configure
— system
— alarm-contact-in-power boolean
— alarm-contact-input number
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— clear-message string
— description string
— normal-state keyword
— trigger-message string
— alarms
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— max-cleared number
— allow-boot-license-violations boolean
— apply-groups reference
— apply-groups-exclude reference
— bluetooth
— admin-state keyword
— advertising-timeout number
— apply-groups reference
— apply-groups-exclude reference
— device string
— apply-groups reference
— apply-groups-exclude reference
— description string
— module string
— apply-groups reference
— apply-groups-exclude reference
— provisioned-identifier string
— pairing-button boolean
— passkey string
— power-mode keyword
— boot-bad-exec string
— boot-good-exec string
— central-frequency-clock
— apply-groups reference
— apply-groups-exclude reference
— bits
— input
— admin-state keyword
— interface-type keyword
— output
— admin-state keyword
— line-length keyword
— ql-minimum keyword
— source keyword
— squelch boolean
— ql-override keyword
— ssm-bit number
— ptp
— admin-state keyword
— ql-override keyword
— ql-minimum keyword
— ql-selection boolean
— ref-order
— fifth keyword
— first keyword
— fourth keyword
— second keyword
— third keyword
— ref1
— admin-state keyword
— ql-override keyword
— source-port string
— ref2
— admin-state keyword
— ql-override keyword
— source-port string
— revert boolean
— synce
— admin-state keyword
— ql-override keyword
— wait-to-restore number
— clli-code string
— congestion-management boolean
— contact string
— coordinates string
— cpm-http-redirect
— apply-groups reference
— apply-groups-exclude reference
— optimized-mode boolean
— cron
— apply-groups reference
— apply-groups-exclude reference
— schedule string owner string
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— count number
— day-of-month number
— description string
— end-time
— date-and-time string
— day keyword
— time string
— hour number
— interval number
— minute number
— month (keyword | number)
— script-policy
— name string
— owner string
— type keyword
— weekday (keyword | number)
— dhcp6
— adv-noaddrs-global keyword
— apply-groups reference
— apply-groups-exclude reference
— dns
— address-pref keyword
— apply-groups reference
— apply-groups-exclude reference
— dnssec
— ad-validation keyword
— efm-oam
— apply-groups reference
— apply-groups-exclude reference
— dying-gasp-tx-on-reset boolean
— grace-tx boolean
— eth-cfm
— apply-groups reference
— apply-groups-exclude reference
— grace boolean
— md-auto-id
— ma-index-range
— apply-groups reference
— apply-groups-exclude reference
— end number
— start number
— md-index-range
— apply-groups reference
— apply-groups-exclude reference
— end number
— start number
— redundancy
— apply-groups reference
— apply-groups-exclude reference
— mc-lag
— propagate-hold-time (number | keyword)
— standby-mep boolean
— sender-id
— local-name string
— type keyword
— slm
— apply-groups reference
— apply-groups-exclude reference
— inactivity-timer number
— grpc
— admin-state keyword
— allow-unsecure-connection
— apply-groups reference
— apply-groups-exclude reference
— gnmi
— admin-state keyword
— auto-config-save boolean
— gnoi
— cert-mgmt
— admin-state keyword
— file
— admin-state keyword
— system
— admin-state keyword
— max-msg-size number
— md-cli
— admin-state keyword
— rib-api
— admin-state keyword
— purge-timeout number
— tcp-keepalive
— admin-state keyword
— idle-time number
— interval number
— retries number
— tls-server-profile reference
— grpc-tunnel
— apply-groups reference
— apply-groups-exclude reference
— destination-group string
— allow-unsecure-connection
— apply-groups reference
— apply-groups-exclude reference
— description string
— destination (ipv4-address-no-zone | ipv6-address-no-zone | fully-qualified-domain-name) port number
— apply-groups reference
— apply-groups-exclude reference
— local-source-address (ipv4-address-no-zone | ipv6-address-no-zone)
— originated-qos-marking keyword
— router-instance string
— tcp-keepalive
— admin-state keyword
— idle-time number
— interval number
— retries number
— tls-client-profile reference
— tunnel string
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— description string
— destination-group reference
— handler string
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— port number
— target-type
— custom-type string
— grpc-server
— ssh-server
— target-name
— custom-string string
— node-name
— user-agent
— icmp-vse boolean
— ip
— allow-qinq-network-interface boolean
— apply-groups reference
— apply-groups-exclude reference
— enforce-unique-if-index boolean
— forward-6in4 boolean
— forward-ip-over-gre boolean
— ipv6-eh keyword
— mpls
— label-stack-statistics-count number
— l2tp
— apply-groups reference
— apply-groups-exclude reference
— non-multi-chassis-tunnel-id-range
— end number
— start number
— lacp
— apply-groups reference
— apply-groups-exclude reference
— system-priority number
— lldp
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— message-fast-tx number
— message-fast-tx-init number
— notification-interval number
— reinit-delay number
— tx-credit-max number
— tx-hold-multiplier number
— tx-interval number
— load-balancing
— apply-groups reference
— apply-groups-exclude reference
— l2tp-load-balancing boolean
— l4-load-balancing boolean
— lsr-load-balancing keyword
— mc-enh-load-balancing boolean
— service-id-lag-hashing boolean
— system-ip-load-balancing boolean
— location string
— login-control
— apply-groups reference
— apply-groups-exclude reference
— exponential-backoff boolean
— ftp
— inbound-max-sessions number
— idle-timeout (keyword | number)
— login-banner boolean
— login-scripts
— global-script string
— per-user-script
— file-name string
— user-directory string
— motd
— text string
— url string
— pre-login-message
— message string
— name boolean
— ssh
— graceful-shutdown boolean
— inbound-max-sessions number
— outbound-max-sessions number
— ttl-security number
— telnet
— graceful-shutdown boolean
— inbound-max-sessions number
— outbound-max-sessions number
— ttl-security number
— management-interface
— apply-groups reference
— apply-groups-exclude reference
— cli
— apply-groups reference
— apply-groups-exclude reference
— classic-cli
— allow-immediate boolean
— rollback
— apply-groups reference
— apply-groups-exclude reference
— local-checkpoints number
— location string
— remote-checkpoints number
— rescue
— location string
— cli-engine keyword
— md-cli
— apply-groups reference
— apply-groups-exclude reference
— auto-config-save boolean
— environment
— command-alias
— alias string
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— cli-command string
— description string
— mount-point (keyword | string)
— python-script reference
— command-completion
— enter boolean
— space boolean
— tab boolean
— console
— length number
— width number
— info-output
— always-display
— admin-state boolean
— message-severity-level
— cli keyword
— more boolean
— progress-indicator
— admin-state keyword
— delay number
— type keyword
— prompt
— context boolean
— newline boolean
— timestamp boolean
— uncommitted-changes-indicator boolean
— python
— memory-reservation number
— minimum-available-memory number
— timeout number
— time-display keyword
— time-format keyword
— commit-history number
— configuration-mode keyword
— configuration-save
— apply-groups reference
— apply-groups-exclude reference
— configuration-backups number
— incremental-saves boolean
— netconf
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— auto-config-save boolean
— capabilities
— candidate boolean
— writable-running boolean
— port number
— operations
— apply-groups reference
— apply-groups-exclude reference
— global-timeouts
— asynchronous-execution (number | keyword)
— asynchronous-retention (number | keyword)
— synchronous-execution (number | keyword)
— remote-management
— admin-state keyword
— allow-unsecure-connection
— apply-groups reference
— apply-groups-exclude reference
— client-tls-profile reference
— connection-timeout number
— device-label string
— device-name string
— hello-interval number
— manager string
— admin-state keyword
— allow-unsecure-connection
— apply-groups reference
— apply-groups-exclude reference
— client-tls-profile reference
— connection-timeout number
— description string
— device-label string
— device-name string
— manager-address (ipv4-address-no-zone | ipv6-address-no-zone | fully-qualified-domain-name)
— manager-port number
— router-instance string
— source-address (ipv4-address-no-zone | ipv6-address-no-zone)
— source-port (number | keyword)
— router-instance string
— source-address (ipv4-address-no-zone | ipv6-address-no-zone)
— source-port (number | keyword)
— schema-path string
— snmp
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— engine-id string
— general-port number
— packet-size number
— streaming
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— yang-modules
— apply-groups reference
— apply-groups-exclude reference
— base-r13-modules boolean
— nmda
— nmda-support boolean
— nokia-combined-modules boolean
— nokia-submodules boolean
— openconfig-modules boolean
— name string
— network-element-discovery
— apply-groups reference
— apply-groups-exclude reference
— generate-traps boolean
— profile string
— apply-groups reference
— apply-groups-exclude reference
— neid string
— neip
— apply-groups reference
— apply-groups-exclude reference
— auto-generate
— ipv4
— vendor-id-value number
— ipv6
— vendor-id-value number
— ipv4 string
— ipv6 string
— platform-type string
— system-mac string
— vendor-id string
— ospf-dynamic-hostnames boolean
— persistence
— ancp
— apply-groups reference
— apply-groups-exclude reference
— description string
— location keyword
— application-assurance
— apply-groups reference
— apply-groups-exclude reference
— description string
— location keyword
— apply-groups reference
— apply-groups-exclude reference
— dhcp-server
— apply-groups reference
— apply-groups-exclude reference
— description string
— location keyword
— nat-port-forwarding
— apply-groups reference
— apply-groups-exclude reference
— description string
— location keyword
— options
— apply-groups reference
— apply-groups-exclude reference
— dhcp-leasetime-threshold number
— python-policy-cache
— apply-groups reference
— apply-groups-exclude reference
— description string
— location keyword
— subscriber-mgmt
— apply-groups reference
— apply-groups-exclude reference
— description string
— location keyword
— power-management power-zone number
— apply-groups reference
— apply-groups-exclude reference
— mode keyword
— power-safety-alert number
— power-safety-level number
— ptp
— admin-state keyword
— alternate-profile string
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— domain number
— log-announce-interval number
— profile keyword
— announce-receipt-timeout number
— apply-groups reference
— apply-groups-exclude reference
— clock-type keyword
— domain number
— local-priority number
— log-announce-interval number
— network-type keyword
— port reference
— address string
— admin-state keyword
— alternate-profile reference
— apply-groups reference
— apply-groups-exclude reference
— local-priority number
— log-delay-interval number
— log-sync-interval number
— master-only boolean
— priority1 number
— priority2 number
— profile keyword
— ptsf
— monitor-ptsf-unusable
— admin-state keyword
— router string
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— peer (ipv4-address-no-zone | ipv6-address-no-zone)
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— local-priority number
— log-sync-interval number
— peer-limit number
— tx-while-sync-uncertain boolean
— script-control
— apply-groups reference
— apply-groups-exclude reference
— script string owner string
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— description string
— location string
— script-policy string owner string
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— expire-time (number | keyword)
— lifetime (number | keyword)
— lock-override boolean
— max-completed number
— python-lifetime number
— python-script
— name reference
— results string
— script
— name string
— owner string
— security
— aaa
— apply-groups reference
— apply-groups-exclude reference
— cli-session-group string
— apply-groups reference
— apply-groups-exclude reference
— combined-max-sessions number
— description string
— ssh-max-sessions number
— telnet-max-sessions number
— health-check (number | keyword)
— local-profiles
— apply-groups reference
— apply-groups-exclude reference
— profile string
— apply-groups reference
— apply-groups-exclude reference
— cli-session-group reference
— combined-max-sessions number
— default-action keyword
— entry number
— action keyword
— apply-groups reference
— apply-groups-exclude reference
— description string
— match string
— grpc
— rpc-authorization
— gnmi-capabilities keyword
— gnmi-get keyword
— gnmi-set keyword
— gnmi-subscribe keyword
— gnoi-cert-mgmt-cangenerate keyword
— gnoi-cert-mgmt-getcert keyword
— gnoi-cert-mgmt-install keyword
— gnoi-cert-mgmt-revoke keyword
— gnoi-cert-mgmt-rotate keyword
— gnoi-file-get keyword
— gnoi-file-put keyword
— gnoi-file-remove keyword
— gnoi-file-stat keyword
— gnoi-file-transfertoremote keyword
— gnoi-system-cancelreboot keyword
— gnoi-system-ping keyword
— gnoi-system-reboot keyword
— gnoi-system-rebootstatus keyword
— gnoi-system-setpackage keyword
— gnoi-system-switchcontrolprocessor keyword
— gnoi-system-time keyword
— gnoi-system-traceroute keyword
— md-cli-session keyword
— rib-api-getversion keyword
— rib-api-modify keyword
— li boolean
— netconf
— base-op-authorization
— action boolean
— cancel-commit boolean
— close-session boolean
— commit boolean
— copy-config boolean
— create-subscription boolean
— delete-config boolean
— discard-changes boolean
— edit-config boolean
— get boolean
— get-config boolean
— get-data boolean
— get-schema boolean
— kill-session boolean
— lock boolean
— validate boolean
— ssh-max-sessions number
— telnet-max-sessions number
— management-interface
— apply-groups reference
— apply-groups-exclude reference
— md-cli
— command-accounting-during-load boolean
— output-authorization
— md-interfaces boolean
— telemetry-data boolean
— remote-servers
— apply-groups reference
— apply-groups-exclude reference
— ldap
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— public-key-authentication boolean
— route-preference keyword
— server number
— address (ipv4-address-no-zone | ipv6-address-no-zone)
— apply-groups reference
— apply-groups-exclude reference
— port number
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— bind-authentication
— password string
— root-dn string
— search
— base-dn string
— server-name string
— tls-profile reference
— server-retry number
— server-timeout number
— use-default-template boolean
— radius
— access-algorithm keyword
— accounting boolean
— accounting-port number
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— authorization boolean
— interactive-authentication boolean
— port number
— route-preference keyword
— server number
— address (ipv4-address-no-zone | ipv6-address-no-zone)
— apply-groups reference
— apply-groups-exclude reference
— secret string
— tls-client-profile reference
— server-retry number
— server-timeout number
— use-default-template boolean
— tacplus
— accounting
— record-type keyword
— admin-control
— tacplus-map-to-priv-lvl number
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— authorization
— request-format
— access-operation-cmd keyword
— use-priv-lvl boolean
— interactive-authentication boolean
— priv-lvl-map
— apply-groups reference
— apply-groups-exclude reference
— priv-lvl number
— apply-groups reference
— apply-groups-exclude reference
— user-profile-name reference
— route-preference keyword
— server number
— address (ipv4-address-no-zone | ipv6-address-no-zone)
— apply-groups reference
— apply-groups-exclude reference
— port number
— secret string
— server-timeout number
— use-default-template boolean
— vprn-server
— apply-groups reference
— apply-groups-exclude reference
— inband reference
— outband reference
— vprn reference
— user-template keyword
— access
— console boolean
— ftp boolean
— grpc boolean
— li boolean
— netconf boolean
— apply-groups reference
— apply-groups-exclude reference
— console
— login-exec string
— home-directory (sat-url | cflash-without-slot-url)
— profile string
— restricted-to-home boolean
— apply-groups reference
— apply-groups-exclude reference
— cli-script
— apply-groups reference
— apply-groups-exclude reference
— authorization
— cron
— cli-user reference
— event-handler
— cli-user reference
— vsd
— cli-user reference
— cpm-filter
— apply-groups reference
— apply-groups-exclude reference
— default-action keyword
— ip-filter
— admin-state keyword
— entry number
— action
— accept
— default
— drop
— queue reference
— apply-groups reference
— apply-groups-exclude reference
— description string
— log reference
— match
— dscp keyword
— dst-ip
— address (ipv4-address | ipv4-prefix-with-host-bits)
— ip-prefix-list reference
— mask string
— dst-port
— eq number
— mask number
— port-list reference
— range
— end number
— start number
— fragment keyword
— icmp
— code number
— type number
— ip-option
— mask number
— type number
— multiple-option boolean
— option-present boolean
— port
— eq number
— mask number
— port-list reference
— range
— end number
— start number
— protocol (number | keyword)
— router-instance string
— src-ip
— address (ipv4-address | ipv4-prefix-with-host-bits)
— ip-prefix-list reference
— mask string
— src-port
— eq number
— mask number
— port-list reference
— range
— end number
— start number
— tcp-flags
— ack boolean
— syn boolean
— ipv6-filter
— admin-state keyword
— entry number
— action
— accept
— default
— drop
— queue reference
— apply-groups reference
— apply-groups-exclude reference
— description string
— log reference
— match
— dscp keyword
— dst-ip
— address (ipv6-address | ipv6-prefix-with-host-bits)
— ipv6-prefix-list reference
— mask string
— dst-port
— eq number
— mask number
— port-list reference
— range
— end number
— start number
— extension-header
— hop-by-hop boolean
— flow-label number
— fragment keyword
— icmp
— code number
— type number
— next-header (number | keyword)
— port
— eq number
— mask number
— port-list reference
— range
— end number
— start number
— router-instance string
— src-ip
— address (ipv6-address | ipv6-prefix-with-host-bits)
— ipv6-prefix-list reference
— mask string
— src-port
— eq number
— mask number
— port-list reference
— range
— end number
— start number
— tcp-flags
— ack boolean
— syn boolean
— mac-filter
— admin-state keyword
— entry number
— action
— accept
— default
— drop
— queue reference
— apply-groups reference
— apply-groups-exclude reference
— description string
— log reference
— match
— cfm-opcode
— eq number
— gt number
— lt number
— range
— end number
— start number
— dst-mac
— address string
— mask string
— etype string
— frame-type keyword
— llc-dsap
— dsap number
— mask number
— llc-ssap
— mask number
— ssap number
— service reference
— src-mac
— address string
— mask string
— cpm-queue
— apply-groups reference
— apply-groups-exclude reference
— queue number
— apply-groups reference
— apply-groups-exclude reference
— cbs number
— mbs number
— rate
— cir (number | keyword)
— pir (number | keyword)
— cpu-protection
— apply-groups reference
— apply-groups-exclude reference
— ip-src-monitoring
— included-protocols
— dhcp boolean
— gtp boolean
— icmp boolean
— igmp boolean
— link-specific-rate (number | keyword)
— policy number
— alarm boolean
— apply-groups reference
— apply-groups-exclude reference
— description string
— eth-cfm
— entry number
— apply-groups reference
— apply-groups-exclude reference
— level start number end number
— opcode start number end number
— pir (number | keyword)
— out-profile-rate
— log-events boolean
— pir (number | keyword)
— overall-rate (number | keyword)
— per-source-parameters
— ip-src-monitoring
— limit-dhcp-ci-addr-zero boolean
— per-source-rate (number | keyword)
— port-overall-rate
— action-low-priority boolean
— pir (number | keyword)
— protocol-protection
— allow-sham-links boolean
— block-pim-tunneled boolean
— dist-cpu-protection
— apply-groups reference
— apply-groups-exclude reference
— policy string
— apply-groups reference
— apply-groups-exclude reference
— description string
— local-monitoring-policer string
— apply-groups reference
— apply-groups-exclude reference
— description string
— exceed-action keyword
— log-events keyword
— rate
— kbps
— limit (keyword | number)
— mbs number
— packets
— initial-delay number
— limit (keyword | number)
— within number
— protocol keyword
— apply-groups reference
— apply-groups-exclude reference
— dynamic-parameters
— detection-time number
— exceed-action
— action keyword
— hold-down (keyword | number)
— log-events keyword
— rate
— kbps
— limit (keyword | number)
— mbs number
— packets
— initial-delay number
— limit (keyword | number)
— within number
— enforcement
— dynamic
— mon-policer-name reference
— dynamic-local-mon-bypass
— static
— policer-name reference
— static-policer string
— apply-groups reference
— apply-groups-exclude reference
— description string
— detection-time number
— exceed-action
— action keyword
— hold-down (keyword | number)
— log-events keyword
— rate
— kbps
— limit (keyword | number)
— mbs number
— packets
— initial-delay number
— limit (keyword | number)
— within number
— type keyword
— dot1x
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— radius-policy string
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— retry number
— server number
— accounting-port number
— address string
— apply-groups reference
— apply-groups-exclude reference
— authentication-port number
— secret string
— type keyword
— source-address string
— timeout number
— ftp-server boolean
— hash-control
— apply-groups reference
— apply-groups-exclude reference
— management-interface
— classic-cli
— read-algorithm keyword
— write-algorithm keyword
— grpc
— hash-algorithm keyword
— md-cli
— hash-algorithm keyword
— netconf
— hash-algorithm keyword
— keychains
— keychain string
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— bidirectional
— entry number
— admin-state keyword
— algorithm keyword
— apply-groups reference
— apply-groups-exclude reference
— authentication-key string
— begin-time string
— option keyword
— tolerance (number | keyword)
— description string
— receive
— entry number
— admin-state keyword
— algorithm keyword
— apply-groups reference
— apply-groups-exclude reference
— authentication-key string
— begin-time string
— end-time string
— tolerance (number | keyword)
— send
— entry number
— admin-state keyword
— algorithm keyword
— apply-groups reference
— apply-groups-exclude reference
— authentication-key string
— begin-time string
— tcp-option-number
— receive keyword
— send keyword
— management
— allow-ftp boolean
— allow-grpc boolean
— allow-netconf boolean
— allow-ssh boolean
— allow-telnet boolean
— allow-telnet6 boolean
— apply-groups reference
— apply-groups-exclude reference
— management-access-filter
— apply-groups reference
— apply-groups-exclude reference
— ip-filter
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— default-action keyword
— entry number
— action keyword
— apply-groups reference
— apply-groups-exclude reference
— description string
— log-events boolean
— match
— dst-port
— mask number
— port number
— mgmt-port
— cpm
— lag string
— port-id string
— protocol (number | keyword)
— router-instance string
— src-ip
— address (ipv4-prefix | ipv4-address)
— ip-prefix-list reference
— mask string
— src-port
— mask number
— port number
— ipv6-filter
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— default-action keyword
— entry number
— action keyword
— apply-groups reference
— apply-groups-exclude reference
— description string
— log-events boolean
— match
— dst-port
— mask number
— port number
— flow-label number
— mgmt-port
— cpm
— lag string
— port-id string
— next-header (number | keyword)
— router-instance string
— src-ip
— address (ipv6-prefix | ipv6-address)
— ipv6-prefix-list reference
— mask string
— src-port
— mask number
— port number
— mac-filter
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— default-action keyword
— entry number
— action keyword
— apply-groups reference
— apply-groups-exclude reference
— description string
— log-events boolean
— match
— cfm-opcode
— eq number
— gt number
— lt number
— range
— end number
— start number
— dot1p
— mask number
— priority number
— dst-mac
— address string
— mask string
— etype string
— frame-type keyword
— llc-dsap
— dsap number
— mask number
— llc-ssap
— mask number
— ssap number
— service string
— snap-oui keyword
— snap-pid number
— src-mac
— address string
— mask string
— per-peer-queuing boolean
— pki
— apply-groups reference
— apply-groups-exclude reference
— ca-profile string
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— auto-crl-update
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— crl-urls
— url-entry number
— apply-groups reference
— apply-groups-exclude reference
— transmission-profile reference
— url http-url-path-loose
— periodic-update-interval number
— pre-update-time number
— retry-interval number
— schedule-type keyword
— cert-file string
— cmpv2
— accept-unprotected-message
— error-message boolean
— pkiconf-message boolean
— always-set-sender-for-ir boolean
— http
— response-timeout number
— version keyword
— key-list
— key string
— apply-groups reference
— apply-groups-exclude reference
— password string
— response-signing-cert string
— same-recipient-nonce-for-poll-request boolean
— url
— service-name string
— url-string http-optional-url-loose
— crl-file string
— description string
— ocsp
— responder-url http-optional-url-loose
— service-name string
— transmission-profile reference
— revocation-check keyword
— certificate-display-format keyword
— certificate-expiration-warning
— hours number
— repeat-hours number
— common-name-list string
— apply-groups reference
— apply-groups-exclude reference
— common-name number
— apply-groups reference
— apply-groups-exclude reference
— cn-type keyword
— cn-value string
— crl-expiration-warning
— hours number
— repeat-hours number
— est-profile string
— apply-groups reference
— apply-groups-exclude reference
— check-id-kp-cmcra-only boolean
— client-tls-profile string
— http-authentication
— password string
— username string
— server
— fqdn string
— ipv4 string
— ipv6 (ipv4-address-no-zone | ipv6-address-no-zone)
— port number
— transmission-profile string
— imported-format keyword
— maximum-cert-chain-depth number
— python-script
— apply-groups reference
— apply-groups-exclude reference
— authorization
— cron
— cli-user reference
— event-handler
— cli-user reference
— snmp
— access string context string security-model keyword security-level keyword
— apply-groups reference
— apply-groups-exclude reference
— notify string
— prefix-match keyword
— read string
— write string
— apply-groups reference
— apply-groups-exclude reference
— attempts
— apply-groups reference
— apply-groups-exclude reference
— count number
— lockout number
— time number
— community string
— access-permissions keyword
— apply-groups reference
— apply-groups-exclude reference
— source-access-list reference
— version keyword
— source-access-list string
— apply-groups reference
— apply-groups-exclude reference
— source-host string
— address (ipv4-address-no-zone | ipv6-address-no-zone)
— apply-groups reference
— apply-groups-exclude reference
— usm-community string
— apply-groups reference
— apply-groups-exclude reference
— group string
— source-access-list reference
— view string subtree string
— apply-groups reference
— apply-groups-exclude reference
— mask string
— type keyword
— source-address
— ipv4 keyword
— address string
— apply-groups reference
— apply-groups-exclude reference
— interface-name string
— ipv6 keyword
— address string
— apply-groups reference
— apply-groups-exclude reference
— ssh
— apply-groups reference
— apply-groups-exclude reference
— client-cipher-list-v1
— apply-groups reference
— apply-groups-exclude reference
— cipher number
— apply-groups reference
— apply-groups-exclude reference
— name keyword
— client-cipher-list-v2
— apply-groups reference
— apply-groups-exclude reference
— cipher number
— apply-groups reference
— apply-groups-exclude reference
— name keyword
— client-kex-list-v2
— kex number
— apply-groups reference
— apply-groups-exclude reference
— name keyword
— client-mac-list-v2
— mac number
— apply-groups reference
— apply-groups-exclude reference
— name keyword
— key-re-exchange
— client
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— mbytes (number | keyword)
— minutes (number | keyword)
— server
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— mbytes (number | keyword)
— minutes (number | keyword)
— preserve-key boolean
— server-admin-state keyword
— server-cipher-list-v1
— apply-groups reference
— apply-groups-exclude reference
— cipher number
— apply-groups reference
— apply-groups-exclude reference
— name keyword
— server-cipher-list-v2
— apply-groups reference
— apply-groups-exclude reference
— cipher number
— apply-groups reference
— apply-groups-exclude reference
— name keyword
— server-kex-list-v2
— kex number
— apply-groups reference
— apply-groups-exclude reference
— name keyword
— server-mac-list-v2
— mac number
— apply-groups reference
— apply-groups-exclude reference
— name keyword
— version keyword
— system-passwords
— admin-password string
— apply-groups reference
— apply-groups-exclude reference
— vsd-password string
— tech-support
— apply-groups reference
— apply-groups-exclude reference
— ts-location (ts-sat-url | cflash-url | string)
— telnet-server boolean
— telnet6-server boolean
— tls
— apply-groups reference
— apply-groups-exclude reference
— cert-profile string
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— entry number
— apply-groups reference
— apply-groups-exclude reference
— certificate-file string
— key-file string
— send-chain
— ca-profile reference
— client-cipher-list string
— apply-groups reference
— apply-groups-exclude reference
— tls12-cipher number
— apply-groups reference
— apply-groups-exclude reference
— name keyword
— tls13-cipher number
— apply-groups reference
— apply-groups-exclude reference
— name keyword
— client-group-list string
— apply-groups reference
— apply-groups-exclude reference
— tls13-group number
— apply-groups reference
— apply-groups-exclude reference
— name keyword
— client-signature-list string
— apply-groups reference
— apply-groups-exclude reference
— tls13-signature number
— apply-groups reference
— apply-groups-exclude reference
— name keyword
— client-tls-profile string
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— cert-profile reference
— cipher-list reference
— group-list reference
— protocol-version keyword
— signature-list reference
— trust-anchor-profile reference
— server-cipher-list string
— apply-groups reference
— apply-groups-exclude reference
— tls12-cipher number
— apply-groups reference
— apply-groups-exclude reference
— name keyword
— tls13-cipher number
— apply-groups reference
— apply-groups-exclude reference
— name keyword
— server-group-list string
— apply-groups reference
— apply-groups-exclude reference
— tls13-group number
— apply-groups reference
— apply-groups-exclude reference
— name keyword
— server-signature-list string
— apply-groups reference
— apply-groups-exclude reference
— tls13-signature number
— apply-groups reference
— apply-groups-exclude reference
— name keyword
— server-tls-profile string
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— authenticate-client
— common-name-list reference
— trust-anchor-profile reference
— cert-profile reference
— cipher-list reference
— group-list reference
— protocol-version keyword
— signature-list reference
— tls-re-negotiate-timer number
— trust-anchor-profile string
— apply-groups reference
— apply-groups-exclude reference
— trust-anchor reference
— user-params
— apply-groups reference
— apply-groups-exclude reference
— attempts
— count number
— lockout number
— time number
— authentication-order
— exit-on-reject boolean
— order keyword
— local-user
— password
— aging number
— apply-groups reference
— apply-groups-exclude reference
— complexity-rules
— allow-user-name boolean
— credits
— lowercase number
— numeric number
— special-character number
— uppercase number
— minimum-classes number
— minimum-length number
— repeated-characters number
— required
— lowercase number
— numeric number
— special-character number
— uppercase number
— hashing keyword
— history-size number
— minimum-age number
— minimum-change number
— user string
— access
— console boolean
— ftp boolean
— grpc boolean
— li boolean
— netconf boolean
— snmp boolean
— apply-groups reference
— apply-groups-exclude reference
— cli-engine keyword
— console
— cannot-change-password boolean
— login-exec (sat-url | cflash-url | ftp-tftp-url | filename)
— member reference
— new-password-at-login boolean
— home-directory (sat-url | cflash-without-slot-url)
— password string
— public-keys
— ecdsa
— ecdsa-key number
— apply-groups reference
— apply-groups-exclude reference
— description string
— key-value string
— rsa
— rsa-key number
— apply-groups reference
— apply-groups-exclude reference
— description string
— key-value string
— restricted-to-home boolean
— snmp
— apply-groups reference
— apply-groups-exclude reference
— authentication
— authentication-key string
— authentication-protocol keyword
— privacy
— privacy-key string
— privacy-protocol keyword
— group string
— vprn-network-exceptions
— count number
— window number
— selective-fib boolean
— software-repository string
— apply-groups reference
— apply-groups-exclude reference
— description string
— primary-location string
— secondary-location string
— tertiary-location string
— switch-fabric
— apply-groups reference
— apply-groups-exclude reference
— failure-recovery
— admin-state keyword
— sfm-loss-threshold number
— telemetry
— apply-groups reference
— apply-groups-exclude reference
— destination-group string
— allow-unsecure-connection
— apply-groups reference
— apply-groups-exclude reference
— description string
— destination (ipv4-address-no-zone | ipv6-address-no-zone | fully-qualified-domain-name) port number
— apply-groups reference
— apply-groups-exclude reference
— router-instance string
— tcp-keepalive
— admin-state keyword
— idle-time number
— interval number
— retries number
— tls-client-profile reference
— notification-bundling
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— max-msg-count number
— max-time-granularity number
— persistent-subscriptions
— subscription string
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— description string
— destination-group reference
— encoding keyword
— local-source-address (ipv4-address-no-zone | ipv6-address-no-zone)
— mode keyword
— originated-qos-marking keyword
— sample-interval number
— sensor-group reference
— sensor-groups
— sensor-group string
— apply-groups reference
— apply-groups-exclude reference
— description string
— path string
— thresholds
— cflash-cap-alarm-percent string
— apply-groups reference
— apply-groups-exclude reference
— falling-threshold number
— interval number
— rising-threshold number
— rmon-event-type keyword
— startup-alarm keyword
— cflash-cap-warn-percent string
— apply-groups reference
— apply-groups-exclude reference
— falling-threshold number
— interval number
— rising-threshold number
— rmon-event-type keyword
— startup-alarm keyword
— kb-memory-use-alarm
— apply-groups reference
— apply-groups-exclude reference
— falling-threshold number
— interval number
— rising-threshold number
— rmon-event-type keyword
— startup-alarm keyword
— kb-memory-use-warn
— apply-groups reference
— apply-groups-exclude reference
— falling-threshold number
— interval number
— rising-threshold number
— rmon-event-type keyword
— startup-alarm keyword
— rmon
— alarm number
— apply-groups reference
— apply-groups-exclude reference
— falling-event number
— falling-threshold number
— interval number
— owner string
— rising-event number
— rising-threshold number
— sample-type keyword
— startup-alarm keyword
— variable-oid string
— event number
— apply-groups reference
— apply-groups-exclude reference
— description string
— event-type keyword
— owner string
— time
— apply-groups reference
— apply-groups-exclude reference
— dst-zone string
— apply-groups reference
— apply-groups-exclude reference
— end
— day keyword
— hours-minutes string
— month keyword
— week keyword
— offset number
— start
— day keyword
— hours-minutes string
— month keyword
— week keyword
— ntp
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— authentication-check boolean
— authentication-key number
— apply-groups reference
— apply-groups-exclude reference
— key string
— type keyword
— broadcast reference interface-name string
— apply-groups reference
— apply-groups-exclude reference
— key-id reference
— ttl number
— version number
— broadcast-client string interface-name string
— apply-groups reference
— apply-groups-exclude reference
— authenticate boolean
— multicast
— apply-groups reference
— apply-groups-exclude reference
— key-id reference
— version number
— multicast-client
— apply-groups reference
— apply-groups-exclude reference
— authenticate boolean
— ntp-server
— authenticate boolean
— peer (ipv4-address-no-zone | ipv6-address-no-zone) router-instance string
— apply-groups reference
— apply-groups-exclude reference
— key-id reference
— prefer boolean
— version number
— server (ipv4-address-no-zone | ipv6-address-no-zone | keyword) router-instance string
— apply-groups reference
— apply-groups-exclude reference
— key-id reference
— prefer boolean
— version number
— prefer-local-time boolean
— sntp
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— server (ipv4-address-no-zone | ipv6-address-no-zone)
— apply-groups reference
— apply-groups-exclude reference
— interval number
— prefer boolean
— version number
— sntp-state keyword
— zone
— non-standard
— name string
— offset string
— standard
— name keyword
— transmission-profile string
— apply-groups reference
— apply-groups-exclude reference
— ipv4-source-address string
— ipv6-source-address string
— redirection number
— retry number
— router-instance string
— timeout number
| Synopsis | Power the output pin on the CPM alarm interface port | |
| Context | configure system alarm-contact-in-power boolean | |
| Tree | alarm-contact-in-power | |
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms |
7750 SR-a |
| Synopsis | Enter the alarm-contact-input list instance | |
| Context | configure system alarm-contact-input number | |
| Tree | alarm-contact-input | |
| Introduced | 16.0.R1 | |
Platforms |
7750 SR-a |
| Synopsis | Alarm contact input pin | |
| Context | configure system alarm-contact-input number | |
| Range | 1 to 4 | |
Notes |
This element is part of a list key. |
|
| Introduced | 16.0.R1 | |
Platforms |
7750 SR-a |
| Synopsis | Administrative state of the alarm contact input | |
| Context | configure system alarm-contact-input number admin-state keyword | |
| Tree | admin-state | |
| Default | disable | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
7750 SR-a |
| Synopsis | Text message sent in the log event when an alarm clears | |
| Context | configure system alarm-contact-input number clear-message string | |
| Tree | clear-message | |
Description |
This command configures a text message to be included in the log event that is sent when the system clears an alarm. The system generates the default "Alarm Input Cleared" message if no message is configured. The clear-message string is included in the log event when the pin changes to the normal state. |
|
| String Length | 1 to 80 | |
| Default | Alarm Input Cleared | |
| Introduced | 16.0.R1 | |
Platforms |
7750 SR-a |
| Synopsis | Text description | |
| Context | configure system alarm-contact-input number description string | |
| Tree | description | |
| String Length | 1 to 160 | |
| Introduced | 16.0.R1 | |
Platforms |
7750 SR-a |
| Synopsis | Normal state associated with the alarm contact input | |
| Context | configure system alarm-contact-input number normal-state keyword | |
| Tree | normal-state | |
| Default | open | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
7750 SR-a |
| Synopsis | Text message sent in the log event when input changes | |
| Context | configure system alarm-contact-input number trigger-message string | |
| Tree | trigger-message | |
Description |
This command configures a text message to be included in the log event that is sent when the system generates an alarm. The system generates the default message "Alarm Input Triggered" if no message is configured. This command's message string is included in the log event when the pin changes from the normal state. |
|
| String Length | 1 to 80 | |
| Default | Alarm Input Triggered | |
| Introduced | 16.0.R1 | |
Platforms |
7750 SR-a |
| Synopsis | Administrative state of the system alarm | |
| Context | configure system alarms admin-state keyword | |
| Tree | admin-state | |
| Default | enable | |
| Options | ||
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Maximum number of cleared alarms | |
| Context | configure system alarms max-cleared number | |
| Tree | max-cleared | |
| Range | 0 to 500 | |
| Default | 500 | |
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Allow boot license violations in boot-up configuration | |
| Context | configure system allow-boot-license-violations boolean | |
| Tree | allow-boot-license-violations | |
| Default | true | |
| Introduced | 16.0.R4 | |
|
Platforms |
All |
| Synopsis | Administrative state of the Bluetooth module | |
| Context | configure system bluetooth admin-state keyword | |
| Tree | admin-state | |
| Default | disable | |
| Options | ||
| Introduced | 20.2.R1 | |
Platforms |
7750 SR-1, 7750 SR-s, 7950 XRS-20e |
| Synopsis | Bluetooth advertising timeout | |
| Context | configure system bluetooth advertising-timeout number | |
| Tree | advertising-timeout | |
| Range | 30 to 3600 | |
| Units | seconds | |
| Introduced | 16.0.R1 | |
Platforms |
7750 SR-1, 7750 SR-s, 7950 XRS-20e |
| Synopsis | Text description | |
| Context | configure system bluetooth device string description string | |
| Tree | description | |
| String Length | 1 to 80 | |
| Introduced | 16.0.R1 | |
Platforms |
7750 SR-1, 7750 SR-s, 7950 XRS-20e |
| Synopsis | Bluetooth module ID | |
| Context | configure system bluetooth module string provisioned-identifier string | |
| Tree | provisioned-identifier | |
| String Length | 1 to 32 | |
| Introduced | 16.0.R1 | |
Platforms |
7750 SR-1, 7750 SR-s, 7950 XRS-20e |
| Synopsis | Enable the pairing button | |
| Context | configure system bluetooth pairing-button boolean | |
| Tree | pairing-button | |
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms |
7750 SR-1, 7750 SR-s, 7950 XRS-20e |
| Synopsis | Bluetooth module power mode | |
| Context | configure system bluetooth power-mode keyword | |
| Tree | power-mode | |
| Default | automatic | |
| Options | ||
| Introduced | 20.2.R1 | |
Platforms |
7750 SR-1, 7750 SR-s, 7950 XRS-20e |
| Synopsis | CLI script file to execute following a failed boot-up | |
| Context | configure system boot-bad-exec string | |
| Tree | boot-bad-exec | |
| String Length | 1 to 180 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | CLI script file to execute following successful boot-up | |
| Context | configure system boot-good-exec string | |
| Tree | boot-good-exec | |
| String Length | 1 to 180 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the central-frequency-clock context | |
| Context | configure system central-frequency-clock | |
| Tree | central-frequency-clock | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Enter the bits context | |
| Context | configure system central-frequency-clock bits | |
| Tree | bits | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Enter the input context | |
| Context | configure system central-frequency-clock bits input | |
| Tree | input | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Administrative state of the BITS input timing reference | |
| Context | configure system central-frequency-clock bits input admin-state keyword | |
| Tree | admin-state | |
| Default | disable | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Interface type of the BITS timing reference | |
| Context | configure system central-frequency-clock bits interface-type keyword | |
| Tree | interface-type | |
| Default | ds1-esf | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Enter the output context | |
| Context | configure system central-frequency-clock bits output | |
| Tree | output | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Administrative state of BITS output timing reference | |
| Context | configure system central-frequency-clock bits output admin-state keyword | |
| Tree | admin-state | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Line length for the BITS output timing reference | |
| Context | configure system central-frequency-clock bits output line-length keyword | |
| Tree | line-length | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Minimum signal quality level for BITSout port | |
| Context | configure system central-frequency-clock bits output ql-minimum keyword | |
| Tree | ql-minimum | |
| Default | unused | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Override for the quality level of the timing reference | |
| Context | configure system central-frequency-clock bits ql-override keyword | |
| Tree | ql-override | |
| Default | unused | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Sa bit to convey SSM information | |
| Context | configure system central-frequency-clock bits ssm-bit number | |
| Tree | ssm-bit | |
| Range | 4 to 8 | |
| Default | 8 | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Enter the ptp context | |
| Context | configure system central-frequency-clock ptp | |
| Tree | ptp | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Administrative state of the PTP timing reference | |
| Context | configure system central-frequency-clock ptp admin-state keyword | |
| Tree | admin-state | |
| Default | disable | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Quality level of a timing reference that overrides any value provided by the reference's SSM process | |
| Context | configure system central-frequency-clock ptp ql-override keyword | |
| Tree | ql-override | |
| Default | unused | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Minimum signal quality level for system timing module | |
| Context | configure system central-frequency-clock ql-minimum keyword | |
| Tree | ql-minimum | |
| Default | unused | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Consider quality level in system and BITS output timing | |
| Context | configure system central-frequency-clock ql-selection boolean | |
| Tree | ql-selection | |
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Enter the ref-order context | |
| Context | configure system central-frequency-clock ref-order | |
| Tree | ref-order | |
Description |
Commands in this context specify the priority order of the synchronous equipment timing subsystem. If a reference source is disabled, this command defines the next reference source for the clock. If all reference sources are disabled, clocking is derived from a local oscillator. If a timing reference is linked to a source port that is operationally down, the port is no longer a qualified, valid reference. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Fifth preferred timing reference source | |
| Context | configure system central-frequency-clock ref-order fifth keyword | |
| Tree | fifth | |
| Options | ||
| Introduced | 19.10.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | First preferred timing reference source | |
| Context | configure system central-frequency-clock ref-order first keyword | |
| Tree | first | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Fourth preferred timing reference source | |
| Context | configure system central-frequency-clock ref-order fourth keyword | |
| Tree | fourth | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Second preferred timing reference source | |
