COMMAND DESCRIPTION     15/190 82-CRA 119 1170/1-V1 Uen A

Commands: r

Copyright

© Copyright Ericsson AB 2009. All rights reserved.

Disclaimer

No part of this document may be reproduced in any form without the written permission of the copyright owner. The contents of this document are subject to revision without notice due to continued progress in methodology, design and manufacturing. Ericsson shall have no liability for any error or damage of any kind resulting from the use of this document.

Trademark List

Contents

1   Command Descriptions

Commands starting with “r” are included.

1.1   ra

1.1.1   Purpose

Configures options and settings for router advertisement (RA) messages.

1.1.2   Command Mode

• ND router configuration
• ND router interface configuration

1.1.3   Syntax Description

1.1.4   Default

RA messages are not configured for any ND router or ND router interface.

1.1.5   Usage Guidelines

Use the ra command to configure options and settings for RA messages. In ND router configuration mode, this command configures RA for all interfaces; in ND router interface mode, it configures RA for this ND router interface. If specified, the interface parameters override the global parameters. Enter this command multiple times to configure more than one parameter.

Use the no or default form of this command to remove RA messages from the configuration for this ND router or ND router interface.

1.1.6   Examples

The following example configures RA for this ND router with a retransmission interval of 60 seconds and a lifetime of six minutes (360 seconds):

[local]Redback(config)#context local

[local]Redback(config-ctx)#router nd

[local]Redback(config-nd)#ra interval 60

[local]Redback(config-nd)#ra lifetime 360

The following example suppresses RA for the int1 ND router interface:

[local]Redback(config)#context local

[local]Redback(config-ctx)#router nd

[local]Redback(config-nd)#interface int1

[local]Redback(config-nd-if)#ra suppress

1.2   radius accounting algorithm

1.2.1   Purpose

Specifies a load-balancing algorithm to use among multiple Remote Authentication Dial-In User Service (RADIUS) accounting servers.

1.2.2   Command Mode

context configuration

1.2.3   Syntax Description

1.2.4   Default

The SmartEdge router uses the first configured RADIUS server first.

1.2.5   Usage Guidelines

Use the radius accounting algorithm command to specify a load-balancing algorithm to use among multiple RADIUS accounting servers.

Use the default form of this command to reset the load-balancing algorithm to use the first configured RADIUS server first.

1.2.6   Examples

The following example sets the load-balancing algorithm to round-robin:

[local]Redback(config-ctx)#radius accounting algorithm round-robin

1.3   radius accounting deadtime

1.3.1   Purpose

Sets the interval during which the SmartEdge router treats a nonresponsive Remote Authentication Dial-In User Service (RADIUS) accounting server as “dead.”

1.3.2   Command Mode

context configuration

1.3.3   Syntax Description

1.3.4   Default

The waiting interval is five minutes.

1.3.5   Usage Guidelines

Use the radius accounting deadtime command to set the interval during which the SmartEdge router treats a nonresponsive RADIUS accounting server as “dead.” During the interval, the SmartEdge router tries to reach another RADIUS accounting server; after the interval expires, the SmartEdge router tries again to reach the accounting server. If there is no response, the RADIUS accounting server remains marked as “dead” and the timer is set again to the configured interval.

If you disable this feature (with the 0 value), the SmartEdge router never waits but attempts to reach the server immediately.

Note:  

You must configure at least one RADIUS accounting server using the radius accounting server command (in context configuration mode) prior to entering this command.

Use the default form of this command to specify the default interval.

1.3.6   Examples

The following example sets the deadtime interval to 10 minutes:

[local]Redback(config-ctx)#radius accounting deadtime 10

1.4   radius accounting max-outstanding

1.4.1   Purpose

Modifies the number of simultaneous outstanding accounting requests that can be sent by the SmartEdge router to Remote Authentication Dial-In User Service (RADIUS) accounting servers.

1.4.2   Command Mode

context configuration

1.4.3   Syntax Description

1.4.4   Default

The number of simultaneous outstanding accounting requests sent by the SmartEdge router is 256.

1.4.5   Usage Guidelines

Use the radius accounting max-outstanding to modify the number of simultaneous outstanding accounting requests that can be sent by the SmartEdge router to RADIUS accounting servers.

Use this command if the RADIUS servers cannot handle the default of 256 simultaneous outstanding accounting requests that the SmartEdge router can send to RADIUS accounting servers configured within the context.

Use the no or default form of this command to reset the maximum number of allowable outstanding requests to 256.

1.4.6   Examples

The following example limits the number of simultaneous outstanding requests to 128:

[local]Redback(config-ctx)#radius accounting max-outstanding 128

1.5   radius accounting max-retries

1.5.1   Purpose

Modifies the number of retransmission attempts the SmartEdge router makes to a Remote Authentication Dial-In User Service (RADIUS) server in the event that no response is received from the server within the timeout period.

1.5.2   Command Mode

context configuration

1.5.3   Syntax Description

1.5.4   Default

The SmartEdge router sends three retransmissions.

1.5.5   Usage Guidelines

Use the radius accounting max-retries command to modify the number of retransmission attempts the SmartEdge router makes to a RADIUS accounting server in the event that no response is received from the server within the timeout period.

If an acknowledgment is not received, each successive, configured server is tried (wrapping from the last server to the first, if necessary) until the maximum number of retransmissions is reached.

Use the default form of this command to reset the number of retries to 3.

1.5.6   Examples

The following example sets the retransmit value to 5:

[local]Redback(config-ctx)#radius accounting max-retries 5

The following example resets the retransmit value to the default of 3:

[local]Redback(config-ctx)#default radius accounting max-retries

1.6   radius accounting send-acct-on-off

1.6.1   Purpose

Enables the sending of “accounting on” and “accounting off” messages to all Remote Authentication Dial-In User Service (RADIUS) accounting servers that are configured in the current context.

1.6.2   Command Mode

context configuration

1.6.3   Syntax Description

This command has no keywords or arguments.

1.6.4   Default

Accounting on and accounting off messages are sent.

1.6.5   Usage Guidelines

Use the radius accounting send-acct-on-off command to enable the sending of accounting on and accounting off messages to all RADIUS accounting servers that are configured in the current context.

The SmartEdge router sends messages to RADIUS accounting servers in various circumstances:

• An Accounting-On message is sent when you enable RADIUS accounting in a context; this message is sent to all RADIUS accounting servers configured within the context. This type of message is also sent when you add a new RADIUS accounting server; however, the message is only sent to the newly added RADIUS accounting server.
• An Accounting-off message is sent when you disable RADIUS accounting within a context; this message is sent to all RADIUS accounting servers configured in a context. If you remove a single RADIUS accounting server, the message is only sent to the newly removed RADIUS accounting server.

  Note:  

  The SmartEdge router attempts to send a single accounting on message when more than one type of RADIUS accounting is enabled. For example, if you enable both subscriber accounting and L2TP accounting, the SmartEdge router sends a single accounting on message to each RADIUS accounting server, even if you enable L2TP accounting at a later time.

  Similarly, the accounting off message is not sent until you have disabled all types of RADIUS accounting.

  
  

Use the no form of this command to prevent the SmartEdge router from sending these messages.

Use the default form of this command to return the system to its default behavior.

1.6.6   Examples

The following example disables the sending of accounting on and off messages to all other RADIUS accounting servers in the local context:

[local]Redback(config)#context local

[local]Redback(config-ctx)#no radius send-acct-on-off

1.7   radius accounting server

1.7.1   Purpose

Configures the IP address or hostname of a Remote Authentication Dial-In User Service (RADIUS) accounting server.

1.7.2   Command Mode

context configuration

1.7.3   Syntax Description

1.7.4   Default

RADIUS accounting server hostnames and IP addresses are not preconfigured. The UDP accounting port is 1813.

1.7.5   Usage Guidelines

Use the radius accounting server command to configure the IP address or hostname of a RADIUS accounting server. Use this command multiple times to configure up to five RADIUS accounting servers per context. To use the hostname argument, you must enable DNS; for more information, see Configuring Channels and Clear-Channel and Channelized Ports.

Note:  

To enable accounting to be performed by RADIUS, you must also enter the aaa accounting subscriber command (in context configuration mode); for more information, see Configuring Bridging.

Use the no form of this command to delete a previously configured RADIUS accounting server.

1.7.6   Examples

The following example configures a RADIUS accounting server IP address of 10.3.3.3 with the key, secret, using port 4445 for accounting:

[local]Redback(config-ctx)#radius accounting server 10.3.3.3 key secret port 4445

1.8   radius accounting server-timeout

1.8.1   Purpose

Sets the time interval the SmartEdge router waits before marking a non-responsive Remote Authentication Dial-In User Service (RADIUS) accounting server as “dead.”

1.8.2   Command Mode

context configuration

1.8.3   Syntax Description

1.8.4   Default

The maximum time interval is 60 seconds.

1.8.5   Usage Guidelines

Use the radius accounting server-timeout command to set the time interval the SmartEdge router waits before marking a non-responsive RADIUS accounting server as “dead.”

The SmartEdge router marks a RADIUS accounting server as “dead” when no response is received to any RADIUS requests during the time period specified by the interval argument. Setting the value to 0 disables this feature; in this case, no RADIUS accounting server is marked as “dead.”

Use the default form of this command to specify the default interval.

1.8.6   Examples

The following example sets the waiting interval to 80 seconds:

[local]Redback(config-ctx)#radius accounting server-timeout 80

1.9   radius accounting timeout

1.9.1   Purpose

Sets the maximum time the SmartEdge router waits for a response from a Remote Authentication Dial-In User Service (RADIUS) accounting server before assuming that a packet is lost, or that the RADIUS accounting server is unreachable.

1.9.2   Command Mode

context configuration

1.9.3   Syntax Description

1.9.4   Default

The maximum time is 10 seconds.

1.9.5   Usage Guidelines

Use the radius accounting timeout command to set the maximum time the SmartEdge router waits for a response from a RADIUS accounting server before assuming that a packet is lost, or that the RADIUS accounting server is unreachable.

Use the default form of this command to specify the default interval.

