|
COMMAND DESCRIPTION 7/190 82-CRA 119 1170/1-V1 Uen D | |
Copyright
© Ericsson AB 2009–2010. All rights reserved. No part of this document may be reproduced in any form without the written permission of the copyright owner.
Disclaimer
The contents of this document are subject to revision without notice due to continued progress in methodology, design and manufacturing. Ericsson shall have no liability for any error or damage of any kind resulting from the use of this document.
Trademark List
| SmartEdge | is a registered trademark of Telefonaktiebolaget LM Ericsson. | |
| NetOp | is a trademark of Telefonaktiebolaget LM Ericsson. |
Commands starting with “dec” through commands starting with “dz” are included.
decrement ttl
no decrement ttl
Enables transit routers to decrement the Multiprotocol Label Switching (MPLS) time-to-live (TTL) by 1 at each hop.
MPLS router configuration
This command has no keywords or arguments.
Transit routers are enabled to decrement the MPLS TTL by 1 at each hop.
Use the decrement ttl command to enable transit routers to decrement the MPLS TTL by 1 at each hop.
Use the no form of this command to disable transit routers from decrementing the MPLS TTL by 1 at each hop.
The following example enables transit routers to decrement the MPLS TTL by 1 at each hop:
[local]Redback(config-ctx)#router mpls 234 [local]Redback(config-mpls)#decrement ttl
default-information originate [route-map map-name]
{no | default} default-information originate [route-map map-name]
In RIP interface configuration mode, configures the specified Routing Information Protocol (RIP) or RIP next generation (RIPng) interface to originate the default route.
In RIP router configuration mode, injects the default route into the RIP or RIPng instance.
|
route-map map-name |
Optional. Route map name. The conditions of the route map are applied to the default route. |
The default route is not sent.
Use the default-information originate command (in RIP or RIPng interface configuration mode) to configure the specified RIP or RIPng interface to originate the default route, which is 0.0.0.0 for IPv4 and ::/0 for IPv6.
Use the default-information originate command (in RIP or RIPng router configuration mode) to inject the default route into the RIP or RIPng instance.
To apply a route map to the default route, use the optional route-map map-name construct. In this case, the default route is generated only when there is a match in the specified route map.
Use the no or default form of this command (in RIP or RIPng interface configuration mode) to configure the interface to not originate the default route.
Use the no or default form of this command (in RIP or RIPng router configuration mode) to not inject the default route into the RIP or RIPng instance.
The following example injects the default route into the rip001 RIP instance:
[local]Redback(config-ctx)#router rip rip001 [local]Redback(config-rip)#default-information originate
The following example originates the default route from the fe1 interface for the rip002 RIP instance:
[local]Redback(config-ctx)#router rip rip002 [local]Redback(config-rip)#interface fe1 [local]Redback(config-rip-if)#default-information originate
default-lease-time seconds
no default-lease-time
Specifies the default lease time for this Dynamic Host Configuration Protocol (DHCP) server or one of its subnets.
|
seconds |
Length of time for the default lease. The range of values is 180 seconds 900 seconds (15 minutes) to 31,536,000 seconds (one year). |
The default length of time is two hours.
Use the default-lease-time command to specify the default lease time for the DHCP server or one of its subnets. In DHCP server configuration mode, this command specifies the default lease time for all subnets; in DHCP subnet configuration mode, it specifies the default lease time for that subnet. The value you specify for a subnet overrides the global value for the server.
Use the no form of this command to specify the default value.
The following example specifies a default lease time of 4 hours (14000) for the DHCP server and all its subnets:
[local]Redback(config)#context dhcp [local]Redback(config-ctx)#dhcp server policy [local]Redback(config-dhcp-server)#default-lease-time 14400
default-metric metric
no default-metric
Configures the default metric used for redistributed Open Shortest Path First (OSPF) or OSPF Version 3 (OSPFv3) routes when no metric is specified.
|
metric |
Metric value. The range of values is 1 to 16,777,215. |
No default metric is configured. If a metric value is not configured through the redistribute command in OSPF router configuration mode or applied via a route map, the metric in the system routing table is used.
Use the default-metric command to configure the default metric used for redistributed OSPF or OSPFv3 routes when no metric is specified. You can specify a metric through the redistribute command (in OSPF or OSPF3 router configuration mode), or indirectly by applying a route map through the route-map command (in route map configuration mode).
Use the no form of this command to return the metric value to its default setting.
The following example configures a default metric value of 40:
[local]Redback(config-ospf)#default-metric 40
default-metric metric
{no | default} default-metric
Sets the default metric for the Routing Information Protocol (RIP) or RIP next generation (RIPng) instance.
|
metric |
Default metric. The range of values is 0 to 16; the default value is 0. |
The metric value is 0.
Use the default-metric command to set the default metric for the RIP or RIPng instance. The default value is used when a route with incompatible metrics is received into the RIP or RIPng instance; for example, when a route from a different routing domain is imported into RIP or RIPng.
Use the no or default form of this command to return the default metric value to 0.
The following example sets the default metric to 11 for the RIP instance, rip001:
[local]Redback(config-ctx)#router rip rip001 [local]Redback(config-rip)#default-metric 11
default-originate [route-map map-name]
no default-originate [route-map map-name]
Advertises the default route of the specified address family, even when the default route is not installed in the Border Gateway Protocol (BGP) routing table, to the BGP neighbor.
|
route-map map-name |
Optional. Name of the route map. The match and set conditions of the specified route map are applied before the default route is sent. |
No default route is sent to peers.
Use the default-originate command to advertise the default route of the specified address family, even when the default route is not installed in the BGP routing table, to the BGP neighbor. The default route, 0.0.0.0/0, is typically sent to a BGP neighbor that does not carry full Internet routes.
If the route-map map-name keyword construct is not used, or if the specified route map does not include a match ip address prefix-list pl-name statement, the specified address family unconditionally advertises the default route to the BGP neighbor.
When the route-map map-name keyword construct is used, and the route map has a match ip address prefix-list pl-name statement, the specified address family advertises the default route only if the address prefix entry specified in the IP prefix list exists in the routing information base (RIB).
Use the no form of this command to avoid sending the default route to neighbors or peer groups.
The following example sends the unicast default route unconditionally to the neighbor at IP address 102.210.210.1, and only sends it to the neighbor at IP address, 68.68.68.68, when route, 20.0.0.0/8, with the next-hop address, 192.192.192.253:
[local]Redback(config-ctx)#route-map map1 [local]Redback(config-route-map)#match ip address prefix-list pref1 [local]Redback(config-route-map)#match ip next-hop prefix-list next-hop-list [local]Redback(config-route-map)#exit [local]Redback(config-ctx)#ip prefix-list pref1 [local]Redback(config-prefix-list)#permit 20.0.0.0/8 [local]Redback(config-prefix-list)#exit [local]Redback(config-ctx)#ip prefix-list next-hop-list [local]Redback(config-prefix-list)#permit 192.192.192.253/32 [local]Redback(config-prefix-list)#exit [local]Redback(config-ctx)#router bgp 100 [local]Redback(config-bgp)#neighbor 102.210.210.1 external [local]Redback(config-bgp-neighbor)#remote-as 200 [local]Redback(config-bgp-neighbor)#address-family ipv4 unicast [local]Redback(config-bgp-peer-af)#default-originate [local]Redback(config-bgp-peer-af)#exit [local]Redback(config-bgp-neighbor)#exit [local]Redback(config-bgp)#neighbor 68.68.68.68 external [local]Redback(config-bgp-neighbor)#remote-as 300 [local]Redback(config-bgp-neighbor)#address-family ipv4 unicast [local]Redback(config-bgp-peer-af)#default-originate route-map map1
default-peer peer-addr [pl-name]
no default-peer peer-addr [pl-name]
Configures a default peer from which to accept all Multicast Source Discovery Protocol (MSDP) source active (SA) messages.
MSDP router configuration
|
peer-addr |
Peer IP address to be set as the default peer. |
|
pl-name |
Optional. Name of the Border Gateway Protocol (BGP) prefix list which specifies that the peer will be a default peer only for the prefixes listed in the list. A BGP prefix list must be configured for this pl-name argument to have any effect. |
None
Use the default-peer command to configure a default peer from which to accept all MSDP SA messages. A default peer is needed in topologies where MSDP peers do not coexist with BGP peers. In such a case, the reverse path forwarding (RPF) check on SA messages can fail, and no SA messages are accepted. In these cases, you can configure the peer as a default peer, and bypass RPF checks.
The peer-addr argument must be the IP address of a previously configured peer.
Use the pl-name argument to allow only those SA entries whose RP is permitted in the prefix list; otherwise, all SA messages from the default peer are accepted.
Use the no form of this command to disable the default peer.
The following example configures the peer address, 192.168.3.8, as the default peer:
[local]Redback(config-ctx)#router msdp [local]Redback(config-msdp)#default-peer 192.168.3.8
default-route [metric metric] [metric-type type]
no default-route
Changes the attributes of a default route originated into a stub area or a not-so-stubby-area (NSSA).
|
metric metric |
Optional. Metric value for the default route. The range of values is 1 to 1,677,214; the default value is 1. |
|
metric-type type |
Optional. External route metric type for a Type 5 default link-state advertisement (LSA). The type argument specifies one of the following metric types:
|
The metric value for the default route is 1. For stub areas, a Type 3 LSA with a metric value of 1 is advertised. The metric type is ignored. For NSSAs that import summary advertisements, a Type 7 LSA with a metric value of 1 and a route metric type of 2 is advertised. For NSSAs that do not import summary advertisements, a Type 3 LSA with a metric value of 1 is advertised. The metric type is ignored.
Use the default-route command to change the attributes of a default route originated into a stub area or NSSA. The LSA advertising the default route depends on the area type and whether summary advertisements (Type 3 and 4 LSAs) are advertised into the area.
For stub areas, a Type 3 LSA with a metric value of 1 is advertised by default. The default-route command can be used to modify the metric. The metric type is ignored.
For NSSAs that import summary advertisements, a Type 7 LSA with a metric value of 1 and route metric type of 2 is advertised by default. The default-route command can be used to modify the metric or metric type.
For NSSAs that do not import summary advertisements, a Type 3 LSA with a metric value of 1 is advertised by default. The default-route command can be used to modify the metric. The metric type is ignored.
If there are two routers originating a default route with the same metric value, the closest router is chosen to perform routing.
Use the no form of this command to restore the default attributes for the originated default route.
The following example configures a default route metric value of 3:
[local]Redback(config-ospf-area)#default-route metric 3
delete [mate] [crashfile] url [-noconfirm]
Deletes a file from the local file system on either the active or standby controller card.
exec (10)
|
mate |
Optional. Specifies that the file to be deleted is on the controller card to which you are not connected. |
|
crashfile |
Optional. Specifies that the file to be deleted is a crash file. |
|
url |
URL of the file to be deleted. |
|
-noconfirm |
Optional. Deletes files without asking for confirmation. |
None
Use the delete command to delete a file from the local file system on either the active or standby controller card.
Use the mate keyword to specify the controller card to which you are not connected.
When referring to a file, the URL takes the following form:
[/device][/directory]/filename.ext
The value for the device argument can be flash, or if a mass-storage device is installed, md. If you do not specify the device argument, the default value is the device in the current working directory. If you do not specify the directory argument, the default value is the current directory. Directories can be nested. The value for the filename argument can be up to 256 characters in length.
Use the command-line interface (CLI) online Help for this command or the show crashfiles command (in any mode) to list the crash files currently located on the system.
If you do not specify the -noconfirm keyword, the system prompts you to confirm the deletion. Enter y to confirm the operation; if you enter any other character, the system does not delete the file.
The following example deletes a file in a nested subdirectory:
[local]Redback#delete /flash/backup/old/current.cfg
The following example deletes a crash file using the online Help to determine the URL; a confirmation message is accepted:
[local]Redback#delete crashfile ? /md/dlmd_50.core /md/dlmd_50.mini.core WORD URL of file to delete in local filesystem [local]Redback#delete crashfile /md/dlmd_50.core Are you sure you want to delete /md/dlmd_50.core ?y
delete partition sse slot disk_num partition_name
exec (10)
|
sse slot |
Chassis slot number of the SSE card. |
|
disk_num |
Disk number on the SSE card. Values: 1 or 2. |
|
partition_name |
Name of the partition. |
None.
Removes the specified partition on an SSE disk. All data in the partition is deleted.
This command cannot be executed if the partition is mounted on any other card.
[local]Redback#delete partition sse 2 1 p01
[local]Redback#delete partition sse 2 1 p01
demand-circuit
no demand-circuit
Configures Open Shortest Path First (OSPF) or OSPF Version 3 (OSPFv3) to treat a point-to-point (P2P) or point-to-multipoint (P2MP) interface as a demand circuit as described in RFC 1793, Extending OSPF to Support Demand Circuits.
This command has no keywords or arguments.
Demand circuit support is disabled on P2P and P2MP interfaces. Demand circuit support is implicitly enabled on virtual links and sham links.
Use the demand-circuit command to configure OSPF or OSPFv3 to treat a P2P or P2MP interface as a demand circuit, as described in RFC 1793, Extending OSPF to Support Demand Circuits.
Demand circuits are network segments whose costs vary with usage; charges can be based both on connect time and on bytes or packets transmitted. OSPF or OSPFv3 routing usually requires a demand circuit’s underlying data-link connection to be constantly open, resulting in unwanted usage charges. Using the demand-circuit command enables OSPF or OSPFv3 Hello packets and the refresh of OSPF or OSPFv3 routing information to be suppressed on-demand circuits, allowing the underlying data-link connections to be closed when not carrying traffic.
Use the no form of this command to remove the demand circuit designation.
The following example configures the OSPF interface POS1/2 in area 0 to be a demand circuit:
[local]Redback(config-ospf)#area 0 [local]Redback(config-ospf-area)#interface POS1/2 [local]Redback(config-ospf-if)#demand-circuit
Statements in IPv4 and IPv6 ACLs can contain different criteria; for syntax for statements for IPv6 ACLs, see deny (IPV6 ACL).
deny [protocol] {src src-wildcard | any | host src} [cond port | range port end-port] [dest dest-wildcard | any | host dest] [cond port | range port end-port] [length {cond length | range length end-length}] [icmp-type icmp-type [icmp-code icmp-code]] [igmp-type igmp-type] [dscp eq dscp-value] [established | setup | invalid-tcp-flags ] [precedence prec-value] [tos tos-value] [[fragments] | [ip-options]] [condition cond-id]
{no | default} deny src src-wildcard
Creates an IPv4 access control list (ACL) statement that denies packets that meet the specified criteria.
access control list configuration
|
protocol |
Optional. Number indicating a supported protocol as specified in RFC 1700, Assigned Numbers. The range of values is 0 to 255 or one of the keywords listed in Table 1. |
|
src |
Source address to be included in the permit or deny criteria. An IP address in the form A.B.C.D. |
|
src-wildcard |
Indication of which bits in the src argument are significant for purposes of matching. Expressed as a 32-bit quantity in a 4-byte dotted-decimal format. Any zero-bits in the src-wildcard argument must be matched by the corresponding bits in the src argument. For any one-bits in the src-wildcard argument, the corresponding bits in the src argument are ignored. |
|
any |
Specifies a completely wildcard source or destination IP address indicating that IP traffic to or from all IP addresses is to be included in the permit or deny criteria. Identical to 0.0.0.0 255.255.255.255. |
|
host src |
Address of a single-host source with no wildcard address bits. The host source construct is identical to the src src-wildcard construct if the wildcard address indicates that all bits should be matched (0.0.0.0). |
|
cond |
Optional. Matching condition for the port or length argument, according to one of the keywords listed in Table 2. |
|
port |
Optional. TCP or UDP source or destination port. This argument is only available if you specified TCP or UDP as the protocol. The range of values is 1 to 65,535 or one of the keywords listed in Table 3 and Table 4. |
|
range port end-port |
Optional. Beginning and ending TCP or UDP source or destination ports that define a range of port numbers. A packet’s port must be within the specified range to match the criteria. This construct is only available if you specify TCP or UDP as the protocol. The range of values is 1 to 65,535 or one of the keywords listed in Table 3 and Table 4. |
|
dest |
Optional. Destination address to be included in the permit or deny criteria. An IP address in the form A.B.C.D. |
|
dest-wildcard |
Indication of which bits in the dest argument are significant for purposes of matching. Expressed as a 32-bit quantity in a 4-byte dotted-decimal format. Any zero-bits in the dest-wildcard argument must be matched by the corresponding bits in the dest argument. For one-bits in the dest-wildcard argument, the corresponding bits in the dest argument are ignored. |
|
host dest |
Address of a single-host destination with no wildcard address bits. The host dest construct is identical to the dest dest-wildcard construct, if the wildcard address indicates that all bits should be matched (0.0.0.0). |
|
length |
Optional. Indicates that packet length is to be used as a filter. The packet length is the length of the network-layer packet, beginning with the IP header, regardless of the specified protocol. |
|
length |
Packet length. The range of values is 20 to 65,535. |
|
range length end-length |
Packets that fall into the range of specified lengths. Each value (length and end-length) can be from 20 to 65,535. |
|
icmp-type icmp-type |
Optional. Type of ICMP packet to be matched. The range of values is 0 to 255 or one of the keywords listed in Table 5. This argument is only available if you specify icmp for the protocol argument. |
|
icmp-code icmp-code |
Optional if you use the icmp-type icmp-type construct. A particular ICMP message code to be matched. The range of values is 0 to 255. This argument is only accepted if you specified icmp for the protocol argument. |
|
igmp-type igmp-type |
Optional. Type of IGMP packet to be matched. This argument is only accepted if you specified igmp as the protocol argument The range of values is 0 to 15 or one of the keywords listed in Table 5. |
|
dscp eq dscp-value |
Optional. Packet’s Differentiated Services Code Point (DSCP) value must be equal to the value specified in the dscp-value argument to match the criteria. The range of values is 0 to 63 or one of the keywords listed in Table 7. |
|
established |
Optional. Specifies that only established connections are to be matched. This keyword is only available if you specify tcp for the protocol argument. |
|
invalid-tcp-flags |
Optional. Specifies that TCP packets with flag combinations other than the following are a match:
Only the lower-order 6 bits (for example, FIN, SYN, RST, PSH, ACK, and URG) in the TCP Flags field are considered for validation. The higher order 6-bits (ECN bits defined by RFC 3168, The Addition of Explicit Congestion Notification (ECN) to IP, and the reserved bits) are ignored. This keyword is only available if you specify tcp for the protocol argument. |
|
setup |
Optional. Specifies that TCP packets with SYN set and ACK not set in the Flags field are a match. This keyword is only available if you specify tcp for the protocol argument. |
|
precedence prec-value |
Optional. Precedence value of packets to be considered a match. The range of values is 0 to 7, with 7 being the highest precedence, or one of the keywords listed in Table 8. |
|
tos tos-value |
Optional. Type of service (ToS) to be considered a match. The range of values is 0 to 15 or one of the keywords listed in Table 9. |
|
fragments |
Optional. Allows packet to be permitted or denied based on whether the packet is fragmented. This keyword matches packets where the More-Fragments field is equal to 1 or the IP-Offset field is not equal to 0. |
|
ip-options |
Optional. Specifies that IPv4 packets with the IP Header Length field is greater than 20 are a match. |
|
condition cond-id |
Optional. ACL condition ID in integer or IP address format. The ID range of values is 1 to 4,294,967,295. |
None
Use the deny command to create an IP or policy ACL statement to deny packets that meet the specified criteria.
