![]() |
COMMAND DESCRIPTION 15/190 82-CRA 119 1170/1-V1 Uen A | ![]() |
Copyright
© Copyright Ericsson AB 2009. All rights reserved.
Disclaimer
No part of this document may be reproduced in any form without the written permission of the copyright owner. The contents of this document are subject to revision without notice due to continued progress in methodology, design and manufacturing. Ericsson shall have no liability for any error or damage of any kind resulting from the use of this document.
Trademark List
SmartEdge | is a registered trademark of Telefonaktiebolaget L M Ericsson. | |
NetOp | is a trademark of Telefonaktiebolaget L M Ericsson. |
Commands starting with “r” are included.
When entered in ND router configuration mode, the syntax is:
ra {interval ra-interval | lifetime ra-lifetime | managed-config | other-config | suppress}
{no | default} ra {interval | lifetime | managed-config | other-config | suppress}
When entered in ND router interface configuration mode, the syntax is:
ra {enable | interval ra-interval | lifetime ra-lifetime | managed-config | other-config | suppress}
{no | default} ra {enable | interval | lifetime | managed-config | other-config | suppress}
Configures options and settings for router advertisement (RA) messages.
enable |
Enables the sending of RA messages for this Neighbor Discovery (ND) router interface. This keyword is not available in ND router configuration mode. |
interval ra-interval |
Optional. RA interval between transmissions (in seconds). The range of values is 5 to 600; the default value is 200 seconds. |
lifetime ra-lifetime |
Optional. RA lifetime (in seconds). The range of values is 30 to 36,000; the default value is 1,800 seconds. |
managed-config |
Optional. Sets the managed-address configuration flag in RA messages to TRUE; the default value is not set (FALSE). |
other-config |
Optional. Sets the other-stateful configuration flag in RA messages to TRUE; the default value is not set (FALSE). |
suppress |
Optional. Specifies that RA messages be suppressed; the default value is not suppressed. |
RA messages are not configured for any ND router or ND router interface.
Use the ra command to configure options and settings for RA messages. In ND router configuration mode, this command configures RA for all interfaces; in ND router interface mode, it configures RA for this ND router interface. If specified, the interface parameters override the global parameters. Enter this command multiple times to configure more than one parameter.
Use the no or default form of this command to remove RA messages from the configuration for this ND router or ND router interface.
The following example configures RA for this ND router with a retransmission interval of 60 seconds and a lifetime of six minutes (360 seconds):
[local]Redback(config)#context local [local]Redback(config-ctx)#router nd [local]Redback(config-nd)#ra interval 60 [local]Redback(config-nd)#ra lifetime 360
The following example suppresses RA for the int1 ND router interface:
[local]Redback(config)#context local [local]Redback(config-ctx)#router nd [local]Redback(config-nd)#interface int1 [local]Redback(config-nd-if)#ra suppress
radius accounting algorithm {first | round-robin}
default radius accounting algorithm
Specifies a load-balancing algorithm to use among multiple Remote Authentication Dial-In User Service (RADIUS) accounting servers.
context configuration
first |
Specifies that the first configured RADIUS server is always queried first. |
round-robin |
Specifies that RADIUS servers are queried in round-robin fashion. |
The SmartEdge router uses the first configured RADIUS server
first.
Use the radius accounting algorithm command to specify a load-balancing algorithm to use among multiple RADIUS accounting servers.
Use the default form of this command to reset the load-balancing algorithm to use the first configured RADIUS server first.
The following example sets the load-balancing algorithm to round-robin:
[local]Redback(config-ctx)#radius accounting algorithm round-robin
radius accounting deadtime interval
default radius accounting deadtime
Sets the interval during which the SmartEdge router treats a nonresponsive Remote Authentication Dial-In User Service (RADIUS) accounting server as “dead.”
context configuration
interval |
Deadtime interval in minutes. The range of values is 0 to 65,535; the default value is 5. The 0 value disables the feature. |
The waiting interval is five minutes.
Use the radius accounting deadtime command to set the interval during which the SmartEdge router treats a nonresponsive RADIUS accounting server as “dead.” During the interval, the SmartEdge router tries to reach another RADIUS accounting server; after the interval expires, the SmartEdge router tries again to reach the accounting server. If there is no response, the RADIUS accounting server remains marked as “dead” and the timer is set again to the configured interval.
If you disable this feature (with the 0 value), the SmartEdge router never waits but attempts to reach the server immediately.
Use the default form of this command to specify the default interval.
The following example sets the deadtime interval to 10 minutes:
[local]Redback(config-ctx)#radius accounting deadtime 10
radius accounting max-outstanding requests
{no | default} radius accounting max-outstanding
Modifies the number of simultaneous outstanding accounting requests that can be sent by the SmartEdge router to Remote Authentication Dial-In User Service (RADIUS) accounting servers.
context configuration
requests |
Number of simultaneous outstanding requests per RADIUS server in the current context. The range of values is 1 to 256. |
The number of simultaneous outstanding accounting requests sent by the SmartEdge router is 256.
Use the radius accounting max-outstanding to modify the number of simultaneous outstanding accounting requests that can be sent by the SmartEdge router to RADIUS accounting servers.
Use this command if the RADIUS servers cannot handle the default of 256 simultaneous outstanding accounting requests that the SmartEdge router can send to RADIUS accounting servers configured within the context.
Use the no or default form of this command to reset the maximum number of allowable outstanding requests to 256.
The following example limits the number of simultaneous outstanding requests to 128:
[local]Redback(config-ctx)#radius accounting max-outstanding 128
radius accounting max-retries retries
default radius accounting max-retries
Modifies the number of retransmission attempts the SmartEdge router makes to a Remote Authentication Dial-In User Service (RADIUS) server in the event that no response is received from the server within the timeout period.
context configuration
retries |
Number of times the SmartEdge router retransmits a RADIUS accounting packet. The range of values is 1 to 2,147,483,647; the default value is 3. |
The SmartEdge router sends three retransmissions.
Use the radius accounting max-retries command to modify the number of retransmission attempts the SmartEdge router makes to a RADIUS accounting server in the event that no response is received from the server within the timeout period.
If an acknowledgment is not received, each successive, configured server is tried (wrapping from the last server to the first, if necessary) until the maximum number of retransmissions is reached.
Use the default form of this command to reset the number of retries to 3.
The following example sets the retransmit value to 5:
[local]Redback(config-ctx)#radius accounting max-retries 5
The following example resets the retransmit value to the default of 3:
[local]Redback(config-ctx)#default radius accounting max-retries
radius accounting send-acct-on-off
{no | default} radius accounting send-acct-on-off
Enables the sending of “accounting on” and “accounting off” messages to all Remote Authentication Dial-In User Service (RADIUS) accounting servers that are configured in the current context.
context configuration
This command has no keywords or arguments.
Accounting on and accounting off messages are sent.
Use the radius accounting send-acct-on-off command to enable the sending of accounting on and accounting off messages to all RADIUS accounting servers that are configured in the current context.
The SmartEdge router sends messages to RADIUS accounting servers in various circumstances:
Similarly, the accounting off message is not sent until you have disabled all types of RADIUS accounting.
Use the no form of this command to prevent the SmartEdge router from sending these messages.
Use the default form of this command to return the system to its default behavior.
The following example disables the sending of accounting on and off messages to all other RADIUS accounting servers in the local context:
[local]Redback(config)#context local [local]Redback(config-ctx)#no radius send-acct-on-off
radius accounting server {ip-addr | hostname} {key key | encrypted-key key} [{oldports | port udp-port}] [max requests]
no radius accounting server
Configures the IP address or hostname of a Remote Authentication Dial-In User Service (RADIUS) accounting server.
context configuration
ip-addr |
IP address of the RADIUS accounting server. |
hostname |
Hostname of the RADIUS accounting server. Domain Name System (DNS) must be enabled to use the hostname argument. |
key key |
Authentication key used when communicating with the accounting server. |
encrypted-key key |
Alphanumeric string representing the encrypted authentication key used when communicating with the RADIUS accounting server. |
oldports |
Optional. Designates the old RADIUS User Datagram Protocol (UDP) port 1646. |
port udp-port |
Optional. RADIUS accounting UDP port. The range of values is 1 to 65,536; the default value is 1813. |
RADIUS accounting server hostnames and IP addresses are not preconfigured. The UDP accounting port is 1813.
Use the radius accounting server command to configure the IP address or hostname of a RADIUS accounting server. Use this command multiple times to configure up to five RADIUS accounting servers per context. To use the hostname argument, you must enable DNS; for more information, see Configuring Channels and Clear-Channel and Channelized Ports.
Use the no form of this command to delete a previously configured RADIUS accounting server.
The following example configures a RADIUS accounting server IP address of 10.3.3.3 with the key, secret, using port 4445 for accounting:
[local]Redback(config-ctx)#radius accounting server 10.3.3.3 key secret port 4445
radius accounting server-timeout interval
default radius accounting server-timeout
Sets the time interval the SmartEdge router waits before marking a non-responsive Remote Authentication Dial-In User Service (RADIUS) accounting server as “dead.”
context configuration
interval |
Time period that the SmartEdge router checks back for successful responses, after an individual RADIUS request times out, before treating the accounting server as “dead.” The range of values is 0 to 2147483647 seconds; the default value is 60 seconds. |
The maximum time interval is 60 seconds.
Use the radius accounting server-timeout command to set the time interval the SmartEdge router waits before marking a non-responsive RADIUS accounting server as “dead.”
The SmartEdge router marks a RADIUS accounting server as “dead” when no response is received to any RADIUS requests during the time period specified by the interval argument. Setting the value to 0 disables this feature; in this case, no RADIUS accounting server is marked as “dead.”
Use the default form of this command to specify the default interval.
The following example sets the waiting interval to 80 seconds:
[local]Redback(config-ctx)#radius accounting server-timeout 80
radius accounting timeout timeout
default radius accounting timeout
Sets the maximum time the SmartEdge router waits for a response from a Remote Authentication Dial-In User Service (RADIUS) accounting server before assuming that a packet is lost, or that the RADIUS accounting server is unreachable.
context configuration
timeout |
Timeout period in seconds. The range of values is 1 to 2147483647; the default value is 10 seconds. |
The maximum time is 10 seconds.
Use the radius accounting timeout command to set the maximum time the SmartEdge router waits for a response from a RADIUS accounting server before assuming that a packet is lost, or that the RADIUS accounting server is unreachable.
Use the default form of this command to specify the default interval.
The following example sets the timeout interval to 30 seconds:
[local]Redback(config-ctx)#radius accounting timeout 30
radius algorithm {first | round-robin}
default radius algorithm
Specifies the algorithm to use among multiple Remote Authentication Dial-In User Service (RADIUS) servers.
context configuration
first |
Specifies that the first configured RADIUS server is always queried first. |
round-robin |
Specifies that the RADIUS servers are queried in round-robin fashion, enabling load balancing. |
The SmartEdge router queries the first configured server first.
Use the radius algorithm command to specify the algorithm to use among multiple RADIUS servers.
Use the default form of this command to reset the SmartEdge router to query the first configured RADIUS server first.
The following example sets the algorithm to round-robin:
[local]Redback(config-ctx)#radius algorithm round-robin
radius attribute acct-delay-time
{no | default} radius attribute acct-delay-time
Sends the Acct-Delay-Time attribute in the Remote Authentication Dial-In User Service (RADIUS) Accounting-Request packets for the current context regardless of whether the SmartEdge router had a delay in sending the accounting record to the RADIUS server.
context configuration
This command has no keywords or arguments.
The Acct-Delay-Time attribute is only sent in RADIUS Accounting-Request packets for the current context, if there is a delay in sending the accounting record.
Use the radius attribute acct-delay-time command to send the Acct-Delay-Time attribute in RADIUS Accounting-Request packets for the current context regardless of whether the SmartEdge router had a delay in sending the accounting record to the RADIUS server. If there is no delay, the SmartEdge router sets the Acct-Delay-Time attribute to 0. By default, the Acct-Delay-Time attribute is sent in RADIUS Accounting-Request packets for the current context only if there is a delay in sending the accounting record to the RADIUS server.
Standard RADIUS attribute 41, Acct-Delay-Time, is described in RADIUS Attributes.
Use the no or default form of this command to reset the SmartEdge router behavior to the default condition.
The following example shows how to configure the SmartEdge router to send the Acct-Delay-Time attribute in RADIUS Accounting-Request packets:
[local]Redback(config-ctx)#radius attribute acct-delay-time
radius attribute acct-session-id access-request
{no | default} radius attribute acct-session-id access-request
Sends the Acct-Session-Id attribute in Remote Authentication Dial-In User Service (RADIUS) Access-Request packets for the current context.
context configuration
access-request |
Specifies that the attribute is to be sent in Access-Request packets. |
The Acct-Session-Id attribute is only sent in Accounting-Request packets.
Use the radius attribute acct-session-id command to send the Acct-Session-Id attribute in RADIUS Access-Request packets for the current context.
This command affects only subscriber sessions, not administrator sessions.
Standard RADIUS attribute 41, Acct-Session-Id, is described in RADIUS Attributes.
Use the no or default form of this command to disable the sending of the Acct-Session-Id attribute in Access-Request packets.
The following example configures the SmartEdge router to send the Acct-Session-Id attribute in RADIUS access-request packets:
[local]Redback(config-ctx)#radius attribute acct-session-id access-request
radius attribute acct-terminate-cause remap
no radius attribute acct-terminate-cause remap
Enables the remapping of Redback account termination error codes and accesses terminate error cause configuration mode.
global configuration
This command has no keywords or arguments.
Remapping of account termination error codes is disabled.
Use the radius attribute acct-terminate-cause remap command to enable the remapping of Redback account termination error codes and access terminate error cause configuration mode. By default, the SmartEdge router maps a Redback termination error code to a Remote Authentication Dial-In User Service (RADIUS) Attribute 49 (Acct-Terminate-Cause) terminate cause error code, which it sends in RADIUS Accounting-Stop packets. RADIUS attribute 49 terminate cause error codes and their definitions are included in RFC 2866, RADIUS Accounting. RADIUS Attributes lists the default mapping of Redback account termination error codes to RADIUS attribute 49 error codes.
Use the no form of this command to remove the remapping of all Redback account termination error codes.
The following example enables the remapping of Redback account termination error codes:
[local]Redback(config)#radius attribute acct-terminate-cause remap [local]Redback(config-term-ec)#
radius attribute acct-tunnel-connection l2tp-call-serial-num
{no | default} radius attribute acct-tunnel-connection l2tp-call-serial-num
Sends a Layer 2 Tunneling Protocol (L2TP) call serial number type value in the Acct-Tunnel-Connection attribute in Remote Authentication Dial-In User Service (RADIUS) packets for the current context, when the SmartEdge router is functioning as an L2TP access concentrator (LAC).
context configuration
This command has no keywords or arguments.
When functioning as a LAC, the SmartEdge router sends an L2TP session ID type value in the Acct-Tunnel-Connection attribute.
Use the radius attribute acct-tunnel-connection l2tp-call-serial-num command to send an L2TP call serial number ID type value in the Acct-Tunnel-Connection attribute in the RADIUS packets for the current context, when the SmartEdge router is functioning as a LAC. This enables the RADIUS server to correlate the ID type values received from the SmartEdge router and those received from L2TP network server (LNS) devices when it attempts to authenticate Point-to-Point Protocol over Ethernet (PPPoE) sessions. (LNS) devices send L2TP call serial numbers in the Acct-Tunnel-Connection attribute by default.)
This command affects only subscriber sessions, not administrator sessions.
Standard RADIUS attribute 68, Acct-Tunnel-Connection, is described in RADIUS Attributes.
Use the no or default form of this command to remove a tunnel with the RADIUS server from either a LAC or LNS.
The following example configures the SmartEdge router, when functioning as a LAC, to send the L2TP call serial number in the Acct-Tunnel-Connection attribute to the RADIUS server:
[local]Redback(config-ctx)#radius attribute acct-tunnel-connection l2tp-call-serial-num
To specify the format for the automatically generated ID string, use the following syntax:
radius attribute calling-station-id {[{media atm | media eth}] format {agent | description | hostname agent | slot-port agent}
no radius attribute calling-station-id {[{media atm | media eth}] format
default radius attribute calling-station-id
To specify that a separator character be prepended to the Calling-Station-Id attribute string in RADIUS packets, use the following syntax:
radius attribute calling-station-id prepend-separator
[no | default] radius attribute calling-station-id prepend-separator
To pad the virtual path identifier (VPI) or virtual channel identifier (VCI) value with zeros to make a 4-character string, use the following syntax:
radius attribute calling-station-id pvc-pad
[no | default] radius attribute calling-station-id pvc-pad
To use a character that separates the elements of the attribute string, use the following syntax:
radius attribute calling-station-id separator separator
[no | default] radius attribute calling-station-id
Using the specified format, sends the Calling-Station-Id attribute in Remote Authentication Dial-In User Service (RADIUS) Access-Request and Accounting-Request packets for the current context.
context configuration
agent |
agent-circuit-id [non-ascii] [agent-remote-id [non-ascii]] | agent-remote-id [non-ascii] The non-ascii, agent-circuit-id, and agent-remote-id keywords are described separately in this table. |
media atm |
Uses the Asynchronous Transfer Mode (ATM) media format for the automatically generated Calling-ID string. |
media eth |
Uses the Ethernet media format for the automatically generated Calling-ID string. |
format |
Indicates a particular format to be applied. |
agent-circuit-id |
Specifies that the format or the type of the information for the Calling-Station-Id attribute is the circuit agent ID. Optional only when specifying the slot-port keyword. |
agent-remote-id |
Optional. Specifies that the format or the type of the information for the Calling-Station-Id attribute is Agent-Remote-Id. Optional only when specifying the agent-circuit-id keyword. |
description |
Specifies a circuit description format using the information configured with the description command in the configuration mode for the circuit with the hostname prepended to it. |
hostname |
Prepends the SmartEdge router hostname to the contents of the Calling-Station-Id attribute in RADIUS packets. The hostname is either the one that has been configured using the system hostname command (in context configuration mode), or the default hostname, “Redback”. |
non-ascii |
Available in context configuration mode. Specifies one of the following translations when you use RADIUS with option 82:
The default translation is the agent circuit ID and agent remote ID into hexadecimal format. |
slot-port |
Specifies a slot number/port number format that has the hostname prepended to it. |
prepend-separator |
Optional. Specifies that a separator character be prepended to the Calling-Station-Id attribute string in RADIUS packets. The separator character to append depends on which character is used for the separator keyword. |
pvc-pad |
Pads the virtual path identifier (VPI)/virtual channel identifier (VCI) value with zeros to make a 4-character string. |
separator separator |
Character that separates the elements of the attribute string. The default separator character is the number symbol (#). You can change this default. |
The Calling-Station-Id attribute is not sent.
Use the radius attribute calling-station-id command to send the Calling-Station-Id attribute, using the specified format, in RADIUS Access-Request and Accounting-Request packets for the current context.
If you specify the media keyword, you can customize the format for ATM or Ethernet subscribers or for both. The default format is valid for all circuit types.
If you specify the agent-circuit-id keyword, you can also specify the agent-remote-id keyword.
If you specify the agent-circuit-id non-ascii keywords, you can also specify the agent-remote-id non-ascii keywords.
For Dynamic Host Configuration Protocol (DHCP) clients, the information for the Calling-Station-Id attribute is extracted from the suboption1 information in option 82 of the DHCP request packet; for Point-to-Point Protocol over Ethernet (PPPoE) clients, the information is extracted in the PPPoE Active Discovery Request (PADR) packet.
If the agent-circuit-id keyword is specified, but the circuit agent ID information is not present in the DHCP request packet or in the PADR packet sent by the client, the SmartEdge router inserts the “Agent-Circuit-Id Not Present” string.
If the agent-remote-id keyword is specified, but the remote agent ID information is not present in the DHCP request packet or in the PADR packet sent by the client, the SmartEdge router inserts the “Agent-Remote-Id Not Present” string.
For Asynchronous Transfer Mode (ATM) permanent virtual circuits (PVCs), the format for the slot-port keyword is #Hostname#slot/port#VPI#VCI; the description format is #Hostname#VC description#VPI#VCI.
For virtual LANs (VLANs), the formats for the slot-port keyword and description keyword, respectively, are:
Use the no form of this command to disable the sending of the Calling-Station-Id attribute.
Use the default form of this command to specify the default separator. To change the default separator character, specify the separator keyword and character to use as the separator.
The following example sends the Calling-Station-Id attribute using the slot-port format and inserts agent-circuit-id and agent-remote-id information into Access-Request and Accounting-Request packets:
[local]Redback(config-ctx)#radius attribute calling-station-id format slot-port agent-circuit-id agent-remote-id separator #
The format in which the Calling-Station-Id attribute is sent for VLAN connections is as follows:
hostname#slot#port#(VLAN ID)#(Agent-Circuit-Id)#(Agent-Remote-Id)
The following example configures the context so that the Calling-Station-Id attribute is sent in Access-Request and Accounting-Request packets using a slash (/) as the separator character:
[local]Redback(config-ctx)#radius attribute calling-station-id separator /
radius attribute filter-id direction {in | out | both | none}
{no | default} radius attribute filter-id
Specifies the behavior of the SmartEdge router when it receives a Remote Authentication Dial-In User Service (RADIUS) Filter-Id attribute that does not specify a direction and there is an access control list (ACL) applied to the circuit.
direction |
Specifies the direction of the packets to which the ACL is applied. |
in |
Applies the ACL to inbound packets only. |
out |
Applies the ACL to outbound packets only. |
both |
Applies the ACL to inbound and outbound packets. |
none |
Ignores the Filter-Id attribute and does not apply the ACL to packets in either direction. |
If the Filter-Id attribute does not include a direction, the SmartEdge router applies the ACL to outbound packets only.
Use the radius attribute filter-id command to specify the behavior of the SmartEdge router when it receives a RADIUS Filter-Id attribute that does not specify a direction and there is an ACL applied to the circuit. The choice of behavior depends on the nature of the ACL and the type of data that is exchanged.
The following sequence determines how the SmartEdge router applies the ACL:
Use the no or default form of this command to specify the default condition.
