This command specifies BGP or PIM, for PE-to-PE signaling of CE multicast states. When this command is set to PIM and neighbor discovery by BGP is disabled, PIM peering will be enabled on the inclusive tree.

Changes may only be made to this command when the mvpn node is shutdown.

The no form of this command reverts it back to the default.

This command configures the Connectivity Association (CA) linked to this MACsec sub-port. The specified CA provides the MACsec parameter to be used or negotiated with other peers.

The no form of this command removes the CA from the MACsec sub-port.

This command specifies a CA certificate in the specified ca-profile to be sent to the peer.

Multiple configurations (up to seven) of this command are allowed in the same entry.

This command creates a new ca-profile or enters the configuration context of an existing ca-profile. Up to 128 ca-profiles can be created in the system. A shutdown of the ca-profile will not affect the current up and running ipsec-tunnel or ipsec-gw that is associated with the ca-profile. However, authentication afterwards will fail with a shutdown ca-profile.

Executing a no shutdown command in this context causes the system to reload the configured cert-file and crl-file.

A ca-profile can be applied under the ipsec-tunnel or ipsec-gw configuration.

The no form of this command removes the name parameter from the configuration. A ca-profile cannot be removed until all the associated entities (ipsec-tunnel/gw) have been removed.

This command debugs output of the specified CA profile.

This command enables a certificate authority (CA) certificate in the specified CA profile to be sent to the peer. Up to seven configurations of this command are permitted in the same entry.

The no form of the command disables the transmission of a CA certificate from the specified CA profile.

This command downloads a Certificate Authority (CA) certificate from an EST server specified by the EST profile. The downloaded certificate is imported and saved with the filename specified by the output-cert-filename.

Commands in this context configure the limits of the caching API inside the Python scripts.

The no form of this command removes the configured cache parameters from the configuration.

Commands in this context configure the cache under radius-proxy server. The cache contains per-subscriber authentication information learned from RADIUS authentication messages, and is used to authorize subsequent DHCP requests.

This command enables debugging for cache reset RPKI packets.

The no form of this command disables debugging for cache reset RPKI packets.

This command enables debugging for cache response RPKI packets.

The no form of this command disables debugging for cache response RPKI packets.

This command specifies the maximum number of active flows to maintain in the flow cache table.

The no form of this command resets the number of active entries back to the default value.

Specifies the connectivity association key (CAK) for a pre-shared key. Two values are derived from CAK.

The no form of this command removes the value.

This command specifies whether or not to count the number of tunnels matching the specified criteria.

Note: Do not enable this command if the expected number of tunnels is large.

Commands in this context configure parameters related to the call trace debugging tool.

Commands in this context set up various call trace debug sessions.

This command includes called station ID attributes.

The no form of this command reverts to the default.

This command includes called station ID attributes.

The no form of this command reverts to the default.

This command configures the value of the called station ID AVP.

The no form of this command returns the command to the default setting.

This command includes called station ID attributes.

The no form of this command excludes called station ID attributes.

This command includes called station id attributes.

The no form of the command excludes called station id attributes.

This command what string to put in the Calling Number AVP, for L2TP control messages related to a session in this L2TP protocol instance.

This command enables the inclusion of the calling-station-id attribute in RADIUS authentication requests and RADIUS accounting messages.

This command enables the inclusion of the calling-station-id attribute in RADIUS authentication requests and RADIUS accounting messages.

This command enables the inclusion of the calling-station-id attribute in RADIUS authentication requests and RADIUS accounting messages.

The no form of this command reverts to the default.

This command includes the calling-station-id AVP in the specified format.

The no form of this command reverts to the default.

This command enables the inclusion of the calling-station-id attribute in RADIUS authentication requests and RADIUS accounting messages.

This command enables the NETCONF cancel-commit operation.

The no form of this command disables the operation.

Commands in this context edit candidate configurations.

Commands in the candidate CLI branch, except candidate edit, are available only when in edit-cfg mode.

This command enables support of the candidate datastore in the SR OS NETCONF server. If the candidate is disabled then requests that reference the candidate datastore return an error, and when a NETCONF client establishes a new session the candidate capability is not advertised in the SR OS <hello>. This command also controls support of the <commit> and <discard-changes> operations.

When management-interface configuration-mode is set to classic, then the candidate capability is disabled, even if candidate is configured.

The no form of the command disables support of the candidate datastore in the SR OS NETCONF server.

This command allows a user the privilege to change their password for both FTP and console login.

To disable a user’s privilege to change their password, use the cannot-change-password form of this command.

Note: The cannot-change-password flag is not replicated when a user copy is performed. A new-password-at-login flag is created instead.

This command configures an application profile capacity cost. Capacity-Cost based load balancing allows a cost to be assigned to diverted SAPs (with the app-profile) and this is then used for load-balancing SAPs between ISAs as well as for a threshold that notifies the operator if/when capacity planning has been exceeded.

This command configures the captive redirect capability for an HTTP redirect policy. HTTP redirect policies using captive redirect can be used in conjunction with a session filter policy and will terminate TCP flows in the ISA-AA card before reaching the Internet to redirect subscribers to the predefined redirect URL. Non-HTTP TCP flows are TCP reset. Captive redirect uses the provisioned VLAN id to send the HTTP response to subscribers; therefore this VLAN id must be properly assigned in the same VPN as the subscriber. The operator can select the URL arguments to include in the redirect URL using either a specific template id or by configuring the redirect URL using one of the supported macro substitution keywords.

This command starts and stops the packet capture process for the specified session-name.