To explicitly set the order of the statement in an ACL, use the seq deny command instead of this command.
In IPv4 statements, follow these guidelines:
Use the no form of this command to delete the statement with the specified sequence number from the ACL.
The following tables list the valid keyword values for the protocol argument in statements for IPv4 ACLs, see Table 1.
|
Keyword |
Definition |
|---|---|
|
ahp |
Authentication Header Protocol. |
|
esp |
Encapsulation Security Payload. |
|
gre |
Generic Routing Encapsulation. |
|
host |
Host source address. |
|
icmp |
Internet Control Message Protocol. |
|
igmp |
Internet Group Management Protocol. |
|
ip |
Any IP protocol. |
|
ipinip |
IP-in-IP tunneling. |
|
ospf |
Open Shortest Path First. |
|
pcp |
Payload Compression Protocol. |
|
pim |
Protocol Independent Multicast. |
|
tcp |
Transmission Control Protocol. |
|
udp |
User Datagram Protocol. |
Table 2 lists the valid keyword values for the cond argument.
|
Keyword |
Description |
|---|---|
|
eq |
Equal to |
|
gt |
Greater than |
|
lt |
Less than |
|
neq |
Not equal to |
Table 3 lists the valid keyword values for the port argument when it is used to specify a TCP port.
|
Keyword |
Definition |
Corresponding Port Number |
|---|---|---|
|
bgp |
Border Gateway Protocol (BGP) |
179 |
|
chargen |
Character generator |
19 |
|
cmd |
Remote commands (rcmd) |
514 |
|
daytime |
Daytime |
13 |
|
discard |
Discard |
9 |
|
domain |
Domain Name System |
53 |
|
echo |
Echo |
7 |
|
exec |
Exec (rsh) |
512 |
|
finger |
Finger |
79 |
|
ftp |
File Transfer Protocol |
21 |
|
ftp-data |
FTP data connections (used infrequently) |
20 |
|
gopher |
Gopher |
70 |
|
hostname |
Network interface card (NIC) hostname server |
101 |
|
ident |
Identification protocol |
113 |
|
irc |
Internet Relay Chat |
194 |
|
klogin |
Kerberos login |
543 |
|
kshell |
Kerberos Shell |
544 |
|
login |
Login (rlogin) |
513 |
|
lpd |
Printer service |
515 |
|
nntp |
Network News Transport Protocol |
119 |
|
pim-auto-rp |
Protocol Independent Multicast Auto-RP |
496 |
|
pop2 |
Post Office Protocol Version 2 |
109 |
|
pop3 |
Post Office Protocol Version 3 |
110 |
|
shell |
Remote command shell |
514 |
|
smtp |
Simple Mail Transport Protocol |
25 |
|
ssh |
Secure Shell |
22 |
|
sunrpc |
Sun Remote Procedure Call |
111 |
|
syslog |
System logger |
514 |
|
tacacs |
Terminal Access Controller Access Control System |
49 |
|
talk |
Talk |
517 |
|
telnet |
Telnet |
23 |
|
time |
Time |
37 |
|
uucp |
UNIX-to-UNIX Copy Program |
540 |
|
whois |
Nickname |
43 |
|
www |
World Wide Web (HTTP) |
80 |
Table 4 lists the valid keyword values for the port argument when it is used to specify a UDP port.
|
Keyword |
Definition |
Corresponding Port Number |
|---|---|---|
|
biff |
Biff (Mail Notification, Comsat) |
512 |
|
bootpc |
Bootstrap Protocol client |
68 |
|
bootps |
Bootstrap Protocol server |
67 |
|
discard |
Discard |
9 |
|
dnsix |
DNSIX Security Protocol Auditing |
195 |
|
domain |
Domain Name System |
53 |
|
echo |
Echo |
7 |
|
isakmp |
Internet Security Association and Key Management Protocol (ISAKMP) |
500 |
|
mobile-ip |
Mobile IP Registration |
434 |
|
nameserver |
IEN116 Name Service (obsolete) |
42 |
|
netbios-dgm |
NetBIOS Datagram Service |
138 |
|
netbios-ns |
NetBIOS Name Service |
137 |
|
netbios-ss |
NetBIOS Session Service |
139 |
|
ntp |
Network Time Protocol |
123 |
|
pim-auto-rp |
Protocol Independent Multicast Auto-RP |
496 |
|
rip |
Router Information Protocol (router, in.routed) |
520 |
|
snmp |
Simple Network Management Protocol |
161 |
|
snmptrap |
SNMP Traps |
162 |
|
sunrpc |
Sun Remote Procedure Call |
111 |
|
syslog |
System logger |
514 |
|
tacacs |
Terminal Access Controller Access Control System |
49 |
|
talk |
Talk |
517 |
|
tftp |
Trivial File Transfer Protocol |
69 |
|
time |
Time |
37 |
|
who |
Who Service (rwho) |
513 |
|
xdmcp |
X Display Manager Control Protocol |
177 |
Table 5 lists the valid keyword values for the icmp-type argument.
|
Keyword |
Description |
|---|---|
|
administratively-prohibited |
Administratively prohibited |
|
alternate-address |
Alternate address |
|
conversion-error |
Datagram conversion |
|
dod-host-prohibited |
Host prohibited |
|
dod-net-prohibited |
Net prohibited |
|
echo |
Echo (ping) |
|
echo-reply |
Echo reply |
|
general-parameter-problem |
General parameter problem |
|
host-isolated |
Host isolated |
|
host-precedence-unreachable |
Host unreachable for precedence |
|
host-redirect |
Host redirect |
|
host-tos-redirect |
Host redirect for ToS |
|
host-tos-unreachable |
Host unreachable for ToS |
|
host-unknown |
Host unknown |
|
host-unreachable |
Host unreachable |
|
information-reply |
Information replies |
|
information-request |
Information requests |
|
log |
Log matches against this entry |
|
log-input |
Log matches against this entry, including input interface |
|
mask-reply |
Mask replies |
|
mask-request |
Mask requests |
|
mobile-redirect |
Mobile host redirects |
|
net-redirect |
Network redirect |
|
net-tos-redirect |
Network redirect for ToS |
|
net-tos-unreachable |
Network unreachable for ToS |
|
net-unreachable |
Network unreachable |
|
network-unknown |
Network unknown |
|
no-room-for-option |
Parameter required but no room |
|
option-missing |
Parameter required but not present |
|
packet-too-big |
Fragmentation needed and DF set |
|
parameter-problem |
All parameter problems |
|
port-unreachable |
Port unreachable |
|
precedence |
Match packets with given precedence value |
|
precedence-unreachable |
Precedence cutoff |
|
protocol-unreachable |
Protocol unreachable |
|
reassembly-timeout |
Reassembly timeout |
|
redirect |
All redirects |
|
router-advertisement |
Router discovery advertisement |
|
router-solicitation |
Router discovery solicitation |
|
source-quench |
Source quenches |
|
source-route-failed |
Source route failed |
|
time-exceeded |
All time exceeded messages |
|
time-range |
Specify a time-range |
|
timestamp-reply |
Timestamp replies |
|
timestamp-request |
Timestamp requests |
|
tos |
Match packets with given type of service (ToS) value |
|
traceroute |
Traceroute |
|
ttl-exceeded |
TTL Exceeded |
|
unreachable |
All unreachables |
Table 6 lists the valid keyword values for the igmp-type argument.
|
Keyword |
Description |
|---|---|
|
dvmrp |
Specifies Distance-Vector Multicast Routing Protocol. |
|
Host-query |
Specifies host query. |
|
Host-report |
Specifies host report. |
|
pim |
Specifies Protocol Independent Multicast. |
Table 7 lists the valid keyword values for the dscp-value argument.
|
Keyword |
Definition |
|---|---|
|
af11 |
Assured Forwarding—Class 1/Drop precedence 1 |
|
af12 |
Assured Forwarding—Class 1/Drop precedence 2 |
|
af13 |
Assured Forwarding—Class 1/Drop precedence 3 |
|
af21 |
Assured Forwarding—Class 2/Drop precedence 1 |
|
af22 |
Assured Forwarding—Class 2/Drop precedence 2 |
|
af23 |
Assured Forwarding—Class 2/Drop precedence 3 |
|
af31 |
Assured Forwarding—Class 3/Drop precedence 1 |
|
af32 |
Assured Forwarding—Class 3/Drop precedence 2 |
|
af33 |
Assured Forwarding—Class 3/Drop precedence 3 |
|
af41 |
Assured Forwarding—Class 4/Drop precedence 1 |
|
af42 |
Assured Forwarding—Class 4/Drop precedence 2 |
|
af43 |
Assured Forwarding—Class 4/Drop precedence 3 |
|
cs0 |
Class Selector 0 |
|
cs1 |
Class Selector 1 |
|
cs2 |
Class Selector 2 |
|
cs3 |
Class Selector 3 |
|
cs4 |
Class Selector 4 |
|
cs5 |
Class Selector 5 |
|
cs6 |
Class Selector 6 |
|
cs7 |
Class Selector 7 |
|
df |
Default Forwarding (same as cs0) |
|
ef |
Expedited Forwarding |
Table 8 lists the valid keyword values for the prec-value argument.
|
Keyword |
Description |
|---|---|
|
tine |
Specifies routine precedence (value=0). |
|
priority |
Specifies priority precedence (value=1). |
|
immediate |
Specifies immediate precedence (value=2). |
|
flash |
Specifies flash precedence (value=3). |
|
flash-override |
Specifies flash override precedence (value=4). |
|
critical |
Specifies critical precedence (value=5). |
|
internet |
Specifies internetwork control precedence (value=6). |
|
network |
Specifies network control precedence (value=7). |
Table 9 lists the valid keyword values for the tos-value argument.
|
Keyword |
Description |
|---|---|
|
max-reliability |
Specifies maximum reliable ToS (value=2). |
|
max-throughput |
Specifies maximum throughput ToS (value=4). |
|
min-delay |
Specifies minimum delay ToS (value=8). |
|
min-monetary-cost |
Specifies minimum monetary cost ToS (value=1). |
|
normal |
Specifies normal ToS (value=0). |
The following example specifies that all IP traffic to destination host, 10.25.1.1, is to be denied, and all other traffic on subnet 10.25.1/24 is to be permitted:
[local]Redback(config-ctx)#ip access-list protect201 [local]Redback(config-access-list)#deny ip any host 10.25.1.1 [local]Redback(config-access-list)#permit ip any 10.25.1.0 0.0.0.255
Statements in IPv4 and IPv6 ACLs can contain different criteria; for syntax for statements for IPv4 ACLs, see deny (IPV4 ACL).
deny [protocol] {src-ipv6-addr/prefix-length | any} [cond] [range port end-port] [dest-ipv6-addr/prefix-length | any ] [icmp-type icmp-type] [icmp-code icmp-code]] [established] [traffic-class eq traffic-class-value] [condition cond-id]
no seq seq-num
Creates an IPv6 access control list (ACL) statement that denies packets that match the specified criteria.
access control list configuration
|
protocol |
Optional. Number indicating a supported protocol as specified in RFC 1700, Assigned Numbers. The range of values is 0 to 255 or one of the keywords listed in: For statements in IPv6 ACLs, see Table 10. |
|
src-ipv6-address/prefix-length |
The traffic source to add to the statement criteria. The src-ipv6-address/prefix-length argument is in the format A:B:C:D::E/prefix -length, where the prefix length can be a number from 0 to 128. |
|
any |
Indicates that IP traffic to or from all IP addresses is to be included in the deny criteria. |
|
cond |
Required if you specify the TCP or UDP protocol. Matching condition according to one of the keywords listed in Table 11. |
|
range port end-port |
Optional if you specify the TCP or UCP protocol. Beginning and ending TCP or UDP source or destination ports that define a range of port numbers. A packet’s port must fall within the specified range to match the criteria. The range of values is 1 to 65,535 or one of the keywords listed in Table 12 and Table 13. |
|
dest-ipv6-addr/prefix-length |
The traffic destination to be matched. The src-ipv6-address/prefix-length argument is in the format A:B:C:D::E/prefix-length, where the range of values for the prefix length can be from 0 to 128. |
|
icmp-type icmp-type |
Optional. Type of ICMP packet to be matched. The range of values is 0 to 255 or one of the keywords listed in Table 14. This argument is only available if you specify icmp for the protocol argument. |
|
icmp-code icmp-code |
Optional if you use the icmp-type icmp-type construct. A particular ICMP message code to be matched. The range of values is 0 to 255. |
|
established |
Optional with the TCP protocol. Specifies that only established TCP port connections are to be matched. This keyword is only available if you specify tcp for the protocol argument. |
|
traffic eq traffic-class-value |
Optional. Type of traffic class to be matched. The traffic-class-value argument is a DSCP; the range of values is from 0 to 63 or one of the DSCP keywords in Table 15. |
|
condition cond-id |
Optional. Matching ACL condition ID, in integer or IP address format. The ID range of values is 1 to 4,294,967,295. Not supported with IPv6 administrative ACLs. |
None
Use the deny command to create an IP ACL statement to deny packets that match the specified criteria. This command does not set the order of the statement in the ACL; the OS automatically sets the order. Use the seq deny command to set the order of the statement in the ACL.
In IPv6 statements, a total of 100 rules can be added to an ACL, and IPv6 administrative ACLs (in contexts) automatically enable IPv6 Neighbor Discovery.
Use the no form of this command to delete the statement with the specified sequence number from the ACL.
