first, second, third, fourth, last
Introduced
16.0.R1
Platforms
All
ntp
Synopsis
Enable the ntp context
Tree
Introduced
16.0.R1
Platforms
All
admin-state keyword
Synopsis
Administrative state of NTP execution
Context
configure system time ntp admin-state keyword
Tree
Default
disable
Options
enable, disable
Introduced
16.0.R1
Platforms
All
authentication-check boolean
Synopsis
Reject NTP PDUs that do not match the authentication key-id, type, or key requirements
Context
configure system time ntp authentication-check boolean
Tree
Default
true
Introduced
16.0.R1
Platforms
All
authentication-key [key-id] number
Synopsis
Enter the authentication-key list instance
Context
configure system time ntp authentication-key number
Tree
Introduced
16.0.R1
Platforms
All
[key-id] number
Synopsis
Index of the NTP authentication key table that uniquely identifies an authentication key and type
Context
configure system time ntp authentication-key number
Range
1 to 255
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
key string
Synopsis
Key to authenticate NTP packets
Tree
String Length
1 to 71
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
type keyword
Synopsis
Type of authentication method to authenticate NTP packet
Tree
Options
des, message-digest
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
broadcast [router-instance] reference interface-name string
Synopsis
Enter the broadcast list instance
Tree
Introduced
16.0.R1
Platforms
All
[router-instance] reference
Synopsis
Router name
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
interface-name string
Synopsis
Router interface name
String Length
1 to 32
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
key-id reference
Synopsis
Specifies the key-id of the authentication key and its authentication type used by this node to receive and transmit NTP packets to and from an NTP node.
Tree
Reference
configure system time ntp authentication-key number
Introduced
16.0.R1
Platforms
All
ttl number
Synopsis
TTL value of messages transmitted by this broadcast address
Tree
Range
1 to 255
Default
127
Introduced
16.0.R1
Platforms
All
version number
Synopsis
NTP version number generated or accepted by this node in NTP packets
Tree
Range
2 to 4
Default
4
Introduced
16.0.R1
Platforms
All
broadcast-client [router-instance] string interface-name string
Synopsis
Enter the broadcast-client list instance
Context
configure system time ntp broadcast-client string interface-name string
Tree
Introduced
16.0.R1
Platforms
All
[router-instance] string
Synopsis
Router name or VPRN service name
Context
configure system time ntp broadcast-client string interface-name string
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
interface-name string
Synopsis
Router interface name
Context
configure system time ntp broadcast-client string interface-name string
String Length
1 to 32
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
authenticate boolean
Synopsis
NTP PDUs authentication required when acting as a broadcast client
Context
configure system time ntp broadcast-client string interface-name string authenticate boolean
Tree
Default
false
Introduced
16.0.R1
Platforms
All
multicast
Synopsis
Enable the multicast context
Tree
Introduced
16.0.R1
Platforms
All
key-id reference
Synopsis
Specifies the key-id of the authentication key and its authentication type used by this node to receive and transmit NTP packets to and from an NTP node.
Tree
Reference
configure system time ntp authentication-key number
Introduced
16.0.R1
Platforms
All
version number
Synopsis
NTP version number generated by the node
Tree
Description
This command specifies the NTP version number that is generated by the node. This command does not need to be configured when in client mode, in which case all three versions are accepted.
Range
2 to 4
Default
4
Introduced
16.0.R1
Platforms
All
multicast-client
Synopsis
Enable the multicast-client context
Context
Tree
Introduced
16.0.R1
Platforms
All
authenticate boolean
Synopsis
Authentication of NTP PDUs required when acting as a client
Context
configure system time ntp multicast-client authenticate boolean
Tree
Default
false
Introduced
16.0.R1
Platforms
All
ntp-server
Synopsis
Enable the ntp-server context
Context
Tree
Introduced
16.0.R1
Platforms
All
authenticate boolean
Synopsis
Authentication of NTP PDUs when acting as a server
Context
configure system time ntp ntp-server authenticate boolean
Tree
Default
false
Introduced
16.0.R1
Platforms
All
peer [ip-address] (ipv4-address-no-zone | ipv6-address-no-zone) router-instance string
Synopsis
Enter the peer list instance
Context
Tree
Introduced
16.0.R1
Platforms
All
[ip-address] (ipv4-address-no-zone | ipv6-address-no-zone)
Synopsis
Identifies a node that will provide time to the NTP client of this system.
Context
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
router-instance string
Synopsis
Router name or VPRN service name
Context
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
key-id reference
Synopsis
Specifies the key-id of the authentication key and its authentication type used by this node to receive and transmit NTP packets to and from an NTP node.
Context
Tree
Reference
configure system time ntp authentication-key number
Introduced
16.0.R1
Platforms
All
prefer boolean
Synopsis
NTP server from which is preferred to receive time
Context
Tree
Default
false
Introduced
16.0.R1
Platforms
All
version number
Synopsis
NTP version number generated by the node
Context
Tree
Description
This command specifies the NTP version number that is generated by the node. This command does not need to be configured when in client mode, in which case all three versions are accepted.