The following example specifies that the ACL be applied to inbound packets only:
[local]Redback(config)#context local [local]Redback(config-ctx)#radius attribute filter-id in
radius attribute nas-identifier arbitrary-string
{no | default} radius attribute nas-identifierarbitrary-string
Includes the network access server (NAS)-Identifier attribute in Remote Authentication Dial-In User Service (RADIUS) Access-Request and Accounting-Request packets sent by the SmartEdge router.
context configuration
arbitrary-string |
Indicates the value for the NAS system. Alphanumeric string of up to 255 characters. |
The NAS-Identifier attribute is not sent.
Use the radius attribute nas-identifier command to include the NAS-Identifier attribute in RADIUS Access-Request and Accounting-Request packets sent by the SmartEdge router.
Standard RADIUS attribute 32, NAS-Identifier, is described in RADIUS Attributes
Use the no or default form of this command to specify the default behavior.
The following example shows how to configure the NAS-Identifier in RADIUS Access-Request and Accounting-Request packets sent by the SmartEdge router:
[local]Redback(config-ctx)#radius attribute nas-identifier somearbritrarystring
radius attribute nas-ip-address interface if-name
{no | default} radius attribute nas-ip-address
Includes the network access server (NAS)-IP-Address attribute in Remote Authentication Dial-In User Service (RADIUS) Access-Request and Accounting-Request packets sent by the SmartEdge router.
context configuration
interface if-name |
Interface name. Uses the primary IP address associated with the interface as the source IP address sent in RADIUS packets. If the interface is not configured or is unreachable, the IP address of the outgoing interface is used instead as the source IP address for packets. |
The NAS-IP-Address attribute is not sent.
Use the radius attribute nas-ip-address command to includes the NAS-IP-Address attribute in RADIUS Access-Request and Accounting-Request packets sent by the SmartEdge router.
Standard RADIUS attribute 4, NAS-IP-Address, is described in RADIUS Attributes.
Use the no or default form of this command to reset the SmartEdge router behavior so that the NAS-IP-Address attribute is not included.
The following example sends the primary IP address for interface ether21 as the source IP address in RADIUS Access-Request and Accounting-Request packets sent by the SmartEdge router:
[local]Redback(config-ctx)#radius attribute nas-ip-address interface ether21
radius attribute nas-port format {agent-remote-id | physical | slot-port | session-info} [no-pseudo]
{no | default} radius attribute nas-port format
Modifies the format of the network access server (NAS)-Port attribute, which is sent in Remote Authentication Dial-In User Service (RADIUS) Access-Request and Accounting-Request packets for the current context.
context configuration
format |
Indicates a particular attribute string format is to be applied. |
agent-remote-id |
Specifies that the content of the NAS-Port attribute is a 32-bit remote agent ID. |
physical |
Provides slot, port, virtual path identifier (VPI), and virtual channel identifier (VCI) in the NAS-Port attribute sent to the RADIUS server. For Asynchronous Transfer Mode (ATM) circuits and PPP over Ethernet (PPPoE) over ATM sessions, the attribute format is slot-port-vpi-vci, such that:
For Ethernet and virtual LAN (VLAN) circuits, the attribute format depends on whether the session is connected through an untagged Ethernet port, a VLAN, or a stacked VLAN circuit: For untagged Ethernet, the format is slot/port: unused, such that:
For VLAN circuits, the format is slot/port:vlan-id, such that:
For Stacked VLAN circuits, the format is slot/port:SvlanID-CvlanID, such that:
|
slot-port |
Provides slot, port, and channel information in the NAS-Port attribute sent to the RADIUS server. The attribute format is slot-port-channel, such that:
If no channel exists, the channel argument contains zeros. This is the default format for standard RADIUS attribute 5, NAS-Port. |
session-info |
Provides slot, port, and session information in the NAS-Port attribute sent to the RADIUS server. For ATM circuits, the attribute format is slot-port-vpi-vci, such that:
For PPPoE over ATM, Ethernet, and VLAN circuits, the format is slot-port-unused-pppoe_session, such that:
|
no-pseudo |
Enables formatting for sessions that are not Layer 2 Tunneling Protocol (L2TP) network server (LNS) or L2TP access concentrator (LAC) sessions. |
Standard RADIUS attribute 5, NAS-Port, is sent in the slot-port format. L2TP circuits (LNS or LAC), use “pseudo” formatting.
Use the radius attribute nas-port command to modify the format of the NAS-Port attribute, which is sent in RADIUS Access-Request and Accounting-Request packets for the current context.
Use the radius attribute nas-port command with the no-pseudo keyword to remove “pseudo” formatting on L2TP circuits (LNS or LAC).
The standard RADIUS attribute 5, NAS-Port, is described in RADIUS Attributes.
Use the no or default form of this command to revert to the default behavior.
The following example sends the attribute NAS-Port using the slot-port format in RADIUS Access-Request and Accounting-Request packets for the local context:
[local]Redback(config)#context local [local]Redback(config-ctx)#radius attribute nas-port format slot-port
radius attribute nas-port-id {format {agent-circuit-id [agent-remote-id] | all | hostname {agent-circuit-id [agent-remote-id]} | physical | agent-remote-id} | modified-agent-circuit-id [prefix-lg-description] | prepend-separator | separator separator}
no radius attribute nas-port-id format
default radius attribute nas-port-id {format | separator separator}
Modifies the format of the network access server (NAS)-Port-Id attribute, which is sent in Remote Authentication Dial-In User Service (RADIUS) Access-Request and Accounting-Request packets for the current context.
context configuration
format |
Indicates a particular format to be applied. |
agent-circuit-id |
Specifies that the format or the type of the information for the NAS-Port-Id attribute is the circuit agent ID. |
agent-remote-id |
Optional. Specifies that the format or the type of the information for the Calling-Station-Id attribute is Agent-Remote-Id. Optional only when specifying the agent-circuit-id keyword. |
hostname |
Prepends the SmartEdge router hostname to the contents of the NAS-Port-Id attribute in RADIUS packets. The hostname is either the one that has been configured using the system hostname command (in context configuration mode), or the default hostname, “Redback”. |
all |
Specifies a format that includes the physical circuit and session information. This is the default format. |
physical |
Specifies a format that includes the physical circuit only. |
modified-agent-circuit-id |
Specifies that the format or the type of the information for the NAS-Port-Id attribute is a modified form of the circuit agent ID. |
prefix-lg-description |
Optional. Specifies that a text string description of the access link group is to be used as a prefix to the NAS-Port-Id attribute. |
prepend-separator |
Optional. Specifies that a separator character be prepended to the NAS-Port-Id attribute string in RADIUS packets. The separator character to append depends on which character is used for the separator keyword. |
separator separator |
Character to use to separate the elements of the attribute string. The default separator character is the number symbol (#). You can change this default. |
Standard RADIUS attribute 87, NAS-Port-Id, is sent using the all format.
Caution! | ||
Use the radius attribute nas-port-id command to
modify the format of the NAS-Port-Id attribute, which is sent in RADIUS
Access-Request and Accounting-Request packets for the current context.
|
Risk of interoperability loss. The NetOp Policy Manager (PM) requires the default format setting for this command to assimilate the RADIUS attribute information. To avoid loss of interoperability with NetOp PM, use this command with its default setting only.
If you specify the agent-circuit-id keyword, you can also specify the agent-remote-id keyword.
For Dynamic Host Configuration Protocol (DHCP) clients, the information for the NAS-Port-Id attribute is extracted from the suboption1 information in option 82 of the DHCP request packet; for Point-to-Point Protocol over Ethernet (PPPoE) clients, the information is extracted in the PPPoE Active Discovery Request (PADR) packet.
If the agent-circuit-id keyword is specified, but the circuit agent ID information is not present in the DHCP request packet or in the PADR packet sent by the client, the SmartEdge router inserts the “Agent-Circuit-Id Not Present” string.
If the agent-remote-id keyword is specified, but the remote agent ID information is not present in the DHCP request packet or in the PADR packet sent by the client, the SmartEdge router inserts the “Agent-Remote-Id Not Present” string.
If you specify the all keyword, the physical circuit information includes the slot, port, circuit identifier, and session identifier; the format in which the NAS-Port-Id attribute is sent is: slot/port [vpi-vci vpi vci | vlan-id [tunl-vlan-id:]pvc-vlan-id] [pppoe sess-id | clips sess-id]
The circuit identifier can be the virtual path identifier (VPI) with the virtual channel identifier (VCI), or it can be the virtual LAN (VLAN) identifier, depending on the type of circuit.
If you specify the physical keyword, the format in which the NAS-Port-Id attribute is sent is: slot/port [vpi-vci vpi vci | vlan-id [tunl-vlan-id:]pvc-vlan-id].
If you specify the modified-agent-circuit-id keyword, the system inserts the specific subscriber line information in the NAS-Port-ID attribute. Line information includes: slot/port [vpi-vci vpi vci | vlan-id [tunl-vlan-id:]pvc-vlan-id] which is prepended to the subscriber identification fields.
To indicate that a text string description of the access link group is to be used as a prefix to the NAS-Port-Id attribute using the description command, specify the format, modified-agent-circuit-id, and prefix-lg-description keywords with the radius attribute nas-port-id command. For more information about the description command, see the Command List.
Standard RADIUS attribute 87, NAS-Port-Id, and vendor-specific attributes (VSAs) 96 provided by Ericsson AB, Agent-Remote-Id, and 97, Agent-Circuit-Id, are described in RADIUS Attributes.
Use the no or default form of this command to reset the format for the NAS-Port-Id attribute to the all format.
Use the default form of this command to specify the default separator. To change the default separator character, specify the separator keyword and character to use as the separator.
The following example shows how to send the NAS-Port-Id attribute using the physical format in RADIUS Access-Request and Accounting-Request packets for the local context:
[local]Redback(config)#context local [local]Redback(config-ctx)#radius attribute nas-port-id format physical
radius attribute nas-port-type port-type
{no | default} radius attribute nas-port-type port-type
Modifies the value for the network access server (NAS)-Port-Type attribute sent in Remote Authentication Dial-In User Service (RADIUS) Access-Request and Accounting-Request packets.
port-type |
Value that represents the type of connection the subscriber has to the network access server (NAS) through which it is authenticated. The range of values is 0 to 255. Values 0 to 19 are defined in Table 1. The default value is either 0 or 5, indicating an asynchronous connection through a console port or a virtual connection through a transport protocol, respectively. |
The Nas-Port-Type attribute is sent in RADIUS Access-Request and Accounting-Request packets. The value is either 0 or 5, depending on how the subscriber is connected to its authenticating NAS.
Use the radius attribute nas-port-type command to modify the value for the NAS-Port-Type attribute sent in RADIUS Access-Request and Accounting-Request packets.
Table 1 lists the definitions of the values for the port-type argument.
Value |
Definition |
---|---|
0 |
async |
1 |
sync |
2 |
ISDN (sync) |
3 |
ISDN (async V120) |
4 |
ISDN (async V110) |
5 |
Virtual |
6 |
PIAFS (wireless ISDN used in Japan) |
7 |
HDLC (clear-channel) |
8 |
X.25 |
9 |
X.75 |
10 |
G3_Fax (G.3 Fax) |
11 |
SDSL (symmetric DSL) |
12 |
ADSL_CAP (asymmetric DSL Carrierless Amplitude Phase Modulation) |
13 |
ADSL_DMT (asymmetric DSL, Discrete Multi-Tone) |
14 |
IDSL (ISDN digital subscriber line) |
15 |
Ethernet |
16 |
xDSL (digital subscriber line of unknown type) |
17 |
Cable |
18 |
Wireless (wireless—Other) |
19 |
Wireless_802_11 (wireless—IEEE 802.11) |
Standard RADIUS attribute 61, NAS-Port-Type, is described in RADIUS Attributes.
Use the no or default form of this command to reset the SmartEdge router behavior to the default condition.
The following example modifies the NAS-Port-Type attribute in RADIUS Access-Request and Accounting-Request packets to type 4 (ISDN):
[local]Redback(config)#context local [local]Redback(config-atm-profile)#radius attribute nas-port-type 4
radius attribute vendor-specific Redback {mac-address separator char | salt-encrypted-attr {authen-server | coa-server}}
{no | default} radius attribute vendor-specific Redback {mac-address separator char | salt-encrypted-attr {authen-server | coa-server}}
Specifies the character the SmartEdge router uses to separate the fields in the specified Remote Authentication Dial-In User Service (RADIUS) attribute, and whether attributes can be encrypted.
Redback |
Specifies Redback as the vendor. |
mac-address |
Specifies vendor-specific attribute (VSA) 145 provided by Ericsson AB, Mac-Addr, as the attribute. |
separator char |
Character to be used as a separator. The default is hyphen (-). |
salt-encrypted-attr |
Allows encrypted vendor VSA attributes |
authen-server |
Allows encrypted vendor VSAs in Access-Response packets. |
coa-server |
Allows encrypted vendor VSAs in CoA-Request packets. |
The SmartEdge router uses the hyphen (-) character, and vendor VSAs can be encrypted.
Use the radius attribute vendor-specific command to specify the character the SmartEdge router uses to separate the fields in the specified RADIUS attribute, and whether attributes can be encrypted.
Use the no or default form of this command to specify the default character as the separator.
The following example specifies the colon (:) as the separator character:
[local]Redback(config)#context local [local]Redback(config-ctx)#radius attribute vendor-specific Redback mac-address separator :
radius await-acct-on-ack
{no | default} radius await-acct-on-ack
In global configuration mode, enables the SmartEdge router to wait to receive an acknowledgement of the receipt of the Accounting-On message that it sent to the Remote Authentication Dial-In User Service (RADIUS) accounting servers after the router reboots. The router waits for the acknowledgement message (ACK message) before it begins to send authentication and accounting requests to the RADIUS servers.
This command has no keywords or arguments.
By default, after the SEOS router reboots, an Accounting-On message is sent to the RADIUS servers. However, the router does not wait for an acknowledgement of the receipt of this message from the servers before sending the authentication and accounting requests to the RADIUS servers.
Use the radius await-acct-on-ack command in global configuration mode to enable the SmartEdge router to wait to receive an acknowledgement of the receipt of the Accounting-On message that it sent to the RADIUS accounting servers after the router reboots. This command ensures that the router waits for an ACK message before it begins to send authentication and accounting requests to the servers.
If the SmartEdge router has not yet received an ACK message from the RADIUS server within 10 seconds of sending the Accounting-On message, the router checks again. If after 30 retries, and still no ACK message is received, the router sends authentication and accounting requests to the RADIUS servers. The interval time between retries is 10 seconds. The maximum time the router waits for a response from a RADIUS server before assuming that a packet is lost, or that the RADIUS server is unreachable is 5 minutes.
If more than one RADIUS accounting server is configured, and the router receives an ACK message from any one of the servers, the router considers this message as an acknowledgement of the receipt of the Accounting-On message. If “two-stage accounting” is configured, an ACK message from the global accounting server (configured in context local) is the one that is counted as the acknowledgement of the receipt of the Accounting-On message.
Use the no or default form of this command to return the SmartEdge router to its default setting of not waiting to receive an acknowledgement of receipt of the Accounting-On message from the RADIUS servers before the router sends authentication and accounting requests to the servers.
The following example shows how to configure the radius await-acct-on-ack command:
[local]Redback(config)#radius await-acct-on-ack [local]Redback(config)#
radius coa server {ip-addr | hostname} {key key | encrypted-key key} [port udp-port]
no radius coa server {ip-addr | hostname}
Configures the IP address or hostname of a Remote Authentication Dial-In User Service (RADIUS) Change of Authorization (CoA) server.
context configuration
ip-addr |
IP address of the RADIUS CoA server. |
hostname |
Hostname of the RADIUS CoA server. The Domain Name System (DNS) must be enabled in order to use the hostname argument. |
key key |
Alphanumeric string indicating the secret key that must be shared with the RADIUS CoA server. If multiple subscriber sessions share the same key, all sessions are affected by a CoA change. |
encrypted-key key |
Alphanumeric string representing the encrypted secret key that must be shared with the RADIUS CoA server. If multiple subscriber sessions share the same key, all sessions are affected by a CoA change. |
port udp-port |
Optional. RADIUS CoA server User Datagram Protocol (UDP) port. The range of values is 1 to 65,536. If no port is specified, port 3799 is used is for CoA messages. The udp-port value indicates the CoA port. |
RADIUS CoA server hostnames and IP addresses are not preconfigured. Port 3799 is the User Datagram Protocol (UDP) CoA port.
Use the radius coa server command to configure the IP address or hostname of a RADIUS CoA server. You can use this command multiple times to configure up to five RADIUS CoA servers per context. RADIUS CoA servers configured in a non-local context can change session settings only for subscribers in the same context. CoA servers configured in the local context can change settings for all subscribers.
To use the hostname argument, DNS must be enabled; for more information, see Configuring Channels and Clear-Channel and Channelized Ports.
The RADIUS CoA server can use one or more of the identifiers listed in Table 2 to identify a subscriber session.
Identifier |
Notes |
---|---|
Username |
For global authentication, use the RBN CONTEXT-NAME VSA to search the appropriate context. If this attribute is not specified, only the local context is searched. |
Acct-Session-ID |
This identifier is unique across all contexts. |
IP-Address |
This identifier is unique only within a context. Using this identifier returns all sessions in all contexts with the specified IP address. For global authentication, use the RBN CONTEXT-NAME VSA to search the appropriate context. If this attribute is not specified, only the local context is searched. |
Agent-Circuit-ID |
This identifier is unique across all contexts. |
Agent-Remote-ID |
This identifier is unique across all contexts. |
For CoA disconnect messages, specify at least one keyword in Table 2. For all other CoA messages, specify at least one keyword in Table 2, as well as one or more attributes to change. If multiple keywords are specified, all specified keywords must match subscriber session attributes.
RADIUS Attributes lists the RADIUS attributes supported by the SmartEdge router. In addition, CoA messages can also contain the RADIUS lawful intercept (LI) attributes. If a CoA message contains any unsupported attributes, the request fails. RADIUS CoA and disconnect features are described in RFC 3576, Dynamic Authorization Extensions to Remote Authentication Dial-In User Service (RADIUS).
If the specified keyword matches multiple subscriber sessions, and the requested change is successful for only a subset of the sessions, all successful changes are preserved. The SmartEdge router sends a negative acknowledgement (NAK).
When an attempt to modify an LI attribute fails, the subscriber session is preserved. When an attempt to modify any other attribute fails, the subscriber session is terminated.
Use the no form of this command to delete a previously configured RADIUS CoA server.
The following example configures a RADIUS CoA server IP address of 10.3.3.3 with the key, secret, using port 4444 for CoA messages:
[local]Redback(config-ctx)#radius coa server 10.3.3.3 key secret port 4444
radius deadtime interval
{no | default} radius deadtime
Sets the interval during which the SmartEdge router treats a nonresponsive Remote Authentication Dial-In User Service (RADIUS) server as “dead.”
context configuration
interval |
Deadtime interval in minutes. The range of values is 0 to 65,535; the default value is 5. The 0 value disables this feature. |
The waiting interval is five minutes.
Use the radius deadtime command to set the interval during which the SmartEdge router treats a nonresponsive RADIUS server as “dead.” During the interval, the SmartEdge router tries to reach another RADIUS server; after the interval expires, the SmartEdge router tries again to reach the server. If there is no response, the RADIUS server remains marked as “dead” and the timer is set again to the configured interval.
If you disable this feature (with the 0 value), the SmartEdge router never waits but attempts to reach the server immediately.
Use the default form of this command to specify the default interval.
The following example sets the deadtime interval to 10 minutes:
[local]Redback(config-ctx)#radius deadtime 10
radius max-outstanding requests
{no | default} radius max-outstanding
Modifies the number of simultaneous outstanding requests that can be sent by the SmartEdge router to Remote Authentication Dial-In User Service (RADIUS) servers.
context configuration
requests |
Number of simultaneous outstanding requests per RADIUS server in the current context. The range of values is 1 to 256. |
The maximum number of allowable outstanding requests is 256.
Use the radius max-outstanding command to modify the number of simultaneous outstanding requests the SmartEdge router can send to RADIUS servers.
Use the no or default form of this command to reset the maximum number of outstanding requests to 256.
The following example limits the number of simultaneous outstanding requests to 128:
[local]Redback(config-ctx)#radius max-outstanding 128
radius max-retries retries
default radius max-retries
Modifies the number of retransmission attempts the SmartEdge router makes to a Remote Authentication Dial-In User Service (RADIUS) server in the event that no response is received from the server within the timeout period.
context configuration
retries |
Number of retransmission attempts the SmartEdge router will make. The range of values is 1 to 2,147,483,647; the default value is 3. |
The SmartEdge router makes three retransmission attempts.
Use the radius max-retries command to modify the number of retransmission attempts the SmartEdge router makes to a RADIUS server in the event that no response is received from the server within the timeout period.
You set the timeout period with the radius timeout command (in context configuration mode).
If an acknowledgment is not received, each successive server is tried (wrapping from the last server to the first, if necessary) until the maximum number of retransmissions is reached.
Use the default form of this command to specify the default number of retries.
The following example sets the retransmit value to 5:
[local]Redback(config-ctx)#radius max-retries 5
The following example resets the retransmit value to the default (3):
[local]Redback(config-ctx)#default radius max-retries
In global configuration mode, the syntax is:
radius policy name pol-name
no radius policy name pol-name
In context configuration mode, the syntax is:
radius policy pol-name
no radius policy pol-name
In global configuration mode, creates or modifies a Remote Authentication Dial-In User Service (RADIUS) policy and accesses RADIUS policy configuration mode; in context configuration mode, assigns a RADIUS policy to the context.
pol-name |
Name of the RADIUS policy being assigned. |
name pol-name |
Name of the RADIUS policy being created or modified. |
No RADIUS policy is created or assigned to a context.
Use the radius policy command in global configuration mode to create or modify a RADIUS policy and access RADIUS policy configuration mode; use it in context configuration mode to assign a RADIUS policy to the context.
The RADIUS policy specifies which RADIUS attributes and vendor-specific attributes (VSAs) are to be removed from RADIUS Access-Request and various Accounting-Request messages, such as Accounting-Start, Accounting-Stop, and Accounting-Update. Use the attribute command (in RADIUS policy configuration mode) to specify the attributes to be removed from the messages.