This command enables or disables the generation of dynamic services data trigger debug events, such as:

Multiple capture SAPs can be specified simultaneously.

Optionally, a single encap-val per capture-sap can be specified to limit the output of the debug events to the data trigger events with the specified encapsulation.

Optionally, the debug output can be restricted to dropped data trigger events only.

This mandatory command enables access to the chassis card IOM, MDA, XCM and XMA CLI contexts.

The no form of this command removes the card from the configuration. All associated ports, services, and MDAs must be shutdown.

This mandatory command adds an IOM/XCM to the device configuration for the slot. The card type can be preprovisioned, meaning that the card does not need to be installed in the chassis.

A card must be provisioned before an MDA, connector, or port can be configured.

A card can only be provisioned in a slot that is vacant, meaning no other card can be provisioned (configured) for that particular slot. To reconfigure a slot position, use the no form of this command to remove the current information.

A card can only be provisioned in a slot if the card type is allowed in the slot. An error message is generated if an attempt is made to provision a card type that is not allowed.

If a card is inserted that does not match the configured card type for the slot, then a log event and facility alarm is raised. The alarm is cleared when the correct card type is installed or the configuration is modified.

A log event and facility alarm are is raised if an administratively enabled card is removed from the chassis. The alarm is cleared when the correct card type is installed or the configuration is modified. A log event is issued when a card is removed that is administratively disabled.

Because IMMs do not have the capability to install separate MDAs, the configuration of the MDA is automatic. This configuration only includes the default parameters such as default buffer policies. Commands to manage the MDA such as shutdown and so on, remain in the MDA configuration context.

Some card hardware can support two different firmware loads. One load includes the base Ethernet functionality, including 10G WAN mode, but does not include 1588 port-based timestamping. The second load includes the base Ethernet functionality and 1588 port-based timestamping, but does not include 10G WAN mode. These are identified as two card types that are the same, except for a “-ptp” suffix to indicate the second loadset; for example, imm40-10gb-sfp and imm40-10gb-sfp-ptp. A hard reset of the card occurs when switching between the two provisioned types.

An appropriate alarm is raised if a partial or complete card failure is detected. The alarm is cleared when the error condition ceases.

New generations of cards include variants controlled by hardware and software licensing. For these cards, the license level must be provisioned in addition to the card type. A card can not become operational unless the provisioned license level matches the license level of the card installed into the slot. The set of license levels varies by card type.

The provisioned level controls aspects related to connector provisioning and the consumption of hardware egress queues and egress policers. Changes to the provisioned license level may be blocked if configuration exists that would not be permitted with the new target license level.

If the license level is not specified, the level is set to the highest license level for that card.

The no form of this command removes the card from the configuration.

This command configures a VPRN service to support a Carrier Supporting Carrier model. It should be configured on a network provider’s CSC-PE device.

This command cannot be applied to a VPRN unless it has no SAP or spoke-SDP interfaces. Once this command has been entered one or more MPLS-capable CSC interfaces can be created in the VPRN.

The no form of this command removes the Carrier Supporting Carrier capability from a VPRN.

Commands in this context configure RADIUS credit control, Diameter credit control (Gy), Diameter Gx Usage Monitoring, or Idle-Timeout.

Up to sixteen categories can be configured per category map. The internal category for Gx session level Usage Monitoring is included in this limit. The instantiation of the internal category is controlled with the gx-session-level-usage command.

This command defines the category in the category map to be used for the idle timeout monitoring of subscriber hosts.

The no form of this command reverts to the default.

This command configures the category that will be blocked in the category profile.

The no form of this command removes the category blocking configuration.

This command specifies the category map name.

The no form of this command reverts to the default.

This command references the category-map to be used for the idle-timeout monitoring of subscriber hosts associated with this sla-profile. The category-map must already exist in the config>subscr-mgmt context.

The no form of this command reverts to the default.

This command specifies the category map name.

The no form of this command removes the category map name from the configuration.

This command overrides the default Committed Buffer Size (CBS) for each individual path’s queue. The queues CBS threshold is used when requesting buffers from the systems ingress buffer pool to indicate whether the requested buffer should be removed from the reserved portion of the buffer pool or the shared portion. When the queue’s fill depth is below or equal to the CBS threshold, the requested buffer comes from the reserved portion. Once the queues depth exceeds the CBS threshold, buffers come from the shared portion.

The cbs percent-of-resv-cbs parameter is defined as a percentage of the reserved portion of the pool. The system allows the sum of all CBS values to equal more than 100% allowing for oversubscription of the reserved portion of the pool. If the reserved portion is oversubscribed and the queues are currently using more reserved space than provisioned in the pool, the pool automatically starts using the shared portion of the pool for within-CBS buffer allocation. The shared early detection slopes can assume more buffers that exist within the shared portion that may cause the early detection function to fail.

For the primary-path and secondary-path queues, the percentage is applied to a single queue for each path.

The no form of this command restores the path queues default CBS value.

This command can be used to override specific attributes of the specified queue's CBS parameters. It is permissible, and possibly desirable, to oversubscribe the total CBS reserved buffers for a given access port egress buffer pool. Oversubscription may be desirable due to the potential large number of service queues and the economy of statistical multiplexing the individual queues’ CBS settings into the defined reserved total.

When oversubscribing the reserved total, it is possible for a queue depth to be lower than its CBS setting and still not receive a buffer from the buffer pool for an ingress frame. As more queues are using their CBS buffers and the total in use exceeds the defined reserved total, essentially the buffers are being removed from the shared portion of the pool without the shared in use average and total counts being decremented. This can affect the operation of the high and low priority RED slopes on the pool, causing them to miscalculate when to start randomly drop packets.