| Context | configure system central-frequency-clock ref-order second keyword | |
| Tree | second | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Third preferred timing reference source | |
| Context | configure system central-frequency-clock ref-order third keyword | |
| Tree | third | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Enter the ref1 context | |
| Context | configure system central-frequency-clock ref1 | |
| Tree | ref1 | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Administrative state of the first timing reference | |
| Context | configure system central-frequency-clock ref1 admin-state keyword | |
| Tree | admin-state | |
| Default | disable | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Quality level override of a timing reference | |
| Context | configure system central-frequency-clock ref1 ql-override keyword | |
| Tree | ql-override | |
| Default | unused | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Source port for the first timing reference | |
| Context | configure system central-frequency-clock ref1 source-port string | |
| Tree | source-port | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Enter the ref2 context | |
| Context | configure system central-frequency-clock ref2 | |
| Tree | ref2 | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Administrative state of the second timing reference | |
| Context | configure system central-frequency-clock ref2 admin-state keyword | |
| Tree | admin-state | |
| Default | disable | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Quality level override of a timing reference | |
| Context | configure system central-frequency-clock ref2 ql-override keyword | |
| Tree | ql-override | |
| Default | unused | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Source port for the second timing reference | |
| Context | configure system central-frequency-clock ref2 source-port string | |
| Tree | source-port | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Revert to higher-priority reference source | |
| Context | configure system central-frequency-clock revert boolean | |
| Tree | revert | |
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Enter the synce context | |
| Context | configure system central-frequency-clock synce | |
| Tree | synce | |
| Introduced | 19.10.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Administrative state of the SyncE timing reference | |
| Context | configure system central-frequency-clock synce admin-state keyword | |
| Tree | admin-state | |
| Default | disable | |
| Options | ||
| Introduced | 19.10.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Override the quality level of a timing reference | |
| Context | configure system central-frequency-clock synce ql-override keyword | |
| Tree | ql-override | |
| Default | unused | |
| Options | ||
| Introduced | 19.10.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Time to re-validate a previously failed input reference | |
| Context | configure system central-frequency-clock wait-to-restore number | |
| Tree | wait-to-restore | |
| Range | 1 to 12 | |
| Units | minutes | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Enable Virtual Service Router congestion management | |
| Context | configure system congestion-management boolean | |
| Tree | congestion-management | |
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms |
VSR |
| Synopsis | GPS coordinates for the system location | |
| Context | configure system coordinates string | |
| Tree | coordinates | |
| String Length | 1 to 80 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the cpm-http-redirect context | |
| Context | configure system cpm-http-redirect | |
| Tree | cpm-http-redirect | |
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Enable optimized mode for CPM HTTP redirect messages | |
| Context | configure system cpm-http-redirect optimized-mode boolean | |
| Tree | optimized-mode | |
| Default | true | |
| Introduced | 16.0.R4 | |
|
Platforms |
All |
| Synopsis | Administrative state of the CRON schedule | |
| Context | configure system cron schedule string owner string admin-state keyword | |
| Tree | admin-state | |
| Default | disable | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Days in a month when a schedule runs | |
| Context | configure system cron schedule string owner string day-of-month number | |
| Tree | day-of-month | |
| Range | -31 to -1 | 1 to 31 | |
| Max. Instances | 62 | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Text description | |
| Context | configure system cron schedule string owner string description string | |
| Tree | description | |
| String Length | 1 to 80 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Date and time to stop triggering the schedule | |
| Context | configure system cron schedule string owner string end-time date-and-time string | |
| Tree | date-and-time | |
Notes |
The following elements are part of a choice: date-and-time or (day and time). |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the script-policy context | |
| Context | configure system cron schedule string owner string script-policy | |
| Tree | script-policy | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Applications to send NoAddrsAvail in Advertise messages | |
| Context | configure system dhcp6 adv-noaddrs-global keyword | |
| Tree | adv-noaddrs-global | |
| Options | ||
| Max. Instances | 2 | |
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Preference in DNS address resolving order | |
| Context | configure system dns address-pref keyword | |
| Tree | address-pref | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Validation of AD-bit presence in DNS server responses | |
| Context | configure system dns dnssec ad-validation keyword | |
| Tree | ad-validation | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Generate Information OAM PDU on soft reset notification | |
| Context | configure system efm-oam dying-gasp-tx-on-reset boolean | |
| Tree | dying-gasp-tx-on-reset | |
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Send Grace TLVs for soft reset graceful recovery events | |
| Context | configure system efm-oam grace-tx boolean | |
| Tree | grace-tx | |
Description |
When configured to true, the system sends the Nokia Vendor specific Grace TLV in the information PDU after an ISSU or a soft reset. The Grace TLV informs a remote peer to ignore the negotiated interval and multiplier and instead use the new timeout interval. By default, the command is disabled at the system level and enabled at the port level. Both the system and port level must be enabled to support grace on a specific port. When configured to true, the EFM-OAM protocol does not enter a non-operational state when both nodes acknowledge the grace function. This feature minimizes service interruption by giving the restarting router time to become operationally and administratively up within the grace period. The peer receiving the Grace TLV must be able to parse and process the vendor-specific messaging. Do not configure grace if the Nokia Vendor Specific Grace TLV is not supported on the remote peer. When configured to false, the Nokia Vendor Specific Grace TLV is not sent. |
|
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Enter the md-auto-id context | |
| Context | configure system eth-cfm md-auto-id | |
| Tree | md-auto-id | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Enable the ma-index-range context | |
| Context | configure system eth-cfm md-auto-id ma-index-range | |
| Tree | ma-index-range | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
|
WARNING:
Modifying this element recreates the parent element automatically for the new value to take effect. |
||
| Synopsis | Upper bound of the range | |
| Context | configure system eth-cfm md-auto-id ma-index-range end number | |
| Tree | end | |
| Range | 1 to 4294967295 | |
Notes |
This element is mandatory. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
|
|
WARNING:
Modifying this element recreates the parent element automatically for the new value to take effect. |
||
| Synopsis | Lower bound of the range | |
| Context | configure system eth-cfm md-auto-id ma-index-range start number | |
| Tree | start | |
| Range | 1 to 4294967295 | |
Notes |
This element is mandatory. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
|
| Synopsis | Enable the md-index-range context | |
| Context | configure system eth-cfm md-auto-id md-index-range | |
| Tree | md-index-range | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
|
WARNING:
Modifying this element recreates the parent element automatically for the new value to take effect. |
||
| Synopsis | Upper bound of the range | |
| Context | configure system eth-cfm md-auto-id md-index-range end number | |
| Tree | end | |
| Range | 1 to 4294967295 | |
Notes |
This element is mandatory. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
|
|
WARNING:
Modifying this element recreates the parent element automatically for the new value to take effect. |
||
| Synopsis | Lower bound of the range | |
| Context | configure system eth-cfm md-auto-id md-index-range start number | |
| Tree | start | |
| Range | 1 to 4294967295 | |
Notes |
This element is mandatory. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
|
| Synopsis | Enter the redundancy context | |
| Context | configure system eth-cfm redundancy | |
| Tree | redundancy | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Enter the mc-lag context | |
| Context | configure system eth-cfm redundancy mc-lag | |
| Tree | mc-lag | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Delay timer value for the fault propagation | |
| Context | configure system eth-cfm redundancy mc-lag propagate-hold-time (number | keyword) | |
| Tree | propagate-hold-time | |
| Range | 1 to 60 | |
| Default | 1 | |
| Units | seconds | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Allow standby MC-LAG MEPs to act administratively down | |
| Context | configure system eth-cfm redundancy mc-lag standby-mep boolean | |
| Tree | standby-mep | |
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Local name used in CFM PDUs | |
| Context | configure system eth-cfm sender-id local-name string | |
| Tree | local-name | |
| String Length | 1 to 45 | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | SLR inactivity timer to maintain the stale test data | |
| Context | configure system eth-cfm slm inactivity-timer number | |
| Tree | inactivity-timer | |
| Range | 10 to 100 | |
| Default | 100 | |
| Units | seconds | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Administrative state of the gRPC server | |
| Context | configure system grpc admin-state keyword | |
| Tree | admin-state | |
| Default | disable | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Allow connection without secured transport protocol | |
| Context | configure system grpc allow-unsecure-connection | |
| Tree | allow-unsecure-connection | |
Description |
When configured, this command allows an unsecured connection to remote managers; TCP connections are not encrypted, including username and password information. |
|
Notes |
The following elements are part of a choice: allow-unsecure-connection or tls-server-profile. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Administrative state of the gNMI service | |
| Context | configure system grpc gnmi admin-state keyword | |
| Tree | admin-state | |
| Default | enable | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Automatically save configuration as part of commit | |
| Context | configure system grpc gnmi auto-config-save boolean | |
| Tree | auto-config-save | |
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Administrative state of gNOI CertificateManagement | |
| Context | configure system grpc gnoi cert-mgmt admin-state keyword | |
| Tree | admin-state | |
| Default | disable | |
| Options | ||
| Introduced | 19.10.R1 | |
Platforms |
All |
| Synopsis | Administrative state of the gNOI File service | |
| Context | configure system grpc gnoi file admin-state keyword | |
| Tree | admin-state | |
| Default | disable | |
| Options | ||
| Introduced | 21.2.R1 | |
Platforms |
All |
| Synopsis | Administrative state of the gNOI System service | |
| Context | configure system grpc gnoi system admin-state keyword | |
| Tree | admin-state | |
| Default | disable | |
| Options | ||
| Introduced | 20.5.R1 | |
Platforms |
All |
| Synopsis | Maximum size of received message | |
| Context | configure system grpc max-msg-size number | |
| Tree | max-msg-size | |
| Range | 1 to 1024 | |
| Default | 512 | |
| Units | megabytes | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Administrative state of the MD-CLI service | |
| Context | configure system grpc md-cli admin-state keyword | |
| Tree | admin-state | |
| Default | disable | |
| Options | ||
| Introduced | 20.5.R1 | |
Platforms |
All |
| Synopsis | Administrative state of the RIB API service | |
| Context | configure system grpc rib-api admin-state keyword | |
| Tree | admin-state | |
| Default | disable | |
| Options | ||
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Time until stale entries are purged | |
| Context | configure system grpc rib-api purge-timeout number | |
| Tree | purge-timeout | |
| Range | 1 to 100000 | |
| Units | seconds | |
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Enter the tcp-keepalive context | |
| Context | configure system grpc tcp-keepalive | |
| Tree | tcp-keepalive | |
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Administrative state of the TCP keepalive algorithm | |
| Context | configure system grpc tcp-keepalive admin-state keyword | |
| Tree | admin-state | |
| Default | disable | |
| Options | ||
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Time until the first TCP keepalive probe is sent | |
| Context | configure system grpc tcp-keepalive idle-time number | |
| Tree | idle-time | |
Description |
This command configures the amount of time the connection must be idle before TCP keepalives are sent. |
|
| Range | 1 to 100000 | |
| Default | 600 | |
| Units | seconds | |
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Time between TCP keep-alive probes | |
| Context | configure system grpc tcp-keepalive interval number | |
| Tree | interval | |
| Range | 1 to 100000 | |
| Default | 15 | |
| Units | seconds | |
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Number of probe retries before closing the connection | |
| Context | configure system grpc tcp-keepalive retries number | |
| Tree | retries | |
Description |
This command configures the number of missed TCP keepalive probes before closing the TCP connection and attempting to reach the other destinations within the same destination group. |
|
| Range | 3 to 100 | |
| Default | 4 | |
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Preferred TLS server profile | |
| Context | configure system grpc tls-server-profile reference | |
| Tree | tls-server-profile | |
Reference |
configure system security tls server-tls-profile string |
|
Notes |
The following elements are part of a choice: allow-unsecure-connection or tls-server-profile. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the grpc-tunnel context | |
| Context | configure system grpc-tunnel | |
| Tree | grpc-tunnel | |
| Introduced | 22.2.R1 | |
Platforms |
All |
| Synopsis | Enter the destination-group list instance | |
| Context | configure system grpc-tunnel destination-group string | |
| Tree | destination-group | |
Description |
Commands in this context configure parameters for destination groups. |
|
| Max. Instances | 4 | |
| Introduced | 22.2.R1 | |
|
Platforms |
All |
| Synopsis | Destination group name | |
| Context | configure system grpc-tunnel destination-group string | |
| String Length | 1 to 32 | |
Notes |
This element is part of a list key. |
|
| Introduced | 22.2.R1 | |
Platforms |
All |
| Synopsis | Allow unsecured operation of gRPC connections | |
| Context | configure system grpc-tunnel destination-group string allow-unsecure-connection | |
| Tree | allow-unsecure-connection | |
Description |
This command allows a gRPC tunnel to run without a secured transport protocol. Data is transferred in unencrypted form. |
|
Notes |
The following elements are part of a choice: allow-unsecure-connection or tls-client-profile. |
|
| Introduced | 22.2.R1 | |
Platforms |
All |
| Synopsis | Text description | |
| Context | configure system grpc-tunnel destination-group string description string | |
| Tree | description | |
| String Length | 1 to 80 | |
| Introduced | 22.2.R1 | |
Platforms |
All |
| Synopsis | Enter the destination list instance | |
| Context | configure system grpc-tunnel destination-group string destination (ipv4-address-no-zone | ipv6-address-no-zone | fully-qualified-domain-name) port number | |
| Tree | destination | |
| Max. Instances | 4 | |
Notes |
This element is ordered by the user. |
|
| Introduced | 22.2.R1 | |
Platforms |
All |
| Synopsis | Address of the destination within the destination group | |
| Context | configure system grpc-tunnel destination-group string destination (ipv4-address-no-zone | ipv6-address-no-zone | fully-qualified-domain-name) port number | |
| String Length | 1 to 255 | |
Notes |
This element is part of a list key. |
|
| Introduced | 22.2.R1 | |
Platforms |
All |
| Synopsis | TCP port number for the destination | |
| Context | configure system grpc-tunnel destination-group string destination (ipv4-address-no-zone | ipv6-address-no-zone | fully-qualified-domain-name) port number | |
| Range | 1 to 65535 | |
Notes |
This element is part of a list key. |
|
| Introduced | 22.2.R1 | |
Platforms |
All |
| Synopsis | Local IP address of packets sent from the source | |
| Context | configure system grpc-tunnel destination-group string destination (ipv4-address-no-zone | ipv6-address-no-zone | fully-qualified-domain-name) port number local-source-address (ipv4-address-no-zone | ipv6-address-no-zone) | |
| Tree | local-source-address | |
| Introduced | 22.2.R1 | |
Platforms |
All |
| Synopsis | QoS marking used for gRPC tunnel packets | |
| Context | configure system grpc-tunnel destination-group string destination (ipv4-address-no-zone | ipv6-address-no-zone | fully-qualified-domain-name) port number originated-qos-marking keyword | |
| Tree | originated-qos-marking | |
| Options | ||
| Introduced | 22.2.R1 | |
Platforms |
All |
| Synopsis | Router instance for the destination group | |
| Context | configure system grpc-tunnel destination-group string destination (ipv4-address-no-zone | ipv6-address-no-zone | fully-qualified-domain-name) port number router-instance string | |
| Tree | router-instance | |
| Introduced | 22.2.R1 | |
Platforms |
All |
| Synopsis | Enter the tcp-keepalive context | |
| Context | configure system grpc-tunnel destination-group string tcp-keepalive | |
| Tree | tcp-keepalive | |
| Introduced | 22.2.R1 | |
Platforms |
All |
| Synopsis | Administrative state of the TCP keepalive algorithm | |
| Context | configure system grpc-tunnel destination-group string tcp-keepalive admin-state keyword | |
| Tree | admin-state | |
| Default | disable | |
| Options | ||
| Introduced | 22.2.R1 | |
Platforms |
All |
| Synopsis | Time until the first TCP keepalive probe is sent | |
| Context | configure system grpc-tunnel destination-group string tcp-keepalive idle-time number | |
| Tree | idle-time | |
Description |
This command configures the amount of time the connection must be idle before TCP keepalives are sent. |
|
| Range | 1 to 100000 | |
| Default | 600 | |
| Units | seconds | |
| Introduced | 22.2.R1 | |
Platforms |
All |
| Synopsis | Time between TCP keep-alive probes | |
| Context | configure system grpc-tunnel destination-group string tcp-keepalive interval number | |
| Tree | interval | |
| Range | 1 to 100000 | |
| Default | 15 | |
| Units | seconds | |
| Introduced | 22.2.R1 | |
Platforms |
All |
| Synopsis | Number of probe retries before closing the connection | |
| Context | configure system grpc-tunnel destination-group string tcp-keepalive retries number | |
| Tree | retries | |
Description |
This command configures the number of missed TCP keepalive probes before closing the TCP connection and attempting to reach the other destinations within the same destination group. |
|
| Range | 3 to 100 | |
| Default | 4 | |
| Introduced | 22.2.R1 | |
Platforms |
All |
| Synopsis | TLS client profile assigned to the destination group | |
| Context | configure system grpc-tunnel destination-group string tls-client-profile reference | |
| Tree | tls-client-profile | |
Reference |
configure system security tls client-tls-profile string |
|
Notes |
The following elements are part of a choice: allow-unsecure-connection or tls-client-profile. |
|
| Introduced | 22.2.R1 | |
Platforms |
All |
| Synopsis | Enter the tunnel list instance | |
| Context | configure system grpc-tunnel tunnel string | |
| Tree | tunnel | |
Description |
Commands in this context configure gRPC-tunnel-related parameters. |
|
| Max. Instances | 4 | |
| Introduced | 22.2.R1 | |
|
Platforms |
All |
| Synopsis | Tunnel name | |
| Context | configure system grpc-tunnel tunnel string | |
| String Length | 1 to 32 | |
Notes |
This element is part of a list key. |
|
| Introduced | 22.2.R1 | |
Platforms |
All |
| Synopsis | Administrative state of the tunnel | |
| Context | configure system grpc-tunnel tunnel string admin-state keyword | |
| Tree | admin-state | |
| Default | disable | |
| Options | ||
| Introduced | 22.2.R1 | |
Platforms |
All |
| Synopsis | Text description | |
| Context | configure system grpc-tunnel tunnel string description string | |
| Tree | description | |
| String Length | 1 to 80 | |
| Introduced | 22.2.R1 | |
Platforms |
All |
| Synopsis | Destination group used in the tunnel | |
| Context | configure system grpc-tunnel tunnel string destination-group reference | |
| Tree | destination-group | |
Reference |
configure system grpc-tunnel destination-group string |
|
| Introduced | 22.2.R1 | |
Platforms |
All |
| Synopsis | Enter the handler list instance | |
| Context | configure system grpc-tunnel tunnel string handler string | |
| Tree | handler | |
Description |
Commands in this context configure handler parameters for this instance. Multiple handlers can be created for any tunnel. |
|
| Max. Instances | 8 | |
| Introduced | 22.2.R1 | |
|
Platforms |
All |
| Synopsis | Handler name | |
| Context | configure system grpc-tunnel tunnel string handler string | |
| String Length | 1 to 32 | |
Notes |
This element is part of a list key. |
|
| Introduced | 22.2.R1 | |
Platforms |
All |
| Synopsis | Administrative state of the handler | |
| Context | configure system grpc-tunnel tunnel string handler string admin-state keyword | |
| Tree | admin-state | |
| Default | disable | |
| Options | ||
| Introduced | 22.2.R1 | |
Platforms |
All |
| Synopsis | Enter the target-type context | |
| Context | configure system grpc-tunnel tunnel string handler string target-type | |
| Tree | target-type | |
| Introduced | 22.2.R1 | |
Platforms |
All |
| Synopsis | Custom string for target type | |
| Context | configure system grpc-tunnel tunnel string handler string target-type custom-type string | |
| Tree | custom-type | |
Description |
This command configures a custom string for the target type. This string can correspond to specific values used by the gRPC tunnel protocol, such as GNMI_GNOI or SSH. If a custom string is defined, the gRPC tunnel client must specify the string to request a session for that handler. The string must be unique within a tunnel. |
|
| String Length | 1 to 64 | |
Notes |
The following elements are part of a choice: custom-type, grpc-server, or ssh-server. |
|
| Introduced | 22.2.R1 | |
Platforms |
All |
| Synopsis | Target type set to GNMI_GNOI | |
| Context | configure system grpc-tunnel tunnel string handler string target-type grpc-server | |
| Tree | grpc-server | |
Description |
When configured, this command assigns the gRPC server as a handler for all tunnels sessions. At the gRPC tunnel protocol level, this corresponds to a value of GNMI_GNOI. |
|
Notes |
The following elements are part of a choice: custom-type, grpc-server, or ssh-server. |
|
| Introduced | 22.2.R1 | |
Platforms |
All |
| Synopsis | Target type is SSH | |
| Context | configure system grpc-tunnel tunnel string handler string target-type ssh-server | |
| Tree | ssh-server | |
Description |
When configured, this command assigns the SSH server as a handler for all tunnels sessions. At the gRPC tunnel protocol level, this corresponds to a value of SSH. |
|
Notes |
The following elements are part of a choice: custom-type, grpc-server, or ssh-server. |
|
| Introduced | 22.2.R1 | |
Platforms |
All |
| Synopsis | Enter the target-name context | |
| Context | configure system grpc-tunnel tunnel string target-name | |
| Tree | target-name | |
| Introduced | 22.2.R1 | |
Platforms |
All |
| Synopsis | Custom target name | |
| Context | configure system grpc-tunnel tunnel string target-name custom-string string | |
| Tree | custom-string | |
| String Length | 1 to 64 | |
Notes |
The following elements are part of a choice: custom-string, node-name, or user-agent. |
|
| Introduced | 22.2.R1 | |
Platforms |
All |
| Synopsis | Set the node name as target name | |
| Context | configure system grpc-tunnel tunnel string target-name node-name | |
| Tree | node-name | |
Description |
When configured, this command uses the node name as the target name. The node name is configured by the configure system name command. |
|
Notes |
The following elements are part of a choice: custom-string, node-name, or user-agent. |
|
| Introduced | 22.2.R1 | |
Platforms |
All |
| Synopsis | Set the user agent as the target name | |
| Context | configure system grpc-tunnel tunnel string target-name user-agent | |
| Tree | user-agent | |
Description |
When configured, this command uses the user agent as the target name. The agent is a string consisting of node-name:vendor:model:software-version. |
|
Notes |
The following elements are part of a choice: custom-string, node-name, or user-agent. |
|
| Introduced | 22.2.R1 | |
Platforms |
All |
| Synopsis | Allow QinQ encapsulation for network interfaces | |
| Context | configure system ip allow-qinq-network-interface boolean | |
| Tree | allow-qinq-network-interface | |
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Force creation of globally unique IP interface indexes | |
| Context | configure system ip enforce-unique-if-index boolean | |
| Tree | enforce-unique-if-index | |
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Allow forwarding of IPv6 over IPv4 sent to the system IP address | |
| Context | configure system ip forward-6in4 boolean | |
| Tree | forward-6in4 | |
| Default | false | |
| Introduced | 19.10.R1 | |
|
Platforms |
All |
| Synopsis | Allow forwarding of IP over GRE sent to the system IP address | |
| Context | configure system ip forward-ip-over-gre boolean | |
| Tree | forward-ip-over-gre | |
| Default | false | |
| Introduced | 19.10.R1 | |
|
Platforms |
All |
| Synopsis | Collect traffic statistics on labels of the MPLS stack | |
| Context | configure system ip mpls label-stack-statistics-count number | |
| Tree | label-stack-statistics-count | |
| Range | 1 to 2 | |
| Default | 1 | |
| Introduced | 19.10.R3 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Enter the non-multi-chassis-tunnel-id-range context | |
| Context | configure system l2tp non-multi-chassis-tunnel-id-range | |
| Tree | non-multi-chassis-tunnel-id-range | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
| Synopsis | Upper bound of the range | |
| Context | configure system l2tp non-multi-chassis-tunnel-id-range end number | |
| Tree | end | |
| Range | 0 to 16383 | |
| Default | 16383 | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
| Synopsis | Lower bound of the range | |
| Context | configure system l2tp non-multi-chassis-tunnel-id-range start number | |
| Tree | start | |
| Range | 0 to 16383 | |
| Default | 1 | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
| Synopsis | LACP system priority on aggregated Ethernet interfaces | |
| Context | configure system lacp system-priority number | |
| Tree | system-priority | |
| Range | 1 to 65535 | |
| Default | 32768 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Administrative state of LLDP | |
| Context | configure system lldp admin-state keyword | |
| Tree | admin-state | |
| Default | enable | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Interval at which LLDP frames are transmitted | |
| Context | configure system lldp message-fast-tx number | |
| Tree | message-fast-tx | |
Description |
This command configures the interval at which LLDP frames are transmitted on behalf of the LLDP during a fast transmission period. |
|
| Range | 1 to 3600 | |
| Default | 1 | |
| Units | seconds | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | PDUs to transmit during the fast transmission period | |
| Context | configure system lldp message-fast-tx-init number | |
| Tree | message-fast-tx-init | |
| Range | 1 to 8 | |
| Default | 4 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Minimum interval between change notifications | |
| Context | configure system lldp notification-interval number | |
| Tree | notification-interval | |
| Range | 5 to 3600 | |
| Default | 5 | |
| Units | seconds | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Time required before re-initializing LLDP on a port | |
| Context | configure system lldp reinit-delay number | |
| Tree | reinit-delay | |
| Range | 1 to 10 | |
| Default | 2 | |
| Units | seconds | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Maximum consecutive LLDPDUs that can be transmitted | |
| Context | configure system lldp tx-credit-max number | |
| Tree | tx-credit-max | |
| Range | 1 to 100 | |
| Default | 5 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Transmit interval multiplier | |
| Context | configure system lldp tx-hold-multiplier number | |
| Tree | tx-hold-multiplier | |
| Range | 2 to 10 | |
| Default | 4 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | LLDP transmit interval | |
| Context | configure system lldp tx-interval number | |
| Tree | tx-interval | |
| Range | 5 to 32768 | |
| Default | 30 | |
| Units | seconds | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the load-balancing context | |
| Context | configure system load-balancing | |
| Tree | load-balancing | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Include L2TP header information for load balancing | |
| Context | configure system load-balancing l2tp-load-balancing boolean | |
| Tree | l2tp-load-balancing | |
| Default | false | |
| Introduced | 16.0.R4 | |
|
Platforms |
All |
| Synopsis | Use load balancing based on Layer 4 fields | |
| Context | configure system load-balancing l4-load-balancing boolean | |
| Tree | l4-load-balancing | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Algorithm for system-wide LSR load balancing | |
| Context | configure system load-balancing lsr-load-balancing keyword | |
| Tree | lsr-load-balancing | |
| Options | ||
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Enable enhanced egress multicast load balancing | |
| Context | configure system load-balancing mc-enh-load-balancing boolean | |
| Tree | mc-enh-load-balancing | |
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Enable enhanced VLL LAG service ID hashing | |
| Context | configure system load-balancing service-id-lag-hashing boolean | |
| Tree | service-id-lag-hashing | |
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Use system IP address for ECMP and LAG load balancing | |
| Context | configure system load-balancing system-ip-load-balancing boolean | |
| Tree | system-ip-load-balancing | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the login-control context | |
| Context | configure system login-control | |
| Tree | login-control | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enable exponential-backoff of the login prompt | |
| Context | configure system login-control exponential-backoff boolean | |
| Tree | exponential-backoff | |
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Enter the ftp context | |
| Context | configure system login-control ftp | |
| Tree | ftp | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Maximum number of concurrent inbound FTP sessions | |
| Context | configure system login-control ftp inbound-max-sessions number | |
| Tree | inbound-max-sessions | |
| Range | 0 to 5 | |
| Default | 3 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Idle timeout for FTP, console, or Telnet sessions | |
| Context | configure system login-control idle-timeout (keyword | number) | |
| Tree | idle-timeout | |
| Range | 1 to 1440 | |
| Default | 30 | |
| Units | minutes | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Display login banner | |
| Context | configure system login-control login-banner boolean | |
| Tree | login-banner | |
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Enter the login-scripts context | |
| Context | configure system login-control login-scripts | |
| Tree | login-scripts | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | URL of the global CLI login script | |
| Context | configure system login-control login-scripts global-script string | |
| Tree | global-script | |
| String Length | 1 to 180 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the per-user-script context | |
| Context | configure system login-control login-scripts per-user-script | |
| Tree | per-user-script | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | File name of the per-user login script | |
| Context | configure system login-control login-scripts per-user-script file-name string | |
| Tree | file-name | |
| String Length | 1 to 180 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Directory name of user-defined login script | |
| Context | configure system login-control login-scripts per-user-script user-directory string | |
| Tree | user-directory | |
| String Length | 1 to 180 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the motd context | |
| Context | configure system login-control motd | |
| Tree | motd | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Message of the day displayed after console login | |
| Context | configure system login-control motd text string | |
| Tree | text | |
| String Length | 1 to 900 | |
Notes |
The following elements are part of a choice: text or url. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | URL of the location of message of the day | |
| Context | configure system login-control motd url string | |
| Tree | url | |
| String Length | 1 to 180 | |
Notes |
The following elements are part of a choice: text or url. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the pre-login-message context | |
| Context | configure system login-control pre-login-message | |
| Tree | pre-login-message | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Message displayed prior to the login prompt | |
| Context | configure system login-control pre-login-message message string | |
| Tree | message | |
| String Length | 1 to 900 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Display the system name before the pre-login message | |
| Context | configure system login-control pre-login-message name boolean | |
| Tree | name | |
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Enter the ssh context | |
| Context | configure system login-control ssh | |
| Tree | ssh | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Allow graceful shutdown of SSH sessions | |
| Context | configure system login-control ssh graceful-shutdown boolean | |
| Tree | graceful-shutdown | |
| Default | true | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Maximum number of concurrent inbound sessions | |
| Context | configure system login-control ssh inbound-max-sessions number | |
| Tree | inbound-max-sessions | |
| Range | 0 to 50 | |
| Default | 5 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Maximum number of concurrent outbound sessions | |
| Context | configure system login-control ssh outbound-max-sessions number | |
| Tree | outbound-max-sessions | |
| Range | 0 to 15 | |
| Default | 5 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Minimum TTL value for incoming packets | |
| Context | configure system login-control ssh ttl-security number | |
| Tree | ttl-security | |
| Range | 1 to 255 | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Enter the telnet context | |
| Context | configure system login-control telnet | |
| Tree | telnet | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Allow graceful shutdown of Telnet sessions | |
| Context | configure system login-control telnet graceful-shutdown boolean | |
| Tree | graceful-shutdown | |
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Maximum number of concurrent inbound sessions | |
| Context | configure system login-control telnet inbound-max-sessions number | |
| Tree | inbound-max-sessions | |
| Range | 0 to 50 | |
| Default | 5 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Maximum number of concurrent outbound sessions | |
| Context | configure system login-control telnet outbound-max-sessions number | |
| Tree | outbound-max-sessions | |
| Range | 0 to 15 | |
| Default | 5 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Minimum TTL value for incoming packets | |
| Context | configure system login-control telnet ttl-security number | |
| Tree | ttl-security | |
| Range | 1 to 255 | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Enter the management-interface context | |
| Context | configure system management-interface | |
| Tree | management-interface | |
Description |
Commands in this context configure the capabilities of router management interfaces such as CLI and NETCONF. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the cli context | |
| Context | configure system management-interface cli | |
| Tree | cli | |
Description |
Commands in this context configure the CLI management interfaces. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the classic-cli context | |
| Context | configure system management-interface cli classic-cli | |
| Tree | classic-cli | |
Description |
Commands in this context configure the classic CLI management interface. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Allow writable access in classic CLI configure branch | |
| Context | configure system management-interface cli classic-cli allow-immediate boolean | |
| Tree | allow-immediate | |
Description |
When configured to true, this command enables write access in the classic CLI configuration branch without having to use the classic CLI candidate edit functionality. When configured to false, this command blocks write access and configuration changes in the classic CLI configuration branch, and the classic CLI configuration branch is read-only. This enforces using the classic CLI candidate edit functionality, including candidate commit, to modify the router configuration, instead of allowing immediate line-by-line configuration changes. |
|
| Default | true | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Enter the rollback context | |
| Context | configure system management-interface cli classic-cli rollback | |
| Tree | rollback | |
Description |
Commands in this context control classic CLI configuration rollback functionality, such as the maximum number of rollback checkpoints the system maintains. Configuration rollback allows the operator to revert to previous router configuration states while minimizing impacts to services. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Maximum number of rollback files on local storage | |
| Context | configure system management-interface cli classic-cli rollback local-checkpoints number | |
| Tree | local-checkpoints | |
| Range | 1 to 50 | |
| Default | 10 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Path and filename prefix for rollback checkpoint files | |
| Context | configure system management-interface cli classic-cli rollback location string | |
| Tree | location | |
Description |
This command configures the local (for example, compact flash) or remote location and name of the classic CLI rollback checkpoint files. The filename must not contain a suffix. The suffixes for rollback checkpoint files are, for example, .rb, .rb.1, .rb.2, and so on. The suffixes are automatically appended to rollback checkpoint files. |
|
| String Length | 1 to 180 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Maximum rollback files saved at a remote location | |
| Context | configure system management-interface cli classic-cli rollback remote-checkpoints number | |
| Tree | remote-checkpoints | |
| Range | 1 to 200 | |
| Default | 10 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the rescue context | |
| Context | configure system management-interface cli classic-cli rollback rescue | |
| Tree | rescue | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Location of the rescue configuration file | |
| Context | configure system management-interface cli classic-cli rollback rescue location string | |
| Tree | location | |
Description |
This command configures the local or remote location and filename of the classic CLI rescue configuration file. The suffix (.rc) is automatically appended to the filename when a rescue configuration file is saved. Trivial FTP (TFTP) is not supported for remote locations. |
|
| String Length | 1 to 180 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | System-wide CLI engine access | |
| Context | configure system management-interface cli cli-engine keyword | |
| Tree | cli-engine | |
Description |
This command configures the system-wide CLI engine. The operator can configure one or both engines. For the configuration to take effect, exit the running CLI session and start a new session after committing the new value. |
|
| Default | md-cli | |
| Options | ||
| Max. Instances | 2 | |
Notes |
This element is ordered by the user. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the md-cli context | |
| Context | configure system management-interface cli md-cli | |
| Tree | md-cli | |
Description |
Commands in this context configure the MD-CLI management interface. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Automatically save configuration as part of commit | |
| Context | configure system management-interface cli md-cli auto-config-save boolean | |
| Tree | auto-config-save | |
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Enter the environment context | |
| Context | configure system management-interface cli md-cli environment | |
| Tree | environment | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the command-alias context | |
| Context | configure system management-interface cli md-cli environment command-alias | |
| Tree | command-alias | |
| Introduced | 21.7.R1 | |
Platforms |
All |
| Synopsis | Enter the alias list instance | |
| Context | configure system management-interface cli md-cli environment command-alias alias string | |
| Tree | alias | |
Description |
Commands in this context create aliases to existing MD-CLI commands or to Python applications. Aliases may be mounted for use globally or for selected context paths. Arguments and output modifiers may be provided to aliases at configuration or run time. |
|
| Introduced | 21.7.R1 | |
Platforms |
All |
| Synopsis | Alias name | |
| Context | configure system management-interface cli md-cli environment command-alias alias string | |
| String Length | 1 to 64 | |
Notes |
This element is part of a list key. |
|
| Introduced | 21.7.R1 | |
Platforms |
All |
| Synopsis | Administrative state of the alias | |
| Context | configure system management-interface cli md-cli environment command-alias alias string admin-state keyword | |
| Tree | admin-state | |
Description |
This command controls the administrative state of the MD-CLI alias. MD-CLI aliases that are administratively disabled cannot be executed, are not displayed in command completion, and do not appear in ? help. |
|
| Default | disable | |
| Options | ||
| Introduced | 21.10.R1 | |
Platforms |
All |
| Synopsis | CLI command to run when executing the alias | |
| Context | configure system management-interface cli md-cli environment command-alias alias string cli-command string | |
| Tree | cli-command | |
| String Length | 1 to 255 | |
Notes |
The following elements are part of a mandatory choice: cli-command or python-script. |
|
| Introduced | 21.7.R1 | |
Platforms |
All |
| Synopsis | Alias description | |
| Context | configure system management-interface cli md-cli environment command-alias alias string description string | |
| Tree | description | |
| String Length | 1 to 110 | |
| Introduced | 21.7.R1 | |
Platforms |
All |
| Synopsis | Add a list entry for mount-point | |
| Context | configure system management-interface cli md-cli environment command-alias alias string mount-point (keyword | string) | |
| Tree | mount-point | |
| Min. Instances | 1 | |
| Introduced | 21.7.R1 | |
|
Platforms |
All |
| Synopsis | Mount point where the alias is available | |
| Context | configure system management-interface cli md-cli environment command-alias alias string mount-point (keyword | string) | |
| String Length | 1 to 255 | |
| Options | ||
Notes |
This element is part of a list key. |
|
| Introduced | 21.7.R1 | |
Platforms |
All |
| Synopsis | Python script to run when executing the alias | |
| Context | configure system management-interface cli md-cli environment command-alias alias string python-script reference | |
| Tree | python-script | |
Reference |
configure python python-script string |
|
Notes |
The following elements are part of a mandatory choice: cli-command or python-script. |
|
| Introduced | 21.7.R1 | |
Platforms |
All |
| Synopsis | Enter the command-completion context | |
| Context | configure system management-interface cli md-cli environment command-completion | |
| Tree | command-completion | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Complete the command when the Enter key is pressed | |
| Context | configure system management-interface cli md-cli environment command-completion enter boolean | |
| Tree | enter | |
| Default | true | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Complete the command when the Space key is pressed | |
| Context | configure system management-interface cli md-cli environment command-completion space boolean | |
| Tree | space | |
| Default | true | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Complete the command when the Tab key is pressed | |
| Context | configure system management-interface cli md-cli environment command-completion tab boolean | |
| Tree | tab | |
| Default | true | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Enter the console context | |
| Context | configure system management-interface cli md-cli environment console | |
| Tree | console | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Number of lines displayed on the console | |
| Context | configure system management-interface cli md-cli environment console length number | |
| Tree | length | |
| Range | 24 to 512 | |
| Default | 24 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Number of columns displayed on the console | |
| Context | configure system management-interface cli md-cli environment console width number | |
| Tree | width | |
| Range | 80 to 512 | |
| Default | 80 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the info-output context | |
| Context | configure system management-interface cli md-cli environment info-output | |
| Tree | info-output | |
| Introduced | 22.2.R1 | |
Platforms |
All |
| Synopsis | Enter the always-display context | |
| Context | configure system management-interface cli md-cli environment info-output always-display | |
| Tree | always-display | |
Description |
Commands in this context specify elements that are always displayed in the info output, regardless of whether the detail option is used. |
|
| Introduced | 22.2.R1 | |
Platforms |
All |
| Synopsis | Always display admin-state elements | |
| Context | configure system management-interface cli md-cli environment info-output always-display admin-state boolean | |
| Tree | admin-state | |
Description |