Table 10 lists the valid keyword values for the protocol argument:
|
icmp |
Specifies ICMP version 6; requires the IPv6 source prefix in the format 1:2:3:4:5:6:7::8/48 or the any keyword. |
|
ipv6 |
Specifies any IPv6 Protocol (excluding IPv6 extension headers). Requires the IPv6 source prefix in the format 1:2:3:4:5:6:7::8/48 or the any keyword. |
|
ospf |
Specifies Open Shortest Path First. |
|
pcp |
Payload Compression Protocol |
|
pim |
Specifies Protocol Independent Multicast. |
|
tcp |
Specifies Transmission Control Protocol. |
|
udp |
Specifies User Datagram Protocol. |
Table 11 lists the valid keyword values for the cond argument.
|
Keyword |
Description |
|---|---|
|
eq |
Equal to |
|
gt |
Greater than |
|
lt |
Less than |
|
neq |
Not equal to |
Table 12 lists the valid keyword values for the port argument when it is used to specify a TCP port.
|
Keyword |
Definition |
Corresponding Port Number |
|---|---|---|
|
bgp |
Border Gateway Protocol (BGP) |
179 |
|
chargen |
Character generator |
19 |
|
cmd |
Remote commands (rcmd) |
514 |
|
daytime |
Daytime |
13 |
|
discard |
Discard |
9 |
|
domain |
Domain Name System |
53 |
|
echo |
Echo |
7 |
|
exec |
Exec (rsh) |
512 |
|
finger |
Finger |
79 |
|
ftp |
File Transfer Protocol |
21 |
|
ftp-data |
FTP data connections (used infrequently) |
20 |
|
gopher |
Gopher |
70 |
|
hostname |
Network interface card (NIC) hostname server |
101 |
|
ident |
Identification protocol |
113 |
|
irc |
Internet Relay Chat |
194 |
|
klogin |
Kerberos login |
543 |
|
kshell |
Kerberos Shell |
544 |
|
login |
Login (rlogin) |
513 |
|
lpd |
Printer service |
515 |
|
nntp |
Network News Transport Protocol |
119 |
|
pim-auto-rp |
Protocol Independent Multicast Auto-RP |
496 |
|
pop2 |
Post Office Protocol Version 2 |
109 |
|
pop3 |
Post Office Protocol Version 3 |
110 |
|
shell |
Remote command shell |
514 |
|
smtp |
Simple Mail Transport Protocol |
25 |
|
ssh |
Secure Shell |
22 |
|
sunrpc |
Sun Remote Procedure Call |
111 |
|
syslog |
System logger |
514 |
|
tacacs |
Terminal Access Controller Access Control System |
49 |
|
talk |
Talk |
517 |
|
telnet |
Telnet |
23 |
|
time |
Time |
37 |
|
uucp |
UNIX-to-UNIX Copy Program |
540 |
|
whois |
Nickname |
43 |
|
www |
World Wide Web (HTTP) |
80 |
Table 13 lists the valid keyword values for the port argument when it is used to specify a UDP port.
|
Keyword |
Definition |
Corresponding Port Number |
|---|---|---|
|
biff |
Biff (Mail Notification, Comsat) |
512 |
|
bootpc |
Bootstrap Protocol client |
68 |
|
bootps |
Bootstrap Protocol server |
67 |
|
discard |
Discard |
9 |
|
dnsix |
DNSIX Security Protocol Auditing |
195 |
|
domain |
Domain Name System |
53 |
|
echo |
Echo |
7 |
|
isakmp |
Internet Security Association and Key Management Protocol (ISAKMP) |
500 |
|
mobile-ip |
Mobile IP Registration |
434 |
|
nameserver |
IEN116 Name Service (obsolete) |
42 |
|
netbios-dgm |
NetBIOS Datagram Service |
138 |
|
netbios-ns |
NetBIOS Name Service |
137 |
|
netbios-ss |
NetBIOS Session Service |
139 |
|
ntp |
Network Time Protocol |
123 |
|
pim-auto-rp |
Protocol Independent Multicast Auto-RP |
496 |
|
rip |
Router Information Protocol (router, in.routed) |
520 |
|
snmp |
Simple Network Management Protocol |
161 |
|
snmptrap |
SNMP Traps |
162 |
|
sunrpc |
Sun Remote Procedure Call |
111 |
|
syslog |
System logger |
514 |
|
tacacs |
Terminal Access Controller Access Control System |
49 |
|
talk |
Talk |
517 |
|
tftp |
Trivial File Transfer Protocol |
69 |
|
time |
Time |
37 |
|
who |
Who Service (rwho) |
513 |
|
xdmcp |
X Display Manager Control Protocol |
177 |
Table 14 lists the valid keyword values for the icmp-type argument.
|
Keyword |
Description |
|---|---|
|
destination-unreachable |
Destination-unreachable message |
|
echo-reply |
Echo reply message |
|
echo-request |
Echo request message |
|
mipv6 |
Mobile IPv6 message; can be:
|
|
mld |
Multicast Listener Discovery |
|
nd |
Neighbor Discovery message; can be:
|
|
packet-too-big |
Fragmentation needed and DF set |
|
parameter-problem |
All parameter problems |
|
renumbering |
Router renumbering message |
|
send |
Secure Neighbor Discovery messages; can be:
|
|
time-exceeded |
All time exceeded messages |
Table 15 lists the valid keyword values for the traffic-class-value argument.
|
Keyword |
Definition |
|---|---|
|
af11 |
Assured Forwarding—Class 1/Drop precedence 1 |
|
af12 |
Assured Forwarding—Class 1/Drop precedence 2 |
|
af13 |
Assured Forwarding—Class 1/Drop precedence 3 |
|
af21 |
Assured Forwarding—Class 2/Drop precedence 1 |
|
af22 |
Assured Forwarding—Class 2/Drop precedence 2 |
|
af23 |
Assured Forwarding—Class 2/Drop precedence 3 |
|
af31 |
Assured Forwarding—Class 3/Drop precedence 1 |
|
af32 |
Assured Forwarding—Class 3/Drop precedence 2 |
|
af33 |
Assured Forwarding—Class 3/Drop precedence 3 |
|
af41 |
Assured Forwarding—Class 4/Drop precedence 1 |
|
af42 |
Assured Forwarding—Class 4/Drop precedence 2 |
|
af43 |
Assured Forwarding—Class 4/Drop precedence 3 |
|
cs0 |
Class Selector 0 |
|
cs1 |
Class Selector 1 |
|
cs2 |
Class Selector 2 |
|
cs3 |
Class Selector 3 |
|
cs4 |
Class Selector 4 |
|
cs5 |
Class Selector 5 |
|
cs6 |
Class Selector 6 |
|
cs7 |
Class Selector 7 |
|
df |
Default Forwarding (same as cs0) |
|
ef |
Expedited Forwarding |
The following example denies TCP traffic with the prefix 22:1:1::2/128 with default forwarding (DSCP code df) and all UDP traffic from port 80 or 81, and permits all IPv6 traffic:
[local]Redback(config-ctx)#ipv6 access-list listmgt [local]Redback(config-access-list)#deny tcp 22:1:1::2/128 any traffic-class eq df [local]Redback(config-access-list)#deny udp any any range 80 81 [local]Redback(config-access-list)#permit ipv6 any any
deny {context name ctx-name | domain name name | pppoe service-name name | dhcp hostname name}
no deny {context name ctx-name | domain name name | pppoe service-name name | dhcp hostname name}
Denies access to the specified context, Point-to-Point over Ethernet (PPPoE) service, or domain for PPPoE subscriber sessions that are attached to the service policy. This command also denies a DHCP client host access to the circuit that is associated with the service policy.
service policy configuration
|
context name ctx-name |
Denies subscriber sessions access to the specified context. |
|
domain name name |
Denies subscriber sessions access to the specified domain. |
|
pppoe service-name name |
Denies PPPoE Active Discovery Initiation (PADI) or PPPoE Active discovery Request (PADR) packets access to the specified PPPoE service. |
|
dhcp hostname name |
Denies the specified DHCP client host access to the circuit that is associated with the service policy. |
None
Use the deny command to deny access to the specified context, PPPoE service, or domain for subscriber PPPoE sessions that are attached to the service policy. You can also use the deny command to deny a DHCP client host access to the circuit that is associated with the service policy.
Any DHCP hosts, contexts, PPPoE services, or domains that are not explicitly specified through this command are implicitly allowed.
Use the no form of this command to allow access to a prohibited context, PPPoE service, or domain. Or, you can use the no form of this command to remove a configuration that denies a DHCP client host access to the circuit that is associated with the service policy.
The following example shows how to configure a service policy, local-only, which denies subscriber access to the ctx_black context and dmn_black domain:
[local]Redback(config)#service-policy name local-only [local]Redback(config-policy-svc)#deny context name ctx_black [local]Redback(config-policy-svc)#deny domain name dmn_black
The following example shows how to create a service policy called AllowData, which denies the PPPoE service named voice and allows all other PPPoE services:
[local]Redback(config)#service-policy name AllowData [local]Redback(config-policy-svc)#deny pppoe service-name voice
The following example shows how to create a service policy called deny hosts, which denies the DHCP client hosts named group1, group4, and group5 access to the circuit that is associated with the specified service policy and allows all other DHCP client hosts to access the circuit:
[local]Redback(config)#service-policy name denyhosts [local]Redback(config-policy-svc)#deny dhcp hostname group1 [local]Redback(config-policy-svc)#deny dhcp hostname group4 [local]Redback(config-policy-svc)#deny dhcp hostname group5
description text
no description
Associates a text description with an IP access control list (ACL) or a policy ACL.
access control list configuration
|
text |
Alphanumeric text description to be associated with the ACL. |
No description is associated with the ACL.
Use the description command to associate a text description with the ACL.
You can use a text description to notate what an ACL consists of or how it is to be used. Only one description can be associated with a single ACL. To revise a description, create a new one, and the old one is overwritten.
Use the no form of this command to remove the description from an ACL.
The following example creates a text description to be associated with the IP ACL, restricted:
[local]Redback(config-ctx)#ip access-list restricted [local]Redback(config-access-list)#description private net
The following example creates a text description to be associated with the policy ACL, trafficin:
[local]Redback(config-ctx)#policy access-list trafficin [local]Redback(config-access-list)#description inbound traffic web
description text
{no | default} description [text]
Associates textual information with an Automatic Protection Switching (APS) or Multiplex Section Protection (MSP) group.
APS configuration
|
text |
Text string that identifies the port. The string can be any alphanumeric string, including spaces, that is not longer than 63 ASCII characters. |
No description is associated with an APS/MSP group.
Use the description command to associate textual information with an APS/MSP group. The show configuration command displays this text for the APS/MSP group.
Use the no or default form of this command to delete the existing description. Because only one description for an APS/MSP group can exist, when you use the no or default form of this command, it is not necessary to include the text argument. To change a description, create a new one; it overwrites the existing one.
The following example shows how to associate a description with the APS/MSP group lab48:
[local]Redback(config)#aps group lab48 pos [local]Redback(config-aps)#description OC-48 APS
description text
{no | default} description
Associates a textual description with an Asynchronous Transfer Mode (ATM) or Frame Relay profile or permanent virtual circuit (PVC).
|
text |
Text string that identifies the profile or PVC. Can be any alphanumeric string, including spaces, not to exceed the following lengths:
|
No description is associated with any profile or PVC.
Use the description command to associate textual information with an ATM or Frame Relay profile or PVC. This text is displayed by the appropriate show command.
Use the no or default form of this command to delete the existing description. Because there can be only one description for a profile or PVC, when you use the no or default form of this command, it is not necessary to include the text argument. To change a description, create a new one; it overwrites the existing one.
The following example shows how to associate a description with an ATM PVC configured on an ATM OC port:
[local]Redback(config)#port atm 2/1 [local]Redback(config-atm-oc)#atm pvc 0 32 profile dslam1 encapsulation bridge1483 [local]Redback(config-atm-pvc)#description ATM bridged 1483 circuit
description text
no description
Associates a description with the Border Gateway Protocol (BGP) neighbor or peer group.
|
text |
Description of the neighbor (maximum of 80 characters). |
None
Use the description command to associate a description with the BGP neighbor or peer group. This command does not affect the BGP connection. It is used as a note in the configuration.
Use the no form of this command to remove a description from the configuration. Because there can be only one description for a BGP neighbor or peer group, when you use the no form of this command, it is not necessary to include the text argument.
The following example provides the description, Palo Alto BGP Neighbor 12, for the BGP neighbor at IP address, 102.210.210.1:
[local]Redback(config-ctx)#router bgp 100 [local]Redback(config-bgp)#neighbor 102.210.210.1 external [local]Redback(config-bgp-neighbor)#description Palo Alto BGP Neighbor 12
description text
{no | default} description
Associates a textual description with a bridge.
bridge configuration
|
text |
Text string that identifies the bridge. Can be any alphanumeric string, including spaces, that is not longer than 63 ASCII characters. |
No description is associated with any bridge.
Use the description command to associate textual information with a bridge. This text displays by the appropriate show command.
Use the no or default form of this command to delete the existing description. Because there can be only one description for a bridge, when you use the no or default form of this command, it is not necessary to include the text argument. To change a description, create a new one; it overwrites the existing one.
The following example shows how to associate a description with the bridge, isp1, configured in the bridge context:
[local]Redback(config)#context bridge [local]Redback(config-ctx)#bridge isp1 [local]Redback(config-bridge)#description Bridge for all traffic to ISP1
description text
{no | default} description
Associates a textual description with an 802.1Q profile or permanent virtual circuit (PVC).
|
text |
Text string that identifies the profile or PVC. Can be any alphanumeric string, including spaces, not to exceed the following lengths:
|
No description is associated with any profile or PVC.
Use the description command to associate textual information with an 802.1Q profile or PVC. This text is displayed by the appropriate show command.
Use the no or default form of this command to delete the existing description. Because there can be only one description for a profile or PVC, when you use the no or default form of this command, it is not necessary to include the text argument. To change a description, create a new one; it overwrites the existing one.
The following example provides the description, local vlan, for the 802.1Q PVC 100:
[local]Redback(config-port)#dot1q pvc 100 [local]Redback(config-dot1q-pvc)#description local vlan
description text
{no | default} description
Associates a text description with an interface.
interface configuration
|
text |
Text string, up to 255 ASCII characters, that identifies the interface. |
None
Use the description command to associate a text description with an interface. The description appears in the output of the show ip interface and show configuration commands. Text can be any alphanumeric string, including spaces. For more information on the show configuration command, see Using the CLI.
Use the no or default form of this command to delete the existing description. Because there can be only one description for an interface, you can omit the text argument when you use the no form of this command. To change a description, create a new one; it overwrites the existing one.
The following example creates the interface, upstream, as the upstream interface to the goldisp.net service provider:
[local]Redback(config-ctx)#interface upstream [local]Redback(config-if)#description interface to goldisp.net
description text
{no | default} description
Associates textual information with a Layer 2 Tunneling Protocol (L2TP) peer.
L2TP peer configuration
|
text |
Textual description for an L2TP peer. Can be any alphanumeric string, including spaces, up to 255 ASCII characters. |
No description is associated with the L2TP peer.
Use the description command to associate textual information with the L2TP peer. The description appears in the output of the show configuration command with the l2tp keyword in any mode.
Use the no or default form of this command to delete the existing description. Because there can be only one description for a peer, when you use the no form of this command, it is not necessary to include the text argument.
To change a description, create a new one; it overwrites the existing one.
The following example shows how to select (or create) an L2TP peer, and then associates a text description with it:
[local]Redback(config)#context local [local]Redback(config-ctx)#l2tp-peer name isp1.net remote 172.16.1.2 local 172.16.1.1 [local]Redback(config-l2tp)#description Corporate offices in Connecticut
The following example shows how to change the description created in the previous example:
[local]Redback(config-l2tp)#description Corporate offices in Hartford
The following example shows how to delete an existing description:
[local]Redback(config-l2tp)#no description
description description
no description
Specifies a text string description of the access link group.
link group configuration
|
description |
Text string description of the link group. For access link groups only, this string is used as the prefix to the NAS-PORT-ID RADIUS attribute (prefix-nas-port-id) if and only if the radius attribute nas-port-id command using the format modified-agent-circuit-id prefix-lg-description keywords has been entered. If no description is provided by this command, the default prefix is eth. |
The link group has no description in the default state.
Use the description command in link group configuration mode to specify a text string description of the access link group.
For access link groups, the description can be used as a prefix to the RADIUS NAS-PORT-ID attribute. Enter a unique ID for each access link group.
Use the no form of this command to delete the description.
The following example illustrates the use of the description command:
[local]Redback(config)#link-group lg1 access [local]Redback(config-link-group)#description 35ttf
description text
no description
Associates a description with the autonomous system (AS) path list, community list, extended community list, IP prefix list, or IP Version 6 (IPv6) prefix list.
|
text |
Description of the AS path list, community list, extended community list, IP prefix list, or IPv6 prefix list. |
None
Use the description command to associates a description with the AS path list, community list, extended community list, IP prefix list, or IPv6 prefix list. For more information, see the as-path-list, community-list, ext-community-list, ip prefix-list, and ipv6 prefix-list commands in context configuration mode.
Use the no form of this command to remove a description. Because there can be only one description for an AS path list, community list, extended community list, IP prefix list, or IPv6 prefix list, when you use the no form of this command, it is not necessary to include the text argument.
The following example configures a description for the community list, com-list1:
[local]Redback(config-ctx)#community-list com-list1 [local]Redback(config-community-list)#description filter for community1
description text
no description
Associates a description with a static label-switched path (LSP) or a Resource Reservation Protocol (RSVP) LSP.
|
text |
Description of the LSP (maximum of 80 characters). |
None
Use the description command to associate a description with a static LSP or an RSVP LSP. This command does not affect the LSP; it is used only as a note in the configuration.
Use the no form of this command to remove a description from the configuration. Because there can be only one description for an LSP, when you use the no form of this command, it is not necessary to include the text argument.
The following example provides the description, Shortcut to Net 41A, for the MPLS static LSP, To41A:
[local]Redback(config)#context sj1 [local]Redback(config-ctx)#router mpls-static [local]Redback(config-mpls-static)#lsp To41A [local]Redback(config-mpls-static-lsp)#description Shortcut to Net 41A [local]Redback(config-mpls-static-lsp)#
description text
no description
Associates a text description with an Multicast Source Discovery Protocol (MSDP) peer.
MSDP peer configuration
|
text |
Text string that identifies the MSDP peer. |
None
Use the description command to associate a text description with an MSDP peer. The description can be a maximum of 80 characters.
Use the no form of this command to remove the description from the MSDP peer. Because there can be only one description for an MSDP peer, when you use the no form of this command, it is not necessary to include the text argument.
The following example sets the MSDP peer description to Peer66 to used for testing:
[local]Redback(config-msdp)#peer 192.168.1.1 local-tcp-source peer66 [local]Redback(config-msdp-peer)#description Peer66 to used for testing
description text
{no | default} description
Associates textual information with a port.
|
text |
Text string that identifies the port. Can be any alphanumeric string, including spaces. The string may not exceed 255 ASCII characters. |
No description is associated with a port.
Use the description command to associate textual information with the port. The show port detail command for the port displays this text.
Use the no or default form of this command to delete the existing description. Because there can be only one description for a port, when you use the no or default form of this command, it is not necessary to include the text argument. To change a description, create a new one; it overwrites the existing one.
The following example shows how to associate a description with the management port on the controller card in slot 7:
[local]Redback(config)#port ethernet 7/1 [local]Redback(config-port)#description Management port
description text
{no | default} description
Associates a text description with a port or channel.
|
text |
Text string that identifies the channel. Can be any alphanumeric string, including spaces, that is not longer than 255 ASCII characters. |
No description is associated with a port or channel.
Use the description command to associate a text description with a port or channel. This text appears in the output of the show port detail command (in any mode).
Use the no or default form of this command to delete the existing description. Because there can be only one description for a port or channel; when you use the no or default form of this command, it is not necessary to include the text argument. To change a description, create a new one; it overwrites the existing one.
The following example shows how to associate a description with channelized OC-12 port 1 in slot 4:
[local]Redback(config)#port channelized-oc12 4/1 [local]Redback(config-port)#description channelized OC-12 in New York
description description
no description
Describes the alarm model.