The no form of this command returns the CBS size to the size as configured in the QoS policy.

This command is used to configure the policer’s CIR leaky bucket’s exceed threshold. The CIR bucket’s exceed threshold represents the committed burst tolerance allowed by the policer. If the policer’s forwarding rate is equal to or less than the policer's defined CIR, the CIR bucket depth hovers around the 0 depth with spikes up to the maximum packet size in the offered load. If the forwarding rate increases beyond the profiling rate, the amount of data allowed to be in-profile above the rate is capped by the threshold.

The policer’s cbs size defined in the QoS policy may be overridden on an sla-profile or SAP where the policy is applied.

The no form of this command returns the policer to its default CBS size.

This command overrides specific attributes of the specified queue’s CBS parameters.

It is permissible, and possibly desirable, to oversubscribe the total CBS reserved buffers for a given access port egress buffer pool. Oversubscription may be desirable due to the potential large number of service queues and the economy of statistical multiplexing the individual queue’s CBS settings into the defined reserved total.

When oversubscribing the reserved total, it is possible for a queue depth to be lower than its CBS setting and still not receive a buffer from the buffer pool for an ingress frame. As more queues are using their CBS buffers and the total in use exceeds the defined reserved total, essentially the buffers are being removed from the shared portion of the pool without the shared in use average and total counts being decremented. This can affect the operation of the high and low priority RED slopes on the pool, causing them to miscalculate when to start randomly drop packets.

If the CBS value is larger than the MBS value, an error will occur, preventing the CBS change.

The no form of this command returns the CBS size to the default value.

This command can be used to override specific attributes of the specified queue’s CBS parameters.

It is permissible, and possibly desirable, to oversubscribe the total CBS reserved buffers for a given access port egress buffer pool. Oversubscription may be desirable due to the potential large number of service queues and the economy of statistical multiplexing the individual queue’s CBS setting into the defined reserved total.

When oversubscribing the reserved total, it is possible for a queue depth to be lower than its CBS setting and still not receive a buffer from the buffer pool for an ingress frame. As more queues are using their CBS buffers and the total in use exceeds the defined reserved total, essentially the buffers are being removed from the shared portion of the pool without the shared in use average and total counts being decremented. This can affect the operation of the high and low priority RED slopes on the pool, causing them to miscalculate when to start randomly drop packets.

If the CBS value is larger than the MBS value, an error occurs, preventing the CBS change.

The no form of this command returns the CBS to the default value.

This command specifies the committed burst-size value of this policer. This can only be set on dual-bucket-bandwidth policers.

The no form of this command reverts to its default.

This command configures the policer’s CIR leaky bucket’s exceed threshold. The CIR bucket’s exceed threshold represents the committed burst tolerance allowed by the policer. If the policer’s forwarding rate is equal to or less than the policer’s defined CIR, the CIR bucket depth hovers around the 0 depth with spikes up to the maximum packet size in the offered load. If the forwarding rate increases beyond the profiling rate, the amount of data allowed to be in-profile above the rate is capped by the threshold.

The policer’s cbs size defined in the QoS policy may be overridden on an sla-profile or SAP where the policy is applied.

The no form of this command returns the policer to its default CBS size.

This command defines the default committed buffer size for the template queue. Overall, the CBS command follows the same behavior and provisioning characteristics as the CBS command in the queue-group or network QoS policy. The exception is the addition of the cbs-value qualifier keywords bytes or kilobytes.

The no form of this command restores the default CBS size to the template queue.

This command, within the SAP ingress and egress policer-overrides contexts, is used to override the sap-ingress and sap-egress QoS policy configured CBS parameter for the specified policer-id.

The no form of this command returns the CBS size to the default value.

This command can be used to override specific attributes of the specified queue’s CBS parameters.

It is permissible, and possibly desirable, to oversubscribe the total CBS reserved buffers for a specific access port egress buffer pool. Oversubscription may be desirable due to the potential large number of service queues and the economy of statistical multiplexing the individual queue’s CBS setting into the defined reserved total.

When oversubscribing the reserved total, it is possible for a queue depth to be lower than its CBS setting and still not receive a buffer from the buffer pool for an ingress frame. As more queues are using their CBS buffers and the total in use exceeds the defined reserved total, essentially the buffers are being removed from the shared portion of the pool without the shared in use average and total counts being decremented. This can affect the operation of the high and low priority RED slopes on the pool, causing them to miscalculate when to start randomly to drop packets.

The no form of this command returns the CBS size to the default value.

This command, within the SAP ingress and egress policer-overrides contexts, is used to override the sap-ingress and sap-egress QoS policy configured CBS parameter for the specified policer-id.

The no form of this command returns the CBS size to the default value.

This command, within the SAP ingress and egress policer-overrides contexts, is used to override the sap-ingress and sap-egress QoS policy configured CBS parameter for the specified policer-id.

The no form of this command returns the CBS size to the default value.

This command, within the SAP ingress and egress policer-overrides contexts, is used to override the sap-ingress and sap-egress QoS policy configured CBS parameter for the specified policer-id.

The no form of this command returns the CBS size to the default value.

This command configures the committed burst size for a policer. It is recommended that CBS is configured larger than twice the maximum MTU for the traffic handled by the policer to allow for some burstiness of the traffic. CBS is configurable for dual-bucket bandwidth policers only.