When configured to true, the values of the admin-state elements in info output (without the detail option) are always displayed, even if they are the default values. |
|
| Default | false | |
| Introduced | 22.2.R1 | |
|
Platforms |
All |
| Synopsis | Enter the message-severity-level context | |
| Context | configure system management-interface cli md-cli environment message-severity-level | |
| Tree | message-severity-level | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Message severity threshold for CLI messages | |
| Context | configure system management-interface cli md-cli environment message-severity-level cli keyword | |
| Tree | cli | |
| Default | info | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Activate the pager when output is longer than a screen | |
| Context | configure system management-interface cli md-cli environment more boolean | |
| Tree | more | |
| Default | true | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Enter the progress-indicator context | |
| Context | configure system management-interface cli md-cli environment progress-indicator | |
| Tree | progress-indicator | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Administrative state of the progress indicator | |
| Context | configure system management-interface cli md-cli environment progress-indicator admin-state keyword | |
| Tree | admin-state | |
| Default | enable | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Delay before the progress indicator is displayed | |
| Context | configure system management-interface cli md-cli environment progress-indicator delay number | |
| Tree | delay | |
| Range | 0 to 10000 | |
| Default | 1000 | |
| Units | milliseconds | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Progress indicator output style | |
| Context | configure system management-interface cli md-cli environment progress-indicator type keyword | |
| Tree | type | |
| Default | dots | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the prompt context | |
| Context | configure system management-interface cli md-cli environment prompt | |
| Tree | prompt | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Show the current command context in the prompt | |
| Context | configure system management-interface cli md-cli environment prompt context boolean | |
| Tree | context | |
| Default | true | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Add a new line before every prompt line | |
| Context | configure system management-interface cli md-cli environment prompt newline boolean | |
| Tree | newline | |
| Default | true | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Show the timestamp before the first prompt line | |
| Context | configure system management-interface cli md-cli environment prompt timestamp boolean | |
| Tree | timestamp | |
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Show an asterisk (*) when uncommitted changes exist | |
| Context | configure system management-interface cli md-cli environment prompt uncommitted-changes-indicator boolean | |
| Tree | uncommitted-changes-indicator | |
| Default | true | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Enter the python context | |
| Context | configure system management-interface cli md-cli environment python | |
| Tree | python | |
Description |
Commands in this context customize Python settings used with the Python 3 interpreter in MD-CLI applications such as pyexec, command aliases, EHS, and CRON. |
|
| Introduced | 21.10.R1 | |
Platforms |
All |
| Synopsis | Memory reserved per Python interpreter | |
| Context | configure system management-interface cli md-cli environment python memory-reservation number | |
| Tree | memory-reservation | |
| Range | 1 to 500 | |
| Units | megabytes | |
| Introduced | 21.10.R1 | |
Platforms |
All |
| Synopsis | Minimum memory requirement to run a Python interpreter | |
| Context | configure system management-interface cli md-cli environment python minimum-available-memory number | |
| Tree | minimum-available-memory | |
| Range | 5 to 50 | |
| Units | percent | |
| Introduced | 21.10.R1 | |
Platforms |
All |
| Synopsis | Maximum run time before a Python application is stopped | |
| Context | configure system management-interface cli md-cli environment python timeout number | |
| Tree | timeout | |
| Range | 30 to 86400 | |
| Default | 3600 | |
| Units | seconds | |
| Introduced | 21.10.R1 | |
Platforms |
All |
| Synopsis | Time zone to display time | |
| Context | configure system management-interface cli md-cli environment time-display keyword | |
| Tree | time-display | |
Description |
This command configures the time zone for a timestamp displayed in outputs, such as event logs and traps for the current CLI session. Log files on compact flash are maintained and displayed in UTC format. |
|
| Default | local | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Format to display the date and time | |
| Context | configure system management-interface cli md-cli environment time-format keyword | |
| Tree | time-format | |
Description |
This command specifies the format of the time display in configuration, state, and certain show command output in the current CLI session. |
|
| Default | rfc-3339 | |
| Options | ||
| Introduced | 20.5.R1 | |
Platforms |
All |
| Synopsis | Number of commit history IDs to store | |
| Context | configure system management-interface commit-history number | |
| Tree | commit-history | |
Description |
This command sets the number of IDs to store in the commit history. Setting the value to 0 disables the commit history. |
|
| Range | 0 to 200 | |
| Default | 50 | |
| Introduced | 21.10.R1 | |
Platforms |
All |
| Synopsis | Management interfaces allowed to edit the configuration | |
| Context | configure system management-interface configuration-mode keyword | |
| Tree | configuration-mode | |
| Description |
This command controls which of the classic or model-driven management interfaces can modify the configuration of the router. Any management interface can be used in any configuration mode (to gather state information or perform operations, for example), but only specific management interfaces (CLI, NETCONF, and so on) are allowed to edit the configuration of the router in different modes. For example, only classic CLI and SNMP can be used to edit the configuration when in classic mode. |
|
| Default | classic | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the configuration-save context | |
| Context | configure system management-interface configuration-save | |
| Tree | configuration-save | |
Description |
Commands in this context configure the attributes for saved configuration files. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Maximum number of configuration versions maintained | |
| Context | configure system management-interface configuration-save configuration-backups number | |
| Tree | configuration-backups | |
Description |
This command configures the maximum number of saved configuration file versions the router maintains. When the configuration is saved, configuration file names are appended with a numeric extension. Each subsequent configuration save creates a new configuration file version with an incremented numeric extension until the maximum count is reached, after which the next configuration save overwrites the oldest file version. Each persistent index file is updated at the same time as the associated configuration file. The system synchronizes the active and standby CPM for all configurations and their associated persistent index files. |
|
| Range | 1 to 200 | |
| Default | 5 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Use incremental saved configuration files | |
| Context | configure system management-interface configuration-save incremental-saves boolean | |
| Tree | incremental-saves | |
Description |
When configured to true, the system saves each commit to the configure configuration region in a separate incremental saved configuration file, which allows for faster commits, instead of saving a complete saved configuration file each time. |
|
| Default | false | |
| Introduced | 22.7.R1 | |
|
Platforms |
All |
| Synopsis | Enter the netconf context | |
| Context | configure system management-interface netconf | |
| Tree | netconf | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Administrative state of NETCONF | |
| Context | configure system management-interface netconf admin-state keyword | |
| Tree | admin-state | |
| Default | disable | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Automatically save configuration as part of commit | |
| Context | configure system management-interface netconf auto-config-save boolean | |
| Tree | auto-config-save | |
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Enter the capabilities context | |
| Context | configure system management-interface netconf capabilities | |
| Tree | capabilities | |
Description |
Commands in this context configure explicit capabilities for the NETCONF server. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Allow the NETCONF server to access candidate datastore | |
| Context | configure system management-interface netconf capabilities candidate boolean | |
| Tree | candidate | |
Description |
When configured to true, this command allows the SR OS NETCONF server to access the candidate configuration datastore. Configuring this command to true also enables using commit and discard-changes. When configure system management-interface configuration-mode is set to classic, the candidate capability is disabled, even if this command is configured to true. When configured to false, this command disables the SR OS NETCONF server from accessing the candidate datastore. If the candidate is disabled, requests that reference the candidate datastore return an error, and when a NETCONF client establishes a new session, the candidate capability is not advertised in the SR OS NETCONF Hello message. |
|
| Default | true | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Allow NETCONF server to access the running datastore | |
| Context | configure system management-interface netconf capabilities writable-running boolean | |
| Tree | writable-running | |
Description |
When configured to true, this command allows the SR OS NETCONF server to access the running configuration datastore. When configure system management-interface configuration-mode is set to model-driven, the writable-running capability is disabled, even if this command is configured to true. When configured to false, this command disables the SR OS NETCONF server from accessing the running datastore. Requests that reference the running datastore as a target return an error. When a NETCONF client establishes a new session, the writable-running capability is not advertised in the SR OS NETCONF Hello message. |
|
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Port on which NETCONF server listens for connections | |
| Context | configure system management-interface netconf port number | |
| Tree | port | |
Description |
This command specifies the port on which the SR OS NETCONF server listens for new connections. One port can be configured for NETCONF management. The configured port applies to both non-VPRN and VPRN management. New NETCONF connections are able to use the configured port. For NETCONF connections not using VPRN management, active NETCONF connections are not disconnected if the connection port changes. For NETCONF connections using VPRN management, active NETCONF connections are disconnected if the connection port changes. |
|
| Range | 22 | 830 | |
| Default | 830 | |
| Introduced | 19.10.R1 | |
Platforms |
All |
| Synopsis | Enter the operations context | |
| Context | configure system management-interface operations | |
| Tree | operations | |
Description |
Commands in this context configure parameters associated with operational commands in model-driven interfaces. |
|
| Introduced | 21.5.R1 | |
Platforms |
All |
| Synopsis | Enter the global-timeouts context | |
| Context | configure system management-interface operations global-timeouts | |
| Tree | global-timeouts | |
Description |
Commands in this context configure system timeout parameters for operational commands. Timeout parameters provide default system-level control for various types of operational commands in model-driven interfaces. The timeout values are used when specific execution and retention timeouts are not requested for a specific operation. |
|
| Introduced | 21.5.R1 | |
Platforms |
All |
| Synopsis | Timeout for asynchronous operation execution | |
| Context | configure system management-interface operations global-timeouts asynchronous-execution (number | keyword) | |
| Tree | asynchronous-execution | |
Description |
This command configures the period of time that operations launched as “asynchronous” are allowed to execute before being automatically stopped by the SR OS. An asynchronous operation is not deleted from the system when it is stopped. See the asynchronous-retention command. If a specific execution timeout is not included in the request for a particular asynchronous operation, this system-level timeout applies. Note: This execution timeout is part of the general global operations infrastructure and is separate and independent from any operation-specific timeouts (for example, the ping operation also has its own timeout parameter). |
|
| Range | 1 to 604800 | |
| Default | 3600 | |
| Units | seconds | |
| Options | ||
| Introduced | 21.5.R1 | |
Platforms |
All |
| Synopsis | Timeout for asynchronous operation data retention | |
| Context | configure system management-interface operations global-timeouts asynchronous-retention (number | keyword) | |
| Tree | asynchronous-retention | |
Description |
This command configures the period of time that data related to operations launched as “asynchronous” is retained in the system. After the retention timeout expires, all information related to the operation is deleted, including any status information and result data. If a specific retention timeout is not included in the request for a particular asynchronous operation, this system-level timeout applies. |
|
| Range | 1 to 604800 | |
| Default | 86400 | |
| Units | seconds | |
| Options | ||
| Introduced | 21.5.R1 | |
Platforms |
All |
| Synopsis | Timeout for synchronous operation execution | |
| Context | configure system management-interface operations global-timeouts synchronous-execution (number | keyword) | |
| Tree | synchronous-execution | |
Description |
This command configures the period of time that operations launched as “'synchronous” (the default method for all operations) are allowed to execute before they are automatically stopped, and their associated data is deleted. If a specific execution timeout is not included in the request for a particular synchronous operation, this system-level timeout applies. Note: This execution timeout is part of the general global operations infrastructure and is separate and independent from any operation-specific timeouts (for example, the ping operation also has its own timeout parameter). Caution: If this command is set with a specific time value, MD-CLI operations are subject to the timeout and are interrupted if they execute longer than the time value. This situation can arise because the timeout also applies to operations requested in the MD-CLI interface (for example, ping, file dir, and so on). |
|
| Range | 1 to 604800 | |
| Default | never | |
| Units | seconds | |
| Options | ||
| Introduced | 21.5.R1 | |
Platforms |
All |
| Synopsis | Enter the remote-management context | |
| Context | configure system management-interface remote-management | |
| Tree | remote-management | |
Description |
Commands in this context configure the SR OS node to use the remote management service. Configuring remote management enables the SR OS node to report itself to a remote manager service running on a remote server, so that it is included in the dynamic list of available nodes. The manager service streamlines the management of multiple SR OS nodes running different SR OS versions using the same client application providing a similar shell to the MD-CLI. |
|
| Introduced | 20.5.R1 | |
Platforms |
All |
| Synopsis | Administrative state of remote management registration | |
| Context | configure system management-interface remote-management admin-state keyword | |
| Tree | admin-state | |
| Default | disable | |
| Options | ||
| Introduced | 20.5.R1 | |
Platforms |
All |
| Synopsis | Allow connection without secured transport protocol | |
| Context | configure system management-interface remote-management allow-unsecure-connection | |
| Tree | allow-unsecure-connection | |
Description |
When configured, this command allows an unsecured connection to remote managers; TCP connections are not encrypted, including username and password information. |
|
Notes |
The following elements are part of a choice: allow-unsecure-connection or client-tls-profile. |
|
| Introduced | 20.5.R1 | |
Platforms |
All |
| Synopsis | TLS client profile name | |
| Context | configure system management-interface remote-management client-tls-profile reference | |
| Tree | client-tls-profile | |
Description |
This command specifies the client TLS profile to all remote managers. |
|
Reference |
configure system security tls client-tls-profile string |
|
Notes |
The following elements are part of a choice: allow-unsecure-connection or client-tls-profile. |
|
| Introduced | 20.5.R1 | |
Platforms |
All |
| Synopsis | Time without a response before manager declared down | |
| Context | configure system management-interface remote-management connection-timeout number | |
| Tree | connection-timeout | |
| Range | 1 to 3600 | |
| Default | 60 | |
| Units | seconds | |
| Introduced | 20.5.R1 | |
Platforms |
All |
| Synopsis | Device label supplied to the remote manager | |
| Context | configure system management-interface remote-management device-label string | |
| Tree | device-label | |
Description |
This command specifies a metadata label that is supplied to the manager. This label is used to group devices or network nodes with a common purpose or goal. |
|
| String Length | 1 to 64 | |
| Introduced | 20.5.R1 | |
Platforms |
All |
| Synopsis | Device name supplied to the remote manager | |
| Context | configure system management-interface remote-management device-name string | |
| Tree | device-name | |
Description |
This command specifies a device name that is supplied to the manager. The name identifies a specific SR OS node in the network. When unconfigured, the default system name is used. |
|
| String Length | 1 to 64 | |
| Introduced | 20.5.R1 | |
Platforms |
All |
| Synopsis | Time between hello messages from SR OS node to manager | |
| Context | configure system management-interface remote-management hello-interval number | |
| Tree | hello-interval | |
| Range | 10 to 216000 | |
| Default | 600 | |
| Units | seconds | |
| Introduced | 20.5.R1 | |
Platforms |
All |
| Synopsis | Enter the manager list instance | |
| Context | configure system management-interface remote-management manager string | |
| Tree | manager | |
Description |
Commands in this context configure options for a specific manager. Commands configured in this context take precedence over command values specified directly in the configure management-interface remote-management context. If a command is not configured in this context, the command setting is inherited from the higher level context. |
|
| Max. Instances | 2 | |
| Introduced | 20.5.R1 | |
|
Platforms |
All |
| Synopsis | Remote management manager name | |
| Context | configure system management-interface remote-management manager string | |
| String Length | 1 to 64 | |
Notes |
This element is part of a list key. |
|
| Introduced | 20.5.R1 | |
Platforms |
All |
| Synopsis | Administrative state of remote management registration | |
| Context | configure system management-interface remote-management manager string admin-state keyword | |
| Tree | admin-state | |
| Default | disable | |
| Options | ||
| Introduced | 20.5.R1 | |
Platforms |
All |
| Synopsis | Allow connection without secured transport protocol | |
| Context | configure system management-interface remote-management manager string allow-unsecure-connection | |
| Tree | allow-unsecure-connection | |
Description |
When configured, this command allows an unsecured connection to the remote managers; the TCP connection is not encrypted. This includes username and password information. |
|
Notes |
The following elements are part of a choice: allow-unsecure-connection or client-tls-profile. |
|
| Introduced | 20.5.R1 | |
Platforms |
All |
| Synopsis | TLS client profile name | |
| Context | configure system management-interface remote-management manager string client-tls-profile reference | |
| Tree | client-tls-profile | |
Description |
This command assigns a TLS profile name to a remote manager. |
|
Reference |
configure system security tls client-tls-profile string |
|
Notes |
The following elements are part of a choice: allow-unsecure-connection or client-tls-profile. |
|
| Introduced | 20.5.R1 | |
Platforms |
All |
| Synopsis | Time without response before manager is declared down | |
| Context | configure system management-interface remote-management manager string connection-timeout number | |
| Tree | connection-timeout | |
| Range | 1 to 3600 | |
| Units | seconds | |
| Introduced | 20.5.R1 | |
Platforms |
All |
| Synopsis | Text description | |
| Context | configure system management-interface remote-management manager string description string | |
| Tree | description | |
| String Length | 1 to 80 | |
| Introduced | 20.5.R1 | |
Platforms |
All |
| Synopsis | Device label supplied to the remote manager | |
| Context | configure system management-interface remote-management manager string device-label string | |
| Tree | device-label | |
Description |
This command specifies a metadata label that is supplied to the manager. This label is used to group devices or network nodes with a common purpose or goal. |
|
| String Length | 1 to 64 | |
| Introduced | 20.5.R1 | |
Platforms |
All |
| Synopsis | Device name supplied to the remote manager | |
| Context | configure system management-interface remote-management manager string device-name string | |
| Tree | device-name | |
Description |
This command specifies a device name that is supplied to the manager. The name identifies a specific SR OS node in the network. When unconfigured, the default system name is used. |
|
| String Length | 1 to 64 | |
| Introduced | 20.5.R1 | |
Platforms |
All |
| Synopsis | Destination IP address of the manager | |
| Context | configure system management-interface remote-management manager string manager-address (ipv4-address-no-zone | ipv6-address-no-zone | fully-qualified-domain-name) | |
| Tree | manager-address | |
| String Length | 1 to 255 | |
| Introduced | 20.5.R1 | |
Platforms |
All |
| Synopsis | Destination TCP port for gRPC connections to manager | |
| Context | configure system management-interface remote-management manager string manager-port number | |
| Tree | manager-port | |
| Range | 1 to 65535 | |
| Default | 57400 | |
| Introduced | 20.5.R1 | |
Platforms |
All |
| Synopsis | Reference to a router or VPRN service name | |
| Context | configure system management-interface remote-management manager string router-instance string | |
| Tree | router-instance | |
| Introduced | 20.5.R1 | |
Platforms |
All |
| Synopsis | Source IP address for connection to the manager | |
| Context | configure system management-interface remote-management manager string source-address (ipv4-address-no-zone | ipv6-address-no-zone) | |
| Tree | source-address | |
| Introduced | 20.5.R1 | |
Platforms |
All |
| Synopsis | Source TCP destination port number | |
| Context | configure system management-interface remote-management manager string source-port (number | keyword) | |
| Tree | source-port | |
| Range | 1 to 65535 | |
| Options | ||
| Introduced | 20.5.R1 | |
Platforms |
All |
| Synopsis | Router name or VPRN service name | |
| Context | configure system management-interface remote-management router-instance string | |
| Tree | router-instance | |
| Default | management | |
| Introduced | 20.5.R1 | |
Platforms |
All |
| Synopsis | Source IP address for connection to the manager | |
| Context | configure system management-interface remote-management source-address (ipv4-address-no-zone | ipv6-address-no-zone) | |
| Tree | source-address | |
| Introduced | 20.5.R1 | |
Platforms |
All |
| Synopsis | Source TCP port number to connection to the manager | |
| Context | configure system management-interface remote-management source-port (number | keyword) | |
| Tree | source-port | |
| Range | 1 to 65535 | |
| Default | grpc-default | |
| Options | ||
| Introduced | 20.5.R1 | |
|
Platforms |
All |
| Synopsis | Schema path URL | |
| Context | configure system management-interface schema-path string | |
| Tree | schema-path | |
Description |
This command specifies the schema path where the SR OS YANG modules can be placed by the user before using a <get-schema> request. Nokia recommends that the URL string not exceed 135 characters for the <get-schema> request to work correctly with all schema files. If this command is not configured, the software upgrade process manages the YANG schema files to ensure the schema files are synchronized with the software image on both the primary and standby CPM. |
|
| String Length | 1 to 180 | |
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Enter the snmp context | |
| Context | configure system management-interface snmp | |
| Tree | snmp | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Administrative state of the SNMP agent | |
| Context | configure system management-interface snmp admin-state keyword | |
| Tree | admin-state | |
| Description |
This command administratively enables or disables SNMP agent operations. Disabling SNMP does not prevent the agent from sending SNMP notifications to configured SNMP trap destinations. In classic and mixed configuration mode, the agent is administratively disabled in the event of a reboot when the processing of the configuration file fails to complete or when an SNMP persistent index file fails while the bof system persistent-indices command is set to true. This prevents an SNMP-based management system from accessing and possibly synchronizing with a partially booted or incomplete network element. This auto-disable behavior is not applicable to model-driven configuration mode. |
|
| Default | enable | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | SNMP engine ID that identifies the SNMPv3 node | |
| Context | configure system management-interface snmp engine-id string | |
| Tree | engine-id | |
Description |
This command sets the SNMP engine ID that uniquely identifies the SNMPv3 node. If unconfigured, the system uses an engine ID based on the information from the system backplane. If the SNMP engine ID is changed, the current configuration must be saved and a reboot must be executed. Otherwise, the previously configured SNMP communities and logger trap-target notify communities will not be valid for the new engine ID. Note: Changing the SNMP engine ID invalidates all SNMPv3 MD5 and SHA security digest keys, which may render the node unmanageable. When replacing a chassis, configure the new router to use the same engine ID as the previous router. This preserves SNMPv3 security keys and allows management stations to use their existing authentication keys for the new router. Ensure that the engine ID of each router is unique. A management domain can only maintain one instance of a specific engine ID. |
|
| String Length | 10 to 64 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Port number used to send general SNMP messages | |
| Context | configure system management-interface snmp general-port number | |
| Tree | general-port | |
Description |
This command configures the port number used to receive SNMP request messages and send replies. For the port used for SNMP notifications, configure the configure log snmp-trap-group trap-target port command. |
|
| Range | 0 | 1 to 65535 | |
| Default | 161 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Maximum SNMP packet size generated by the node | |
| Context | configure system management-interface snmp packet-size number | |
| Tree | packet-size | |
| Range | 484 to 9216 | |
| Default | 1500 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the streaming context | |
| Context | configure system management-interface snmp streaming | |
| Tree | streaming | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Administrative state of SNMP streaming | |
| Context | configure system management-interface snmp streaming admin-state keyword | |
| Tree | admin-state | |
Description |
This command enables or disables the proprietary SNMP request and response bundling as well as the TCP-based transport mechanism for optimizing network management of the router nodes. In higher latency networks, synchronizing router MIBs from network management using streaming takes less time than synchronizing using classic SNMP UDP requests. Streaming operates on TCP port 1491 and runs over IPv4 or IPv6. |
|
| Default | disable | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the yang-modules context | |
| Context | configure system management-interface yang-modules | |
| Tree | yang-modules | |
Description |
Commands in this context determine the system support of the Nokia YANG models. The settings affect the data sent in a NETCONF <hello>, data populated in the RFC 6022 /netconf-state/schemas list, data returned in a <get-schema> request, and data populated in the RFC 8525 /yang-library. See "NETCONF monitoring" and "YANG library" in the 7450 ESS, 7750 SR, 7950 XRS, and VSR System Management Guide for more information. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Support Base-R13 YANG models | |
| Context | configure system management-interface yang-modules base-r13-modules boolean | |
| Tree | base-r13-modules | |
Description |
When configured to true, this command enables support of the Base-R13 YANG modules in the SR OS NETCONF server. When the configure system management-interface configuration-mode command is set to model-driven, the configuration cannot be modified using Base-R13 modules in NETCONF, even if the base-r13-modules command is configured to true. When configured to false, this command disables Base-R13 YANG modules, and any NETCONF request that references the Base-R13 modules results in an error. |
|
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Enter the nmda context | |
| Context | configure system management-interface yang-modules nmda | |
| Tree | nmda | |
Description |
Commands in this context configure the attributes for the Network Management Datastores Architecture (NMDA). |
|
| Introduced | 21.7.R1 | |
Platforms |
All |
| Synopsis | Advertise NMDA support over NETCONF | |
| Context | configure system management-interface yang-modules nmda nmda-support boolean | |
| Tree | nmda-support | |
Description |
When configured to true, this command enables the advertisement of NMDA support over NETCONF through the use of YANG library 1.1. When configured to false, this command disables NMDA advertisement over NETCONF and YANG library 1.0 is used. |
|
| Default | false | |
| Introduced | 21.7.R1 | |
|
Platforms |
All |
| Synopsis | Support access to combined Nokia YANG models | |
| Context | configure system management-interface yang-modules nokia-combined-modules boolean | |
| Tree | nokia-combined-modules | |
Description |
When configured to true, the system supports the combined Nokia YANG files for both configuration and state data in the NETCONF server. When the system is operating in classic configuration mode, attempts to access (read or write) the configuration using the Nokia configuration modules or namespace via NETCONF result in errors, even if this command is set to true. When configured to false, access to the combined Nokia YANG files is not supported. This command and the nokia-submodules command cannot both be set to true at the same time. |
|
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Support submodule-based packaging of Nokia YANG models | |
| Context | configure system management-interface yang-modules nokia-submodules boolean | |
| Tree | nokia-submodules | |
Description |
When configured to true, the system supports the alternative submodule-based packaging of the Nokia YANG files for both configuration and state data in the NETCONF server. When the system is operating in classic configuration mode, attempts to access (read or write) the configuration using the Nokia configuration modules or namespace via NETCONF result in errors, even if this command is set to true. When configured to false, access to the submodule-based packaging of the Nokia YANG files is not supported. This command and the nokia-combined-modules command cannot both be set to true at the same time. |
|
| Introduced | 21.2.R1 | |
Platforms |
All |
| Synopsis | Support access to OpenConfig YANG models | |
| Context | configure system management-interface yang-modules openconfig-modules boolean | |
| Tree | openconfig-modules | |
Description |
When configured to true, this command allows access to OpenConfig YANG models in all model-driven interfaces. |
|
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Enter the network-element-discovery context | |
| Context | configure system network-element-discovery | |
| Tree | network-element-discovery | |
| Introduced | 19.5.R1 | |
Platforms |
All |
| Synopsis | Generate NE discovery traps | |
| Context | configure system network-element-discovery generate-traps boolean | |
| Tree | generate-traps | |
| Default | false | |
| Introduced | 19.5.R1 | |
|
Platforms |
All |
| Synopsis | Enter the profile list instance | |
| Context | configure system network-element-discovery profile string | |
| Tree | profile | |
| Max. Instances | 1 | |
| Introduced | 19.5.R1 | |
|
Platforms |
All |
| Synopsis | Profile name | |
| Context | configure system network-element-discovery profile string | |
| String Length | 1 to 32 | |
Notes |
This element is part of a list key. |
|
| Introduced | 19.5.R1 | |
Platforms |
All |
| Synopsis | Network element ID of the advertised node | |
| Context | configure system network-element-discovery profile string neid string | |
| Tree | neid | |
| String Length | 7 to 8 | |
| Introduced | 19.5.R1 | |
Platforms |
All |
| Synopsis | Enter the neip context | |
| Context | configure system network-element-discovery profile string neip | |
| Tree | neip | |
| Introduced | 19.5.R1 | |
Platforms |
All |
| Synopsis | Enter the auto-generate context | |
| Context | configure system network-element-discovery profile string neip auto-generate | |
| Tree | auto-generate | |
| Introduced | 21.2.R1 | |
Platforms |
All |
| Synopsis | Enable the ipv4 context | |
| Context | configure system network-element-discovery profile string neip auto-generate ipv4 | |
| Tree | ipv4 | |
| Introduced | 21.2.R1 | |
Platforms |
All |
| Synopsis | Most significant byte if the NE IPv4 address | |
| Context | configure system network-element-discovery profile string neip auto-generate ipv4 vendor-id-value number | |
| Tree | vendor-id-value | |
| Range | 1 to 255 | |
| Default | 140 | |
| Introduced | 21.2.R1 | |
Platforms |
All |
| Synopsis | Enable the ipv6 context | |
| Context | configure system network-element-discovery profile string neip auto-generate ipv6 | |
| Tree | ipv6 | |
| Introduced | 21.2.R1 | |
Platforms |
All |
| Synopsis | Most significant byte of the NE IPv6 address | |
| Context | configure system network-element-discovery profile string neip auto-generate ipv6 vendor-id-value number | |
| Tree | vendor-id-value | |
| Range | 1 to 255 | |
| Default | 140 | |
| Introduced | 21.2.R1 | |
Platforms |
All |
| Synopsis | Platform name and chassis type to be advertised | |
| Context | configure system network-element-discovery profile string platform-type string | |
| Tree | platform-type | |
| String Length | 1 to 255 | |
| Introduced | 19.5.R1 | |
Platforms |
All |
| Synopsis | MAC address of the advertised node | |
| Context | configure system network-element-discovery profile string system-mac string | |
| Tree | system-mac | |
| Introduced | 19.5.R1 | |
Platforms |
All |
| Synopsis | Vendor ID to be advertised | |
| Context | configure system network-element-discovery profile string vendor-id string | |
| Tree | vendor-id | |
| String Length | 1 to 255 | |
| Default | Nokia | |
| Introduced | 19.5.R1 | |
Platforms |
All |
| Synopsis | Process received OSPF dynamic hostname information | |
| Context | configure system ospf-dynamic-hostnames boolean | |
| Tree | ospf-dynamic-hostnames | |
Description |
When configured to true, OSPF dynamic hostnames are enabled. The router receiving the new dynamic hostname within the OSPF Router Information (RI) LSA is instructed to process the received dynamic hostname information. When configured to false, dynamic hostname information is not processed. |
|
| Default | false | |
| Introduced | 20.2.R1 | |
|
Platforms |
All |
| Synopsis | Enter the persistence context | |
| Context | configure system persistence | |
| Tree | persistence | |
Description |
Commands in this context configure persistence on the system. The persistence feature enables the system to retain state information learned through DHCP snooping across reboots. This information includes data such as the IP address and MAC binding information, lease-length information, and ingress SAP information (required for VPLS snooping to identify the ingress interface). If persistence is enabled when there are no DHCP relay or snooping commands enabled, the system creates an empty file. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the ancp context | |
| Context | configure system persistence ancp | |
| Tree | ancp | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Text description | |
| Context | configure system persistence ancp description string | |
| Tree | description | |
| String Length | 1 to 80 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | CPM flash card where the information is stored | |
| Context | configure system persistence ancp location keyword | |
| Tree | location | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the application-assurance context | |
| Context | configure system persistence application-assurance | |
| Tree | application-assurance | |
Description |
Commands in this context configure AA persistence on the system. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
| Synopsis | Text description | |
| Context | configure system persistence application-assurance description string | |
| Tree | description | |
| String Length | 1 to 80 | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
| Synopsis | CPM flash card where the information is stored | |
| Context | configure system persistence application-assurance location keyword | |
| Tree | location | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
| Synopsis | Enter the dhcp-server context | |
| Context | configure system persistence dhcp-server | |
| Tree | dhcp-server | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
| Synopsis | Text description | |
| Context | configure system persistence dhcp-server description string | |
| Tree | description | |
| String Length | 1 to 80 | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
| Synopsis | CPM flash card where the information is stored | |
| Context | configure system persistence dhcp-server location keyword | |
| Tree | location | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
| Synopsis | Enter the nat-port-forwarding context | |
| Context | configure system persistence nat-port-forwarding | |
| Tree | nat-port-forwarding | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
| Synopsis | Text description | |
| Context | configure system persistence nat-port-forwarding description string | |
| Tree | description | |
| String Length | 1 to 80 | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
| Synopsis | CPM flash card where the information is stored | |
| Context | configure system persistence nat-port-forwarding location keyword | |
| Tree | location | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
| Synopsis | Enter the options context | |
| Context | configure system persistence options | |
| Tree | options | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
| Synopsis | DHCP lease time limit to be eligible for persistence | |
| Context | configure system persistence options dhcp-leasetime-threshold number | |
| Tree | dhcp-leasetime-threshold | |
| Range | 1 to 631152000 | |
| Units | seconds | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
| Synopsis | Enter the python-policy-cache context | |
| Context | configure system persistence python-policy-cache | |
| Tree | python-policy-cache | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Text description | |
| Context | configure system persistence python-policy-cache description string | |
| Tree | description | |
| String Length | 1 to 80 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | CPM flash card where the information is stored | |
| Context | configure system persistence python-policy-cache location keyword | |
| Tree | location | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the subscriber-mgmt context | |
| Context | configure system persistence subscriber-mgmt | |
| Tree | subscriber-mgmt | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
| Synopsis | Text description | |
| Context | configure system persistence subscriber-mgmt description string | |
| Tree | description | |
| String Length | 1 to 80 | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
| Synopsis | CPM flash card where the information is stored | |
| Context | configure system persistence subscriber-mgmt location keyword | |
| Tree | location | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR |
| Synopsis | Enter the power-management list instance | |
| Context | configure system power-management power-zone number | |
| Tree | power-management | |
| Introduced | 16.0.R1 | |
Platforms |
7750 SR-s, 7950 XRS |
| Synopsis | Power zone | |
| Context | configure system power-management power-zone number | |
| Range | 1 to 2 | |
Notes |
This element is part of a list key. |
|
| Introduced | 16.0.R1 | |
Platforms |
7750 SR-s, 7950 XRS |
| Synopsis | Power capacity mode algorithm | |
| Context | configure system power-management power-zone number mode keyword | |
| Tree | mode | |
| Default | basic | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
7750 SR-s, 7950 XRS |
| Synopsis | Power capacity to trigger a safety alert event | |
| Context | configure system power-management power-zone number power-safety-alert number | |
| Tree | power-safety-alert | |
| Range | 0 to 120000 | |
| Default | 0 | |
| Units | watts | |
| Introduced | 16.0.R1 | |
Platforms |
7750 SR-s, 7950 XRS |
| Synopsis | Minimum threshold to power off devices | |
| Context | configure system power-management power-zone number power-safety-level number | |
| Tree | power-safety-level | |
| Range | 0 to 100 | |
| Default | 100 | |
| Units | percent | |
| Introduced | 16.0.R1 | |
Platforms |
7750 SR-s, 7950 XRS |
| Synopsis | Enter the ptp context | |
| Context | configure system ptp | |
| Tree | ptp | |
Description |
Commands in this context configure Precision Time Control (PTP) parameters based on IEEE 1588-2008, Precision Time Protocol. The context is only supported on control assemblies that support 1588. |
|
| Introduced | 21.7.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Administrative state of PTP | |
| Context | configure system ptp admin-state keyword | |
| Tree | admin-state | |
| Default | disable | |
| Options | ||
| Introduced | 21.7.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Enter the alternate-profile list instance | |
| Context | configure system ptp alternate-profile string | |
| Tree | alternate-profile | |
Description |
Commands in this context create an alternate profile configuration for use in PTP messaging. The alternate profile can be used at the edge of a network to provide PTP time or frequency distribution outward to external PTP clocks. The alternate profile cannot be deleted if it is configured as the profile under a PTP port. |
|
| Max. Instances | 6 | |
| Introduced | 22.7.R1 | |
|
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Alternate profile name | |
| Context | configure system ptp alternate-profile string | |
Description |
This command configures an alternate profile name. The strings "Primary" and "primary" cannot be used for the alternate-profile name. |
|
| String Length | 1 to 64 | |
Notes |
This element is part of a list key. |
|
| Introduced | 22.7.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Administrative state of the alternate PTP profile | |
| Context | configure system ptp alternate-profile string admin-state keyword | |
| Tree | admin-state | |
| Default | disable | |
| Options | ||
| Introduced | 22.7.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
|
WARNING:
Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
||
| Synopsis | Alternate profile PTP domain number | |
| Context | configure system ptp alternate-profile string domain number | |
| Tree | domain | |
Description |
This command configures the domain number of the alternate profile. This value can only be changed when the alternate profile is admin-state disable. |
|
| Range | 0 to 255 | |
| Default | 24 | |
| Introduced | 22.7.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
|
|
WARNING:
Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
||
| Synopsis | PTP announce message interval in log form | |
| Context | configure system ptp alternate-profile string log-announce-interval number | |
| Tree | log-announce-interval | |
Description |
This command configures the announce message interval used for multicast messages within the alternate profile. For multicast messages used on PTP Ethernet ports, this command configures the message interval used for announce messages transmitted by the local node. This value has no impact on the interval used for the BMCA, which is controlled by the value defined for the primary profile. This value can only be changed when the alternate profile is admin-state disable. |
|
| Range | -3 to 4 | |
| Default | -3 | |
| Introduced | 22.7.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
|
|
WARNING:
Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
||
| Synopsis | Standard based profile used within an alternate profile | |
| Context | configure system ptp alternate-profile string profile keyword | |
| Tree | profile | |
Description |
This command specifies the standard based profile that is used as the basis for the alternate profile. This setting controls the contents of PTP messages sent on ports and peers using this alternate profile. This value can only be changed when the alternate profile is admin-state disable. |
|
| Default | g8275dot1-2014 | |
| Options | ||
| Introduced | 22.7.R1 | |
|
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
|
|
WARNING:
Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
||
| Synopsis | Expired intervals count before timeout event declared | |
| Context | configure system ptp announce-receipt-timeout number | |
| Tree | announce-receipt-timeout | |
Description |
This command configures the number of Announce message intervals that must expire with no received Announce messages before declaring an ANNOUNCE_RECEIPT_TIMEOUT event. |
|
| Range | 2 to 10 | |
| Default | 3 | |
| Introduced | 21.7.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
|
|
WARNING:
Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
||
WARNING:
Modifying this element recreates the parent element automatically for the new value to take effect. |
||
| Synopsis | Clock type | |
| Context | configure system ptp clock-type keyword | |
| Tree | clock-type | |
| Options | ||
| Introduced | 21.7.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
|
|
WARNING:
Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
||
| Synopsis | PTP domain | |
| Context | configure system ptp domain number | |
| Tree | domain | |
Description |
This command configures the PTP domain. The default and valid range of the domain depend on the configured PTP profile.