1.9.6   Examples

The following example sets the timeout interval to 30 seconds:

[local]Redback(config-ctx)#radius accounting timeout 30

1.10   radius algorithm

1.10.1   Purpose

Specifies the algorithm to use among multiple Remote Authentication Dial-In User Service (RADIUS) servers.

1.10.2   Command Mode

context configuration

1.10.3   Syntax Description

1.10.4   Default

The SmartEdge router queries the first configured server first.

1.10.5   Usage Guidelines

Use the radius algorithm command to specify the algorithm to use among multiple RADIUS servers.

Use the default form of this command to reset the SmartEdge router to query the first configured RADIUS server first.

1.10.6   Examples

The following example sets the algorithm to round-robin:

[local]Redback(config-ctx)#radius algorithm round-robin

1.11   radius attribute acct-delay-time

1.11.1   Purpose

Sends the Acct-Delay-Time attribute in the Remote Authentication Dial-In User Service (RADIUS) Accounting-Request packets for the current context regardless of whether the SmartEdge router had a delay in sending the accounting record to the RADIUS server.

1.11.2   Command Mode

context configuration

1.11.3   Syntax Description

This command has no keywords or arguments.

1.11.4   Default

The Acct-Delay-Time attribute is only sent in RADIUS Accounting-Request packets for the current context, if there is a delay in sending the accounting record.

1.11.5   Usage Guidelines

Use the radius attribute acct-delay-time command to send the Acct-Delay-Time attribute in RADIUS Accounting-Request packets for the current context regardless of whether the SmartEdge router had a delay in sending the accounting record to the RADIUS server. If there is no delay, the SmartEdge router sets the Acct-Delay-Time attribute to 0. By default, the Acct-Delay-Time attribute is sent in RADIUS Accounting-Request packets for the current context only if there is a delay in sending the accounting record to the RADIUS server.

Standard RADIUS attribute 41, Acct-Delay-Time, is described in RADIUS Attributes.

Use the no or default form of this command to reset the SmartEdge router behavior to the default condition.

1.11.6   Examples

The following example shows how to configure the SmartEdge router to send the Acct-Delay-Time attribute in RADIUS Accounting-Request packets:

[local]Redback(config-ctx)#radius attribute acct-delay-time

1.12   radius attribute acct-session-id

1.12.1   Purpose

Sends the Acct-Session-Id attribute in Remote Authentication Dial-In User Service (RADIUS) Access-Request packets for the current context.

1.12.2   Command Mode

context configuration

1.12.3   Syntax Description

1.12.4   Default

The Acct-Session-Id attribute is only sent in Accounting-Request packets.

1.12.5   Usage Guidelines

Use the radius attribute acct-session-id command to send the Acct-Session-Id attribute in RADIUS Access-Request packets for the current context.

This command affects only subscriber sessions, not administrator sessions.

Standard RADIUS attribute 41, Acct-Session-Id, is described in RADIUS Attributes.

Use the no or default form of this command to disable the sending of the Acct-Session-Id attribute in Access-Request packets.

1.12.6   Examples

The following example configures the SmartEdge router to send the Acct-Session-Id attribute in RADIUS access-request packets:

[local]Redback(config-ctx)#radius attribute acct-session-id access-request

1.13   radius attribute acct-terminate-cause remap

1.13.1   Purpose

Enables the remapping of Redback account termination error codes and accesses terminate error cause configuration mode.

1.13.2   Command Mode

global configuration

1.13.3   Syntax Description

This command has no keywords or arguments.

1.13.4   Default

Remapping of account termination error codes is disabled.

1.13.5   Usage Guidelines

Use the radius attribute acct-terminate-cause remap command to enable the remapping of Redback account termination error codes and access terminate error cause configuration mode. By default, the SmartEdge router maps a Redback termination error code to a Remote Authentication Dial-In User Service (RADIUS) Attribute 49 (Acct-Terminate-Cause) terminate cause error code, which it sends in RADIUS Accounting-Stop packets. RADIUS attribute 49 terminate cause error codes and their definitions are included in RFC 2866, RADIUS Accounting. RADIUS Attributes lists the default mapping of Redback account termination error codes to RADIUS attribute 49 error codes.

Use the no form of this command to remove the remapping of all Redback account termination error codes.

1.13.6   Examples

The following example enables the remapping of Redback account termination error codes:

[local]Redback(config)#radius attribute acct-terminate-cause remap

[local]Redback(config-term-ec)#

1.14   radius attribute acct-tunnel-connection l2tp-call-serial-num

1.14.1   Purpose

Sends a Layer 2 Tunneling Protocol (L2TP) call serial number type value in the Acct-Tunnel-Connection attribute in Remote Authentication Dial-In User Service (RADIUS) packets for the current context, when the SmartEdge router is functioning as an L2TP access concentrator (LAC).

1.14.2   Command Mode

context configuration

1.14.3   Syntax Description

This command has no keywords or arguments.

1.14.4   Default

When functioning as a LAC, the SmartEdge router sends an L2TP session ID type value in the Acct-Tunnel-Connection attribute.

1.14.5   Usage Guidelines

Use the radius attribute acct-tunnel-connection l2tp-call-serial-num command to send an L2TP call serial number ID type value in the Acct-Tunnel-Connection attribute in the RADIUS packets for the current context, when the SmartEdge router is functioning as a LAC. This enables the RADIUS server to correlate the ID type values received from the SmartEdge router and those received from L2TP network server (LNS) devices when it attempts to authenticate Point-to-Point Protocol over Ethernet (PPPoE) sessions. (LNS) devices send L2TP call serial numbers in the Acct-Tunnel-Connection attribute by default.)

This command affects only subscriber sessions, not administrator sessions.

Standard RADIUS attribute 68, Acct-Tunnel-Connection, is described in RADIUS Attributes.

Use the no or default form of this command to remove a tunnel with the RADIUS server from either a LAC or LNS.

1.14.6   Examples

The following example configures the SmartEdge router, when functioning as a LAC, to send the L2TP call serial number in the Acct-Tunnel-Connection attribute to the RADIUS server:

[local]Redback(config-ctx)#radius attribute acct-tunnel-connection l2tp-call-serial-num

1.15   radius attribute calling-station-id

1.15.1   Purpose

Using the specified format, sends the Calling-Station-Id attribute in Remote Authentication Dial-In User Service (RADIUS) Access-Request and Accounting-Request packets for the current context.

1.15.2   Command Mode

context configuration

1.15.3   Syntax Description

1.15.4   Default

The Calling-Station-Id attribute is not sent.

1.15.5   Usage Guidelines

Use the radius attribute calling-station-id command to send the Calling-Station-Id attribute, using the specified format, in RADIUS Access-Request and Accounting-Request packets for the current context.

If you specify the media keyword, you can customize the format for ATM or Ethernet subscribers or for both. The default format is valid for all circuit types.

If you specify the agent-circuit-id keyword, you can also specify the agent-remote-id keyword.

If you specify the agent-circuit-id non-ascii keywords, you can also specify the agent-remote-id non-ascii keywords.

For Dynamic Host Configuration Protocol (DHCP) clients, the information for the Calling-Station-Id attribute is extracted from the suboption1 information in option 82 of the DHCP request packet; for Point-to-Point Protocol over Ethernet (PPPoE) clients, the information is extracted in the PPPoE Active Discovery Request (PADR) packet.

If the agent-circuit-id keyword is specified, but the circuit agent ID information is not present in the DHCP request packet or in the PADR packet sent by the client, the SmartEdge router inserts the “Agent-Circuit-Id Not Present” string.

If the agent-remote-id keyword is specified, but the remote agent ID information is not present in the DHCP request packet or in the PADR packet sent by the client, the SmartEdge router inserts the “Agent-Remote-Id Not Present” string.

For Asynchronous Transfer Mode (ATM) permanent virtual circuits (PVCs), the format for the slot-port keyword is #Hostname#slot/port#VPI#VCI; the description format is #Hostname#VC description#VPI#VCI.

Note:  

If the description keyword is used, but the description of the ATM PVC itself has not been configured using the description command (in ATM PVC configuration mode), the SmartEdge router defaults to the slot-port format.

For virtual LANs (VLANs), the formats for the slot-port keyword and description keyword, respectively, are:

• #Hostname#slot/port#Vlan-ID
• #Hostname#Vlan description#Vlan-ID

Use the no form of this command to disable the sending of the Calling-Station-Id attribute.

Use the default form of this command to specify the default separator. To change the default separator character, specify the separator keyword and character to use as the separator.

1.15.6   Examples

The following example sends the Calling-Station-Id attribute using the slot-port format and inserts agent-circuit-id and agent-remote-id information into Access-Request and Accounting-Request packets:

[local]Redback(config-ctx)#radius attribute calling-station-id format slot-port agent-circuit-id agent-remote-id separator #

The format in which the Calling-Station-Id attribute is sent for VLAN connections is as follows:

hostname#slot#port#(VLAN ID)#(Agent-Circuit-Id)#(Agent-Remote-Id)

The following example configures the context so that the Calling-Station-Id attribute is sent in Access-Request and Accounting-Request packets using a slash (/) as the separator character:

[local]Redback(config-ctx)#radius attribute calling-station-id separator /

1.16   radius attribute filter-id

1.16.1   Purpose

Specifies the behavior of the SmartEdge router when it receives a Remote Authentication Dial-In User Service (RADIUS) Filter-Id attribute that does not specify a direction and there is an access control list (ACL) applied to the circuit.

1.16.2   Command Mode

• context configuration

1.16.3   Syntax Description

1.16.4   Default

If the Filter-Id attribute does not include a direction, the SmartEdge router applies the ACL to outbound packets only.

1.16.5   Usage Guidelines

Use the radius attribute filter-id command to specify the behavior of the SmartEdge router when it receives a RADIUS Filter-Id attribute that does not specify a direction and there is an ACL applied to the circuit. The choice of behavior depends on the nature of the ACL and the type of data that is exchanged.

The following sequence determines how the SmartEdge router applies the ACL:

• If the Filter-Id attribute includes a direction, it is honored.
• If the Filter-Id attribute does not include a direction, and you have configured this command, the SmartEdge router determines the direction from the configuration for this command.
• If the Filter-Id attribute does not include a direction, and this command is not configured, the SmartEdge router applies the ACL to outbound packets only (the default condition).