The no form of this command removes the congested CBS value from the configuration

This command configures the committed burst size for a policer. It is recommended that CBS is configured larger than twice the maximum MTU for the traffic handled by the policer to allow for some burstiness of the traffic. CBS is configurable for dual-bucket bandwidth policers only.

The no form of this command removes the committed burst size from the configuration.

This command configures the policer’s CIR leaky bucket’s exceed threshold. The CIR bucket’s exceed threshold represents the committed burst tolerance allowed by the policer. If the policer’s forwarding rate is equal to or less than the policer's defined CIR, the CIR bucket depth hovers around the 0 depth with spikes up to the maximum packet size in the offered load. If the forwarding rate increases beyond the profiling rate, the amount of data allowed to be in-profile above the rate is capped by the threshold.

The policer’s cbs size defined in the QoS policy may be overridden on an sla-profile or SAP where the policy is applied.

The no form of this command returns the policer to its default CBS size.

By default, the CBS is 16 Mbytes when CIR equals max or is greater than or equal to the FP capacity (this overrides an explicit configured CBS value); otherwise, 10 ms volume of traffic for a configured non-zero/non-max CIR capped to 3968 kbytes, with a minimum of 256 bytes.

This command provides a mechanism to override the default reserved buffers for the queue. It is permissible, and possibly desirable, to oversubscribe the total CBS reserved buffers for a given access port egress buffer pool. Oversubscription may be desirable due to the potentially large number of service queues and the economy of statistical multiplexing the individual queue’s CBS settings into the defined reserved total.

When oversubscribing the reserved total, it is possible for a queue depth to be lower than its CBS setting and still not receive a buffer from the buffer pool for an ingress frame. As more queues are using their CBS buffers and the total in use exceeds the defined reserved total, essentially the buffers are being removed from the shared portion of the pool without the shared in use average and total counts being decremented. This can affect the operation of the high- and low-priority RED slopes on the pool, causing them to miscalculate when to start randomly dropping packets.

If the CBS value is larger than the MBS value, the CBS is capped to the value of the MBS or the minimum CBS value. If the MBS and CBS values are configured to be equal (or nearly equal), this will result in the CBS being slightly higher than the value configured.

The no form of this command returns the CBS size to the default value.

The Committed Burst Size (cbs) command specifies the relative number of reserved buffers for a specific ingress network FP forwarding class queue or egress network port forwarding class queue. The value is entered as a percentage.

The CBS for a queue is used to determine whether it has exhausted its reserved buffers while enqueuing packets. When the queue has exceeded the number of buffers considered in reserve for this queue, it must contend with other queues for the available shared buffer space within the buffer pool. Access to this shared pool space is controlled through Random Early Detection (RED) slope application.

Two RED slopes are maintained in each buffer pool. A high-priority slope is used by in-profile packets. A low-priority slope is used by out-of-profile packets. At egress, there are two additional RED slopes maintained in each buffer pool: the highplus slope is used by inplus-profile packets, and the exceed slope is used by exceed-profile packets. All network control and management packets are considered in-profile. Assured packets are handled by their in-profile and out-of-profile markings. All best-effort packets are considered out-of-profile. Premium queues should be configured such that the CBS percent is sufficient to prevent shared buffering of packets. This is generally taken care of by the CIR scheduling of premium queues and the overall small amount of traffic on the class. Premium queues in a properly designed system will drain before all others, limiting their buffer utilization.

The RED slopes will detect congestion conditions and work to discard packets and slow down random TCP session flows through the queue. The RED slope definitions can be defined, modified, or disabled through the slope policy assigned to the FP for the network ingress buffer pool or assigned to the network port for network egress buffer pools.

The resultant CBS size can be larger than the MBS. This will result in a portion of the CBS for the queue to be unused and should be avoided.

The no form of this command returns the CBS size for the queue to the default for the forwarding class.

The cbs command is used to define the default committed buffer size for the template queue or the CBS for the template policer. Overall, the cbs command follows the same behavior and provisioning characteristics as the cbs command in the SAP ingress and egress QoS policy.

The no form of this command restores the default CBS size to the template policer.

The cbs command is used to define the default committed buffer size for the template queue or the CBS for the template policer. Overall, the cbs command follows the same behavior and provisioning characteristics as the cbs command in the SAP ingress and egress QoS policy.

The no form of this command restores the default CBS size to the template policer.

The Committed Burst Size (cbs) command specifies the relative amount of reserved buffers for a specific ingress shared queue. The value is entered as a percentage.

The CBS for a queue is used to determine whether it has exhausted its reserved buffers while enqueuing packets. When the queue has exceeded the amount of buffers considered in reserve for this queue, it must contend with other queues for the available shared buffer space within the buffer pool.

The resultant CBS size can be larger than the MBS. This will result in a portion of the CBS for the queue being unused and should be avoided.

This command specifies the amount of buffer that can be drawn from the reserved buffer portion of the queue’s buffer pool.

This command configures the analyzer to check the continuity counter. The continuity counter should be incremented per PID; otherwise, it is considered a continuity counter error.

This command enables the generation of CCM messages.

The no form of this command disables the generation of CCM messages.

This command enables the generation of CCM messages.

The no form of this command disables the generation of CCM messages.

This command enables the generation of CCM messages.

The no form of this command disables the generation of CCM messages.

This command enables the generation of CCM messages.

The no form of this command disables the generation of CCM messages.

This command enables the generation of CCM messages.

The no form of this command disables the generation of CCM messages.

This command enables the generation of CCM messages.

The no form of this command disables the generation of CCM messages.

This command enables the generation of CCM messages.