Use the no form of this command in global configuration mode to delete the policy; use it in context configuration mode to remove the policy from the context configuration.
The following example creates the custom RADIUS policy:
[local]Redback(config)#radius policy name custom [local]Redback(config-rad-policy)#
The following example assigns the custom RADIUS policy to the gold-isp context:
[local]Redback(config)#context gold-isp [local]Redback(config-ctx)#radius policy custom
radius server {ip-addr | hostname} {key key | encrypted-key key} [CoA-server] [{oldports | port udp-port}]
no radius server {ip-addr | hostname}
Configures the IP address or hostname of a Remote Authentication Dial-In User Service (RADIUS) server.
context configuration
ip-addr |
IP address of the RADIUS server. |
hostname |
Hostname of the RADIUS server. The Domain Name System (DNS) must be enabled in order to use the hostname argument. |
key key |
Alphanumeric string indicating the authentication key that must be shared with the RADIUS server. |
encrypted-key key |
Alphanumeric string representing the encrypted authentication key that must be shared with the RADIUS server. |
CoA-server |
Optional. Uses the RADIUS server as a Change of Authorization (CoA) server. |
oldports |
Optional. Uses the RADIUS User Datagram Protocol (UDP) ports 1645 for authentication. |
port udp-port |
Optional. RADIUS authentication UDP port. The range of values is 1 to 65,536. If no port is specified, port 1812 is used for authentication. The udp-port value indicates the authentication port. |
RADIUS server hostnames and IP addresses are not preconfigured. 1812 is the UDP authentication port.
Use the radius server command to configure the IP address or hostname of a RADIUS server. You can use this command multiple times to configure up to five RADIUS servers per context.
To use the hostname argument, DNS must be enabled; for more information, see Configuring Channels and Clear-Channel and Channelized Ports.
If you specify the optional CoA-server keyword, the same port that is used for authentication is also used for CoA messages.
The RADIUS CoA server can use one or more of the keywords listed in Table 2 to identify a subscriber session. For information on CoA interactions, see the radius coa server command.
Use the no form of this command to delete a previously configured RADIUS server.
The following example configures a RADIUS server with an IP address of 10.3.3.3 with the key, secret, using ports 4444 for authentication:
[local]Redback(config-ctx)#radius server 10.3.3.3 key secret port 4444
radius server-timeout interval
default radius server-timeout
Sets the time interval the SmartEdge router waits before marking a non-responsive Remote Authentication Dial-In User Service (RADIUS) server as “dead.”
context configuration
interval |
Number of seconds after which the SmartEdge router checks for successful responses after an individual RADIUS request times out, before treating the server as “dead.” The range of values, in seconds, is 0 to 2,147,483,647; the default value is 60. |
The maximum time interval is 60 seconds.
Use the radius server-timeout command to set the time interval the SmartEdge router waits before marking a non-responsive RADIUS accounting server as “dead.”
The SmartEdge router marks a RADIUS server as “dead” when no response is received to any RADIUS requests during the time period specified by the interval argument. Setting the value to 0 disables this feature; in this case, no RADIUS server is marked as “dead.”
Use the default form of this command to specify the default interval.
The following example sets the waiting interval to 80 seconds:
[local]Redback(config-ctx)#radius server-timeout 80
radius service profile prof-name
no radius service profile prof-name
Creates or selects a Remote Authentication Dial-In User Service (RADIUS)-guided service profile and accesses service profile configuration mode.
prof-name |
Name of a service profile. |
No RADIUS-guided service profiles exist.
Use the radius service profile command to create or select a RADIUS-guided service profile and access service profile configuration mode.
A RADIUS service profile specifies various service conditions and is used to activate services and establish service conditions for that subscriber session. It is these service conditions against which the service data in a CoA Request and Access Response message is matched. You can specify as many as 16 conditions in a service profile.
Use the no form of this command to delete the RADIUS-guided service profile from the configuration.
The following example creates the redirect service profile in the local context and accesses service profile configuration mode:
[local]Redback(config)#context local [local]Redback(config-ctx)#radius service profile redirect [local]Redback(config-svc-profile)#
radius source-port port-num num-ports
no radius source-port
In context configuration mode, enables the SmartEdge router to ignore the source port sent by the Remote Authentication Dial-In User Service (RADIUS) server in Access-Response messages. In global configuration mode, increases the number of outstanding requests for each RADIUS server by sending requests using a different source port value.
port-num |
Port number. The range of values is 1,024 to 65,535. |
num-ports |
Number of ports. The range of values is 1 to 10. |
This feature is disabled.
In context configuration mode, use the radius source-port command to enable the SmartEdge router to ignore the source port sent by the RADIUS server in Access-Response messages. In this configuration mode, this command refers to the source port that the RADIUS server uses when sending a RADIUS Access-Response message to the SmartEdge router.
In global configuration mode, use the radius source-port command to increase the number of outstanding requests for each RADIUS server by sending requests using a different source port value. In this configuration mode, this command refers to the source port that the SmartEdge router uses when sending a RADIUS Access-Request message to a RADIUS server.
Use the no form of this command to return to the default number of outstanding requests.
The following example configures a port number of 2000 and sets the number of ports to 5:
[local]Redback(config)#radius source-port 2000 5
radius strip-domain
no radius strip-domain
Strips the domain portion of a structured username before relaying an authentication request to a Remote Authentication Dial-In User Service (RADIUS) server.
context configuration
This command has no keywords or arguments.
The entire username, including the domain name, is sent to the RADIUS server.
Use the radius strip-domain command to strip the domain portion of a structured username before relaying an authentication request to a RADIUS server. The username can be either a subscriber name or administrator name.
Use the no form of this command to disable stripping the domain portion of the structured username.
The following example prevents the domain portion of the structured username from being sent to the RADIUS server for authentication:
[local]Redback(config-ctx)#radius strip-domain
radius timeout timeout
default radius timeout
Sets the maximum time the SmartEdge router waits for a response from a Remote Authentication Dial-In User Service (RADIUS) server before assuming that a packet is lost, or that the RADIUS server is unreachable.
context configuration
timeout |
Timeout period in seconds. The range of values is 1 to 2,147,483,647; the default value is 10 seconds. |
The maximum time is 10 seconds.
Use the radius timeout command to set the maximum time the SmartEdge router waits for a response from a RADIUS server before assuming that a packet is lost, or that the RADIUS server is unreachable.
Use the default form of this command to specify the default interval.
The following example sets the timeout interval to 30 seconds:
[local]Redback(config-ctx)#radius timeout 30
range {ip-addr/prefix-length | ipv6-addr/prefix-length} [not-advertise]
no range {ip-addr/prefix-length | ipv6-addr/prefix-length} [not-advertise]
Summarizes interarea routes advertised by an area border router (ABR).
ip-addr/prefix-length |
Specifies the IP address, in the form A.B.C.D, and the prefix length, separated by the slash (/) character. The range of values for the prefix-length argument is 0 to 32. |
ipv6-addr/prefix-length |
Specifies the IP Version 6 (IPv6) address, in the form A:B:C:D:E:F:G:H, and the prefix length, separated by the slash (/) character. The range of values for the prefix-length argument is 0 to 128. |
not-advertise |
Optional. Prevents the specified route from being advertised in interarea route summarizations |
Route address ranges for interarea route summarization are not specified.
Use the range command to summarize interarea routes advertised by an ABR.
Use the optional not-advertise keyword to prevent the specified route from being advertised in route summarizations.
Use the no form of this command to disable route summarization for a particular summary range. All individual routes contained in the summary range will be advertised to other areas.
The following example advertises routes that fall into the range 10.1.0.0 255.255.0.0 in interarea route summaries (one each of the other areas):
[local]Redback(config-ospf-area)#range 10.1.0.0 255.255.0.0
range start-ip-addr end-ip-addr [threshold [falling min-threshold] [rising max-threshold] [trap] [log]]
no range start-ip-addr end-ip-addr
Assigns a range of IP addresses to this Dynamic Host Configuration Protocol (DHCP) subnet.
start-ip-addr |
Starting IP address of the range. |
end-ip-addr |
Ending IP address of the range. |
threshold |
Optional. Enables threshold monitoring and reporting at the range level. |
falling min-threshold |
Optional. Threshold for the minimum falling number of available leases at which point a trap or a log message is sent if configured. |
rising max-threshold |
Optional. Threshold for the maximum rising number of available leases. |
trap |
Optional. Sends a Simple Network Management Protocol (SNMP) trap on reaching the threshold value. |
log |
Optional. Sends a log message on reaching the threshold value. |
No range of IP addresses is assigned to any subnet.
Use the range command to assign a range of IP addresses to this DHCP subnet.
The values of the start-ip-addr and end-ip-addr arguments must be within the subnet of IP addresses that you have assigned to this subnet using the subnet command (in DHCP server configuration mode).
Use the optional threshold keyword to enable the monitoring and reporting of available leases at the range level and specify rising and falling values that can trigger an SNMP trap and log message.
You can enter either or both of the falling min-threshold and rising max-threshold constructs in any order. You can enter either or both of the trap and log keywords in any order for either construct.
Use the no form of this command to delete the range from the subnet configuration.
The following example assigns a range of IP addresses to the sub2 subnet; it also enables the monitoring and reporting of available leases for this subnet and triggers an SNMP trap when the number of available leases is decreasing and reaches 100:
[local]Redback(config)#context dhcp [local]Redback(config-ctx)#dhcp server policy [local]Redback(config-dhcp-server)#subnet 13.1.1.1/24 name sub2 [local]Redback(config-dhcp-subnet)#range 13.1.1.50 13.1.1.100 threshold falling 100 trap
rate [informational] kbps {burst bytes | time-burst msec} [{excess-burst bytes | time-excess-burst msec [counters] [hierarchical-counters]
no rate
Sets the rate, burst tolerance, and excess burst tolerance for traffic on the circuit, or port, or subscriber record to which the quality of service (QoS) policy is attached, or for a policy group, policy access control list (ACL), or class-definition class of traffic for that policy.
informational |
Optional. Specifies the rate to be used by the system only to calculate a percentage rate for a policy ACL class when you specify the class rate as a percentage. The effect is that the overall circuit is not rate limited. |
kbps |
Rate in kilobits per second. The range of values is 5 to 1,000,000. |
burst bytes |
Burst tolerance in bytes. The range of values is 1 to 1,250,000,000. |
time-burst msec |
Time (in milliseconds) to allow for the burst. Can be specified only for metering policy and policing policies. |
excess-burst bytes |
Optional. Excess burst tolerance in bytes. The range of values is 1 to 1,250,000,000. |
time-excess-burst msec |
Optional. Time (in milliseconds) to allow for the excess burst. Can be specified only for metering policy and policing policies. |
counters |
Optional. Enables statistics collection for packets that conform to or exceed the rate. |
hierarchical-counters |
Optional. Enables statistics collection for packets that are dropped on child circuits subject to this policy due to hierarchical inheritance. |
No rate is enforced by default.
Use the rate command to set the rate, burst tolerance, and excess burst for traffic on the port, or circuit, or subscriber record to which the QoS policy is attached, or for a policy ACL class of traffic for that policy. If entered in metering or policing policy configuration mode, this command accesses policy rate configuration mode; if entered in policy group class configuration mode, this command accesses policy class rate configuration mode.
Use the informational keyword to specify that the policy rate will not be used to enforce an overall circuit rate limit, but will be used only to calculate the class rate if you specify the rate for an ACL class as a percentage of the policy rate, using the rate percentage command (in policy group class configuration mode). This keyword is not available in policy group class configuration mode.
Use the excess-burst bytes construct to optionally configure the excess burst tolerance. The burst tolerance and excess burst tolerance are thresholds that can be used to determine the traffic rate at which packets can be dropped or marked. Use the time-burst msec and time-excess-burst msec constructs to specify the burst and excess burst as time intervals.
For more information about dropping or marking packets when the traffic rate exceeds the burst tolerance, but does not exceed the excess burst tolerance, see the exceed commands. For more information about dropping or marking packets when the traffic rate exceeds the excess burst tolerance, see the violate commands.
Use the counters keyword to log statistics related to packets that conform to or exceed the rate. For a circuit with a noninherited metering or policing policy (neither the inherit nor hierarchical keyword is specified), the counters keyword enables statistics collection based on enforcement of this rate at the individual circuit level. For a parent circuit that propagates a metering or policing policy to its children through the inherit or hierarchical keyword, the counters option enables statistics collection based on collective metering or policing policy enforcement at the parent circuit level. In other words, the statistics collected for the parent circuit (where the policy is configured) reflect the totals for enforcement of this rate on this circuit and all of its children that are subject to this policy through inheritance.
Use the hierarchical-counters keyword to log statistics related to packets dropped on circuits subject to this rate due to the policy configured on a parent circuit with the hierarchical keyword specified. The hierarchical-counters keyword enables counters on each child circuit subject to this rate through hierarchical inheritance. These counters record the number of drops on the child circuit due to enforcement of the parent circuit policy rate.
Use the no form of this command to specify the default traffic rate and burst tolerance.
For priority weighted fair queuing (PWFQ) queues with a PWFQ policy, the sum of all priority group rates for a node can oversubscribe the configured global policy rate.
The following example marks all traffic conforming to the configured policy rate with expedited forwarding (ef) and marks traffic that exceeds the policy rate with default forwarding (df):
[local]Redback(config)#qos policy GE-in policing [local]Redback(config-policy-policing)#rate 6000000 burst 10000 counters [local]Redback(config-policy-rate)#conform mark dscp ef [local]Redback(config-policy-rate)#exceed mark dscp df
By including the counters keyword in the rate command, you can use the show circuit counters command (in any mode) with the detail keyword to display the number of packets that conform to the rate and the number of packets that exceed the rate.
For enhanced deficit round-robin (EDRR) and modified deficit round-robin (MDRR) policies, the command syntax is:
rate kbps burst bytes
no rate
For priority weighted fair queuing (PWFQ) policies, the command syntax is:
rate {maximum | minimum} kbps
no rate {maximum | minimum}
Sets the rate and burst tolerance for traffic on the circuit, or port, or subscriber record to which the quality of service (QoS) policy is attached.
kbps |
Rate in kilobits per second. The range of values is 64 to 1,000,000. |
burst bytes |
Burst tolerance in bytes. This construct is available for EDRR and MDRR policies only. The range of values is 1 to 1,250,000,000. |
maximum |
Specifies the maximum rate to set. |
minimum |
Specifies the minimum rate to set. |
Rate is calculated based on the default values for the kbps and bytes arguments.
Use the rate command to set the rate and burst tolerance for traffic on the circuit, or port, or subscriber record to which the QoS policy is attached.
For PWFQ policies:
Use the no form of this command to return to the default traffic rate or burst tolerance.
The following example marks all traffic conforming to the configured policy rate with expedited forwarding (ef) and marks traffic that exceeds the policy rate with default forwarding (df):
[local]Redback(config)#qos policy GE-in pwfq [local]Redback(config-policy-pwfq)#rate 6000000 [local]Redback(config-policy-rate)#conform mark dscp ef [local]Redback(config-policy-rate)#exceed mark dscp df
rate-adjust dhcp pwfq kbps priority-group group-num
no rate-adjust dhcp pwfq kbps priority-group group-num
Adjusts the enforcement of a priority weighted fair queuing (PWFQ) policy on a circuit based on whether the subscriber is granted a Dynamic Host Configuration Protocol (DHCP) lease.
subscriber configuration
kbps |
Rate in kilobits per second. The range of values is 1 to 1000000. |
group-num |
Priority group number. The range of values is 0 to 7. |
No DHCP-based rate adjustments are applied to the subscriber.
Use the rate-adjust dhcp pwfq command to adjust how a PWFQ policy is enforced on a circuit based on whether the subscriber is granted a DHCP lease. When a lease request is granted to a device on a circuit that has this attribute applied, the enforced bandwidth for the specified priority group rate is decremented by the specified amount in (kilobits per second) kbps. If there is no priority group rate configured for the policy, the rate is less than the minimal enforceable value (64 kbps), or the rate adjustment is not applied to the subscriber.
Once applied, the rate adjustment persists until the DHCP lease is released or expires. At this time, the rate enforced is restored to its full configured value.
This command might be useful for an IPTV in which Remote Multicast Replication (RMR) is being used. When a set-top box (STB) configured as a static subscriber on an 802.1q VLAN comes online and requests an IP address, the PWFQ policy enforced on the VLAN can be adjusted to account for the multicast bandwidth required for IPTV traffic.
Use the no form to remove currently configured DHCP rate adjustment commands and return the subscriber record to the default state (no rate adjustments will be made in response to DHCP lease events).
The following example shows how to adjust a PWFQ policy for subscriber stb1:
[local]Redback(config)#context local [local]Redback(config-ctx)#subscriber name stb1 [local]Redback(config-sub)#password pass [local]Redback(config-sub)#dhcp max-addr 1 [local]Redback(config-sub)#rate-adjust dhcp pwfq 3000 priority-group 3
rate-calculation exclude layer-2-overhead
no rate-calculation exclude layer-2-overhead
Specifies that rate calculation is to exclude the size of Layer 2 overhead for the Layer 3 circuit on which a policy is applied.
exclude |
Sets rate-limit calculation exclusions. |
layer-2-overhead |
Specifies that Layer 2 overhead be excluded when calculating rate-limits. |
Rate calculations consider the size of the entire Layer 2 frame.
Use the rate-calculation command to specify that rate calculation excludes the size of Layer 2 overhead for Layer 3 circuits on which a rate-limiting policy is applied. In this case, the size of the rate-limited packet equals the size of the Layer 3 packet.
The rate-calculation command is global across the entire policy, implying that it applies to the overall circuit level and all classes under the policy.
Use the no form of this command to return to the default behavior.
rate circuit {in | out} kbps burst bytes [excess-burst bytes]
no rate circuit {in | out}
Specifies a different rate for a circuit that has a quality of service (QoS) metering, policing, or priority weighted fair queuing (PWFQ) policy attached to it.
in |
Overrides the policy rate specified in the policy attached to this circuit for incoming packets. |
out |
Overrides the policy rate specified in the policy attached to this circuit for outgoing packets. |
kbps |
Rate in kilobits per second. The range of values is 5 to 1,000,000. |
burst bytes |
Burst tolerance in bytes. The range of values is 1 to 1,250,000,000. |
excess-burst bytes |
Optional. Excess burst tolerance in bytes. The range of values is 1 to 1,250,000,000. |
The circuit rate is based on the policy rate as specified by the attached QoS policy.
Use the rate circuit command to specify a different rate for a circuit that has a QoS metering, policing, or PWFQ policy attached to it. The rate that you specify for the circuit overrides the rates specified by the attached metering, policing, and PWFQ policies.
This command allows you to attach the same policy to a number of circuits, but specify a different rate for each circuit.
This command is not supported for dynamic 802.1Q permanent virtual circuits (PVCs).
Use the no form of this command to specify the default condition.
The following example changes the rate for port 1 to 2,000 kbps:
[local]Redback(config)#port ethernet 4/1 [local]Redback(config-port)#qos policy metering example2 [local]Redback(config-port)#rate circuit out 2000
rate-factor percent
no rate-factor
Defines the percentage of bandwidth for a specific access-line type that is unavailable to traffic on the circuit, or port, or subscriber record to which the quality of service (QoS) policy is attached.
percent |
Percentage of overhead for this access-line type. The range of values is 1 to 100; the default value is 0. |
Overhead on the access line is 0%, which allows full bandwidth usage.
Use the rate-factor command to define the percentage of bandwidth for a specific access-line type that is unavailable to traffic on the circuit, or port, or subscriber record to which the QoS policy is attached.
Use the no form of this command to remove the percentage from the access-line configuration.
The following example configures an overhead profile for example1, and sets the default rate factor to 15, a reserve value to 8, and the encapsulation type to pppoa-llc. After you set the overhead profile with default values, you configure adsl1 and vdsl1 with custom encapsulation and reserve values with a rate factor of 20%:
[local]Redback(config)#qos profile example1 overhead [local]Redback(config-profile-overhead)#rate-factor 15 [local]Redback(config-profile-overhead)#encaps-access-line pppoa-llc [local]Redback(config-profile-overhead)#reserved 8 [local]Redback(config-profile-overhead)#type adsl1 [local]Redback(config-type-overhead)#rate-factor 20
rate-limit ccod rate-limit burst burst-limit
{no | default} rate-limit ccod
Enables rate limiting and specifies the rate and burst limits for Point-to-Point Protocol (PPP) over Ethernet over Asynchronous Transfer Mode (PPPoEoA) Active Discovery Initiation (PADI) packets and PPP over Asynchronous Transfer Mode (PPPoA) Configure-Request packets that arrive at the SmartEdge router over circuit creation on demand (CCOD) Asynchronous Transfer Mode (ATM) permanent virtual circuits (PVCs).
card configuration
rate-limit |
Maximum rate in packets per second (pps) at which the packets can be received. The range of values is 0 to 1,000; the default value is 60 on XCRP3 Controller cards and 120 on XCRP4 Controller cards. |
burst burst-limit |
Maximum number of packets that can be received during a short burst, in pps. The range of values is 0 to 1,000; the default value is 100 on XCRP3 Controller cards and 175 on XCRP4 Controller cards. |
Rate limiting for PPPoEoA PADI packets and PPPoA Configure-Request packets is enabled using the default burst and rate values.
Use the rate-limit ccod command to enable rate limiting and specify the rate and burst limits for PPPoEoA PADI packets and PPPoA Configure-Request packets that arrive at the SmartEdge router on on-demand ATM PVCs. By specifying the rate and burst limit values, you can establish finer control over the rate of these kinds of subscriber sessions. For example, applying card-level rate-limiting can improve the bringup rate for PPPoA and PPPoEoA subscribers when many subscribers attempt to connect simultaneously.
Use the show rate-limit card command (in any mode) to display the current configuration of rate limiting; see the Command List.
Use the default form of this command to enable rate limiting with the default rate and burst limits.
Use the no form of this command to disable rate limiting.