Use the no or default form of this command to specify the default condition.

1.16.6   Examples

The following example specifies that the ACL be applied to inbound packets only:

[local]Redback(config)#context local

[local]Redback(config-ctx)#radius attribute filter-id in

1.17   radius attribute nas-identifier

1.17.1   Purpose

Includes the network access server (NAS)-Identifier attribute in Remote Authentication Dial-In User Service (RADIUS) Access-Request and Accounting-Request packets sent by the SmartEdge router.

1.17.2   Command Mode

context configuration

1.17.3   Syntax Description

1.17.4   Default

The NAS-Identifier attribute is not sent.

1.17.5   Usage Guidelines

Use the radius attribute nas-identifier command to include the NAS-Identifier attribute in RADIUS Access-Request and Accounting-Request packets sent by the SmartEdge router.

Standard RADIUS attribute 32, NAS-Identifier, is described in RADIUS Attributes

Use the no or default form of this command to specify the default behavior.

1.17.6   Examples

The following example shows how to configure the NAS-Identifier in RADIUS Access-Request and Accounting-Request packets sent by the SmartEdge router:

[local]Redback(config-ctx)#radius attribute nas-identifier somearbritrarystring

1.18   radius attribute nas-ip-address

1.18.1   Purpose

Includes the network access server (NAS)-IP-Address attribute in Remote Authentication Dial-In User Service (RADIUS) Access-Request and Accounting-Request packets sent by the SmartEdge router.

1.18.2   Command Mode

context configuration

1.18.3   Syntax Description

1.18.4   Default

The NAS-IP-Address attribute is not sent.

1.18.5   Usage Guidelines

Use the radius attribute nas-ip-address command to includes the NAS-IP-Address attribute in RADIUS Access-Request and Accounting-Request packets sent by the SmartEdge router.

Standard RADIUS attribute 4, NAS-IP-Address, is described in RADIUS Attributes.

Use the no or default form of this command to reset the SmartEdge router behavior so that the NAS-IP-Address attribute is not included.

1.18.6   Examples

The following example sends the primary IP address for interface ether21 as the source IP address in RADIUS Access-Request and Accounting-Request packets sent by the SmartEdge router:

[local]Redback(config-ctx)#radius attribute nas-ip-address interface ether21

1.19   radius attribute nas-port

1.19.1   Purpose

Modifies the format of the network access server (NAS)-Port attribute, which is sent in Remote Authentication Dial-In User Service (RADIUS) Access-Request and Accounting-Request packets for the current context.

1.19.2   Command Mode

context configuration

1.19.3   Syntax Description

1.19.4   Default

Standard RADIUS attribute 5, NAS-Port, is sent in the slot-port format. L2TP circuits (LNS or LAC), use “pseudo” formatting.

1.19.5   Usage Guidelines

Use the radius attribute nas-port command to modify the format of the NAS-Port attribute, which is sent in RADIUS Access-Request and Accounting-Request packets for the current context.

Use the radius attribute nas-port command with the no-pseudo keyword to remove “pseudo” formatting on L2TP circuits (LNS or LAC).

The standard RADIUS attribute 5, NAS-Port, is described in RADIUS Attributes.

Use the no or default form of this command to revert to the default behavior.

1.19.6   Examples

The following example sends the attribute NAS-Port using the slot-port format in RADIUS Access-Request and Accounting-Request packets for the local context:

[local]Redback(config)#context local

[local]Redback(config-ctx)#radius attribute nas-port format slot-port

1.20   radius attribute nas-port-id

1.20.1   Purpose

Modifies the format of the network access server (NAS)-Port-Id attribute, which is sent in Remote Authentication Dial-In User Service (RADIUS) Access-Request and Accounting-Request packets for the current context.

1.20.2   Command Mode

context configuration

1.20.3   Syntax Description

1.20.4   Default

Standard RADIUS attribute 87, NAS-Port-Id, is sent using the all format.

1.20.5   Usage Guidelines

Risk of interoperability loss. The NetOp Policy Manager (PM) requires the default format setting for this command to assimilate the RADIUS attribute information. To avoid loss of interoperability with NetOp PM, use this command with its default setting only.

If you specify the agent-circuit-id keyword, you can also specify the agent-remote-id keyword.

For Dynamic Host Configuration Protocol (DHCP) clients, the information for the NAS-Port-Id attribute is extracted from the suboption1 information in option 82 of the DHCP request packet; for Point-to-Point Protocol over Ethernet (PPPoE) clients, the information is extracted in the PPPoE Active Discovery Request (PADR) packet.

If the agent-circuit-id keyword is specified, but the circuit agent ID information is not present in the DHCP request packet or in the PADR packet sent by the client, the SmartEdge router inserts the “Agent-Circuit-Id Not Present” string.

If the agent-remote-id keyword is specified, but the remote agent ID information is not present in the DHCP request packet or in the PADR packet sent by the client, the SmartEdge router inserts the “Agent-Remote-Id Not Present” string.

If you specify the all keyword, the physical circuit information includes the slot, port, circuit identifier, and session identifier; the format in which the NAS-Port-Id attribute is sent is: slot/port [vpi-vci vpi vci | vlan-id [tunl-vlan-id:]pvc-vlan-id] [pppoe sess-id | clips sess-id]

The circuit identifier can be the virtual path identifier (VPI) with the virtual channel identifier (VCI), or it can be the virtual LAN (VLAN) identifier, depending on the type of circuit.

If you specify the physical keyword, the format in which the NAS-Port-Id attribute is sent is: slot/port [vpi-vci vpi vci | vlan-id [tunl-vlan-id:]pvc-vlan-id].

If you specify the modified-agent-circuit-id keyword, the system inserts the specific subscriber line information in the NAS-Port-ID attribute. Line information includes: slot/port [vpi-vci vpi vci | vlan-id [tunl-vlan-id:]pvc-vlan-id] which is prepended to the subscriber identification fields.

To indicate that a text string description of the access link group is to be used as a prefix to the NAS-Port-Id attribute using the description command, specify the format, modified-agent-circuit-id, and prefix-lg-description keywords with the radius attribute nas-port-id command. For more information about the description command, see the Command List.

Standard RADIUS attribute 87, NAS-Port-Id, and vendor-specific attributes (VSAs) 96 provided by Ericsson AB, Agent-Remote-Id, and 97, Agent-Circuit-Id, are described in RADIUS Attributes.

Use the no or default form of this command to reset the format for the NAS-Port-Id attribute to the all format.

Use the default form of this command to specify the default separator. To change the default separator character, specify the separator keyword and character to use as the separator.

1.20.6   Examples

The following example shows how to send the NAS-Port-Id attribute using the physical format in RADIUS Access-Request and Accounting-Request packets for the local context:

[local]Redback(config)#context local

[local]Redback(config-ctx)#radius attribute nas-port-id format physical

1.21   radius attribute nas-port-type

1.21.1   Purpose

Modifies the value for the network access server (NAS)-Port-Type attribute sent in Remote Authentication Dial-In User Service (RADIUS) Access-Request and Accounting-Request packets.

1.21.2   Command Mode

• ATM profile configuration
• dot1q profile configuration
• port configuration

1.21.3   Syntax Description

1.21.4   Default

The Nas-Port-Type attribute is sent in RADIUS Access-Request and Accounting-Request packets. The value is either 0 or 5, depending on how the subscriber is connected to its authenticating NAS.

1.21.5   Usage Guidelines

Use the radius attribute nas-port-type command to modify the value for the NAS-Port-Type attribute sent in RADIUS Access-Request and Accounting-Request packets.

Table 1 lists the definitions of the values for the port-type argument.

Standard RADIUS attribute 61, NAS-Port-Type, is described in RADIUS Attributes.

Use the no or default form of this command to reset the SmartEdge router behavior to the default condition.

1.21.6   Examples

The following example modifies the NAS-Port-Type attribute in RADIUS Access-Request and Accounting-Request packets to type 4 (ISDN):

[local]Redback(config)#context local

[local]Redback(config-atm-profile)#radius attribute nas-port-type 4

1.22   radius attribute vendor-specific

1.22.1   Purpose

Specifies the character the SmartEdge router uses to separate the fields in the specified Remote Authentication Dial-In User Service (RADIUS) attribute, and whether attributes can be encrypted.

1.22.2   Command Mode

• context configuration

1.22.3   Syntax Description

1.22.4   Default

The SmartEdge router uses the hyphen (-) character, and vendor VSAs can be encrypted.

1.22.5   Usage Guidelines

Use the radius attribute vendor-specific command to specify the character the SmartEdge router uses to separate the fields in the specified RADIUS attribute, and whether attributes can be encrypted.

Use the no or default form of this command to specify the default character as the separator.

1.22.6   Examples

The following example specifies the colon (:) as the separator character:

[local]Redback(config)#context local

[local]Redback(config-ctx)#radius attribute vendor-specific Redback mac-address separator :

1.23   radius await-acct-on-ack

1.23.1   Purpose

In global configuration mode, enables the SmartEdge router to wait to receive an acknowledgement of the receipt of the Accounting-On message that it sent to the Remote Authentication Dial-In User Service (RADIUS) accounting servers after the router reboots. The router waits for the acknowledgement message (ACK message) before it begins to send authentication and accounting requests to the RADIUS servers.

1.23.2   Command Mode

• global configuration

1.23.3   Syntax Description

This command has no keywords or arguments.

1.23.4   Default

By default, after the SEOS router reboots, an Accounting-On message is sent to the RADIUS servers. However, the router does not wait for an acknowledgement of the receipt of this message from the servers before sending the authentication and accounting requests to the RADIUS servers.

1.23.5   Usage Guidelines

Use the radius await-acct-on-ack command in global configuration mode to enable the SmartEdge router to wait to receive an acknowledgement of the receipt of the Accounting-On message that it sent to the RADIUS accounting servers after the router reboots. This command ensures that the router waits for an ACK message before it begins to send authentication and accounting requests to the servers.