SNMP alarm model configuration
|
description |
A word or phrase that describes the alarm model. |
None
Use the description command to describe the alarm model you are configuring.
Use the no form to remove the description of the alarm model.
The following example shows how to configure the description of an alarm model to LinkUp Administrative.
[local]jazz#config [local]jazz(config)#snmp alarm model 1 state major [local]jazz(config-snmp-alarmmodel)#description LinkUp Administrative [local]jazz(config-snmp-alarmmodel)#exit
description text
{no | default} description text
SSE group configuration
|
text |
Text description associated with the SSE group. |
No description is associated with the SSE group.
Associates a text description with an SSE group. Only one description can be associated with an SSE group. To revise a description, create a new one, and the old one is overwritten.
Use the no or default form of this command to delete the existing description.
[local]Redback(config)#sse group sse_group_1 network-redundant [local]Redback(config-SE-group)#description SSE group 1
description text
no description
Associates textual information with the tunnel.
tunnel configuration
|
text |
Textual description for a tunnel. Can be any alphanumeric string, including spaces, not to exceed 64 ASCII characters. |
No description is associated with the tunnel.
Use the description command to associate textual information with the tunnel. The description appears in the output of the show configuration command with the tunnel keyword (in any mode).
Use the no form of this command to delete the existing description. Because there can be only one description for a tunnel, when you use the no form of this command, it is not necessary to include the text argument.
To change a description, create a new one; it overwrites the existing one.
The following example shows how to select (or create) a GRE tunnel, and then associate a text description with it:
[local]Redback(config)#tunnel gre HartfordTnl [local]Redback(config-tunnel)#description Corporate offices in Hartford
The following example shows how to change the description created in the previous example:
[local]Redback(config-tunnel)#description Branch offices in Hartford
The following example shows how to delete an existing description:
[local]Redback(config-tunnel)#no description
description text
no description
Associates a description with a neighbor.
VPLS profile neighbor configuration
|
text |
Description of the neighbor (63 characters maximum). |
None
Use the description command to associate a description with a neighbor. This command does not affect the neighbor, but is used only as a note in the configuration.
Use the no form of this command to remove a description from the neighbor. Because there can be only one description for a neighbor, when you use the no form of this command, it is not necessary to include the text argument.
The following example provides the description, test-peer, for the neighbor, 10.10.10.1:
[local]Redback#config [local]Redback(config)#vpls profile foo [local]Redback(config-vpls-profile)#neighbor 10.10.10.1 [local]Redback(config-vpls-profile-neighbor)#description test-peer [local]Redback(config-vpls-profile-neighbor)#
destination ip-addr [context-name]
Configures the Network Address Translation (NAT) policy or its class to use the specified IP address in destination IP address translation or destination NAT (DNAT).
|
ip-addr |
Specifies the IP address to replace the original destination address. |
|
context-name |
Specifies the name of the context in which the configured destination IP address resides. |
No predefined IP address is configured as a destination IP address.
Use the destination command to configure the NAT policy or its class to use the specified IP address in DNAT. DNAT replaces the original destination IP addresses of all packets or the packets of a specific class with a predefined IP address.
When a destination IP address is configured for a given class, the SmartEdge router applies this predefined IP address to all packets of the class.
You can enable DNAT with or without having to perform NAT.
Configuring DNAT without NAT requires that you configure the destination command with the ignore command.
Use the destinationip-addrr context-name construct to specify that the configured destination IP address resides within the specified context. Without the name of the context specified, the configured destination IP address is assumed to be either in the context in which the NAT pool is defined or, if no NAT pool is defined, in the context in which the NAT policy is defined.
The following example shows how to configure DNAT with NAT. A predefined destination address is configured for the NAT-CLASS1 class within the NAT policy NAT-POLICY. For all packets from class NAT-CLASS1, the destination address of each packet is replaced by 64.233.267.100 so that all packets from class NAT-CLASS1 are forwarded to that address. On the return path, a reverse translation from 64.233.267.100 to the original destination address is performed so that the returning traffic appears to be sent from the original destination address:
[local]Redback(config-ctx)#nat policy NAT-POLICY !Default class [local]Redback(config-policy-nat)#pool NAT-POOL-DEFAULT local !Named classes [local]Redback(config-policy-nat)#access-group NAT-ACL [local]Redback(config-policy-acl)#class NAT-CLASS1 [local]Redback(config-policy-acl-class)#pool NAT-POOL1 local [local]Redback(config-policy-acl-class)#destination 64.233.167.100
The following example shows how to configure DNAT without NAT. A predefined destination address is configured for the NAT-CLASS2 class within the NAT policy NAT-POLICY. For the NAT-CLASS2 class within the NAT policy NAT-POLICY, the destination address of each packet is replaced by 64.233.267.100 so that all packets from class NAT-CLASS2 are forwarded to that address. In this example, the source address is not translated:
[local]Redback(config-ctx)#nat policy NAT-POLICY !Default class [local]Redback(config-policy-nat)#pool NAT-POOL-DEFAULT local !Named classes [local]Redback(config-policy-nat)#access-group NAT-ACL [local]Redback(config-policy-acl)#class NAT-CLASS2 [local]Redback(config-policy-acl-class)#ignore [local]Redback(config-policy-acl-class)#destination 64.233.167.100
detection-multiplier value
{no | default} detection-multiplier
Specifies the detection multiplier value.
|
value |
Detection multiplier value. The range of values is 1 to 10; the default value is 3. |
The default detection multiplier value is 3.
Use the detection-multiplier command to specify the detection multiplier value.
The negotiated minimum transmit interval (the minimum desired transmit interval agreed upon by both peers) is multiplied by the detection multiplier value to provide the detection time for the transmitting system in asynchronous mode. The detection time is the time it takes to declare a neighbor as down. For example, if the minimum desired transmit interval was negotiated at 10 ms and the detection multiplier is set to 3, then the detection time is 30 ms. Using the detection multiplier adds robustness to Bidirectional Forwarding Detection (BFD) by allowing the system to not bring down a neighbor if only one BFD packet is missed.
Use the no or default form of this command to return the detection multiplier value to 3.
The following example sets the detection multiplier value on the interface, to_foo, to 7:
[local]Redback(config)#context local [local]Redback(config-ctx)#router bfd [local]Redback(config-bfd)#interface to_foo [local]Redback(config-bfd-if)#detection-multiplier 7 [local]Redback(config-bfd-if)#
dhcp max-addrs max-sub-addrs
no dhcp max-addrs
Indicates that associated hosts are to use Dynamic Host Configuration Protocol (DHCP) to dynamically acquire address information for the subscriber’s circuit, and sets a maximum number of IP addresses that the SmartEdge router expects the external DHCP server to assign to hosts associated with the circuit.
subscriber configuration
|
max-sub-addrs |
Maximum number of unique IP addresses the SmartEdge router expects the external DHCP server to assign to hosts associated with a given subscriber circuit. The range of values is 1 to 100. For dynamic clientless IP service selection (CLIPS) subscribers, the value for the max-sub-addrs argument must be 1. |
None
Use the dhcp max-addrs command to indicate that associated hosts are to use DHCP to dynamically acquire address information for the subscriber’s circuit, and to set a maximum number of IP addresses that the SmartEdge router expects the external DHCP server to assign to hosts associated with the circuit.
For non-CLIPS subscribers, the SmartEdge router deducts the value of the max-sub-addrs argument from the value for the max-dhcp-addrs argument that you configured for a DHCP proxy or DHCP relay interface, using the dhcp proxy or dhcp relay commands (in interface configuration mode), available at the time a subscriber is bound to a circuit. When the value for the max-dhcp-addrs argument for a DHCP proxy or DHCP relay interface reaches 0, that interface is no longer available for subscriber bindings.
For dynamic CLIPS subscribers, you must configure the subscriber record or profile with no IP address and specify 1 as the value for the max-sub-addrs argument; for information about CLIPS, see Configuring CLIPS.
Use the no form of this command to disable the use of DHCP for the subscriber’s circuit.
The following example configures the subscriber, dhcp-test, to expect a total of 8 IP addresses that can be assigned at any time:
[local]Redback(config-ctx)#subscriber name dhcp-test [local]Redback(config-sub)#dhcp max-addrs 8
dhcp proxy max-dhcp-addrs [server-group name]
no dhcp proxy
Enables this interface to act as proxy between subscribers and an external Dynamic Host Configuration Protocol (DHCP) server, and access DHCP giaddr configuration mode.
interface configuration
|
max-dhcp-addrs |
Maximum number of IP addresses available on the interface. The range of values is 1 to 65,535. |
|
server-group name |
Optional. DHCP server group. Forwards all DHCP requests received on the interface to all DHCP servers in the specified server group. |
DHCP proxy is disabled.
Use the dhcp proxy command to enable this interface to act as a proxy between subscribers and an external DHCP server, and access DHCP giaddr configuration mode.
When you enable DHCP proxy, the interface relays all DHCP packets, including the release and renewal of IP addresses for subscriber sessions, between the DHCP server and the subscriber. To the subscriber, the SmartEdge router appears to be the DHCP server.
The SmartEdge router uses the value for the max-dhcp-addrs argument to load balance between IP addresses from multiple pools. When you configure the SmartEdge router for subscriber DHCP proxy, the value of the max-dhcp-addrs argument indicates the total number of subscriber requests that will be forwarded on the interface.
The SmartEdge router deducts the max-sub-addrs value for the dhcp max-addrs command (in subscriber configuration mode) from the current value for max-dhcp-addrs argument for the DHCP proxy interface at the time a subscriber is bound to a circuit using that interface. When the value of max-dhcp-addrs for a DHCP proxy interface reaches 0, that interface is no longer available for subscriber bindings.
Use the no form of this command to disable DHCP proxy on the interface.
The following example enables the proxy1 interface to act as a DHCP proxy for the DHCP server at IP address, 10.30.40.50:
[local]Redback(config-ctx)#dhcp relay server 10.30.40.50 [local]Redback(config-dhcp-relay)#exit [local]Redback(config-ctx)#interface proxy1 [local]Redback(config-if)#ip address 10.1.2.3 255.255.255.0 [local]Redback(config-if)#dhcp proxy 253
dhcp relay max-dhcp-addrs [server-group group-name]
no dhcp relay
Enables this interface to relay Dynamic Host Configuration Protocol (DHCP) messages to an external DHCP server, and access DHCP giaddr configuration mode.
interface configuration
|
max-dhcp-addrs |
Maximum number of IP addresses available on the interface. The range of values is 0 to 65,535. |
|
server-group group-name |
Optional. DHCP server group. Forwards all DHCP requests received on the interface to all DHCP servers in the specified server group. |
DHCP relay is disabled.
Use the dhcp relay command to enable this interface to relay DHCP messages to an external DHCP server, and access DHCP giaddr configuration mode.
The SmartEdge router uses the value for the max-dhcp-addrs argument to load balance between IP addresses from multiple pools. When you configure the SmartEdge router for subscriber DHCP relay, the value of the max-dhcp-addrs argument indicates the total number of subscriber requests that can be forwarded on the interface.
The value of the max-sub-addrs argument for the dhcp max-addrs command (in subscriber configuration mode) is deducted from the max-dhcp-addrs value configured for a DHCP relay interface available at the time a subscriber is bound to a circuit on that interface. When the value of max-dhcp-addrs for a DHCP relay interface reaches 0, that interface is no longer available for subscriber bindings.
Use the no form of this command to disable DHCP relay on the interface.
The following example enables DHCP relay on interface eth1, which is configured with a total of 253 IP addresses that can be allocated by the DHCP server at any time from the 10.1.1.0 subnet:
[local]Redback(config-ctx)#interface eth1 [local]Redback(config-if)#ip address 10.1.1.0 255.255.255.0 [local]Redback(config-if)#dhcp relay 253 [local]Redback(config-dhcp-giaddr)#
dhcp relay option [hostname [separator character]]
no dhcp relay option [hostname [separator character]]
Enables the sending of Dynamic Host Configuration Protocol (DHCP) options in DHCP packets relayed by the interfaces in the specified context.
context configuration
|
hostname |
Optional. Prepends the SmartEdge router hostname to the agent circuit id field of DHCP option 82. The SmartEdge router uses the hostname that you have configured using the system hostname command (in context configuration mode). If you have not configured the hostname, the SmartEdge router uses the default hostname of “Redback.” |
|
separator character |
Optional. Character that separates the elements of the attribute string. Changes the character that separates the hostname from the circuit id field of DCHP option 82. The default separator character is the colon (:). |
DHCP options are not sent.
Use the dhcp relay option command to enable the sending of DHCP options in all DHCP packets that are relayed by the interfaces in the specified context.
On some networks, DHCP is used to dynamically configure IP address information for subscriber hosts. The SmartEdge router can act as a relay or as a proxy for DHCP servers. DHCP is typically used with RFC 1483 bridge-encapsulated circuits, as opposed to Point-to-Point Protocol (PPP) circuits.
The SmartEdge router can use DHCP relay options to help track DHCP requests. Some options can also enhance the DHCP server’s function. The DHCP relay options are described in RFC 3046, DHCP Relay Agent Information Option.
In order for relay options to take effect, you must enable DHCP relay for the context, using the dhcp relay server command (in context configuration mode), and for an interface, using the dhcp relay or dhcp proxy command (in interface configuration mode). You must also configure subscriber records, using the dhcp max-addrs command (in subscriber configuration mode) to indicate that associated hosts are to use DHCP relay to dynamically acquire address information.
Use the no form of this command to disable the sending of DHCP options.
The following example enables the sending of DHCP relay options:
[local]Redback(config-ctx)#dhcp relay server 10.30.40.50 [local]Redback(config-dhcp-relay)#exit [local]Redback(config-ctx)#dhcp relay option
The following example prepends the system hostname, SE800, to the agent circuit id field of DHCP option 82 and, by default, uses the colon (:) to separate the hostname from the circuit id field:
[local]Redback(config)#server hostname SE800 [local]Redback(config)#context local [local]Redback(config-ctx)#dhcp relay server 108.1.1.157 [local]Redback(config-dhcp-relay)#exit [local]Redback(config-ctx)#dhcp relay option hostname
The DHCP server’s lease log for this configuration would be similar to the following example:
lease 120.1.3.191 {
starts 2 2005/11/08 10:05:21;
ends 2 2005/11/08 10:35:21;
binding state active
netx binding state free
hardware ethernet 00:dd:00:00:00:1e;
uid “\001\006\000\335\000\000\000\036”;
option agent.circuit-id “SE800:1/4 vpi-vci 0 103”;
}
dhcp relay server {ip-addr | hostname} [max-hops count] [min-wait interval]
no dhcp relay server {ip-addr | hostname} [max-hops count] [min-wait interval]
Configures an external Dynamic Host Configuration Protocol (DHCP) server and enters DHCP relay server configuration mode.
context configuration
|
ip-addr |
IP address of the DHCP server. |
|
hostname |
Hostname of the DHCP server. |
|
max-hops count |
Optional. Maximum number of hops allowed for requests. The range of values for the count argument is 1 to 16. |
|
min-wait interval |
Optional. Minimum time, in seconds, to wait before forwarding requests to the DHCP server. The range of values for the interval argument is 0 to 60. |
Disabled
Use the dhcp relay server command to configure an external DHCP server and enter DHCP relay server configuration mode. You can configure up to five external DHCP servers in each context.
If you have configured Remote Authentication Dial-In User Service (RADIUS) authentication, the SmartEdge router sends an accounting record to RADIUS every time DCHP assigns or releases an IP address.
To indicate that associated hosts are to use DHCP relay to dynamically acquire address information, you must configure the subscriber default profile, a named profile, or subscriber records with the dhcp max-addrs command (in subscriber configuration mode).
Use the no form of this command to disable the DHCP server.
The following example configures an external DHCP server at IP address, 10.30.40.50, and enters DHCP relay server configuration mode:
[local]Redback(config-ctx)#dhcp relay server 10.30.40.50 [local]Redback(config-dhcp-relay)#
dhcp relay server retries count timeout interval
no dhcp relay server retries count timeout interval
Specifies the number of attempts and the interval to wait for each attempt when trying to reach an external Dynamic Host Configuration Protocol (DHCP) server before it is marked unreachable.
context configuration
|
count |
Maximum consecutive number of times to attempt reaching the DHCP server; the default value is 3. |
|
timeout interval |
Interval, in seconds, to wait for a reply after a DHCP request packet is sent. The default value for the interval argument is 30. |
Up to three attempts are made to reach a DHCP server, with a wait interval of 30 seconds for each attempt.
Use the dhcp relay server retries command to specify the number of attempts and the interval to wait for each attempt when trying to reach an external DHCP server before it is marked unreachable.
If the interval expires without receiving a reply from the DHCP server, another DHCP request is sent to the DHCP server until the maximum consecutive number of attempts has been reached. If the interval expires after the last attempt without reaching the DHCP server, then the DHCP server is marked unreachable.
Use the no form of this command to specify the default conditions.
The following example configures the SmartEdge router to make up to 5 attempts to reach a DHCP server, with a wait interval of 15 seconds for each attempt:
[local]Redback(config-ctx)#dhcp relay server retries 5 timeout 15 [local]Redback(config-ctx)#
dhcp relay suppress-nak
no dhcp relay suppress-nak
Disables the sending of a DHCPNAK message when the SmartEdge router receives a DHCPREQUEST message for which it does not have an entry.
context configuration
This command has no keywords or arguments.
A DHCPNAK message is always sent.
Use the dhcp relay suppress-nak command to disable the sending of a DHCPNAK message when the SmartEdge router receives a DHCPREQUEST message for which it does not have an entry. In this case, the request is dropped.
Use the no form of this command to enable the default condition.