|
|
| Range | 0 to 255 | |
| Introduced | 21.7.R1 | |
|
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
|
| Synopsis | PTP clock local priority | |
| Context | configure system ptp local-priority number | |
| Tree | local-priority | |
Description |
This command configures the local priority used to choose between PTP masters in the best master clock algorithm (BMCA). This setting applies when the PTP profile is either configured for G.8275.1 or G.8275.2 and is ignored for any other profile. For G.8275.1 or G.8275.2, this command configures the localPriority parameter associated with the local clock (ptp context). See G.8275.1 or G.8275.2 for detailed information. |
|
| Range | 1 to 255 | |
| Default | 128 | |
| Introduced | 21.7.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
|
WARNING:
Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
||
| Synopsis | Announce message interval in log form | |
| Context | configure system ptp log-announce-interval number | |
| Tree | log-announce-interval | |
Description |
This command configures the Announce message interval used for both unicast and multicast messages. For unicast messages, the Announce message interval is requested during unicast negotiation to any peer. This controls the Announce message rate sent from remote peers to the local node. It does not affect the announce message rate that may be sent from the local node to remote peers. Remote peers may request an Announce message rate within the acceptable grant range. For multicast messages used on PTP Ethernet ports, this command specifies the message interval used for Announce messages transmitted by the local node. This value also defines the interval between executions of the BMCA within the node. To minimize BMCA driven reconfigurations, IEEE recommends that the announce interval should be consistent across the entire 1588 network. |
|
| Range | -3 to 4 | |
| Introduced | 21.7.R1 | |
|
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
|
| Synopsis | PTP network type | |
| Context | configure system ptp network-type keyword | |
| Tree | network-type | |
Description |
This command configures the codeset to be used for the encoding of QL values into PTP clockClass values and vice versa when the profile is configured for G.8265.1 or G.8275.2. This setting only applies to the range of values observed in the clockClass values transmitted out of the node in Announce messages. The router supports the reception of any valid value in Table 1/G.8265.1 and Table2/G.8275.2. |
|
| Default | sdh | |
| Options | ||
| Introduced | 21.7.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Enter the port list instance | |
| Context | configure system ptp port reference | |
| Tree | port | |
Description |
Commands in this context configure PTP over Ethernet on the physical port. The PTP process transmits and receives PTP messages through the port using Ethernet encapsulation (as opposed to UDP/IPv4 encapsulation). Frames are transmitted with no VLAN tags, even if the port is configured for dot1q or qinq modes for encap-type. The received frames from the external PTP clock must also be untagged. Two reserved multicast addresses are allocated for PTP messages (see Annex F IEEE Std 1588-2008). Either address can be configured for the PTP messages sent through the port. A PTP port cannot be created if the PTP profile is configured for G.8265.1. If the port supports 1588 port-based timestamping, Synchronous Ethernet must be enabled on the MDA when PTP over Ethernet is enabled. De-provisioning of the card or MDA containing the specified port is not permitted while the port is configured within PTP. Changing the encapsulation or the port type of the Ethernet port is not permitted when PTP Ethernet Multicast operation is configured on the port. To allocate an Ethernet satellite client port as a PTP port, the Ethernet satellite must first be enabled for the transparent clock function. For more information, see the configure satellite ethernet-satellite ptp-tc command. The SyncE/1588 ports of the CPM and CCMs can be specified as PTP ports. These use the ‘A/3’ and ‘B/3’ designation and both must be specified as two PTP ports if both are used. The active CPM sends and receives messages on both ports if they are specified and enabled. |
|
| Introduced | 21.7.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Destination MAC address of the transmitted PTP messages | |
| Context | configure system ptp port reference address string | |
| Tree | address | |
Description |
This command specifies the destination MAC address of the transmitted PTP messages. IEEE Std 1588-2008 Annex F defines two reserved addresses for 1588 messages, which include:
Both addresses are supported for reception, independent of the address configured by this command. |
|
| Default | 01:1B:19:00:00:00 | |
| Introduced | 21.7.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Administrative state of the PTP port | |
| Context | configure system ptp port reference admin-state keyword | |
| Tree | admin-state | |
| Default | enable | |
| Options | ||
| Introduced | 21.7.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Alternate profile for the PTP port | |
| Context | configure system ptp port reference alternate-profile reference | |
| Tree | alternate-profile | |
Description |
This command creates the alternate profile that is used in communications with the port or peer. If no alternate profile is specified, the primary profile is used. |
|
Reference |
configure system ptp alternate-profile string |
|
| Introduced | 22.7.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | PTP port local priority | |
| Context | configure system ptp port reference local-priority number | |
| Tree | local-priority | |
Description |
This command configures the local priority used to choose between PTP masters in the best master clock algorithm (BMCA). This setting applies when the PTP profile is either configured for G.8275.1 or G.8275.2 and is ignored for any other profile. For G.8275.1 or G.8275.2, this command configures the localPriority parameter associated with the Announce messages received from the external clocks (ptp port context). See G.8275.1 or G.8275.2 for detailed information. |
|
| Range | 1 to 255 | |
| Default | 128 | |
| Introduced | 21.7.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Minimum interval for Delay_Req messages in log form | |
| Context | configure system ptp port reference log-delay-interval number | |
| Tree | log-delay-interval | |
Description |
This command configures the minimum interval used for multicast Delay_Req messages for the port. For ports in a slave state, the interval is used, unless the parent port indicates a longer interval. For a port in master state, the interval is advertised to external slave ports as the minimum acceptable interval for Delay_Req messages from the slave ports. The router supports the 1588 standard requirement for a port in slave state to check the logMessageInterval field of received multicast Delay_Resp messages. If the value of the logMessageInterval field of the messages is greater than the value configured locally for the generation of Delay_Req messages, the slave must use the longer interval for the generation of Delay_Req messages. The interval value is specified as the logarithm to the base 2. |
|
| Range | -6 to 0 | |
| Introduced | 21.7.R1 | |
|
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Interval for transmission of Sync messages in log form | |
| Context | configure system ptp port reference log-sync-interval number | |
| Tree | log-sync-interval | |
Description |
This command configures the interval used for Sync messages transmitted by the local node when the port is in master state. The interval value is specified as the logarithm to the base 2. |
|
| Range | -6 to 0 | |
| Introduced | 21.7.R1 | |
|
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Restrict the local port to master state | |
| Context | configure system ptp port reference master-only boolean | |
| Tree | master-only | |
Description |
When configured to true, the local port is restricted to master state only, ensuring that the system does not obtain synchronization from attached external devices. This command is supported only when the PTP profile is set for G.8275.1 or G.8275.2. |
|
| Introduced | 21.7.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Priority1 of the local clock | |
| Context | configure system ptp priority1 number | |
| Tree | priority1 | |
Description |
This command configures the priority1 parameter of the local clock. The setting is used when the profile is configured for IEEE 1588-2008. This value is used by the Best Master Clock Algorithm to determine which clock should provide timing for the network and is advertised in Announce messages. |
|
| Range | 0 to 255 | |
| Default | 128 | |
| Introduced | 21.7.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Priority2 of the local clock | |
| Context | configure system ptp priority2 number | |
| Tree | priority2 | |
Description |
This command configures the priority2 parameter of the local clock. The setting is used when the profile is configured for IEEE 1588-2008, G.8275.1, or G.8275.2. This value is used by the Best Master Clock algorithm to determine which clock should provide timing for the network and is advertised in Announce messages. |
|
| Range | 0 to 255 | |
| Default | 128 | |
| Introduced | 21.7.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
|
WARNING:
Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
||
WARNING:
Modifying this element recreates the parent element automatically for the new value to take effect. |
||
| Synopsis | PTP profile | |
| Context | configure system ptp profile keyword | |
| Tree | profile | |
Description |
This command configures the profile to be used for the internal PTP clock. It defines the Best Master Clock Algorithm (BMCA) behavior. Profile changes may affect the settings of other configuration elements, such as the clock type and default settings for the delay interval, announce interval, and the Sync interval. The following clock types are supported for the indicated profiles:
|
|
| Options | ||
| Introduced | 21.7.R1 | |
|
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
|
| Synopsis | Enter the monitor-ptsf-unusable context | |
| Context | configure system ptp ptsf monitor-ptsf-unusable | |
| Tree | monitor-ptsf-unusable | |
Description |
Commands in this context configure monitoring of neighbor clocks for the PTSF-unusable state (condition) when the profile is set to g8275dot1-2014. When administratively enabled, the local clock monitors the noise level of PTP event messages between external neighbor PTP ports and the local clock. If it detects a high variation in the network path between the external neighbor port and the local port, it considers the neighbor port unusable. Announce messages from the neighbor are discarded and excluded from the BMCA and the port cannot be selected as the parent clock. The unusable condition must be manually cleared. When administratively disabled, the monitor PTSF function of the PTP clock clears PTSF-unusable states from all neighbor PTP ports. If no PTP messages are received from a neighbor for 15 minutes, the neighbor information is purged and the PTSF-unusable state is cleared. |
|
| Introduced | 21.7.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Administrative state of PTSF unusable monitoring | |
| Context | configure system ptp ptsf monitor-ptsf-unusable admin-state keyword | |
| Tree | admin-state | |
| Default | disable | |
| Options | ||
| Introduced | 21.7.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Administrative state of PTP on the router instance | |
| Context | configure system ptp router string admin-state keyword | |
| Tree | admin-state | |
| Default | enable | |
| Options | ||
| Introduced | 21.7.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Enter the peer list instance | |
| Context | configure system ptp router string peer (ipv4-address-no-zone | ipv6-address-no-zone) | |
| Tree | peer | |
Description |
Commands in this context configure a remote PTP peer. In the current release, the system supports PTP using IPv4 only. |
|
| Introduced | 21.7.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | IP address of the remote PTP peer | |
| Context | configure system ptp router string peer (ipv4-address-no-zone | ipv6-address-no-zone) | |
Description |
This command specifies the IP address of the remote PTP peer. In the current release, the system supports PTP using IPv4 only. |
|
Notes |
This element is part of a list key. |
|
| Introduced | 21.7.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Administrative state of the PTP peer | |
| Context | configure system ptp router string peer (ipv4-address-no-zone | ipv6-address-no-zone) admin-state keyword | |
| Tree | admin-state | |
| Default | enable | |
| Options | ||
| Introduced | 21.7.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | PTP peer local priority | |
| Context | configure system ptp router string peer (ipv4-address-no-zone | ipv6-address-no-zone) local-priority number | |
| Tree | local-priority | |
Description |
This command configures the local priority for the peer, which is used to choose between PTP masters in the best master clock algorithm (BMCA). This setting applies when the PTP profile is configured for G.8265.1, G.8275.1, or G.8275.2 and is ignored for any other profile. For G.8265.1, this command configures the priority used to choose between master clocks with the same quality (see G.8265.1 for more details). For G.8275.1 or G.8275.2, this command configures the localPriority parameter associated with the Announce messages received from the external clocks (ptp router peer context). See G.8275.1 or G.8275.2 for detailed information. |
|
| Range | 1 to 255 | |
| Default | 128 | |
| Introduced | 21.7.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
|
WARNING:
Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
||
| Synopsis | PTP peer interval for Sync messages in log form | |
| Context | configure system ptp router string peer (ipv4-address-no-zone | ipv6-address-no-zone) log-sync-interval number | |
| Tree | log-sync-interval | |
Description |
This command configures the message interval used for Sync and Delay_Resp messages that are requested during unicast negotiation to the peer. The setting controls messages sent from remote peers to the local node but the packet rate from the local node to remote peers is not affected. Remote peers may request a packet rate within the acceptable range. The interval value is specified as the logarithm to the base 2. |
|
| Range | -6 to 0 | |
| Introduced | 21.7.R1 | |
|
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
|
| Synopsis | Number of discovered peers allowed for routing instance | |
| Context | configure system ptp router string peer-limit number | |
| Tree | peer-limit | |
Description |
This command specifies the maximum number of discovered peers permitted within the routing instance. This ensures that a routing instance does not consume all the possible discovered peers and prevents the routing instance from blocking discovered peers in other routing instances. The sum of all peer limit values for all routing instances cannot exceed the maximum number of discovered peers supported by the system. |
|
| Range | 0 to 512 | |
| Introduced | 21.7.R1 | |
|
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Send Announce messages while clock is unsynchronized | |
| Context | configure system ptp tx-while-sync-uncertain boolean | |
| Tree | tx-while-sync-uncertain | |
Description |
When configured to true, the local PTP clock transmits Announce messages to downstream clocks to indicate it has not yet stabilized on the recovered synchronization source (upstream clocks or GM clock). While the PTP clock is unsynchronized, the SyncUncertain state is true. When configured to false, the local PTP clock does not send Announce messages to downstream clocks to indicate it is not synchronized to a valid timing source. If the SyncUncertain state of the clock is true while this command is configured to false, unicast negotiation grant requests are not granted and current grants are canceled. |
|
| Default | true | |
| Introduced | 22.2.R1 | |
|
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Enter the script-control context | |
| Context | configure system script-control | |
| Tree | script-control | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the script list instance | |
| Context | configure system script-control script string owner string | |
| Tree | script | |
| Max. Instances | 1500 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Script name | |
| Context | configure system script-control script string owner string | |
| String Length | 1 to 32 | |
Notes |
This element is part of a list key. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Script owner | |
| Context | configure system script-control script string owner string | |
| String Length | 1 to 32 | |
Notes |
This element is part of a list key. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Administrative state of the script | |
| Context | configure system script-control script string owner string admin-state keyword | |
| Tree | admin-state | |
| Default | disable | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Text description | |
| Context | configure system script-control script string owner string description string | |
| Tree | description | |
| String Length | 1 to 80 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
|
WARNING:
Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
||
| Synopsis | Script location | |
| Context | configure system script-control script string owner string location string | |
| Tree | location | |
| String Length | 1 to 255 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
|
| Synopsis | Enter the script-policy list instance | |
| Context | configure system script-control script-policy string owner string | |
| Tree | script-policy | |
| Max. Instances | 1500 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Script policy name | |
| Context | configure system script-control script-policy string owner string | |
| String Length | 1 to 32 | |
Notes |
This element is part of a list key. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Script policy owner | |
| Context | configure system script-control script-policy string owner string | |
| String Length | 1 to 32 | |
Notes |
This element is part of a list key. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Administrative state of the script policy | |
| Context | configure system script-control script-policy string owner string admin-state keyword | |
| Tree | admin-state | |
| Default | disable | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Maximum amount of time to keep a run history status | |
| Context | configure system script-control script-policy string owner string expire-time (number | keyword) | |
| Tree | expire-time | |
| Range | 0 to 21474836 | |
| Default | 3600 | |
| Units | seconds | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Maximum amount of time the script may run | |
| Context | configure system script-control script-policy string owner string lifetime (number | keyword) | |
| Tree | lifetime | |
| Range | 0 to 21474836 | |
| Default | 3600 | |
| Units | seconds | |
| Options | ||
Notes |
The following elements are part of a choice: (lifetime and script) or (python-lifetime and python-script). |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Allow EHS/CRON script to break database explicit lock | |
| Context | configure system script-control script-policy string owner string lock-override boolean | |
| Tree | lock-override | |
| Default | false | |
| Introduced | 19.10.R1 | |
|
Platforms |
All |
| Synopsis | Maximum number of script history status entries kept | |
| Context | configure system script-control script-policy string owner string max-completed number | |
| Tree | max-completed | |
| Range | 1 to 1500 | |
| Default | 1 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Maximum time the Python application can run | |
| Context | configure system script-control script-policy string owner string python-lifetime number | |
| Tree | python-lifetime | |
| Range | 30 to 86400 | |
| Units | seconds | |
Notes |
The following elements are part of a choice: (lifetime and script) or (python-lifetime and python-script). |
|
| Introduced | 21.10.R1 | |
Platforms |
All |
| Synopsis | Enter the python-script context | |
| Context | configure system script-control script-policy string owner string python-script | |
| Tree | python-script | |
Notes |
The following elements are part of a choice: (lifetime and script) or (python-lifetime and python-script). |
|
| Introduced | 21.10.R1 | |
Platforms |
All |
|
WARNING:
Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
||
| Synopsis | Python application name | |
| Context | configure system script-control script-policy string owner string python-script name reference | |
| Tree | name | |
Reference |
configure python python-script string |
|
| Introduced | 21.10.R1 | |
Platforms |
All |
|
| Synopsis | Location to receive CLI output of a script run | |
| Context | configure system script-control script-policy string owner string results string | |
| Tree | results | |
| String Length | 1 to 255 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the script context | |
| Context | configure system script-control script-policy string owner string script | |
| Tree | script | |
Notes |
The following elements are part of a choice: (lifetime and script) or (python-lifetime and python-script). |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
|
WARNING:
Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
||
| Synopsis | Script name | |
| Context | configure system script-control script-policy string owner string script name string | |
| Tree | name | |
| String Length | 1 to 32 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
|
|
WARNING:
Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
||
| Synopsis | Script owner | |
| Context | configure system script-control script-policy string owner string script owner string | |
| Tree | owner | |
| String Length | 1 to 32 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
|
| Synopsis | Enter the security context | |
| Context | configure system security | |
| Tree | security | |
Description |
Commands in this context configure central security settings such as DDoS protection, users, authorization profiles, and certificates. Access to these commands should be restricted to highly trusted users and device administrators. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the cli-session-group list instance | |
| Context | configure system security aaa cli-session-group string | |
| Tree | cli-session-group | |
| Max. Instances | 16 | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | CLI session group name | |
| Context | configure system security aaa cli-session-group string | |
| String Length | 1 to 32 | |
Notes |
This element is part of a list key. |
|
| Introduced | 16.0.R2 | |
Platforms |
All |
| Synopsis | Maximum number of concurrent SSH and Telnet sessions | |
| Context | configure system security aaa cli-session-group string combined-max-sessions number | |
| Tree | combined-max-sessions | |
| Range | 0 to 50 | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Text description | |
| Context | configure system security aaa cli-session-group string description string | |
| Tree | description | |
| String Length | 1 to 80 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Maximum number of concurrent SSH sessions | |
| Context | configure system security aaa cli-session-group string ssh-max-sessions number | |
| Tree | ssh-max-sessions | |
| Range | 0 to 50 | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Maximum number of concurrent Telnet sessions | |
| Context | configure system security aaa cli-session-group string telnet-max-sessions number | |
| Tree | telnet-max-sessions | |
| Range | 0 to 50 | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Polling interval of RADIUS, TACACS+, and LDAP servers | |
| Context | configure system security aaa health-check (number | keyword) | |
| Tree | health-check | |
| Range | 6 to 1500 | |
| Default | 30 | |
| Units | seconds | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the local-profiles context | |
| Context | configure system security aaa local-profiles | |
| Tree | local-profiles | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | User profile name | |
| Context | configure system security aaa local-profiles profile string | |
| String Length | 1 to 32 | |
Notes |
This element is part of a list key. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | CLI session group to which the profile belongs | |
| Context | configure system security aaa local-profiles profile string cli-session-group reference | |
| Tree | cli-session-group | |
Reference |
configure system security aaa cli-session-group string |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Maximum number of concurrent SSH and Telnet sessions | |
| Context | configure system security aaa local-profiles profile string combined-max-sessions number | |
| Tree | combined-max-sessions | |
| Range | 0 to 50 | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Action for non-matching entry | |
| Context | configure system security aaa local-profiles profile string default-action keyword | |
| Tree | default-action | |
| Default | none | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Text description | |
| Context | configure system security aaa local-profiles profile string entry number description string | |
| Tree | description | |
| String Length | 1 to 80 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the rpc-authorization context | |
| Context | configure system security aaa local-profiles profile string grpc rpc-authorization | |
| Tree | rpc-authorization | |
Description |
Commands in this context control the authorization of each RPC in gRPC interfaces. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | gNMI Capabilities RPC authorization | |
| Context | configure system security aaa local-profiles profile string grpc rpc-authorization gnmi-capabilities keyword | |
| Tree | gnmi-capabilities | |
| Default | permit | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | gNMI Get RPC authorization | |
| Context | configure system security aaa local-profiles profile string grpc rpc-authorization gnmi-get keyword | |
| Tree | gnmi-get | |
| Default | permit | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | gNMI Set RPC authorization | |
| Context | configure system security aaa local-profiles profile string grpc rpc-authorization gnmi-set keyword | |
| Tree | gnmi-set | |
| Default | permit | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | gNMI Subscribe RPC authorization | |
| Context | configure system security aaa local-profiles profile string grpc rpc-authorization gnmi-subscribe keyword | |
| Tree | gnmi-subscribe | |
| Default | permit | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | gNOI CanGenerateCSR RPC authorization | |
| Context | configure system security aaa local-profiles profile string grpc rpc-authorization gnoi-cert-mgmt-cangenerate keyword | |
| Tree | gnoi-cert-mgmt-cangenerate | |
| Default | deny | |
| Options | ||
| Introduced | 19.10.R1 | |
Platforms |
All |
| Synopsis | gNOI GetCertificates RPC authorization | |
| Context | configure system security aaa local-profiles profile string grpc rpc-authorization gnoi-cert-mgmt-getcert keyword | |
| Tree | gnoi-cert-mgmt-getcert | |
| Default | deny | |
| Options | ||
| Introduced | 19.10.R1 | |
Platforms |
All |
| Synopsis | gNOI Install RPC authorization | |
| Context | configure system security aaa local-profiles profile string grpc rpc-authorization gnoi-cert-mgmt-install keyword | |
| Tree | gnoi-cert-mgmt-install | |
| Default | deny | |
| Options | ||
| Introduced | 19.10.R1 | |
Platforms |
All |
| Synopsis | gNOI RevokeCertificates RPC authorization | |
| Context | configure system security aaa local-profiles profile string grpc rpc-authorization gnoi-cert-mgmt-revoke keyword | |
| Tree | gnoi-cert-mgmt-revoke | |
| Default | deny | |
| Options | ||
| Introduced | 20.2.R1 | |
Platforms |
All |
| Synopsis | gNOI Rotate RPC authorization | |
| Context | configure system security aaa local-profiles profile string grpc rpc-authorization gnoi-cert-mgmt-rotate keyword | |
| Tree | gnoi-cert-mgmt-rotate | |
| Default | deny | |
| Options | ||
| Introduced | 19.10.R1 | |
Platforms |
All |
| Synopsis | gNOI File Get RPC authorization | |
| Context | configure system security aaa local-profiles profile string grpc rpc-authorization gnoi-file-get keyword | |
| Tree | gnoi-file-get | |
| Default | permit | |
| Options | ||
| Introduced | 21.2.R1 | |
Platforms |
All |
| Synopsis | gNOI File Put RPC authorization | |
| Context | configure system security aaa local-profiles profile string grpc rpc-authorization gnoi-file-put keyword | |
| Tree | gnoi-file-put | |
| Default | permit | |
| Options | ||
| Introduced | 21.2.R1 | |
Platforms |
All |
| Synopsis | gNOI File Remove RPC authorization | |
| Context | configure system security aaa local-profiles profile string grpc rpc-authorization gnoi-file-remove keyword | |
| Tree | gnoi-file-remove | |
| Default | permit | |
| Options | ||
| Introduced | 21.2.R1 | |
Platforms |
All |
| Synopsis | gNOI File Stat RPC authorization | |
| Context | configure system security aaa local-profiles profile string grpc rpc-authorization gnoi-file-stat keyword | |
| Tree | gnoi-file-stat | |
| Default | permit | |
| Options | ||
| Introduced | 21.2.R1 | |
Platforms |
All |
| Synopsis | gNOI File TransferToRemote RPC authorization | |
| Context | configure system security aaa local-profiles profile string grpc rpc-authorization gnoi-file-transfertoremote keyword | |
| Tree | gnoi-file-transfertoremote | |
| Default | permit | |
| Options | ||
| Introduced | 21.7.R1 | |
Platforms |
All |
| Synopsis | gNOI System CancelReboot RPC authorization | |
| Context | configure system security aaa local-profiles profile string grpc rpc-authorization gnoi-system-cancelreboot keyword | |
| Tree | gnoi-system-cancelreboot | |
| Default | deny | |
| Options | ||
| Introduced | 20.5.R1 | |
Platforms |
All |
| Synopsis | gNOI System Ping RPC authorization | |
| Context | configure system security aaa local-profiles profile string grpc rpc-authorization gnoi-system-ping keyword | |
| Tree | gnoi-system-ping | |
| Default | permit | |
| Options | ||
| Introduced | 21.7.R1 | |
Platforms |
All |
| Synopsis | gNOI System Reboot RPC authorization | |
| Context | configure system security aaa local-profiles profile string grpc rpc-authorization gnoi-system-reboot keyword | |
| Tree | gnoi-system-reboot | |
| Default | deny | |
| Options | ||
| Introduced | 20.5.R1 | |
Platforms |
All |
| Synopsis | gNOI System RebootStatus RPC authorization | |
| Context | configure system security aaa local-profiles profile string grpc rpc-authorization gnoi-system-rebootstatus keyword | |
| Tree | gnoi-system-rebootstatus | |
| Default | deny | |
| Options | ||
| Introduced | 20.5.R1 | |
Platforms |
All |
| Synopsis | gNOI System SetPackage RPC authorization | |
| Context | configure system security aaa local-profiles profile string grpc rpc-authorization gnoi-system-setpackage keyword | |
| Tree | gnoi-system-setpackage | |
| Default | deny | |
| Options | ||
| Introduced | 20.5.R1 | |
Platforms |
All |
| Synopsis | gNOI System SwitchControlProcessor RPC authorization | |
| Context | configure system security aaa local-profiles profile string grpc rpc-authorization gnoi-system-switchcontrolprocessor keyword | |
| Tree | gnoi-system-switchcontrolprocessor | |
| Default | deny | |
| Options | ||
| Introduced | 20.5.R1 | |
Platforms |
All |
| Synopsis | gNOI System Time RPC authorization | |
| Context | configure system security aaa local-profiles profile string grpc rpc-authorization gnoi-system-time keyword | |
| Tree | gnoi-system-time | |
| Default | permit | |
| Options | ||
| Introduced | 21.7.R1 | |
Platforms |
All |
| Synopsis | gNOI System Traceroute RPC authorization | |
| Context | configure system security aaa local-profiles profile string grpc rpc-authorization gnoi-system-traceroute keyword | |
| Tree | gnoi-system-traceroute | |
| Default | permit | |
| Options | ||
| Introduced | 21.7.R1 | |
Platforms |
All |
| Synopsis | gNOI MdCli Session RPC authorization | |
| Context | configure system security aaa local-profiles profile string grpc rpc-authorization md-cli-session keyword | |
| Tree | md-cli-session | |
| Default | permit | |
| Options | ||
| Introduced | 20.5.R1 | |
Platforms |
All |
| Synopsis | RibApi GetVersion RPC authorization | |
| Context | configure system security aaa local-profiles profile string grpc rpc-authorization rib-api-getversion keyword | |
| Tree | rib-api-getversion | |
| Default | permit | |
| Options | ||
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | RibApi Modify RPC authorization | |
| Context | configure system security aaa local-profiles profile string grpc rpc-authorization rib-api-modify keyword | |
| Tree | rib-api-modify | |
| Default | permit | |
| Options | ||
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Enter the base-op-authorization context | |
| Context | configure system security aaa local-profiles profile string netconf base-op-authorization | |
| Tree | base-op-authorization | |
Description |
Commands in this context configure the permission to use NETCONF operations at the base operation level for the specified profile. The NETCONF operations are authorized by default in the built-in system-generated administrative profile. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Allow NETCONF action operation | |
| Context | configure system security aaa local-profiles profile string netconf base-op-authorization action boolean | |
| Tree | action | |
| Default | false | |
| Introduced | 21.7.R1 | |
|
Platforms |
All |
| Synopsis | Allow NETCONF cancel-commit operation | |
| Context | configure system security aaa local-profiles profile string netconf base-op-authorization cancel-commit boolean | |
| Tree | cancel-commit | |
| Default | false | |
| Introduced | 21.7.R1 | |
|
Platforms |
All |
| Synopsis | Allow NETCONF close-session operation | |
| Context | configure system security aaa local-profiles profile string netconf base-op-authorization close-session boolean | |
| Tree | close-session | |
| Default | false | |
| Introduced | 21.7.R1 | |
|
Platforms |
All |
| Synopsis | Allow NETCONF commit operation | |
| Context | configure system security aaa local-profiles profile string netconf base-op-authorization commit boolean | |
| Tree | commit | |
| Default | false | |
| Introduced | 21.7.R1 | |
|
Platforms |
All |
| Synopsis | Allow NETCONF copy-config operation | |
| Context | configure system security aaa local-profiles profile string netconf base-op-authorization copy-config boolean | |
| Tree | copy-config | |
| Default | false | |
| Introduced | 21.7.R1 | |
|
Platforms |
All |
| Synopsis | Allow NETCONF create-subscription operation | |
| Context | configure system security aaa local-profiles profile string netconf base-op-authorization create-subscription boolean | |
| Tree | create-subscription | |
Description |
When configured to true, this command enables the NETCONF create-subscription operation in the default profile. The base-op-authorization create-subscription configuration is not pre-emptive, which means that it is checked only at the time of the initial subscription. Configuration changes to base-op-authorization do not cancel any in-progress subscriptions and operators who successfully subscribed continue to receive messages. When configured to false, this command disables the NETCONF create-subscription operation in the default profile. The operation is enabled by default in the built-in system-generated administrative profile. |
|
| Default | false | |
| Introduced | 21.7.R1 | |
|
Platforms |
All |
| Synopsis | Allow NETCONF delete-config operation | |
| Context | configure system security aaa local-profiles profile string netconf base-op-authorization delete-config boolean | |
| Tree | delete-config | |
| Default | false | |
| Introduced | 21.7.R1 | |
|
Platforms |
All |
| Synopsis | Allow NETCONF discard-changes operation | |
| Context | configure system security aaa local-profiles profile string netconf base-op-authorization discard-changes boolean | |
| Tree | discard-changes | |
| Default | false | |
| Introduced | 21.7.R1 | |
|
Platforms |
All |
| Synopsis | Allow NETCONF edit-config operation | |
| Context | configure system security aaa local-profiles profile string netconf base-op-authorization edit-config boolean | |
| Tree | edit-config | |
| Default | false | |
| Introduced | 21.7.R1 | |
|
Platforms |
All |
| Synopsis | Allow NETCONF get operation | |
| Context | configure system security aaa local-profiles profile string netconf base-op-authorization get boolean | |
| Tree | get | |
| Default | false | |
| Introduced | 21.7.R1 | |
|
Platforms |
All |
| Synopsis | Allow NETCONF get-config operation | |
| Context | configure system security aaa local-profiles profile string netconf base-op-authorization get-config boolean | |
| Tree | get-config | |
| Default | false | |
| Introduced | 21.7.R1 | |
|
Platforms |
All |
| Synopsis | Allow NETCONF get-data operation | |
| Context | configure system security aaa local-profiles profile string netconf base-op-authorization get-data boolean | |
| Tree | get-data | |
| Default | false | |
| Introduced | 21.7.R1 | |
|
Platforms |
All |
| Synopsis | Allow NETCONF get-schema operation | |
| Context | configure system security aaa local-profiles profile string netconf base-op-authorization get-schema boolean | |
| Tree | get-schema | |
| Default | false | |
| Introduced | 21.7.R1 | |
|
Platforms |
All |
| Synopsis | Allow NETCONF kill-session operation | |
| Context | configure system security aaa local-profiles profile string netconf base-op-authorization kill-session boolean | |
| Tree | kill-session | |
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Allow NETCONF lock and unlock operations | |
| Context | configure system security aaa local-profiles profile string netconf base-op-authorization lock boolean | |
| Tree | lock | |
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Allow NETCONF validate operation | |
| Context | configure system security aaa local-profiles profile string netconf base-op-authorization validate boolean | |
| Tree | validate | |
| Default | false | |
| Introduced | 21.7.R1 | |
|
Platforms |
All |
| Synopsis | Maximum number of concurrent SSH sessions | |
| Context | configure system security aaa local-profiles profile string ssh-max-sessions number | |
| Tree | ssh-max-sessions | |
| Range | 0 to 50 | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Maximum number of concurrent Telnet sessions | |
| Context | configure system security aaa local-profiles profile string telnet-max-sessions number | |
| Tree | telnet-max-sessions | |
| Range | 0 to 50 | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Enter the management-interface context | |
| Context | configure system security aaa management-interface | |
| Tree | management-interface | |
| Introduced | 20.10.R1 | |
Platforms |
All |
| Synopsis | Perform remote command accounting during a load or rollback operation | |
| Context | configure system security aaa management-interface md-cli command-accounting-during-load boolean | |
| Tree | command-accounting-during-load | |
| Default | true | |
| Introduced | 20.10.R1 | |
|
Platforms |
All |
| Synopsis | Enter the output-authorization context | |
| Context | configure system security aaa management-interface output-authorization | |
| Tree | output-authorization | |
Description |
Commands in this context configure output authorization for model-driven interfaces and telemetry. When output authorization is performed, commands that display configuration or state output must authorize every element in the output. If a remote AAA server is configured, there may be delays in displaying output while the output is authorized. The remote AAA server may receive a large volume of authorization requests when substantial output displays are needed, such as for system configuration details. Input to edit the configuration is always authorized, and is not affected by commands in this context. |
|
| Introduced | 20.10.R1 | |
Platforms |
All |
| Synopsis | Authorize output in model-driven interfaces | |
| Context | configure system security aaa management-interface output-authorization md-interfaces boolean | |
| Tree | md-interfaces | |
Description |
When configured to true, output is authorized for the following:
|
|
| Default | true | |
| Introduced | 20.10.R1 | |
|
Platforms |
All |
| Synopsis | Authorize telemetry data in gNMI Subscribe RPC response | |
| Context | configure system security aaa management-interface output-authorization telemetry-data boolean | |
| Tree | telemetry-data | |
| Default | false | |
| Introduced | 20.10.R1 | |
|
Platforms |
All |
| Synopsis | Enter the remote-servers context | |
| Context | configure system security aaa remote-servers | |
| Tree | remote-servers | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Administrative state of the LDAP operation protocol | |
| Context | configure system security aaa remote-servers ldap admin-state keyword | |
| Tree | admin-state | |
| Default | enable | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Allow SSH public key authentication from LDAP server | |
| Context | configure system security aaa remote-servers ldap public-key-authentication boolean | |
| Tree | public-key-authentication | |
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Route preference to reach the AAA server | |
| Context | configure system security aaa remote-servers ldap route-preference keyword | |
| Tree | route-preference | |
Description |
This command specifies the routing preference to reach the AAA server. If the configured option is to use both in-band and out-of-band routes, the out-of-band routes in the Base routing instance are used to reach the server before the in-band routes in the management routing instance. |
|
| Default | both | |
| Options | ||
| Introduced | 21.5.R1 | |
Platforms |
All |
| Synopsis | Administrative state of the LDAP server | |
| Context | configure system security aaa remote-servers ldap server number admin-state keyword | |
| Tree | admin-state | |
| Default | disable | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the bind-authentication context | |
| Context | configure system security aaa remote-servers ldap server number bind-authentication | |
| Tree | bind-authentication | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Password used for authentication with the LDAP server | |
| Context | configure system security aaa remote-servers ldap server number bind-authentication password string | |
| Tree | password | |
| String Length | 1 to 199 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Root domain used for authentication with LDAP server | |
| Context | configure system security aaa remote-servers ldap server number bind-authentication root-dn string | |
| Tree | root-dn | |
| String Length | 1 to 512 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | LDAP server name | |
| Context | configure system security aaa remote-servers ldap server number server-name string | |
| Tree | server-name | |
| String Length | 1 to 32 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | TLS client profile used to encrypt the LDAP connection | |
| Context | configure system security aaa remote-servers ldap server number tls-profile reference | |
| Tree | tls-profile | |
Reference |
configure system security tls client-tls-profile string |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Number of attempts to retry contacting the LDAP server | |
| Context | configure system security aaa remote-servers ldap server-retry number | |
| Tree | server-retry | |
| Range | 1 to 10 | |
| Default | 3 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Timeout for a response from the LDAP server | |
| Context | configure system security aaa remote-servers ldap server-timeout number | |
| Tree | server-timeout | |
| Range | 1 to 90 | |
| Default | 3 | |
| Units | seconds | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Apply the default template to LDAP | |
| Context | configure system security aaa remote-servers ldap use-default-template boolean | |
| Tree | use-default-template | |
| Default | true | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Algorithm used to access the set of RADIUS servers | |
| Context | configure system security aaa remote-servers radius access-algorithm keyword | |
| Tree | access-algorithm | |
| Default | direct | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enable RADIUS command accounting | |
| Context | configure system security aaa remote-servers radius accounting boolean | |
| Tree | accounting | |
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Port number on RADIUS server for accounting requests | |
| Context | configure system security aaa remote-servers radius accounting-port number | |
| Tree | accounting-port | |
| Range | 1 to 65535 | |
| Default | 1813 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Administrative state of the authentication server | |
| Context | configure system security aaa remote-servers radius admin-state keyword | |
| Tree | admin-state | |
| Default | enable | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enable RADIUS authorization | |
| Context | configure system security aaa remote-servers radius authorization boolean | |
| Tree | authorization | |
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Enable RADIUS interactive authentication | |
| Context | configure system security aaa remote-servers radius interactive-authentication boolean | |
| Tree | interactive-authentication | |
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Route preference to reach the AAA server | |
| Context | configure system security aaa remote-servers radius route-preference keyword | |
| Tree | route-preference | |
Description |
This command specifies the routing preference to reach the AAA server. If the configured option is to use both in-band and out-of-band routes, the out-of-band routes in the Base routing instance are used to reach the server before the in-band routes in the management routing instance. |
|
| Default | both | |
| Options | ||
| Introduced | 21.5.R1 | |
Platforms |
All |
| Synopsis | TLS client profile for the RADIUS server | |
| Context | configure system security aaa remote-servers radius server number tls-client-profile reference | |
| Tree | tls-client-profile | |
Description |
This command specifies the TLS client profile used to encrypt RADIUS communication. When configured, RADIUS messages are sent using TLS. |
|
Reference |
configure system security tls client-tls-profile string |
|
| Introduced | 21.10.R1 | |
Platforms |
All |
| Synopsis | Number of attempts to retry contacting RADIUS server | |
| Context | configure system security aaa remote-servers radius server-retry number | |
| Tree | server-retry | |
| Range | 1 to 10 | |
| Default | 3 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Time to wait for a response from the RADIUS server | |
| Context | configure system security aaa remote-servers radius server-timeout number | |
| Tree | server-timeout | |
| Range | 1 to 90 | |
| Default | 3 | |
| Units | seconds | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Apply the RADIUS default user template to RADIUS user | |
| Context | configure system security aaa remote-servers radius use-default-template boolean | |
| Tree | use-default-template | |
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Enable the accounting context | |
| Context | configure system security aaa remote-servers tacplus accounting | |
| Tree | accounting | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Type of accounting record packet sent to TACACS+ server | |
| Context | configure system security aaa remote-servers tacplus accounting record-type keyword | |
| Tree | record-type | |
| Default | stop-only | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the admin-control context | |
| Context | configure system security aaa remote-servers tacplus admin-control | |
| Tree | admin-control | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Interactive authentication from node to TACACS+ server | |
| Context | configure system security aaa remote-servers tacplus admin-control tacplus-map-to-priv-lvl number | |
| Tree | tacplus-map-to-priv-lvl | |
| Range | 0 to 15 | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Administrative state of the TACACS+ protocol | |
| Context | configure system security aaa remote-servers tacplus admin-state keyword | |
| Tree | admin-state | |
| Default | enable | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enable the authorization context | |
| Context | configure system security aaa remote-servers tacplus authorization | |
| Tree | authorization | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the request-format context | |
| Context | configure system security aaa remote-servers tacplus authorization request-format | |
| Tree | request-format | |
Description |
Commands in this context configure access operations that are sent to the TACACS+ server during authorization. |
|
| Introduced | 21.10.R3 | |
Platforms |
All |
| Synopsis | Access operations sent in authorization requests | |
| Context | configure system security aaa remote-servers tacplus authorization request-format access-operation-cmd keyword | |
| Tree | access-operation-cmd | |
Description |
This command sends an operation argument in authorization requests. In model-driven interfaces, this command configures the system to send the operation in the cmd argument, and the path in the cmd-args argument, in TACACS+ authorization requests. This command does not apply to authorization requests in classic interfaces. |
|
| Options | ||
| Max. Instances | 1 | |
| Introduced | 21.10.R3 | |
|
Platforms |
All |
| Synopsis | Allow privilege level mapping | |
| Context | configure system security aaa remote-servers tacplus authorization use-priv-lvl boolean | |
| Tree | use-priv-lvl | |
Description |
When configured to true, this command automatically performs a single authorization request to the TACACS+ server for cmd* (all commands) immediately after login, and then uses the local profile associated (via the priv-lvl-map) with the priv-lvl returned by the TACACS+ server for all subsequent authorization (except enable-admin). After the initial authorization for cmd*, no further authorization requests are sent to the TACACS+ server (except enable-admin). When configured to false, each command is sent to the TACACS+ server for authorization (this is true regardless of whether the tacplus use-default-template setting is enabled). |
|
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Allows TACACS+ interactive authentication | |
| Context | configure system security aaa remote-servers tacplus interactive-authentication boolean | |
| Tree | interactive-authentication | |
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Enter the priv-lvl-map context | |
| Context | configure system security aaa remote-servers tacplus priv-lvl-map | |
| Tree | priv-lvl-map | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the priv-lvl list instance | |
| Context | configure system security aaa remote-servers tacplus priv-lvl-map priv-lvl number | |
| Tree | priv-lvl | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Privilege level for the mapping | |
| Context | configure system security aaa remote-servers tacplus priv-lvl-map priv-lvl number | |
| Range | 0 to 15 | |
Notes |
This element is part of a list key. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | User profile for the mapping | |
| Context | configure system security aaa remote-servers tacplus priv-lvl-map priv-lvl number user-profile-name reference | |
| Tree | user-profile-name | |
Reference |
configure system security aaa local-profiles profile string |
|
Notes |
This element is mandatory. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Route preference to reach the AAA server | |
| Context | configure system security aaa remote-servers tacplus route-preference keyword | |
| Tree | route-preference | |
Description |
This command specifies the routing preference to reach the AAA server. If the configured option is to use both in-band and out-of-band routes, the out-of-band routes in the Base routing instance are used to reach the server before the in-band routes in the management routing instance. |
|
| Default | both | |
| Options | ||
| Introduced | 21.5.R1 | |
Platforms |
All |
| Synopsis | Time to wait for a response from the TACACS+ server | |
| Context | configure system security aaa remote-servers tacplus server-timeout number | |
| Tree | server-timeout | |
| Range | 1 to 90 | |
| Default | 3 | |
| Units | seconds | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Apply TACACS+ default user-template to TACACS+ user | |
| Context | configure system security aaa remote-servers tacplus use-default-template boolean | |
| Tree | use-default-template | |
| Default | true | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Enter the vprn-server context | |
| Context | configure system security aaa remote-servers vprn-server | |
| Tree | vprn-server | |
| Introduced | 22.2.R1 | |
Platforms |
All |
| Synopsis | VPRN service used for AAA by in-band sessions | |
| Context | configure system security aaa remote-servers vprn-server inband reference | |
| Tree | inband | |
Description |
This command configures TACACS+ or RADIUS servers in a VPRN to be used for AAA by that VPRN and by sessions in the Base routing instance. |
|
Reference |
||
| Introduced | 22.2.R1 | |
Platforms |
All |
| Synopsis | VPRN service used for AAA by out-of-band sessions | |
| Context | configure system security aaa remote-servers vprn-server outband reference | |
| Tree | outband | |
Description |
This command configures TACACS+ and RADIUS servers in a VPRN to be used for AAA by that VPRN and by sessions on the console or out-of-band (OOB) Ethernet ports. |
|
Reference |
||
| Introduced | 22.2.R1 | |
Platforms |
All |
| Synopsis | VPRN used for AAA in VPRNs without a AAA server | |
| Context | configure system security aaa remote-servers vprn-server vprn reference | |
| Tree | vprn | |
Description |
This command configures TACACS+ or RADIUS servers in a VPRN to be used for AAA by that VPRN and by sessions in VPRNs without a AAA server configured. |
|
Reference |
||
| Introduced | 22.2.R1 | |
Platforms |
All |
| Synopsis | Enter the user-template list instance | |
| Context | configure system security aaa user-template keyword | |
| Tree | user-template | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Default user template applied to the system user | |
| Context | configure system security aaa user-template keyword | |
| Options | ||
Notes |
This element is part of a list key. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | File to execute for a successful user login via console | |
| Context | configure system security aaa user-template keyword console login-exec string | |
| Tree | login-exec | |