The no form of this command disables the generation of CCM messages.

This command enables the generation of CCM messages.

The no form of the command disables the generation of CCM messages.

This command allows a sub second CCM enabled MEP to delay a transition to a failed state if a configured remote CCM peer has timed out. The MEP will remain in the UP state for 3.5 times CCM interval + down-delay.

The no form of this command removes the additional delay

This command allows a sub second CCM enabled MEP to delay a transition to a failed state if a configured remote CCM peer has timed out. The MEP remains in the UP state for 3.5 times CCM interval + down-delay.

The no form of this command removes the additional delay.

This command configures eth-ring dampening timers. See the down and up commands for more information.

The no form of the command sets the up and down timers to the default values.

This command configures the CCM transmission interval for all MEPs in the association.

The no form of this command reverts to the default value.

This command specifies the priority value for CCMs and LTMs transmitted by the MEP.

The no form of this command removes the priority value from the configuration.

This command specifies the priority of the CCM and LTM messages transmitted by the MEP. Since CCM does not apply to the Router Facility MEP only the LTM priority is of value under that context.

The no form of this command reverts to the default values.

This command specifies the priority value for CCMs and LTMs transmitted by the MEP.

The no form of this command removes the priority value from the configuration.

This command specifies the priority value for CCMs and LTMs transmitted by the MEP.

The no form of this command removes the priority value from the configuration.

This command specifies the priority value for CCMs and LTMs transmitted by the MEP.

The no form of this command removes the priority value from the configuration.

This command specifies the priority value for CCMs and LTMs transmitted by the MEP.

The no form of this command removes the priority value from the configuration.

This command specifies the priority value for CCMs and LTMs transmitted by the MEP.

The no form of the command removes the priority value from the configuration.

This command inserts additional padding in the CCM packets.

The no form of this command reverts to the default.

Set the byte size of the optional Data TLV to be included in the ETH-CC PDU. This will increase the size of the ETH-CC PDU by the configured value. The base size of the ETH-CC PDU, including the Interface Status TLV and Port Status TLV, is 83 bytes not including the Layer Two encapsulation. CCM padding is not supported when the CCM-Interval is less than one second.

Set the byte size of the optional Data TLV to be included in the ETH-CC PDU. This will increase the size of the ETH-CC PDU by the configured value. The base size of the ETH-CC PDU, including the Interface Status TLV and Port Status TLV, is 83 bytes not including the Layer Two encapsulation. CCM padding is not supported when the CCM-Interval is less than one second.

This command sets the byte size of the optional Data TLV to be included in the ETH-CC PDU. This will increase the size of the ETH-CC PDU by the configured value. The base size of the ETH-CC PDU, including the Interface Status TLV and Port Status TLV, is 83 bytes not including the Layer 2 encapsulation. CCM padding is not supported when the CCM-Interval is less than one second.

This command inserts additional padding in the CCM packets.

The no form of the command reverts to the default.

This command allows the receiving MEP to ignore the specified TLVs in CCM PDU. Ignored TLVs will be reported as absent and will have no impact on the MEP state machine.

The no form of this command means the receiving MEP will process all recognized TLVs in the CCM PDU.

Commands in this context configure CCR-T replay. CCR-T replay is enabled with a no shutdown of this context. If a communication failure between client and server occurs, CCR-T replay enables the retransmission of CCR-T messages for a Gx or Gy session at a configured intervals until a valid response (CCA-t) is received or until the configured max-lifetime period expires, whichever comes first.

In Gx, replaying CCR-T messages ensures that the Gx session is cleared on the PCRF side in cases where the peering session to the PCRF was not available at the time that the initial and the first retransmitted CCR-T was sent.

In Gy, replaying CCR-T messages ensures that the final credit control usage reporting is not lost for billing by the OCS.

The subscriber host or session that triggered the Gx or Gy session that is in CCR-T replay mode is deleted from the system at the time that the initial CCR-T is sent. All resources associated with the subscriber host or session, such as queues, DHCP lease states, and PPPoE session states are released. The orphaned Gx and Gy sessions in replay mode are left in the system.

This command displays or changes the current working directory in the local file system.

This command specifies the IP address of the CE device associated with an Ipipe SAP or spoke SDP. In the case of a SAP, it is the address of the CE device directly attached to the SAP. For a spoke SDP, it is the address of the CE device reachable through that spoke SDP (for example, attached to the SAP on the remote node). The address must be a host address (no subnet addresses are accepted) as there must be only one CE device attached to an Ipipe SAP. The CE address specified at one end of an Ipipe will be used in processing ARP messages at the other endpoint, as the router acts as a proxy for ARP messages.

On a 7450 ESS, this command specifies the IP address of the CE device associated with an Ipipe SAP. In the case of a SAP, it is the address of the CE device directly attached to the SAP. The address must be a host address (no subnet addresses are accepted) as there must be only one CE device attached to an Ipipe SAP. The CE address specified at one end of an Ipipe will be used in processing ARP messages at the other endpoint, as the router acts as a proxy for ARP messages.

This command specifies whether the service will automatically discover the CE IP addresses.

When enabled, the addresses will be automatically discovered on SAPs that support address discovery, and on the spoke SDPs. When enabled, addresses configuration on the Ipipe SAP and spoke SDPs will not be allowed.

If disabled, CE IP addresses must be manually configured for the SAPs to become operationally up.

Commands in this context provide access to the various options that control the termination of ATM cell concatenation into an MPLS frame. Several options can be configured simultaneously. The concatenation process for a specified MPLS packet ends when the first concatenation termination condition is met. The concatenation parameters apply only to ATM N:1 cell mode VLL.