The following example disables the sending of a DHCPNAK message:
[local]Redback(config-ctx)#dhcp relay suppress-nak
dhcp server {interface | ip-addr}
no dhcp server
Enables this interface for internal Dynamic Host Configuration Protocol (DHCP) server support and assigns the IP address to be used for this support.
interface configuration
|
interface |
Assigns the primary IP address of the interface to the DHCP server. |
|
ip-addr |
One of the secondary IP addresses assigned to the interface. |
No internal DHCP servers are created.
Use the dhcp server command to enable this interface for internal DHCP server support and assign the IP address to be used for this support.
For information about the context command (in global configuration mode), the interface command (in context configuration mode), and the ip address command (in interface configuration mode), see Configuring Contexts and Interfaces.
Use the no form of this command to delete the internal DHCP server.
The following example creates an internal DHCP server using the secondary IP address for the dhcp-if interface in the dhcp context:
[local]Redback(config)#context dhcp [local]Redback(config-ctx)#interface dhcp-if multibind [local]Redback(config-if)#ip address 12.1.1.1/24 [local]Redback(config-if)#ip address 13.1.1.1/24 secondary [local]Redback(config-if)#dhcp server 13.1.1.1
dhcp server policy
no dhcp server policy
Enables internal Dynamic Host Configuration Protocol (DHCP) server functions in this context and accesses DHCP server configuration mode.
context configuration
This command has no keywords or arguments.
Internal DHCP server functions are disabled for this context.
Use the dhcp server policy command to enable internal DHCP server functions in this context and access DHCP server configuration mode.
Use the no form of this command to disable internal DHCP server functions.
The following example enables DHCP server functions in the dhcp context:
[local]Redback(config)#context dhcp [local]Redback(config-ctx)#dhcp server policy [local]Redback(config-dhcp-server)#
dhcpv6 server
no dhcpv6 server
Enables a DHCPv6 server policy and accesses DHCPv6 server policy configuration mode.
context configuration
This command has no keywords or arguments.
The DHCPv6 server policy is disabled.
Use the dhcpv6 server command in context mode to enable a DHCPv6 server policy for the current context and access DHCPv6 server policy configuration mode.
Only one DHCPv6 server policy is supported for a context. The attributes in a DHCPv6 server policy are applied to subscribers accessing the router through the same context.
Use the no version of this command to disable a DHCPv6 server policy in the current context.
The following example configures a DHCPv6 server policy and accesses DHCPv6 server policy configuration mode:
[local]BRAS(config-ctx)#dhcpv6 server [local]Redback(config-dhcpv6-server)#
dhcpv6 server {ipv6-address | interface}
no dhcpv6 server {ipv6-address | interface}
Configures an interface to be a DHCPv6 server interface.
interface configuration
|
ipv6-address |
Specifies the IPv6 address for the DHCPv6 server in the format A:B:C:D::E. |
|
interface |
Specifies that the DHCPv6 server uses the IPv6 address of the interface in which it is configured. |
No DHCPv6 server interface is configured for a context.
Use the dhcpv6 server command in interface mode to configure an interface to be a DHCPv6 server interface.
Use the no form of this command to remove the DHCPv6 server configuration from an interface.
The following example configures a multibind last resort interface called to-red to be a DHCPv6 server interface; in this case, the server uses the IPv6 address of the interface:
[local]BRAS(context)#interface to-red multibind lastresort [local]BRAS(config-if)#dhcpv6 server interface
diag on-demand card slot | standby}[[level lev-num] [loop loop-num]] | [disk disk_num [repair] | [level lev-num] [loop loop-num]]
no diag on-demand card slot | standby}
Initiates an on-demand diagnostics (ODD) session to test one or more individual chassis units.
exec (10)
|
card slot |
Chassis slot number. Tests the line card, services card, storage card, or standby controller card in the specified slot. The range of values depends on the type of card and the chassis in which the card is installed. For the SmartEdge 100 carrier card, the range of values is 1 to 2; for SmartEdge cards, see the accompanying table for slot range data. |
|
standby |
Tests the standby controller card. |
|
disk disk_num |
Optional. Disk number on the SSE card. Values: 1, 2, all. By default, the rest of the SSE card continues operation while diagnostics run on the specified disk. |
|
level lev-num |
Optional. Test coverage. The range of values is 1 to 4. |
|
loop loop-num |
Optional. Number of test iterations. The range of values is 1 to 10. |
|
repair |
Optional. Applies only to disks on an SSE card. Attempts to run the repair diagnostic on the specified disk to correct bad data blocks on the file system of the partitions on the disk. The disk must be disabled when the repair keyword is specified, but the card must not be disabled. Use this option when the latest result of diag on-demand shows that bad blocks are found on one or more of the partitions. The operation typically takes at least 30 minutes per disk to complete. |
None
Use the diag on-demand command to initiate an ODD session to test one or more individual chassis units.
The ODD tests verify the correct operation of backplane, the standby controller card the fan and alarm unit (referred to as the fantray) in the SmartEdge 800 chassis, the fan tray and the alarm card in the SmartEdge 400 chassis, and each installed card that has been put in the ODD state. To place a card in the on-demand diagnostic state before initiating an ODD session, see theGeneral Troubleshooting Guide .
You must disable the SSE card or the specified disk on the SSE card, using the shutdown [disk disk_num] command, before running diagnostics using the diag on-demand command. ODD only runs on disabled components. For example, if only disk 1 is disabled (shutdown disk 1), when you run the diag on-demand command, only disk 1 is diagnosed. The disk must be disabled when you run the diag on-demand command with the repair keyword, but the card cannot be disabled.
You can test the following cards:
For the SmartEdge 100 chassis, the controller carrier card is in slot 1; the I/O carrier card, including native ports and MICs, is in slot 2.
For a SmartEdge 400 chassis, the standby controller is in slot 5 or 6; for a SmartEdge 600, 800, 1200, or 1200H chassis, the standby controller is in slot 7 or 8.
Table 16 lists the values for the slot argument for the SmartEdge 400, SmartEdge 600, SmartEdge 800, SmartEdge 1200, and SmartEdge 1200H line cards; in the table, the IR, LR, and SR abbreviations are used for Intermediate Reach, Long Reach, and Short Reach, respectively.
|
Line Card Type and Card Description |
slot Argument Range | ||
|---|---|---|---|
|
SmartEdge 800, 1200, or 1200H Router |
SmartEdge 400 Router |
SmartEdge 600 Router | |
|
ATM OC-3c/STM-1c (8-port) ATM OC-3c/STM-1c IR (4-port ) ATM OC-12c/STM-4c IR (1-port) ATM OC-12c/STM-4c IR (2-port) Enhanced ATM OC-12c/STM-4c IR (1-port) |
1 to 6 and 9 to 14 |
1 to 4 |
1 to 6 |
|
ATM DS-3 (12-port) |
1 to 5 and 10 to 14 |
3 to 4 |
1 to 6 |
|
POS OC-3c/STM-1c (8-port) POS OC-12c/STM-4c (4-port) POS OC-48c/STM-16c (4-port) OC-192c/STM-64c (1-port) OC-3c/STM-1c (8-port) OC-12c/STM-4c (4-port) OC-48c/STM-16c (1-port) |
1 to 6 and 9 to 14 |
1 to 4 |
1 to 6 |
|
10/100 Ethernet (12-port) Fast Ethernet (60-port) Gigabit Ethernet (4-port) Advanced Gigabit Ethernet (4-port) Gigabit Ethernet 3 (4-port) Gigabit Ethernet 1020 (10-port) Gigabit Ethernet 1020 (20-port) Gigabit Ethernet (5-port) Gigabit Ethernet (20-port) Gigabit Ethernet DDR (10-port) 10 Gigabit Ethernet (1-port) 10 Gigabit Ethernet (4-port) 10 Gigabit Ethernet/OC-192c DDR (1-port) |
1 to 6 and 9 to 14 |
1 to 4 |
|
|
Advanced Services Engine |
1 to 6 and 9 to 14 |
1 to 4 |
1 to 6 |
|
SmartEdge Storage Engine |
1 to 6 and 9 to 14 |
N/A |
1 to 6 |
Low-density versions of the line cards are also supported, but only the enabled ports are tested. All ports on an ATM DS-3 line card are tested, even if only a subset have been designated as software configurable. Use the show hardware command (in any mode) with the card and detail keywords to determine which ports are enabled.
Four levels of tests are supported; Table 17 lists these levels, the types of tests performed, and the units for which the tests are supported.
|
Level |
Devices |
Tests |
|---|---|---|
|
1 |
All |
Duplicates the power-on diagnostics (POD) tests; tests completed in 5 to 10 seconds. |
|
2 |
Standby controller and line cards in SmartEdge routers, controller carrier card, I/O carrier card, and MICs in SmartEdge 100 routers |
Includes level 1 tests; tests all on-board active units in the line interface module (LIM) of the board, including memory, registers, Packet Processing ASIC (PPA) Dual Inline Memory Modules (DIMMs) and static RAM (SRAM), PPA and other on-board processors; tests completed in 5 to 10 minutes. |
|
3 |
Line cards, I/O carrier card, and MICs(1) |
Includes level 2 tests; tests and verifies the card data paths for the entire card with internal loopbacks; tests completed in 10 to 15 minutes. |
|
4 |
Line cards, I/O carrier card, and MICs(2) |
Includes level 3 tests; tests the entire card using external loopbacks; must be run on site with external loopback cables installed.(3) |
(1) In addition, the standby controller card only if it is an XCRP4 Controller
card.
(2) In addition, the standby controller card only if it is an XCRP4 Controller
card.
(3) To run external loopback tests on the Fast Ethernet-Gigabit Ethernet
line card, install external loopback plugs on the FE and GE ports.
Alternatively, the GE ports can be connected back to back.
Use the no form of this command to terminate the ODD session.
The following example prepares the Ethernet line card in slot 3 for an ODD session and then initiates the session at level 3 with 5 iterations:
[local]Redback(config)#card ether-12-port 3 [local]Redback(config-card)#shutdown [local]Redback(config-card)#on-demand-diagnostic [local]Redback(config-card)#end [local]Redback(config-card)#exit [local]Redback(config)#exit [local]Redback#diag on-demand card 3 level 3 loop 5
The following example initiates an ODD session at level 2 with 5 iterations for the standby controller card:
[local]Redback#diag on-demand standby level 2 loop 5
The following example terminates the ODD session:
[local]Redback#no diag on-demand standby
To initiate a packet mesh test the syntax is:
diag on-demand mesh slot1 slot2 ... slotn loop loop-num
no diag on-demand mesh slot1 slot2 ... slotn
To reset the results from all packet mesh tests the syntax is:
diag on-demand mesh reset
Initiates a packet mesh test for two or more line cards or resets the results from all packet mesh tests.
exec (10)
|
slot1 |
Slot of the first line card in the mesh that is to be tested. The range of values depends on the type of card and the chassis in which the card is installed; see the accompanying table for slot range data. |
|
slot2 |
Slot of the second line card in the mesh that is to be tested. The range of values depends on the type of card and the chassis in which the card is installed; see the accompanying table for slot range data. |
|
slotn |
Slot of the last line card in the mesh that is to be tested. The range of values depends on the type of card and the chassis in which the card is installed; see the accompanying table for slot range data. |
|
loop loop-num |
Number of test iterations. The range of values is 1 to 10. |
|
reset |
Resets the results from all packet mesh tests. |
None
Use the diag on-demand mesh command to initiate a packet mesh test for two or more line cards or to reset the results from all packet mesh tests. The packet mesh test verifies the correct operation of each specified line card (at level 2) and the mesh between cards.
Each specified line card must have been put in the on-demand diagnostics (ODD) state. To place a line card in the ODD state before initiating a packet mesh test, see the General Troubleshooting Guide.
Mesh test results are cumulative; you can run the tests with different slot combinations to help isolate the problem.
You can test the mesh for the following line cards:
Table 18 lists the values for the slot argument. The IR, LR, and SR abbreviations are used for Intermediate Reach, Long Reach, and Short Reach, respectively.
|
Line Card Type and Card Description |
slot Argument Range | ||
|---|---|---|---|
|
SmartEdge 800, 1200, or 1200H Router |
SmartEdge 400 Router |
SmartEdge 600 Router | |
|
ATM OC-3c/STM-1c (8-port) ATM OC-3c/STM-1c IR (4-port ) ATM OC-12c/STM-4c IR (1-port) ATM OC-12c/STM-4c IR (2-port) Enhanced ATM OC-12c/STM-4c IR (1-port) |
1 to 6 and 9 to 14 |
1 to 4 |
1 to 6 |
|
ATM DS-3 (12-port) |
1 to 5 and 10 to 14 |
3 to 4 |
1 to 6 |
|
POS OC-3c/STM-1c (8-port) POS OC-12c/STM-4c (4-port) POS OC-48c/STM-16c (4-port) OC-192c/STM-64c (1-port) OC-3c/STM-1c (8-port) OC-12c/STM-4c (4-port) OC-48c/STM-16c (1-port) |
1 to 6 and 9 to 14 |
1 to 4 |
1 to 6 |
|
10/100 Ethernet (12-port) Fast Ethernet (60-port) Gigabit Ethernet (4-port) Advanced Gigabit Ethernet (4-port) Gigabit Ethernet 3 (4-port) Gigabit Ethernet 1020 (10-port) Gigabit Ethernet 1020 (20-port) Gigabit Ethernet (5-port) Gigabit Ethernet (20-port) Gigabit Ethernet DDR (10-port) 10 Gigabit Ethernet (1-port) 10 Gigabit Ethernet (4-port) 10 Gigabit Ethernet/OC-192c DDR (1-port) |
1 to 6 and 9 to 14 |
1 to 4 |
|
|
Advanced Services Engine |
1 to 6 and 9 to 14 |
1 to 4 |
1 to 6 |
|
SmartEdge Storage Engine |
1 to 6 and 9 to 14 |
N/A |
1 to 6 |
Low-density versions of the line cards are also supported, but only the enabled ports are tested.
Use the reset keyword to clear the cumulative results from all mesh tests.
Use the no form of this command to terminate the packet mesh test.
To display the results of the level 2 tests that are performed on each card by this command, enter the show diag command (in any mode) with the on-demand and card keywords; to display the results of the mesh test itself, enter the show diag command (in any mode) with the on-demand and mesh keywords.
The following example prepares the Ethernet line cards in slot 3 and 4 and initiates a packet mesh test for those cards:
[local]Redback#configure [local]Redback(config)#card ether-12-port 3 [local]Redback(config-card)#shutdown [local]Redback(config-card)#on-demand-diagnostic [local]Redback(config-card)#card ether-12-port 4 [local]Redback(config-card)#shutdown [local]Redback(config-card)#on-demand-diagnostic [local]Redback(config-card)#end [local]Redback(config-card)#exit [local]Redback(config)#exit [local]Redback#diag on-demand mesh 3 4 loop 5
diag pod
{no | default} diag pod
Enables power-on diagnostics (POD).
global configuration
This command has no keywords or arguments.
f
POD tests are enabled.
Use the diag pod command to enable power-on diagnostics. Enabling POD takes effect during the next system reload.
The POD tests verify the correct operation of the controller cards, the backplane, fan and alarm unit (referred to as the fan tray in command syntax) in the SmartEdge 800 chassis, the alarm card in the SmartEdge 400 chassis, the fan tray in the SmartEdge 1200 chassis, and each installed line card during a power-on or reload sequence of the SmartEdge router. The tests also run when a controller or line card is installed in a running system. The maximum test time is 130 seconds: 60 seconds for a controller card, 10 seconds for the backplane and fan and alarm unit, or alarm card, and 5 seconds for each installed line card. If the system has two controller cards, the controller tests run in parallel.
During the test duration, the POD tests display results and status; if an error occurs during the testing of a card, the test lights the FAIL LED on the failing card, but does not stop the loading of the operating system. A failure on the backplane, alarm card, or fan and alarm unit causes the FAN (or FAIL) LED on the fan and alarm unit or alarm card to light.
To display the results of POD tests, enter the show diag command in any mode. For more information about this command, see Managing Hardware.
Use the no form of this command to disable POD tests. Disabling POD tests takes effect during the next system reload.
Use the default form to enable power-on diagnostic tests.
The following example shows how to enable POD tests:
[local]Redback(config)#diag pod
The following example shows how to disable the POD tests:
[local]Redback(config)#no diag pod
directory [mate] [url] [{-size | -time}] [-reverse]
Displays a list of files in the specified directory on the local file system on either the active or standby controller card.
exec (10)
|
mate |
Optional. Specifies that the directory is on the controller card to which you are not connected. |
|
url |
Optional. URL of the directory with the filenames to be listed; if omitted, uses the current working directory. |
|
-size |
Optional. Specifies that the files are displayed in order of size, starting with the smallest. |
|
-time |
Optional. Specifies that the files are displayed in order of time, starting with the oldest. |
|
-reverse |
Optional. Specifies that files are displayed in reverse order. |
Files in the current working directory are displayed in alphabetical order.
Use the directory command to display a list of files in the specified directory on the local file system on either the active or standby controller card. The output displays in the same format as the UNIX ls(1) -l command.
Use the mate keyword to specify the controller card to which you are not connected.
When referring to a directory on the local file system, the URL takes the following form:
[/device][/directory]...[/directory]
The value for the device argument can be flash, or if a mass-storage device is installed, md. If you do not specify the device argument, the default value is the device in the current working directory. If you do not specify the directory argument, the default value is the current directory. Directories can be nested. The value for the filename argument can be up to 256 characters in length.
The following example displays a list of files in the root directory of the flash file system:
[local]Redback#directory /flash
Contents of /flash total 44 -rw-r--r-- 1 root 0 595 Mar 11 05:24 basic.cfg drwxr-xr-x 4 root 0 512 Jan 22 07:19 foo -rw-r--r-- 1 root 0 7252 Mar 11 05:24 redback.bin -rw-r--r-- 1 root 0 5454 Mar 11 05:24 redback.cfg -rw-r--r-- 1 root 0 5017 Mar 11 05:24 redback.cfg.bak drwxr-xr-x 3 root 0 512 Mar 11 05:24 saved
disable
Returns the privilege level for the current exec session to the initial privilege level configured for the current administrator account.
exec (10)
This command has no keywords or arguments.