| String Length | 1 to 200 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | User local home directory based on the template | |
| Context | configure system security aaa user-template keyword home-directory (sat-url | cflash-without-slot-url) | |
| Tree | home-directory | |
| String Length | 1 to 200 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Restrict file access to the home directory of the user | |
| Context | configure system security aaa user-template keyword restricted-to-home boolean | |
| Tree | restricted-to-home | |
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Enter the cli-script context | |
| Context | configure system security cli-script | |
| Tree | cli-script | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the authorization context | |
| Context | configure system security cli-script authorization | |
| Tree | authorization | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the cron context | |
| Context | configure system security cli-script authorization cron | |
| Tree | cron | |
Description |
Commands in this context configure authorization for the cron job scheduler. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | User profile name for CLI command script authorization | |
| Context | configure system security cli-script authorization cron cli-user reference | |
| Tree | cli-user | |
Reference |
configure system security user-params local-user user string |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the event-handler context | |
| Context | configure system security cli-script authorization event-handler | |
| Tree | event-handler | |
Description |
Commands in this context configure authorization for the Event Handling System (EHS). EHS allows user-controlled programmatic exception handling by allowing a CLI script to be executed upon the detection of a log event. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | User profile name for CLI command script authorization | |
| Context | configure system security cli-script authorization event-handler cli-user reference | |
| Tree | cli-user | |
Reference |
configure system security user-params local-user user string |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the vsd context | |
| Context | configure system security cli-script authorization vsd | |
| Tree | vsd | |
Description |
Commands in this context configure authorization for the VSD server. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | User profile name for CLI command script authorization | |
| Context | configure system security cli-script authorization vsd cli-user reference | |
| Tree | cli-user | |
Reference |
configure system security user-params local-user user string |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the cpm-filter context | |
| Context | configure system security cpm-filter | |
| Tree | cpm-filter | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Action for packets that do not match any filter entries | |
| Context | configure system security cpm-filter default-action keyword | |
| Tree | default-action | |
| Default | accept | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Enter the ip-filter context | |
| Context | configure system security cpm-filter ip-filter | |
| Tree | ip-filter | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Administrative state of the CPM filter | |
| Context | configure system security cpm-filter ip-filter admin-state keyword | |
| Tree | admin-state | |
| Default | disable | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Filter entry ID | |
| Context | configure system security cpm-filter ip-filter entry number | |
| Range | 1 to 131072 | |
Notes |
This element is part of a list key. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Forward matching packets | |
| Context | configure system security cpm-filter ip-filter entry number action accept | |
| Tree | accept | |
Notes |
The following elements are part of a choice: accept, default, drop, or queue. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Use default action for matching packets | |
| Context | configure system security cpm-filter ip-filter entry number action default | |
| Tree | default | |
Notes |
The following elements are part of a choice: accept, default, drop, or queue. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Forward matching packets to the CPM hardware queue | |
| Context | configure system security cpm-filter ip-filter entry number action queue reference | |
| Tree | queue | |
Reference |
||
Notes |
The following elements are part of a choice: accept, default, drop, or queue. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Text description | |
| Context | configure system security cpm-filter ip-filter entry number description string | |
| Tree | description | |
| String Length | 1 to 80 | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Enter the match context | |
| Context | configure system security cpm-filter ip-filter entry number match | |
| Tree | match | |
Description |
Commands in this context specify match criteria for the entry. When the match criteria have been satisfied, the action associated with the entry is executed. If more than one match criterion is configured, all criteria must be met before the action associated with the entry is executed. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | IPv4 address used as the match criterion | |
| Context | configure system security cpm-filter ip-filter entry number match dst-ip address (ipv4-address | ipv4-prefix-with-host-bits) | |
| Tree | address | |
Notes |
The following elements are part of a choice: (address and mask) or ip-prefix-list. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | IP4 address prefix list used as match criterion | |
| Context | configure system security cpm-filter ip-filter entry number match dst-ip ip-prefix-list reference | |
| Tree | ip-prefix-list | |
Reference |
configure filter match-list ip-prefix-list string |
|
Notes |
The following elements are part of a choice: (address and mask) or ip-prefix-list. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | IPv4 address mask used as the match criterion | |
| Context | configure system security cpm-filter ip-filter entry number match dst-ip mask string | |
| Tree | mask | |
Notes |
The following elements are part of a choice: (address and mask) or ip-prefix-list. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Enter the dst-port context | |
| Context | configure system security cpm-filter ip-filter entry number match dst-port | |
| Tree | dst-port | |
Notes |
The following elements are part of a choice: port or (dst-port and src-port). |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Port number as the match criterion | |
| Context | configure system security cpm-filter ip-filter entry number match dst-port eq number | |
| Tree | eq | |
| Range | 0 to 65535 | |
Notes |
The following elements are part of a choice: (eq and mask), port-list, or range. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Port mask as the match criterion | |
| Context | configure system security cpm-filter ip-filter entry number match dst-port mask number | |
| Tree | mask | |
| Range | 1 to 65535 | |
| Default | 65535 | |
Notes |
The following elements are part of a choice: (eq and mask), port-list, or range. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Port list as the match criterion | |
| Context | configure system security cpm-filter ip-filter entry number match dst-port port-list reference | |
| Tree | port-list | |
Reference |
configure filter match-list port-list string |
|
Notes |
The following elements are part of a choice: (eq and mask), port-list, or range. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Enable the range context | |
| Context | configure system security cpm-filter ip-filter entry number match dst-port range | |
| Tree | range | |
Notes |
The following elements are part of a choice: (eq and mask), port-list, or range. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Lower bound of the port number to match | |
| Context | configure system security cpm-filter ip-filter entry number match dst-port range start number | |
| Tree | start | |
| Range | 0 to 65535 | |
Notes |
This element is mandatory. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Match criterion based on presence of fragmented packets | |
| Context | configure system security cpm-filter ip-filter entry number match fragment keyword | |
| Tree | fragment | |
Description |
This command specifies the match criterion based on the existence or absence of fragmented IP packets. Matching on fragmented IPv4 packets occurs when all packets have either the MF (more fragment) bit set or have the Fragment Offset field of the IP header set to a non-zero value. For IPv6, the existence of the IPv6 Fragmentation Extension Header results in a fragmented packet match. Matching on non-fragmented IPv4 packets occurs when all packets have the MF bit set to zero and the Fragment Offset field is also set to zero. For IPv6, the absence of an IPv6 Fragmentation Extension Header results in a non-fragmented packet match. |
|
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Match on packets containing multiple option fields | |
| Context | configure system security cpm-filter ip-filter entry number match multiple-option boolean | |
| Tree | multiple-option | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Match on packets with option field present | |
| Context | configure system security cpm-filter ip-filter entry number match option-present boolean | |
| Tree | option-present | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Port number as the match criterion | |
| Context | configure system security cpm-filter ip-filter entry number match port eq number | |
| Tree | eq | |
| Range | 0 to 65535 | |
Notes |
The following elements are part of a choice: (eq and mask), port-list, or range. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Port mask as the match criterion | |
| Context | configure system security cpm-filter ip-filter entry number match port mask number | |
| Tree | mask | |
| Range | 1 to 65535 | |
| Default | 65535 | |
Notes |
The following elements are part of a choice: (eq and mask), port-list, or range. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Port list as the match criterion | |
| Context | configure system security cpm-filter ip-filter entry number match port port-list reference | |
| Tree | port-list | |
Reference |
configure filter match-list port-list string |
|
Notes |
The following elements are part of a choice: (eq and mask), port-list, or range. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Enable the range context | |
| Context | configure system security cpm-filter ip-filter entry number match port range | |
| Tree | range | |
Notes |
The following elements are part of a choice: (eq and mask), port-list, or range. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Router instance as the match criteria | |
| Context | configure system security cpm-filter ip-filter entry number match router-instance string | |
| Tree | router-instance | |
| String Length | 1 to 64 | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | IPv4 address used as the match criterion | |
| Context | configure system security cpm-filter ip-filter entry number match src-ip address (ipv4-address | ipv4-prefix-with-host-bits) | |
| Tree | address | |
Notes |
The following elements are part of a choice: (address and mask) or ip-prefix-list. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | IP4 address prefix list used as match criterion | |
| Context | configure system security cpm-filter ip-filter entry number match src-ip ip-prefix-list reference | |
| Tree | ip-prefix-list | |
Reference |
configure filter match-list ip-prefix-list string |
|
Notes |
The following elements are part of a choice: (address and mask) or ip-prefix-list. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | IPv4 address mask used as the match criterion | |
| Context | configure system security cpm-filter ip-filter entry number match src-ip mask string | |
| Tree | mask | |
Notes |
The following elements are part of a choice: (address and mask) or ip-prefix-list. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Enter the src-port context | |
| Context | configure system security cpm-filter ip-filter entry number match src-port | |
| Tree | src-port | |
Notes |
The following elements are part of a choice: port or (dst-port and src-port). |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Port number as the match criterion | |
| Context | configure system security cpm-filter ip-filter entry number match src-port eq number | |
| Tree | eq | |
| Range | 0 to 65535 | |
Notes |
The following elements are part of a choice: (eq and mask), port-list, or range. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Port mask as the match criterion | |
| Context | configure system security cpm-filter ip-filter entry number match src-port mask number | |
| Tree | mask | |
| Range | 1 to 65535 | |
| Default | 65535 | |
Notes |
The following elements are part of a choice: (eq and mask), port-list, or range. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Port list as the match criterion | |
| Context | configure system security cpm-filter ip-filter entry number match src-port port-list reference | |
| Tree | port-list | |
Reference |
configure filter match-list port-list string |
|
Notes |
The following elements are part of a choice: (eq and mask), port-list, or range. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Enable the range context | |
| Context | configure system security cpm-filter ip-filter entry number match src-port range | |
| Tree | range | |
Notes |
The following elements are part of a choice: (eq and mask), port-list, or range. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Lower bound of the port number to match | |
| Context | configure system security cpm-filter ip-filter entry number match src-port range start number | |
| Tree | start | |
| Range | 0 to 65535 | |
Notes |
This element is mandatory. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Enter the ipv6-filter context | |
| Context | configure system security cpm-filter ipv6-filter | |
| Tree | ipv6-filter | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Administrative state of the CPM filter | |
| Context | configure system security cpm-filter ipv6-filter admin-state keyword | |
| Tree | admin-state | |
| Default | disable | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Enter the entry list instance | |
| Context | configure system security cpm-filter ipv6-filter entry number | |
| Tree | entry | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Filter entry ID | |
| Context | configure system security cpm-filter ipv6-filter entry number | |
| Range | 1 to 131072 | |
Notes |
This element is part of a list key. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Enter the action context | |
| Context | configure system security cpm-filter ipv6-filter entry number action | |
| Tree | action | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Forward matching packets | |
| Context | configure system security cpm-filter ipv6-filter entry number action accept | |
| Tree | accept | |
Notes |
The following elements are part of a choice: accept, default, drop, or queue. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Use default action for matching packets | |
| Context | configure system security cpm-filter ipv6-filter entry number action default | |
| Tree | default | |
Notes |
The following elements are part of a choice: accept, default, drop, or queue. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Drop matching packets | |
| Context | configure system security cpm-filter ipv6-filter entry number action drop | |
| Tree | drop | |
Notes |
The following elements are part of a choice: accept, default, drop, or queue. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Forward matching packets to the CPM hardware queue | |
| Context | configure system security cpm-filter ipv6-filter entry number action queue reference | |
| Tree | queue | |
Reference |
||
Notes |
The following elements are part of a choice: accept, default, drop, or queue. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Text description | |
| Context | configure system security cpm-filter ipv6-filter entry number description string | |
| Tree | description | |
| String Length | 1 to 80 | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Log ID where matching packets are entered | |
| Context | configure system security cpm-filter ipv6-filter entry number log reference | |
| Tree | log | |
Reference |
||
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Enter the match context | |
| Context | configure system security cpm-filter ipv6-filter entry number match | |
| Tree | match | |
Description |
Commands in this context specify match criteria for the entry. When the match criteria have been satisfied, the action associated with the entry is executed. If more than one match criterion is configured, all criteria must be met before the action associated with the entry is executed. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | DSCP used as the match criterion on the packet | |
| Context | configure system security cpm-filter ipv6-filter entry number match dscp keyword | |
| Tree | dscp | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Enter the dst-ip context | |
| Context | configure system security cpm-filter ipv6-filter entry number match dst-ip | |
| Tree | dst-ip | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | IPv6 address used as the match criterion | |
| Context | configure system security cpm-filter ipv6-filter entry number match dst-ip address (ipv6-address | ipv6-prefix-with-host-bits) | |
| Tree | address | |
Notes |
The following elements are part of a choice: (address and mask) or ipv6-prefix-list. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | IPv6 address prefix list used as match criterion | |
| Context | configure system security cpm-filter ipv6-filter entry number match dst-ip ipv6-prefix-list reference | |
| Tree | ipv6-prefix-list | |
Reference |
configure filter match-list ipv6-prefix-list string |
|
Notes |
The following elements are part of a choice: (address and mask) or ipv6-prefix-list. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | IPv6 address mask used as the match criterion | |
| Context | configure system security cpm-filter ipv6-filter entry number match dst-ip mask string | |
| Tree | mask | |
Notes |
The following elements are part of a choice: (address and mask) or ipv6-prefix-list. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Enter the dst-port context | |
| Context | configure system security cpm-filter ipv6-filter entry number match dst-port | |
| Tree | dst-port | |
Notes |
The following elements are part of a choice: port or (dst-port and src-port). |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Port number as the match criterion | |
| Context | configure system security cpm-filter ipv6-filter entry number match dst-port eq number | |
| Tree | eq | |
| Range | 0 to 65535 | |
Notes |
The following elements are part of a choice: (eq and mask), port-list, or range. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Port mask as the match criterion | |
| Context | configure system security cpm-filter ipv6-filter entry number match dst-port mask number | |
| Tree | mask | |
| Range | 1 to 65535 | |
| Default | 65535 | |
Notes |
The following elements are part of a choice: (eq and mask), port-list, or range. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Port list as the match criterion | |
| Context | configure system security cpm-filter ipv6-filter entry number match dst-port port-list reference | |
| Tree | port-list | |
Reference |
configure filter match-list port-list string |
|
Notes |
The following elements are part of a choice: (eq and mask), port-list, or range. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Enable the range context | |
| Context | configure system security cpm-filter ipv6-filter entry number match dst-port range | |
| Tree | range | |
Notes |
The following elements are part of a choice: (eq and mask), port-list, or range. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Upper bound of the port number to match | |
| Context | configure system security cpm-filter ipv6-filter entry number match dst-port range end number | |
| Tree | end | |
| Range | 0 to 65535 | |
Notes |
This element is mandatory. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Lower bound of the port number to match | |
| Context | configure system security cpm-filter ipv6-filter entry number match dst-port range start number | |
| Tree | start | |
| Range | 0 to 65535 | |
Notes |
This element is mandatory. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Enter the extension-header context | |
| Context | configure system security cpm-filter ipv6-filter entry number match extension-header | |
| Tree | extension-header | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Match on existence of Hop-By-Hop Options Header | |
| Context | configure system security cpm-filter ipv6-filter entry number match extension-header hop-by-hop boolean | |
| Tree | hop-by-hop | |
Description |
When configured to true, a match occurs when the Hop-by-Hop Options Extension Header is present. When configured to false, a match occurs when the Hop-by-Hop Options Extension Header is not present. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Flow label in the IPv6 header as the match criterion | |
| Context | configure system security cpm-filter ipv6-filter entry number match flow-label number | |
| Tree | flow-label | |
| Range | 0 to 1048575 | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Match criterion based on presence of fragmented packets | |
| Context | configure system security cpm-filter ipv6-filter entry number match fragment keyword | |
| Tree | fragment | |
Description |
This command specifies the match criterion based on the existence or absence of fragmented IP packets. Matching on fragmented IPv4 packets occurs when all packets have either the MF (more fragment) bit set or have the Fragment Offset field of the IP header set to a non-zero value. For IPv6, the existence of the IPv6 Fragmentation Extension Header results in a fragmented packet match. Matching on non-fragmented IPv4 packets occurs when all packets have the MF bit set to zero and the Fragment Offset field is also set to zero. For IPv6, the absence of an IPv6 Fragmentation Extension Header results in a non-fragmented packet match. |
|
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Enter the icmp context | |
| Context | configure system security cpm-filter ipv6-filter entry number match icmp | |
| Tree | icmp | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | ICMP code as the match criterion | |
| Context | configure system security cpm-filter ipv6-filter entry number match icmp code number | |
| Tree | code | |
| Range | 0 to 255 | |
| Introduced | 16.0.R1 | |
|
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | ICMP type as the match criterion | |
| Context | configure system security cpm-filter ipv6-filter entry number match icmp type number | |
| Tree | type | |
| Range | 0 to 255 | |
| Introduced | 16.0.R1 | |
|
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | IP protocol to match | |
| Context | configure system security cpm-filter ipv6-filter entry number match next-header (number | keyword) | |
| Tree | next-header | |
| Range | 0 to 255 | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Enter the port context | |
| Context | configure system security cpm-filter ipv6-filter entry number match port | |
| Tree | port | |
Notes |
The following elements are part of a choice: port or (dst-port and src-port). |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Port number as the match criterion | |
| Context | configure system security cpm-filter ipv6-filter entry number match port eq number | |
| Tree | eq | |
| Range | 0 to 65535 | |
Notes |
The following elements are part of a choice: (eq and mask), port-list, or range. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Port mask as the match criterion | |
| Context | configure system security cpm-filter ipv6-filter entry number match port mask number | |
| Tree | mask | |
| Range | 1 to 65535 | |
| Default | 65535 | |
Notes |
The following elements are part of a choice: (eq and mask), port-list, or range. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Port list as the match criterion | |
| Context | configure system security cpm-filter ipv6-filter entry number match port port-list reference | |
| Tree | port-list | |
Reference |
configure filter match-list port-list string |
|
Notes |
The following elements are part of a choice: (eq and mask), port-list, or range. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Enable the range context | |
| Context | configure system security cpm-filter ipv6-filter entry number match port range | |
| Tree | range | |
Notes |
The following elements are part of a choice: (eq and mask), port-list, or range. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Upper bound of the port number to match | |
| Context | configure system security cpm-filter ipv6-filter entry number match port range end number | |
| Tree | end | |
| Range | 0 to 65535 | |
Notes |
This element is mandatory. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Lower bound of the port number to match | |
| Context | configure system security cpm-filter ipv6-filter entry number match port range start number | |
| Tree | start | |
| Range | 0 to 65535 | |
Notes |
This element is mandatory. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Router instance as the match criteria | |
| Context | configure system security cpm-filter ipv6-filter entry number match router-instance string | |
| Tree | router-instance | |
| String Length | 1 to 64 | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Enter the src-ip context | |
| Context | configure system security cpm-filter ipv6-filter entry number match src-ip | |
| Tree | src-ip | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | IPv6 address used as the match criterion | |
| Context | configure system security cpm-filter ipv6-filter entry number match src-ip address (ipv6-address | ipv6-prefix-with-host-bits) | |
| Tree | address | |
Notes |
The following elements are part of a choice: (address and mask) or ipv6-prefix-list. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | IPv6 address prefix list used as match criterion | |
| Context | configure system security cpm-filter ipv6-filter entry number match src-ip ipv6-prefix-list reference | |
| Tree | ipv6-prefix-list | |
Reference |
configure filter match-list ipv6-prefix-list string |
|
Notes |
The following elements are part of a choice: (address and mask) or ipv6-prefix-list. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | IPv6 address mask used as the match criterion | |
| Context | configure system security cpm-filter ipv6-filter entry number match src-ip mask string | |
| Tree | mask | |
Notes |
The following elements are part of a choice: (address and mask) or ipv6-prefix-list. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Enter the src-port context | |
| Context | configure system security cpm-filter ipv6-filter entry number match src-port | |
| Tree | src-port | |
Notes |
The following elements are part of a choice: port or (dst-port and src-port). |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Port number as the match criterion | |
| Context | configure system security cpm-filter ipv6-filter entry number match src-port eq number | |
| Tree | eq | |
| Range | 0 to 65535 | |
Notes |
The following elements are part of a choice: (eq and mask), port-list, or range. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Port mask as the match criterion | |
| Context | configure system security cpm-filter ipv6-filter entry number match src-port mask number | |
| Tree | mask | |
| Range | 1 to 65535 | |
| Default | 65535 | |
Notes |
The following elements are part of a choice: (eq and mask), port-list, or range. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Port list as the match criterion | |
| Context | configure system security cpm-filter ipv6-filter entry number match src-port port-list reference | |
| Tree | port-list | |
Reference |
configure filter match-list port-list string |
|
Notes |
The following elements are part of a choice: (eq and mask), port-list, or range. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Enable the range context | |
| Context | configure system security cpm-filter ipv6-filter entry number match src-port range | |
| Tree | range | |
Notes |
The following elements are part of a choice: (eq and mask), port-list, or range. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Upper bound of the port number to match | |
| Context | configure system security cpm-filter ipv6-filter entry number match src-port range end number | |
| Tree | end | |
| Range | 0 to 65535 | |
Notes |
This element is mandatory. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Lower bound of the port number to match | |
| Context | configure system security cpm-filter ipv6-filter entry number match src-port range start number | |
| Tree | start | |
| Range | 0 to 65535 | |
Notes |
This element is mandatory. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Enter the tcp-flags context | |
| Context | configure system security cpm-filter ipv6-filter entry number match tcp-flags | |
| Tree | tcp-flags | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | ACK bit in TCP header control bits as match criterion | |
| Context | configure system security cpm-filter ipv6-filter entry number match tcp-flags ack boolean | |
| Tree | ack | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | SYN bit in TCP header control bits as match criterion | |
| Context | configure system security cpm-filter ipv6-filter entry number match tcp-flags syn boolean | |
| Tree | syn | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Enter the mac-filter context | |
| Context | configure system security cpm-filter mac-filter | |
| Tree | mac-filter | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Administrative state of the CPM filter | |
| Context | configure system security cpm-filter mac-filter admin-state keyword | |
| Tree | admin-state | |
| Default | disable | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Enter the entry list instance | |
| Context | configure system security cpm-filter mac-filter entry number | |
| Tree | entry | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Filter entry ID | |
| Context | configure system security cpm-filter mac-filter entry number | |
| Range | 1 to 131072 | |
Notes |
This element is part of a list key. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Enter the action context | |
| Context | configure system security cpm-filter mac-filter entry number action | |
| Tree | action | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Forward matching packets | |
| Context | configure system security cpm-filter mac-filter entry number action accept | |
| Tree | accept | |
Notes |
The following elements are part of a choice: accept, default, drop, or queue. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Use default action for matching packets | |
| Context | configure system security cpm-filter mac-filter entry number action default | |
| Tree | default | |
Notes |
The following elements are part of a choice: accept, default, drop, or queue. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Drop matching packets | |
| Context | configure system security cpm-filter mac-filter entry number action drop | |
| Tree | drop | |
Notes |
The following elements are part of a choice: accept, default, drop, or queue. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Forward matching packets to the CPM hardware queue | |
| Context | configure system security cpm-filter mac-filter entry number action queue reference | |
| Tree | queue | |
Reference |
||
Notes |
The following elements are part of a choice: accept, default, drop, or queue. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Text description | |
| Context | configure system security cpm-filter mac-filter entry number description string | |
| Tree | description | |
| String Length | 1 to 80 | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Log ID where matching packets are entered | |
| Context | configure system security cpm-filter mac-filter entry number log reference | |
| Tree | log | |
Reference |
||
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Enter the match context | |
| Context | configure system security cpm-filter mac-filter entry number match | |
| Tree | match | |
Description |
Commands in this context specify match criteria for the entry. When the match criteria have been satisfied, the action associated with the entry is executed. If more than one match criterion is configured, all criteria must be met before the action associated with the entry is executed. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Enter the cfm-opcode context | |
| Context | configure system security cpm-filter mac-filter entry number match cfm-opcode | |
| Tree | cfm-opcode | |
Description |
Commands in this context specify match criteria based on the CFM opcode. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Equal to comparison operator for the CFM opcode | |
| Context | configure system security cpm-filter mac-filter entry number match cfm-opcode eq number | |
| Tree | eq | |
| Range | 0 to 255 | |
Notes |
The following elements are part of a choice: eq, gt, lt, or range. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Greater than comparison operator for the CFM opcode | |
| Context | configure system security cpm-filter mac-filter entry number match cfm-opcode gt number | |
| Tree | gt | |
| Range | 0 to 254 | |
Notes |
The following elements are part of a choice: eq, gt, lt, or range. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Less than comparison operator for the CFM opcode | |
| Context | configure system security cpm-filter mac-filter entry number match cfm-opcode lt number | |
| Tree | lt | |
| Range | 1 to 255 | |
Notes |
The following elements are part of a choice: eq, gt, lt, or range. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Enable the range context | |
| Context | configure system security cpm-filter mac-filter entry number match cfm-opcode range | |
| Tree | range | |
Notes |
The following elements are part of a choice: eq, gt, lt, or range. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Upper bound of the Opcode range to match | |
| Context | configure system security cpm-filter mac-filter entry number match cfm-opcode range end number | |
| Tree | end | |
| Range | 1 to 255 | |
Notes |
This element is mandatory. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Lower bound of the OpCode range to match | |
| Context | configure system security cpm-filter mac-filter entry number match cfm-opcode range start number | |
| Tree | start | |
| Range | 0 to 254 | |
Notes |
This element is mandatory. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Enable the dst-mac context | |
| Context | configure system security cpm-filter mac-filter entry number match dst-mac | |
| Tree | dst-mac | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | MAC address used as the match criterion | |
| Context | configure system security cpm-filter mac-filter entry number match dst-mac address string | |
| Tree | address | |
Notes |
This element is mandatory. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | MAC address mask as the match criterion | |
| Context | configure system security cpm-filter mac-filter entry number match dst-mac mask string | |
| Tree | mask | |
| Default | ff:ff:ff:ff:ff:ff | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Ethernet type as the match criterion | |
| Context | configure system security cpm-filter mac-filter entry number match etype string | |
| Tree | etype | |
Description |
This command specifies an Ethernet type II Ethertype value to be used as a MAC filter match criterion. The Ethernet type field is used by the Ethernet version-II frames and does not apply to IEEE 802.3 Ethernet frames. |
|
| String Length | 5 to 6 | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | MAC frame type as the match criterion | |
| Context | configure system security cpm-filter mac-filter entry number match frame-type keyword | |
| Tree | frame-type | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Enable the llc-dsap context | |
| Context | configure system security cpm-filter mac-filter entry number match llc-dsap | |
| Tree | llc-dsap | |
Description |
Commands in this context specify match criteria based on the Destination Service Access Point (DSAP). |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | 8-bit DSAP as the match criterion | |
| Context | configure system security cpm-filter mac-filter entry number match llc-dsap dsap number | |
| Tree | dsap | |
| Range | 0 to 255 | |
Notes |
This element is mandatory. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Mask for DSAP value as the match criterion | |
| Context | configure system security cpm-filter mac-filter entry number match llc-dsap mask number | |
| Tree | mask | |
| Range | 1 to 255 | |
| Default | 255 | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Enable the llc-ssap context | |
| Context | configure system security cpm-filter mac-filter entry number match llc-ssap | |
| Tree | llc-ssap | |
Description |
Commands in this context specify match criteria based on the Source Service Access Point (SSAP). |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Mask for SSAP value as the match criterion | |
| Context | configure system security cpm-filter mac-filter entry number match llc-ssap mask number | |
| Tree | mask | |
| Range | 1 to 255 | |
| Default | 255 | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | 8-bit SSAP as the match criterion | |
| Context | configure system security cpm-filter mac-filter entry number match llc-ssap ssap number | |
| Tree | ssap | |
| Range | 0 to 255 | |
Notes |
This element is mandatory. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Service ID used as the match condition | |
| Context | configure system security cpm-filter mac-filter entry number match service reference | |
| Tree | service | |
Reference |
||
| Introduced | 16.0.R4 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Enable the src-mac context | |
| Context | configure system security cpm-filter mac-filter entry number match src-mac | |
| Tree | src-mac | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | MAC address used as the match criterion | |
| Context | configure system security cpm-filter mac-filter entry number match src-mac address string | |
| Tree | address | |
Notes |
This element is mandatory. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | MAC address mask as the match criterion | |
| Context | configure system security cpm-filter mac-filter entry number match src-mac mask string | |
| Tree | mask | |
| Default | ff:ff:ff:ff:ff:ff | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Buffer size that can be drawn from queue buffer pool | |
| Context | configure system security cpm-queue queue number cbs number | |
| Tree | cbs | |
Description |
This command specifies the amount of buffer that can be drawn from the reserved buffer portion of the buffer pool of the queue. |
|
| Range | 0 to 131072 | |
| Units | kilobps | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Enter the cpu-protection context | |
| Context | configure system security cpu-protection | |
| Tree | cpu-protection | |
Description |
Commands in this context configure CPU protection policies. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
| Synopsis | Enter the ip-src-monitoring context | |
| Context | configure system security cpu-protection ip-src-monitoring | |
| Tree | ip-src-monitoring | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
| Synopsis | Enter the included-protocols context | |
| Context | configure system security cpu-protection ip-src-monitoring included-protocols | |
| Tree | included-protocols | |
Description |
Commands in this context specify the protocols included in IP source monitoring. The protocol packets will be subject to the per-source-rate of CPU protection policies. This configuration applies system wide and applies to CPU protection globally. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
| Synopsis | Include extracted DHCP packets for IP source monitoring | |
| Context | configure system security cpu-protection ip-src-monitoring included-protocols dhcp boolean | |
| Tree | dhcp | |
| Default | true | |
| Introduced | 16.0.R1 | |
|
Platforms |
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
| Synopsis | Include extracted GTP packets for IP source monitoring | |
| Context | configure system security cpu-protection ip-src-monitoring included-protocols gtp boolean | |
| Tree | gtp | |
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms |
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
| Synopsis | Include extracted ICMP packets for IP source monitoring | |
| Context | configure system security cpu-protection ip-src-monitoring included-protocols icmp boolean | |
| Tree | icmp | |
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms |
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
| Synopsis | Include extracted IGMP packets for IP source monitoring | |
| Context | configure system security cpu-protection ip-src-monitoring included-protocols igmp boolean | |
| Tree | igmp | |
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms |
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
| Synopsis | Packet arrival rate limit for link level protocols | |
| Context | configure system security cpu-protection link-specific-rate (number | keyword) | |
| Tree | link-specific-rate | |
Description |
This command configures a link-specific rate for CPU protection. The limit is applied to all ports within the system. The CPU receives no more than the configured packet rate for all link level protocols, such as LACP, from any one port. The measurement is cleared each second and is based on the ingress port. |
|
| Range | 1 to 65535 | |
| Units | packets per second | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
| Synopsis | Enter the policy list instance | |
| Context | configure system security cpu-protection policy number | |
| Tree | policy | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
| Synopsis | Policy ID | |
| Context | configure system security cpu-protection policy number | |
| Range | 1 to 255 | |
Notes |
This element is part of a list key. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
| Synopsis | Generate an event when the rate is exceeded | |
| Context | configure system security cpu-protection policy number alarm boolean | |
| Tree | alarm | |
Description |
When configured to true, an event is generated when the rate is exceeded. The event includes information about the offending source. Only one event is generated per monitor period. When configured to false, notifications are disabled. |
|
| Default | true | |
| Introduced | 16.0.R1 | |
|
Platforms |
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
| Synopsis | Text description | |
| Context | configure system security cpu-protection policy number description string | |
| Tree | description | |
| String Length | 1 to 80 | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
| Synopsis | Enter the eth-cfm context | |
| Context | configure system security cpu-protection policy number eth-cfm | |
| Tree | eth-cfm | |
Description |
Commands in this context configure CPU policy entries that determine match criteria and overall arrival rate of the Ethernet Connectivity and Fault Management (ETH-CFM) packets at the CPU. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
| Synopsis | Add a list entry for level | |
| Context | configure system security cpu-protection policy number eth-cfm entry number level start number end number | |
| Tree | level | |
Description |
Commands in this context specify the range of domain levels for the match criterion. |
|
| Min. Instances | 1 | |
| Introduced | 16.0.R1 | |
|
Platforms |
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
| Synopsis | Add a list entry for opcode | |
| Context | configure system security cpu-protection policy number eth-cfm entry number opcode start number end number | |
| Tree | opcode | |
Description |
Commands in this context specify the range of operational codes (that identify the application) for the match criterion. |
|
| Min. Instances | 1 | |
| Introduced | 16.0.R1 | |
|
Platforms |
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
| Synopsis | Lower bound of the OpCode range | |
| Context | configure system security cpu-protection policy number eth-cfm entry number opcode start number end number | |
| Range | 0 to 255 | |
Notes |
This element is part of a list key. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
| Synopsis | Upper bound of the OpCode range | |
| Context | configure system security cpu-protection policy number eth-cfm entry number opcode start number end number | |
| Range | 0 to 255 | |
Notes |
This element is part of a list key. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
| Synopsis | Packet arrival rate limit | |
| Context | configure system security cpu-protection policy number eth-cfm entry number pir (number | keyword) | |
| Tree | pir | |
| Range | 0 to 65534 | |
| Default | max | |
| Units | packets per second | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
| Synopsis | Enter the out-profile-rate context | |
| Context | configure system security cpu-protection policy number out-profile-rate | |
| Tree | out-profile-rate | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
| Synopsis | Generate a log event when the packet rate is exceeded | |
| Context | configure system security cpu-protection policy number out-profile-rate log-events boolean | |
| Tree | log-events | |
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms |
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
| Synopsis | Packet arrival rate limit | |
| Context | configure system security cpu-protection policy number out-profile-rate pir (number | keyword) | |
| Tree | pir | |
| Range | 1 to 65534 | |
| Units | packets per second | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
| Synopsis | Packet arrival rate limit for all packets | |
| Context | configure system security cpu-protection policy number overall-rate (number | keyword) | |
| Tree | overall-rate | |
| Range | 1 to 65534 | |
| Units | packets per second | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
| Synopsis | Enter the per-source-parameters context | |
| Context | configure system security cpu-protection policy number per-source-parameters | |
| Tree | per-source-parameters | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
| Synopsis | Enter the ip-src-monitoring context | |
| Context | configure system security cpu-protection policy number per-source-parameters ip-src-monitoring | |
| Tree | ip-src-monitoring | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
| Synopsis | Apply rate limiting to packets with client IP address 0 | |
| Context | configure system security cpu-protection policy number per-source-parameters ip-src-monitoring limit-dhcp-ci-addr-zero boolean | |
| Tree | limit-dhcp-ci-addr-zero | |
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms |
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
| Synopsis | Per-source packet arrival rate limit | |
| Context | configure system security cpu-protection policy number per-source-rate (number | keyword) | |
| Tree | per-source-rate | |
Description |
This command configures the per-source packet arrival rate limit. A source is defined as a unique combination of SAP and MAC source address or SAP and source IP address. The CPU receives no more than the specified packet rate from each source. The measurement is cleared every second. This configuration is applicable only if the policy is assigned to an interface (such as SAPs, subscriber interfaces, and spoke SDPs), and MAC monitoring or IP source monitoring is specified in the CPU protection configuration of the interface. |
|
| Range | 1 to 65534 | |
| Default | max | |
| Units | packets per second | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
| Synopsis | Enter the port-overall-rate context | |
| Context | configure system security cpu-protection port-overall-rate | |
| Tree | port-overall-rate | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
| Synopsis | Mark packets that exceed the rate as low-priority | |
| Context | configure system security cpu-protection port-overall-rate action-low-priority boolean | |
| Tree | action-low-priority | |
Description |
When configured to true, packets that exceed the per-port packet arrival rate limit are marked as low priority for preferential discard later (if there is congestion in the control plane) rather than discarded immediately. |
|
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms |
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
| Synopsis | Per-port packet arrival rate limit | |
| Context | configure system security cpu-protection port-overall-rate pir (number | keyword) | |
| Tree | pir | |
| Range | 1 to 65535 | |
| Units | packets per second | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
| Synopsis | Enable the protocol-protection context | |
| Context | configure system security cpu-protection protocol-protection | |
| Tree | protocol-protection | |
Description |
When enabled, the network processor on the CPM discards all packets received for protocols that are not configured on the interface. This action helps to mitigate DoS attacks by filtering invalid control traffic before it ingresses the CPU. For example, if IS-IS is not configured on an interface, protocol protection discards any IS-IS packets received on the interface. Commands in this context further define the action when the context is enabled. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
| Synopsis | Allow OSPF sham link traffic | |
| Context | configure system security cpu-protection protocol-protection allow-sham-links boolean | |
| Tree | allow-sham-links | |
Description |
When configured to true, tunneled OSPF packets received over the backbone network must be explicitly allowed when OSPF sham links form an adjacency over the MPLS-VPRN backbone network. |
|
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms |
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
| Synopsis | Block extraction and processing of PIM packets | |
| Context | configure system security cpu-protection protocol-protection block-pim-tunneled boolean | |
| Tree | block-pim-tunneled | |
Description |
When configured to true, PIM packets arriving at the SR OS node inside a tunnel (for example, MPLS or GRE) on a network interface are blocked and not processed. PIM in an mVPN on the egress DR will not switch traffic from the (*,G) to the (S,G) tree. |
|
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms |
7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS |
| Synopsis | Enter the dist-cpu-protection context | |
| Context | configure system security dist-cpu-protection | |
| Tree | dist-cpu-protection | |
Description |
Commands in this context configure distributed CPU protection (DCP) attributes. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the policy list instance | |
| Context | configure system security dist-cpu-protection policy string | |
| Tree | policy | |
Description |
Commands in this context configure the attributes of DCP policies. These policies can be applied to objects such as SAPs, network interfaces or ports |
|
| Max. Instances | 130 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Policy name | |
| Context | configure system security dist-cpu-protection policy string | |
| String Length | 1 to 32 | |
Notes |
This element is part of a list key. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Text description | |
| Context | configure system security dist-cpu-protection policy string description string | |
| Tree | description | |
| String Length | 1 to 80 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the local-monitoring-policer list instance | |
| Context | configure system security dist-cpu-protection policy string local-monitoring-policer string | |
| Tree | local-monitoring-policer | |
| Max. Instances | 1 | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Local monitoring policer name | |
| Context | configure system security dist-cpu-protection policy string local-monitoring-policer string | |
| String Length | 1 to 32 | |
Notes |
This element is part of a list key. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Text description | |
| Context | configure system security dist-cpu-protection policy string local-monitoring-policer string description string | |
| Tree | description | |
| String Length | 1 to 80 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Action taken when policer rates are exceeded | |
| Context | configure system security dist-cpu-protection policy string local-monitoring-policer string exceed-action keyword | |
| Tree | exceed-action | |
Description |
This command specifies the action taken on the extracted control packets when the configured policer rates are exceeded. |
|
| Default | none | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Control of log events creation for status and activity | |
| Context | configure system security dist-cpu-protection policy string local-monitoring-policer string log-events keyword | |
| Tree | log-events | |
Description |
This command controls the creation of log events related to the status and activity of the local monitoring policer. |
|
| Default | true | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the rate context | |
| Context | configure system security dist-cpu-protection policy string local-monitoring-policer string rate | |
| Tree | rate | |
Description |
Commands in this context specify the rate and burst tolerance for the policer. The actual hardware may not be able to perfectly rate limit to the exact configured parameters. In this case, the configured parameters will be adapted to the closest supported rate. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the kbps context | |
| Context | configure system security dist-cpu-protection policy string local-monitoring-policer string rate kbps | |
| Tree | kbps | |
Notes |
The following elements are part of a choice: kbps or packets. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Rate limit | |
| Context | configure system security dist-cpu-protection policy string local-monitoring-policer string rate kbps limit (keyword | number) | |
| Tree | limit | |
| Range | 1 to 20000000 | |
| Default | max | |
| Units | kilobps | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Tolerance for the rate | |
| Context | configure system security dist-cpu-protection policy string local-monitoring-policer string rate kbps mbs number | |
| Tree | mbs | |
| Range | 0 to 4194304 | |
| Units | bytes | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the packets context | |
| Context | configure system security dist-cpu-protection policy string local-monitoring-policer string rate packets | |
| Tree | packets | |
Notes |
