Contents

1   Command Descriptions

Commands starting with “r” are included.

1.1   ra

1.1.1   Purpose

Configures options and settings for router advertisement (RA) messages.

1.1.2   Command Mode

• ND router configuration
• ND router interface configuration

1.1.3   Syntax Description

1.1.4   Default

RA messages are not configured for any ND router or ND router interface.

1.1.5   Usage Guidelines

Use the ra command to configure options and settings for RA messages. In ND router configuration mode, this command configures RA for all interfaces; in ND router interface mode, it configures RA for this ND router interface. If specified, the interface parameters override the global parameters. Enter this command multiple times to configure more than one parameter.

Use the no or default form of this command to remove RA messages from the configuration for this ND router or ND router interface.

1.1.6   Examples

The following example configures RA for this ND router with a retransmission interval of 60 seconds and a lifetime of six minutes (360 seconds):

[local]Redback(config)#context local

[local]Redback(config-ctx)#router nd

[local]Redback(config-nd)#ra interval 60

[local]Redback(config-nd)#ra lifetime 360

The following example suppresses RA for the int1 ND router interface:

[local]Redback(config)#context local

[local]Redback(config-ctx)#router nd

[local]Redback(config-nd)#interface int1

[local]Redback(config-nd-if)#ra suppress

1.2   ra-interval

1.2.1   Purpose

Configures the interval between transmissions for Router Advertisement (RA) messages.

1.2.2   Command Mode

ND profile configuration

1.2.3   Syntax Description

1.2.4   Default

The RA interval default value is 200 seconds.

1.2.5   Usage Guidelines

Use the ra-interval command to configure the interval between transmissions for RA messages.

Use the default form of this command to return the RA interval to its default value.

1.2.6   Examples

The following example configures RA for the ND profile ndprofile7 with a retransmission interval of 90 seconds:

[local]Redback(config)#context local
[local]Redback(config-ctx)#nd profile ndprofile7
[local]Redback(config-nd-profile)#ra-interval 90

1.3   ra-lifetime

1.3.1   Purpose

Configures the lifetime of Router Advertisement (RA) messages.

1.3.2   Command Mode

ND profile configuration

1.3.3   Syntax Description

1.3.4   Default

The RA lifetime default value is 1,800 seconds.

1.3.5   Usage Guidelines

Use the ra-lifetime command to configure the lifetime of RA messages.

Use the default form of this command to return the RA lifetime parameter to its default value.

1.3.6   Examples

The following example configures an RA lifetime of 24000 seconds in the ND profile ndprofile7:

[local]Redback(config)#context local
[local]Redback(config-ctx)#nd profile ndprofile7
[local]Redback(config-nd-profile)#ra-lifetime 24000

1.4   ra-managed-config

1.4.1   Purpose

Enables the managed-address configuration flag in Router Advertisement (RA) messages.

1.4.2   Command Mode

ND profile configuration

1.4.3   Syntax Description

This command has no keywords or arguments.

1.4.4   Default

By default, the managed-address configuration flag is disabled.

1.4.5   Usage Guidelines

Use the ra-managed-config command to enable the managed-address configuration flag in RA messages. This setting indicates that the IPv6 address is available through the DHCPv6 protocol. If the managed-address configuration flag is disabled, the IPv6 address may or may not be available through this protocol.

Use the no or default form of this command to return the managed-address configuration flag to the default value.

1.4.6   Examples

The following example enables the managed-address configuration flag in RA messages for the ND profile ndprofile7:

[local]Redback(config)#context local
[local]Redback(config-ctx)#nd profile ndprofile7
[local]Redback(config-nd-profile)#ra-managed-config

1.5   ra-on-link

1.5.1   Purpose

Enables the on-link flag for IPv6 prefixes in Router Advertisement (RA) messages.

1.5.2   Command Mode

ND profile configuration

1.5.3   Syntax Description

This command has no keywords or arguments.

1.5.4   Default

By default, the on-link flag for IPv6 prefixes is enabled.

1.5.5   Usage Guidelines

Use the ra-on-link command to enable the on-link flag for IPv6 prefixes in RA messages. This setting indicates that the IPv6 prefix advertised in RA messages is associated with an interface on a specific link. If the on-link flag is disabled, the prefix is not associated with an interface on a specific link.

Use the no form of this command to disable the on-link flag. Use the default form of this command to return the on-link flag to the default value.

1.5.6   Examples

The following example enables the on-link flag for IPv6 prefixes in RA messages for the ND profile ndprofile7:

[local]Redback(config)#context local
[local]Redback(config-ctx)#nd profile ndprofile7
[local]Redback(config-nd-profile)#ra-on-link

1.6   ra-other-config

1.6.1   Purpose

Enables the other-config flag in Router Advertisement (RA) messages.