If the SmartEdge router has not yet received an ACK message from the RADIUS server within 10 seconds of sending the Accounting-On message, the router checks again. If after 30 retries, and still no ACK message is received, the router sends authentication and accounting requests to the RADIUS servers. The interval time between retries is 10 seconds. The maximum time the router waits for a response from a RADIUS server before assuming that a packet is lost, or that the RADIUS server is unreachable is 5 minutes.

If more than one RADIUS accounting server is configured, and the router receives an ACK message from any one of the servers, the router considers this message as an acknowledgement of the receipt of the Accounting-On message. If “two-stage accounting” is configured, an ACK message from the global accounting server (configured in context local) is the one that is counted as the acknowledgement of the receipt of the Accounting-On message.

Note:  

The radius await-acct-on-ack command does not take effect, if local authentication with RADIUS accounting is configured.

Use the no or default form of this command to return the SmartEdge router to its default setting of not waiting to receive an acknowledgement of receipt of the Accounting-On message from the RADIUS servers before the router sends authentication and accounting requests to the servers.

1.23.6   Examples

The following example shows how to configure the radius await-acct-on-ack command:

[local]Redback(config)#radius await-acct-on-ack

[local]Redback(config)#

1.24   radius coa server

1.24.1   Purpose

Configures the IP address or hostname of a Remote Authentication Dial-In User Service (RADIUS) Change of Authorization (CoA) server.

1.24.2   Command Mode

context configuration

1.24.3   Syntax Description

1.24.4   Default

RADIUS CoA server hostnames and IP addresses are not preconfigured. Port 3799 is the User Datagram Protocol (UDP) CoA port.

1.24.5   Usage Guidelines

Use the radius coa server command to configure the IP address or hostname of a RADIUS CoA server. You can use this command multiple times to configure up to five RADIUS CoA servers per context. RADIUS CoA servers configured in a non-local context can change session settings only for subscribers in the same context. CoA servers configured in the local context can change settings for all subscribers.

To use the hostname argument, DNS must be enabled; for more information, see Configuring Channels and Clear-Channel and Channelized Ports.

Note:  

To enable authentication to be performed by RADIUS, you must also enter the aaa authentication subscriber command (in context configuration mode); for more information, see Configuring Bridging.

The RADIUS CoA server can use one or more of the identifiers listed in Table 2 to identify a subscriber session.

For CoA disconnect messages, specify at least one keyword in Table 2. For all other CoA messages, specify at least one keyword in Table 2, as well as one or more attributes to change. If multiple keywords are specified, all specified keywords must match subscriber session attributes.

RADIUS Attributes lists the RADIUS attributes supported by the SmartEdge router. In addition, CoA messages can also contain the RADIUS lawful intercept (LI) attributes. If a CoA message contains any unsupported attributes, the request fails. RADIUS CoA and disconnect features are described in RFC 3576, Dynamic Authorization Extensions to Remote Authentication Dial-In User Service (RADIUS).

If the specified keyword matches multiple subscriber sessions, and the requested change is successful for only a subset of the sessions, all successful changes are preserved. The SmartEdge router sends a negative acknowledgement (NAK).

When an attempt to modify an LI attribute fails, the subscriber session is preserved. When an attempt to modify any other attribute fails, the subscriber session is terminated.

Use the no form of this command to delete a previously configured RADIUS CoA server.

1.24.6   Examples

The following example configures a RADIUS CoA server IP address of 10.3.3.3 with the key, secret, using port 4444 for CoA messages:

[local]Redback(config-ctx)#radius coa server 10.3.3.3 key secret port 4444 

1.25   radius deadtime

1.25.1   Purpose

Sets the interval during which the SmartEdge router treats a nonresponsive Remote Authentication Dial-In User Service (RADIUS) server as “dead.”

1.25.2   Command Mode

context configuration

1.25.3   Syntax Description

1.25.4   Default

The waiting interval is five minutes.

1.25.5   Usage Guidelines

Use the radius deadtime command to set the interval during which the SmartEdge router treats a nonresponsive RADIUS server as “dead.” During the interval, the SmartEdge router tries to reach another RADIUS server; after the interval expires, the SmartEdge router tries again to reach the server. If there is no response, the RADIUS server remains marked as “dead” and the timer is set again to the configured interval.

If you disable this feature (with the 0 value), the SmartEdge router never waits but attempts to reach the server immediately.

Note:  

You must configure at least one RADIUS server using the radius server command (in context configuration mode) prior to entering this command.

Use the default form of this command to specify the default interval.

1.25.6   Examples

The following example sets the deadtime interval to 10 minutes:

[local]Redback(config-ctx)#radius deadtime 10

1.26   radius max-outstanding

1.26.1   Purpose

Modifies the number of simultaneous outstanding requests that can be sent by the SmartEdge router to Remote Authentication Dial-In User Service (RADIUS) servers.

1.26.2   Command Mode

context configuration

1.26.3   Syntax Description

1.26.4   Default

The maximum number of allowable outstanding requests is 256.

1.26.5   Usage Guidelines

Use the radius max-outstanding command to modify the number of simultaneous outstanding requests the SmartEdge router can send to RADIUS servers.

Use the no or default form of this command to reset the maximum number of outstanding requests to 256.

1.26.6   Examples

The following example limits the number of simultaneous outstanding requests to 128:

[local]Redback(config-ctx)#radius max-outstanding 128

1.27   radius max-retries

1.27.1   Purpose

Modifies the number of retransmission attempts the SmartEdge router makes to a Remote Authentication Dial-In User Service (RADIUS) server in the event that no response is received from the server within the timeout period.

1.27.2   Command Mode

context configuration

1.27.3   Syntax Description

1.27.4   Default

The SmartEdge router makes three retransmission attempts.

1.27.5   Usage Guidelines

Use the radius max-retries command to modify the number of retransmission attempts the SmartEdge router makes to a RADIUS server in the event that no response is received from the server within the timeout period.

You set the timeout period with the radius timeout command (in context configuration mode).

If an acknowledgment is not received, each successive server is tried (wrapping from the last server to the first, if necessary) until the maximum number of retransmissions is reached.

Use the default form of this command to specify the default number of retries.

1.27.6   Examples

The following example sets the retransmit value to 5:

[local]Redback(config-ctx)#radius max-retries 5

The following example resets the retransmit value to the default (3):

[local]Redback(config-ctx)#default radius max-retries

1.28   radius policy

1.28.1   Purpose

In global configuration mode, creates or modifies a Remote Authentication Dial-In User Service (RADIUS) policy and accesses RADIUS policy configuration mode; in context configuration mode, assigns a RADIUS policy to the context.

1.28.2   Command Mode

• context configuration
• global configuration

1.28.3   Syntax Description

1.28.4   Default

No RADIUS policy is created or assigned to a context.

1.28.5   Usage Guidelines

Use the radius policy command in global configuration mode to create or modify a RADIUS policy and access RADIUS policy configuration mode; use it in context configuration mode to assign a RADIUS policy to the context.

The RADIUS policy specifies which RADIUS attributes and vendor-specific attributes (VSAs) are to be removed from RADIUS Access-Request and various Accounting-Request messages, such as Accounting-Start, Accounting-Stop, and Accounting-Update. Use the attribute command (in RADIUS policy configuration mode) to specify the attributes to be removed from the messages.

Use the no form of this command in global configuration mode to delete the policy; use it in context configuration mode to remove the policy from the context configuration.

1.28.6   Examples

The following example creates the custom RADIUS policy:

[local]Redback(config)#radius policy name custom

[local]Redback(config-rad-policy)#

The following example assigns the custom RADIUS policy to the gold-isp context:

[local]Redback(config)#context gold-isp

[local]Redback(config-ctx)#radius policy custom

1.29   radius server

1.29.1   Purpose

Configures the IP address or hostname of a Remote Authentication Dial-In User Service (RADIUS) server.

1.29.2   Command Mode

context configuration

1.29.3   Syntax Description

1.29.4   Default

RADIUS server hostnames and IP addresses are not preconfigured. 1812 is the UDP authentication port.

1.29.5   Usage Guidelines

Use the radius server command to configure the IP address or hostname of a RADIUS server. You can use this command multiple times to configure up to five RADIUS servers per context.

To use the hostname argument, DNS must be enabled; for more information, see Configuring Channels and Clear-Channel and Channelized Ports.

Note:  

To enable authentication to be performed by RADIUS, you must also enter the aaa authentication subscriber command (in context configuration mode); for more information, see Configuring Bridging.

If you specify the optional CoA-server keyword, the same port that is used for authentication is also used for CoA messages.

The RADIUS CoA server can use one or more of the keywords listed in Table 2 to identify a subscriber session. For information on CoA interactions, see the radius coa server command.

Use the no form of this command to delete a previously configured RADIUS server.

1.29.6   Examples

The following example configures a RADIUS server with an IP address of 10.3.3.3 with the key, secret, using ports 4444 for authentication:

[local]Redback(config-ctx)#radius server 10.3.3.3 key secret port 4444 

1.30   radius server-timeout

1.30.1   Purpose

Sets the time interval the SmartEdge router waits before marking a non-responsive Remote Authentication Dial-In User Service (RADIUS) server as “dead.”

1.30.2   Command Mode

context configuration

1.30.3   Syntax Description

1.30.4   Default

The maximum time interval is 60 seconds.

1.30.5   Usage Guidelines

Use the radius server-timeout command to set the time interval the SmartEdge router waits before marking a non-responsive RADIUS accounting server as “dead.”

The SmartEdge router marks a RADIUS server as “dead” when no response is received to any RADIUS requests during the time period specified by the interval argument. Setting the value to 0 disables this feature; in this case, no RADIUS server is marked as “dead.”

Use the default form of this command to specify the default interval.

1.30.6   Examples

The following example sets the waiting interval to 80 seconds:

[local]Redback(config-ctx)#radius server-timeout 80

1.31   radius service profile

1.31.1   Purpose

Creates or selects a Remote Authentication Dial-In User Service (RADIUS)-guided service profile and accesses service profile configuration mode.

1.31.2   Command Mode

• context configuration

1.31.3   Syntax Description

1.31.4   Default

No RADIUS-guided service profiles exist.