This command configures the ATM cell format.

Commands in this context specify circuit emulation (CEM) properties.

Commands in this context specify circuit emulation (CEM) mirroring properties.

Ingress and egress options cannot be supported at the same time on a CEM encap-type SAP. The options must be configured in either the ingress or egress contexts.

This command specifies the file name of an imported certificate for the cert-profile entry.

The no form of this command removes the cert-file-name from the entry configuration.

Commands in this context configure certificate parameters.

This command specifies the file name of an imported certificate for the cert-profile entry.

The no form of the command removes the certificate.

This command specifies the filename of a file in cf3:\system-pki\cert as the CA’s certificate of the ca-profile.

Notes:

The no form of this command removes the filename from the configuration.

This command creates a new cert-profile or enters the configuration context of an existing cert-profile.

The no form of this command removes the profile name from the cert-profile configuration.

This command specifies the name of certificate profile to be used for authentication.

The no form of this command removes the name from the configuration.

This command configures TLS certificate profile information. The certificate profile contains the certificates that are sent to the TLS peer (server or client) to authenticate itself. It is mandatory for the TLS server to send this information. The TLS client may optionally send this information upon request from the TLS server.

The no form of the command deletes the specified TLS certificate profile.

This command assigns a TLS certificate profile to be used by the TLS client profile. This certificate is sent to the server for authentication of the client and public key.

The no form of the command removes the TLS certificate profile assignment.

This command assigns a TLS certificate profile to be used by the TLS server profile. This certificate is sent to the client for authentication of the server and public key.

The no form of the command removes the TLS certificate profile assignment.

This command requests an additional certificate after the system has obtained the initial certificate from the CA.

The request is authenticated by a signature signed by the current-key, along with the current-cert. The hash algorithm used for signature is depends on the key type:

In some cases, the CA may not return a certificate immediately, due to reasons such as request processing need manual intervention. In such cases, the admin certificate cmpv2 poll command can be used to poll the status of the request.

This command automatically synchronizes the certificate/CRL/key when importing or generating (for the key). If a new CF card is inserted into slot3 into the backup CPM, the system will sync the whole system-pki directory from the active CPM.

This command indicated the file name of the certificate to be added to the profile.

The no form of this command removes the certificate from the profile.

Commands in this context configure X.509 certificate related operational parameters. For information about CMPv6 admin certificate commands, see the 7450 ESS, 7750 SR, and VSR Multiservice Integrated Service Adapter and Extended Services Appliance Guide.

Commands in this context debug certificates.

This command enables debug for certificate chain computation in cert-profile.

This command specifies the display format used for the Certificates and Certificate Revocation Lists.

With this command configured, the system issues two types of warnings related to certificate expiration:

This command specifies when system will issue BeforeExp message before a certificate expires. For example, with certificate-expiration-warning 5, the system will issue a BeforeExp message 5 hours before a certificate expires. An optional repeat <repeat-hour> parameter will enable the system to repeat the BeforeExp message every hour until the certificate expires.

If the user only wants AfterExp, then certificate-expiration-warning 0 can be used to achieve this.

BeforeExp and AfterExp warnings can be cleared in following cases:

This command creates a certificate profile to be used for certificate-based encryption in HTTP header enrichment.

The no form of this command removes the certificate profile.

This command enables capacity monitoring of the compact flash specified in this command. The severity level is alarm. Both a rising and falling threshold can be specified.

The no form of this command removes the configured compact flash threshold alarm.

This command enables capacity monitoring of the compact flash specified in this command. The usage is monitored as a percentage of the capacity of the compact flash. The severity level is alarm. Both a rising and falling threshold can be specified.

The no form of this command removes the configured compact flash threshold alarm.

This command enables capacity monitoring of the compact flash specified in this command.

The severity level is warning. Both a rising and falling threshold can be specified. The no form of this command removes the configured compact flash threshold warning.

This command enables capacity monitoring of the compact flash specified in this command. The usage is monitored as a percentage of the capacity of the compact flash.

The severity level is warning. Both a rising and falling threshold can be specified. The no form of this command removes the configured compact flash threshold warning.

This command enables cflowd to collect traffic flow samples through a service interface (SAP) for analysis. When cflowd is enabled on an Ethernet service SAP, the Ethernet traffic can be sampled and processed by the system’s cflowd engine and exported to IPFIX collectors with the l2-ip template enabled.

cflowd is used for network planning and traffic engineering, capacity planning, security, application and user profiling, performance monitoring, usage-based billing, and SLA measurement. When cflowd is enabled at the SAP level, all packets forwarded by the interface are subjected to analysis according to the cflowd configuration.

For L2 services, only ingress sampling is supported.

This command enables cflowd to collect traffic flow samples through a service interface (SAP) for analysis. When cflowd is enabled on an Ethernet service SAP, the Ethernet traffic can be sampled and processed by the system’s cflowd engine and exported to IPFIX collectors with the l2-ip template enabled.

cflowd is used for network planning and traffic engineering, capacity planning, security, application and user profiling, performance monitoring, usage-based billing, and SLA measurement. When cflowd is enabled at the SAP level, all packets forwarded by the interface are subjected to analysis according to the cflowd configuration.

For Layer 2 services, only ingress sampling is supported.

Commands in this context configure cflowd parameters for the application assurance group.

This command creates the context to configure cflowd.

The no form of this command removes all configuration under cflowd including the deletion of all configured collectors. This can only be executed if cflowd is in a shutdown state.