The following example shows how to configure the rate limit of PPPoEoA PADI packets and PPPoA Configure-Request packets to 500 and the burst limit to 999:
[local]Redback(config-card)#rate-limit ccod 500 burst 999
rate-limit circuit dhcp num interval interval-value drop-interval drop-interval-value {per-mac | per-mac-and-relay}
no rate-limit circuit dhcp num interval interval-value drop-interval drop-interval-value {per-mac | per-mac-and-relay}
Limits the number of Dynamic Host Configuration Protocol (DHCP) packets that the system accepts in an interval for each MAC address or each unique combination of MAC address and DHCP relay server address on a circuit.
num |
Number of DHCP packets allowed on each circuit during the specified interval. The range of values is 1 to 255. |
interval interval-value |
Specifies the interval, in seconds, during which the system counts the packets. The range of values is 1 to 127. |
drop-interval drop-interval-value |
Specifies the interval, in seconds, during which packets are dropped, if the allowed number of messages was exceeded in the previous interval. The range of values is 1 to 127. |
per-mac |
Limits the rate of the packets based on each MAC address on a circuit. |
per-mac-and-relay |
Limits the packets based on a unique combination of the MAC address and DHCP relay server address on a circuit. Use the per-mac-and-relay keyword when you have an RG that uses duplicate MAC addresses. |
The SmartEdge router does not limit the number of DHCP packets that it accepts on a circuit.
Use the rate-limit circuit dhcp command to limit the number of DHCP packets that the system accepts in an interval for each MAC address or each unique combination of MAC address and DHCP relay server address on a circuit.
The operating system does not distinguish between DHCP Discover, Request, Release, NAK, or Inform messages when it limits the number DHCP packets on a circuit.
The rate-limit circuit dhcp command is supported on access link groups.
Use the no form of this command to specify the default condition.
The following example shows how to accept 155 DHCP messages for the unique combination of the MAC address and DHCP relay server address in every 3-second interval. If more than 155 DHCP packets are received during the interval, all DHCP packets are dropped for 4 seconds starting at the time when the limit was exceeded. For example, if the 156th packet is received at 2 seconds into the 3-second interval, then the count for the drop interval starts at 2 seconds and stops at 6 seconds. Following that, 155 DHCP packets are allowed for the unique combination of the MAC address and DHCP relay server address for the next 3-second interval:
[local]Redback(config)#rate-limit circuit dhcp 155 interval 3 drop-interval 4 per-mac-and-relay
rate-limit dhcp rate-limit burst burst-limit
{no | default} rate-limit dhcp
Enables rate limiting and specifies the rate and burst limits for Dynamic Host Configuration Protocol (DHCP) packets that arrive at the SmartEdge router.
card configuration
rate-limit |
Maximum rate in packets per second (pps) at which the packets can be received. The range of values is 0 to 4294967295 pps; the default value is 4294967295 pps. |
burst burst-limit |
Maximum number of packets that can be received during a short burst. The range of values is 0 to 4294967295 pps; the default value is 4294967295 pps. |
Rate limiting for packets is enabled using the default rate and burst values.
Use the rate-limit command to enable rate limiting and specify the rate and burst limits for DHCP packets that arrive at the SmartEdge router. By specifying the rate and burst limit values, you can establish finer control over the rate of these kinds of subscriber sessions.
Use the show rate-limit card command (in any mode) to display the current configuration of rate limiting. This command is described in the Command List.
Table 3 shows the traffic cards supported for the rate-limit dhcp command.
Type |
Traffic Cards Supported |
---|---|
ATM |
|
Ethernet |
|
(1) The ATM DS-3 traffic card is
not supported on the SmartEdge 800s chassis.
Use the no form of this command to disable rate limiting.
Use the default form of this command to set the rate and burst limits to default values.
The following example configures the rate limit for DHCP packets to 500 and the burst limit to 999:
[local]Redback(config-card)#rate-limit dhcp 500 burst 999
rate-limit padi rate-limit burst burst-limit
{no | default} rate-limit padi
Enables rate limiting and specifies the rate and burst limits for Point-to-Point Protocol over Ethernet (PPPoE) Active Discovery Initiation (PADI) packets that arrive at the SmartEdge router.
card configuration
rate-limit |
Maximum rate in packets per second (pps) at which the packets can be received. The range of values is 0 to 1000; the default value is 75. |
burst burst-limit |
Maximum number of packets that can be received during a short burst, in pps. The range of values is 0 to 1000; the default value is 100. |
Rate limiting for PADI packets is enabled using the default burst and rate values.
Use the rate-limit padi command to enable rate limiting and specify the rate and burst limits for PADI packets that arrive at the SmartEdge router. By specifying the rate and burst limit values, you can establish finer control over the rate of these kinds of subscriber sessions.
If both PADI and PPP LCP Configure-Request rate limiting are enabled on the same card, the first protocol to be processed is rate limited. For example, if a PADI packet arrives on a PPPoEoA circuit, the PADI packet is rate limited first; if the PADI packet is allowed to pass through, no further rate limiting is applied. If the circuit has PPPoA encapsulation, only the first LCP Configure-Request packet is rate limited.
Use the show rate-limit card command (in any mode) to display the current configuration of rate limiting. The show rate-limit card command is described in the Command List.
Use the no form of this command to disable rate limiting.
Use the default form of this command to enable rate limiting with the default rate and burst limits.
The following example shows how to configure the rate limit of PADI packets to 500 and the burst limit to 999:
[local]Redback(config-card)#rate-limit padi 500 burst 999
rate-limit ppp-lcp-confreq rate-limit burst burst-limit
{no | default} rate-limit ppp-lcp-confreq
Enables rate limiting and specifies the rate and burst limits for Point-to-Point (PPP) Link Control Protocol (LCP) Configure-Request packets that arrive at the SmartEdge router on static Asynchronous Transfer Mode (ATM) permanent virtual circuits (PVCs).
card configuration
rate-limit |
Maximum rate in packets per second (pps) at which the PPP LCP Configure-Request packets can be received. The range of values is 0 to 1000; the default value is 150 on XCRP3 Controller cards cards and 350 on XCRP4 Controller cards. |
burst burst-limit |
Maximum number of PPP LCP Configure-Request packets that can be received during a short burst, in pps. The range of values is 0 to 1000; the default value is 200 on XCRP3 Controller cards cards and 500 on XCRP4 Controller cards. |
Rate limiting for PPP LCP Configure-Request packets is enabled using the default burst and rate values.
Use the rate-limit ppp-lcp-confreq command to enable rate limiting and specify the rate and burst limits for PPP LCP Configure-Request packets that arrive at the SmartEdge router on static ATM PVCs. By specifying the rate and burst limit values, you can establish finer control over the rate of these kinds of subscriber sessions. For example, applying card-level rate-limiting can improve the bringup rate for PPP over ATM (PPPoA) and PPP over Ethernet over ATM (PPPoEoA) subscribers when many subscribers attempt to connect simultaneously.
If both PADI and PPP LCP Configure-Request rate limiting are enabled on the same card, the first protocol to be processed is rate limited. For example, if a PADI packet arrives on a PPPoEoA circuit, the PADI packet is rate limited first; if the PADI packet is allowed to pass through, no further rate limiting is applied. If the circuit has PPPoA encapsulation, only the first LCP Configure-Request packet is rate limited.
Use the show rate-limit card command (in any mode) to display the current configuration of rate limiting. The show rate-limit card command is described in the Command List.
Use the no form of this command to disable rate limiting.
Use the default form of this command to enable rate limiting with the default rate and burst limits.
The following example shows how to configure the rate limit of PPP LCP Configure-Request packets to 500 and the burst limit to 999:
[local]Redback(config-card)#rate-limit ppp-lcp-confreq 500 burst 999
rate percentage percent-rate [counters]
no rate percentage
Assigns a percentage of the overall policy rate to this class of traffic on the circuit, or port, or subscriber record to which the quality of service (QoS) policy is attached and accesses policy class rate configuration mode.
percent-rate |
Relative class rate, as a percentage of the policy rate, for this class. |
counters |
Optional. Logs statistics related to packets that conform to or exceed the rate. |
No rate percentage is specified for this class.
Use the rate percentage command to assign a percentage (a relative class rate) of the overall policy rate to this class of traffic on the circuit, or port, or subscriber record to which the QoS policy is attached, and access policy class rate configuration mode. The percentage applies to the policy rate, burst, and excess burst values.
Use the no form of this command to remove the rate percentage from this class configuration.
For priority weighted fair queuing (PWFQ) queues with a PWFQ policy, the sum of all priority group rates for a node can oversubscribe the configured global policy rate.
The following example assigns 25% of the policy rate to the realtime class:
[local]Redback(config)#qos policy rate-incoming policing [local]Redback(config-policy-policing)#rate informational 6000000 burst 10000 counters [local]Redback(config-policy-policing)#access-group Class local [local]Redback(config-policy-policy-acl)#class realtime [local]Redback(config-policy-policy-acl-class)#rate percentage 25
By including the counters keyword in the rate percentage command, you can use the show circuit counters command (in any mode) with the detail keyword to display the number of packets that conform to the rate percentage and the number of packets that exceed that rate percentage.
rbak-term-ec term-error-code ietf-attr-49 error-code
no rbak-term-ec term-error-code
Remaps a Redback account (session) termination error code to a different Remote Authentication Dial-In User Service (RADIUS) attribute 49 (Acct-Terminate-Cause) error code.
terminate error cause configuration
term-error-code |
Redback account termination error code to be remapped. |
ietf-attr-49 error-code |
Attribute 49 error code to which the Redback termination error code is remapped. |
No Redback account termination error codes are remapped.
Use the rbak-term-ec command to remap a Redback account (session) termination error code to a different RADIUS attribute 49 (Acct-Terminate-Cause) error code. RADIUS Attributes lists the default mapping of Redback account termination error codes to RADIUS attribute 49 (Acct-Terminate-Cause) error codes. RADIUS attribute 49 error codes and their definitions are included in RFC 2866, RADIUS Accounting.
Use the no form of this command to specify the default RADIUS attribute 49 error code for the specified Redback account termination error code.
The following example remaps Redback account termination code 24 (Authentication failed) from its default RADIUS attribute 49 error code 17 (User error), to the RADIUS attribute 49 error code 2 (network access server [NAS] error).
[local]Redback(config)#radius attribute acct-terminate-cause remap [local]Redback(config-term-ec)#rbak-term-ec 24 ieft-attr-49 2
reachable-time duration
{no | default} reachable-time
Specifies the value for the Reachable Time field in Router Advertisement (RA) messages.
duration |
Value for the Reachable Time field (in milliseconds). The range of values is 0 to 3,600,000; the default value is 0 (unspecified). |
The duration is unspecified in any RA messages.
Use the reachable-time command to specify the value for the Reachable Time field in RA messages. This value is the time this Neighbor Discovery (ND) router or ND router interface assumes that a neighbor is reachable. In ND router configuration mode, this command specifies the global value for all interfaces; in ND router interface mode, it specifies the value for this ND router interface. If specified, the parameters for an interface override the global parameters.
Use the no or default form of this command to specify the default duration.
The following example specifies a reachable time of 1800 milliseconds for all interfaces for the ND router:
[local]Redback(config)#context local [local]Redback(config-ctx)#router nd [local]Redback(config-nd-if)#reachable-time 1800
The following example specifies a reachable time of 3600 milliseconds for the int1 ND router interface:
[local]Redback(config)#context local [local]Redback(config-ctx)#router nd [local]Redback(config-nd)#interface int1 [local]Redback(config-nd-if)#reachable-time 3600
reauthorize {bulk index-num | session sess-id | username subscriber}
Modifies subscriber attributes in real time during an active session, using Remote Authentication Dial-In User Service (RADIUS) authentication.
exec (10)
bulk index-num |
Index number of the reauthorization record in the user database on the RADIUS server. The SmartEdge router attaches the name of the context in which reauthorization occurs to the index-num value. The range of values is 1 to 65,535. |
session sess-id |
RADIUS accounting ID attribute (Acct-Session-Id) value that identifies an active subscriber session. |
username subscriber |
Structured subscriber name in the form sub-name@ctx-name. You can specify a string of up to 253 characters, including the separator character. The separator character and format that you specify are the defaults, as shown, or are defined by the aaa username-format command (in global configuration mode). |
None
Use the reauthorize command to modify subscriber attributes in real time during an active session. Reauthorization does not require Point-to-Point Protocol (PPP) renegotiation and does not interrupt or drop the session.
Table 4 lists the standard RADIUS attributes that are reauthorized when you enter this command.
# |
Attribute Name |
Description |
---|---|---|
11 |
Filter-Id |
Filters inbound or outbound traffic through an access control list (ACL). |
25 |
Class |
Forwards the information sent by the RADIUS server to the SmartEdge router, without interpretation, in subsequent accounting messages to the RADIUS accounting server for that subscriber session. |
27 |
Session-Timeout |
Sets the in-service time allowed before termination of the session. |
28 |
Idle-Timeout |
Sets the idle time allowed before termination of the session. |
Table 5 lists the vendor-specific attributes (VSAs) provided by Ericsson AB that are reauthorized when you enter this command.
# |
VSA Name |
Description |
---|---|---|
33 |
Mcast-Send |
Defines whether the subscriber can send multicast packets. |
34 |
Mcast-Receive |
Defines whether the subscriber can receive multicast packets. |
35 |
Mcast-MaxGroups |
Specifies the maximum number of multicast groups of which the subscriber can be a member. |
87 |
QoS-Policy-Policing |
Attaches a QoS policing policy to the subscriber session. |
88 |
QoS-Policy-Metering |
Attaches a QoS metering policy to the subscriber session. |
89 |
QoS-Policy-Queuing |
Attaches a QoS queuing (scheduling) policy to the subscriber session. |
90 |
Igmp-Service-Profile-Id |
Applies an IGMP service profile to the subscriber session. |
92 |
Forward-Policy |
Attaches an in or out forward policy to the subscriber session. |
101 |
Shaping-Profile-Name |
Indicates the name of the ATM shaping profile. |
102 |
Bridge-Profile-Name |
Indicates the name of the bridge profile. |
107 |
HTTP-Redirect-Profile-Name |
Indicates the name of the HTTP redirect profile. |
113 |
Session-Traffic-Limit |
Specifies that inbound or outbound traffic be limited. |
For details about these attributes, see RADIUS Attributes.
The following example displays a subscriber record on a RADIUS server. The subscriber has requested a new service that is translated to a particular session timeout value:
#reauth of absolute timeout reauth-501@ABC User-Password==”redback” Service-Type=Outbound-User, Reauth_String=”2;pppoe1@local;27;1000;”
Before entering the reauthorize command, the subscriber record appears as follows:
[local]Redback>show subscribers active
pppoe1@local Circuit 13/1 vpi-vci 0 33 Internal Circuit 13/1:1023:63/1/2/22 Current port-limit unlimited ip address 10.1.1.4
The following example reauthorizes the subscriber session, pppoe1@local, after the new value for the RADIUS attribute 27 has been sent to the RADIUS server:
[local]Redback#reauthorize username pppoe1@local [local]Redback>show subscribers active
pppoe1@local Circuit 13/1 vpi-vci 0 33 Internal Circuit 13/1:1023:63/1/2/22 Current port-limit unlimited ip address 10.1.1.4 timeout absolute 1000
receive {permit | deny}
no receive {permit | deny}
Configures the setting in the IGMP snooping profile that controls the ability of the associated circuits to receive multicast data.
permit |
Permits circuits to receive multicast data. |
deny |
Does not permit circuits to receive multicast data. |
The receipt of multicast data is permitted on all circuits.
Use the receive command to configure the setting in the IGMP snooping profile that controls the ability of the associated circuits to receive multicast data. The configuration applies to all circuits that are associate with the specified IGMP snooping profile.
Use the no form of this command to return the IGMP snooping profile to the default setting in which the receipt of multicast data is permitted on all circuits.
The following example shows how to disable the receipt of multicast data by all circuits attached to an IGMP snooping profile called sanjose1:
[local]Router#configure [local]Router(config)#igmp snooping profile sanjose1 [local]Redback(config-igmp-snooping-profile)#receive deny
The following example shows how to permit the receipt of multicast data by all circuits attached to an IGMP snooping profile called sanjose1:
[local]Router#configure [local]Router(config)#igmp snooping profile sanjose1 [local]Redback(config-igmp-snooping-profile)#receive permit
receiver ip-addr {primary | secondary} mechanism {ftp | sftp | scp} login login-name {password password | encrypted password | nopassword}
no receiver ip-addr {primary | secondary}
Specifies the remote file servers where bulkstats files for this policy are stored.
bulkstats configuration
ip-addr |
IP address of the bulkstats file server. |
primary |
Specifies that the file server is the primary receiver. |
secondary |
Specifies that the file server is the secondary receiver. |
mechanism ftp |
Specifies the file transfer method as File Transfer Protocol (FTP). |
mechanism sftp |
Specifies the file transfer method as Secure Shell FTP (SFTP). |
mechanism scp |
Specifies the file transfer method as Secure Copy Protocol (SCP). |
login login-name |
Login name to be used for file transfer. |
password password |
Password to be used with the logon name. |
encrypted password |
Encrypted password to be entered with the logon name. (The password is encrypted while saving the configuration.) |
nopassword |
Specifies that a password is not required with the logon name. |
No server is specified to receive bulkstats.
Use the receiver command to specify the remote file servers where bulk statistics (bulkstats) files for this policy are stored.
If a transfer to the primary file server that receives bulkstats fails, a transfer to the secondary receiver is immediately attempted. If the transfer to the secondary receiver fails, the SmartEdge router waits five minutes before making another attempt. Retries continue every five minutes until a transfer transfer succeeds.
Use the no form of this command to delete a previously configured bulkstats remote file server. If you use the no form of this command while bulkstats collection is running, no data is transmitted to the deleted file server until you define a new bulkstats file server.
The following example identifies the server at IP address, 198.168.145.99, as the primary bulkstats file server; the logon account is snmp and its password is snmp:
[local]Redback(config)#context local [local]Redback(config-ctx)#bulkstats policy bulk [local]Redback(config-bulkstats)#receiver 198.168.145.99 primary mechanism ftp login snmp password snmp
To see how this information displays, see the example for the show bulkstats command in Configuring Bulkstats.
record-route
no record-route
Configures a Resource Reservation Protocol (RSVP) label-switched path (LSP) to actively record the routes through which the LSP forwards packets.
RSVP LSP configuration
This command has no keywords or arguments.
Route information is recorded.
Use the record-route command to configure an RSVP LSP to actively record the routes through which the LSP forwards packets.
Use the show rsvp lsp command to display the detailed output containing information about the recorded route, which you can use for troubleshooting purposes, and to prevent routing loops.
Use the no form of this command to disable route recording for the RSVP LSP.
The following example configures the LSP, test07, to actively record the routes through which it forwards packets:
[local]Redback(config-ctx)#router rsvp [local]Redback(config-rsvp)#lsp test07 [local]Redback(config-rsvp-lsp)#record-route
redirect destination circuit dest-name
no redirect destination
Redirects packets to an output destination.
dest-name |
Output destination for redirected traffic. |
Packets are not redirected.
Use the redirect destination circuit command to redirect packets to an output destination.
The destination name is the one that you specified for the circuit using the forward output command (in ATM PVC, Frame Relay PVC, GRE tunnel, or port configuration mode).
Use the no form of this command to disable the redirecting of packets.
The following example redirects traffic to the output destination circuit OD15:
[local]Redback#config [local]Redback(config)#forward policy RedirectPolicy [local]Redback(config-policy-frwd)#redirect destination circuit OD15
redirect destination local
no redirect destination
In forward policy configuration mode, redirects packets not associated with a class to the HTTP server on the controller card.
In policy ACL configuration mode, redirects only packets associated with a class to the HTTP server on the controller card.
This command has no keywords or arguments.
Packets are not redirected.
In forward policy configuration mode, use the redirect destination local command to redirect packets not associated with a class to the HTTP server on the controller card. In policy ACL configuration mode, use the redirect destination local command to redirect only packets associated with a class to the HTTP server on the controller card.
Use the no form of this command to disable the redirecting of packets.
The following example configures the forward policy, Business-Redirect, which redirects packets associated with the class, Redirect, to the HTTP server on the controller card:
[local]Redback(config)#forward policy Business-Redirect [local]Redback(config-policy-frwd)#redirect destination local [local]Redback(config-policy-frwd)#access-group bus-redirect local [local]Redback(config-policy-group)#class Redirect [local]Redback(config-policy-group)#redirect destination local
redirect destination next-hop {ip-addr... | default}
no redirect destination
Redirects packets to the specified IP address or to the packets’ default destination IP address according to the routing table.
ip-addr... |
One to eight next-hop IP addresses in order of priority. Each entry in the list is an IP address in the form A.B.C.D. |
default |
Specifies that the packet’s destination IP address should be used to forward the packet according to the routing table. When the default keyword is active, the packet is routed and not redirected. |
Packets are not redirected.
Use the redirect destination next-hop command to redirect packets to the specified IP address or to the packets’ default destination IP address according to the routing table.
If an address is unreachable, then the next lower priority address is tried. From time to time, the system will try to return to the highest priority entry available. The default keyword can be used in the next-hop list instead of an IP address to indicate that the destination IP address from the packet should be used when all higher priority next hops are unreachable. The default keyword can be first in the list, which means redirecting packets only when the normal route is unreachable.
Use the no form of this command to disable the redirecting of packets.
The following example redirects traffic to the next-hop IP address, 10.1.1.1. If that address is unreachable, the SmartEdge router redirects traffic to the next-hop IP address, 10.1.2.1. If both addresses are unreachable, traffic is routed normally:
[local]Redback#config [local]Redback(config)#forward policy RedirectPolicy [local]Redback(config-policy-frwd)#redirect destination next-hop 10.1.1.1 10.1.2.1 default
The following example routes traffic normally. If the route is unavailable, traffic is redirected to the next-hop IP address, 10.1.1.1:
[local]Redback#config [local]Redback(config)#forward policy RedirectPolicy [local]Redback(config-policy-frwd)#redirect destination next-hop default 10.1.1.1
The following example redirects traffic to the next-hop IP address, 192.1.1.1. If that address is unreachable, the SmartEdge router attempts to redirect traffic to the next-hop IP address, 10.1.1.1. If both addresses are unreachable, traffic is dropped:
[local]Redback#config [local]Redback(config)#forward policy RedirectPolicy [local]Redback(config-policy-frwd)#redirect destination next-hop 192.1.1.1 10.1.1.1
redistribute {connected | isis instance [level-1 | level-2] | nat | ospf instance [internal | [external] [nssa-external] | rip instance | static [dvsr] | subscriber [address] | [route-map map-name]}
no redistribute {connected | isis instance [level-1 | level-2] | nat | ospf instance [internal | [external] [nssa-external] | rip instance | static [dvsr] | subscriber [ address | static] | [route-map map-name]}
Redistributes routes learned through other routing protocols into the Border Gateway Protocol (BGP) routing domain.