Range
2 to 4
Default
4
Introduced
16.0.R1
Platforms
All
server [ip-address] (ipv4-address-no-zone | ipv6-address-no-zone | keyword) router-instance string
Synopsis
Enter the server list instance
Context
Tree
Introduced
16.0.R1
Platforms
All
[ip-address] (ipv4-address-no-zone | ipv6-address-no-zone | keyword)
Synopsis
IP address of an external NTP server
Context
Options
ptp
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
router-instance string
Synopsis
Router name or VPRN service name
Context
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
key-id reference
Synopsis
Specifies the key-id of the authentication key and its authentication type used by this node to receive and transmit NTP packets to and from an NTP node.
Context
Tree
Reference
configure system time ntp authentication-key number
Introduced
16.0.R1
Platforms
All
prefer boolean
Synopsis
NTP server from which is preferred to receive time
Context
Tree
Default
false
Introduced
16.0.R1
Platforms
All
version number
Synopsis
NTP version number generated by the node
Context
Tree
Description
This command specifies the NTP version number that is generated by the node. This command does not need to be configured when in client mode, in which case all three versions are accepted.
Range
2 to 4
Default
4
Introduced
16.0.R1
Platforms
All
prefer-local-time boolean
Synopsis
Use local time over UTC time in the system
Context
configure system time prefer-local-time boolean
Tree
Default
false
Introduced
16.0.R1
Platforms
All
sntp
Synopsis
Enter the sntp context
Tree
Introduced
16.0.R1
Platforms
All
admin-state keyword
Synopsis
Administrative state of the SNTP protocol execution
Context
configure system time sntp admin-state keyword
Tree
Default
disable
Options
enable, disable
Introduced
16.0.R1
Platforms
All
server [ip-address] (ipv4-address-no-zone | ipv6-address-no-zone)
Synopsis
Enter the server list instance
Tree
Introduced
16.0.R1
Platforms
All
[ip-address] (ipv4-address-no-zone | ipv6-address-no-zone)
Synopsis
IP address of the SNTP server
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
interval number
Synopsis
Frequency of querying the server
Context
Tree
Range
64 to 1024
Default
64
Units
seconds
Introduced
16.0.R1
Platforms
All
prefer boolean
Synopsis
Preference value for this SNTP server
Context
Tree
Default
false
Introduced
16.0.R1
Platforms
All
version number
Synopsis
SNTP version supported by this server
Context
Tree
Range
1 to 3
Default
3
Introduced
16.0.R1
Platforms
All
sntp-state keyword
Synopsis
Mode for Simple Network Time Protocol (SNTP)
Context
configure system time sntp sntp-state keyword
Tree
Default
unicast
Options
unicast, broadcast
Introduced
16.0.R1
Platforms
All
zone
Synopsis
Enter the zone context
Tree
Introduced
16.0.R1
Platforms
All
non-standard
Synopsis
Enter the non-standard context
Context
Tree
Notes
The following are part of a choice: non-standard or standard.
Introduced
16.0.R1
Platforms
All
name string
Synopsis
Active non-standard time zone in this managed system
Tree
String Length
1 to 5
Introduced
16.0.R1
Platforms
All
offset string
Synopsis
Number of hours and minutes by which the time zone offsets from UTC
Tree
String Length
5 to 6
Introduced
16.0.R1
Platforms
All
standard
Synopsis
Enter the standard context
Tree
Notes
The following are part of a choice: non-standard or standard.
Introduced
16.0.R1
Platforms
All
name keyword
Synopsis
Active standard time zone in this managed system
Tree
Default
utc
Options
hst, akst, pst, mst, cst, est, ast, nst, utc, gmt, wet, cet, eet, msk, msd, awst, acst, aest, nzst
Introduced
16.0.R1
Platforms
All
transmission-profile [name] string
Synopsis
Enter the transmission-profile list instance
Context
configure system transmission-profile string
Tree
Introduced
16.0.R4
Platforms
All
[name] string
Synopsis
Name of file transmission profile
Context
configure system transmission-profile string
String Length
1 to 32
Notes
This element is part of a list key.
Introduced
16.0.R4
Platforms
All
ipv4-source-address string
Synopsis
IPv4 source address of the file transmission connections
Context
configure system transmission-profile string ipv4-source-address string
Tree
Introduced
16.0.R4
Platforms
All
ipv6-source-address string
Synopsis
IPv6 source address of the file transmission connections
Context
configure system transmission-profile string ipv6-source-address string
Tree
Introduced
16.0.R4
Platforms
All
redirection number
Synopsis
Maximum level of redirection
Context
configure system transmission-profile string redirection number
Tree
Range
1 to 8
Introduced
16.0.R4
Platforms
All
retry number
Synopsis
Number of attempts to reconnecting to the server
Context
configure system transmission-profile string retry number
Tree
Range
1 to 256
Introduced
16.0.R4
Platforms
All
router-instance string
Synopsis
Router instance that hosts the file transmission connection
Context
configure system transmission-profile string router-instance string
Tree
String Length
1 to 64
Default
Base
Introduced
16.0.R4
Platforms
All
timeout number
Synopsis
Timeout for a response from the server
Context
configure system transmission-profile string timeout number
Tree
Range
1 to 3600
Default
60
Units
seconds
Introduced
16.0.R4
Platforms
All