This command creates the configuration context to configure cflowd parameters for the associated IP interfaces.

cflowd is used for network planning and traffic engineering, capacity planning, security, application and user profiling, performance monitoring, usage-based billing, and SLA measurement. When Cflowd is enabled at the interface level, all packets forwarded by the interface are subjected to analysis according to the cflowd configuration.

At a minimum, the sampling command must be configured within this context in order to enable cflowd sampling, otherwise traffic sampling will not occur.

This command creates the configuration context to configure cflowd parameters for the associated IP interfaces.

cflowd is used for network planning and traffic engineering, capacity planning, security, application and user profiling, performance monitoring, usage-based billing, and SLA measurement.

At a minimum, the sampling command must be configured within this context in order to enable cflowd sampling, otherwise traffic sampling will not occur.

This command creates the configuration context to configure cflowd parameters for the associated IP interfaces.

cflowd is used for network planning and traffic engineering, capacity planning, security, application and user profiling, performance monitoring, usage-based billing, and SLA measurement.

At a minimum, the sampling command must be configured within this context in order to enable cflowd sampling, otherwise traffic sampling will not occur.

This command enables the advertisement and withdrawal, as appropriate, of the IEEE MAC address associated with the MP (MEP and MIP) created on a SAP, Spoke or Mesh, in an EVPN service.

The up-date occurs each time an MP is added or deleted, or an IEEE MAC address is changed for an MP on a SAP, Spoke or Mesh within the service. The size of the update depends on the number of MPs in the service affected by the modification.

Only enable this functionality, as required, for services that require a resident MAC address to properly forward unicast traffic and that do not perform layer two MAC learning as part of the data plane.

Local MP IEEE MAC addresses are not stored in the local FDB and, as such, cannot be advertised through a control plane to a peer without this command.

The no version of the command disables the functionality and withdraws all previously advertised MP IEEE MAC addresses.

This command specifies the type of opcode checking to be performed.

If the cfm-opcode match condition is configured then a check must be made to see if the Ethertype is either IEEE802.1ag or Y1731. If the Ethertype does not match then the packet is not CFM and no match to the cfm-opcode is attempted.

The CFM (ieee802.1ag or Y1731) opcode can be assigned as a range with a start and an end number or with a (less than lt, greater than gt, or equal to eq) operator.

If no range with a start and an end or operator (lt, gt, eq) followed by an opcode with the value between 0 and 255 is defined then the command is invalid.

Table 36 lists the opcode values.

Defined by ITU-T Y.1731 32 - 63

Defined by IEEE 802.1. 64 - 255

This command configures VLAN tags to apply to locally-generated CFM PDUs for egress processing.

The no form of the command removes the qtags from the configuration.

This command chains this filter to a currently active system filter. When the filter is chained to the system filter, the system filter rules are executed first, and the filter rules are only evaluated if no match on the system filter was found.

The no form of the command detaches this filter from the system filter.

Operational note:

If no system filter is currently active, the command has no effect.

This command configures the use of challenge-response authentication.

The no form of this command reverts to the default never value.

This command configures the use of challenge-response authentication.

The no form of this command reverts to the default never value.

This command configures the use of challenge-response authentication.

The no form of this command removes the parameter from the configuration and indicates that the value on group level will be taken.

This command specifies the value of the change reporting action IE sends to the peer in applicable messages. The peer needs to indicate support first using the appropriate flag in the indication IE.

This is overridden by AAA, if AAA explicitly request notification changes for either ECGI, TAI or both. If AAA does not request any notification changes or only the generic location change, the configured value is used.

The no form of this command indicates that the IE is not sent, unless specified by AAA.

This command defines explicit channels or channel ranges that are associated with the containing bundle. A channel or channel range is defined by their destination IP addresses. A channel may be defined using either IPv4 or IPv6 addresses. If a channel range is being defined, both the start and ending addresses must be the same type.

A specific channel may only be defined within a single channel or channel range within the multicast information policy. A defined channel range cannot overlap with an existing channel range.

If a channel range is to be shortened, extended, split or moved to another bundle, it must first be removed from its existing bundle.

Each specified channel range creates a containing context for any override parameters for the channel range. By default, no override parameters exist.

The no form of this command removes the specified multicast channel from the containing bundle.

This command configures channel parameters for ad insertion.

This command creates a multicast channel within the bundle where it is configured. A join for a particular multicast channel can be accepted if:

A channel definition can be either IPv4 (start-address, end-address, source-address are IPv4 addresses) or IPv6. A single bundle can have either IPv4 or IPv6 or IPv6 and IPv4 channel definitions. A single policy can mix any of those bundles.

Overlapping channels are not allowed. Two channels overlap if they contain same groups and the same source address prefix (or both do not specify source address prefix). Two channels with same groups and different source prefixes (including one of the channels having no source configured or one of the channels having more specific prefix than the other) do not overlap and are treated as separate channels.

When joining a group from multiple sources, MCAC accounts for that only once when no source address is specified or a prefix for channel covers both sources. Channel BW should be adjusted accordingly or source-aware channel definition should be used if that is not desired.

If a bundle is removed, the channels associated are also removed and every multicast group that was previously policed (because it was in the bundle that contained the policy) becomes free of constraints.

When a new bundle is added to a MCAC policy, the bundle’s established groups on a given interfaces are accounted by the policy. Even if this action results in exceeding the bundle’s constrain, no active multicast groups are removed. When a leave message is received for an existing optional channel, then the multicast stream is pruned and subsequent new joins may be denied in accordance with the policy. It is possible that momentarily there may be insufficient bandwidth, even for mandatory channels, in this bundle.