BGP address family configuration
| ||||||||||||||||||||||||||||||
|
Routes learned by other protocols are not distributed into the BGP routing domain.
Use the redistribute command to redistribute routes learned through other routing protocols into the BGP routing domain. Redistributed routes are advertised to all BGP neighbors for the address family.
You must enter multiple redistribute commands to redistribute routes from several different kinds of routing protocols into the BGP routing domain.
Use the no form of this command to disable the specified type of route redistribution.
The following example redistributes external OSPF routes from OSPF instance 100 into the BGP routing domain as unicast routes. The static route 192.200.201.0/24 is redistributed into the BGP routing domain as unicast routes with the community attribute of 100:100:
[local]Redback(config-ctx)#route-map static-to-bgp [local]Redback(config-route-map)#ip address prefix-list static-to-bgp-prefix [local]Redback(config-route-map)#set community 100:100 [local]Redback(config-route-map)#exit [local]Redback(config-ctx)#ip prefix-list static-to-bgp-prefix [local]Redback(config-prefix-list)#permit 192.200.201.0/24 . . . [local]Redback(config-ctx)#router bgp 100 [local]Redback(config-bgp)#address-family ipv4 unicast [local]Redback(config-bgp-af)#redistribute ospf 100 external [local]Redback(config-bgp-af)#redistribute static route-map static-to-bgp
redistribute {bgp asn | connected | isis instance-name | nat | {ospf | ospf3 } instance-id | rip instance-name | static [dvsr] | subscriber [ address | static]} [level-1 | level-2] [metric metric] [metric-type {internal | external}] [route-map map-name]
no redistribute {bgp asn | connected | isis instance-name | nat | { ospf | ospf3} instance-id | rip instance-name | static [dvsr] | subscriber [address | static]} [level-1 | level-2] [metric metric] [metric-type {internal | external}] [route-map map-name]
Redistributes IP routes learned through external routing protocols into the Intermediate System-to-Intermediate System (IS-IS) routing instance.
IS-IS address family configuration
bgp asn |
Border Gateway Protocol (BGP) autonomous system number (ASN). Redistributes routes from BGP into the IS-IS routing instance. The range of values for the asn argument is 1 to 65,535. |
connected |
Redistributes routes from directly attached networks into the IS-IS routing instance. |
isis instance-name |
IS-IS instance name. Redistributes routes from the specified IS-IS routing instance into the current IS-IS routing instance. |
nat |
Redistributes network address translation (NAT) routes into the IS-IS routing instance. |
ospf instance-id |
Open Shortest Path First (OSPF) instance ID. Redistributes routes from the specified OSPF routing instance into the IS-IS routing instance. The range of values is 1 to 65,535. The ospf keyword is relevant for IP version 4 (IPv4) routing. |
ospf3 instance-id |
OSPF Version 3 (OSPFv3) instance ID. Redistributes routes from the specified OSPFv3 routing instance into the IS-IS routing instance. The range of values is 1 to 65535. The ospf3 keyword is relevant for IP version 6 (IPv6) routing. |
rip instance-name |
Routing Information Protocol (RIP) instance name. Redistributes routes from the specified RIP routing instance into the IS-IS routing instance. |
static |
Redistributes static routes into the IS-IS routing instance. Optional with the subscriber keyword; redistributes only static subscriber routes into the IS-IS routing domain. |
dvsr |
Optional. Redistributes dynamically verified static routing (DVSR) subtype of static routes into the IS-IS routing instance. |
subscriber |
Redistributes routes configured within subscriber records into the IS-IS routing instance. |
address |
Optional. Redistributes only subscriber address routes into the IS-IS routing instance. |
level-1 |
Optional. Redistributes only level 1 routes into the IS-IS routing instance. |
level-2 |
Optional. Redistributes only level 2 routes into the IS-IS routing instance independently. |
metric metric |
Optional. Metric assigned to the redistributed routes. The range of values is 0 to 16,777,215; the default metric is 0. |
metric-type |
Optional. Assigns a metric type to the redistributed routes; the default metric type is internal. |
internal |
Assigns an internal metric type to redistributed routes. When the system receives an LSP with an internal metric type, the total cost is the cost the route from itself to the redistributing system plus the advertised cost to reach the destination. |
external |
Assigns an external metric type to redistributed routes. When the system receives a link-state protocol data unit (LSP) with an external metric type, it considers only the advertised cost to reach the destination |
route-map map-name |
Optional. Route map name. Applies a previously configured route map that filters the routes that are redistributed into the IS-IS routing instance. If this option is not specified, all routes from the specified protocol are redistributed into the IS-IS routing instance. |
Routes learned by other protocols are not distributed into the IS-IS routing instance.
Use the redistribute command to redistribute routes learned through external protocols into the IS-IS routing instance.
You must enter multiple redistribute commands to redistribute routes from several different kinds of routing protocols into the IS-IS routing instance.
Use the no form of this command to disable redistribution into the IS-IS routing instance.
The following example redistributes static IP routes into an IS-IS level-1 area with an advertised metric of 10. The internal metric type is used by default:
[local]Redback(config-ctx)#router isis ip-backbone [local]Redback(config-isis)#address-family ipv4 unicast [local]Redback(config-isis-af)#redistribute static level-1 metric 10
redistribute {bgp asn | connected | isisinstance [level-1 | level-2] | nat | ospf instance [external [type-1 | type-2]] [inter-area] [intra-area] [nssa [type-1 | type-2]] | rip instance | static [dvsr] | subscriber [address | static]} [metric metric] [metric-type type] [route-map map-name] [tag tag]
no redistribute {bgp asn | connected | isis instance [level-1 | level-2] | nat | ospf instance [external [type-1 | type-2]] [inter-area] [intra-area] [nssa [type-1 | type-2]] | rip instance | static [dvsr] | subscriber [address | static]} [metric metric] [metric-type type] [route-map map-name] [tag tag]
Redistribute routes learned from other protocols into the Open Shortest Path First (OSPF) or OSPF Version 3 (OSPFv3) routing instance.
bgp asn |
Border Gateway Protocol (BGP) autonomous system number (ASN). Redistributes routes from the specified BGP autonomous system (AS) into the OSPF or OSPFv3 routing instance. The range of values for the asn argument is 1 to 65,535. |
connected |
Redistributes routes from directly attached networks into the OSPF or OSPFv3 routing instance. |
isis instance |
Intermediate System-to-Intermediate System (IS-IS) instance name. Redistribute routes from the specified IS-IS routing instance into the OSPF or OSPFv3 routing instance. |
level-1 |
Optional. Redistributes IS-IS level 1 routes only. |
level-2 |
Optional. Redistributes IS-IS level 2 routes only. |
nat |
Redistributes network address translation (NAT) routes into the OSPF or OSPFv3 routing instance. |
ospf instance |
OSPF instance ID. Redistributes routes from another OSPF or OSPFv3 routing instance into the current OSPF or OSPFv3 routing instance. The range of values for the instance argument is 1 to 65,535. |
external |
Optional. Redistributes only external OSPF or OSPFv3 routes. |
type-1 |
Optional. Redistributes only Type 1 external OSPF or OSPFv3 routes. |
type-2 |
Optional. Redistributes only Type 2 external OSPF or OSPFv3 routes. |
inter-area |
Optional. Redistributes only interarea OSPF or OSPFv3 routes. |
intra-area |
Optional. Redistributes only intraarea OSPF or OSPFv3 routes. |
nssa |
Optional. Redistributes only OSPF or OSPFv3 NSSA routes. |
type-1 |
Optional. Redistributes only OSPF or OSPFv3 NSSA Type 1 routes. |
type-2 |
Optional. Redistributes only OSPF or OSPFv3 NSSA Type 2 routes. |
rip instance |
Routing Information Protocol (RIP) instance name. Redistributes routes from the specified RIP routing instance into the current OSPF or OSPFv3 routing instance. |
static |
Redistributes static IP routes into the OSPF or OSPFv3 routing instance. Optional with the subscriber keyword. Redistributes only static subscriber routes into the OSPF routing instance. |
dvsr |
Optional. Redistributes the dynamically verified static routing (DVSR) subtype of static routes into the OSPF or OSPFv3 routing instance. |
subscriber |
Redistributes routes configured within subscriber records into the OSPF or OSPFv3 routing instance. |
address |
Optional. Redistributes only subscriber address routes into the OSPF or OSPFv3 routing instance. |
metric metric |
Optional. Cost of the redistributed routes. The range of values is 0 to 16,777,215; the default value is 20. |
metric-type type |
Optional. Metric type assigned to the redistributed routes. The type argument specifies one of the following metric types:
|
route-map map-name |
Optional. Route map name. Modifies the attributes of redistributed routes using the specified route map. |
tag tag |
Optional. Route tag used to redistribute routes. An unsigned 32-bit integer, the range of values is 1 to 4,294,967,295; the default value is 0. |
Routes learned by other protocols are not distributed into the OSPF or OSPFv3 routing instance.
Use the redistribute command to redistribute routes learned from other protocols into the OSPF or OSPFv3 routing instance.
You must enter multiple redistribute commands to redistribute routes from several different kinds of routing protocols into the OSPF or OSPFv3 routing instance.
Use the no form of this command to disable redistribution of the specified routing protocol or method.
The following example redistributes RIP into the OSPF routing instance:
[local]Redback(config-ospf)#redistribute rip
redistribute {bgp asn | connected | isis instance [level-1 | level-2 | level-1-2 ] |nat | ospf instance | rip instance | static [dvsr] | subscriber [address | static]} [metric metric] [route-map map-name]
no redistribute {bgp asn | connected | isis instance | nat | ospf instance | rip instance | static [dvsr] | subscriber [address | static]} [metric metric] [route-map map-name]
Redistributes routes learned from other routing protocols into the Routing Information Protocol (RIP) or RIP next generation (RIPng) routing instance.
bgp asn |
Border Gateway Protocol (BGP) autonomous system number (ASN). Redistributes routes from the specified BGP autonomous system (AS) into the RIP routing instance. The range of values for the asn argument is 1 to 65,535. |
connected |
Redistributes directly attached networks into the RIP or RIPng routing instance. |
isis instance |
Intermediate System-to-Intermediate System (IS-IS) instance name. Redistributes routes from the specified IS-IS instance into the RIP or RIPng routing instance. |
level-1 |
Optional. Redistributes IS-IS level 1 routes only. |
level-2 |
Optional. Redistributes IS-IS level 2 routes only. |
level-1-2 |
Optional. Redistributes IS-IS level 1 and level 2 routes. |
nat |
Redistributes network address translation (NAT) routes into the RIP or RIPng routing instance. |
ospf instance |
Open Shortest Path First (OSPF) instance ID. Redistributes routes from the specified OSPF routing instance into the RIP or RIPng routing instance. The range of values is 1 to 65,535. |
rip instance |
RIP or RIPng instance name. Redistributes routes from another RIP or RIPng routing instance into the current RIP or RIPng routing instance. |
static |
Redistributes static IP routes into the RIP or RIPng routing instance. Optional with the subscriber keyword. Redistributes only static subscriber routes into the RIP routing instance. |
dvsr |
Optional. Redistributes the dynamically verified static routing (DVSR) subtype of static routes into the RIP or RIPng routing instance. |
subscriber |
Redistributes routes configured within subscriber records into the RIP or RIPng routing instance. |
address |
Optional. Redistributes only subscriber address routes into the RIP or RIPng routing instance. |
metric metric |
Optional. Metric used for the redistributed route. The range of values is 0 to 16. If no metric is specified, the metric configured with the default-metric command is used in RIP or RIPng router configuration mode. If the default-metric command has not been configured, the default metric for redistributed routes is 0. |
route-map map-name |
Optional. Route map name. Applies the conditions of the specified route map to routes that are redistributed into the RIP or RIPng routing instance. |
Redistribution is not enabled.
Use the redistribute command to redistribute routes learned from other routing protocols into the RIP or RIPng routing instance.
You must enter multiple redistribute commands to redistribute routes from several different kinds of routing protocols into the RIP or RIPng routing instance.
Use the no form of this command to disable the specified type of route redistribution.
The following example redistributes static routes into RIP routing instance, rip001:
[local]Redback(config-ctx)#router rip rip001 [local]Redback(config-rip)#redistribute static
The following example prevents routes from directly attached networks from being redistributed into RIP routing instance, rip001:
[local]Redback(config-ctx)#router rip rip001 [local]Redback(config-rip)#no redistribute connected
redundancy-mode {master-slave | independent}
no redundancy-mode {master-slave | independent}
Enables either the master-slave or independent L2VPN XC redundancy mode for all redundant XC pairs that have the current L2VPN profile attached.
master-slave |
Enables master-slave redundancy mode on the XCs that have the current L2VPN profile attached. |
independent |
Enables independent redundancy mode on the XCs that have the current L2VPN profile attached. |
Redback mode (redundancy is not Muley-signaled).
Use the redundancy-mode command to enable either the master-slave or independent L2VPN XC redundancy mode for all redundant XC pairs that have the current L2VPN profile attached.
In master-slave mode, the hub node serves as the master endpoint that selects which L2VPN XC to use for forwarding. The status of the active L2VPN XC is communicated to the slave node through the signalling mechanism. The slave node inherits its state from the master endpoint. For example, if the master endpoint of the L2VPN XC is active the slave node is active. If the master endpoint is on standby the slave endpoint is on standby. With master-slave L2VPN redundancy mode, only XC redundancy is achieved
In independent redundancy mode, the L2VPN XC endpoint nodes independently select which L2VPN XC is used for forwarding. Each node advertises its forwarding state over each L2VPN XC in a set. Each endpoint compares the local and remote status of its L2VPN XC, and activates the L2VPN XC that is active at both endpoints.
Use the no form of this command to remove L2VPN redundancy configuration from a specified L2VPN XC profile.
The following example shows how to enable master-slave redundancy mode for all redundant XC pairs that have the L2VPN profile called ms-prof attached
[local]Redback(config)#l2vpn profile ms-prof [local]Redback(config-l2vpn-xc-profile)#peer 100.100.100.1 [local]Redback(config-l2vpn-xc-profile-peer)#redundancy-mode master-slave
The following example shows how to enable independent redundancy mode for all redundant XC pairs that have the L2VPN profile called in-prof attached:
[local]grumpy(config)#l2vpn profile in-prof [local]grumpy(config-l2vpn-xc-profile)#peer 100.100.100.1 [local]grumpy(config-l2vpn-xc-profile-peer)#redundancy-mode independent
refresh-interval interval
Configures the frequency of generating refresh messages.
RSVP interface configuration
interval |
Frequency, in seconds, at which refresh messages are generated. The range of values is 1 to 65535. |
Refresh messages are generated every 30 seconds.
Use the refresh-interval command to configure the frequency of generating refresh messages.
When RSVP is enabled, refresh messages are sent periodically so that reservation states in neighboring nodes do not expire. The lifetime of a reservation state is determined by using two interrelated timing parameters: the keep-multiplier and the refresh-interval. Use the following formula to determine the lifetime of a reservation state:
Lifetime = (keep-multiplier + 0.5) * 1.5 * refresh-interval
The following example sets the refresh-interval timing parameter to 45 seconds:
[local]Redback(config-ctx)#router rsvp [local]Redback(config-rsvp)#interface rsvp05 [local]Redback(config-rsvp-if)#refresh-interval 45
registration max-lifetime seconds
no registration max-lifetime
Specifies the maximum lifetime registration for any mobile node (MN) that uses this foreign agent (FA) instance.
seconds |
Maximum lifetime registration. The range of values is 1 to 65535 seconds. The default value is 1800 seconds (30 minutes). |
The maximum lifetime registration is 1800 seconds (30 minutes).
Use the registration max-lifetime command to specify the maximum lifetime registration for any MN that uses this FA instance.
Use the no form of this command to specify the default condition.
The following example specifies a maximum registration lifetime of 60 minutes (3600 seconds) with the FA instance in this context:
[local]Redback(config)#context fa [local]Redback(config-ctx)#router mobile-ip [local]Redback(config-mip)#interface mn-access [local]Redback(config-mip-if)#registration max-lifetime 3600
registration max-lifetime seconds
no registration max-lifetime
Specifies the registration maximum lifetime for any mobile node (MN) that uses this home agent (HA) instance.
seconds |
Registration maximum lifetime. The range of values is 1 to 65535 seconds. |
The registration maximum lifetime default is 1800 seconds (30 minutes).
Use the registration max-lifetime command to specify the registration maximum lifetime for any MN that uses this HA instance.
Use the no form of this command to specify the default.
The following example specifies a registration maximum lifetime of 60 minutes (3600 seconds) for the HA instance in this context:
[local]Redback(config)#context ha [local]Redback(config-ctx)#router mobile-ip [local]Redback(config-mip)#home-agent [local]Redback(config-mip-ha)#registration max-lifetime 3600
release download url
Installs an alternate software release image or a modular patch on the system.
exec (10)
url |
URL of a pre-existing configuration file. See the Usage Guidelines section for the format of this argument. |
None
Use the release download command to install either an alternate software release image or a modular patch on the system.
The release download url downloads a new software release image to the alternate system partition.
The new software release image remains inactive until the release upgrade command (in exec mode) activates it and installs it in the active system partition. If the system already has an image in the alternate partition, you are prompted for confirmation to allow the system to overwrite it.
Keep the following guidelines ( Table 6) for the url argument in this command.
Syntax for url Argument |
Description |
---|---|
[/device][/directory]/filename.ext](1) |
Use when referring to a file on the local file system. The value for the device argument can be flash, or if a mass-storage device is installed, md. If you do not specify the device argument, the default value is the device in the current working directory. If you do not specify the directory argument, the default value is the current directory. Directories can be nested. The value for the filename argument can be up to 256 characters in length. |
protocol://username[:passwd]@{ip-addr | hostname}[//directory]/filename.ext |
Use when downloading from a remote server. The protocol argument is ftp or scp; that is, File Transfer Protocol (FTP) or Secured Copy Protocol (SCP), respectively. The username[:passwd] construct specifies the user and an optional password. The ip-addr argument is the IP address of the server, and the hostname argument is the hostname of the server. If a username is not specified, the SmartEdge router sends the username for the SmartEdge administrator account for the current logon session. The username[:passwd] construct specifies the user and an optional password. The ip-addr argument is the IP address of the server, and the hostname argument is the hostname of the server. If a username is not specified, the SmartEdge router sends the username for the SmartEdge administrator account for the current logon session. Use double slashes (//directory) if the pathname to the directory on the remote server is an absolute pathname; use a single slash (/directory) if it is a relative pathname (under the hierarchy of username account home directory). |
(1) The value for the filename argument can be up
to 256 characters in length. You can only use the hostname argument if Domain Name System (DNS) is enabled with the ip domain-lookup, ip domain-name, and ip name-servers commands
(in context configuration mode); see the Command List.
The following example installs a SmartEdge OC modular patch:
[local]Redback#release download modular ftp://guest@10.13.49.10//images/REL_6_1_1/SEOS-6.1.1.4p4-modular.tar.gz
release download modular url
Installs a modular patch on the system.
exec (10)
modular |
Optional. |
url |
URL of a pre-existing configuration file. See the Usage Guidelines section for the format of this argument. |
None
Caution! | ||
Risk of system crash. Before using this command, to reduce the
risk, contact technical support and verify the patch version, the
current SmartEdge router version,
and the hardware component versions.
|
Use the release download modular command to install a modular patch on the system. The command places a downloaded patch file on the active partition rather than the alternate boot system partition. Subscriber sessions remain active while the traffic card Packet Processing ASIC (PPA) software is upgraded with the new patch release. If the active partition has insufficient space, an informational log message is generated.
Keep the following guidelines ( Table 7) for the url argument in this command.
Syntax for url Argument |
Description |
---|---|
[/device][/directory]/filename.ext](1) |
Use when referring to a file on the local file system. The value for the device argument can be flash, or if a mass-storage device is installed, md. If you do not specify the device argument, the default value is the device in the current working directory. If you do not specify the directory argument, the default value is the current directory. Directories can be nested. The value for the filename argument can be up to 256 characters in length. |
protocol://username[:passwd]@{ip-addr | hostname}[//directory]/filename.ext |
Use when downloading from a remote server. The protocol argument is ftp or scp; that is, File Transfer Protocol (FTP) or Secured Copy Protocol (SCP), respectively. The username[:passwd] construct specifies the user and an optional password. The ip-addr argument is the IP address of the server, and the hostname argument is the hostname of the server. If a username is not specified, the SmartEdge router sends the username for the SmartEdge administrator account for the current logon session. The username[:passwd] construct specifies the user and an optional password. The ip-addr argument is the IP address of the server, and the hostname argument is the hostname of the server. If a username is not specified, the SmartEdge router sends the username for the SmartEdge administrator account for the current logon session. Use double slashes (//directory) if the pathname to the directory on the remote server is an absolute pathname; use a single slash (/directory) if it is a relative pathname (under the hierarchy of username account home directory). |
(1) The value for the filename argument can be up
to 256 characters in length. You can only use the hostname argument if Domain Name System (DNS) is enabled with the ip
domain-lookup, ip domain-name, and ip name-servers commands (in context configuration mode); see the Command List.
The following example installs a SmartEdge OC modular patch:
[local]Redback#release download modular ftp://guest@10.13.49.10//images/REL_6_1_1/SEOS-6.1.1.4p4-modular.tar.gz
release erase
Manually erases the alternate image on the system.
exec (10)
This command has no keywords or arguments.
None
Use the release erase command to manually erase the alternate image on the system. You cannot use this command if the system is configured to use the alternate image upon reload.