None
Use the disable command to return the privilege level for the current exec session to the initial privilege level configured for the current administrator account. The no enable command (in exec mode) performs the same function. This command is available for any privilege level.
The following example displays the enable privilege level for the current exec session:
[local]Redback#show privilege
Current privilege level is 15
The following example returns the current exec session to the initial privilege level for the administrator:
[local]Redback#disable [local]Redback#show privilege level
The current privilege level is 6
disable
no disable
Disables the operation of an enabled Virtual Private LAN Services (VPLS) instance.
VPLS configuration
This command has no keywords or arguments.
VPLS instances are enabled.
Use the disable command to disable the operation of an enabled VPLS instance. When the VPLS instance is disabled, the following actions occur:
Use the no form of this command to enable a previously disabled VPLS instance.
The following example disables the VPLS instance on the to-pe4 bridge:
[local]Redback#config [local]Redback(config)#context local [local]Redback(config-ctx)#bridge to-pe4 [local]Redback(config-bridge)#vpls [local]Redback(config-vpls)#disable [local]Redback(config-vpls)#
The following example enables the previously disabled VPLS instance on the to-pe4 bridge:
[local]Redback#config [local]Redback(config)#context local [local]Redback(config-ctx)#bridge to-pe4 [local]Redback(config-bridge)#vpls [local]Redback(config-vpls)#no disable [local]Redback(config-vpls)#
disable-bfd
{no | default} disable-bfd
Disables Bidirectional Forwarding Detection (BFD) for an Intermediate System-to-Intermediate System (IS-IS) interface.
IS-IS interface configuration
This command has no keywords or arguments.
BFD is enabled.
Use the disable-bfd command to disable BFD for an IS-IS interface.
By default, when BFD is enabled on the same interface on which IS-IS has been enabled, BFD is automatically enabled for each IS-IS neighbor on the interface. When BFD detects a connection failure to an IS-IS neighbor, it notifies IS-IS, and IS-IS sets the neighbor to a down state. If the connection failure persists for more than the IS-IS router dead interval, the IS-IS neighbor is removed. Otherwise, if BFD detects that the connection to the IS-IS neighbor returns, it notifies IS-IS, and IS-IS sets the neighbor to an up state and resumes normal operation. For more information about the IS-IS router dead interval, see the hello multiplier command in this document. For more information about BFD, see Configuring BFD.
Use the no or default form of this command to enable BFD for an IS-IS interface.
The following example disables BFD for the IS-IS interface, foo:
[local]Redback(config)#context local [local]Redback(config-ctx)#router isis ip-backbone [local]Redback(config-isis)#interface foo [local]Redback(config-isis-if)#disable-bfd [local]Redback(config-isis-if)#
disable-bfd
{no | default} disable-bfd
Disables Bidirectional Forwarding Detection (BFD) for an Open Shortest Path First (OSPF) interface.
OSPF interface configuration
This command has no keywords or arguments.
BFD is enabled.
Use the disable-bfd command to disable BFD for an OSPF interface.
By default, when BFD is enabled on the same interface on which OSPF has been enabled, BFD is automatically enabled for each OSPF neighbor on the interface. When BFD detects a connection failure to an OSPF neighbor, it notifies OSPF, and OSPF sets the neighbor to a down state. If the connection failure persists for more than the OSPF router dead interval, the OSPF neighbor is removed. Otherwise, if BFD detects that the connection to the OSPF neighbor returns, it notifies OSPF, and OSPF sets the neighbor to an up state and resumes normal operation. For more information about BFD, see Configuring BFD.
Use the no or default form of this command to enable BFD for an OSPF interface.
The following example disables BFD for the OSPF interface, foo:
[local]Redback(config)#context local [local]Redback(config-ctx)#router ospf 15 [local]Redback(config-ospf)#interface foo [local]Redback(config-ospf-if)#disable-bfd [local]Redback(config-ospf-if)#
distance external-distance internal-distance local-distance
{no | default} distance external-distance internal-distance local-distance
Configures the administrative distance values for a Border Gateway Protocol (BGP) address family.
BGP address family configuration
|
external-distance |
Administrative distance for routes external to the autonomous system (AS). The range of values is 1 to 255; the default value is 20. |
|
internal-distance |
Administrative distance for routes internal to the AS. The range of values is 1 to 255; the default value is 200. |
|
local-distance |
Administrative distance for local routes. The range of values is 1 to 255; the default value is 200. The local distance is the distance assigned to routes that BGP creates using the configuration from the aggregate address command. |
The external administrative distance is set to 20. The internal and local administrative distances are set to 200.
Use the distance command to configure the administrative distance values for a BGP address family. BGP uses distances to compare and prioritize routes. The lower the distance, the more preferred the route.
Use the no or default form of this command to return the values to their default settings.
The following example configures the administrative distance for external routes to 120, internal routes to 225 and local routes to 5:
[local]Redback(config-bgp-af)#distance 120 225 5
distance value
{no | default} distance
Configures the distance value for a dynamically verified static routing (DVSR) profile.
DVSR profile configuration
|
value |
Distance value. The range of values is 1 to 255; the default value is 1. |
Distance value is 1, which is the same as static routes.
Use the distance command to configure the distance value for a DVSR profile. The distance value is used in the route selection decision.
Use the no or default version of this command to reset the distance value in a DVSR profile to the default value of 1.
The following example defines a DVSR profile using distance of 255:
[local]Redback(config-ctx)#dvsr-profile abc-webfarm [local]Redback(config-dvsr)#distance 255
distance distance
{no | default} distance
Defines the administrative distance for an Intermediate System-to-Intermediate System (IS-IS) instance.
IS-IS router configuration
|
distance |
Administrative distance. The range of values is 1 to 255; the default value is 115. |
The default administrative distance is 115.
Use the distance command to define the administrative distance for an IS-IS instance.
Administrative distance specifies how desirable a route obtained from IS-IS is as compared to the same route obtained from another protocol.
Table 19 lists the default distance for each variety of route sources.
|
Route Source |
Default Distance |
|---|---|
|
connected |
0 |
|
EBGP |
20 |
|
OSPF |
110 |
|
IS-IS |
115 |
|
RIP |
120 |
|
IBGP |
200 |
Use the no or default form of this command to reset the distance value to the default value of 115.
The following example modifies the administrative distance for the isis_2 IS-IS instance to 19:
[local]Redback(config-ctx)#router isis isis_2 [local]Redback(config-isis)#distance 19
distance [external distance] [inter-area distance] [intra-area distance]
{no | default} distance [external distance] [inter-area distance] [intra-area distance]
Modifies the Open Shortest Path First (OSPF) or OSPF Version 3 (OSPFv3) distance value of one or more route types.
|
external distance |
Optional. OSPF or OSPFv3 distance for external routes. The range of values is 10 to 255; the default value is 110. |
|
inter-area distance |
Optional. OSPF or OSPFv3 distance for interarea routes. The range of values is 10 to 255; the default value is 110. |
|
intra-area distance |
Optional. OSPF or OSPFv3 distance for intraarea routes. The range of values is 10 to 255; the default value is 110. |
Each distance is set to 110.
Use the distance command to modify the OSPF or OSPFv3 distance value of one or more route types. OSPF and OSPFv3 use distances to compare and prioritize routes. The lower the distance, the more preferred the route. When you enter this command without any optional keywords, the distance for all route types are set to 110.
Use the no or default form of this command to return the values to their default settings.
The following example sets the OSPF distance for external routes to 120:
[local]Redback(config-ospf)#distance external 120
distance distance
{no | default} distance
Modifies the administrative distance for the Routing Information Protocol (RIP) or RIP next generation (RIPng) instance.
|
distance |
Administrative distance. The range of values is 1 to 255; the default value is 120. |
The administrative distance is 120.
Use the distance command to modify the administrative distance for the RIP or RIPng instance.
Administrative distance specifies how desirable a route obtained from RIP or RIPng is compared to the same route obtained from another protocol. The lower the value for the distance argument in comparison to other routes obtained from other protocols, the more desirable the RIP or RIPng route becomes.
Use the no or default form of this command to return the administrative distance to the default value of 120.
The following example sets the administrative distance for the rip001 RIP instance to 200:
[local]Redback(config-ctx)#router rip rip001 [local]Redback(config-rip)#distance 200
distribute-list prefix pl-name {in | out} [if-name]
no distribute-list prefix pl-name {in | out} [if-name]
Applies a prefix list to Routing Information Protocol (RIP) or RIP next generation (RIPng) packets.
|
prefix pl-name |
Name of the prefix list to be applied to RIP or RIPng packets. |
|
in |
Applies the prefix list to incoming RIP or RIPng updates. |
|
out |
Applies the prefix list to outgoing RIP or RIPng updates. |
|
if-name |
Optional. Name of the interface to which the prefix list is applied. |
Prefix lists are not applied.
Use the distribute-list command to apply a prefix list to RIP or RIPng packets.
Use the no form of this command to remove a prefix list from RIP or RIPng packets.
The following example applies the prefix list, list1, to incoming updates from the fe01 interface:
[local]Redback(config-ctx)#router rip rip001 [local]Redback(config-rip)#distribute-list prefix list1 in fe01
dnis generate
{no | default} dnis
Directs the Layer 2 Tunneling Protocol (L2TP) process to transmit the Calling-Number AVP (22) in Incoming-Call-Requests (ICRQs).
L2TP peer configuration
This command has no keywords or arguments.
The transmission of the Calling-Number AVP in the ICRQ is disabled.
Use the dnis generate command to direct the Layer 2 Tunneling Protocol (L2TP) process to transmit the Calling-Number AVP (22) in Incoming-Call-Requests (ICRQs). Use this command only when the SmartEdge router is acting as a LAC.
You can use the l2tp avp calling-number format command (in context configuration mode) to control the value of the Calling-Number AVP.
Use the no or default form of this command to disable transmission of the Calling-Number AVP in ICRQs.
The following example shows how to enable the L2TP process to transmit the Calling-Number AVP (22) in the ICRQ:
[local]Redback(config-l2tp)#dnis generate
dns {primary | secondary} ip-addr
no dns {primary | secondary} ip-addr
Configures the IPv4 address of a primary (and, optionally, secondary) Domain Name System (DNS) server for a subscriber.
subscriber configuration
|
primary |
Configures the IPv4 address of a primary DNS server. |
|
secondary |
Configures the IPv4 address of a secondary DNS server. |
|
ip-addr |
DNS server IP address. |
No DNS servers are preconfigured.
Use the dns command to configure the IPv4 address of a primary (and, optionally, secondary) DNS server for a subscriber.
Use the no form of this command to remove the DNS server information from a subscriber record.
The following example configures a primary DNS server address of 10.2.3.4 for subscriber, kenny:
[local]Redback(config-ctx)#subscriber name kenny [local]Redback(config-sub)#dns primary 10.2.3.4
dns6 {primary | secondary} ip-addr
no dns6 {primary | secondary} ip-addr
In a subscriber record or profile, configures the IPv6 address of a primary (and, optionally, secondary) Domain Name System (DNS) server for a subscriber.
default subscriber profile configuration
subscriber record configuration
subscriber profile configuration
|
primary |
Configures the IPv6 address of a primary DNS server. |
|
secondary |
Configures the IPv6 address of a secondary DNS server. |
|
ip-addr |
DNS server IPv6 address. |
No IPv6 DNS servers are preconfigured
Use the dns6 command to configure the IPv6 address of a primary (and, optionally, secondary) DNS server for a subscriber.
Use the no form of this command to remove the DNS server information from a subscriber record.
The following example configures a primary DNS server IPv6 address of 2001:db:b:4f::2 for the subscriber called kenny:
[local]Redback(config-ctx)#subscriber name kenny [local]Redback(config-sub)#dns6 primary 2001:db:b:4f::2
domain alias [advertise]
no domain alias [advertise]
Creates a unique domain alias for the current context for use in subscriber authentication.
context configuration
|
alias |
Domain alias for the current context. The domain alias can include a single wildcard. The default wildcard character is an asterisk (*). See the service domain-wildcard command for information on configuring wildcard characters. |
|
advertise |
Optional. Advertises the domain alias in Point-to-Point Protocol over Ethernet (PPPoE) discovery messages. |
No domain aliases are created.
Use the domain command in context configuration mode to create a domain alias for the current context for use in subscriber authentication. This command provides a flexible way to associate subscribers with contexts. With the exception of wildcard domain aliases, whose use is restricted to subscriber authentication, you can use a domain alias instead of a context name in any command that takes a context name as an argument.
You can create any number of aliases; however, each alias must be unique across all contexts.
When one or more domain aliases are configured with this command, a subscriber can authenticate as username@ctx-name or username@alias and, in either case, be associated with the same context.
Table 20 provides the rules used when matching domain aliases with embedded wildcards to subscriber logins:
|
Rule |
Description |
|---|---|
|
wildcards allowed: per domain alias |
Only one wildcard character (*) can be specified in each domain alias. |
|
wildcard matching: to multiple characters |
A wildcard can match multiple contiguous characters or no characters; for example, “bob*” matches both “bobby” and “bob.” |
|
domain alias: uniqueness |
You are not allowed to define a domain alias with an embedded wildcard if the domain alias name matches an existing context or domain alias name. An example is provided in Section 1.63.6. |
|
first criteria: far left characters |
When a subscriber log-in name matches more than one wildcard domain, the far left characters have the highest matching significance. An example is provided in Section 1.63.6. |
|
second criteria: number of characters |
If a subscriber log-in name matches more than one wildcard domain and a priority cannot be chosen on the basis of the far left characters, the subscriber is associated with the context whose domain alias provides the greatest number of matching characters. In Section 1.63.6, the subscriber sub@RBAKERICemployee.com would be associated with the context bar rather than the context bob because RBAKERICemployee.com matches RBAKERIC* (bar) in eight characters while matching RB* (bob) in only two characters. |
Use the no form of this command to delete the domain alias.
For additional information, see Configuring Service Policies.
The following example creates a domain alias, guest, for the isp1 context and advertises it in PPPoE discovery messages:
[local]Redback(config)#context isp1 [isp1]Redback(config-ctx)#domain guest advertise
In the following example, the domain alias bar* is not allowed because it matches the already existing context bar:
[local]Redback(config)#context bar [local]Redback(config-ctx)#domain RBAKERIC* [local]Redback(config-ctx)#domain *com [local]Redback(config-ctx)#domain bar* Error: This name is already a domain or context name
In the following example, user@RBAKnetworks.com matches the domain aliases RBAK* and *com. The user would be associated with the context bob because of the priority given to far left characters:
[local]Redback(config)#context bar [local]Redback(config-ctx)#domain RBAKERIC* [local]Redback(config-ctx)#domain *com [local]Redback(config-ctx)#commit [local]Redback(config-ctx)#exit [local]Redback(config)#context bob [local]Redback(config-ctx)#domain RB* [local]Redback(config-ctx)#domain bob*bar [local]Redback(config-ctx)#commit
domain alias
no domain alias
Assigns a domain alias to a Layer 2 Tunneling Protocol (L2TP) peer or group.
|
alias |
Unique name to be used as an alias. Must be one of the domain aliases created for the context in which the peer is being configured by the domain command in context configuration mode. |
No aliases are specified.
Use the domain command to assign a domain alias for a peer; the domain alias is one previously created for the context in which the L2TP peer or group is configured.
A domain alias can be a simpler name (for example, isp.net) than its name (the l2tp-peer-name argument specified by the l2tp-peer command in L2TP peer configuration mode), which is a fully qualified domain name, such as time_0_5.chi_core.isp.net. You can specify multiple aliases for each L2TP peer or group.
You can use a domain alias for a peer anywhere that you can use its name (the l2tp-peer-name argument) or for a group anywhere that you can use its name (the l2tp-group-name argument specified by the l2tp-group command in L2TP group configuration mode). You cannot use this command if you entered L2TP peer configuration mode using the l2tp-peer command in context configuration mode with the default keyword.
Use the no form of this command to remove the specified domain alias.
The following example shows how to select (or create) an L2TP peer and assign a domain alias for it:
[local]Redback(config)#context local [local]Redback(config-ctx)#domain corporate [local]Redback(config-ctx)#l2tp-peer name peer1 [local]Redback(config-l2tp)#domain corporate
The following example shows how to select (or create) an L2TP group and assign a domain alias for it:
[local]Redback(config)#context local [local]Redback(config-ctx)#domain field-sales [local]Redback(config-ctx)#l2tp-group name group1 [local]Redback(config-l2tp-group)#domain field-sales
domain-name domain-name
no domain-name
Names a maintenance domain (MD).
CFM configuration
|
domain-name |
The name used to identify the MD to CFM users who have access to the current MD level. The total length of MD name (domain-name argument) and the MA short-name must be less than or equal to 45 characters. |
The default MD name is the same as the CFM instance name set by the ethernet-cfm command.
Use this command to name an MD.
A maintenance domain can be thought of as a collection of maintenance points visible at a specific MD level through domain service access points (DSAPs).
You can configure the SmartEdge router Ethernet ports and circuit interfaces into multiple MDs, but each MD must have its own unique name. MDs in the SmartEdge router can be nested or adjacent, but intersecting domains are not allowed.