This element is the default part of a choice. The following elements are part of a choice: kbps or packets. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Additional packets allowed in an initial burst | |
| Context | configure system security dist-cpu-protection policy string local-monitoring-policer string rate packets initial-delay number | |
| Tree | initial-delay | |
Description |
This command specifies the number of packets allowed in an initial burst (or a burst after the policer bucket has drained to zero) in addition to the packets per interval limit. The typical setting would be a value equal to the number of received packets in several full handshakes or negotiations of the protocol. |
|
| Range | 0 to 255 | |
| Default | 0 | |
| Units | packets | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Packets per interval limit | |
| Context | configure system security dist-cpu-protection policy string local-monitoring-policer string rate packets limit (keyword | number) | |
| Tree | limit | |
| Range | 0 to 8000 | |
| Default | max | |
| Units | packets per interval | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Measurement interval for packets rate | |
| Context | configure system security dist-cpu-protection policy string local-monitoring-policer string rate packets within number | |
| Tree | within | |
| Range | 1 to 32767 | |
| Default | 1 | |
| Units | seconds | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Protocol name | |
| Context | configure system security dist-cpu-protection policy string protocol keyword | |
| Options | ||
Notes |
This element is part of a list key. |
|
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Enter the dynamic-parameters context | |
| Context | configure system security dist-cpu-protection policy string protocol keyword dynamic-parameters | |
| Tree | dynamic-parameters | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Minimum time the dynamic policer remains allocated | |
| Context | configure system security dist-cpu-protection policy string protocol keyword dynamic-parameters detection-time number | |
| Tree | detection-time | |
| Range | 1 to 128000 | |
| Default | 30 | |
| Units | seconds | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the exceed-action context | |
| Context | configure system security dist-cpu-protection policy string protocol keyword dynamic-parameters exceed-action | |
| Tree | exceed-action | |
Description |
Commands in this context specify the settings for the scenario when the configured policer rates are exceeded. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Action taken on control packets when rates are exceeded | |
| Context | configure system security dist-cpu-protection policy string protocol keyword dynamic-parameters exceed-action action keyword | |
| Tree | action | |
| Default | none | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Hold down behavior | |
| Context | configure system security dist-cpu-protection policy string protocol keyword dynamic-parameters exceed-action hold-down (keyword | number) | |
| Tree | hold-down | |
Description |
This command specifies the behavior when the system detects that an enforcement policer has marked or discarded one or more packets and there is no action specified for the scenario when the rates are exceeded. The hold time condition is cleared after the specified time has expired. The detection time (the minimum time that the policer remains allocated) begins after the hold down is complete. The hold down behavior is not applicable to a local monitoring policer. An indefinite hold down behavior must be cleared using the tools perform security dist-cpu-protection release-hold-down command. |
|
| Range | 1 to 10080 | |
| Default | none | |
| Units | seconds | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Control of log events creation for status and activity | |
| Context | configure system security dist-cpu-protection policy string protocol keyword dynamic-parameters log-events keyword | |
| Tree | log-events | |
Description |
This command controls the creation of log events related to the status and activity of the local monitoring policer. |
|
| Default | true | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the rate context | |
| Context | configure system security dist-cpu-protection policy string protocol keyword dynamic-parameters rate | |
| Tree | rate | |
Description |
Commands in this context specify the rate and burst tolerance for the policer. The actual hardware may not be able to perfectly rate limit to the exact configured parameters. In this case, the configured parameters will be adapted to the closest supported rate. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the kbps context | |
| Context | configure system security dist-cpu-protection policy string protocol keyword dynamic-parameters rate kbps | |
| Tree | kbps | |
Notes |
The following elements are part of a choice: kbps or packets. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Rate limit | |
| Context | configure system security dist-cpu-protection policy string protocol keyword dynamic-parameters rate kbps limit (keyword | number) | |
| Tree | limit | |
| Range | 1 to 20000000 | |
| Default | max | |
| Units | kilobps | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Tolerance for the rate | |
| Context | configure system security dist-cpu-protection policy string protocol keyword dynamic-parameters rate kbps mbs number | |
| Tree | mbs | |
| Range | 0 to 4194304 | |
| Units | bytes | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the packets context | |
| Context | configure system security dist-cpu-protection policy string protocol keyword dynamic-parameters rate packets | |
| Tree | packets | |
Notes |
This element is the default part of a choice. The following elements are part of a choice: kbps or packets. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Additional packets allowed in an initial burst | |
| Context | configure system security dist-cpu-protection policy string protocol keyword dynamic-parameters rate packets initial-delay number | |
| Tree | initial-delay | |
Description |
This command specifies the number of packets allowed in an initial burst (or a burst after the policer bucket has drained to zero) in addition to the packets per interval limit. The typical setting would be a value equal to the number of received packets in several full handshakes or negotiations of the protocol. |
|
| Range | 0 to 255 | |
| Default | 0 | |
| Units | packets | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Packets per interval limit | |
| Context | configure system security dist-cpu-protection policy string protocol keyword dynamic-parameters rate packets limit (keyword | number) | |
| Tree | limit | |
| Range | 0 to 8000 | |
| Default | max | |
| Units | packets per interval | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Measurement interval for packets rate | |
| Context | configure system security dist-cpu-protection policy string protocol keyword dynamic-parameters rate packets within number | |
| Tree | within | |
| Range | 1 to 32767 | |
| Default | 1 | |
| Units | seconds | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the enforcement context | |
| Context | configure system security dist-cpu-protection policy string protocol keyword enforcement | |
| Tree | enforcement | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the dynamic context | |
| Context | configure system security dist-cpu-protection policy string protocol keyword enforcement dynamic | |
| Tree | dynamic | |
Notes |
The following elements are part of a choice: dynamic, dynamic-local-mon-bypass, shared, or static. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Dynamic enforcement policer for the protocol | |
| Context | configure system security dist-cpu-protection policy string protocol keyword enforcement dynamic mon-policer-name reference | |
| Tree | mon-policer-name | |
Description |
This command specifies the dynamic enforcement policer that is instantiated when the associated local monitoring policer is determined to be in a nonconforming state (at the end of a minimum monitoring time of 60 seconds to reduce thrashing). |
|
Reference |
configure system security dist-cpu-protection policy string local-monitoring-policer string |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Do not include packets in the local monitoring function | |
| Context | configure system security dist-cpu-protection policy string protocol keyword enforcement dynamic-local-mon-bypass | |
| Tree | dynamic-local-mon-bypass | |
Description |
When configured, packets from the protocol are not included in the local monitoring function and the dynamic enforcement policer is not instantiated for the protocol. |
|
Notes |
This element is the default part of a choice. The following elements are part of a choice: dynamic, dynamic-local-mon-bypass, shared, or static. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the static context | |
| Context | configure system security dist-cpu-protection policy string protocol keyword enforcement static | |
| Tree | static | |
Notes |
The following elements are part of a choice: dynamic, dynamic-local-mon-bypass, shared, or static. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Static policer enforced by the protocol | |
| Context | configure system security dist-cpu-protection policy string protocol keyword enforcement static policer-name reference | |
| Tree | policer-name | |
Reference |
configure system security dist-cpu-protection policy string static-policer string |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the static-policer list instance | |
| Context | configure system security dist-cpu-protection policy string static-policer string | |
| Tree | static-policer | |
Description |
Commands in this context configure a static enforcement policer that can be referenced by one or more protocols in the policy. When a policer is referenced by a protocol, the policer is instantiated for each object (for example, a SAP or network interface) that is created and references the policer. If no policer resources are available on the associated card or FP, the object is not created. |
|
| Max. Instances | 18 | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Static policer name | |
| Context | configure system security dist-cpu-protection policy string static-policer string | |
| String Length | 1 to 32 | |
Notes |
This element is part of a list key. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Text description | |
| Context | configure system security dist-cpu-protection policy string static-policer string description string | |
| Tree | description | |
| String Length | 1 to 80 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Minimum time the dynamic policer remains allocated | |
| Context | configure system security dist-cpu-protection policy string static-policer string detection-time number | |
| Tree | detection-time | |
| Range | 1 to 128000 | |
| Default | 30 | |
| Units | seconds | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the exceed-action context | |
| Context | configure system security dist-cpu-protection policy string static-policer string exceed-action | |
| Tree | exceed-action | |
Description |
Commands in this context specify the settings for the scenario when the configured policer rates are exceeded. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Action taken on control packets when rates are exceeded | |
| Context | configure system security dist-cpu-protection policy string static-policer string exceed-action action keyword | |
| Tree | action | |
| Default | none | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Hold down behavior | |
| Context | configure system security dist-cpu-protection policy string static-policer string exceed-action hold-down (keyword | number) | |
| Tree | hold-down | |
Description |
This command specifies the behavior when the system detects that an enforcement policer has marked or discarded one or more packets and there is no action specified for the scenario when the rates are exceeded. The hold time condition is cleared after the specified time has expired. The detection time (the minimum time that the policer remains allocated) begins after the hold down is complete. The hold down behavior is not applicable to a local monitoring policer. An indefinite hold down behavior must be cleared using the tools perform security dist-cpu-protection release-hold-down command. |
|
| Range | 1 to 10080 | |
| Default | none | |
| Units | seconds | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Control of log events creation for status and activity | |
| Context | configure system security dist-cpu-protection policy string static-policer string log-events keyword | |
| Tree | log-events | |
Description |
This command controls the creation of log events related to the status and activity of the local monitoring policer. |
|
| Default | true | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the rate context | |
| Context | configure system security dist-cpu-protection policy string static-policer string rate | |
| Tree | rate | |
Description |
Commands in this context specify the rate and burst tolerance for the policer. The actual hardware may not be able to perfectly rate limit to the exact configured parameters. In this case, the configured parameters will be adapted to the closest supported rate. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the kbps context | |
| Context | configure system security dist-cpu-protection policy string static-policer string rate kbps | |
| Tree | kbps | |
Notes |
The following elements are part of a choice: kbps or packets. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Rate limit | |
| Context | configure system security dist-cpu-protection policy string static-policer string rate kbps limit (keyword | number) | |
| Tree | limit | |
| Range | 1 to 20000000 | |
| Default | max | |
| Units | kilobps | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Tolerance for the rate | |
| Context | configure system security dist-cpu-protection policy string static-policer string rate kbps mbs number | |
| Tree | mbs | |
| Range | 0 to 4194304 | |
| Units | bytes | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the packets context | |
| Context | configure system security dist-cpu-protection policy string static-policer string rate packets | |
| Tree | packets | |
Notes |
This element is the default part of a choice. The following elements are part of a choice: kbps or packets. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Additional packets allowed in an initial burst | |
| Context | configure system security dist-cpu-protection policy string static-policer string rate packets initial-delay number | |
| Tree | initial-delay | |
Description |
This command specifies the number of packets allowed in an initial burst (or a burst after the policer bucket has drained to zero) in addition to the packets per interval limit. The typical setting would be a value equal to the number of received packets in several full handshakes or negotiations of the protocol. |
|
| Range | 0 to 255 | |
| Default | 0 | |
| Units | packets | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Packets per interval limit | |
| Context | configure system security dist-cpu-protection policy string static-policer string rate packets limit (keyword | number) | |
| Tree | limit | |
| Range | 0 to 8000 | |
| Default | max | |
| Units | packets per interval | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Measurement interval for packets rate | |
| Context | configure system security dist-cpu-protection policy string static-policer string rate packets within number | |
| Tree | within | |
| Range | 1 to 32767 | |
| Default | 1 | |
| Units | seconds | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Administrative state of 802.1x network access control | |
| Context | configure system security dot1x admin-state keyword | |
| Tree | admin-state | |
| Default | disable | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the radius-policy list instance | |
| Context | configure system security dot1x radius-policy string | |
| Tree | radius-policy | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | RADIUS server policy name for 802.1X authentication | |
| Context | configure system security dot1x radius-policy string | |
| String Length | 1 to 32 | |
Notes |
This element is part of a list key. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Administrative state of the server for authentication | |
| Context | configure system security dot1x radius-policy string admin-state keyword | |
| Tree | admin-state | |
| Default | disable | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | RADIUS server index | |
| Context | configure system security dot1x radius-policy string server number | |
| Range | 1 to 5 | |
Notes |
This element is part of a list key. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | UDP port number on which to contact the RADIUS server for accounting requests | |
| Context | configure system security dot1x radius-policy string server number accounting-port number | |
| Tree | accounting-port | |
| Range | 1 to 65535 | |
| Default | 1813 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | UDP port number on which to contact the RADIUS server for authentication | |
| Context | configure system security dot1x radius-policy string server number authentication-port number | |
| Tree | authentication-port | |
| Range | 1 to 65535 | |
| Default | 1812 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Source address of the RADIUS packet | |
| Context | configure system security dot1x radius-policy string source-address string | |
| Tree | source-address | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enable FTP servers running on the system | |
| Context | configure system security ftp-server boolean | |
| Tree | ftp-server | |
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Enter the hash-control context | |
| Context | configure system security hash-control | |
| Tree | hash-control | |
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Enter the management-interface context | |
| Context | configure system security hash-control management-interface | |
| Tree | management-interface | |
Description |
Commands in this context configure encryption parameters for different management interfaces. |
|
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Enter the classic-cli context | |
| Context | configure system security hash-control management-interface classic-cli | |
| Tree | classic-cli | |
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Input encryption algorithm for configuration secrets | |
| Context | configure system security hash-control management-interface classic-cli read-algorithm keyword | |
| Tree | read-algorithm | |
Description |
This command specifies how encrypted configuration secrets are interpreted and which encryption types are accepted when secrets are input into the system or read from a configuration file (for example, at system bootup time). |
|
| Default | all-hash | |
| Options | ||
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Output encryption algorithm for configuration secrets | |
| Context | configure system security hash-control management-interface classic-cli write-algorithm keyword | |
| Tree | write-algorithm | |
Description |
This command specifies the format of the output for encrypted configuration secrets (for example, in the saved configuration file, or in the output of the info or show commands). |
|
| Default | hash2 | |
| Options | ||
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Enter the grpc context | |
| Context | configure system security hash-control management-interface grpc | |
| Tree | grpc | |
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Encryption algorithm for configuration secrets | |
| Context | configure system security hash-control management-interface grpc hash-algorithm keyword | |
| Tree | hash-algorithm | |
Description |
This command specifies the format of the input and output for encrypted configuration secrets. |
|
| Default | hash2 | |
| Options | ||
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Enter the md-cli context | |
| Context | configure system security hash-control management-interface md-cli | |
| Tree | md-cli | |
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Encryption algorithm for configuration secrets | |
| Context | configure system security hash-control management-interface md-cli hash-algorithm keyword | |
| Tree | hash-algorithm | |
Description |
This command specifies the format of the input and output for encrypted configuration secrets. |
|
| Default | hash2 | |
| Options | ||
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Enter the netconf context | |
| Context | configure system security hash-control management-interface netconf | |
| Tree | netconf | |
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Encryption algorithm for configuration secrets | |
| Context | configure system security hash-control management-interface netconf hash-algorithm keyword | |
| Tree | hash-algorithm | |
Description |
This command specifies the format of the input and output for encrypted configuration secrets. |
|
| Default | hash2 | |
| Options | ||
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Administrative state of the keychain | |
| Context | configure system security keychains keychain string admin-state keyword | |
| Tree | admin-state | |
| Default | enable | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the bidirectional context | |
| Context | configure system security keychains keychain string bidirectional | |
| Tree | bidirectional | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Administrative state of the keychain entry | |
| Context | configure system security keychains keychain string bidirectional entry number admin-state keyword | |
| Tree | admin-state | |
| Default | enable | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
|
WARNING:
Modifying this element recreates the parent element automatically for the new value to take effect. |
||
| Synopsis | Encryption algorithm used by the keychain key | |
| Context | configure system security keychains keychain string bidirectional entry number algorithm keyword | |
| Tree | algorithm | |
| Options | ||
| Introduced | 16.0.R1 | |
|
Platforms |
All |
|
|
WARNING:
Modifying this element recreates the parent element automatically for the new value to take effect. |
||
| Synopsis | Authentication key used by the encryption algorithm | |
| Context | configure system security keychains keychain string bidirectional entry number authentication-key string | |
| Tree | authentication-key | |
| String Length | 1 to 54 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
|
| Synopsis | Calendar date and time to start using the key | |
| Context | configure system security keychains keychain string bidirectional entry number begin-time string | |
| Tree | begin-time | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Time within which an eligible receive key should overlap with the active send key | |
| Context | configure system security keychains keychain string bidirectional entry number tolerance (number | keyword) | |
| Tree | tolerance | |
| Range | 0 to 4294967294 | |
| Default | 300 | |
| Units | seconds | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Text description | |
| Context | configure system security keychains keychain string description string | |
| Tree | description | |
| String Length | 1 to 80 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Administrative state of the keychain entry | |
| Context | configure system security keychains keychain string receive entry number admin-state keyword | |
| Tree | admin-state | |
| Default | enable | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
|
WARNING:
Modifying this element recreates the parent element automatically for the new value to take effect. |
||
| Synopsis | Encryption algorithm used by the keychain key | |
| Context | configure system security keychains keychain string receive entry number algorithm keyword | |
| Tree | algorithm | |
| Options | ||
| Introduced | 16.0.R1 | |
|
Platforms |
All |
|
|
WARNING:
Modifying this element recreates the parent element automatically for the new value to take effect. |
||
| Synopsis | Authentication key used by the encryption algorithm | |
| Context | configure system security keychains keychain string receive entry number authentication-key string | |
| Tree | authentication-key | |
| String Length | 1 to 54 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
|
| Synopsis | Calendar date and time to start using the key | |
| Context | configure system security keychains keychain string receive entry number begin-time string | |
| Tree | begin-time | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Time within which an eligible receive key should overlap with the active send key | |
| Context | configure system security keychains keychain string receive entry number tolerance (number | keyword) | |
| Tree | tolerance | |
| Range | 0 to 4294967294 | |
| Default | 300 | |
| Units | seconds | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Administrative state of the keychain entry | |
| Context | configure system security keychains keychain string send entry number admin-state keyword | |
| Tree | admin-state | |
| Default | enable | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
|
WARNING:
Modifying this element recreates the parent element automatically for the new value to take effect. |
||
| Synopsis | Encryption algorithm used by the keychain key | |
| Context | configure system security keychains keychain string send entry number algorithm keyword | |
| Tree | algorithm | |
| Options | ||
| Introduced | 16.0.R1 | |
|
Platforms |
All |
|
|
WARNING:
Modifying this element recreates the parent element automatically for the new value to take effect. |
||
| Synopsis | Authentication key used by the encryption algorithm | |
| Context | configure system security keychains keychain string send entry number authentication-key string | |
| Tree | authentication-key | |
| String Length | 1 to 54 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
|
| Synopsis | Calendar date and time to start using the key | |
| Context | configure system security keychains keychain string send entry number begin-time string | |
| Tree | begin-time | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the tcp-option-number context | |
| Context | configure system security keychains keychain string tcp-option-number | |
| Tree | tcp-option-number | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the management context | |
| Context | configure system security management | |
| Tree | management | |
Description |
Commands in this context control which management protocols can be used to access the SR OS router via the 'Base' and 'management' router instances. |
|
| Introduced | 16.0.R5 | |
Platforms |
All |
| Synopsis | Allow access to the FTP server | |
| Context | configure system security management allow-ftp boolean | |
| Tree | allow-ftp | |
Description |
When configured to true, this command allows FTP access to the SR OS router via the 'Base' and 'management' router instances. When configured to false, this command disallows access to the SR OS FTP server. |
|
| Default | true | |
| Introduced | 16.0.R6 | |
|
Platforms |
All |
| Synopsis | Allow access to the gRPC server | |
| Context | configure system security management allow-grpc boolean | |
| Tree | allow-grpc | |
Description |
When configured to true, the system allows access to the gRPC server via the 'Base' and 'management' router instances. |
|
| Default | true | |
| Introduced | 19.5.R1 | |
|
Platforms |
All |
| Synopsis | Allow access to the NETCONF server | |
| Context | configure system security management allow-netconf boolean | |
| Tree | allow-netconf | |
Description |
When configured to true, the system allows NETCONF server access to the SR OS router via the 'Base' and 'management' router instances. |
|
| Default | true | |
| Introduced | 19.5.R1 | |
|
Platforms |
All |
| Synopsis | Allow access to the SSH server | |
| Context | configure system security management allow-ssh boolean | |
| Tree | allow-ssh | |
Description |
When configured to true, this command allows SSH server access to the SR OS router via the 'Base' and 'management' router instances. When configured to false, this command disallows SSH server access. |
|
| Default | true | |
| Introduced | 16.0.R5 | |
|
Platforms |
All |
| Synopsis | Allow access to the IPv4 Telnet server | |
| Context | configure system security management allow-telnet boolean | |
| Tree | allow-telnet | |
Description |
When configured to true, this command allows IPv4 Telnet server access to the SR OS router via the 'Base' and 'management' router instances. When configured to false, this command disallows access to the IPv4 Telnet server. |
|
| Default | true | |
| Introduced | 16.0.R5 | |
|
Platforms |
All |
| Synopsis | Allow access to the Telnet IPv6 server | |
| Context | configure system security management allow-telnet6 boolean | |
| Tree | allow-telnet6 | |
Description |
When configured to true, this command allows IPv6 Telnet server access to the SR OS router via the 'Base' and 'management' router instances. When configured to false, this command disallows access to the IPv6 Telnet server. |
|
| Default | true | |
| Introduced | 16.0.R5 | |
|
Platforms |
All |
| Synopsis | Enter the management-access-filter context | |
| Context | configure system security management-access-filter | |
| Tree | management-access-filter | |
Description |
Commands in this context configure the attributes for management access filters. Management access filters control all traffic in and out of the CPM. The filters can be used to restrict management of the router by other nodes outside of specific networks (or sub-networks) or through designated ports. Management filters are enforced by the system software. |
|
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Enter the ip-filter context | |
| Context | configure system security management-access-filter ip-filter | |
| Tree | ip-filter | |
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Administrative state of management-access filters | |
| Context | configure system security management-access-filter ip-filter admin-state keyword | |
| Tree | admin-state | |
| Default | enable | |
| Options | ||
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Default action for the management access filter | |
| Context | configure system security management-access-filter ip-filter default-action keyword | |
| Tree | default-action | |
Description |
This command specifies the default action for management access in the absence of a specific management access filter match. |
|
| Default | ignore-match | |
| Options | ||
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Entry ID to identify the match criteria and the action | |
| Context | configure system security management-access-filter ip-filter entry number | |
Description |
This command specifies the entry ID to identify the match criteria and the corresponding action. It is recommended that entries are numbered in staggered increments. This allows users to insert a new entry in an existing policy without having to renumber the existing entries. |
|
| Range | 1 to 9999 | |
Notes |
This element is part of a list key. |
|
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Action associated with the management access filter | |
| Context | configure system security management-access-filter ip-filter entry number action keyword | |
| Tree | action | |
Description |
This command specifies the action associated with the management access filter match criteria entry. If the packet does not meet any of the match criteria, the configured default action is applied. |
|
| Default | ignore-match | |
| Options | ||
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Text description | |
| Context | configure system security management-access-filter ip-filter entry number description string | |
| Tree | description | |
| String Length | 1 to 80 | |
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Enable match logging | |
| Context | configure system security management-access-filter ip-filter entry number log-events boolean | |
| Tree | log-events | |
Description |
When configured to true, this command enables match logging. When enabled, matches on the entry cause the Security event mafEntryMatch to be raised. When configured to false, match logging is disabled. |
|
| Default | false | |
| Introduced | 16.0.R4 | |
|
Platforms |
All |
| Synopsis | Router instance as the match criterion | |
| Context | configure system security management-access-filter ip-filter entry number match router-instance string | |
| Tree | router-instance | |
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | IP address or IP prefix as the match criterion | |
| Context | configure system security management-access-filter ip-filter entry number match src-ip address (ipv4-prefix | ipv4-address) | |
| Tree | address | |
Notes |
The following elements are part of a choice: (address and mask) or ip-prefix-list. |
|
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | IP prefix list as the match criterion | |
| Context | configure system security management-access-filter ip-filter entry number match src-ip ip-prefix-list reference | |
| Tree | ip-prefix-list | |
Reference |
configure filter match-list ip-prefix-list string |
|
Notes |
The following elements are part of a choice: (address and mask) or ip-prefix-list. |
|
| Introduced | 20.7.R1 | |
Platforms |
All |
| Synopsis | Enter the ipv6-filter context | |
| Context | configure system security management-access-filter ipv6-filter | |
| Tree | ipv6-filter | |
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Administrative state of management-access filters | |
| Context | configure system security management-access-filter ipv6-filter admin-state keyword | |
| Tree | admin-state | |
| Default | enable | |
| Options | ||
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Default action for the management access filter | |
| Context | configure system security management-access-filter ipv6-filter default-action keyword | |
| Tree | default-action | |
Description |
This command specifies the default action for management access in the absence of a specific management access filter match. |
|
| Default | ignore-match | |
| Options | ||
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Enter the entry list instance | |
| Context | configure system security management-access-filter ipv6-filter entry number | |
| Tree | entry | |
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Entry ID to identify the match criteria and the action | |
| Context | configure system security management-access-filter ipv6-filter entry number | |
Description |
This command specifies the entry ID to identify the match criteria and the corresponding action. It is recommended that entries are numbered in staggered increments. This allows users to insert a new entry in an existing policy without having to renumber the existing entries. |
|
| Range | 1 to 9999 | |
Notes |
This element is part of a list key. |
|
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Action associated with the management access filter | |
| Context | configure system security management-access-filter ipv6-filter entry number action keyword | |
| Tree | action | |
Description |
This command specifies the action associated with the management access filter match criteria entry. If the packet does not meet any of the match criteria, the configured default action is applied. |
|
| Default | ignore-match | |
| Options | ||
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Text description | |
| Context | configure system security management-access-filter ipv6-filter entry number description string | |
| Tree | description | |
| String Length | 1 to 80 | |
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Enable match logging | |
| Context | configure system security management-access-filter ipv6-filter entry number log-events boolean | |
| Tree | log-events | |
Description |
When configured to true, this command enables match logging. When enabled, matches on the entry cause the Security event mafEntryMatch to be raised. When configured to false, match logging is disabled. |
|
| Default | false | |
| Introduced | 16.0.R4 | |
|
Platforms |
All |
| Synopsis | Enter the match context | |
| Context | configure system security management-access-filter ipv6-filter entry number match | |
| Tree | match | |
Description |
Commands in this context specify match criteria for the entry. |
|
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Enable the dst-port context | |
| Context | configure system security management-access-filter ipv6-filter entry number match dst-port | |
| Tree | dst-port | |
Description |
Commands in this context specify match criteria based on the destination port. |
|
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | IP address mask as the match criterion | |
| Context | configure system security management-access-filter ipv6-filter entry number match dst-port mask number | |
| Tree | mask | |
| Range | 1 to 65535 | |
| Default | 65535 | |
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | TCP or UDP port number as the match criterion | |
| Context | configure system security management-access-filter ipv6-filter entry number match dst-port port number | |
| Tree | port | |
| Range | 1 to 65535 | |
Notes |
This element is mandatory. |
|
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Flow identifier used to discriminate traffic flows | |
| Context | configure system security management-access-filter ipv6-filter entry number match flow-label number | |
| Tree | flow-label | |
| Range | 0 to 1048575 | |
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Enter the mgmt-port context | |
| Context | configure system security management-access-filter ipv6-filter entry number match mgmt-port | |
| Tree | mgmt-port | |
Description |
Commands in this context specify match criteria based on the Ethernet port. |
|
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Match any traffic received on any Ethernet port | |
| Context | configure system security management-access-filter ipv6-filter entry number match mgmt-port cpm | |
| Tree | cpm | |
Notes |
The following elements are part of a choice: cpm, (lag and lag-id), or port-id. |
|
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | LAG ID as the match criterion | |
| Context | configure system security management-access-filter ipv6-filter entry number match mgmt-port lag string | |
| Tree | lag | |
| String Length | 1 to 27 | |
Notes |
The following elements are part of a choice: cpm, (lag and lag-id), or port-id. |
|
| Introduced | 21.2.R1 | |
Platforms |
All |
| Synopsis | Port ID as the match criterion | |
| Context | configure system security management-access-filter ipv6-filter entry number match mgmt-port port-id string | |
| Tree | port-id | |
Notes |
The following elements are part of a choice: cpm, (lag and lag-id), or port-id. |
|
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | IP protocol to match | |
| Context | configure system security management-access-filter ipv6-filter entry number match next-header (number | keyword) | |
| Tree | next-header | |
| Range | 0 to 255 | |
| Options | ||
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Router instance as the match criterion | |
| Context | configure system security management-access-filter ipv6-filter entry number match router-instance string | |
| Tree | router-instance | |
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Enter the src-ip context | |
| Context | configure system security management-access-filter ipv6-filter entry number match src-ip | |
| Tree | src-ip | |
Description |
Commands in this context specify match criteria based on the source port. |
|
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | IPv6 address or IPv6 prefix to match | |
| Context | configure system security management-access-filter ipv6-filter entry number match src-ip address (ipv6-prefix | ipv6-address) | |
| Tree | address | |
Notes |
The following elements are part of a choice: (address and mask) or ipv6-prefix-list. |
|
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | IPv6 prefix list as the match criterion | |
| Context | configure system security management-access-filter ipv6-filter entry number match src-ip ipv6-prefix-list reference | |
| Tree | ipv6-prefix-list | |
Reference |
configure filter match-list ipv6-prefix-list string |
|
Notes |
The following elements are part of a choice: (address and mask) or ipv6-prefix-list. |
|
| Introduced | 20.7.R1 | |
Platforms |
All |
| Synopsis | IP address mask as the match criterion | |
| Context | configure system security management-access-filter ipv6-filter entry number match src-ip mask string | |
| Tree | mask | |
Notes |
The following elements are part of a choice: (address and mask) or ipv6-prefix-list. |
|
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Enable the src-port context | |
| Context | configure system security management-access-filter ipv6-filter entry number match src-port | |
| Tree | src-port | |
Description |
Commands in this context specify match criteria based on the source port. |
|
| Introduced | 21.7.R1 | |
Platforms |
All |
| Synopsis | IP address mask as the match criterion | |
| Context | configure system security management-access-filter ipv6-filter entry number match src-port mask number | |
| Tree | mask | |
| Range | 1 to 65535 | |
| Default | 65535 | |
| Introduced | 21.7.R1 | |
Platforms |
All |
| Synopsis | TCP or UDP port number as the match criterion | |
| Context | configure system security management-access-filter ipv6-filter entry number match src-port port number | |
| Tree | port | |
| Range | 1 to 65535 | |
Notes |
This element is mandatory. |
|
| Introduced | 21.7.R1 | |
Platforms |
All |
| Synopsis | Enter the mac-filter context | |
| Context | configure system security management-access-filter mac-filter | |
| Tree | mac-filter | |
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Administrative state of management access MAC filter | |
| Context | configure system security management-access-filter mac-filter admin-state keyword | |
| Tree | admin-state | |
| Default | enable | |
| Options | ||
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Default action for the management access filter | |
| Context | configure system security management-access-filter mac-filter default-action keyword | |
| Tree | default-action | |
Description |
This command specifies the default action for management access in the absence of a specific management access filter match. |
|
| Default | ignore-match | |
| Options | ||
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Enter the entry list instance | |
| Context | configure system security management-access-filter mac-filter entry number | |
| Tree | entry | |
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Entry ID to identify the match criteria and the action | |
| Context | configure system security management-access-filter mac-filter entry number | |
Description |
This command specifies the entry ID to identify the match criteria and the corresponding action. It is recommended that entries are numbered in staggered increments. This allows users to insert a new entry in an existing policy without having to renumber the existing entries. |
|
| Range | 1 to 9999 | |
Notes |
This element is part of a list key. |
|
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Action associated with the management access filter | |
| Context | configure system security management-access-filter mac-filter entry number action keyword | |
| Tree | action | |
Description |
This command specifies the action associated with the management access filter match criteria entry. If the packet does not meet any of the match criteria, the configured default action is applied. |
|
| Default | ignore-match | |
| Options | ||
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Text description | |
| Context | configure system security management-access-filter mac-filter entry number description string | |
| Tree | description | |
| String Length | 1 to 80 | |
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Enable match logging | |
| Context | configure system security management-access-filter mac-filter entry number log-events boolean | |
| Tree | log-events | |
Description |
When configured to true, this command enables match logging. When enabled, matches on the entry cause the Security event mafEntryMatch to be raised. When configured to false, match logging is disabled. |
|
| Default | false | |
| Introduced | 16.0.R4 | |
|
Platforms |
All |
| Synopsis | Enter the match context | |
| Context | configure system security management-access-filter mac-filter entry number match | |
| Tree | match | |
Description |
Commands in this context specify match criteria for the entry. |
|
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Enter the cfm-opcode context | |
| Context | configure system security management-access-filter mac-filter entry number match cfm-opcode | |
| Tree | cfm-opcode | |
Description |
Commands in this context specify match criteria based on the CFM opcode. |
|
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Equal to comparison operator for the CFM opcode | |
| Context | configure system security management-access-filter mac-filter entry number match cfm-opcode eq number | |
| Tree | eq | |
| Range | 0 to 255 | |
Notes |
The following elements are part of a choice: eq, gt, lt, or range. |
|
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Greater than comparison operator for the CFM opcode | |
| Context | configure system security management-access-filter mac-filter entry number match cfm-opcode gt number | |
| Tree | gt | |
| Range | 0 to 254 | |
Notes |
The following elements are part of a choice: eq, gt, lt, or range. |
|
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Less than comparison operator for the CFM opcode | |
| Context | configure system security management-access-filter mac-filter entry number match cfm-opcode lt number | |
| Tree | lt | |
| Range | 1 to 255 | |
Notes |
The following elements are part of a choice: eq, gt, lt, or range. |
|
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Enable the range context | |
| Context | configure system security management-access-filter mac-filter entry number match cfm-opcode range | |
| Tree | range | |
Notes |
The following elements are part of a choice: eq, gt, lt, or range. |
|
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Upper bound of the range for the OpCode to match | |
| Context | configure system security management-access-filter mac-filter entry number match cfm-opcode range end number | |
| Tree | end | |
| Range | 1 to 255 | |
Notes |
This element is mandatory. |
|
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Lower bound of the range for the OpCode to match | |
| Context | configure system security management-access-filter mac-filter entry number match cfm-opcode range start number | |
| Tree | start | |
| Range | 0 to 254 | |
Notes |
This element is mandatory. |
|
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Enable the dot1p context | |
| Context | configure system security management-access-filter mac-filter entry number match dot1p | |
| Tree | dot1p | |
Description |
Commands in this context specify match criteria based on the IEEE 802.1p value. |
|
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | 3-bit mask as the match criterion | |
| Context | configure system security management-access-filter mac-filter entry number match dot1p mask number | |
| Tree | mask | |
| Range | 1 to 7 | |
| Default | 7 | |
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | IEEE 802.1p value as the match criterion | |
| Context | configure system security management-access-filter mac-filter entry number match dot1p priority number | |
| Tree | priority | |
| Range | 0 to 7 | |
Notes |
This element is mandatory. |
|
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Enable the dst-mac context | |
| Context | configure system security management-access-filter mac-filter entry number match dst-mac | |
| Tree | dst-mac | |
Description |
Commands in this context specify match criteria based on the destination MAC. |
|
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | MAC address used as the match criterion | |
| Context | configure system security management-access-filter mac-filter entry number match dst-mac address string | |
| Tree | address | |
Notes |
This element is mandatory. |
|
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | MAC address mask as the match criterion | |
| Context | configure system security management-access-filter mac-filter entry number match dst-mac mask string | |
| Tree | mask | |
| Default | ff:ff:ff:ff:ff:ff | |
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Ethernet type II Ethertype value as the match criterion | |
| Context | configure system security management-access-filter mac-filter entry number match etype string | |
| Tree | etype | |
Description |
This command specifies an Ethernet type II Ethertype value to be used as a MAC filter match criterion. The Ethernet type field is used by the Ethernet version-II frames and does not apply to IEEE 802.3 Ethernet frames. |
|
| String Length | 5 to 6 | |
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | MAC frame type as the match criterion | |
| Context | configure system security management-access-filter mac-filter entry number match frame-type keyword | |
| Tree | frame-type | |
| Default | 802dot3 | |
| Options | ||
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Enable the llc-dsap context | |
| Context | configure system security management-access-filter mac-filter entry number match llc-dsap | |
| Tree | llc-dsap | |
Description |
Commands in this context specify match criteria based on the Destination Service Access Point (DSAP). |
|
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | 8-bit DSAP as the match criterion | |
| Context | configure system security management-access-filter mac-filter entry number match llc-dsap dsap number | |
| Tree | dsap | |
| Range | 0 to 255 | |
Notes |
This element is mandatory. |
|
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Mask for DSAP value as the match criterion | |
| Context | configure system security management-access-filter mac-filter entry number match llc-dsap mask number | |
| Tree | mask | |
| Range | 1 to 255 | |
| Default | 255 | |
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Enable the llc-ssap context | |
| Context | configure system security management-access-filter mac-filter entry number match llc-ssap | |
| Tree | llc-ssap | |
Description |
Commands in this context specify match criteria based on the Source Service Access Point (SSAP). |
|
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Mask for SSAP value as the match criterion | |
| Context | configure system security management-access-filter mac-filter entry number match llc-ssap mask number | |
| Tree | mask | |
| Range | 1 to 255 | |
| Default | 255 | |
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | 8-bit SSAP as the match criterion | |
| Context | configure system security management-access-filter mac-filter entry number match llc-ssap ssap number | |
| Tree | ssap | |
| Range | 0 to 255 | |
Notes |
This element is mandatory. |
|
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Service ID used as the match condition | |
| Context | configure system security management-access-filter mac-filter entry number match service string | |
| Tree | service | |
| String Length | 1 to 64 | |
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | IEEE 802.3 LLC SNAP Ethernet Frame OUI value for match | |
| Context | configure system security management-access-filter mac-filter entry number match snap-oui keyword | |
| Tree | snap-oui | |
Description |
This command specifies the IEEE 802.3 LLC SNAP Ethernet Frame OUI value as the MAC filter match criterion. |
|
| Options | ||
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | IEEE 802.3 LLC SNAP Ethernet Frame PID as the match | |
| Context | configure system security management-access-filter mac-filter entry number match snap-pid number | |
| Tree | snap-pid | |
Description |
This command specifies an IEEE 802.3 LLC SNAP Ethernet Frame PID value used as the MAC filter match criterion. The SNAP PID match criterion is independent of the OUI field within the SNAP header. Two packets with different 3-byte OUI fields but the same PID field match the same filter entry based on a SNAP PID match criterion. |
|
| Range | 0 to 65535 | |
| Introduced | 16.0.R4 | |
|
Platforms |
All |
| Synopsis | Enable the src-mac context | |
| Context | configure system security management-access-filter mac-filter entry number match src-mac | |
| Tree | src-mac | |
Description |
Commands in this context specify match criteria based on the source MAC. |
|
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | MAC address used as the match criterion | |
| Context | configure system security management-access-filter mac-filter entry number match src-mac address string | |
| Tree | address | |
Notes |
This element is mandatory. |
|
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | MAC address mask as the match criterion | |
| Context | configure system security management-access-filter mac-filter entry number match src-mac mask string | |
| Tree | mask | |
| Default | ff:ff:ff:ff:ff:ff | |
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Allow CPM hardware queuing per peer | |
| Context | configure system security per-peer-queuing boolean | |
| Tree | per-peer-queuing | |
Description |
When configured to true, the router automatically allocates a separate CPM hardware queue for the peer when a peering session is established. When configured to false, a separate CPM hardware queue is not allowed. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Enter the ca-profile list instance | |
| Context | configure system security pki ca-profile string | |
| Tree | ca-profile | |
| Max. Instances | 128 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | CA profile name | |
| Context | configure system security pki ca-profile string | |
| String Length | 1 to 32 | |
Notes |
This element is part of a list key. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Administrative state of the CA profile | |
| Context | configure system security pki ca-profile string admin-state keyword | |
| Tree | admin-state | |
| Default | disable | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
|
WARNING:
Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
||
| Synopsis | Enable the auto-crl-update context | |
| Context | configure system security pki ca-profile string auto-crl-update | |
| Tree | auto-crl-update | |
| Introduced | 16.0.R1 | |
Platforms |
All |
|
|
WARNING:
Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
||
| Synopsis | Administrative state of the automatic CRL update | |
| Context | configure system security pki ca-profile string auto-crl-update admin-state keyword | |
| Tree | admin-state | |
| Default | disable | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