1.31.5   Usage Guidelines

Use the radius service profile command to create or select a RADIUS-guided service profile and access service profile configuration mode.

A RADIUS service profile specifies various service conditions and is used to activate services and establish service conditions for that subscriber session. It is these service conditions against which the service data in a CoA Request and Access Response message is matched. You can specify as many as 16 conditions in a service profile.

Use the no form of this command to delete the RADIUS-guided service profile from the configuration.

1.31.6   Examples

The following example creates the redirect service profile in the local context and accesses service profile configuration mode:

[local]Redback(config)#context local

[local]Redback(config-ctx)#radius service profile redirect

[local]Redback(config-svc-profile)#

1.32   radius source-port

1.32.1   Purpose

In context configuration mode, enables the SmartEdge router to ignore the source port sent by the Remote Authentication Dial-In User Service (RADIUS) server in Access-Response messages. In global configuration mode, increases the number of outstanding requests for each RADIUS server by sending requests using a different source port value.

1.32.2   Command Mode

• context configuration
• global configuration

1.32.3   Syntax Description

1.32.4   Default

This feature is disabled.

1.32.5   Usage Guidelines

In context configuration mode, use the radius source-port command to enable the SmartEdge router to ignore the source port sent by the RADIUS server in Access-Response messages. In this configuration mode, this command refers to the source port that the RADIUS server uses when sending a RADIUS Access-Response message to the SmartEdge router.

In global configuration mode, use the radius source-port command to increase the number of outstanding requests for each RADIUS server by sending requests using a different source port value. In this configuration mode, this command refers to the source port that the SmartEdge router uses when sending a RADIUS Access-Request message to a RADIUS server.

Use the no form of this command to return to the default number of outstanding requests.

1.32.6   Examples

The following example configures a port number of 2000 and sets the number of ports to 5:

[local]Redback(config)#radius source-port 2000 5

1.33   radius strip-domain

1.33.1   Purpose

Strips the domain portion of a structured username before relaying an authentication request to a Remote Authentication Dial-In User Service (RADIUS) server.

1.33.2   Command Mode

context configuration

1.33.3   Syntax Description

This command has no keywords or arguments.

1.33.4   Default

The entire username, including the domain name, is sent to the RADIUS server.

1.33.5   Usage Guidelines

Use the radius strip-domain command to strip the domain portion of a structured username before relaying an authentication request to a RADIUS server. The username can be either a subscriber name or administrator name.

Use the no form of this command to disable stripping the domain portion of the structured username.

1.33.6   Examples

The following example prevents the domain portion of the structured username from being sent to the RADIUS server for authentication:

[local]Redback(config-ctx)#radius strip-domain

1.34   radius timeout

1.34.1   Purpose

Sets the maximum time the SmartEdge router waits for a response from a Remote Authentication Dial-In User Service (RADIUS) server before assuming that a packet is lost, or that the RADIUS server is unreachable.

1.34.2   Command Mode

context configuration

1.34.3   Syntax Description

1.34.4   Default

The maximum time is 10 seconds.

1.34.5   Usage Guidelines

Use the radius timeout command to set the maximum time the SmartEdge router waits for a response from a RADIUS server before assuming that a packet is lost, or that the RADIUS server is unreachable.

Use the default form of this command to specify the default interval.

1.34.6   Examples

The following example sets the timeout interval to 30 seconds:

[local]Redback(config-ctx)#radius timeout 30

1.35   range

1.35.1   Purpose

Summarizes interarea routes advertised by an area border router (ABR).

1.35.2   Command Mode

• OSPF area configuration
• OSPF3 area configuration

1.35.3   Syntax Description

1.35.4   Default

Route address ranges for interarea route summarization are not specified.

1.35.5   Usage Guidelines

Use the range command to summarize interarea routes advertised by an ABR.

Use the optional not-advertise keyword to prevent the specified route from being advertised in route summarizations.

Use the no form of this command to disable route summarization for a particular summary range. All individual routes contained in the summary range will be advertised to other areas.

1.35.6   Examples

The following example advertises routes that fall into the range 10.1.0.0 255.255.0.0 in interarea route summaries (one each of the other areas):

[local]Redback(config-ospf-area)#range 10.1.0.0 255.255.0.0 

1.36   range (DHCP)

1.36.1   Purpose

Assigns a range of IP addresses to this Dynamic Host Configuration Protocol (DHCP) subnet.

1.36.2   Command Mode

• DHCP subnet configuration

1.36.3   Syntax Description

1.36.4   Default

No range of IP addresses is assigned to any subnet.

1.36.5   Usage Guidelines

Use the range command to assign a range of IP addresses to this DHCP subnet.

The values of the start-ip-addr and end-ip-addr arguments must be within the subnet of IP addresses that you have assigned to this subnet using the subnet command (in DHCP server configuration mode).

Use the optional threshold keyword to enable the monitoring and reporting of available leases at the range level and specify rising and falling values that can trigger an SNMP trap and log message.

You can enter either or both of the falling min-threshold and rising max-threshold constructs in any order. You can enter either or both of the trap and log keywords in any order for either construct.

Use the no form of this command to delete the range from the subnet configuration.

1.36.6   Examples

The following example assigns a range of IP addresses to the sub2 subnet; it also enables the monitoring and reporting of available leases for this subnet and triggers an SNMP trap when the number of available leases is decreasing and reaches 100:

[local]Redback(config)#context dhcp

[local]Redback(config-ctx)#dhcp server policy

[local]Redback(config-dhcp-server)#subnet 13.1.1.1/24 name sub2

[local]Redback(config-dhcp-subnet)#range 13.1.1.50 13.1.1.100 threshold falling 100 trap

1.37   rate

1.37.1   Purpose

Sets the rate, burst tolerance, and excess burst tolerance for traffic on the circuit, or port, or subscriber record to which the quality of service (QoS) policy is attached, or for a policy group, policy access control list (ACL), or class-definition class of traffic for that policy.

1.37.2   Command Mode

• metering policy configuration
• policy group class configuration
• policing policy configuration

1.37.3   Syntax Description

1.37.4   Default

No rate is enforced by default.

1.37.5   Usage Guidelines

Use the rate command to set the rate, burst tolerance, and excess burst for traffic on the port, or circuit, or subscriber record to which the QoS policy is attached, or for a policy ACL class of traffic for that policy. If entered in metering or policing policy configuration mode, this command accesses policy rate configuration mode; if entered in policy group class configuration mode, this command accesses policy class rate configuration mode.

Use the informational keyword to specify that the policy rate will not be used to enforce an overall circuit rate limit, but will be used only to calculate the class rate if you specify the rate for an ACL class as a percentage of the policy rate, using the rate percentage command (in policy group class configuration mode). This keyword is not available in policy group class configuration mode.

Use the excess-burst bytes construct to optionally configure the excess burst tolerance. The burst tolerance and excess burst tolerance are thresholds that can be used to determine the traffic rate at which packets can be dropped or marked. Use the time-burst msec and time-excess-burst msec constructs to specify the burst and excess burst as time intervals.

For more information about dropping or marking packets when the traffic rate exceeds the burst tolerance, but does not exceed the excess burst tolerance, see the exceed commands. For more information about dropping or marking packets when the traffic rate exceeds the excess burst tolerance, see the violate commands.

Use the counters keyword to log statistics related to packets that conform to or exceed the rate. For a circuit with a noninherited metering or policing policy (neither the inherit nor hierarchical keyword is specified), the counters keyword enables statistics collection based on enforcement of this rate at the individual circuit level. For a parent circuit that propagates a metering or policing policy to its children through the inherit or hierarchical keyword, the counters option enables statistics collection based on collective metering or policing policy enforcement at the parent circuit level. In other words, the statistics collected for the parent circuit (where the policy is configured) reflect the totals for enforcement of this rate on this circuit and all of its children that are subject to this policy through inheritance.

Use the hierarchical-counters keyword to log statistics related to packets dropped on circuits subject to this rate due to the policy configured on a parent circuit with the hierarchical keyword specified. The hierarchical-counters keyword enables counters on each child circuit subject to this rate through hierarchical inheritance. These counters record the number of drops on the child circuit due to enforcement of the parent circuit policy rate.

Use the no form of this command to specify the default traffic rate and burst tolerance.

Note:  

The maximum rate set by the qos rate command (in port configuration mode) is the rate at which the port, 802.1Q tunnel, or 802.1Q PVC operates; any priority queuing (PQ), enhanced deficit round-robin (EDRR), or circuit with a PQ or an EDRR policy is limited by the rate specified by that command for the circuit. Also, the sum of all traffic on the port carried by the queues belonging to the circuits or subscribers is limited to the rate specified by that command.

For priority weighted fair queuing (PWFQ) queues with a PWFQ policy, the sum of all priority group rates for a node can oversubscribe the configured global policy rate.

1.37.6   Examples

The following example marks all traffic conforming to the configured policy rate with expedited forwarding (ef) and marks traffic that exceeds the policy rate with default forwarding (df):

[local]Redback(config)#qos policy GE-in policing

[local]Redback(config-policy-policing)#rate 6000000 burst 10000 counters

[local]Redback(config-policy-rate)#conform mark dscp ef

[local]Redback(config-policy-rate)#exceed mark dscp df

By including the counters keyword in the rate command, you can use the show circuit counters command (in any mode) with the detail keyword to display the number of packets that conform to the rate and the number of packets that exceed the rate.

1.38   rate (EDRR/MDRR/PWFQ)

1.38.1   Purpose

Sets the rate and burst tolerance for traffic on the circuit, or port, or subscriber record to which the quality of service (QoS) policy is attached.

1.38.2   Command Mode

• EDRR policy configuration
• MDRR policy configuration
• PWFQ policy configuration

1.38.3   Syntax Description

1.38.4   Default

Rate is calculated based on the default values for the kbps and bytes arguments.

1.38.5   Usage Guidelines

Use the rate command to set the rate and burst tolerance for traffic on the circuit, or port, or subscriber record to which the QoS policy is attached.