The following example erases the alternate system image:
[local]Redback#release erase The following "alternate" release will be erased: Version SE800-2.4.4.0.158-Release Built on Wed Mar 5 10:00:02 PST 2003 Copyright (C) 1998-2003, Redback Networks Inc. All rights reserved. Are you sure you wish to erase this release? (y/n) y Erasing the "alternate" release...
release sync
Forces a data synchronization of the system image on the standby controller card with the system image on the primary partition of the active controller card. The standby controller card reboots twice during the process.
This command has no keywords or arguments.
None
Use the release sync command to force a data synchronization of the system image on the standby controller card with the system image on the primary partition of the active controller card.
Caution! | ||
During synchronization, the system operates without controller
card redundancy. Any failure of the active controller card in this
condition causes the system to reboot and loose all active sessions
and dynamic routing information.
|
Caution! | ||
Do not remove the active or standby controller card or reboot the
system during this operation.
|
The release sync process is not affected by traffic card installation and removal; the active controller, and hence the system, continues to forward traffic and detect and notify the administrator of any faults that occur while the standby controller is being data synchronized (the FAIL LED is blinking).
Use the show redundancy command (in any mode) to determine whether the key processes on the active and standby controller cards are data synchronized. Both processes and files must be synchronized for full redundancy.
The following example forces a data synchronization of the system image on the primary partition of the standby controller card with those on the active controller card:
[local]Redback#release sync Apr 10 00:47:09: %DLM-6-INFO: Asked sync client to sync to running image Apr 10 00:47:10: %LOG-6-PRI_STANDBY: Apr 10 00:47:10: %DLM-6-INFO: Reloading xcrp for user requested release sync Apr 10 00:47:10: %LOG-6-PRI_STANDBY: Apr 10 00:47:10: %DLM-6-INFO: Reloading xcrp Apr 10 00:47:10: %LOG-6-PRI_STANDBY: Apr 10 00:47:10: %ALAPI-6-INFO: XCRP in slot 7, will now reload Apr 10 00:47:17 Redback /netbsd: VX Redundancy state: ### VX_M2M_LINKUP FALSE ### Apr 10 00:47:17 Redback /netbsd: Notifying all processes of M2MDOWN status
release upgrade [in-service] [{at at-time} | {in in-time}]
no release upgrade
Replaces the currently running SmartEdge router (on the primary memory partition) with the SmartEdge router stored on the alternate memory partition.
exec (10)
at at-time |
Optional. Specified time at which to perform the release upgrade. The value for the at at-time construct is in a yyyy:mm:dd:hh:mm[:ss] format, where yyyy = year, mm = month, dd = day, hh = hour, mm = minute, and [:ss] is optional seconds. |
in in-time |
Optional. Number of minutes to wait before performing the release upgrade. The value for the in in-time construct is in a dd:hh:mm format, where dd = day, hh = hour, and mm = minute. |
None.
Use the release upgrade command to replace the currently running SmartEdge router (on the primary memory partition) with the SmartEdge router stored on the alternate memory partition. Enter the command from the console port on the active controller card to view the progress of the upgrade operation
If you enter the release upgrade command, the system goes out of service to restart and any subscriber sessions disconnect. After the upgrade, several minutes pass before the standby controller card, if present, automatically synchronizes with the active controller card
Keep the following guidelines in mind when you use this command:
The following example configures the system to reload using the alternate installed image:
[local]Redback#release upgrade
The system will reboot and the following release will become active: Version SEOS-5.0.5-Release Built on Mon Jan 09 01:30:02 PST 2006 Copyright (C) 1998-2006, Redback Networks Inc. All rights reserved. Are you sure you wish to continue? (y/n) y Setting boot partition to "alternate"... The "reload" command will reboot all cards on this system Do you want to save the current configuration? (y/n) y . . . Configuration complete % Startup configuration processing took: 33 seconds
release upgrade modular
Upgrades the active system image with a modular patch release that has been downloaded to the active partition by the release download command.
exec (10)
This command has no keywords or arguments.
None
Caution! | ||
Risk of system crash. Before using this command, to reduce the
risk, contact technical support and verify the patch version, current
operating system version, and hardware component versions.
|
Use the release upgrade modular command to upgrade the active system image with a modular patch release that has been downloaded to the active partition by the release download command.
The system remains in service and does not restart; and subscriber sessions remain connected. The primary and alternate boot partitions of the system are not switched.
On the SmartEdge 100 router, subscriber sessions are expected to remain active while the SmartEdge 100 software upgrades to the software modular patch release.
The patch file version is displayed during the upgrade, and the system loads and prompts for confirmation before it proceeds. When installation completes, an informational log message is sent, indicating the success or failure of the operation.
Keep the following guidelines in mind when you use this command:
The following example illustrates a successful application of the release sync in-service command:
[local]Redback#release upgrade modular [local]Redback#
reload
Reloads the system software on the active controller card, and then on the standby controller card.
exec (15)
This command has no keywords or arguments.
None
Use the reload command to reload the system software on the active controller card, and then on the standby controller card. When you enter this command, the system performs minimal housekeeping, then reloads as if powered off and then powered on again. The system prompts you to confirm the reload. Type y to proceed with the reload, or n to cancel the reload.
During the reload sequence for a SmartEdge router, the traffic cards are held in low-power mode until the SmartEdge router determines which slot has the active controller card. After the active controller card (and the standby controller card, if it is installed) are initialized, the SmartEdge router then determines if a power capacity check is needed. If the chassis has a single controller card or the active and standby controller cards are identical, the traffic cards are initialized starting with the lowest-numbered slot.
However, if the controller cards do not match, the SmartEdge router performs a power capacity check. Starting with the lowest-numbered traffic card slot, each installed traffic card is initialized and the available power is recalculated. The SmartEdge router leaves the traffic card in low-power mode if not enough available power exists to initialize it.
The SmartEdge router always reserves enough power during system configuration so that if the system has only a single controller card installed, a standby controller card of the same type can be installed at a later time.
During the reload sequence for a SmartEdge 100 chassis, the media interface cards (MICs) are held in low-power mode until after the controller carrier card is initialized. Then they are initialized starting with the lowest-numbered MIC slot.
The following example reloads the system software on the active controller card, and then on the standby controller card:
[local]Redback#reload
reload card {all | slot}
Reloads the I/O carrier card in the SmartEdge 100 chassis, a traffic or services card in the specified slot, or all traffic cards in any SmartEdge chassis except the SmartEdge 100 chassis.
exec (15)
all |
Reloads all traffic cards in the chassis. |
slot |
Chassis slot number of the traffic or services card or I/O carrier card. The range of values is:
|
None
Use the reload card command to reload the I/O carrier card in the SmartEdge 100 chassis, traffic, service, or storage card in the specified slot, or all traffic cards in any SmartEdge chassis except the SmartEdge 100 chassis.
To reload the active controller card or the controller carrier card, use the reload command. If the system has a standby controller card, and a change in software release or configuration on the active controller card is detected after it has been reloaded, the system reloads the standby controller card so that it mirrors (is synchronized with) the active controller card.
The following example reloads the traffic card in slot 1:
[local]Redback#reload card 1
reload disk slot_num disk_num
exec
slot_num |
Chassis slot number of the SSE card. |
disk_num |
Disk number on the SSE card. Values: 1 or 2. |
None.
Gracefully shuts down the specified SSE disk and reloads the SSE disk. This command is equivalent to removing and reinserting the disk.
If you issue this command on the active SSE card during data synchronization
on any partition, the following warning message appears: Executing the command during data synchronization on any of the partitions will cause data
corruption.
[local]Redback#reload disk 2 2
reload fpga {slot | micmic-slot }
Reloads the code in the field-programmable gate array (FPGA) on a particular traffic card.
exec (15)
slot |
Chassis slot number of the traffic card to reload. The range of values is 1 to 14. |
mic mic-slot |
Reloads the code in the FPGA on the media interface card (MIC) in the specified slot. The range of values is 1 to 2. This option applies to the ATM OC MIC only. |
None
Use the reload fpga command to reload the code in the FPGA on a particular traffic card. This command also upgrades the code should it be required for a new software release.
To use this command, the card must have been configured in the specified slot on the SmartEdge router. On the SmartEdge 100 router, both the MIC and the carrier card must be configured.
Caution! | ||
Risk of data loss. Depending on the traffic card type, it takes
three to ten minutes for the reload fpga command to
successfully upgrade the FPGA. Interrupting the upgrade can leave
the traffic card inoperable. To reduce the risk, do not interrupt
the process in the middle of an FPGA upgrade.
|
The following example reloads the FPGA on the traffic card in slot 4:
[local]Redback#reload fpga 4
The following example reloads the FPGA on the ATM OC MIC in slot 2:
[local]Redback#reload fpga mic 2
reload mic {1 | 2}
Reloads the specified media interface card (MIC) and all associated components and reformats the compact-flash (CF) card installed in the external slot of the SmartEdge 100 chassis.
exec (15)
1 |
Reloads the MIC with ports 2/3 to 2/14. |
2 |
Reloads the MIC with ports 2/15 to 2/26. |
None
Use the reload mic command to reload the specified MIC and all associated components and reformat the CF card installed in the external slot of the SmartEdge 100 chassis. Traffic on the specified MIC is momentarily interrupted, while traffic on the unspecified MIC and native Gigabit Ethernet (GE) ports remains unaffected. This command does not affect the Packet Processing ASIC (PPA), forwarding path field-programmable gate array (FPGA), or unspecified MIC.
Use the reload command (in exec mode) to reload the entire SmartEdge 100 router. For information about the reload command, see the Command List.
The following example reloads the MIC with ports 2/15 to 2/26:
[local]Redback#reload mic 2
reload standby
Reloads the system software on the standby controller card only.
exec (15)
This command has no keywords or arguments.
None
Use the reload standby command to reload the system software on the standby controller card only.
The following example reloads the system software on the standby controller card:
[local]Redback#reload standby
reload switch-over
Reloads the system software on the active controller card and, if the standby controller card is ready, causes the standby to become the active controller card.
exec (15)
This command has no keywords or arguments.
None
Use the reload switch-over command to reload the system software on the active controller card, and if the standby controller card is ready, cause the standby to become the active controller card.
If the standby is not ready, this command performs the same function as the reload command. Both controller cards reload, and the current active controller card remains active.
The following example reloads the system software on the active controller card, and if the standby controller card is ready, causes the standby to become the active controller card:
[local]Redback#reload switch-over
remote-as {asn | nn:nn}
no remote-as {asn | nn:nn}
Configures the autonomous system number (ASN) of the external Border Gateway Protocol (eBGP) neighbor.
BGP neighbor configuration
asn |
ASN in integer format. The range of values is 1 to 65535. The subrange of 64512 to 65535 is reserved for private ASNs. |
nn:nn |
ASN in 4-byte integer format, where the first nn indicates the two higher-order bytes and the second nn denotes the two lower-order bytes. |
None
Use the remote-as command to configure the ASN of the eBGP neighbor.
Use the no form of this command to remove the ASN.
The following example assigns ASN 4001 to the eBGP neighbor at IP address 102.201.2.45:
[local]Redback(config-ctx)#router bgp 100 [local]Redback(config-bgp)#neighbor 102.201.2.45 external [local]Redback(config-bgp-neighbor)#remote-as 4001
remote-encap {1qtunnel | bridge1483 | dot1q | ethernet}
no remote-encap {1qtunnel | bridge1483 | dot1q | ethernet}
Specifies the encapsulation type used at the remote end of any XCs that have the specified L2VPN profile attached.
L2VPN profile peer configuration
1qtunnel |
Specifies 802.1Q tunnel encapsulation. |
bridge1483 |
Specifies ATM RFC 1483 bridged encapsulation. |
dot1q |
Specifies 802.1Q Ethernet encapsulation. |
ethernet |
Specifies Ethernet encapsulation. |
No encapsulation is configured for the remote end of an XC.
Use the remote-encap command to specify the encapsulation type used at the remote end of any XCs that have the specified L2VPN profile attached.
Use the no form of this command to remove the encapsulation configuration for the remote end of an XC from an L2VPN profile.
The following example shows how to specify that 802.1Q tunnel encapsulation is used at the remote end of any XCs that have the L2VPN profile called 802tun attached:
[local]Redback(config)#l2vpn profile 802tun [local]Redback(config-l2vpn-xc-profile)#peer 100.100.100.1 [local]Redback(config-l2vpn-xc-profile-peer)#remote-encap 1qtunnel
remotefile format format-string [OS-variable] [OS-variable] ...
no remotefile format
Specifies the format of the filename and the location of the bulkstats collection files that are stored on remote file servers.
bulkstats configuration
format |
Specifies the format of the filename for the bulkstats collection files. |
format-string |
Describes the format strings used to format the remote filename for the bulkstats collection files. Format strings can contain anything or nothing as a label for a SmartEdge OS variable. They follow the C programming language printf() function syntax and must be enclosed in quotation marks. |
OS-variable |
Optional. SmartEdge OS system variable. describes the supported variables. |
No filename format is defined for bulkstats collection files for any policy.
Use the remotefile command to specify the format of the filename and the location of the bulkstats collection files that are stored on remote file servers.
Table 8 describes the format strings used to format the remote filename.
Variable |
Description |
Type |
---|---|---|
context |
Context name |
String |
date |
Today’s date in YYYYMMDD format |
String |
epochtime |
Time of day in epoch format (seconds since January 1, 1970) |
Integer |
hostname |
Hostname as specified in the configuration file |
String |
policy |
Bulkstats policy name |
String |
sysuptime |
System uptime in seconds |
Integer |
timeofday |
Time of day in HHMMSS format (using a 24-hour clock) |
String |
You cannot change the remote filename or location while bulkstats collection is enabled; you must first disable bulkstats collection using thecollection command in bulkstats configuration mode and then re-enable bulkstats collection after entering the receiver command.
Use the no form of this command to delete information about the format of the remote filename and location used to store bulkstats data for this policy.
The following example specifies the format of the filename where the bulkstats data for the bulk policy is to be stored:
[local]Redback(config)#context local [local]Redback(config-ctx)#bulkstats policy bulk
[local]Redback(config-bulkstats)#remotefile format "Bulkstats/%s_%s" hostname timeofday
The file is specified as Bulkstats/hostname_HHMMSS where the hostname argument is the name configured for the SmartEdge router and the HHMMSS argument is the hour, minute, and second (24-hour clock) of the transfer.
To see how this information displays, see the example for the show bulkstats command in Configuring Bulkstats.
remove-private-as
no remove-private-as
Removes private autonomous system numbers (ASNs) from routes that are advertised to the Border Gateway Protocol (BGP) neighbor address family or peer group address family.
This command has no keywords or arguments.
The ASNs are not removed.
Use the remove-private-as command to remove private ASNs from routes that are advertised to the BGP neighbor address family or peer group address family.
Use the no form of this command to send private ASNs.
The following example advertises BGP unicast routes to the neighbor at IP address 102.21.2.45. Any ASNs contained in these routes are removed:
[local]Redback(config-ctx)#router bgp 100 [local]Redback(config-bgp)#neighbor 102.201.2.45 external [local]Redback(config-bgp-neighbor)#address-family ipv4 unicast [local]Redback(config-bgp-peer-af)#remote-as 200 [local]Redback(config-bgp-peer-af)#remove-private-as
rename current-url new-url [-noconfirm]
Renames a file or directory on the local file system.
exec (10)
current-url |
Current URL of the file (or directory) that is to be renamed. |
new-url |
URL of the file (or directory) after renaming. |
-noconfirm |
Optional. Replaces an existing file (or directory) without asking for confirmation. |
None
Use the rename command to rename a file or directory on the local file system. The current-url and new-url arguments use the following form:
[/device][/directory]/filename.ext
The value for the device argument can be flash, or if a mass-storage device is installed, md. If you do not specify the device argument, the default value is the device in the current working directory. If you do not specify the directory argument, the default value is the current directory. Directories can be nested. The value for the filename argument can be up to 256 characters in length.
This command works only for renaming files and directories on a single local file system device; that is, the URLs must be identical, except for the filename.ext argument. The command fails if the values of the current-url and new-url arguments are identical; this is the URLs are identical.
A file with the new name must not already exist; that is, the SmartEdge router does not overwrite an existing file on the local file system without first seeking confirmation. Use the -noconfirm optional keyword to avoid the confirmation prompt.
The following example renames the file, redback.bin, to old.bin:
[local]Redback#rename /flash/redback.bin /flash/old.bin
replay-toleranceseconds
no replay-tolerance
Configures the tolerance for timestamp-based replay protection used between the home agent (HA) instance and the registering mobile nodes (MN).
|
Tolerance for timestamp-based replay protection used between the HA instance and registering MNs. The range of values is 4 to 255 seconds. |
The default for tolerance for timestamp-based replay protection is 7 seconds.
Use the replay-tolerance command to configure the tolerance for timestamp-based replay protection used between the HA instance and the registering MN. The replay-tolerance command specifies the number of seconds that the HA instance timestamp and MN timestamp can be different. When the HA instance discovers that this difference is greater than the number of seconds specified, it rejects the MN registration.
Use the no form of this command to specify the default.
The following example configures a timestamp-based replay tolerance of 10 seconds for this HA instance:
[local]Redback(config)#context ha [local]Redback(config-ctx)#router mobile-ip [local]Redback(config-mip)#home-agent [local]Redback(config-mip-ha)#replay-tolerance 10
report {tx-speed tx-kbps | rx-speed rx-kbps}
{no | default} report {tx-speed | rx-speed}
Specifies the transmit and receive speeds to be included in the IEFT standard, Layer 2 Tunneling Protocol (L2TP) Rx Connect Speed attribute-value pair (AVP) 24 and Tx Connect Speed AVP 38 for any Asynchronous Transfer Mode (ATM) permanent virtual circuit (PVC) that references this ATM profile.
tx-speed tx-kbps |
Transmit speed, in kbps, to be included in L2TP AVP 38; the range of values is 1 to 4,294,967,296. |
rx-speed rx-kbps |
Receive speed, in kbps, to be included in L2TP AVP 24; the range of values is 1 to 4,294,967,296. |
The RxConnect Speed is the port speed. The TxConnect Speed depends on the ATM traffic class specified for the profile; see Table 9.
Use the report command to specify the receive and transmit speeds to be included in the IEFT standard L2TP Rx Connect Speed AVP 24 and Tx Connect Speed AVP 38 for any ATM PVC that references this ATM profile.
Use the no or default form of this command to report default values in L2TP AVPs 24 and 38. Table 9 lists the default values for the TxConnect speed; for all traffic classes except UBR, the reported default value is the value of the specified argument in the shaping command (in ATM profile configuration mode).
ATM Traffic Class |
Default TxConnect Speed Reported |
---|---|
CBR |
Value of the rate argument |
UBR |
Port speed |
UBR pcr |
Value of the pcr argument |
UBRe |
Value of the pcr argument |
VBR-nrt |
Value of the scr argument |
VBR-rt |
Value of the scr argument |
The following example shows how to specify the receive and transmit speeds as 2400 kbps in an ATM profile, low_rate:
[local]Redback(config)#atm profile low_rate [local]Redback(config-atm-profile)#shaping vbr-nrt pcr 2500 cdvt 20 scr 2400 bt 10 [local]Redback(config-atm-profile)#report tx-speed 2500 [local]Redback(config-atm-profile)#report rx-speed 2500
resequence as-path-list apl-name
Assigns new sequence numbers to existing entries in the specified autonomous system (AS) path list so that entries are in increments of 10.
context configuration
apl-name |
Name of the AS path list to be resequenced. |
Sequence numbers are assigned by the system in increments of 10.
Use the resequence as-path-list command to assign new sequence numbers to existing entries in the specified AS path list so that entries are in increments of 10.
This command is useful when you have manually assigned sequence numbers and have no room to insert new entries in between existing entries. You can manually assign sequence numbers using the seq seq-num construct in the as-path-list command in context configuration mode.
The following example resequences entries in the AS path list, filter1, by increments of 10:
[local]Redback(config-ctx)#resequence as-path-list filter1
resequence community-list cl-name
Assigns new sequence numbers to existing entries in the specified community list so that entries are in increments of 10.
context configuration
cl-name |
Name of the community list to be resequenced. |
Sequence numbers are assigned by the system in increments of 10.
Use the resequence community-list command to assign new sequence numbers to existing entries in the specified community list so that entries are in increments of 10.
This command is useful when you have manually assigned sequence numbers and have no room to insert new entries in between existing entries. You can manually assign sequence numbers using the seq seq-num construct in the community-list command in context configuration mode.
The following example resequences entries in the community list, cl012, by increments of 10:
[local]Redback(config-ctx)#resequence community-list cl012
resequence ext-community-list ecl-name
Assigns new sequence numbers to existing entries in the specified extended community list so that entries are in increments of 10.
context configuration
ecl-name |
Name of the extended community list to be resequenced. |
Sequence numbers are assigned by the system in increments of 10.
Use the resequence ext-community-list command to assign new sequence numbers to existing entries in the specified extended community list so that entries are in increments of 10.
This command is useful when you have manually assigned sequence numbers and have no room to insert new entries in between existing entries. You can manually assign sequence numbers using the seq seq-num construct in the ext-community-list command in context configuration mode.
The following example resequences entries in the extended community list, ecl05, by increments of 10:
[local]Redback(config-ctx)#resequence ext-community-list ecl05
resequence ip access-list acl-name
Reassigns sequence numbers to the entries in the specified IP access control list (ACL) to be in increments of 10.
context configuration
acl-name |
Name of the ACL to be resequenced. |
No resequencing is performed.
Use the resequence ip access-list command to reassign sequence numbers to the entries in the specified IP ACL to be in increments of 10. This command is useful if manually assigned sequence numbers have left no room between entries for additional entries.
The following example resequences the statements in the ACL, fremont1:
[local]Redback(config-ctx)#resequence ip access-list fremont1
resequence ip prefix-list pl-name
Assigns new sequence numbers to existing entries in the specified IP prefix list so that entries are in increments of 10.
context configuration
pl-name |
Name of the IP prefix list to be resequenced. |
Sequence numbers are assigned by the system in increments of 10.
Use the resequence ip prefix-list command to assign new sequence numbers to existing entries in the specified IP prefix list so that entries are in increments of 10.