|
|
WARNING:
Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
||
| Synopsis | Enter the crl-urls context | |
| Context | configure system security pki ca-profile string auto-crl-update crl-urls | |
| Tree | crl-urls | |
| Introduced | 16.0.R1 | |
Platforms |
All |
|
|
WARNING:
Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
||
| Synopsis | Enter the url-entry list instance | |
| Context | configure system security pki ca-profile string auto-crl-update crl-urls url-entry number | |
| Tree | url-entry | |
| Introduced | 16.0.R1 | |
Platforms |
All |
|
| Synopsis | URL on this system | |
| Context | configure system security pki ca-profile string auto-crl-update crl-urls url-entry number | |
| Range | 1 to 8 | |
Notes |
This element is part of a list key. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
|
WARNING:
Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
||
| Synopsis | File transmission profile to update CRL | |
| Context | configure system security pki ca-profile string auto-crl-update crl-urls url-entry number transmission-profile reference | |
| Tree | transmission-profile | |
Reference |
configure system transmission-profile string |
|
| Introduced | 16.0.R4 | |
Platforms |
All |
|
|
WARNING:
Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
||
| Synopsis | Location of updated CRL | |
| Context | configure system security pki ca-profile string auto-crl-update crl-urls url-entry number url http-url-path-loose | |
| Tree | url | |
| String Length | 1 to 180 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
|
|
WARNING:
Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
||
| Synopsis | Interval between two consecutive CRL updates | |
| Context | configure system security pki ca-profile string auto-crl-update periodic-update-interval number | |
| Tree | periodic-update-interval | |
| Range | 3600 to 31622400 | |
| Default | 86400 | |
| Units | seconds | |
| Introduced | 16.0.R1 | |
Platforms |
All |
|
|
WARNING:
Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
||
| Synopsis | Time prior to the next update time of the current CRL | |
| Context | configure system security pki ca-profile string auto-crl-update pre-update-time number | |
| Tree | pre-update-time | |
| Range | 0 to 31622400 | |
| Default | 3600 | |
| Units | seconds | |
| Introduced | 16.0.R1 | |
Platforms |
All |
|
|
WARNING:
Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
||
| Synopsis | Interval before retrying to update CRL | |
| Context | configure system security pki ca-profile string auto-crl-update retry-interval number | |
| Tree | retry-interval | |
| Range | 0 to 31622400 | |
| Default | 3600 | |
| Units | seconds | |
| Introduced | 16.0.R1 | |
Platforms |
All |
|
|
WARNING:
Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
||
| Synopsis | Time scheduler type for an automated CRL update | |
| Context | configure system security pki ca-profile string auto-crl-update schedule-type keyword | |
| Tree | schedule-type | |
| Default | next-update-based | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
|
|
WARNING:
Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
||
| Synopsis | Enter the accept-unprotected-message context | |
| Context | configure system security pki ca-profile string cmpv2 accept-unprotected-message | |
| Tree | accept-unprotected-message | |
| Introduced | 16.0.R1 | |
Platforms |
All |
|
|
WARNING:
Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
||
| Synopsis | Accept unprotected error messages | |
| Context | configure system security pki ca-profile string cmpv2 accept-unprotected-message error-message boolean | |
| Tree | error-message | |
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
|
|
WARNING:
Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
||
| Synopsis | Accept unprotected PKI confirmation messages | |
| Context | configure system security pki ca-profile string cmpv2 accept-unprotected-message pkiconf-message boolean | |
| Tree | pkiconf-message | |
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
|
|
WARNING:
Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
||
| Synopsis | Subject name in CMPv2 header for all Initial Registration (IR) messages | |
| Context | configure system security pki ca-profile string cmpv2 always-set-sender-for-ir boolean | |
| Tree | always-set-sender-for-ir | |
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
|
|
WARNING:
Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
||
| Synopsis | HTTP response timeout | |
| Context | configure system security pki ca-profile string cmpv2 http response-timeout number | |
| Tree | response-timeout | |
| Range | 1 to 3600 | |
| Default | 30 | |
| Units | seconds | |
| Introduced | 16.0.R1 | |
Platforms |
All |
|
|
WARNING:
Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
||
| Synopsis | HTTP version for CMPv2 messages | |
| Context | configure system security pki ca-profile string cmpv2 http version keyword | |
| Tree | version | |
| Default | 1.1 | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
|
|
WARNING:
Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
||
| Synopsis | Enter the key list instance | |
| Context | configure system security pki ca-profile string cmpv2 key-list key string | |
| Tree | key | |
| Max. Instances | 128 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
|
|
WARNING:
Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
||
| Synopsis | Shared secret for this CA initial authentication key | |
| Context | configure system security pki ca-profile string cmpv2 key-list key string password string | |
| Tree | password | |
| String Length | 1 to 115 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
|
|
WARNING:
Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
||
| Synopsis | File name of the certificate to verify the signature of received CMPv2 responses | |
| Context | configure system security pki ca-profile string cmpv2 response-signing-cert string | |
| Tree | response-signing-cert | |
| String Length | 1 to 95 | |
Notes |
This element is the default part of a choice. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
|
|
WARNING:
Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
||
| Synopsis | Same recipNonce as the last CMPv2 response for a poll request | |
| Context | configure system security pki ca-profile string cmpv2 same-recipient-nonce-for-poll-request boolean | |
| Tree | same-recipient-nonce-for-poll-request | |
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
|
|
WARNING:
Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
||
| Synopsis | Administrative service name | |
| Context | configure system security pki ca-profile string cmpv2 url service-name string | |
| Tree | service-name | |
| String Length | 1 to 64 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
|
|
WARNING:
Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
||
| Synopsis | URL for CMPv2 | |
| Context | configure system security pki ca-profile string cmpv2 url url-string http-optional-url-loose | |
| Tree | url-string | |
| String Length | 1 to 180 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
|
|
WARNING:
Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
||
| Synopsis | Certificate Revocation List (CRL) file name | |
| Context | configure system security pki ca-profile string crl-file string | |
| Tree | crl-file | |
| String Length | 1 to 95 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
|
| Synopsis | Text description | |
| Context | configure system security pki ca-profile string description string | |
| Tree | description | |
| String Length | 1 to 80 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
|
WARNING:
Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
||
| Synopsis | HTTP URL of the OCSP responder for the CA | |
| Context | configure system security pki ca-profile string ocsp responder-url http-optional-url-loose | |
| Tree | responder-url | |
| String Length | 1 to 180 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
|
|
WARNING:
Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
||
| Synopsis | Administrative service name | |
| Context | configure system security pki ca-profile string ocsp service-name string | |
| Tree | service-name | |
| String Length | 1 to 64 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
|
|
WARNING:
Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
||
| Synopsis | Transmission profile for the OCSP | |
| Context | configure system security pki ca-profile string ocsp transmission-profile reference | |
| Tree | transmission-profile | |
Reference |
configure system transmission-profile string |
|
| Introduced | 16.0.R6 | |
Platforms |
All |
|
|
WARNING:
Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
||
| Synopsis | Method to verify the revocation status of certificates issued by the CA | |
| Context | configure system security pki ca-profile string revocation-check keyword | |
| Tree | revocation-check | |
| Default | crl | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
|
| Synopsis | Display format for certificates and Certificate Revocation Lists (CRLs) | |
| Context | configure system security pki certificate-display-format keyword | |
| Tree | certificate-display-format | |
| Default | ascii | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the certificate-expiration-warning context | |
| Context | configure system security pki certificate-expiration-warning | |
| Tree | certificate-expiration-warning | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Time period when the system repeatedly generates the certificate expiration warning trap | |
| Context | configure system security pki certificate-expiration-warning repeat-hours number | |
| Tree | repeat-hours | |
| Range | 0 to 8760 | |
| Default | 0 | |
| Units | hours | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the common-name-list list instance | |
| Context | configure system security pki common-name-list string | |
| Tree | common-name-list | |
| Max. Instances | 64 | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | CN list name | |
| Context | configure system security pki common-name-list string | |
| String Length | 1 to 32 | |
Notes |
This element is part of a list key. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the common-name list instance | |
| Context | configure system security pki common-name-list string common-name number | |
| Tree | common-name | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Common name index | |
| Context | configure system security pki common-name-list string common-name number | |
| Range | 1 to 128 | |
Notes |
This element is part of a list key. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Common name type | |
| Context | configure system security pki common-name-list string common-name number cn-type keyword | |
| Tree | cn-type | |
| Options | ||
|
Notes |
This element is mandatory. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Common name value | |
| Context | configure system security pki common-name-list string common-name number cn-value string | |
| Tree | cn-value | |
| String Length | 1 to 255 | |
Notes |
This element is mandatory. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the crl-expiration-warning context | |
| Context | configure system security pki crl-expiration-warning | |
| Tree | crl-expiration-warning | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Time when the system repeatedly generates the Certificate Revocation List (CRL) expiration warning trap | |
| Context | configure system security pki crl-expiration-warning repeat-hours number | |
| Tree | repeat-hours | |
| Range | 0 to 8760 | |
| Default | 0 | |
| Units | hours | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the est-profile list instance | |
| Context | configure system security pki est-profile string | |
| Tree | est-profile | |
Description |
Commands in this context configure an Enrollment over Secure Transport (EST) profile. |
|
| Max. Instances | 128 | |
| Introduced | 21.10.R1 | |
Platforms |
All |
| Synopsis | Enrollment over Secured Transport profile name | |
| Context | configure system security pki est-profile string | |
Description |
This command configures the EST profile name. |
|
| String Length | 1 to 32 | |
Notes |
This element is part of a list key. |
|
| Introduced | 21.10.R1 | |
Platforms |
All |
| Synopsis | Check id-kp-cmcra in the EST certificate | |
| Context | configure system security pki est-profile string check-id-kp-cmcra-only boolean | |
| Tree | check-id-kp-cmcra-only | |
| Default | false | |
| Introduced | 21.10.R1 | |
|
Platforms |
All |
| Synopsis | TLS client profile assigned to applications | |
| Context | configure system security pki est-profile string client-tls-profile string | |
| Tree | client-tls-profile | |
Description |
This command specifies the TLS client profile to be assigned to applications for encryption. The profile creates the TLS connection to the EST server. |
|
| String Length | 1 to 32 | |
| Introduced | 21.10.R1 | |
Platforms |
All |
| Synopsis | Enter the http-authentication context | |
| Context | configure system security pki est-profile string http-authentication | |
| Tree | http-authentication | |
| Introduced | 21.10.R1 | |
Platforms |
All |
| Synopsis | Password for EST authentication | |
| Context | configure system security pki est-profile string http-authentication password string | |
| Tree | password | |
| String Length | 1 to 115 | |
| Introduced | 21.10.R1 | |
Platforms |
All |
| Synopsis | Username for the EST authentication | |
| Context | configure system security pki est-profile string http-authentication username string | |
| Tree | username | |
| String Length | 1 to 32 | |
| Introduced | 21.10.R1 | |
Platforms |
All |
| Synopsis | Fully Qualified Domain Name (FQDN) of the EST server | |
| Context | configure system security pki est-profile string server fqdn string | |
| Tree | fqdn | |
Description |
This command specifies to use the FQDN of the EST server. |
|
| String Length | 1 to 255 | |
Notes |
The following elements are part of a choice: fqdn, ipv4, or ipv6. |
|
| Introduced | 21.10.R1 | |
Platforms |
All |
| Synopsis | Transmission profile name for EST | |
| Context | configure system security pki est-profile string transmission-profile string | |
| Tree | transmission-profile | |
Description |
This command associates a file transmission profile to the EST profile. The transmission profile defines transport parameters for protocol such as HTTP, include routing instance, source address, timeout value, and so on. |
|
| String Length | 1 to 32 | |
| Introduced | 21.10.R1 | |
Platforms |
All |
| Synopsis | The supported encrypted file formats | |
| Context | configure system security pki imported-format keyword | |
| Tree | imported-format | |
| Default | any | |
| Options | ||
| Introduced | 16.0.R6 | |
Platforms |
All |
| Synopsis | Maximum depth of certificate chain verification | |
| Context | configure system security pki maximum-cert-chain-depth number | |
| Tree | maximum-cert-chain-depth | |
| Range | 1 to 7 | |
| Default | 7 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the python-script context | |
| Context | configure system security python-script | |
| Tree | python-script | |
| Introduced | 21.10.R1 | |
Platforms |
All |
| Synopsis | Enter the authorization context | |
| Context | configure system security python-script authorization | |
| Tree | authorization | |
| Introduced | 21.10.R1 | |
Platforms |
All |
| Synopsis | Enter the cron context | |
| Context | configure system security python-script authorization cron | |
| Tree | cron | |
| Introduced | 21.10.R1 | |
Platforms |
All |
| Synopsis | User profile name when executing a Python application | |
| Context | configure system security python-script authorization cron cli-user reference | |
| Tree | cli-user | |
Reference |
configure system security user-params local-user user string |
|
| Introduced | 21.10.R1 | |
Platforms |
All |
| Synopsis | Enter the event-handler context | |
| Context | configure system security python-script authorization event-handler | |
| Tree | event-handler | |
| Introduced | 21.10.R1 | |
Platforms |
All |
| Synopsis | User profile name when executing a Python application | |
| Context | configure system security python-script authorization event-handler cli-user reference | |
| Tree | cli-user | |
Reference |
configure system security user-params local-user user string |
|
| Introduced | 21.10.R1 | |
Platforms |
All |
| Synopsis | Enter the access list instance | |
| Context | configure system security snmp access string context string security-model keyword security-level keyword | |
| Tree | access | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Group name | |
| Context | configure system security snmp access string context string security-model keyword security-level keyword | |
| String Length | 1 to 32 | |
Notes |
This element is part of a list key. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | String against which the context name should match to gain access rights | |
| Context | configure system security snmp access string context string security-model keyword security-level keyword | |
| String Length | 0 to 32 | |
Notes |
This element is part of a list key. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Security model | |
| Context | configure system security snmp access string context string security-model keyword security-level keyword | |
| Options | ||
Notes |
This element is part of a list key. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Minimum level of security required to gain the access rights allowed by this entry | |
| Context | configure system security snmp access string context string security-model keyword security-level keyword | |
| Options | ||
Notes |
This element is part of a list key. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | SNMP view for notification access | |
| Context | configure system security snmp access string context string security-model keyword security-level keyword notify string | |
| Tree | notify | |
Description |
This command specifies the SNMP view used to control which MIB objects can be accessed for notifications. |
|
| String Length | 1 to 32 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Match type for the context | |
| Context | configure system security snmp access string context string security-model keyword security-level keyword prefix-match keyword | |
| Tree | prefix-match | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | SNMP view for read access | |
| Context | configure system security snmp access string context string security-model keyword security-level keyword read string | |
| Tree | read | |
Description |
This command specifies the SNMP view used to control which MIB objects can be accessed using a read (get) operation. |
|
| String Length | 1 to 32 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | SNMP view for write access | |
| Context | configure system security snmp access string context string security-model keyword security-level keyword write string | |
| Tree | write | |
Description |
This command specifies the SNMP view used to control which MIB objects can be accessed using a write (set) operation. |
|
| String Length | 1 to 32 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Access permissions for objects in the MIB | |
| Context | configure system security snmp community string access-permissions keyword | |
| Tree | access-permissions | |
| Options | ||
Notes |
This element is mandatory. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Source access list to validate received SNMP requests | |
| Context | configure system security snmp community string source-access-list reference | |
| Tree | source-access-list | |
Reference |
configure system security snmp source-access-list string |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the source-access-list list instance | |
| Context | configure system security snmp source-access-list string | |
| Tree | source-access-list | |
Description |
Commands in this context configure SNMP source access lists. SNMP source access lists are used to validate the source IP address of received SNMP requests. Multiple community (VPRN or Base router) and USM community instances can reference the same SNMP source access list. |
|
| Max. Instances | 16 | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Source access list name | |
| Context | configure system security snmp source-access-list string | |
| String Length | 1 to 32 | |
Notes |
This element is part of a list key. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the source-host list instance | |
| Context | configure system security snmp source-access-list string source-host string | |
| Tree | source-host | |
| Max. Instances | 16 | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Source host entry name | |
| Context | configure system security snmp source-access-list string source-host string | |
| String Length | 1 to 32 | |
Notes |
This element is part of a list key. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Source IP address entry used to validate SNMP requests | |
| Context | configure system security snmp source-access-list string source-host string address (ipv4-address-no-zone | ipv6-address-no-zone) | |
| Tree | address | |
Notes |
This element is mandatory. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the usm-community list instance | |
| Context | configure system security snmp usm-community string | |
| Tree | usm-community | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Community string associated with SNMPv3 access group | |
| Context | configure system security snmp usm-community string | |
| String Length | 1 to 114 | |
Notes |
This element is part of a list key. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Source access list to validate received SNMP requests | |
| Context | configure system security snmp usm-community string source-access-list reference | |
| Tree | source-access-list | |
Reference |
configure system security snmp source-access-list string |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the source-address context | |
| Context | configure system security source-address | |
| Tree | source-address | |
Description |
Commands in this context configure the IP source address that is used in all unsolicited packets sent by the specified applications. This configuration applies to packets transmitted in-band (for example, a network port on an IOM) and does not apply to packets transmitted out-of-band on the management interface on the CPM Ethernet port. Packets transmitted using the CPM Ethernet port use the address of the CPM Ethernet port as the IP source address in the packet. When a source address is specified for the PTP application, the port-based 1588 hardware timestamping assist function is applied to PTP packets matching the IPv4 address of the router interface used to ingress the SR/ESS or IP address specified in this command. If the IP address is removed, the port-based 1588 hardware timestamping assist function is only applied to PTP packets matching the IPv4 address of the router interface. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the ipv4 list instance | |
| Context | configure system security source-address ipv4 keyword | |
| Tree | ipv4 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Application that uses the source IP address | |
| Context | configure system security source-address ipv4 keyword | |
| Options | ||
Notes |
This element is part of a list key. |
|
| Introduced | 16.0.R1 | |
|
Platforms |
All |
|
WARNING:
Modifying this element recreates the parent element automatically for the new value to take effect. |
||
| Synopsis | Source IPv4 address | |
| Context | configure system security source-address ipv4 keyword address string | |
| Tree | address | |
Notes |
The following elements are part of a mandatory choice: address or interface-name. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
|
|
WARNING:
Modifying this element recreates the parent element automatically for the new value to take effect. |
||
| Synopsis | IP interface name | |
| Context | configure system security source-address ipv4 keyword interface-name string | |
| Tree | interface-name | |
| String Length | 1 to 32 | |
Notes |
The following elements are part of a mandatory choice: address or interface-name. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
|
| Synopsis | Enter the ipv6 list instance | |
| Context | configure system security source-address ipv6 keyword | |
| Tree | ipv6 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Application which uses the source IPv6 address | |
| Context | configure system security source-address ipv6 keyword | |
| Options | ||
Notes |
This element is part of a list key. |
|
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Enter the client-cipher-list-v1 context | |
| Context | configure system security ssh client-cipher-list-v1 | |
| Tree | client-cipher-list-v1 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the client-cipher-list-v2 context | |
| Context | configure system security ssh client-cipher-list-v2 | |
| Tree | client-cipher-list-v2 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the client-kex-list-v2 context | |
| Context | configure system security ssh client-kex-list-v2 | |
| Tree | client-kex-list-v2 | |
| Introduced | 19.10.R3 | |
Platforms |
All |
| Synopsis | Enter the kex list instance | |
| Context | configure system security ssh client-kex-list-v2 kex number | |
| Tree | kex | |
Description |
Commands in this context configure SSH Key Exchange (KEX) algorithms for SR OS as a client. If a list is configured, SSH uses the list with the first-listed algorithm having the highest priority. By default, the client list is empty. The default list contains the following:
|
|
| Introduced | 19.10.R3 | |
Platforms |
All |
| Synopsis | SSHv2 KEX algorithm index | |
| Context | configure system security ssh client-kex-list-v2 kex number | |
Description |
This command configures the index of the KEX algorithm in the list. The lowest index in the list is negotiated first on the SSH negotiation list, while the highest index is at the bottom of the SSH negotiation list. |
|
| Range | 1 to 255 | |
Notes |
This element is part of a list key. |
|
| Introduced | 19.10.R3 | |
Platforms |
All |
| Synopsis | Enter the client-mac-list-v2 context | |
| Context | configure system security ssh client-mac-list-v2 | |
| Tree | client-mac-list-v2 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the key-re-exchange context | |
| Context | configure system security ssh key-re-exchange | |
| Tree | key-re-exchange | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Administrative state of the key re-exchange | |
| Context | configure system security ssh key-re-exchange client admin-state keyword | |
| Tree | admin-state | |
| Default | enable | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Administrative state of the key re-exchange | |
| Context | configure system security ssh key-re-exchange server admin-state keyword | |
| Tree | admin-state | |
| Default | enable | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Preserve keys and restore on system or server restart | |
| Context | configure system security ssh preserve-key boolean | |
| Tree | preserve-key | |
Description |
When configured to true, private, public, and host keys are saved by the server. The keys are restored following a system reboot or a restart of an SSH server. When configured to false, the keys are held in memory by an SSH server but are not restored following a system reboot. |
|
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Administrative state of the SSH server | |
| Context | configure system security ssh server-admin-state keyword | |
| Tree | server-admin-state | |
| Default | enable | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the server-cipher-list-v1 context | |
| Context | configure system security ssh server-cipher-list-v1 | |
| Tree | server-cipher-list-v1 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the server-cipher-list-v2 context | |
| Context | configure system security ssh server-cipher-list-v2 | |
| Tree | server-cipher-list-v2 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the server-kex-list-v2 context | |
| Context | configure system security ssh server-kex-list-v2 | |
| Tree | server-kex-list-v2 | |
| Introduced | 19.10.R3 | |
Platforms |
All |
| Synopsis | SSHv2 KEX algorithm index | |
| Context | configure system security ssh server-kex-list-v2 kex number | |
Description |
This command configures the index of the KEX algorithm in the list. The lowest index in the list is negotiated first on the SSH negotiation list, while the highest index is at the bottom of the SSH negotiation list. |
|
| Range | 1 to 255 | |
Notes |
This element is part of a list key. |
|
| Introduced | 19.10.R3 | |
Platforms |
All |
| Synopsis | Enter the server-mac-list-v2 context | |
| Context | configure system security ssh server-mac-list-v2 | |
| Tree | server-mac-list-v2 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the system-passwords context | |
| Context | configure system security system-passwords | |
| Tree | system-passwords | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Password that assigns the user as administrator | |
| Context | configure system security system-passwords admin-password string | |
| Tree | admin-password | |
| String Length | 3 to 136 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Password that allows the user to assign VSD services | |
| Context | configure system security system-passwords vsd-password string | |
| Tree | vsd-password | |
| String Length | 3 to 136 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the tech-support context | |
| Context | configure system security tech-support | |
| Tree | tech-support | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Default file path for generated tech-support files | |
| Context | configure system security tech-support ts-location (ts-sat-url | cflash-url | string) | |
| Tree | ts-location | |
| String Length | 1 to 180 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enable Telnet servers running on the system | |
| Context | configure system security telnet-server boolean | |
| Tree | telnet-server | |
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Enable Telnet IPv6 servers running on the system | |
| Context | configure system security telnet6-server boolean | |
| Tree | telnet6-server | |
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Enter the cert-profile list instance | |
| Context | configure system security tls cert-profile string | |
| Tree | cert-profile | |
| Max. Instances | 16 | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | TLS certificate profile name | |
| Context | configure system security tls cert-profile string | |
| String Length | 1 to 32 | |
Notes |
This element is part of a list key. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Administrative state of the certificate profile | |
| Context | configure system security tls cert-profile string admin-state keyword | |
| Tree | admin-state | |
| Default | disable | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Certificate profile ID | |
| Context | configure system security tls cert-profile string entry number | |
| Range | 1 to 8 | |
Notes |
This element is part of a list key. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Certificate file name | |
| Context | configure system security tls cert-profile string entry number certificate-file string | |
| Tree | certificate-file | |
| String Length | 1 to 95 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the send-chain context | |
| Context | configure system security tls cert-profile string entry number send-chain | |
| Tree | send-chain | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Add a list entry for ca-profile | |
| Context | configure system security tls cert-profile string entry number send-chain ca-profile reference | |
| Tree | ca-profile | |
| Max. Instances | 7 | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | CA profile name | |
| Context | configure system security tls cert-profile string entry number send-chain ca-profile reference | |
Reference |
configure system security pki ca-profile string |
|
Notes |
This element is part of a list key. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the client-cipher-list list instance | |
| Context | configure system security tls client-cipher-list string | |
| Tree | client-cipher-list | |
| Max. Instances | 16 | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Client cipher list name | |
| Context | configure system security tls client-cipher-list string | |
| String Length | 1 to 32 | |
Notes |
This element is part of a list key. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the tls12-cipher list instance | |
| Context | configure system security tls client-cipher-list string tls12-cipher number | |
| Tree | tls12-cipher | |
| Introduced | 22.2.R1 | |
Platforms |
All |
| Synopsis | Index of the cipher | |
| Context | configure system security tls client-cipher-list string tls12-cipher number | |
| Range | 1 to 255 | |
Notes |
This element is part of a list key. |
|
| Introduced | 22.2.R1 | |
Platforms |
All |
| Synopsis | Cipher suite code | |
| Context | configure system security tls client-cipher-list string tls12-cipher number name keyword | |
| Tree | name | |
| Options | ||
Notes |
This element is mandatory. |
|
| Introduced | 22.2.R1 | |
Platforms |
All |
| Synopsis | Enter the tls13-cipher list instance | |
| Context | configure system security tls client-cipher-list string tls13-cipher number | |
| Tree | tls13-cipher | |
| Introduced | 22.7.R1 | |
Platforms |
All |
| Synopsis | Index of the TLS 1.3 cipher | |
| Context | configure system security tls client-cipher-list string tls13-cipher number | |
| Range | 1 to 255 | |
Notes |
This element is part of a list key. |
|
| Introduced | 22.7.R1 | |
Platforms |
All |
| Synopsis | Cipher v1.3 suite code | |
| Context | configure system security tls client-cipher-list string tls13-cipher number name keyword | |
| Tree | name | |
| Options | ||
Notes |
This element is mandatory. |
|
| Introduced | 22.7.R1 | |
Platforms |
All |
| Synopsis | Enter the client-group-list list instance | |
| Context | configure system security tls client-group-list string | |
| Tree | client-group-list | |
| Max. Instances | 16 | |
| Introduced | 22.7.R1 | |
|
Platforms |
All |
| Synopsis | Name of TLS client group list | |
| Context | configure system security tls client-group-list string | |
| String Length | 1 to 32 | |
Notes |
This element is part of a list key. |
|
| Introduced | 22.7.R1 | |
Platforms |
All |
| Synopsis | Enter the tls13-group list instance | |
| Context | configure system security tls client-group-list string tls13-group number | |
| Tree | tls13-group | |
| Introduced | 22.7.R1 | |
Platforms |
All |
| Synopsis | Index of the TLS 1.3 group | |
| Context | configure system security tls client-group-list string tls13-group number | |
| Range | 1 to 255 | |
Notes |
This element is part of a list key. |
|
| Introduced | 22.7.R1 | |
Platforms |
All |
| Synopsis | Group v1.3 suite code | |
| Context | configure system security tls client-group-list string tls13-group number name keyword | |
| Tree | name | |
| Options | ||
Notes |
This element is mandatory. |
|
| Introduced | 22.7.R1 | |
Platforms |
All |
| Synopsis | Enter the client-signature-list list instance | |
| Context | configure system security tls client-signature-list string | |
| Tree | client-signature-list | |
| Max. Instances | 16 | |
| Introduced | 22.7.R1 | |
|
Platforms |
All |
| Synopsis | Name of TLS 1.3 client signature list | |
| Context | configure system security tls client-signature-list string | |
| String Length | 1 to 32 | |
Notes |
This element is part of a list key. |
|
| Introduced | 22.7.R1 | |
Platforms |
All |
| Synopsis | Enter the tls13-signature list instance | |
| Context | configure system security tls client-signature-list string tls13-signature number | |
| Tree | tls13-signature | |
| Introduced | 22.7.R1 | |
Platforms |
All |
| Synopsis | Index of the TLS 1.3 signature | |
| Context | configure system security tls client-signature-list string tls13-signature number | |
| Range | 1 to 255 | |
Notes |
This element is part of a list key. |
|
| Introduced | 22.7.R1 | |
Platforms |
All |
| Synopsis | Signature v1.3 suite code | |
| Context | configure system security tls client-signature-list string tls13-signature number name keyword | |
| Tree | name | |
| Options | ||
Notes |
This element is mandatory. |
|
| Introduced | 22.7.R1 | |
Platforms |
All |
| Synopsis | Enter the client-tls-profile list instance | |
| Context | configure system security tls client-tls-profile string | |
| Tree | client-tls-profile | |
| Max. Instances | 16 | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Client TLS profile name | |
| Context | configure system security tls client-tls-profile string | |
| String Length | 1 to 32 | |
Notes |
This element is part of a list key. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Administrative state of the client TLS profile | |
| Context | configure system security tls client-tls-profile string admin-state keyword | |
| Tree | admin-state | |
| Default | disable | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Certificate profile ID | |
| Context | configure system security tls client-tls-profile string cert-profile reference | |
| Tree | cert-profile | |
Reference |
configure system security tls cert-profile string |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Cipher list for negotiation in the client Hello message | |
| Context | configure system security tls client-tls-profile string cipher-list reference | |
| Tree | cipher-list | |
Reference |
configure system security tls client-cipher-list string |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Name of list of supported group suite codes | |
| Context | configure system security tls client-tls-profile string group-list reference | |
| Tree | group-list | |
Reference |
configure system security tls client-group-list string |
|
| Introduced | 22.7.R1 | |
Platforms |
All |
| Synopsis | Version of TLS protocol used by theTLS client profile | |
| Context | configure system security tls client-tls-profile string protocol-version keyword | |
| Tree | protocol-version | |
| Default | tls-version-12 | |
| Options | ||
| Introduced | 22.7.R1 | |
Platforms |
All |
| Synopsis | Name of list of supported signature suite codes | |
| Context | configure system security tls client-tls-profile string signature-list reference | |
| Tree | signature-list | |
Reference |
configure system security tls client-signature-list string |
|
| Introduced | 22.7.R1 | |
Platforms |
All |
| Synopsis | Trust anchor profile | |
| Context | configure system security tls client-tls-profile string trust-anchor-profile reference | |
| Tree | trust-anchor-profile | |
Reference |
configure system security tls trust-anchor-profile string |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the server-cipher-list list instance | |
| Context | configure system security tls server-cipher-list string | |
| Tree | server-cipher-list | |
| Max. Instances | 16 | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Server cipher list name | |
| Context | configure system security tls server-cipher-list string | |
| String Length | 1 to 32 | |
Notes |
This element is part of a list key. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the tls12-cipher list instance | |
| Context | configure system security tls server-cipher-list string tls12-cipher number | |
| Tree | tls12-cipher | |
| Introduced | 22.2.R1 | |
Platforms |
All |
| Synopsis | Index of the cipher | |
| Context | configure system security tls server-cipher-list string tls12-cipher number | |
| Range | 1 to 255 | |
Notes |
This element is part of a list key. |
|
| Introduced | 22.2.R1 | |
Platforms |
All |
| Synopsis | Cipher suite code | |
| Context | configure system security tls server-cipher-list string tls12-cipher number name keyword | |
| Tree | name | |
| Options | ||
Notes |
This element is mandatory. |
|
| Introduced | 22.2.R1 | |
Platforms |
All |
| Synopsis | Enter the tls13-cipher list instance | |
| Context | configure system security tls server-cipher-list string tls13-cipher number | |
| Tree | tls13-cipher | |
| Introduced | 22.7.R1 | |
Platforms |
All |
| Synopsis | Index of the TLS 1.3 cipher | |
| Context | configure system security tls server-cipher-list string tls13-cipher number | |
| Range | 1 to 255 | |
Notes |
This element is part of a list key. |
|
| Introduced | 22.7.R1 | |
Platforms |
All |
| Synopsis | Cipher v1.3 suite code | |
| Context | configure system security tls server-cipher-list string tls13-cipher number name keyword | |
| Tree | name | |
| Options | ||
Notes |
This element is mandatory. |
|
| Introduced | 22.7.R1 | |
Platforms |
All |
| Synopsis | Enter the server-group-list list instance | |
| Context | configure system security tls server-group-list string | |
| Tree | server-group-list | |
| Max. Instances | 16 | |
| Introduced | 22.7.R1 | |
|
Platforms |
All |
| Synopsis | Name of TLS server group list | |
| Context | configure system security tls server-group-list string | |
| String Length | 1 to 32 | |
Notes |
This element is part of a list key. |
|
| Introduced | 22.7.R1 | |
Platforms |
All |
| Synopsis | Enter the tls13-group list instance | |
| Context | configure system security tls server-group-list string tls13-group number | |
| Tree | tls13-group | |
| Introduced | 22.7.R1 | |
Platforms |
All |
| Synopsis | Index of the TLS 1.3 group | |
| Context | configure system security tls server-group-list string tls13-group number | |
| Range | 1 to 255 | |
Notes |
This element is part of a list key. |
|
| Introduced | 22.7.R1 | |
Platforms |
All |
| Synopsis | Group v1.3 suite code | |
| Context | configure system security tls server-group-list string tls13-group number name keyword | |
| Tree | name | |
| Options | ||
Notes |
This element is mandatory. |
|
| Introduced | 22.7.R1 | |
Platforms |
All |
| Synopsis | Enter the server-signature-list list instance | |
| Context | configure system security tls server-signature-list string | |
| Tree | server-signature-list | |
| Max. Instances | 16 | |
| Introduced | 22.7.R1 | |
|
Platforms |
All |
| Synopsis | Name of TLS 1.3 server signature list | |
| Context | configure system security tls server-signature-list string | |
| String Length | 1 to 32 | |
Notes |
This element is part of a list key. |
|
| Introduced | 22.7.R1 | |
Platforms |
All |
| Synopsis | Enter the tls13-signature list instance | |
| Context | configure system security tls server-signature-list string tls13-signature number | |
| Tree | tls13-signature | |
| Introduced | 22.7.R1 | |
Platforms |
All |
| Synopsis | Index of the TLS 1.3 signature | |
| Context | configure system security tls server-signature-list string tls13-signature number | |
| Range | 1 to 255 | |
Notes |
This element is part of a list key. |
|
| Introduced | 22.7.R1 | |
Platforms |
All |
| Synopsis | Signature v1.3 suite code | |
| Context | configure system security tls server-signature-list string tls13-signature number name keyword | |
| Tree | name | |
| Options | ||
Notes |
This element is mandatory. |
|
| Introduced | 22.7.R1 | |
Platforms |
All |
| Synopsis | Enter the server-tls-profile list instance | |
| Context | configure system security tls server-tls-profile string | |
| Tree | server-tls-profile | |
| Max. Instances | 16 | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | TLS server profile name | |
| Context | configure system security tls server-tls-profile string | |
| String Length | 1 to 32 | |
Notes |
This element is part of a list key. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Administrative state of the server TLS profile | |
| Context | configure system security tls server-tls-profile string admin-state keyword | |
| Tree | admin-state | |
| Default | disable | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the authenticate-client context | |
| Context | configure system security tls server-tls-profile string authenticate-client | |
| Tree | authenticate-client | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Common name list for client certificate authentication | |
| Context | configure system security tls server-tls-profile string authenticate-client common-name-list reference | |
| Tree | common-name-list | |
Reference |
configure system security pki common-name-list string |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Trust anchor profile for client authentication | |
| Context | configure system security tls server-tls-profile string authenticate-client trust-anchor-profile reference | |
| Tree | trust-anchor-profile | |
Reference |
configure system security tls trust-anchor-profile string |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Certificate profile ID | |
| Context | configure system security tls server-tls-profile string cert-profile reference | |
| Tree | cert-profile | |
Reference |
configure system security tls cert-profile string |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Cipher list used by the TLS server profile | |
| Context | configure system security tls server-tls-profile string cipher-list reference | |
| Tree | cipher-list | |
Reference |
configure system security tls server-cipher-list string |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Name of list of supported group suite codes | |
| Context | configure system security tls server-tls-profile string group-list reference | |
| Tree | group-list | |
Reference |
configure system security tls server-group-list string |
|
| Introduced | 22.7.R1 | |
Platforms |
All |
| Synopsis | Version of TLS protocol used by the TLS server profile | |
| Context | configure system security tls server-tls-profile string protocol-version keyword | |
| Tree | protocol-version | |
| Default | tls-version-12 | |
| Options | ||
| Introduced | 22.7.R1 | |
Platforms |
All |
| Synopsis | Name of list of supported signature suite codes | |
| Context | configure system security tls server-tls-profile string signature-list reference | |
| Tree | signature-list | |
Reference |
configure system security tls server-signature-list string |
|
| Introduced | 22.7.R1 | |
Platforms |
All |
| Synopsis | TLS HELLO request timer | |
| Context | configure system security tls server-tls-profile string tls-re-negotiate-timer number | |
| Tree | tls-re-negotiate-timer | |
| Range | 0 to 65000 | |
| Default | 0 | |
| Units | minutes | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the trust-anchor-profile list instance | |
| Context | configure system security tls trust-anchor-profile string | |
| Tree | trust-anchor-profile | |
| Max. Instances | 16 | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Trust anchor profile name | |
| Context | configure system security tls trust-anchor-profile string | |
| String Length | 1 to 32 | |
Notes |
This element is part of a list key. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Add a list entry for trust-anchor | |
| Context | configure system security tls trust-anchor-profile string trust-anchor reference | |
| Tree | trust-anchor | |
| Max. Instances | 8 | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Trusted CA profile name | |
| Context | configure system security tls trust-anchor-profile string trust-anchor reference | |
Reference |
configure system security pki ca-profile string |
|
Notes |
This element is part of a list key. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the user-params context | |
| Context | configure system security user-params | |
| Tree | user-params | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the attempts context | |
| Context | configure system security user-params attempts | |
| Tree | attempts | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the authentication-order context | |
| Context | configure system security user-params authentication-order | |
| Tree | authentication-order | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Ignore subsequent AAA methods after a reject | |
| Context | configure system security user-params authentication-order exit-on-reject boolean | |
| Tree | exit-on-reject | |
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Preferred order of password authentication | |
| Context | configure system security user-params authentication-order order keyword | |
| Tree | order | |
| Options | ||
| Max. Instances | 4 | |
Notes |
This element is ordered by the user. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the local-user context | |
| Context | configure system security user-params local-user | |
| Tree | local-user | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the password context | |
| Context | configure system security user-params local-user password | |
| Tree | password | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Maximum time during which a user password is valid | |
| Context | configure system security user-params local-user password aging number | |
| Tree | aging | |
| Range | 1 to 500 | |
| Units | days | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the complexity-rules context | |
| Context | configure system security user-params local-user password complexity-rules | |
| Tree | complexity-rules | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Allow the username to be used as part of the password | |
| Context | configure system security user-params local-user password complexity-rules allow-user-name boolean | |
| Tree | allow-user-name | |
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Enter the credits context | |
| Context | configure system security user-params local-user password complexity-rules credits | |
| Tree | credits | |
Notes |
The following elements are part of a choice: credits or required. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Maximum credits for the use of lowercase letters | |
| Context | configure system security user-params local-user password complexity-rules credits lowercase number | |
| Tree | lowercase | |
| Range | 1 to 10 | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Maximum credits for the use of numeric characters | |
| Context | configure system security user-params local-user password complexity-rules credits numeric number | |
| Tree | numeric | |
| Range | 1 to 10 | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Maximum credits for the use of special characters | |
| Context | configure system security user-params local-user password complexity-rules credits special-character number | |
| Tree | special-character | |
| Range | 1 to 10 | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Maximum credits for the use of uppercase letters | |
| Context | configure system security user-params local-user password complexity-rules credits uppercase number | |
| Tree | uppercase | |
| Range | 1 to 10 | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Minimum number of different character classes to use | |
| Context | configure system security user-params local-user password complexity-rules minimum-classes number | |
| Tree | minimum-classes | |
| Range | 2 to 4 | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Minimum length required for local passwords | |
| Context | configure system security user-params local-user password complexity-rules minimum-length number | |
| Tree | minimum-length | |
| Range | 6 to 50 | |
| Default | 6 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Number of times same character can repeat consecutively | |
| Context | configure system security user-params local-user password complexity-rules repeated-characters number | |
| Tree | repeated-characters | |
| Range | 2 to 8 | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Enter the required context | |
| Context | configure system security user-params local-user password complexity-rules required | |
| Tree | required | |
Notes |
The following elements are part of a choice: credits or required. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Number of lowercase letters required | |
| Context | configure system security user-params local-user password complexity-rules required lowercase number | |
| Tree | lowercase | |
| Range | 1 to 10 | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Number of numeric characters required | |
| Context | configure system security user-params local-user password complexity-rules required numeric number | |
| Tree | numeric | |
| Range | 1 to 10 | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Number of special characters required | |
| Context | configure system security user-params local-user password complexity-rules required special-character number | |
| Tree | special-character | |
| Range | 1 to 10 | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Number of uppercase letters required | |
| Context | configure system security user-params local-user password complexity-rules required uppercase number | |
| Tree | uppercase | |
| Range | 1 to 10 | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Hashing algorithm for user passwords | |
| Context | configure system security user-params local-user password hashing keyword | |
| Tree | hashing | |
| Default | bcrypt | |
| Options | ||
| Introduced | 20.7.R1 | |
Platforms |
All |
| Synopsis | Number of previous passwords to compare against | |
| Context | configure system security user-params local-user password history-size number | |
| Tree | history-size | |
| Range | 0 to 20 | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Minimum age required for a password before changing it | |
| Context | configure system security user-params local-user password minimum-age number | |
| Tree | minimum-age | |
| Range | 0 to 86400 | |
| Default | 600 | |
| Units | seconds | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Minimum character differences between passwords | |
| Context | configure system security user-params local-user password minimum-change number | |
| Tree | minimum-change | |
| Range | 1 to 20 | |
| Default | 5 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the user list instance | |
| Context | configure system security user-params local-user user string | |
| Tree | user | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Local user name | |
| Context | configure system security user-params local-user user string | |
| String Length | 1 to 32 | |
Notes |
This element is part of a list key. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the access context | |
| Context | configure system security user-params local-user user string access | |
| Tree | access | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Allow console access (serial port or Telnet) | |
| Context | configure system security user-params local-user user string access console boolean | |
| Tree | console | |
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Allow FTP access | |
| Context | configure system security user-params local-user user string access ftp boolean | |
| Tree | ftp | |
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Allow gRPC access | |
| Context | configure system security user-params local-user user string access grpc boolean | |
| Tree | grpc | |
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Enable/disable access to LI. | |
| Context | configure system security user-params local-user user string access li boolean | |