For PWFQ policies:

• You must specify the maximum rate for the policy using this command; otherwise, you cannot attach the policy to any traffic-managed port, or any of the 802.1Q tunnels, or permanent virtual circuits (PVCs) configured on it.
• You cannot specify a minimum rate if you intend to specify a relative weight for this policy, using the weight command (in PWFQ policy configuration mode) and attach the policy to any traffic-managed port, or any of the 802.1Q tunnels, or PVCs configured on it.
• The maximum and minimum rates, if both are specified, are compared to ensure that the minimum value is always less than the maximum value.

  Note:  

  The maximum rate set by the qos rate command (in port configuration mode) is the rate at which the port, 802.1Q tunnel, or 802.1Q PVC operates; any priority queuing (PQ), EDRR, MDRR, or PWFQ queue or circuit with a PQ, an EDRR, an MDRR, or a PWFQ policy is limited by the rate specified by that command for the circuit. Also, the sum of all traffic on the port carried by the queues belonging to the circuits or subscribers is limited to the rate specified by that command.

  
  

Use the no form of this command to return to the default traffic rate or burst tolerance.

1.38.6   Examples

The following example marks all traffic conforming to the configured policy rate with expedited forwarding (ef) and marks traffic that exceeds the policy rate with default forwarding (df):

[local]Redback(config)#qos policy GE-in pwfq

[local]Redback(config-policy-pwfq)#rate 6000000 

[local]Redback(config-policy-rate)#conform mark dscp ef

[local]Redback(config-policy-rate)#exceed mark dscp df

1.39   rate-adjust dhcp pwfq

1.39.1   Purpose

Adjusts the enforcement of a priority weighted fair queuing (PWFQ) policy on a circuit based on whether the subscriber is granted a Dynamic Host Configuration Protocol (DHCP) lease.

1.39.2   Command Mode

subscriber configuration

1.39.3   Syntax Description

1.39.4   Default

No DHCP-based rate adjustments are applied to the subscriber.

1.39.5   Usage Guidelines

Use the rate-adjust dhcp pwfq command to adjust how a PWFQ policy is enforced on a circuit based on whether the subscriber is granted a DHCP lease. When a lease request is granted to a device on a circuit that has this attribute applied, the enforced bandwidth for the specified priority group rate is decremented by the specified amount in (kilobits per second) kbps. If there is no priority group rate configured for the policy, the rate is less than the minimal enforceable value (64 kbps), or the rate adjustment is not applied to the subscriber.

Once applied, the rate adjustment persists until the DHCP lease is released or expires. At this time, the rate enforced is restored to its full configured value.

This command might be useful for an IPTV in which Remote Multicast Replication (RMR) is being used. When a set-top box (STB) configured as a static subscriber on an 802.1q VLAN comes online and requests an IP address, the PWFQ policy enforced on the VLAN can be adjusted to account for the multicast bandwidth required for IPTV traffic.

Note:  

To use this command, you must have a quality of service (QoS) PWFQ policy bound to the subscriber session circuit. The policy must include an absolute rate value configured for the specified priority group. You cannot use percentage to specify the rate. For information about the qos policy pwfq and queue priority-group commands, see Configuring Scheduling.

Use the no form to remove currently configured DHCP rate adjustment commands and return the subscriber record to the default state (no rate adjustments will be made in response to DHCP lease events).

1.39.6   Examples

The following example shows how to adjust a PWFQ policy for subscriber stb1:

[local]Redback(config)#context local

[local]Redback(config-ctx)#subscriber name stb1

[local]Redback(config-sub)#password pass

[local]Redback(config-sub)#dhcp max-addr 1

[local]Redback(config-sub)#rate-adjust dhcp pwfq 3000 priority-group 3

1.40   rate-calculation

1.40.1   Purpose

Specifies that rate calculation is to exclude the size of Layer 2 overhead for the Layer 3 circuit on which a policy is applied.

1.40.2   Command Mode

• metering policy configuration
• policing policy configuration

1.40.3   Syntax Description

1.40.4   Default

Rate calculations consider the size of the entire Layer 2 frame.

1.40.5   Usage Guidelines

Use the rate-calculation command to specify that rate calculation excludes the size of Layer 2 overhead for Layer 3 circuits on which a rate-limiting policy is applied. In this case, the size of the rate-limited packet equals the size of the Layer 3 packet.

The rate-calculation command is global across the entire policy, implying that it applies to the overall circuit level and all classes under the policy.

Use the no form of this command to return to the default behavior.

1.41   rate circuit

1.41.1   Purpose

Specifies a different rate for a circuit that has a quality of service (QoS) metering, policing, or priority weighted fair queuing (PWFQ) policy attached to it.

1.41.2   Command Mode

• ATM DS-3 configuration
• ATM OC configuration
• ATM PVC configuration
• dot1q PVC configuration
• CLIPS PVC configuration
• DS-0 group configuration
• DS-1 configuration
• DS-3 configuration
• E1 configuration
• E3 configuration
• Frame Relay PVC configuration
• link group configuration
• port configuration

1.41.3   Syntax Description

1.41.4   Default

The circuit rate is based on the policy rate as specified by the attached QoS policy.

1.41.5   Usage Guidelines

Use the rate circuit command to specify a different rate for a circuit that has a QoS metering, policing, or PWFQ policy attached to it. The rate that you specify for the circuit overrides the rates specified by the attached metering, policing, and PWFQ policies.

This command allows you to attach the same policy to a number of circuits, but specify a different rate for each circuit.

This command is not supported for dynamic 802.1Q permanent virtual circuits (PVCs).

Note:  

Configuring the rate circuit command on an ATM port has no effect. In order to limit ATM traffic, configure this command on ATM PVCs.

Note:  

The application of a different rate in either direction occurs only while you have attached the appropriate QoS policy to the circuit.

Use the no form of this command to specify the default condition.

1.41.6   Examples

The following example changes the rate for port 1 to 2,000 kbps:

[local]Redback(config)#port ethernet 4/1

[local]Redback(config-port)#qos policy metering example2

[local]Redback(config-port)#rate circuit out 2000

1.42   rate-factor

1.42.1   Purpose

Defines the percentage of bandwidth for a specific access-line type that is unavailable to traffic on the circuit, or port, or subscriber record to which the quality of service (QoS) policy is attached.

1.42.2   Command Mode

• overhead profile configuration
• overhead type configuration

1.42.3   Syntax Description

1.42.4   Default

Overhead on the access line is 0%, which allows full bandwidth usage.

1.42.5   Usage Guidelines

Use the rate-factor command to define the percentage of bandwidth for a specific access-line type that is unavailable to traffic on the circuit, or port, or subscriber record to which the QoS policy is attached.

Use the no form of this command to remove the percentage from the access-line configuration.

Note:  

The maximum rate set by the qos rate command (in port configuration mode) is the rate at which the port, 802.1Q tunnel, or 802.1Q permanent virtual circuit (PVC) operates; any priority queuing (PQ), enhanced deficit round-robin (EDRR), or priority weighted fair queuing (PWFQ) queue or circuit with a PQ, an EDRR, or a PWFQ policy is limited by the rate specified by that command for the circuit. Also, the sum of all traffic on the port carried by the queues belonging to the circuits or subscribers is limited to the rate specified by that command.

1.42.6   Examples

The following example configures an overhead profile for example1, and sets the default rate factor to 15, a reserve value to 8, and the encapsulation type to pppoa-llc. After you set the overhead profile with default values, you configure adsl1 and vdsl1 with custom encapsulation and reserve values with a rate factor of 20%:

[local]Redback(config)#qos profile example1 overhead

[local]Redback(config-profile-overhead)#rate-factor 15

[local]Redback(config-profile-overhead)#encaps-access-line pppoa-llc

[local]Redback(config-profile-overhead)#reserved 8

[local]Redback(config-profile-overhead)#type adsl1

[local]Redback(config-type-overhead)#rate-factor 20

1.43   rate-limit ccod

1.43.1   Purpose

Enables rate limiting and specifies the rate and burst limits for Point-to-Point Protocol (PPP) over Ethernet over Asynchronous Transfer Mode (PPPoEoA) Active Discovery Initiation (PADI) packets and PPP over Asynchronous Transfer Mode (PPPoA) Configure-Request packets that arrive at the SmartEdge router over circuit creation on demand (CCOD) Asynchronous Transfer Mode (ATM) permanent virtual circuits (PVCs).

1.43.2   Command Mode

card configuration

1.43.3   Syntax Description

1.43.4   Default

Rate limiting for PPPoEoA PADI packets and PPPoA Configure-Request packets is enabled using the default burst and rate values.

1.43.5   Usage Guidelines

Use the rate-limit ccod command to enable rate limiting and specify the rate and burst limits for PPPoEoA PADI packets and PPPoA Configure-Request packets that arrive at the SmartEdge router on on-demand ATM PVCs. By specifying the rate and burst limit values, you can establish finer control over the rate of these kinds of subscriber sessions. For example, applying card-level rate-limiting can improve the bringup rate for PPPoA and PPPoEoA subscribers when many subscribers attempt to connect simultaneously.

Use the show rate-limit card command (in any mode) to display the current configuration of rate limiting; see the Command List.

Note:  

The rate limit and burst limit values cannot be configured independently.

Use the default form of this command to enable rate limiting with the default rate and burst limits.

Use the no form of this command to disable rate limiting.

1.43.6   Examples

The following example shows how to configure the rate limit of PPPoEoA PADI packets and PPPoA Configure-Request packets to 500 and the burst limit to 999:

[local]Redback(config-card)#rate-limit ccod 500 burst 999

1.44   rate-limit circuit dhcp

1.44.1   Purpose

Limits the number of Dynamic Host Configuration Protocol (DHCP) packets that the system accepts in an interval for each MAC address or each unique combination of MAC address and DHCP relay server address on a circuit.

1.44.2   Command Mode

• global configuration

1.44.3   Syntax Description

1.44.4   Default

The SmartEdge router does not limit the number of DHCP packets that it accepts on a circuit.

1.44.5   Usage Guidelines

Use the rate-limit circuit dhcp command to limit the number of DHCP packets that the system accepts in an interval for each MAC address or each unique combination of MAC address and DHCP relay server address on a circuit.