Adjacent (touching) MDs occur when two or more MDs link to each other through an Ethernet bridge. Nested domains are used in situations where a customer or service provider does not maintaining all the Ethernet nodes they use. The maintenance of these nodes is given to CFM lower level MDs. Each domain in a nested set has its own MD level; typically, a customer has the highest MD level, service providers at lower MD level, and device operators at the lowest MD levels. See the following figure:
Figure 1 MD Levels
The following drawing illustrates nested domains. The Service Provider domain is nested in the Customer Domain, and two Operator domains are nested in the Service Provider domain:
Figure 2 Nested Domains
The following example shows how to use this command to create the maintenance instance instance-1 and the maintenance domain named sbc.com at MD level 4:
[local]Redback(config)#ethernet-cfm instance-1 [local]Redback(config-ether-cfm)#level 4 [local]Redback(config-ether-cfm)#domain-name sbc.com
dot1q profile prof-name
no dot1q profile prof-name
Creates a new 802.1Q profile or selects an existing one for modification, and enters dot1q profile configuration mode.
global configuration
|
prof-name |
Alphanumeric string to be used as the name of the particular profile. |
No 802.1Q profiles are defined.
Use the dot1q profile command to create a new 802.1Q profile or to select an existing profile for modification, and to enter dot1q profile configuration mode.
Use the no form of this command to delete an 802.1Q profile. This form deletes any PVCs that reference that profile.
The following example shows how to create an 802.1Q profile, dot1q-pro, and enters dot1q profile configuration mode:
[local]Redback(config)#dot1q profile dot1q-pro [local]Redback(config-dot1q-profile)#
In link group or port configuration mode, to create or select an 802.1Q tunnel and allow the creation of inner PVCC in the tunnel:
dot1q pvc tunl-vlan-id [profile prof-name] encapsulation 1qtunnel [replicate]
no dot1q pvc tunl-vlan-id
In link group or port configuration mode, to create or select a range of static 802.1Q PVCs:
dot1q pvc [explicit] start-vlan-id [through end-vlan-id] [profile prof-name] [encapsulation encaps-type] [replicate]
no dot1q pvc [explicit] start-vlan-id [through end-vlan-id]
In link group or port configuration mode, to create or select a range of static 802.1Q PVCs within a tunnel:
dot1q pvc [explicit] tunl-vlan-id:start-vlan-id [through end-vlan-id] [profile prof-name] [encapsulation encaps-type] [replicate]
no dot1q pvc [explicit] tunl-vlan-id:start-vlan-id [through end-vlan-id]
In link group mode or port configuration mode, to create or select a range of on-demand 802.1Q PVCs:
dot1q pvc on-demand start-vlan-id [through end-vlan-id] [[profile prof-name] [encapsulation encaps-type] | {aaa context ctx-name | aaa context [prefix-string text | user-name subscriber]}] [replicate]
no dot1q pvc on-demand start-vlan-id
In link group or port configuration mode, to create or select a range of on-demand 802.1Q PVCs within a tunnel:
dot1q pvc on-demand tunl-vlan-id:start-vlan-id [through end-vlan-id] [profile prof-name] [encapsulation encaps-type] [replicate]
no dot1q pvc on-demand tunl-vlan-id:start-vlan-id
In port configuration mode, to create or select one or more transport-enabled 802.1Q PVCs on an Ethernet port or in an 802.1Q tunnel on an Ethernet port, see Section 1.68.
dot1q pvc transport...
Creates or selects an 802.1Q PVC and enters the PVC configuration mode.
|
tunl-vlan-id |
802.1Q virtual LAN (VLAN) tag value for the 802.1Q tunnel. The range of values is 1 to 4095. |
|
start-vlan-id |
First 802.1Q VLAN tag value for a range of PVCs to be configured. The range of values is 1 to 4095. |
|
through end-vlan-id |
Optional. Last 802.1Q VLAN tag value for a range of PVCs to be configured. |
|
profile prof-name |
Optional. Existing 802.1Q profile. The dot1q profile that you specify must exist before you enter this command. |
|
encapsulation encaps-type |
Optional. Encapsulation, according to one of the following keywords:(1)
If this option is not specified, the default encapsulation is IP over Ethernet (IPoE). |
|
explicit |
Optional. Specifies that the configuration for the individual PVCs in the range of static PVCs is not expanded in the configuration file. This keyword has no affect on the functionality of the PVCs, but only on whether their configuration is stored as a range or individually. |
|
on-demand |
Specifies an on-demand (listening) PVC or a range of on-demand PVCs; an on-demand PVC is created in memory only after traffic is detected on it. On-demand PVCs can exist on an Ethernet port or 802.1Q tunnel.
|
|
aaa |
Specifies that the 802.1Q PVCs are created using Remote Authentication Dial-In User Service (RADIUS). |
|
context ctx-name |
Name of the context in which the RADIUS servers are configured for AAA configurations. |
|
prefix-string text |
String to be used as a prefix in the generation of the name of the subscriber record in RADIUS. The string must not contain spaces, periods, underscores, or forward or backward slashes. |
|
user-name subscriber |
String to be used for the exact name of the subscriber record in RADIUS, in any valid structured subscriber name format; it can be up to 253 characters. |
|
replicate |
Optional. Replicates features of the PVC. Only 802.1Q tunnel encapsulation is currently supported for replication:
|
|
transport |
See the dot1q pvc transport command in Section 1.68. |
(1) You cannot change the encapsulation of an 802.1Q PVC
unless you first delete it and then recreate it.
(2) The raw keyword is not available
for 802.1Q PVCs in link group configuration mode.
No 802.1Q PVCs or tunnels are defined.
Use the dot1q pvc command to create or select an 802.1Q PVC and enter the PVC configuration mode. The PVCs can be on an Ethernet port, or under an access link group or in an 802.1Q tunnel under an access link group
When entered in link group configuration mode, this command creates or selects an aggregated 802.1Q tunnel or a PVC in the link group. When an Ethernet port is added to the link group, an 802.1Q tunnel or a PVC with that vlan-id tag is created on that port.
Many 802.1Q implementations use VLAN tag value 1 as a management PVC. To ensure interoperability, we recommend that you do not use VLAN tag value 1 for non-management traffic.
You cannot specify the same VLAN tag value for an 802.1Q tunnel and an 802.1Q PVC that is not configured within the tunnel.
Use the through end-vlan-id construct to create or select groups of similar PVCs on an Ethernet port. The following guidelines apply when you use the through keyword:
The multi keyword applies to 802.1Q PVCs that have child circuits. The parent 802.1Q PVC carries IPoE traffic. To create child circuits on multi-encapsulated 802.1Q PVCs, use the circuit protocol command (in dot1q PVC configuration mode); to cross-connect them, see Configuring Cross-Connections. The child circuit usually carries PPPoE traffic.
The subscriber argument can include the subscriber name and domain name in any valid format, such as sub-name@ctx-name, but it must match an entry in the RADIUS user database. The format, including the separator character, is configurable; for information about configuring the format, see Configuring Authentication, Authorization, and Accounting.
Use the no form of the dot1q pvc or dot1q pvc on-demand command to delete an 802.1Q PVC or tunnel. If you delete a tunnel, all 802.1Q PVCs configured within that tunnel are also deleted.
The following example shows how to create an 802.1Q PVC with the VLAN tag value 20 on Ethernet port 3/1:
[local]Redback(config)#port ethernet 3/1 [local]Redback(config-port)#encapsulation dot1q [local]Redback(config-port)#dot1q pvc 20 [local]Redback(config-dot1q-pvc)#
The following example shows how to create two 802.1Q PVCs with tag values 26 and 27 for two aggregated 802.1Q PVCs in the link group lg1:
[local]Redback(config)#link-group lg1 dot1q [local]Redback(config-link-group)#dot1q pvc 26 [local]Redback(config-link-pvc)#exit [local]Redback(config-link-group)#dot1q pvc 27 [local]Redback(config-link-pvc)#exit
The following example shows how to create an 802.1Q tunnel with the VLAN tag value 30 and an 802.1Q PVC with the VLAN tag value 100 within it:
[local]Redback(config)#port ethernet 3/1 [local]Redback(config-port)#encapsulation dot1q [local]Redback(config-port)#dot1q pvc 30 encapsulation 1qtunnel [local]Redback(config-dot1q-pvc)#exit [local]Redback(config-port)#dot1q pvc 30:100 encapsulation multi [local]Redback(config-dot1q-pvc)#exit
The following example shows how to create an 802.1Q tunnel with the VLAN tag value 30 and a range of on-demand 802.1Q PVCs with VLAN tag values 100 through 200 within it:
[local]Redback(config)#port ethernet 3/1 [local]Redback(config-port)#encapsulation dot1q [local]Redback(config-port)#dot1q pvc 30 encapsulation 1qtunnel [local]Redback(config-dot1q-pvc)#exit [local]Redback(config-port)#dot1q pvc on-demand 30:100 through 200 encapsulation pppoe [local]Redback(config-port)#bind authentication chap [local]Redback(config-dot1q-pvc)#exit
The following example shows how to create the inner VLAN 100:200 of type raw under the tunnel VLAN 100:
[local]Redback(config)#port ethernet 9/2 [local]Redback(config-port)#no shutdown [local]Redback(config-port)#encapsulation dot1q [local]Redback(config-dot1q)#dot1q pvc 100 encapsulation 1qtunnel [local]Redback(config-dot1q-pvc)#exit [local]Redback(config-port)#dot1q pvc 100:200 encapsulation raw
dot1q pvc transport {any | [tunl-vlan-id:] {any | start-vlan-id [through end-vlan-id]}} [profile prof-name]
no dot1q pvc transport {any | [tunl-vlan-id:] {any | start-vlan-id [through end-vlan-id]}}
Creates or selects a transport-enabled 802.1Q PVC and enters the PVC configuration mode.
|
any |
Optional. Specifies a fallback transport range for all traffic not assigned to a PVC or another transport range. The implicit VLAN boundary is from 1 to 4095.(1) |
|
tunl-vlan-id |
Optional. 802.1Q virtual LAN (VLAN) tag value for the 802.1Q tunnel. The range of values is 1 to 4095.(2) |
|
start-vlan-id |
Optional. First 802.1Q VLAN tag value for a range of PVCs. The range of values is 1 to 4095. (1)(2) |
|
through end-vlan-id |
Optional. Last 802.1Q VLAN tag value for a range of PVCs. (1)(2) |
|
profile prof-name |
Optional. Existing 802.1Q profile. |
(1) The term transport range means the range
of VLAN IDs that are transport-enabled by
the dot1q pvc transport command.
(2) Restrictions to the configuration
of transport ranges are found in Table 21.
No transport-enabled 802.1Q PVCs or tunnels are defined.
Use the dot1q pvc transport command to create or select a transport-enabled 802.1Q PVC and enter the PVC configuration mode. The transport-enabled PVCs can be on an Ethernet port, or under an access link group or in an 802.1Q tunnel under an access link group.
Use the no form of the dot1q pvc transport command to delete the transport range and disable the transport of packets with VLAN IDs in the associated range.
A transport-enabled PVC is like a normal 802.1Q PVC but with four key differences:
Table 21 provides the restrictions that apply to the dot1q pvc transport command.
|
Restriction |
Description |
|---|---|
|
VLAN tag value 1 |
Many 802.1Q implementations use VLAN tag value 1 as a management PVC. To ensure interoperability, we recommend that you do not use VLAN tag value 1 for non-management traffic. |
|
Management port of controller card |
You cannot create 802.1Q PVCs or tunnels on the Ethernet management port on a controller card. |
|
through end-vlan-id |
Use the through end-vlan-id construct to create or select groups of similar PVCs on an Ethernet port. The following guidelines apply when you use the through keyword:
|
|
propagation commands |
Propagation commands configured under a parent 802.1Q PVC with 1q tunnel encapsulation apply to any child transport range. In this case, the 802.1p value from the outer PVC header is used for propagation and value mappings. Propagation commands configured under a child transport range override any propagation settings specified for the parent 802.1Q PVC. In this case, the 802.1p value from the inner PVC header is used for propagation and value mappings. If a profile is specified, only the propagate from qos, propagate to qos, and propagate qos transport use-vlan-header commands apply to this usage of the command. Each transport range can specify a different classification map for propagation. Only propagation references defined in the 802.1Q profile are used. |
|
Bindings |
The bound entity can only be an L2VPN, a VPLS bridge, or a non-VPLS bridge. No other types of bindings are supported. After binding, only the shutdown command and its no form can be applied to the transport range. When the transport range, parent port, or 802.1Q tunnel is shut down, traffic is dropped. |
Figure 3 Simple Bridge with Transport-Enabled Circuits
The preceding illustration shows how transport-enabled circuits (cct1, cct2, and cct3) can be used to transport Dot1Q packets across a simple bridge (non-VPLS) configured in a context.
In a very simple scenario, the endpoints of cct1, cct2, and cct3 could be customer equipment connected on a number of VLANs that pass through the bridge. Because the circuits bound to the bridge are transport enabled, the VLAN tags can be passed intact through the bridge.
Figure 4 L2VPN Cross-Connect (or VPLS Configuration) with Transport-Enabled Circuits
The preceding figure shows how transport-enabled circuits can be used.
The following example shows L2VPN cross-connection and VPLS bridge entities bound to transport-enabled PVCs and shows how the L2 tags of incoming packets are handled after the best-match has been determined.
When an incoming packet arrives at an 802.1Q encapsulated port, the port determines on which circuit the packet is arriving, so that the port can send the packet to the best-matched binding entity for handling. The packet is always handled by the best-match circuit.
Once a PVC has been matched, the packet is handled by the entity bound to that PVC. If there is nothing bound to that PVC, the packet is dropped.
Which VLAN tags, if any, are retained during transport depend on how the L2 entity and transport circuits bound to the entity are configured.
context local ! l2vpn xc-group My_L2VPN ! LDP circuit bindings xc 3/4 vlan-id any transport vc-id 1 peer 2.2.2.2 xc 3/4 vlan-id 100 transport vc-id 2 peer 2.2.2.2 xc 3/4 vlan-id 101:100 through 200 transport vc-id 3 peer 2.2.2.2 xc 3/4 vlan-id 102 : any transport vc-id 4 peer 2.2.2.2 port ethernet 3/4 no shutdown encapsulation dot1q ! create PVC that matches "any." See note for further information dot1q pvc transport any l2vpn local ! create PVC that matches single or double-tagged packet with outer tag 100 ! transport all tags across L2VPN dot1q pvc transport 100 l2vpn local ! create PVC that matches double-tagged packet with outer tag 101 ! and inner tag 100-200 ! transport both tags across L2VPN dot1q pvc 101 encapsulation 1qtunnel dot1q pvc transport 101:100 through 200 l2vpn local ! create PVC that matches double-tagged packet with outer tag 102, ! transport both tags across L2VPN dot1q pvc 102 encapsulation 1qtunnel dot1q pvc transport 102:any l2vpn local ! create PVC that matches single or double-tagged packet with ! outer tag 200 ! transport all tags across VPLS dot1q pvc transport 200 bind interface my_vpls_bridge local ! create PVC that matches double-tagged packet with outer tag 201, ! transport inner tag across VPLS dot1q pvc 201 encapsulation 1qtunnel dot1q pvc transport 201:any bind interface my_vpls_bridge local ! create PVC that matches double-tagged packet with outer tag 300 dot1q pvc 300 encapsulation 1qtunnel dot1q pvc transport 300:any bind interface my_L2_bridge local
dot1q tunnel ethertype tunl-type
{no | default} dot1q tunnel ethertype tunl-type
Specifies the type of traffic (the type found in the 802.1Q header) for any 802.1Q tunnel configured on this port.
port configuration
|
ethertype tunl-type |
Type of 802.1Q traffic for this port, according to one of the following argument or keywords (in hexadecimal format):
|
The default packet type is 8100.
Use the dot1q tunnel command to specify the type of traffic (the type found in the 802.1Q header) for any 802.1Q tunnel configured on this port.
Use the no or default form of this command to specify the default packet type.
The following example shows how to specify 9100 as the packet type:
[local]Redback(config)#port ethernet 3/1 [local]Redback(config-port)#encapsulation dot1q [local]Redback(config-port)#dot1q tunnel ethertype 9100
download aaa route [ reset-interval]
Manually triggers an immediate route download.
exec
|
reset-interval |
Resets the route download timer. |
The value of the route download timer is maintained.
[local]Redback(config)# download aaa route reset-interval
drop
no drop
Drops incoming packets for this forward policy or this policy access control list (ACL) class.
This command has no keywords or arguments.
Packets are not dropped.
Use the drop command to drop incoming packets according to the applied forward policy.
Use the no form of this command to disable the dropping of packets.
The following example configures the DropPolicy policy, which drops incoming packets that belong to the classes ICMP and PIM:
[local]Redback#config [local]Redback(config)#forward policy DropPolicy [local]Redback(config-policy-frwd)#access-group PBR_Drop_ACL local [local]Redback(config-policy-group)#class ICMP [local]Redback(config-policy-group-class)#drop [local]Redback(config-policy-group-class)#exit [local]Redback(config-policy-group)#class PIM [local]Redback(config-policy-group-class)#drop
The following example configures the DropAllPolicy policy, which drops all incoming packets on the circuit:
[local]Redback#config [local]Redback(config)#forward policy DropAllPolicy [local]Redback(config-policy-frwd)#drop
drop
Drops all packets or classes of packets associated with the Network Address Translation (NAT) policy.
This command has no keywords or arguments.
If no action is configured for the NAT policy, by default, packets are dropped.
Use the drop command to drop all packets or classes of packets associated with the NAT policy.
The following example configures the NAT-1 policy and applies the NAT-ACL-1 access control list (ACL) to it. Packets that are classified as NAT-CLASS-1 will be dropped. All other packets, except those explicitly defined by the static rule, will be ignored:
[local]Redback(config)#context CUSTOMER [local]Redback(config-ctx)#nat policy NAT-1 [local]Redback(config-policy-nat)#ignore [local]Redback(config-policy-nat)#ip static in source 10.0.0.1 171.71.71.1 [local]Redback(config-policy-nat)#access-group NAT-ACL-1 [local]Redback(config-policy-group)#class NAT-CLASS-1 [local]Redback(config-policy-group-class)#drop
drop source MAC-list-name
no drop source MAC-list-name
Includes the specified MAC list filter criteria in the current bridge profile.
bridge profile configuration
|
MAC-list-name |
Name of the list of MAC addresses. |
No default
Use the drop source command to include the specified MAC list filter criteria in the current bridge profile.