This command creates DS0 channel groups in a channelized DS1 or E1 circuit. Channel groups cannot be further subdivided.

The no form of this command deletes the specified DS1 or E1 channel.

This command specifies that the associated DS-3 is a channelized DS-3 with DS-1/E-1 sub-channels. Depending on the MDA type, the DS-3 parameters must be disabled if clear channel is the default (for example, on m12-ds3 MDAs). Clear channel is a channel that uses out-of-band signaling, not in-band signaling, so the channel's entire bit rate is available. Channelization must be explicitly specified. The no form specifies the associated DS-3 is a clear channel circuit and cannot contain sub-channel DS-1s/E-1s. The sub-channels must be deleted first before the no command is executed.

This command configures the maximum and minimum PPP CHAP challenge length.

The no form of this command reverts to the default value.

This command configures the maximum and minimum PPP CHAP challenge length.

The no form of this command reverts to the default value.

This command configure an override characteristic and value.

This command assigns one of the existing values of an existing application service option characteristic to the application profile.

The no form of this command removes the characteristic from the application profile.

This command enables the system to use the value of the characteristic name specified in the app-qos-policy url-filter action for the configurable ICAP x-header name provisioned in the url-filter policy. The ICAP server can then use this value to decide which url-filter policy to apply instead of applying a filter policy based on the subscriber name.

This command adds an existing characteristic and its value to the match criteria used by this AQP entry.

The no form of this command removes the characteristic from match criteria for this AQP entry.

This command creates the characteristic of the application service options.

The no form of this command deletes characteristic option. To delete a characteristic, it must not be referenced by other components of application assurance.

Commands in this context configure charging characteristics.

This command associates an application or app-group to an application assurance charging group.

The no form of this command deletes the charging group association.

This command adds charging-group to match criteria used by this AQP entry.

The no form of this command removes the charging-group from match criteria for this AQP entry.

This command creates a charging group for an application assurance policy.

The no form of this command deletes the charging group from the configuration. All associations must be removed to delete a group.

This command configures aa-sub accounting statistics for export of charging groups of a given AA ISA group/partition.

The no form of this command removes the parameters from the configuration.

This command includes the Charging-Rule-Base-Name AVP with the specified value in all Diameter DCCA CCR messages.

The no form of this command removes the Charging-Rule-Base-Name AVP from the Diameter DCCA CCR messages.

Commands in this context configure multicast plane bandwidth parameters. The chassis-level CLI node contains the multicast plane replication limit for each switch fabric multicast plane.

The chassis-level node always exists and contains the configuration command to define the total replication rates for primary and secondary associated ingress paths for each switch fabric multicast plane.

This command is retained for historic reasons, and was used to control the set of features and scaling available based on the variants of IOMs present in the node. As of release 15.0, the set of supported IOMs no longer requires this differentiation using this command. The command still exists but the mode is fixed at chassis mode d.

This command enables checking id-kp-cmcRA in the EST certificate. When enabled, instead of the subject or subject alternative name, only the id-kp-cmcRA existence in extended key usage extension of EST server certificate is checked. The id-kp-cmcRA identifies a Registration Authority.

The no form of this command reverts to the default value.

This command enables checking for zero values in fields specified to be zero by the RIPv1 and RIPv2 specifications.

The no form of this command disables this check and allows the receipt of RIP messages even if the mandatory zero fields are non-zero.

This command enables checking for zero values in fields specified to be zero by the RIPv1 and RIPv2 specifications.

The check-zero enable command enables checking of the mandatory zero fields in the RIPv1 and RIPv2 specifications and rejecting non-compliant RIP messages.

The check-zero disable command disables this check and allows the receipt of RIP messages even if the mandatory zero fields are non-zero.

This configuration parameter can be set at three levels: global level (applies to all groups and neighbor interfaces), group level (applies to all neighbor interfaces in the group) or neighbor level (only applies to the specified neighbor interface). The most specific value is used. In particular if no value is set (no check-zero), the setting from the less specific level is inherited by the lower level.

The no form of the command removes the check-zero command from the configuration.

This command computes and displays a checksum for a file.

This command contains parameters that are intended to allow more precise control of the method that hierarchical virtual scheduling employs to emulate the effect of a scheduling context upon a member child queue or policer.

This command edits the parameters that control the child requested bandwidth and parental bandwidth distribution for all policers and queues associated with the policy.

This command sets the consecutive high loss interval (CHLI) threshold to be monitored and the associated thresholds using the counter of the specified direction. The aggregate is a function of summing forward and backward. This value is only used as a threshold mechanism and is not part of the stored statistics. If the optional clear clear-threshold parameter is not specified, the traffic crossing alarm is stateless. Stateless means the state is not carried forward to other measurement intervals. Each measurement interval is analyzed independently and regardless of any previous window. Each unique event can only be raised once within measurement interval. If the optional clear clear-threshold parameter is specified, the traffic crossing alarm uses stateful behavior. Stateful means each unique previous event state is carried forward to following measurement intervals. If a threshold crossing event is raised another is raised until a measurement interval completes and the clear threshold has not been exceeded. A clear event is raised under that condition.

The no form of this command removes the event threshold for frame loss ratio. The direction must be included with the no command.

This command enables the configuration of a cipher. Client-ciphers are used when the SR OS is acting as an SSH client. Server-ciphers are used when the SR OS is acting as an SSH server.

The no form of this command removes the index and cipher name from the configuration.

This command configures the cipher suite to be negotiated by the server and client.