The operating system does not distinguish between DHCP Discover, Request, Release, NAK, or Inform messages when it limits the number DHCP packets on a circuit.

The rate-limit circuit dhcp command is supported on access link groups.

Use the no form of this command to specify the default condition.

1.44.6   Examples

The following example shows how to accept 155 DHCP messages for the unique combination of the MAC address and DHCP relay server address in every 3-second interval. If more than 155 DHCP packets are received during the interval, all DHCP packets are dropped for 4 seconds starting at the time when the limit was exceeded. For example, if the 156th packet is received at 2 seconds into the 3-second interval, then the count for the drop interval starts at 2 seconds and stops at 6 seconds. Following that, 155 DHCP packets are allowed for the unique combination of the MAC address and DHCP relay server address for the next 3-second interval:

[local]Redback(config)#rate-limit circuit dhcp 155 interval 3 drop-interval 4 per-mac-and-relay

1.45   rate-limit dhcp

1.45.1   Purpose

Enables rate limiting and specifies the rate and burst limits for Dynamic Host Configuration Protocol (DHCP) packets that arrive at the SmartEdge router.

1.45.2   Command Mode

card configuration

1.45.3   Syntax Description

1.45.4   Default

Rate limiting for packets is enabled using the default rate and burst values.

1.45.5   Usage Guidelines

Use the rate-limit command to enable rate limiting and specify the rate and burst limits for DHCP packets that arrive at the SmartEdge router. By specifying the rate and burst limit values, you can establish finer control over the rate of these kinds of subscriber sessions.

Use the show rate-limit card command (in any mode) to display the current configuration of rate limiting. This command is described in the Command List.

Note:  

You cannot configure the rate limit and burst limit values independently.

Table 3 shows the traffic cards supported for the rate-limit dhcp command.

(1)  The ATM DS-3 traffic card is not supported on the SmartEdge 800s chassis.

Use the no form of this command to disable rate limiting.

Use the default form of this command to set the rate and burst limits to default values.

1.45.6   Examples

The following example configures the rate limit for DHCP packets to 500 and the burst limit to 999:

[local]Redback(config-card)#rate-limit dhcp 500 burst 999

1.46   rate-limit padi

1.46.1   Purpose

Enables rate limiting and specifies the rate and burst limits for Point-to-Point Protocol over Ethernet (PPPoE) Active Discovery Initiation (PADI) packets that arrive at the SmartEdge router.

1.46.2   Command Mode

card configuration

1.46.3   Syntax Description

1.46.4   Default

Rate limiting for PADI packets is enabled using the default burst and rate values.

1.46.5   Usage Guidelines

Use the rate-limit padi command to enable rate limiting and specify the rate and burst limits for PADI packets that arrive at the SmartEdge router. By specifying the rate and burst limit values, you can establish finer control over the rate of these kinds of subscriber sessions.

If both PADI and PPP LCP Configure-Request rate limiting are enabled on the same card, the first protocol to be processed is rate limited. For example, if a PADI packet arrives on a PPPoEoA circuit, the PADI packet is rate limited first; if the PADI packet is allowed to pass through, no further rate limiting is applied. If the circuit has PPPoA encapsulation, only the first LCP Configure-Request packet is rate limited.

Use the show rate-limit card command (in any mode) to display the current configuration of rate limiting. The show rate-limit card command is described in the Command List.

Note:  

The rate limit and burst limit values cannot be configured independently.

Use the no form of this command to disable rate limiting.

Use the default form of this command to enable rate limiting with the default rate and burst limits.

1.46.6   Examples

The following example shows how to configure the rate limit of PADI packets to 500 and the burst limit to 999:

[local]Redback(config-card)#rate-limit padi 500 burst 999

1.47   rate-limit ppp-lcp-confreq

1.47.1   Purpose

Enables rate limiting and specifies the rate and burst limits for Point-to-Point (PPP) Link Control Protocol (LCP) Configure-Request packets that arrive at the SmartEdge router on static Asynchronous Transfer Mode (ATM) permanent virtual circuits (PVCs).

1.47.2   Command Mode

card configuration

1.47.3   Syntax Description

1.47.4   Default

Rate limiting for PPP LCP Configure-Request packets is enabled using the default burst and rate values.

1.47.5   Usage Guidelines

Use the rate-limit ppp-lcp-confreq command to enable rate limiting and specify the rate and burst limits for PPP LCP Configure-Request packets that arrive at the SmartEdge router on static ATM PVCs. By specifying the rate and burst limit values, you can establish finer control over the rate of these kinds of subscriber sessions. For example, applying card-level rate-limiting can improve the bringup rate for PPP over ATM (PPPoA) and PPP over Ethernet over ATM (PPPoEoA) subscribers when many subscribers attempt to connect simultaneously.

If both PADI and PPP LCP Configure-Request rate limiting are enabled on the same card, the first protocol to be processed is rate limited. For example, if a PADI packet arrives on a PPPoEoA circuit, the PADI packet is rate limited first; if the PADI packet is allowed to pass through, no further rate limiting is applied. If the circuit has PPPoA encapsulation, only the first LCP Configure-Request packet is rate limited.

Use the show rate-limit card command (in any mode) to display the current configuration of rate limiting. The show rate-limit card command is described in the Command List.

Note:  

The rate limit and burst limit values cannot be configured independently.

Use the no form of this command to disable rate limiting.

Use the default form of this command to enable rate limiting with the default rate and burst limits.

1.47.6   Examples

The following example shows how to configure the rate limit of PPP LCP Configure-Request packets to 500 and the burst limit to 999:

[local]Redback(config-card)#rate-limit ppp-lcp-confreq 500 burst 999

1.48   rate percentage

1.48.1   Purpose

Assigns a percentage of the overall policy rate to this class of traffic on the circuit, or port, or subscriber record to which the quality of service (QoS) policy is attached and accesses policy class rate configuration mode.

1.48.2   Command Mode

• policy group class configuration
• PWFQ policy configuration

1.48.3   Syntax Description

1.48.4   Default

No rate percentage is specified for this class.

1.48.5   Usage Guidelines

Use the rate percentage command to assign a percentage (a relative class rate) of the overall policy rate to this class of traffic on the circuit, or port, or subscriber record to which the QoS policy is attached, and access policy class rate configuration mode. The percentage applies to the policy rate, burst, and excess burst values.

Use the no form of this command to remove the rate percentage from this class configuration.

Note:  

The maximum rate set by the qos rate command (in port configuration mode) is the rate at which the port, 802.1Q tunnel, or 802.1Q PVC operates; any priority queuing (PQ), enhanced deficit round-robin (EDRR), or circuit with a PQ or an EDRR policy is limited by the rate specified by that command for the circuit. Also, the sum of all traffic on the port carried by the queues belonging to the circuits or subscribers is limited to the rate specified by that command.

For priority weighted fair queuing (PWFQ) queues with a PWFQ policy, the sum of all priority group rates for a node can oversubscribe the configured global policy rate.

1.48.6   Examples

The following example assigns 25% of the policy rate to the realtime class:

[local]Redback(config)#qos policy rate-incoming policing

[local]Redback(config-policy-policing)#rate informational 6000000 burst 10000 counters

[local]Redback(config-policy-policing)#access-group Class local

[local]Redback(config-policy-policy-acl)#class realtime

[local]Redback(config-policy-policy-acl-class)#rate percentage 25

By including the counters keyword in the rate percentage command, you can use the show circuit counters command (in any mode) with the detail keyword to display the number of packets that conform to the rate percentage and the number of packets that exceed that rate percentage.

1.49   rbak-term-ec

1.49.1   Purpose

Remaps a Redback account (session) termination error code to a different Remote Authentication Dial-In User Service (RADIUS) attribute 49 (Acct-Terminate-Cause) error code.

1.49.2   Command Mode

terminate error cause configuration

1.49.3   Syntax Description

1.49.4   Default

No Redback account termination error codes are remapped.

1.49.5   Usage Guidelines

Use the rbak-term-ec command to remap a Redback account (session) termination error code to a different RADIUS attribute 49 (Acct-Terminate-Cause) error code. RADIUS Attributes lists the default mapping of Redback account termination error codes to RADIUS attribute 49 (Acct-Terminate-Cause) error codes. RADIUS attribute 49 error codes and their definitions are included in RFC 2866, RADIUS Accounting.

Use the no form of this command to specify the default RADIUS attribute 49 error code for the specified Redback account termination error code.

1.49.6   Examples

The following example remaps Redback account termination code 24 (Authentication failed) from its default RADIUS attribute 49 error code 17 (User error), to the RADIUS attribute 49 error code 2 (network access server [NAS] error).

[local]Redback(config)#radius attribute acct-terminate-cause remap

[local]Redback(config-term-ec)#rbak-term-ec 24 ieft-attr-49 2

1.50   reachable-time

1.50.1   Purpose

Specifies the value for the Reachable Time field in Router Advertisement (RA) messages.

1.50.2   Command Mode

• ND router configuration
• ND router interface configuration

1.50.3   Syntax Description

1.50.4   Default

The duration is unspecified in any RA messages.

1.50.5   Usage Guidelines

Use the reachable-time command to specify the value for the Reachable Time field in RA messages. This value is the time this Neighbor Discovery (ND) router or ND router interface assumes that a neighbor is reachable. In ND router configuration mode, this command specifies the global value for all interfaces; in ND router interface mode, it specifies the value for this ND router interface. If specified, the parameters for an interface override the global parameters.

Use the no or default form of this command to specify the default duration.

1.50.6   Examples

The following example specifies a reachable time of 1800 milliseconds for all interfaces for the ND router:

[local]Redback(config)#context local

[local]Redback(config-ctx)#router nd

[local]Redback(config-nd-if)#reachable-time 1800

The following example specifies a reachable time of 3600 milliseconds for the int1 ND router interface:

[local]Redback(config)#context local

[local]Redback(config-ctx)#router nd

[local]Redback(config-nd)#interface int1

[local]Redback(config-nd-if)#reachable-time 3600

1.51   reauthorize

1.51.1   Purpose

Modifies subscriber attributes in real time during an active session, using Remote Authentication Dial-In User Service (RADIUS) authentication.