This command is useful when you have manually assigned sequence numbers and have no room to insert new entries in between existing entries. You can manually assign sequence numbers using the seq seq-num construct in the ip prefix-list command in context configuration mode.
The following example resequences entries in the prefix list, pl226, by increments of 10:
[local]Redback(config-ctx)#resequence ip prefix-list pl226
resequence ipv6 prefix-list ipv6-pl-name
Assigns new sequence numbers to existing entries in the specified IP Version 6 (IPv6) prefix list so that entries are in increments of 10.
context configuration
ipv6-pl-name |
Name of the IPv6 prefix list to be resequenced. |
Sequence numbers are assigned by the system in increments of 10.
Use the resequence ipv6 prefix-list command to assign new sequence numbers to existing entries in the specified IPv6 prefix list so that entries are in increments of 10.
This command is useful when you have manually assigned sequence numbers and have no room to insert new entries in between existing entries. You can manually assign sequence numbers using the seq seq-num construct in the ipv6 prefix-list command in context configuration mode.
The following example resequences entries in the prefix list, ipv6p65, by increments of 10:
[local]Redback(config-ctx)#resequence ipv6 prefix-list ipv6pl65
resequence policy access-list acl-name
Reassigns sequence numbers to the entries in the specified policy access control list (ACL) to be in increments of 10.
context configuration
acl-name |
Name of the ACL to be resequenced. |
No resequencing is performed.
Use the resequence policy access-list command to reassign sequence numbers to the entries in the specified policy ACL to be in increments of 10. This command is useful if manually assigned sequence numbers have left no room between entries for additional entries.
The following example resequences the statements in the policy ACL, oakland2:
[local]Redback(config-ctx)#resequence policy access-list oakland2
resequence route-map map-name
Assigns new sequence numbers to existing entries in the specified route map so that entries are in increments of 10.
context configuration
map-name |
Name of the route map to be resequenced. |
Sequence numbers are assigned by the system in increments of 10.
Use the resequence route-map command to assign new sequence numbers to existing entries in the specified route map so that entries are in increments of 10.
This command is useful when you have manually assigned sequence numbers and have no room to insert new entries in between existing entries. You can manually assign sequence numbers using the seq seq-num construct in the route-map command in context configuration mode.
The following example resequences entries in the route map, rm045, by increments of 10:
[local]Redback(config-ctx)#resequence route-map rm045
reserved bytes
no reserved
Specifies the number of additional nonstandard Layer 1 overhead bytes reserved, per packet, for a specific access-line type.
bytes |
Number of reserved bytes, per packet, for the specified access-line type. The range of values is 1 to 255; the default value is 0. |
No additional nonstandard Layer 1 overhead bytes are reserved.
Use the reserved command to specify the number of additional nonstandard Layer 1 overhead bytes reserved, per packet, for a specific access-line type.
Use the no form of this command to remove the specified bytes, per packet from the access-line configuration.
The following example configures an overhead profile for example1, and sets the encapsulation type to pppoa-llc. After you set the default values, you set the data type to adsl, the rate factor to 20, and the reserved value to 16:
[local]Redback(config)#qos profile example1 overhead [local]Redback(config-profile-overhead)#encaps-access-line pppoa-llc [local]Redback(config-profile-overhead)#reserved 8 [local]Redback(config-profile-overhead)#type adsl1 [local]Redback(config-type-overhead)#rate-factor 20 [local]Redback(config-type-overhead)#reserved 16
res-prefix res-prefix
no res-prefix
Configures part of the resource prefix.
res-prefix |
An OID used to construct the value of alarmActiveResourceId. The OID becomes a prefix part to the constructed alarmActiveResourceId. The remaining IDs are obtained from the OID matched by using the vb-subtree command. |
None
Use the res-prefix command in conjunction with the vb-subtree command to create the value of resource prefix for the alarm you are configuring. The value of the resource prefix is determined by appending any indices created by the vb-subtree command. If the value of res-prefix is not set, then the prefix outlined by vb-subtree is used as the resource prefix.
Use the no form of this command to remove this portion of the resource prefix.
The following example shows how to configure the resource prefix with a value of AlarmID.
[local]jazz#config [local]jazz(config)#snmp alarm model 1 state clear [local]jazz(config-snmp-alarmmodel)#no vb-subtree [local]jazz(config-snmp-alarmmodel)#res-prefix AlarmID [local]jazz(config-snmp-alarmmodel)#exit
restricted
{no | default} restricted
Specifies that circuits (including Virtual Private LAN Services (VPLS) circuits) to which this profile is assigned are restricted to accepting only source packets from statically allowed medium access control (MAC) addresses.
This command has no keywords or arguments.
Circuits are not restricted.
Use the restricted command to specify that circuits (including VPLS circuits) to which this profile is assigned are restricted to accepting only packets from statically allowed MAC addresses. Learning is not possible on restricted circuits.
This command causes all MAC addresses previously learned for a circuit to which this profile is assigned to be erased. It also prevents learning of MAC addresses on the circuit, because packets from unknown MAC addresses are dropped before they are learned.
Use the no or default form of this command to remove the restriction from the profile.
The following example shows how to specify that the MAC addresses be restricted for any circuit to which this profile is assigned:
[local]Redback(config)#bridge profile prof-isp1 [local]Redback(config-bridge-profile)#restricted
retain-ibgp-routes
{no | default} retain-ibgp-routes
Forces the Border Gateway Protocol (BGP) neighbor to retain routes from an internal BGP (iBGP) peer when the peer has restarted, provided the peer supports a graceful restart.
BGP neighbor configuration
This command has no keywords or arguments.
The command is disabled.
Use the retain-ibgp-routes command to force the BGP neighbor to retain routes from an iBGP peer when the peer has restarted, provided the peer supports a graceful restart.
By default, routes are not retained for an iBGP peer after the peer restarts unless all iBGP peers support a graceful restart. However, in some network topologies, it may be desirable and feasible to retain the routes for an iBGP peer, even if not all iBGP peers support a graceful restart.
Use the no or default form of this command to disable this feature.
The following example forces the BGP neighbor, 10.1.1.1, to retain routes from an iBGP peer once the peer has restarted, provided the peer supports a graceful restart:
[local]Redback(config-bgp)#neighbor 10.1.1.1 internal [local]Redback(config-bgp-neighbor)#retain-ibgp-routes
retransmit-interval interval
{no | default} retransmit-interval
Modifies the interval at which link-state advertisements (LSAs) retransmissions are sent out through the specified interface, sham link, or virtual link.
interval |
Interval, in seconds, at which LSA transmissions are sent. The range of values is 1 to 65535; the default value is 5. |
LSA retransmissions are sent every five seconds.
Use the retransmit-interval command to modify the interval at which LSA retransmissions are sent out through the specified interface, sham link, or virtual link.
When a SmartEdge router sends LSAs to neighbors, it expects to receive an acknowledgment packet within a set amount of time. If the SmartEdge router does not receive an acknowledgment, it retransmits the LSA.
Use the no or default form of this command to return the interval to its default setting.
The following example configures an OSPF interface to retransmit LSAs every 7 seconds:
[local]Redback(config-ospf-if)#retransmit-interval 7
retry count
(no | default} retry
Specifies the number of times an unacknowledged control message is retransmitted to a Layer 2 Tunneling Protocol (L2TP) peer before the tunnel is brought down.
count |
Number of times an unacknowledged control message is retransmitted to a peer. The range of values is 1 to 100; the default value is 10. |
An unacknowledged control message is retransmitted ten times.
Use the retry command to specify the number of times an unacknowledged control message is retransmitted to an L2TP peer before the tunnel is brought down. You may want to increase the value from the default of 10 if the L2TP media is not reliable.
Use the no or default form of this command to set the number of retransmissions to the default.
The following example shows how to configure the peer so that unacknowledged control messages are retransmitted five times before the tunnel is brought down:
[local]Redback(config-ctx)#l2tp-peer name peer1 [local]Redback(config-l2tp)#retry 5
revert [wtr-interval]
(no | default} revert
Sets the switching algorithm to revertive switching and the wait-to-restore (WTR) interval for an Automatic Protection Switching (APS) or Multiplex Section Protection (MSP) group.
wtr-interval |
Optional. Time to wait before reverting to the working port after it is up. The range of values is 1 to 60 minutes; the default value is 5. |
The switching algorithm is nonrevertive.
Use the revert command to set the switching algorithm to revertive switching and the WTR value for an APS/MSP group.
If you specify this command without the optional wrt-interval argument, the system uses the default value.
Use the no form of this command to set the switching algorithm to nonrevertive switching, that is, an infinite WRT.
Use the default form of this command to set the WTR to 5 minutes.
The following example shows how to set the switching algorithm to revertive with a WRT of 3 minutes:
[local]Redback(config)#aps group lab48 pos [local]Redback(config-aps)#revert 3
revert
no | default revert
SSE group configuration
Redundancy is nonrevertive by default.
This command can only be configured for network-redundant SSE groups. Configures the redundant group to always use the primary SSE or disk as active when available.
On primary SSE failover, the secondary takes on the active redundancy state and continues to support data transaction on the SSE group. Configure the revert command to use the primary as the active device when it becomes available again.
If configured, the primary reverts to the active device when the following conditions are met:
[local]Redback(config)#sse group sse_group_1 network-redundant [local]Redback(config-SE-group)#revert
revocation [mobile-notify condition] [timeout seconds] [retransmit num]
no revocation [mobile-notify condition] [timeout seconds] [retransmit num]
Configures registration revocation for this foreign agent (FA) instance.
mobile-notify condition |
Optional. Specifies the conditions for which the SmartEdge router notifies mobile nodes (MNs) that their Mobile IP service has been revoked, according to one of the following keywords:
|
timeout seconds |
Number of seconds between registration revocation messages. The range of values is 1 to 100; the default value is 7. |
retransmit num |
Number of times the SmartEdge router transmits registration revocation messages. The range of values is 1 to 100; the default value is 3. |
Registration revocation is not configured for any FA instance.
Use the revocation command to configure registration revocation for this FA instance. For more information, see RFC 3543, Registration Revocation in Mobile IPv4.
Use the no form of this command to remove the registration from the configuration for this FA instance.
The following example configures this FA instance to always notify the MNs when service is revoked:
[local]Redback(config)#context fa [local]Redback(config-ctx)#router mobile-ip [local]Redback(config-mip)#foreign-agent [local]Redback(config-mip-fa)#revocation mobile-notify always
revocation [mobile-notify {always | never | foreign-dictate}] [timeout seconds] [retransmit num]
no revocation [mobile-notify condition] [timeout seconds] [retransmit num]
Configures registration revocation as described in RFC 3543, Registration Revocation in Mobile IPv4, for this home agent (HA) instance. Registration revocation is negotiated between the HA instance and its foreign agent (FA) peers.
mobile-notify condition |
Optional. Specifies the conditions for which the HA instance negotiates I-bit support with its FA peers when the mobile node (MN) registers, according to one of the following keywords:
|
timeout seconds |
Number of seconds between registration revocation retransmissions. A registration revocation request is retransmitted to the FA peer when an acknowledgement is not received. The range of values is 1 to 100; the default value is 7. |
retransmit num |
Number of times the SmartEdge router retries transmission registration revocation messages. The range of values is 1 to 100; the default value is 3. |
Registration revocation is not configured for any HA instance.
Use the revocation command to configure registration revocation, as described in RFC 3543, Registration Revocation in Mobile IPv4, for this HA instance. Registration revocation is negotiated between the HA instance and its FA peers.
Use the no form of this command to disable support for registration revocation for the HA instance.
The following example enables registration revocation support for the HA instance. Registration revocation I-bit support is negotiated with the FA peer and the MN is never notified that Mobile IP services have been revoked:
[local]Redback(config)#context ha [local]Redback(config-ctx)#router mobile-ip [local]Redback(config-mip)#home-agent [local]Redback(config-mip-ha)#revocation mobile-notify never
rmdir url
Removes a directory from the local file system.
exec (10)
url |
URL of the directory to be removed. |
None
Use the rmdir command to remove a directory on the local file system.
When referring to a directory on the local file system, the URL takes the following form:
[/device][/directory]...[/directory]
The value for the device argument can be flash, or if a mass-storage device is installed, md. If you do not specify the device argument, the default value is the device in the current working directory. If you do not specify the directory argument, the default value is the current directory. Directories can be nested. The value for the filename argument can be up to 256 characters in length.
Before you remove a directory, you must remove all files from the directory using the delete command.
The following example removes the top-level directory, backups, from the flash file system:
[local]Redback#rmdir /flash/backups
rmon alarm index object-id interval {absolute | delta} rising-threshold value [event-index] falling-threshold value [event-index] [owner owner-name]
no rmon alarm index
Defines a Remote Monitoring (RMON) alarm and associates it with the RMON event that reports the alarm when its criteria are met.
global configuration
index |
Index that uniquely identifies an alarm event with an entry in the alarm table in the RMON Management Information Base (RMON-MIB). |
object-id |
Object ID (OID) of the MIB object to be monitored. |
interval |
Sampling time in seconds. The range of values is 1 to 2,147,483,647. |
absolute |
Compares the actual object value against the threshold value. |
delta |
Compares the difference between successive samples of the object value against the threshold value. |
rising-threshold value |
Value at which an alarm event is triggered. |
event-index |
Optional. Index of the entry in the event table in the RMON-MIB that is associated with the alarm event. |
falling-threshold value |
Value at which an alarm event is triggered. |
owner owner-name |
Optional. Name of the alarm owner. |
No RMON alarms are defined.
Use the rmon alarm command to define an RMON alarm and to associate it with the RMON event that reports the alarm when its criteria are met.
Keep the following guidelines in mind when you use the rmon alarm command:
Use the no form of this command to delete an entry from the RMON alarm table.
The following example configures entries in the RMON events table with index identifiers 11 and 12. Then it defines an RMON alarm that triggers when the difference between successive 60-second samples of the ipForwDatagrams alarm rises faster than 3,000,000 or drops faster than 1,000,000:
[local]Redback(config)#rmon event 11 log notify owner gold.isp.net description “packets per second rising too quickly in context gold.isp.net” [local]Redback(config)#rmon event 12 log notify owner gold.isp.net description “packets per second falling too quickly in context gold.isp.net” [local]Redback(config)#rmon alarm 1 ipForwDatagrams.0 60 delta rising-threshold 3000000 11 falling-threshold 1000000 12 owner gold.isp.net
rmon event index [log] [notify] [owner owner-name] [description text]
no rmon event index
Defines a Remote Monitoring (RMON) event.
global configuration
index |
Index that uniquely identifies an event with an entry in the event table in the RMON Management Information Base (RMON-MIB). |
log |
Optional. Specifies that the event generates an entry in the RMON-MIB log table. |
notify |
Optional. Specifies that the event generates an SNMP notification. |
owner owner-name |
Optional. Owner of the event. |
description text |
Optional. Description of the event. |
No RMON events are defined
Use the rmon event command to define an RMON event and optionally to provide a description of the event.
You must enable the SNMP server using the snmp server command (in global configuration mode) before you use this command.
If notification is enabled using the notify keyword, the SNMP notification is sent to the destination obtained from the SNMP-NOTIFICATION-MIB and the SNMP-TARGET-MIB, as configured by one or more snmp target or snmp notify-target commands as either an SNMP trap or inform protocol data unit (PDU).
Use the no form of this command to delete an entry from the RMON event table.
The following example shows an RMON event that is saved in the SNMP log table and sends an SNMP notification:
[local]Redback(config)#rmon event 1 log notify owner gold.isp.net description “packets per second too high in context gold.isp.net”
robust packet-number
Configures the number of IGMP packets that can be lost before group membership for a specified Ethernet bridge expires.
IGMP snooping bridge configuration
packet-number |
Expected packet loss for this bridge. The range of values is 2 to 7; the default value is 2. |
The default expected packet loss for a bridge is 2 packets.
Use the robust command to configure the number of IGMP packets that can be lost before group membership for a specified Ethernet bridge expires.
The packets that can be lost are IGMP reports. If a host fails to respond to a membership query for two successive intervals, that host is dropped from the outgoing circuit list.
The following example shows how to configure the expected packet loss for a bridge called br-sj-1 to be 4 packets:
local]Router(config)#context sj1 [local]Router(config-ctx)#bridge br-sj-1 [local]Router(config-bridge)#igmp snooping [local]Router(config-igmp-snooping)#robust 4
route-map map-name {in | out}
no route-map map-name {in | out}
Applies a route map that modifies Border Gateway Protocol (BGP) attributes or filters BGP routes received from or sent to the BGP neighbor or peer group.
map-name |
Name of the route map. |
in |
Applies the route map to incoming BGP routes sent from the BGP neighbor. |
out |
Applies the route map to outgoing BGP routes sent to the BGP neighbor. |
A route map is not applied to a BGP neighbor.
Use the route-map command to apply a route map that modifies BGP attributes or to filter BGP routes sent to or received from the BGP neighbor or peer group. Use the in keyword to modify attributes or filter incoming routes received from the neighbor or peer group. Use the out keyword to modify attributes or filter outgoing routes sent to the neighbor.
Use the route-map command in context configuration mode to determine the attribute modifications and filtering conditions of the applied route map.
Currently, route map changes automatically take effect, and issuing the clear bgp neighbor ip-addr soft [in | out] command in exec mode to update a route map can cause updates to be unnecessarily sent; therefore, it is not recommended.
To aggregate multiple policy changes, such as the route map, the operating system performs the automatic update 15 seconds after any routing policy has changed.
Use the no form of this command to remove a route map.
The following example denies unicast BGP routes 10.0.0.0/8 (and more-specific routes) sent from the unicast BGP neighbor at IP address 102.210.210.1. All other routes to this neighbor have the community attribute set to 100:14499. Only multicast BGP routes 204.16.16.0/24 are sent to the multicast BGP neighbor at IP address 68.68.68.68:
[local]Redback(config-ctx)#route-map rmap-20 deny 10 [local]Redback(config-route-map)#match ip address prefix-list prefix-deny-10 [local]Redback(config-route-map)#exit [local]Redback(config-ctx)#route-map rmap-20 permit 20 [local]Redback(config-route-map)#set community 100:14499 [local]Redback(config-route-map)#exit [local]Redback(config-ctx)#route-map rmap-30 permit 10 [local]Redback(config-route-map)#match ip address prefix-list prefix-permit-300 [local]Redback(config-route-map)#exit [local]Redback(config-ctx)#ip prefix-list prefix-deny-10 [local]Redback(config-prefix-list)#permit 10.0.0.0/8 le 32 [local]Redback(config-prefix-list)#exit [local]Redback(config-ctx)#ip prefix-list prefix-permit-300 [local]Redback(config-prefix-list)#permit 204.16.16.0/24 [local]Redback(config-prefix-list)#exit . . . [local]Redback(config-ctx)#router bgp 100 [local]Redback(config-bgp)#neighbor 102.210.210.1 external [local]Redback(config-bgp-neighbor)#remote-as 200 [local]Redback(config-bgp-neighbor)#address-family ipv4 unicast [local]Redback(config-bgp-peer-af)#route-map rmap-200 in [local]Redback(config-bgp-peer-af)#exit [local]Redback(config-bgp-neighbor)#exit [local]Redback(config-bgp)#neighbor 68.68.68.68 external [local]Redback(config-bgp-neighbor)#remote-as 300 [local]Redback(config-bgp-neighbor)#send community [local]Redback(config-bgp-neighbor)#address-family ipv4 multicast [local]Redback(config-bgp-peer-af)#route-map rmap-300 out
route-map map-name [seq-num] [deny seq-num | permit seq-num] | [description text]
no route-map map-name [seq-num] [deny seq-num | permit seq-num] | [description ]
Creates a route map for policy routing and enters route map configuration mode.
context configuration
map-name |
Descriptive name for the route map. |
seq-num |
Optional. Sequence number for the route map entry, relative to other route map entries in the same route map. Route map entries are tested in order of ascending sequence number; that is, the route map entry with the lowest sequence number is examined first when Border Gateway Protocol (BGP) routes are tested. The range of values is 1 to 4294967295; the default value is 10 greater than the largest sequence number of any route map entry in the route map. |
deny seq-num |
Optional. Sequence number for the route map entry. The range of values is 1 to 4294967295. Routes using the specified sequence number are denied. |
permit seq-num |
Optional. Sequence number for the route map entry. The range of values is 1 to 4294967295. Routes using the specified sequence number are permitted. |
description text |
Optional. Description of the route map. No text argument is specified when the description keyword is used with the no form of this command. |
The action is permit. If not specified, the sequence number is 10 greater than the largest sequence number for a route map entry with the same map-name argument.
Use the route-map command to create a route map for policy routing and enter route map configuration mode. Use this command in conjunction with the match commands in route map configuration mode to specify the conditions under which a route is accepted or rejected by the routing application that is using the route map. If the route entry indicates permit, the set commands can be used to modify the accepted routes attributes.
Route map entries are tested in ascending order. For a route to match a particular route map entry, all match conditions must be satisfied. A route map entry with no match conditions can be used to unconditionally change a route’s attributes by applying set actions.
Use the no form of this command to delete a specific route map entry or to delete the entire route map. Because there can be only one description for a route map, when you use the no form of this command to delete the route map description, it is not necessary to include the text argument.
The following example redistributes static routes with destination addresses that match the IP access list acc03 into the BGP routing process. The set command is used to modify the metric of selected routes:
[local]Redback(config-ctx)#ip prefix-list acc03 [local]Redback(config-prefix-list)#permit 81.1.0.0/16 le 32 [local]Redback(config-prefix-list)#permit 77.0.0.0/8 le 32 [local]Redback(config-prefix-list)#exit [local]Redback(config-ctx)#route-map rmap1 permit 10 [local]Redback(config-route-map)#match ip address prefix-list acc03 [local]Redback(config-route-map)#set metric 10 [local]Redback(config-route-map)#exit [local]Redback(config-ctx)#router bgp 65012 [local]Redback(config-bgp)#address-family ipv4 unicast [local]Redback(config-addrfamily)#redistribute static route-map rmap1
route-origin ext-com
no route-origin
Identifies the specific site from where a route has originated.
BGP address family configuration
ext-com |
Site of origin extended community value used to uniquely identify a site within internally connected multiple Virtual Private Network (VPN) sites. The site of origin extended community value can be expressed in either of the following formats:
|
No site of origin is specified.