See the mac-list command for instructions on setting up MAC list filters and for the detailed restrictions relevant to MAC list filters.
Use the show circuit counters detail command to show the number of dropped packets.
The following example illustrates how to create a MAC list named noloops with the mac-list command:
[local]Redback(config)#mac-list noloops [local]Redback(config-mac-list)#11:11:11:ab:cd:cd [local]Redback(config-mac-list)#11:13:44:ab:cd:ab [local]Redback(config-mac-list)#end
The following example shows how to incorporate the created list in a bridge profile:
[local]Redback(config)#bridge profile mynetworkbridges [local]Redback(config-bridge-profile)#drop source noloops [local]Redback(config-bridge-profile)#end
The following example shows how to apply the bridge profile with the MAC list filter to a 802.1Q PVC that interfaces to a bridge where the filter is required:
[local]Redback(config)#port ethernet 5/2 [local]Redback(config-port)#encapsulation dot1q [local]Redback(config-port)#dot1q pvc 5 [local]Redback(config-dot1q-pvc)#bridge profile mynetworkbridges [local]Redback(config-bridge-profile)#end
dsu bandwidth subrate
{no | default} dsu bandwidth
Sets the subrate bandwidth for the data service unit (DSU) on a clear-channel DS-3 channel or port.
DS-3 configuration
|
subrate |
Subrate, in Kbps, of the DSU on a clear-channel DS-3 channel or port. The range of values for a clear-channel DS-3 channel or port is 300 to 44,210; the default value is 44,210. |
The default value is 44,210 Kbps for a clear-channel DS-3 channel or port.
Use the dsu bandwidth command to set the subrate bandwidth for the DSU on a clear-channel DS-3 channel or port if the DSU specified by the dsu mode command (in DS-3 configuration mode) is digital-link or larscom. The CLI responds to the subrate argument with the closest acceptable bandwidth, based on the time slot size for the DSU that you specified for this DS-3 channel or port.
Use the no or default form of this command to set the bandwidth to the default.
The following example shows how to set the bandwidth for the DSU on DS-3 channel 1 on channelized OC-12 port 1:
[local]Redback(config)#port ds3 3/1:1 [local]Redback(config-ds3)#dsu bandwidth 20000
dsu mode {digital-link | kentrox | larscom}
{no | default} dsu mode
Specifies the data service unit (DSU) vendor for a clear-channel DS-3 channel or port.
DS-3 configuration
|
digital-link |
Specifies Digital-Link as the vendor of the DSU; this is the default DSU vendor. |
|
kentrox |
Specifies Kentrox as the vendor of the DSU. |
|
larscom |
Specifies Larscom as the vendor of the DSU. |
The default value is the Digital-Link DSU vendor.
Use the dsu mode command to specify the vendor of the DSU on a clear-channel DS-3 channel or port.
Use the no or default form of this command to specify the default DSU.
The following example shows how to specify the Larscom vendor for the DSU on clear-channel DS-3 channel 1 on channelized OC-12 port 1 in slot 3:
[local]Redback(config)#port ds3 3/1:1 [local]Redback(config-ds3)#dsu mode larscom
dsu scramble
{no | default} dsu scramble
Enables payload scrambling on a clear-channel DS-3 channel or port.
DS-3 configuration
This command has no keywords or arguments.
Payload scrambling is disabled on the channel or port.
Use the dsu scramble command to enable payload scrambling on a clear-channel DS-3 channel or port. The type of scrambling is dependent on the vendor selected for the DSU for a DS-3 channel or port by the dsu mode command (in DS-3 configuration mode).
Use the no or default form of this command to disable payload scrambling.
The following example shows how to enable payload scrambling on clear-channel DS-3 channel 1 on channelized OC-12 port 1 in slot 3:
[local]Redback(config)#port ds3 3/1:1 [local]Redback(config-ds3)#dsu scramble
duplex mode
{no | default} duplex
Specifies the duplex mode for the SmartEdge 100 native or Gigabit Ethernet (GE) copper-based port if auto-negotiation is disabled and the port speed is set to 10 or 100 Mbps.
port configuration
|
mode |
Port duplex mode, according to one of the following keywords:
|
The mode of the port is full duplex.
Use the duplex command to specify the duplex mode for the SmartEdge 100 native or GE copper-based port if auto-negotiation is disabled and the port speed is set to 10 or 100 Mbps. This command is ignored if auto-negotiation is enabled or if the speed of the port is set to 1000 Mbps.
To specify the copper interface for this port, use the medium-type command (in port configuration mode). To specify the speed for this port, use the speed command (in port configuration mode).
This command does not apply to GE ports on any other SmartEdge router or to any Fast Ethernet (FE) port on any SmartEdge router. To set the mode of an FE port, use the medium command (in port configuration mode).
Use the no or default form of this command to set the port duplex mode to the default condition.
The following example sets the mode of a SmartEdge 100 native port 1 to half-duplex:
[local]Redback(config)#port ethernet 2/1 [local]Redback(config-port)#duplex half
dvsr-profile prof-name
no dvsr-profile prof-name
Creates a dynamically verified static routing (DVSR) profile and enters DVSR profile configuration mode.
context configuration
|
prof-name |
DVSR profile name. |
No DVSR profile is configured.
Use the dvsr-profile command to create a DVSR profile, and enter DVSR profile configuration mode. You can use the DVSR profile to set the desired values for the DVSR operation. If no DVSR parameters are set, the profile uses default values for the DVSR parameters. All DVSR routes must reference an existing DVSR profile.
The following example defines a DVSR profile, abc-webfarm, with a time-to-live (TTL) of 3, a verification interval of 25 seconds, a timeout multiplier of 4, and a minimum success of 2:
[local]Redback(config)#context foo [local]Redback(config-ctx)#dvsr-profile abc-webfarm [local]Redback(config-dvsr)#ttl 3 [local]Redback(config-dvsr)#verify-set 25 timeout-multiplier 4 min-success 2
dynamic-hostname [display | router-name]
no dynamic-hostname
Configures a hostname for an Intermediate System-to-Intermediate System (IS-IS) instance.
IS-IS router configuration
|
display |
Optional. Displays the dynamic hostname mapping when any form of the show isis command in exec mode is used. |
|
router-name |
Optional. Displays the dynamic hostname for this IS-IS instance. |
If this command is not enabled, the name specified through the system hostname command in global configuration mode is used.
Use the dynamic-hostname command to configure a hostname for an IS-IS instance.
Use the optional display keyword to enable dynamic hostname mapping for all show isis commands in exec mode.
By default, the hostname of the IS-IS instance is the name specified through the system hostname command in global configuration mode. Use the optional router-name keyword to allow a different hostname to be advertised for the IS-IS instance. This feature is useful when there are multiple IS-IS instances in that each IS-IS instance can display a different hostname. For information on the system hostname command, see the Command List.
Use the no form of this command to revert to the system hostname or remove dynamic hostname mapping used with show isis commands.
The following example configures dynamic-hostname mapping for the isis_2 IS-IS instance:
[local]Redback(config-ctx)#router isis isis_2 [local]Redback(config-isis)#dynamic-hostname display
dynamic-path er-name
no dynamic-path
Directs the Constrained Shortest Path First (CSPF) algorithm to dynamically compute the set of links and nodes that must be traversed.
RSVP LSP configuration
|
er-name |
Explicit route name. |
No dynamic path is applied to the label-switched path (LSP).
Use the dynamic-path command to direct the CSPF algorithm to dynamically compute the set of links and nodes that must be traversed. The dynamic path name is the explicit route (ERO) name that you define using the explicit-route command in RSVP router configuration mode. The dynamic path references the ERO, which is a set of next hops that can be strict or loose. When you specify the next hop as strict or loose and apply it to an LSP, CSPF includes this specification as a constraint in its computation.
Use the no form of this command to delete a dynamic path that the CSPF algorithm applies to the LSP.
The following example shows how to configure the dynamic path ex-route02:
[local]Redback#configure [local]Redback(config)#context local [local]Redback(config-ctx)#router rsvp [local]Redback(config-rsvp)#lsp lsp1 [local]Redback(config-rsvp-lsp)#dynamic-path ex-route02
dynamic-tunnel-profile profile
no dynamic-tunnel-profile profile
In Home Agent configuration mode, applies a dynamic tunnel profile to a home-agent (HA) instance.
In FA Peer configuration mode, applies a dynamic tunnel profile to a foreign-agent (FA) peer.
|
profile |
Name of dynamic tunnel profile. |
The following are the defaults for the dynamic tunnel profile:
Use the dynamic-tunnel-profile command (in Home Agent configuration mode) to apply a dynamic tunnel profile to an HA instance.
Use the dynamic-tunnel-profile command (in FA Peer configuration mode) to apply a dynamic tunnel profile to a FA peer.
You first create a dynamic tunnel profile (in Mobile IP configuration mode and configure its attributes in Dynamic Tunnel Profile configuration mode). You then apply the profile to the HA instance (in Home Agent configuration mode) and its FA peers (in FA Peer configuration mode). Configured static tunnels take precedence over dynamic tunnels. When the dynamic tunnel profile is not applied to an FA peer, the peer inherits the profile specified in HA configuration mode. If you delete a referenced dynamic tunnel profile, the references to this profile are also deleted for the HA instance and FA peers. When this happens, the HA instance and FA peers use the default dynamic tunnel profile values. For information about how to create a dynamic tunnel profile, see Section 1.82.
Use the no form of this command to delete the dynamic tunneling profile.
The following example creates a last-resort interface, two dynamic tunnel profiles (prof1 and prof2), and then applies these profiles to a HA instance and FA peer:
!Create dynamic tunnel profile prof1. [local]Redback(config)#context local [local]Redback(config-ctx)#router mobile-ip [local]Redback(config-mip)#dynamic-tunnel-profile prof1 [local]Redback(config-mip-dyn-tun1-profile)#clear-df [local]Redback(config-mip-dyn-tun1-profile)#hold-time 10 [local]Redback(config-mip-dyn-tun1-profile)#time-out 10 [local]Redback(config-mip-dyn-tun1-profile)#ipip mtu 1200 [local]Redback(config-mip-dyn-tun1-profile)#end
!Create dynamic tunnel profile prof2 [local]Redback(config)#context local [local]Redback(config-ctx)#router mobile-ip [local]Redback(config-mip)#dynamic-tunnel-profile prof2 [local]Redback(config-mip-dyn-tun1-profile)#clear-df [local]Redback(config-mip-dyn-tun1-profile)#hold-time 120 [local]Redback(config-mip-dyn-tun1-profile)#time-out 8 [local]Redback(config-mip-dyn-tun1-profile)#ipip mtu 1000 [local]Redback(config-mip-dyn-tun1-profile)#end !Create last resort interface. [local]Redback(config-ctx)#interface loop loopback [local]Redback(config-if)#ip address 2.2.2.2/16 [local]Redback(config-if)#exit [local]Redback(config-ctx)#interface mip2 multibind lastresort [local]Redback(config-if)ip unnumbered loop
! Apply dynamic tunnel profile prof1 to HA instance. [local]Redback(config)#context ha [local]Redback(config-ctx)#router mobile-ip [local]Redback(config-mip)#home-agent [local]Redback(config-mip-ha)#dynamic-tunnel-profile prof1 [local]Redback(config-fa)#tunnel-type gre [local]Redback(config-fa)#authentication none [local]Redback(config-fa)#local-address to_fa ! Apply dynamic tunnel profile prof2 to FA peer 1.1.1.2. [local]Redback(config-mip-ha)#foreign-agent-peer 1.1.1.2 [local]Redback(config-mip-ha-fapeer)#dynamic-tunnel-profile prof2 [local]Redback(config-mip-fa-fapeer)#end ! The FA peer 3.1.1.2 inherits dynamic tunnel profile prof1 (which is specified in HA configuration mode) because no dynamic profile is applied at the FA peer level. [local]Redback(config-)#foreign-agent-peer 3.1.1.2
dynamic-tunnel-profile profile
no dynamic-tunnel-profile profile
In Mobile IP configuration mode, creates a dynamic tunnel profile and enters Dynamic Tunnel Profile configuration mode.
In Foreign Agent configuration mode, applies the dynamic tunnel profile to an FA instance.
In HA peer configuration mode, applies a dynamic tunnel profile to an HA peer.
|
profile |
Name of dynamic tunnel profile. |
The following are the defaults for the dynamic tunnel profile:
Use the dynamic-tunnel-profile command in Mobile IP configuration mode to create a dynamic tunnel profile and enter Dynamic Tunnel Profile configuration mode. Dynamic Tunnel mode allows you configure dynamic tunnel profile attributes.
Use the dynamic-tunnel-profile command in Foreign Agent Configuration mode to apply a dynamic tunnel profile to a foreign-agent instance.
Use the dynamic-tunnel-profile command HA peer configuration mode to apply a dynamic tunnel profile to a home-agent peers.
Configured static tunnels take precedence over dynamic tunnels. If a dynamic tunnel profile is not applied to an HA peer, the peer inherits the dynamic tunnel profile specified in the FA instance. If there is no profile configured in this mode, the HA peer inherits the default dynamic tunnel profile values. If you delete a referenced dynamic tunnel profile, the references to this profile are also deleted by the FA instance and HA peer. When these references are deleted, the FA instance and HA peers use the default dynamic tunnel profile values. For information about applying a dynamic tunnel profile to a HA instance or FA peer, see Section 1.81.
Use the no form of this command to delete a dynamic tunnel profile.
The following example creates a last resort interface and dynamic tunnel profile, prof1, (in Dynamic tunnel configuration mode) and then applies the profile to an FA instance:
! Create a dynamic tunnel profile mode. [local]Redback(config)#context local [local]Redback(config-ctx)#router mobile-ip [local]Redback(config-mip)#dynamic-tunnel-profile prof1 [local]Redback(config-mip-dyn-tun1-profile)#clear-df [local]Redback(config-mip-dyn-tun1-profile)#hold-time 10 [local]Redback(config-mip-dyn-tun1-profile)#time-out 10 [local]Redback(config-mip-dyn-tun1-profile)#ipip mtu 1200 [local]Redback(config-mip-dyn-tun1-profile)#end !Apply dynamic tunnel profile prof1 to the FA instance. [local]Redback(config)#context fa [local]Redback(config-ctx)#router mobile-ip [local]Redback(config-mip)#foreign-agent [local]Redback(config-mip-fa)#dynamic-tunnel-profile prof1 ! Create a last resort interface with an IP unnumbered interface. [local]Redback(config-ctx)#interface loop loopback [local]Redback(config-if)#ip address 2.2.2.2/16 [local]Redback(config-if)#exit [local]Redback(config-ctx)#interface mip2 multibind lastresort [local]Redback(config-if)ip unnumbered loop
The following example creates a last resort interface, two dynamic tunnel profiles, prof1 and prof2, and then applies profileprof1 to an FA instance and prof2 to an HA peer 1.1.1.2 . HA peer 3.1.1.2 inherits the dynamic tunnel profile prof1 specified in FA configuration mode because no dynamic tunnel profiles are applied in HA peer level:
! Create dynamic tunnel profile prof1. [local]Redback(config)#context local [local]Redback(config-ctx)#router mobile-ip [local]Redback(config-mip)#dynamic-tunnel-profile prof1 [local]Redback(config-mip-dyn-tun1-profile)#clear-df [local]Redback(config-mip-dyn-tun1-profile)#hold-time 10 [local]Redback(config-mip-dyn-tun1-profile)#time-out 10 [local]Redback(config-mip-dyn-tun1-profile)#ipip mtu 1200 [local]Redback(config-mip-dyn-tun1-profile)#end !Create dynamic tunnel profile prof2. [local]Redback(config)#context local [local]Redback(config-ctx)#router mobile-ip [local]Redback(config-mip)#dynamic-tunnel-profile prof2 [local]Redback(config-mip-dyn-tun1-profile)#clear-df [local]Redback(config-mip-dyn-tun1-profile)#hold-time 120 [local]Redback(config-mip-dyn-tun1-profile)#time-out 8 [local]Redback(config-mip-dyn-tun1-profile)#ipip mtu 1000 [local]Redback(config-mip-dyn-tun1-profile)#end ! Create a last resort interface. [local]Redback(config-ctx)#interface loop loopback [local]Redback(config-if)#ip address 2.2.2.2/16 [local]Redback(config-if)#exit local]Redback(config-ctx)#interface mip2 multibind lastresort [local]Redback(config-if)ip unnumbered loop
! Apply the dynamic tunnel profile to the FA instance. [local]Redback(config)#context fa [local]Redback(config-ctx)#router mobile-ip [local]Redback(config-mip)#foreign-agent [local]Redback(config-mip-fa)#dynamic-tunnel-profile prof1 [local]Redback(config-fa)#tunnel-type gre [local]Redback(config-fa)#authentication none [local]Redback(config-fa)#local-address to_fa ! Apply the dynamic tunnel profile to the HA peer 1.1.1.2. [local]Redback(config-mip-fa)#home-agent-peer 1.1.1.2 [local]Redback(config-mip-fa-hapeer)#dynamic-tunnel-profile prof2 [local]Redback(config-mip-fa-hapeer)#end ! HA peer 3.1.1.2 inherits dynamic tunnel profile prof1 (used by the FA instance) since no dynamic profile is configured in HA peer configuration mode. [local]Redback(config-)#home-agent-peer 3.1.1.2