1.51.2   Command Mode

exec (10)

1.51.3   Syntax Description

1.51.4   Default

None

1.51.5   Usage Guidelines

Use the reauthorize command to modify subscriber attributes in real time during an active session. Reauthorization does not require Point-to-Point Protocol (PPP) renegotiation and does not interrupt or drop the session.

Note:  

Before entering this command, you must first enable subscriber reauthorization with the aaa reauthorization bulk command (in context configuration mode).

Note:  

The SmartEdge router appends the context name to the subscriber name when sending reauthorization messages; for example, joe@local.

Note:  

This command and the policy-refresh command (in exec mode) each perform the same function. However, the policy-refresh command uses the command-line interface (CLI) to perform the update instead of the RADIUS authentication process.

Table 4 lists the standard RADIUS attributes that are reauthorized when you enter this command.

Table 5 lists the vendor-specific attributes (VSAs) provided by Ericsson AB that are reauthorized when you enter this command.

For details about these attributes, see RADIUS Attributes.

Note:  

You must configure at least one RADIUS server in the current context before any messages can be sent to it. To configure the server, use the radius server command (in context configuration mode); for more information, see Configuring RADIUS.

Note:  

To enable RADIUS authentication, you must use the aaa authentication subscriber command (in context configuration mode).

1.51.6   Examples

The following example displays a subscriber record on a RADIUS server. The subscriber has requested a new service that is translated to a particular session timeout value:

#reauth of absolute timeout

reauth-501@ABC User-Password==”redback”

    Service-Type=Outbound-User,

    Reauth_String=”2;pppoe1@local;27;1000;”

Before entering the reauthorize command, the subscriber record appears as follows:

[local]Redback>show subscribers active

pppoe1@local

    Circuit 13/1 vpi-vci 0 33

    Internal Circuit 13/1:1023:63/1/2/22

    Current port-limit unlimited

    ip address 10.1.1.4 

The following example reauthorizes the subscriber session, pppoe1@local, after the new value for the RADIUS attribute 27 has been sent to the RADIUS server:

[local]Redback#reauthorize username pppoe1@local

[local]Redback>show subscribers active

pppoe1@local

    Circuit 13/1 vpi-vci 0 33

    Internal Circuit 13/1:1023:63/1/2/22

    Current port-limit unlimited

    ip address 10.1.1.4 

    timeout absolute 1000

1.52   receive

1.52.1   Purpose

Configures the setting in the IGMP snooping profile that controls the ability of the associated circuits to receive multicast data.

1.52.2   Command Mode

• IGMP snooping profile configuration

1.52.3   Syntax Description

1.52.4   Default

The receipt of multicast data is permitted on all circuits.

1.52.5   Usage Guidelines

Use the receive command to configure the setting in the IGMP snooping profile that controls the ability of the associated circuits to receive multicast data. The configuration applies to all circuits that are associate with the specified IGMP snooping profile.

Use the no form of this command to return the IGMP snooping profile to the default setting in which the receipt of multicast data is permitted on all circuits.

1.52.6   Examples

The following example shows how to disable the receipt of multicast data by all circuits attached to an IGMP snooping profile called sanjose1:

[local]Router#configure

[local]Router(config)#igmp snooping profile sanjose1

[local]Redback(config-igmp-snooping-profile)#receive deny

The following example shows how to permit the receipt of multicast data by all circuits attached to an IGMP snooping profile called sanjose1:

[local]Router#configure

[local]Router(config)#igmp snooping profile sanjose1

[local]Redback(config-igmp-snooping-profile)#receive permit

1.53   receiver

1.53.1   Purpose

Specifies the remote file servers where bulkstats files for this policy are stored.

1.53.2   Command Mode

bulkstats configuration

1.53.3   Syntax Description

1.53.4   Default

No server is specified to receive bulkstats.

1.53.5   Usage Guidelines

Use the receiver command to specify the remote file servers where bulk statistics (bulkstats) files for this policy are stored.

If a transfer to the primary file server that receives bulkstats fails, a transfer to the secondary receiver is immediately attempted. If the transfer to the secondary receiver fails, the SmartEdge router waits five minutes before making another attempt. Retries continue every five minutes until a transfer transfer succeeds.

Note:  

Whenever a transfer to any bulkstats file server fails, a Simple Network Management Protocol (SNMP) trap is generated.

Use the no form of this command to delete a previously configured bulkstats remote file server. If you use the no form of this command while bulkstats collection is running, no data is transmitted to the deleted file server until you define a new bulkstats file server.

1.53.6   Examples

The following example identifies the server at IP address, 198.168.145.99, as the primary bulkstats file server; the logon account is snmp and its password is snmp:

[local]Redback(config)#context local

[local]Redback(config-ctx)#bulkstats policy bulk

[local]Redback(config-bulkstats)#receiver 198.168.145.99 primary mechanism ftp login snmp
password snmp

To see how this information displays, see the example for the show bulkstats command in Configuring Bulkstats.

1.54   record-route

1.54.1   Purpose

Configures a Resource Reservation Protocol (RSVP) label-switched path (LSP) to actively record the routes through which the LSP forwards packets.

1.54.2   Command Mode

RSVP LSP configuration

1.54.3   Syntax Description

This command has no keywords or arguments.

1.54.4   Default

Route information is recorded.

1.54.5   Usage Guidelines

Use the record-route command to configure an RSVP LSP to actively record the routes through which the LSP forwards packets.

Use the show rsvp lsp command to display the detailed output containing information about the recorded route, which you can use for troubleshooting purposes, and to prevent routing loops.

Use the no form of this command to disable route recording for the RSVP LSP.

1.54.6   Examples

The following example configures the LSP, test07, to actively record the routes through which it forwards packets:

[local]Redback(config-ctx)#router rsvp

[local]Redback(config-rsvp)#lsp test07

[local]Redback(config-rsvp-lsp)#record-route

1.55   redirect destination circuit

1.55.1   Purpose

Redirects packets to an output destination.

1.55.2   Command Mode

• forward policy configuration
• policy group class configuration

1.55.3   Syntax Description

1.55.4   Default

Packets are not redirected.

1.55.5   Usage Guidelines

Use the redirect destination circuit command to redirect packets to an output destination.

The destination name is the one that you specified for the circuit using the forward output command (in ATM PVC, Frame Relay PVC, GRE tunnel, or port configuration mode).

Use the no form of this command to disable the redirecting of packets.

Note:  

The redirect destination circuit command is only supported on Layer 3 circuits.

1.55.6   Examples

The following example redirects traffic to the output destination circuit OD15:

[local]Redback#config

[local]Redback(config)#forward policy RedirectPolicy

[local]Redback(config-policy-frwd)#redirect destination circuit OD15

1.56   redirect destination local

1.56.1   Purpose

In forward policy configuration mode, redirects packets not associated with a class to the HTTP server on the controller card.

In policy ACL configuration mode, redirects only packets associated with a class to the HTTP server on the controller card.

1.56.2   Command Mode

• forward policy configuration
• policy ACL class configuration

1.56.3   Syntax Description

This command has no keywords or arguments.

1.56.4   Default

Packets are not redirected.

1.56.5   Usage Guidelines

In forward policy configuration mode, use the redirect destination local command to redirect packets not associated with a class to the HTTP server on the controller card. In policy ACL configuration mode, use the redirect destination local command to redirect only packets associated with a class to the HTTP server on the controller card.

Use the no form of this command to disable the redirecting of packets.

1.56.6   Examples

The following example configures the forward policy, Business-Redirect, which redirects packets associated with the class, Redirect, to the HTTP server on the controller card:

[local]Redback(config)#forward policy Business-Redirect

[local]Redback(config-policy-frwd)#redirect destination local

[local]Redback(config-policy-frwd)#access-group bus-redirect local

[local]Redback(config-policy-group)#class Redirect

[local]Redback(config-policy-group)#redirect destination local

1.57   redirect destination next-hop

1.57.1   Purpose

Redirects packets to the specified IP address or to the packets’ default destination IP address according to the routing table.

1.57.2   Command Mode

• forward policy configuration
• policy group class configuration

1.57.3   Syntax Description

1.57.4   Default

Packets are not redirected.

1.57.5   Usage Guidelines

Use the redirect destination next-hop command to redirect packets to the specified IP address or to the packets’ default destination IP address according to the routing table.

If an address is unreachable, then the next lower priority address is tried. From time to time, the system will try to return to the highest priority entry available. The default keyword can be used in the next-hop list instead of an IP address to indicate that the destination IP address from the packet should be used when all higher priority next hops are unreachable. The default keyword can be first in the list, which means redirecting packets only when the normal route is unreachable.

Note:  

To modify the list of next hop entries, you must re-enter the entire redirect destination next-hop command.

Use the no form of this command to disable the redirecting of packets.

Note:  

The redirect destination next-hop command is only supported on Layer 3 circuits.

1.57.6   Examples

The following example redirects traffic to the next-hop IP address, 10.1.1.1. If that address is unreachable, the SmartEdge router redirects traffic to the next-hop IP address, 10.1.2.1. If both addresses are unreachable, traffic is routed normally:

[local]Redback#config

[local]Redback(config)#forward policy RedirectPolicy

[local]Redback(config-policy-frwd)#redirect destination next-hop 10.1.1.1 10.1.2.1 default

The following example routes traffic normally. If the route is unavailable, traffic is redirected to the next-hop IP address, 10.1.1.1:

[local]Redback#config

[local]Redback(config)#forward policy RedirectPolicy

[local]Redback(config-policy-frwd)#redirect destination next-hop default 10.1.1.1

The following example redirects traffic to the next-hop IP address, 192.1.1.1. If that address is unreachable, the SmartEdge router attempts to redirect traffic to the next-hop IP address, 10.1.1.1. If both addresses are unreachable, traffic is dropped:

[local]Redback#config

[local]Redback(config)#forward policy RedirectPolicy

[local]Redback(config-policy-frwd)#redirect destination next-hop 192.1.1.1 10.1.1.1

1.58   redistribute (BGP)