| Tree | li | |
| Default | false | |
| Introduced | 19.10.R1 | |
|
Platforms |
All |
| Synopsis | Allow NETCONF session access | |
| Context | configure system security user-params local-user user string access netconf boolean | |
| Tree | netconf | |
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Allow SNMP access | |
| Context | configure system security user-params local-user user string access snmp boolean | |
| Tree | snmp | |
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | User level override for CLI engine access | |
| Context | configure system security user-params local-user user string cli-engine keyword | |
| Tree | cli-engine | |
| Default | md-cli | |
| Options | ||
| Max. Instances | 2 | |
Notes |
This element is ordered by the user. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the console context | |
| Context | configure system security user-params local-user user string console | |
| Tree | console | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Change password privileges | |
| Context | configure system security user-params local-user user string console cannot-change-password boolean | |
| Tree | cannot-change-password | |
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | File to execute when a user successfully logs in | |
| Context | configure system security user-params local-user user string console login-exec (sat-url | cflash-url | ftp-tftp-url | filename) | |
| Tree | login-exec | |
| String Length | 1 to 200 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | User profiles for this user | |
| Context | configure system security user-params local-user user string console member reference | |
| Tree | member | |
Reference |
configure system security aaa local-profiles profile string |
|
| Max. Instances | 8 | |
Notes |
This element is ordered by the user. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Prompt a user to change password at next console login | |
| Context | configure system security user-params local-user user string console new-password-at-login boolean | |
| Tree | new-password-at-login | |
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Home directory for the user | |
| Context | configure system security user-params local-user user string home-directory (sat-url | cflash-without-slot-url) | |
| Tree | home-directory | |
| String Length | 1 to 200 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | User password for console and FTP access | |
| Context | configure system security user-params local-user user string password string | |
| Tree | password | |
| String Length | 3 to 136 | |
Notes |
This element is mandatory. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the public-keys context | |
| Context | configure system security user-params local-user user string public-keys | |
| Tree | public-keys | |
Description |
Commands in this context configure public keys for SSH. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the ecdsa context | |
| Context | configure system security user-params local-user user string public-keys ecdsa | |
| Tree | ecdsa | |
Description |
Commands in this context configure Elliptic Curve Digital Signature Algorithm (ECDSA) public keys. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the ecdsa-key list instance | |
| Context | configure system security user-params local-user user string public-keys ecdsa ecdsa-key number | |
| Tree | ecdsa-key | |
Description |
Commands in this context configure an ECDSA public key and associate the key with a username. A user can associate multiple public keys with a username. The key ID identifies these keys for the user. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | ECDSA public key identifier | |
| Context | configure system security user-params local-user user string public-keys ecdsa ecdsa-key number | |
| Range | 1 to 32 | |
Notes |
This element is part of a list key. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Text description | |
| Context | configure system security user-params local-user user string public-keys ecdsa ecdsa-key number description string | |
| Tree | description | |
| String Length | 1 to 80 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | ECDSA public key value | |
| Context | configure system security user-params local-user user string public-keys ecdsa ecdsa-key number key-value string | |
| Tree | key-value | |
Description |
This command configures a value for the ECDSA public key. The public key must be enclosed in quotation marks. For ECDSA, the key is between 1 and 1024 bits. |
|
| String Length | 1 to 255 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the rsa context | |
| Context | configure system security user-params local-user user string public-keys rsa | |
| Tree | rsa | |
Description |
Commands in this context configure RSA public keys. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the rsa-key list instance | |
| Context | configure system security user-params local-user user string public-keys rsa rsa-key number | |
| Tree | rsa-key | |
Description |
Commands in this context configure an RSA public key and associate the key with a username. A user can associate multiple public keys with a username. The key ID identifies these keys for the user. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | RSA public key identifier | |
| Context | configure system security user-params local-user user string public-keys rsa rsa-key number | |
| Range | 1 to 32 | |
Notes |
This element is part of a list key. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Text description | |
| Context | configure system security user-params local-user user string public-keys rsa rsa-key number description string | |
| Tree | description | |
| String Length | 1 to 80 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | RSA public key value | |
| Context | configure system security user-params local-user user string public-keys rsa rsa-key number key-value string | |
| Tree | key-value | |
Description |
This command configures a value for the RSA public key. The public key must be enclosed in quotation marks. For RSA, the key is between 768 and 4096 bits. |
|
| String Length | 1 to 800 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Restrict file access to the home directory of the user | |
| Context | configure system security user-params local-user user string restricted-to-home boolean | |
| Tree | restricted-to-home | |
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Enter the snmp context | |
| Context | configure system security user-params local-user user string snmp | |
| Tree | snmp | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enable the authentication context | |
| Context | configure system security user-params local-user user string snmp authentication | |
| Tree | authentication | |
Description |
Commands in this context configure the SNMPv3 authentication and privacy protocols for the user to communicate with the router. The keys are stored in an encrypted format in the configuration. The keys configured with these commands must be localized keys, which are a hash of the SNMP engine ID and a password. The password is not entered directly in this command. Use the tools perform system management-interface snmp generate-key command to generate localized authentication and privacy keys. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Localized authentication key | |
| Context | configure system security user-params local-user user string snmp authentication authentication-key string | |
| Tree | authentication-key | |
Description |
This command specifies the authentication key for the authentication protocol. The key must be a localized key, which is a hash of the SNMP engine ID and a password. The password is not entered directly in this command. Use the tools perform system management-interface snmp generate-key command to generate a localized authentication key. |
|
| String Length | 1 to 115 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Authentication protocol | |
| Context | configure system security user-params local-user user string snmp authentication authentication-protocol keyword | |
| Tree | authentication-protocol | |
| Options | ||
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Enable the privacy context | |
| Context | configure system security user-params local-user user string snmp authentication privacy | |
| Tree | privacy | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Localized privacy key | |
| Context | configure system security user-params local-user user string snmp authentication privacy privacy-key string | |
| Tree | privacy-key | |
Description |
This command specifies the privacy key for the privacy protocol. The key must be a localized key, which is a hash of the SNMP engine ID and a password. The password is not entered directly in this command. Use the tools perform system management-interface snmp generate-key command to generate a localized privacy key. |
|
| String Length | 1 to 71 | |
Notes |
This element is mandatory. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Privacy protocol | |
| Context | configure system security user-params local-user user string snmp authentication privacy privacy-protocol keyword | |
| Tree | privacy-protocol | |
| Options | ||
Notes |
This element is mandatory. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | User to associate with a group name | |
| Context | configure system security user-params local-user user string snmp group string | |
| Tree | group | |
| String Length | 1 to 32 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enable the vprn-network-exceptions context | |
| Context | configure system security vprn-network-exceptions | |
| Tree | vprn-network-exceptions | |
Description |
Commands in this context configure the rate limiting attributes for processing packets with label TTL expiry received within an LSP shortcut or VPRN instances in the system and from all network IP interfaces. This includes labeled user and control plan packets, ping, and traceroute packets within GRT and VPRN, and ICMP replies. These commands do not rate limit MPLS or service OAM packets. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Limit of exception messages received | |
| Context | configure system security vprn-network-exceptions count number | |
| Tree | count | |
Description |
This command specifies the threshold limit of exception messages. If the threshold value is exceeded within the configured time interval, packets are dropped. |
|
| Range | 10 to 1000 | |
| Default | 100 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Time interval to measure exception messages | |
| Context | configure system security vprn-network-exceptions window number | |
| Tree | window | |
Description |
This command configures the time interval within which exception messages are counted. If the threshold value is exceeded within the configured time interval, packets are dropped. |
|
| Range | 1 to 60 | |
| Default | 10 | |
| Units | seconds | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | FIB assigned to the system | |
| Context | configure system selective-fib boolean | |
| Tree | selective-fib | |
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Enter the software-repository list instance | |
| Context | configure system software-repository string | |
| Tree | software-repository | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Software repository name | |
| Context | configure system software-repository string | |
| String Length | 1 to 32 | |
Notes |
This element is part of a list key. |
|
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Text description | |
| Context | configure system software-repository string description string | |
| Tree | description | |
| String Length | 1 to 80 | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Primary location for files in the software repository | |
| Context | configure system software-repository string primary-location string | |
| Tree | primary-location | |
| String Length | 1 to 180 | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Secondary location for files in the software repository | |
| Context | configure system software-repository string secondary-location string | |
| Tree | secondary-location | |
| String Length | 1 to 180 | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Tertiary location for files in the software repository | |
| Context | configure system software-repository string tertiary-location string | |
| Tree | tertiary-location | |
| String Length | 1 to 180 | |
| Introduced | 16.0.R1 | |
Platforms |
7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
| Synopsis | Enter the switch-fabric context | |
| Context | configure system switch-fabric | |
| Tree | switch-fabric | |
Description |
Commands in this context configure system level attributes related to the switch fabric. |
|
| Introduced | 20.5.R1 | |
Platforms |
7450 ESS, 7750 SR-7, 7750 SR-7s, 7750 SR-14s, 7950 XRS-20, 7950 XRS-40 |
| Synopsis | Enter the failure-recovery context | |
| Context | configure system switch-fabric failure-recovery | |
| Tree | failure-recovery | |
Description |
Commands in this context configure the attributes related to the automatic switch fabric recovery process. This process is triggered when there are two resets of an IOM/XCM due to ICC failures within a small time frame. The recovery process involves the sequential resetting of SFM in case the issues are due to one of the SFM in the ICC communication path. As the final step in the recovery process, a CPM switchover is triggered to reset the active CPM. |
|
| Introduced | 21.2.R1 | |
Platforms |
7450 ESS, 7750 SR-7, 7950 XRS-20, 7950 XRS-40 |
| Synopsis | Administrative state of the failure recovery process | |
| Context | configure system switch-fabric failure-recovery admin-state keyword | |
| Tree | admin-state | |
| Default | disable | |
| Options | ||
| Introduced | 21.2.R1 | |
Platforms |
7450 ESS, 7750 SR-7, 7950 XRS-20, 7950 XRS-40 |
| Synopsis | Number of SFMs that can fail before SFM overload state | |
| Context | configure system switch-fabric sfm-loss-threshold number | |
| Tree | sfm-loss-threshold | |
Description |
This command specifies the number of SFMs that are permitted to fail before the system goes into SFM overload state. The default value for the 7750 SR-7s is 1 and the default value for the 7750 SR-14s is 2. Users can select the SFM limit based on the number possible for the system minus one. For the 7750 SR-7s, the limit is 3 and the limit for the 7750 SR-14s is 7. |
|
| Range | 1 to 7 | |
| Introduced | 20.5.R1 | |
|
Platforms |
7750 SR-7s, 7750 SR-14s |
| Synopsis | Enter the destination-group list instance | |
| Context | configure system telemetry destination-group string | |
| Tree | destination-group | |
Description |
Commands in this context configure parameters for destination groups. |
|
| Max. Instances | 225 | |
| Introduced | 20.5.R1 | |
Platforms |
All |
| Synopsis | Destination group name | |
| Context | configure system telemetry destination-group string | |
| String Length | 1 to 32 | |
Notes |
This element is part of a list key. |
|
| Introduced | 20.5.R1 | |
Platforms |
All |
| Synopsis | Allow connection without secured transport protocol | |
| Context | configure system telemetry destination-group string allow-unsecure-connection | |
| Tree | allow-unsecure-connection | |
Description |
When configured, this command allows an unsecured connection to remote managers; TCP connections are not encrypted, including username and password information. |
|
Notes |
The following elements are part of a choice: allow-unsecure-connection or tls-client-profile. |
|
| Introduced | 20.5.R1 | |
Platforms |
All |
| Synopsis | Text description | |
| Context | configure system telemetry destination-group string description string | |
| Tree | description | |
| String Length | 1 to 80 | |
| Introduced | 20.5.R1 | |
Platforms |
All |
| Synopsis | Enter the destination list instance | |
| Context | configure system telemetry destination-group string destination (ipv4-address-no-zone | ipv6-address-no-zone | fully-qualified-domain-name) port number | |
| Tree | destination | |
| Max. Instances | 4 | |
Notes |
This element is ordered by the user. |
|
| Introduced | 20.5.R1 | |
Platforms |
All |
| Synopsis | Address of the destination within the destination group | |
| Context | configure system telemetry destination-group string destination (ipv4-address-no-zone | ipv6-address-no-zone | fully-qualified-domain-name) port number | |
| String Length | 1 to 255 | |
Notes |
This element is part of a list key. |
|
| Introduced | 20.5.R1 | |
Platforms |
All |
| Synopsis | TCP port number for the destination | |
| Context | configure system telemetry destination-group string destination (ipv4-address-no-zone | ipv6-address-no-zone | fully-qualified-domain-name) port number | |
| Range | 0 | 1 to 65535 | |
Notes |
This element is part of a list key. |
|
| Introduced | 20.5.R1 | |
Platforms |
All |
| Synopsis | Router name or VPRN service name | |
| Context | configure system telemetry destination-group string destination (ipv4-address-no-zone | ipv6-address-no-zone | fully-qualified-domain-name) port number router-instance string | |
| Tree | router-instance | |
| Introduced | 20.5.R1 | |
Platforms |
All |
| Synopsis | Enter the tcp-keepalive context | |
| Context | configure system telemetry destination-group string tcp-keepalive | |
| Tree | tcp-keepalive | |
| Introduced | 20.5.R1 | |
Platforms |
All |
| Synopsis | Administrative state of the TCP keep-alive algorithm | |
| Context | configure system telemetry destination-group string tcp-keepalive admin-state keyword | |
| Tree | admin-state | |
| Default | disable | |
| Options | ||
| Introduced | 20.5.R1 | |
Platforms |
All |
| Synopsis | Time until the first TCP keepalive probe is sent | |
| Context | configure system telemetry destination-group string tcp-keepalive idle-time number | |
| Tree | idle-time | |
| Range | 1 to 100000 | |
| Default | 600 | |
| Units | seconds | |
| Introduced | 20.5.R1 | |
Platforms |
All |
| Synopsis | Time between TCP keepalive probes | |
| Context | configure system telemetry destination-group string tcp-keepalive interval number | |
| Tree | interval | |
| Range | 1 to 100000 | |
| Default | 15 | |
| Units | seconds | |
| Introduced | 20.5.R1 | |
Platforms |
All |
| Synopsis | Number of probe retries before closing the connection | |
| Context | configure system telemetry destination-group string tcp-keepalive retries number | |
| Tree | retries | |
Description |
This command configures the number of missed TCP keepalive probes before closing the TCP connection and attempting to reach the other destinations within the same destination group. |
|
| Range | 3 to 100 | |
| Default | 4 | |
| Introduced | 20.5.R1 | |
Platforms |
All |
| Synopsis | TLS client profile assigned to the destination group | |
| Context | configure system telemetry destination-group string tls-client-profile reference | |
| Tree | tls-client-profile | |
Reference |
configure system security tls client-tls-profile string |
|
Notes |
The following elements are part of a choice: allow-unsecure-connection or tls-client-profile. |
|
| Introduced | 20.5.R1 | |
Platforms |
All |
| Synopsis | Enter the notification-bundling context | |
| Context | configure system telemetry notification-bundling | |
| Tree | notification-bundling | |
Description |
Commands in this context configure the bundling of multiple notifications into one telemetry message. |
|
| Introduced | 21.10.R1 | |
Platforms |
All |
| Synopsis | Administrative state of notification bundling | |
| Context | configure system telemetry notification-bundling admin-state keyword | |
| Tree | admin-state | |
| Default | disable | |
| Options | ||
| Introduced | 21.10.R1 | |
Platforms |
All |
| Synopsis | Maximum notifications count in telemetry message bundle | |
| Context | configure system telemetry notification-bundling max-msg-count number | |
| Tree | max-msg-count | |
| Range | 2 to 1000 | |
| Default | 100 | |
| Introduced | 21.10.R1 | |
Platforms |
All |
| Synopsis | Maximum interval when bundling of notifications occurs | |
| Context | configure system telemetry notification-bundling max-time-granularity number | |
| Tree | max-time-granularity | |
Description |
This command sets the maximum time interval during which telemetry notifications are bundled. All bundled notifications have the same timestamp, which is the timestamp of the bundle. |
|
| Range | 1 to 1000 | |
| Default | 100 | |
| Units | milliseconds | |
| Introduced | 21.10.R1 | |
Platforms |
All |
| Synopsis | Enter the persistent-subscriptions context | |
| Context | configure system telemetry persistent-subscriptions | |
| Tree | persistent-subscriptions | |
| Introduced | 20.5.R1 | |
Platforms |
All |
| Synopsis | Enter the subscription list instance | |
| Context | configure system telemetry persistent-subscriptions subscription string | |
| Tree | subscription | |
| Max. Instances | 225 | |
| Introduced | 20.5.R1 | |
Platforms |
All |
| Synopsis | Persistent subscription name | |
| Context | configure system telemetry persistent-subscriptions subscription string | |
| String Length | 1 to 32 | |
Notes |
This element is part of a list key. |
|
| Introduced | 20.5.R1 | |
Platforms |
All |
| Synopsis | Administrative state of the persistent subscription | |
| Context | configure system telemetry persistent-subscriptions subscription string admin-state keyword | |
| Tree | admin-state | |
| Default | disable | |
| Options | ||
| Introduced | 20.5.R1 | |
Platforms |
All |
| Synopsis | Text description | |
| Context | configure system telemetry persistent-subscriptions subscription string description string | |
| Tree | description | |
| String Length | 1 to 80 | |
| Introduced | 20.5.R1 | |
Platforms |
All |
| Synopsis | Name of the destination group used in the subscription | |
| Context | configure system telemetry persistent-subscriptions subscription string destination-group reference | |
| Tree | destination-group | |
Reference |
configure system telemetry destination-group string |
|
| Introduced | 20.5.R1 | |
Platforms |
All |
| Synopsis | Encoding used for telemetry notifications | |
| Context | configure system telemetry persistent-subscriptions subscription string encoding keyword | |
| Tree | encoding | |
Description |
This command specifies the encoding used for telemetry notifications as defined by the gNMI OpenConfig standard. |
|
| Default | json | |
| Options | ||
| Introduced | 20.5.R1 | |
Platforms |
All |
| Synopsis | Local IP address of packets sent from the source | |
| Context | configure system telemetry persistent-subscriptions subscription string local-source-address (ipv4-address-no-zone | ipv6-address-no-zone) | |
| Tree | local-source-address | |
| Introduced | 20.5.R1 | |
Platforms |
All |
| Synopsis | Mode for telemetry notifications | |
| Context | configure system telemetry persistent-subscriptions subscription string mode keyword | |
| Tree | mode | |
Description |
This command specifies the subscription path mode for telemetry notifications sent out for the persistent subscription. |
|
| Options | ||
| Introduced | 20.5.R1 | |
Platforms |
All |
| Synopsis | QoS marking used for telemetry notification packets | |
| Context | configure system telemetry persistent-subscriptions subscription string originated-qos-marking keyword | |
| Tree | originated-qos-marking | |
| Options | ||
| Introduced | 20.5.R1 | |
Platforms |
All |
| Synopsis | Sampling interval for the persistent subscription | |
| Context | configure system telemetry persistent-subscriptions subscription string sample-interval number | |
| Tree | sample-interval | |
Description |
This command configures the sampling interval for the persistent subscription. The interval applies only in sampling or target-defined modes. |
|
| Range | 1000 to 18446744073709551615 | |
| Default | 10000 | |
| Units | milliseconds | |
| Introduced | 20.5.R1 | |
Platforms |
All |
| Synopsis | Sensor group used in the persistent subscription | |
| Context | configure system telemetry persistent-subscriptions subscription string sensor-group reference | |
| Tree | sensor-group | |
Description |
This command specifies the sensor group to be used in the persistent subscription. If no valid paths exist in the sensor group, the configuration is accepted, however, no gRPC connection is established when persistent subscription is activated. |
|
Reference |
configure system telemetry sensor-groups sensor-group string |
|
| Introduced | 20.5.R1 | |
Platforms |
All |
| Synopsis | Enter the sensor-groups context | |
| Context | configure system telemetry sensor-groups | |
| Tree | sensor-groups | |
| Introduced | 20.5.R1 | |
Platforms |
All |
| Synopsis | Enter the sensor-group list instance | |
| Context | configure system telemetry sensor-groups sensor-group string | |
| Tree | sensor-group | |
| Max. Instances | 225 | |
| Introduced | 20.5.R1 | |
Platforms |
All |
| Synopsis | Sensor group name | |
| Context | configure system telemetry sensor-groups sensor-group string | |
| String Length | 1 to 32 | |
Notes |
This element is part of a list key. |
|
| Introduced | 20.5.R1 | |
Platforms |
All |
| Synopsis | Text description | |
| Context | configure system telemetry sensor-groups sensor-group string description string | |
| Tree | description | |
| String Length | 1 to 80 | |
| Introduced | 20.5.R1 | |
Platforms |
All |
| Synopsis | Add a list entry for path | |
| Context | configure system telemetry sensor-groups sensor-group string path string | |
| Tree | path | |
| Max. Instances | 4500 | |
| Introduced | 20.5.R1 | |
Platforms |
All |
| Synopsis | YANG model path indicating the data to be streamed | |
| Context | configure system telemetry sensor-groups sensor-group string path string | |
Description |
The command specifies the path from which data is streamed to the collector. Streamed data includes all descendants of the tree indicated by the path. |
|
| String Length | 1 to 512 | |
Notes |
This element is part of a list key. |
|
| Introduced | 20.5.R1 | |
Platforms |
All |
| Synopsis | Enter the thresholds context | |
| Context | configure system thresholds | |
| Tree | thresholds | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the cflash-cap-alarm-percent list instance | |
| Context | configure system thresholds cflash-cap-alarm-percent string | |
| Tree | cflash-cap-alarm-percent | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | cflash device name monitored for capacity | |
| Context | configure system thresholds cflash-cap-alarm-percent string | |
| String Length | 1 to 200 | |
Notes |
This element is part of a list key. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Falling threshold for the sampled statistic | |
| Context | configure system thresholds cflash-cap-alarm-percent string falling-threshold number | |
| Tree | falling-threshold | |
Description |
This command specifies a falling threshold for the sampled statistic. When the current sampled value is less than or equal to this threshold, and the value at the last sampling interval was greater than this threshold, a single threshold-crossing event is generated. A single threshold-crossing event is also generated if the first sample taken is less than or equal to this threshold and the associated startup-alarm command is equal to the falling or either values. After a falling threshold-crossing event is generated, another such event is not generated until the sampled value rises above this threshold and reaches greater than or equal to the rising-threshold command. |
|
| Range | 0 to 100 | |
| Units | percent | |
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Polling period over which data is sampled and compared | |
| Context | configure system thresholds cflash-cap-alarm-percent string interval number | |
| Tree | interval | |
Description |
This command specifies the polling interval over which the data is sampled and compared with the rising and falling thresholds. |
|
| Range | 1 to 2147483647 | |
Notes |
This element is mandatory. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Rising threshold for the sampled statistic | |
| Context | configure system thresholds cflash-cap-alarm-percent string rising-threshold number | |
| Tree | rising-threshold | |
Description |
This command specifies a rising threshold for the sampled statistic. When the current sampled value is greater than or equal to this threshold, and the value at the last sampling interval was less than this threshold, a single threshold-crossing event is generated. A single threshold crossing event is also generated if the first sample taken is greater than or equal to this threshold and the associated startup-alarm command is equal to the rising or either values. After a rising threshold-crossing event is generated, another such event is not generated until the sampled value falls below this threshold and reaches less than or equal the falling-threshold command. |
|
| Range | 0 to 100 | |
| Units | percent | |
Notes |
This element is mandatory. |
|
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Notification type specifying action when event occurs | |
| Context | configure system thresholds cflash-cap-alarm-percent string rmon-event-type keyword | |
| Tree | rmon-event-type | |
| Default | both | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Alarm type when the alarm is first created | |
| Context | configure system thresholds cflash-cap-alarm-percent string startup-alarm keyword | |
| Tree | startup-alarm | |
Description |
This command specifies the alarm type that may be sent when this alarm is first created. If the first sample is greater than or equal to the rising threshold value and startup-alarm is equal to rising or either, a single rising threshold crossing event is generated. If the first sample is less than or equal to the falling threshold value and startup-alarm is equal to falling or either, a single falling threshold crossing event is generated. |
|
| Default | either | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the cflash-cap-warn-percent list instance | |
| Context | configure system thresholds cflash-cap-warn-percent string | |
| Tree | cflash-cap-warn-percent | |
Description |
Commands in this context configure the capacity monitoring of the compact flash. The usage is monitored as a percentage of the capacity of the compact flash. The severity level is warning. Both a rising and falling threshold can be specified. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | cflash device name monitored for capacity | |
| Context | configure system thresholds cflash-cap-warn-percent string | |
| String Length | 1 to 200 | |
Notes |
This element is part of a list key. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Falling threshold for the sampled statistic | |
| Context | configure system thresholds cflash-cap-warn-percent string falling-threshold number | |
| Tree | falling-threshold | |
Description |
This command specifies a falling threshold for the sampled statistic. When the current sampled value is less than or equal to this threshold, and the value at the last sampling interval was greater than this threshold, a single threshold-crossing event is generated. A single threshold-crossing event is also generated if the first sample taken is less than or equal to this threshold and the associated startup-alarm command is equal to the falling or either values. After a falling threshold-crossing event is generated, another such event is not generated until the sampled value rises above this threshold and reaches greater than or equal to the rising-threshold command. |
|
| Range | 0 to 100 | |
| Units | percent | |
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Polling period over which data is sampled and compared | |
| Context | configure system thresholds cflash-cap-warn-percent string interval number | |
| Tree | interval | |
Description |
This command specifies the polling interval over which the data is sampled and compared with the rising and falling thresholds. |
|
| Range | 1 to 2147483647 | |
Notes |
This element is mandatory. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Rising threshold for the sampled statistic | |
| Context | configure system thresholds cflash-cap-warn-percent string rising-threshold number | |
| Tree | rising-threshold | |
Description |
This command specifies a rising threshold for the sampled statistic. When the current sampled value is greater than or equal to this threshold, and the value at the last sampling interval was less than this threshold, a single threshold-crossing event is generated. A single threshold crossing event is also generated if the first sample taken is greater than or equal to this threshold and the associated startup-alarm command is equal to the rising or either values. After a rising threshold-crossing event is generated, another such event is not generated until the sampled value falls below this threshold and reaches less than or equal the falling-threshold command. |
|
| Range | 0 to 100 | |
| Units | percent | |
Notes |
This element is mandatory. |
|
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Notification type specifying action when event occurs | |
| Context | configure system thresholds cflash-cap-warn-percent string rmon-event-type keyword | |
| Tree | rmon-event-type | |
| Default | both | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Alarm type when the alarm is first created | |
| Context | configure system thresholds cflash-cap-warn-percent string startup-alarm keyword | |
| Tree | startup-alarm | |
Description |
This command specifies the alarm type that may be sent when this alarm is first created. If the first sample is greater than or equal to the rising threshold value and startup-alarm is equal to rising or either, a single rising threshold crossing event is generated. If the first sample is less than or equal to the falling threshold value and startup-alarm is equal to falling or either, a single falling threshold crossing event is generated. |
|
| Default | either | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enable the kb-memory-use-alarm context | |
| Context | configure system thresholds kb-memory-use-alarm | |
| Tree | kb-memory-use-alarm | |
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Falling threshold for the sampled statistic | |
| Context | configure system thresholds kb-memory-use-alarm falling-threshold number | |
| Tree | falling-threshold | |
Description |
This command specifies a falling threshold for the sampled statistic. When the current sampled value is less than or equal to this threshold, and the value at the last sampling interval was greater than this threshold, a single threshold-crossing event is generated. A single threshold-crossing event is also generated if the first sample taken is less than or equal to this threshold and the associated startup-alarm command is equal to the falling or either values. After a falling threshold-crossing event is generated, another such event is not generated until the sampled value rises above this threshold and reaches greater than or equal to the rising-threshold command. |
|
| Range | -2147483648 to 2147483647 | |
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Polling period over which data is sampled and compared | |
| Context | configure system thresholds kb-memory-use-alarm interval number | |
| Tree | interval | |
Description |
This command specifies the polling interval over which the data is sampled and compared with the rising and falling thresholds. |
|
| Range | 1 to 2147483647 | |
Notes |
This element is mandatory. |
|
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Rising threshold for the sampled statistic | |
| Context | configure system thresholds kb-memory-use-alarm rising-threshold number | |
| Tree | rising-threshold | |
Description |
This command specifies a rising threshold for the sampled statistic. When the current sampled value is greater than or equal to this threshold, and the value at the last sampling interval was less than this threshold, a single threshold-crossing event is generated. A single threshold crossing event is also generated if the first sample taken is greater than or equal to this threshold and the associated startup-alarm command is equal to the rising or either values. After a rising threshold-crossing event is generated, another such event is not generated until the sampled value falls below this threshold and reaches less than or equal the falling-threshold command. |
|
| Range | -2147483648 to 2147483647 | |
Notes |
This element is mandatory. |
|
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Notification type specifying action when event occurs | |
| Context | configure system thresholds kb-memory-use-alarm rmon-event-type keyword | |
| Tree | rmon-event-type | |
| Default | both | |
| Options | ||
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Alarm type when the alarm is first created | |
| Context | configure system thresholds kb-memory-use-alarm startup-alarm keyword | |
| Tree | startup-alarm | |
Description |
This command specifies the alarm type that may be sent when this alarm is first created. If the first sample is greater than or equal to the rising threshold value and startup-alarm is equal to rising or either, a single rising threshold crossing event is generated. If the first sample is less than or equal to the falling threshold value and startup-alarm is equal to falling or either, a single falling threshold crossing event is generated. |
|
| Default | either | |
| Options | ||
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Enable the kb-memory-use-warn context | |
| Context | configure system thresholds kb-memory-use-warn | |
| Tree | kb-memory-use-warn | |
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Falling threshold for the sampled statistic | |
| Context | configure system thresholds kb-memory-use-warn falling-threshold number | |
| Tree | falling-threshold | |
Description |
This command specifies a falling threshold for the sampled statistic. When the current sampled value is less than or equal to this threshold, and the value at the last sampling interval was greater than this threshold, a single threshold-crossing event is generated. A single threshold-crossing event is also generated if the first sample taken is less than or equal to this threshold and the associated startup-alarm command is equal to the falling or either values. After a falling threshold-crossing event is generated, another such event is not generated until the sampled value rises above this threshold and reaches greater than or equal to the rising-threshold command. |
|
| Range | -2147483648 to 2147483647 | |
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Polling period over which data is sampled and compared | |
| Context | configure system thresholds kb-memory-use-warn interval number | |
| Tree | interval | |
Description |
This command specifies the polling interval over which the data is sampled and compared with the rising and falling thresholds. |
|
| Range | 1 to 2147483647 | |
Notes |
This element is mandatory. |
|
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Rising threshold for the sampled statistic | |
| Context | configure system thresholds kb-memory-use-warn rising-threshold number | |
| Tree | rising-threshold | |
Description |
This command specifies a rising threshold for the sampled statistic. When the current sampled value is greater than or equal to this threshold, and the value at the last sampling interval was less than this threshold, a single threshold-crossing event is generated. A single threshold crossing event is also generated if the first sample taken is greater than or equal to this threshold and the associated startup-alarm command is equal to the rising or either values. After a rising threshold-crossing event is generated, another such event is not generated until the sampled value falls below this threshold and reaches less than or equal the falling-threshold command. |
|
| Range | -2147483648 to 2147483647 | |
Notes |
This element is mandatory. |
|
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Notification type specifying action when event occurs | |
| Context | configure system thresholds kb-memory-use-warn rmon-event-type keyword | |
| Tree | rmon-event-type | |
| Default | both | |
| Options | ||
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Alarm type when the alarm is first created | |
| Context | configure system thresholds kb-memory-use-warn startup-alarm keyword | |
| Tree | startup-alarm | |
Description |
This command specifies the alarm type that may be sent when this alarm is first created. If the first sample is greater than or equal to the rising threshold value and startup-alarm is equal to rising or either, a single rising threshold crossing event is generated. If the first sample is less than or equal to the falling threshold value and startup-alarm is equal to falling or either, a single falling threshold crossing event is generated. |
|
| Default | either | |
| Options | ||
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Enter the rmon context | |
| Context | configure system thresholds rmon | |
| Tree | rmon | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the alarm list instance | |
| Context | configure system thresholds rmon alarm number | |
| Tree | alarm | |
| Max. Instances | 1200 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Index ID for an entry in the alarm table | |
| Context | configure system thresholds rmon alarm number | |
| Range | 0 to 65400 | |
Notes |
This element is part of a list key. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | RMON event ID for falling threshold crossing event | |
| Context | configure system thresholds rmon alarm number falling-event number | |
| Tree | falling-event | |
| Range | 0 to 65400 | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Falling threshold for the sampled statistic | |
| Context | configure system thresholds rmon alarm number falling-threshold number | |
| Tree | falling-threshold | |
Description |
This command specifies a falling threshold for the sampled statistic. When the current sampled value is less than or equal to this threshold and the value at the last sampling interval was greater than this threshold, a single threshold crossing event is generated. A single threshold crossing event is also generated if the first sample taken is less than or equal to this threshold and the associated startup-alarm command is set to falling or either. After a falling threshold crossing event is generated, another such event is not generated until the sampled value exceeds this threshold and reaches or exceeds the rising-threshold command setting. |
|
| Range | -2147483648 to 2147483647 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Polling period over which data is sampled and compared | |
| Context | configure system thresholds rmon alarm number interval number | |
| Tree | interval | |
Description |
This command specifies the polling interval over which the data is sampled and compared with the rising and falling thresholds |
|
| Range | 1 to 2147483647 | |
Notes |
This element is mandatory. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | RMON event ID for rising threshold crossing event | |
| Context | configure system thresholds rmon alarm number rising-event number | |
| Tree | rising-event | |
| Range | 0 to 65400 | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Rising threshold for the sampled statistic | |
| Context | configure system thresholds rmon alarm number rising-threshold number | |
| Tree | rising-threshold | |
Description |
This command specifies the rising threshold for the sampled statistic. When the current sampled value is greater than or equal to this threshold and the value at the last sampling interval was below this threshold, a single threshold crossing event is generated. A single threshold crossing event is also generated if the first sample taken is greater than or equal to this threshold and the associated startup-alarm command is set to rising or either. After a rising threshold crossing event is generated, another such event is not generated until the sampled value falls below this threshold and reaches or falls below the falling-threshold command setting. |
|
| Range | -2147483648 to 2147483647 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Sampling type for value comparison with thresholds | |
| Context | configure system thresholds rmon alarm number sample-type keyword | |
| Tree | sample-type | |
| Default | absolute | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Alarm to send when this entry is first set to valid | |
| Context | configure system thresholds rmon alarm number startup-alarm keyword | |
| Tree | startup-alarm | |
| Default | either | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Object identifier to sample the specific variable | |
| Context | configure system thresholds rmon alarm number variable-oid string | |
| Tree | variable-oid | |
| String Length | 1 to 255 | |
Notes |
This element is mandatory. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the event list instance | |
| Context | configure system thresholds rmon event number | |
| Tree | event | |
| Max. Instances | 1200 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Index ID for an entry in the event table | |
| Context | configure system thresholds rmon event number | |
| Range | 1 to 65400 | |
Notes |
This element is part of a list key. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Text description | |
| Context | configure system thresholds rmon event number description string | |
| Tree | description | |
| String Length | 1 to 80 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Notification action to be taken when the event occurs | |
| Context | configure system thresholds rmon event number event-type keyword | |
| Tree | event-type | |
| Default | both | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Time to end Daylight Savings Time in hh:mm format | |
| Context | configure system time dst-zone string end hours-minutes string | |
| Tree | hours-minutes | |
| String Length | 5 | |
| Default | 00:00 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Time to start Daylight Savings Time in hh:mm format | |
| Context | configure system time dst-zone string start hours-minutes string | |
| Tree | hours-minutes | |
| String Length | 5 | |
| Default | 00:00 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Administrative state of NTP execution | |
| Context | configure system time ntp admin-state keyword | |
| Tree | admin-state | |
| Default | disable | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Reject NTP PDUs that do not match the authentication key-id, type, or key requirements | |
| Context | configure system time ntp authentication-check boolean | |
| Tree | authentication-check | |
| Default | true | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Enter the authentication-key list instance | |
| Context | configure system time ntp authentication-key number | |
| Tree | authentication-key | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Index of the NTP authentication key table that uniquely identifies an authentication key and type | |
| Context | configure system time ntp authentication-key number | |
| Range | 1 to 255 | |
Notes |
This element is part of a list key. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Interface to transmit or receive NTP broadcast packets | |
| Context | configure system time ntp broadcast reference interface-name string | |
| String Length | 1 to 32 | |
Notes |
This element is part of a list key. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the broadcast-client list instance | |
| Context | configure system time ntp broadcast-client string interface-name string | |
| Tree | broadcast-client | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Router name or VPRN service name | |
| Context | configure system time ntp broadcast-client string interface-name string | |
Notes |
This element is part of a list key. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Interface to transmit or receive NTP broadcast packets | |
| Context | configure system time ntp broadcast-client string interface-name string | |
| String Length | 1 to 32 | |
Notes |
This element is part of a list key. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enforce authentication of NTP PDUs | |
| Context | configure system time ntp broadcast-client string interface-name string authenticate boolean | |
| Tree | authenticate | |
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | NTP version number generated by the node | |
| Context | configure system time ntp multicast version number | |
| Tree | version | |
Description |
This command specifies the NTP version number that is generated by the node. This command does not need to be configured when in client mode, in which case all three versions are accepted. |
|
| Range | 2 to 4 | |
| Default | 4 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enable the multicast-client context | |
| Context | configure system time ntp multicast-client | |
| Tree | multicast-client | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enforce authentication of NTP PDUs | |
| Context | configure system time ntp multicast-client authenticate boolean | |
| Tree | authenticate | |
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Enable the ntp-server context | |
| Context | configure system time ntp ntp-server | |
| Tree | ntp-server | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Authentication of NTP PDUs when acting as a server | |
| Context | configure system time ntp ntp-server authenticate boolean | |
| Tree | authenticate | |
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | IP address of the peer for a peering relationship | |
| Context | configure system time ntp peer (ipv4-address-no-zone | ipv6-address-no-zone) router-instance string | |
Notes |
This element is part of a list key. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Router name or VPRN service name | |
| Context | configure system time ntp peer (ipv4-address-no-zone | ipv6-address-no-zone) router-instance string | |
Notes |
This element is part of a list key. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | NTP version number generated by the node | |
| Context | configure system time ntp peer (ipv4-address-no-zone | ipv6-address-no-zone) router-instance string version number | |
| Tree | version | |
Description |
This command specifies the NTP version number that is generated by the node. This command does not need to be configured when in client mode, in which case all three versions are accepted. |
|
| Range | 2 to 4 | |
| Default | 4 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | IP address of an external NTP server | |
| Context | configure system time ntp server (ipv4-address-no-zone | ipv6-address-no-zone | keyword) router-instance string | |
| Options | ||
Notes |
This element is part of a list key. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Router name or VPRN service name | |
| Context | configure system time ntp server (ipv4-address-no-zone | ipv6-address-no-zone | keyword) router-instance string | |
Notes |
This element is part of a list key. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | NTP version number generated by the node | |
| Context | configure system time ntp server (ipv4-address-no-zone | ipv6-address-no-zone | keyword) router-instance string version number | |
| Tree | version | |
Description |
This command specifies the NTP version number that is generated by the node. This command does not need to be configured when in client mode, in which case all three versions are accepted. |
|
| Range | 2 to 4 | |
| Default | 4 | |
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Use local time over UTC time in the system | |
| Context | configure system time prefer-local-time boolean | |
| Tree | prefer-local-time | |
Description |
When configured to true, the system uses local time. This preference is applied to objects such as log file names, created and completed times reported in log files, NETCONF and gRPC date-and-time leafs, and rollback times displayed in show command outputs. When configured to false, the system uses UTC time. Note: The timezone used for show command outputs during a CLI session can be controlled using the environment time-display command. Note: The format used for the date-time strings may change, depending on the command setting. For example, when this command is set to true, all date-time strings include a suffix of three to five characters that indicates the timezone used. Note: The time format for timestamps on log events is controlled on a per-log basis, using the configure log log-id time-format command. |
|
| Default | false | |
| Introduced | 16.0.R1 | |
|
Platforms |
All |
| Synopsis | Administrative state of SNTP | |
| Context | configure system time sntp admin-state keyword | |
| Tree | admin-state | |
| Default | disable | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Mode for Simple Network Time Protocol (SNTP) | |
| Context | configure system time sntp sntp-state keyword | |
| Tree | sntp-state | |
| Default | unicast | |
| Options | ||
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the non-standard context | |
| Context | configure system time zone non-standard | |
| Tree | non-standard | |
Notes |
The following elements are part of a choice: non-standard or standard. |
|
| Introduced | 16.0.R1 | |
Platforms |
All |
| Synopsis | Enter the transmission-profile list instance | |
| Context | configure system transmission-profile string | |
| Tree | transmission-profile | |
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | File transmission profile name | |
| Context | configure system transmission-profile string | |
| String Length | 1 to 32 | |
Notes |
This element is part of a list key. |
|
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | IPv4 source address used for the transport protocol | |
| Context | configure system transmission-profile string ipv4-source-address string | |
| Tree | ipv4-source-address | |
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | IPv6 source address used for the transport protocol | |
| Context | configure system transmission-profile string ipv6-source-address string | |
| Tree | ipv6-source-address | |
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Maximum level of redirection | |
| Context | configure system transmission-profile string redirection number | |
| Tree | redirection | |
| Range | 1 to 8 | |
| Introduced | 16.0.R4 | |
|
Platforms |
All |
| Synopsis | Number of attempts to reconnecting to the server | |
| Context | configure system transmission-profile string retry number | |
| Tree | retry | |
| Range | 1 to 256 | |
| Introduced | 16.0.R4 | |
|
Platforms |
All |
| Synopsis | Router instance used by the transport protocol | |
| Context | configure system transmission-profile string router-instance string | |
| Tree | router-instance | |
| String Length | 1 to 64 | |
| Default | Base | |
| Introduced | 16.0.R4 | |
Platforms |
All |
| Synopsis | Timeout for a response from the server | |
| Context | configure system transmission-profile string timeout number | |
| Tree | timeout | |
| Range | 1 to 3600 | |
| Default | 60 | |
| Units | seconds | |
| Introduced | 16.0.R4 | |
Platforms |
All |