Use the route-origin command identify the specific site from where a route has originated.
When routes are received by a provider edge (PE) router, the route’s route-origin attribute is checked against the route origin associated with the VPN for the receive site. Received routes are rejected if the route origin values are the same. This prevents the readvertisement of routes back to their originating sites.
Use the no form of this command to remove the route-origin attribute from a route.
The following example configures routes originating from context foo to carry route origin 100:300 as part of the extended community attribute when they are advertised to other PE routers:
[local]Redback(config)#context foo vpn-rd 10.11.12.13:100 [local]Redback(config-ctx)#router bgp vpn [local]Redback(config-bgp)#address-family ipv4 unicast [local]Redback(config-bgp-af)#route-origin 100:300 [local]Redback(config-bgp-af)#export route-target 10.11.12.13:100 [local]Redback(config-bgp-af)#import route-target 100:100 10.11.12.13:100
router ancp
no router ancp
Creates the Access Node Control Protocol (ANCP) router and accesses ANCP configuration mode.
This command has no keywords or arguments.
The ANCP router does not exist.
Use the router ancp command to create the ANCP router and access ANCP configuration mode. The ANCP router is always created in the local context.
Use the no form of this command to delete the ANCP router and close all ANCP sessions; however, digital subscriber line (DSL) information learned from the sessions is not removed.
The following example creates the ANCP router in the local context and accesses ANCP configuration mode:
[local]Redback(config)#context local [local]Redback(config-ctx)#router ancp [local]Redback(config-ancp)#
router bfd
no router bfd
Creates a Bidirectional Forwarding Detection (BFD) instance and enters BFD router configuration mode.
This command has no keywords or arguments.
No BFD instances are configured.
Use the router bfd command to create a BFD instance and enter BFD router configuration mode.
Use the no form of this command to disable the BFD instance.
The following example creates a BFD instance on the context, local, and enters BFD router configuration mode:
[local]Redback(config)#context local [local]Redback(config-ctx)#router bfd [local]Redback(config-bfd)#
router bgp {asn | nn:nn}
no router bgp {asn | nn:nn}
Configures a Border Gateway Protocol (BGP) routing instance using an autonomous system number (ASN) and enters BGP router configuration mode.
context configuration
asn |
ASN in integer format. The range of values is 1 to 65535. The subrange of 64512 to 65535 is reserved for private ASNs. |
nn:nn |
ASN in 4-byte integer format, where the first nn indicates the two higher-order bytes and the second nn denotes the two lower-order bytes. |
BPG routing is not enabled.
Use the router bgp command to configure a BGP routing instance using an ASN, and to enter BGP configuration mode.
Use the no form of this command to disable the BGP routing instance.
The following example enables BGP routing for ASN 321 and enters BGP router configuration mode:
[local]Redback(config)#context local [local]Redback(config-ctx)#router bgp 321 [local]Redback(config-bgp)#
router bgp vpn
Configures a Border Gateway Protocol (BGP) routing instance in a Virtual Private Network (VPN) context and enters BGP configuration mode.
context configuration
This command has no keywords or arguments.
None
Use the router bgp vpn command to configure a BGP routing instance in a VPN context, and enter BGP configuration mode. A BGP instance is always required within a VPN context for the following reasons:
BGP does not function properly in a VPN context until it is first configured in the local context. Even though an autonomous system number (ASN) is not used when configuring a BGP instance in a VPN context, this instance uses the ASN from the BGP instance in the local context for peering with customer edge (CE) routers.
When configuring BGP peering sessions within a VPN context, only external neighbor sessions can be configured, because peering in a VPN context must only be configured with CE routers. Furthermore, the only permitted address family is IP Version 4 (IPv4) unicast, and peer groups cannot be configured.
The following example configures a BGP routing instance within a VPN context, and redistributes static routes from a customer into BGP:
[local]Redback(config)#context vpncontext vpn-rd 701:3 [local]Redback(config-ctx)#router bgp vpn [local]Redback(config-bgp)#address-family ipv4 unicast [local]Redback(config-bgp-af)#redistribute static
The following example configures a BGP peering session with a CE router:
[local]Redback(config)#context vpncontext vpn-rd 701:3 [local]Redback(config-ctx)#router bgp vpn [local]Redback(config-bgp)#neighbor 205.1.2.2 external [local]Redback(config-bgp-neighbor)#remote-as 100 [local]Redback(config-bgp-neighbor)#address-family ipv4 unicast
router-dead-interval interval
{no | default} router-dead-interval
Modifies the amount of time the Open Shortest Path First (OSPF) or OSPF Version 3 (OSPFv3) process waits to receive a Hello packet from a neighbor before determining that the neighbor is not operational.
interval |
Amount of time, in seconds, that the OSPF or OSPFv3 process waits to receive a Hello packet. The range of values is 1 to 65,535. The value must be the same for all routers on a common network. |
The interval is 40 seconds for broadcast and point-to-point (P2P) networks, and 120 seconds for point-to-multipoint (P2MP) and nonbroadcast multiaccess (NBMA) networks.
Use the router-dead-interval command to modify the amount of time the OSPF or OSPFv3 process waits to receive a Hello packet from a neighbor before determining that the neighbor is not operational. The OSPF router dead interval can be configured on a specific interface, sham link, or virtual link
If a Hello packet is not received within the configured amount of time, the OSPF or OSPFv3 process modifies its topology database to indicate that the neighbor is not operational.
The OSPF router dead interval value must be the same for all routers on a common network. The value must be greater than that of the Hello interval to avoid destroying adjacencies when the neighbor router is operational.
The following restrictions apply to the router-dead-interval command:
Use the no or default form of this command to return the interval value to its default setting.
The following example configures an OSPF interface to wait 60 seconds without receiving a Hello packet from its neighbor before determining that the neighbor is not operational:
[local]Redback(config-ospf-if)#router-dead-interval 60
route-reflector-client
no route-reflector-client
Configures the internal Border Gateway Protocol (iBGP) neighbor (or peer group) as a route reflector client for the BGP address family.
This command has no keywords or arguments.
The neighbor is not configured as a route reflector client.
Use the route-reflector-client command to configure the iBGP neighbor (or peer group) for the specified address family as a route reflector client. No other configuration is required for an iBGP neighbor to act as a route reflector client.
Together, a route reflector and its clients form a cluster. If there is more than one route reflector in a cluster, all route reflectors in that cluster should be configured with the same ID through the cluster-id command. If there is no cluster ID, the router ID is used.
Use the no form of this command to remove the route reflector client specification from the iBGP neighbor.
The following example configures the iBGP neighbor at IP address, 102.210.210.1, as a route reflector client for the unicast address family:
[local]Redback(config-ctx)#router bgp 100 [local]Redback(config-bgp)#neighbor 102.210.210.1 internal [local]Redback(config-bgp-neighbor)#remote-as 100 [local]Redback(config-bgp-neighbor)#address-family ipv4 unicast [local]Redback(config-bgp-peer-af)#route-reflector-client
router-id ip-addr
no router-id ip-addr
Configures a fixed Border Gateway Protocol (BGP) router ID for the SmartEdge router.
BGP router configuration
ip-addr |
IP address of the SmartEdge router. |
The router ID is the IP address of a loopback interface, if one is configured. If a loopback interface is not configured, the interface with the highest IP address is used as the router ID.
Use the router-id command to configure a fixed BGP router ID for the SmartEdge router.
Caution! | ||
Risk of dropped connection. When you change a router ID, any active
peering sessions using the current router ID are dropped. To reduce
the risk, avoid changing the router ID when peering sessions are actively
running.
|
Use the no form of this command to remove the fixed router ID.
The following example configures a fixed BGP router ID of 10.10.1.1:
[local]Redback(config-ctx)#router bgp 64001 [local]Redback(config-bgp)#router-id 10.1.1.1
router-id ip-addr
no router-id
Configures a global router ID for the SmartEdge router.
context configuration
ip-addr |
IP address of the interface to be used as the router ID. |
A global router ID is not preconfigured.
Use the router-id command to configure a global router ID for the SmartEdge router.
The global router ID in context configuration mode provides a consistent router ID for use by all routing protocols; however, if the router ID is configured as part of an individual routing protocol, such as the Open Shortest Path First (OSPF) protocol or the Border Gateway Protocol (BGP), it will take precedence over the global router ID in context configuration mode.
Use the no form of this command to remove a global router ID.
The following example configures the IP address, 193.25.105.83, as the global router ID in context configuration mode:
[local]Redback(config)#context local [local]Redback(config-ctx)#router-id 193.25.105.83
router-id ip-addr
no router-id ip-addr
Configures the interface to be used as the Label Distribution Protocol (LDP) router ID.
ip-addr |
IP address in the form A.B.C.D. |
By default, the SmartEdge router determines the LDP router ID in the following sequence:
Use the router-id command to configure the interface to be used as the LDP router ID.
Caution! | ||
Risk of traffic interruption. Because the router ID is used as
the transport IP address for establishing a Transmission Control Protocol
(TCP) connection, changing the router ID causes an active LDP session
to be torn down, and then re-established. To reduce the risk, do not
change the router ID when an LDP session is active.
|
Use the no form of this command to return the system to its default behavior.
The following example configures the interface, ldp-routerID, as the LDP router ID:
[local]Redback(config)#context local [local]Redback(config-ctx)#router isis isis-backbone [local]Redback(config-isis)#net 49.2222.0010.0100.1001.00 [local]Redback(config-isis)#exit [local]Redback(config-ctx)#interface ldp-routerID [local]Redback(config-ctx)#ip address 10.1.1.1 255.255.255.0 [local]Redback(config-if)#isis router isis-backbone [local]Redback(config-if)#exit [local]Redback(config-ctx)#router ldp [local]Redback(config-ldp)#router-id 10.1.1.1
router-id ip-addr
no router-id
Configures a fixed Open Shortest Path First (OSPF) or OSPF Version 3 (OSPFv3) router ID for the SmartEdge router.
ip-addr |
IP address of the interface to be used as the router ID. |
A router ID is not preconfigured.
Use the router-id command to configure a fixed OSPF or OSPFv3 router ID for the SmartEdge router.
OSPF or OSPFv3 uses the router ID to identify the originating router for packets and link-state advertisements (LSAs). If the OSPF or OSPFv3 router ID is not configured, OSPF or OSPFv3 chooses the lowest loopback interface address. If there are no loopback interfaces, OSPF or OSPFv3 chooses the lowest interface address. The default OSPF or OSPFv3 router ID is selected when OSPF or OSPFv3 is started initially or restarted using the process restart command (in exec mode). For information on the process restart command, see the Command List.
Use the no form of this command to remove a router ID.
The following example configures the IP address, 193.25.105.83, as the router ID:
[local]Redback(config-ospf)#router-id 193.25.105.83
router isis instance-name
no router isis instance-name
Creates an Intermediate System-to-Intermediate System (IS-IS) instance and enters IS-IS router configuration mode.
context configuration
instance-name |
IS-IS instance name. |
No instance of IS-IS is configured.
Use the router isis command to create an IS-IS instance and to enter IS-IS router configuration mode. To enable the IS-IS routing process, you must assign a network entity title (NET) to the instance. Use the net command in IS-IS router configuration mode.
A context can have multiple IS-IS instances. No more than one instance of IS-IS can operate on a single interface. To enable IS-IS on an interface, use the interface command in IS-IS router configuration mode.
Use the no form of this command to delete the IS-IS instance.
Caution! | ||
Risk of IS-IS configuration settings loss. The no router
isis command removes the IS-IS instance and all related configuration
settings, which is different from deleting the last NET. Deleting
the last NET disables the IS-IS instance while preserving all configuration
information. To reduce the risk, delete the last NET.
|
The following example configures the ip-backbone IS-IS instance and assigns it a NET of 47.001.002.002.002.00:
[local]Redback(config-ctx)#router isis ip-backbone [local]Redback(config-isis)#net 47.0001.0002.0002.0002.00
router ldp
no router ldp
Enables a Label Distribution Protocol (LDP) routing instance for a context and enters LDP router configuration mode.
context configuration
This command has no keywords or arguments.
LDP routing is disabled.
Use the router ldp command to enable an LDP routing instance for context, and to enter LDP router configuration mode. Our implementation of LDP follows the LDP specification as described in RFC 3036, LDP Specification.
For the context in which you configure LDP, you must also:
You may also need to enable an Interior Gateway Protocol (IGP), such as Open Shortest Path First (OSPF) or Intermediate System-to-Intermediate System (IS-IS), on the interface.
To ensure that the LDP router ID is always reachable, we recommend that you also configure a loopback interface that is advertised by the IGP, such as OSPF or IS-IS, routing instance.
Use the no form of this command to disable LDP routing for the context.
The following example enables an LDP routing instance for the local context and enters LDP router configuration mode:
[local]Redback(config)#context local [local]Redback(config-ctx)#router ldp [local]Redback(config-ldp)#
router mobile-ip
no router mobile-ip
Enables Mobile IP services in this context and accesses Mobile IP configuration mode.
This command has no keywords or arguments.
Mobile IP services are not enabled in any context.
Use the router mobile-ip command to enable Mobile IP services in this context and access Mobile IP configuration mode.
Use the no form of this command to disable Mobile IP services in this context.
The following example enables Mobile IP services in the fa context:
[local]Redback(config)#context fa [local]Redback(config-ctx)#router mobile-ip [local]Redback(config-mip)#
router mpls
no router mpls
Enables Multiprotocol Label Switching (MPLS) routing within a context and enters MPLS router configuration mode.
context configuration
This command has no keywords or arguments.
MPLS routing is disabled.
Use the router mpls command to enable MPLS routing within a context and enter MPLS router configuration mode.
Use the no form of this command to disable MPLS routing.
The following example enables MPLS routing and enters MPLS router configuration mode:
[local]Redback(config)#context isp33 [local]Redback(config-ctx)#router mpls [local]Redback(config-mpls)#
router mpls-static
no router mpls-static
Enables static Multiprotocol Label Switching (MPLS) routing within a context and enters MPLS static router configuration mode.
context configuration
This command has no keywords or arguments.
Static MPLS routing is disabled.
Use the router mpls-static command to enable static MPLS routing within a context and enter MPLS static router configuration mode.
Use the no form of this command to disable static MPLS routing.
The following example enables static MPLS routing and enters MPLS static router configuration mode:
[local]Redback(config)#context isp33 [local]Redback(config-ctx)#router mpls-static [local]Redback(config-mpls-static)#
router msdp
no router msdp
Enables Multicast Source Discovery Protocol (MSDP) within a context and enters MSDP router configuration mode.
context configuration
This command has no keywords or arguments.
MSDP is disabled.
Use the router msdp command to enable MSDP within a context and enter MSDP router configuration mode.
Use the no form of this command to disable MSDP within a context.
The following example enables MSDP and enters MSDP router configuration mode:
[local]Redback(config-ctx)#router msdp [local]Redback(config-msdp)#
router nd
no router nd
Creates or selects a Neighbor Discovery (ND) router and accesses ND router configuration mode.
This command has no keywords or arguments.
No ND router is created.
Use the router nd command to create or select an ND router and access ND router configuration mode. You can create a single ND router in each context.
Use the no form of this command to remove the ND router from the configuration; the no form also removes the ND-specific configuration from any interfaces in this context.
The following example creates an ND router in the local context:
[local]Redback(config)#context local [local]Redback(config-ctx)#router nd
router ospf instance
no router ospf instance
Configures an Open Shortest Path First (OSPF) routing instance and enters OSPF router configuration mode.
context configuration
instance |
Instance ID. The range of values is 1 to 65,535. |
OSPF routing is disabled.
Use the router ospf command to configure an OSPF routing instance and to enter OSPF router configuration mode.
Use the no form of this command to disable OSPF routing.
The following example configures the OSPF instance, 105, and enters OSPF router configuration mode:
[local]Redback(config-ctx)#router ospf 105 [local]Redback(config-ospf)#
router ospf3 instance-id
no router ospf3 instance-id
Creates an Open Shortest Path First Version 3 (OSPFv3) routing instance and enters OSPF3 router configuration mode.
context configuration
instance-id |
Instance ID. The range of values is 1 to 65,535. |
OSPFv3 routing is disabled.
Use the router ospf3 command to create an OSPFv3 routing instance and to enter OSPF3 router configuration mode.
Use the no form of this command to disable OSPFv3 routing.
The following example configures the OSPFv3 instance, 105, and enters OSPF3 router configuration mode:
[local]Redback(config-ctx)#router ospf3 105 [local]Redback(config-ospf3)#
router-priority priority
default router-priority
Modifies the Open Shortest Path First (OSPF) or OSPF Version 3 (OSPFv3) preference for the SmartEdge router to act as the designated router on a network.
priority |
Priority setting. The range of values is 0 to 255; the default value is 1. |
The priority value is 1.
Use the router-priority command to modify the OSPF or OSPFv3 preference for the SmartEdge router to act as the designated router on a network.
Enter any value greater than or equal to 1 to indicate that the SmartEdge router can act as the designated router. The router with the highest priority is used as the designated router for the network if there is not a designated router already on the network. If two routers have the same priority value, the router with the higher router ID is the designated router for the network; see the router-id command.
A value of 0 causes the router to never act as the designated router.
Use the default form of this command to return the priority to the default value of 1.
The following example sets the router priority to 2:
[local]Redback(config-ospf-if)#router-priority 2
router rip instance
no router rip instance
Creates an instance of the Routing Information Protocol (RIP) routing process and enters RIP router configuration mode.
context configuration
instance |
RIP instance name. |
The RIP routing process is disabled.
Use the router rip command to creates an instance of the RIP routing process and to enter RIP router configuration mode. Each RIP instance has its own routing table. You can configure multiple RIP instances
To configure a RIP instance on an interface, use the rip router, rip listen, or rip supply command in interface configuration mode.
Use the no form of this command to disable an instance of the RIP routing process.
The following example enables the RIP instance, rip001, and enters RIP router configuration mode:
[local]Redback(config-ctx)#router rip rip001 [local]Redback(config-rip)#
router ripng instance-id
no router ripng instance-id
Creates an instance of the Routing Information Protocol next generation (RIPng) routing process and enters RIPng router configuration mode.
context configuration
instance-id |
RIPng instance ID. |
The RIPng routing process is disabled.
Use the router ripng command to create an instance of the RIPng routing process and to enter RIPng router configuration mode. Each RIPng instance has its own routing table. You can configure multiple RIPng instances.
Use the no form of this command to disable an instance of the RIPng routing process.
The following example enables the RIPng instance, ripng001, and enters RIPng router configuration mode:
[local]Redback(config-ctx)#router ripng ripng001 [local]Redback(config-ripng)#
router rsvp
no router rsvp
Enables Resource Reservation Protocol (RSVP) routing within a context and enters RSVP router configuration mode.
context configuration
This command has no keywords or arguments.
RSVP is disabled.
Use the router rsvp command to enable RSVP routing within a context and enter RSVP router configuration mode.
Use the no form of this command to disable RSVP routing within a context.
The following example enables RSVP routing and enters RSVP router configuration mode:
[local]Redback(config)#context isp35 [local]Redback(config-ctx)#router rsvp [local]Redback(config-rsvp)#
route-target filter
no route-target filter
Enables automatic Border Gateway Protocol (BGP) route target community filtering.
BGP address family configuration
This command has no keywords or arguments.
Denies all incoming IP Version 4 (IPv4) Virtual Private Network (VPN) routes that are not imported into any VPN context, if the local router is not configured as a route reflector.
Use the route-target filter command to enable automatic BGP route target community filtering. This command configures the local router, if it is not configured as a route reflector, to ignore all VPN routes received that are not imported into any VPN context.
You can control the number of IPv4 VPN routes that the local autonomous system border router (ASBR) advertise to the remote ASBR by configuring a community for exportable routes on the inbound interface of the provider edge (PE) router, and configuring a community based filter on the outbound interface of the local ASBR to advertise only routes that match the community.
Use the no form of this command to allow the local router to accept all BGP IPv4 VPN routes. Accepting all IPv4 VPN routes is the desired behavior for a router configured as an ASBR for inter-autonomous system (AS) VPNs.
The following example configures a local router to accept all received IPv4 VPN routes:
[local]Redback(config)#context local [local]Redback(config-ctx)#router bgp 100 [local]Redback(config-bgp)#address-family ipv4 vpn [local]Redback(config-bgp-af)#no route-target filter
rpf-interface interface1 interface2
no rpf-interface
Identifies both the active and backup Reverse Path Forwarding (RPF) interfaces that establish sessions over which the source device sends multicast join requests.
pim dual join configuration mode
interface1 |
Active RPF interface that establishes a session over which the source device sends multicast join requests. |
interface2 |
Backup RPF interface that establishes a session over which the source device sends multicast join requests. |
None
Use the rpf-interface command to identify both the active and backup RPF interfaces that establish sessions over which the source device sends multicast join requests.
Use the no form of this command to set the active and backup RPF interfaces to the previously set values.
The following example shows how to set the RPF interface int1 as the active link and RPF interface int2 as the backup link for multicast join request sessions:
[local]Redback(config)#context local [local]Redback(config-ctx)#pim dual-join group 225.100.1.1 source 192.110.30.6 [local]Redback(config-pim-dual-join)#rpf-interface int1 int2
rro-prefix-type {router-id | interface}
no rro-prefix-type {router-id | interface}
Configures the Resource Reservation Protocol (RSVP) record route object (RRO) IP prefix type.
RSVP router configuration
router-id |
Uses the router ID as the IP prefix when sending an RRO. |
interface |
Uses the outbound interface IP address when sending an RRO. |
The router ID is used as the IP prefix type when sending an RRO.
Use the rro-prefix-type command to configure the RSVP RRO IP prefix type. You can change the IP prefix inside an RRO to be either the router ID or the interface IP address. This can be used for Multiprotocol Label Switching (MPLS) fast reroute for node protection and interarea node protection. During MPLS fast reroute, the point of local repair (PLR) router needs to match the bypass label-switched path (LSP) egress address with the IP prefix inside the RRO of the next-next-hop node.
The following example configures the RSVP RRO to use the outbound interface IP address when sending an RRO:
[local]Redback(config-ctx)#router rsvp [local]Redback(config-rsvp)#rro-prefix-type interface