1.6.2   Command Mode

ND profile configuration

1.6.3   Syntax Description

This command has no keywords or arguments.

1.6.4   Default

By default, the Other-Config flag is enabled.

1.6.5   Usage Guidelines

Use the ra-other-config command to enable the other-config flag in RA messages. This setting indicates that other configuration information is available in the RA messages. If the other-config flag is disabled, other configuration information is not available.

Use the no form of this command to disable the other-config flag. Use the default form of this command to return the other-config flag to the default value.

1.6.6   Examples

The following example enables the other-config flag in RA messages for the ND profile ndprofile7:

[local]Redback(config)#context local
[local]Redback(config-ctx)#nd profile ndprofile7
[local]Redback(config-nd-profile)#ra-other-config

1.7   radius accounting algorithm

1.7.1   Purpose

Specifies a load-balancing algorithm to use among multiple RADIUS accounting servers.

1.7.2   Command Mode

context configuration

1.7.3   Syntax Description

1.7.4   Default

The SmartEdge® router uses the first configured RADIUS server first.

1.7.5   Usage Guidelines

Use the radius accounting algorithm command to specify a load-balancing algorithm to use among multiple RADIUS accounting servers.

Use the default form of this command to reset the load-balancing algorithm to use the first configured RADIUS server first.

1.7.6   Examples

The following example sets the load-balancing algorithm to round-robin:

[local]Redback(config-ctx)#radius accounting algorithm round-robin

1.8   radius accounting deadtime

1.8.1   Purpose

Sets the interval during which the SmartEdge router treats a nonresponsive RADIUS accounting server as “dead.”

1.8.2   Command Mode

context configuration

1.8.3   Syntax Description

1.8.4   Default

The waiting interval is five minutes.

1.8.5   Usage Guidelines

Use the radius accounting deadtime command to set the interval during which the SmartEdge router treats a nonresponsive RADIUS accounting server as “dead.” During the interval, the SmartEdge router tries to reach another RADIUS accounting server; after the interval expires, the SmartEdge router tries again to reach the accounting server. If there is no response, the RADIUS accounting server remains marked as “dead” and the timer is set again to the configured interval.

If you disable this feature (with the 0 value), the SmartEdge router never waits but attempts to reach the server immediately.

Note:  

You must configure at least one RADIUS accounting server using the radius accounting server command (in context configuration mode) prior to entering this command.

Use the default form of this command to specify the default interval.

1.8.6   Examples

The following example sets the deadtime interval to 10 minutes:

[local]Redback(config-ctx)#radius accounting deadtime 10

1.9   radius accounting max-outstanding

1.9.1   Purpose

Modifies the number of simultaneous outstanding accounting requests that can be sent by the SmartEdge router to RADIUS accounting servers.

1.9.2   Command Mode

context configuration

1.9.3   Syntax Description

1.9.4   Default

The number of simultaneous outstanding accounting requests sent by the SmartEdge router is 256.

1.9.5   Usage Guidelines

Use the radius accounting max-outstanding to modify the number of simultaneous outstanding accounting requests that can be sent by the SmartEdge router to RADIUS accounting servers.

Use this command if the RADIUS servers cannot handle the default of 256 simultaneous outstanding accounting requests that the SmartEdge router can send to RADIUS accounting servers configured within the context.

Use the no or default form of this command to reset the maximum number of allowable outstanding requests to 256.

1.9.6   Examples

The following example limits the number of simultaneous outstanding requests to 128:

[local]Redback(config-ctx)#radius accounting max-outstanding 128

1.10   radius accounting max-retries

1.10.1   Purpose

Modifies the number of retransmission attempts the SmartEdge router makes to a RADIUS server in the event that no response is received from the server within the timeout period.

1.10.2   Command Mode

context configuration

1.10.3   Syntax Description

1.10.4   Default

The SmartEdge router sends three retransmissions.

1.10.5   Usage Guidelines

Use the radius accounting max-retries command to modify the number of retransmission attempts the SmartEdge router makes to a RADIUS accounting server in the event that no response is received from the server within the timeout period.

If an acknowledgment is not received, each successive, configured server is tried (wrapping from the last server to the first, if necessary) until the maximum number of retransmissions is reached.

Use the default form of this command to reset the number of retries to 3.

1.10.6   Examples

The following example sets the retransmit value to 5:

[local]Redback(config-ctx)#radius accounting max-retries 5

The following example resets the retransmit value to the default of 3:

[local]Redback(config-ctx)#default radius accounting max-retries

1.11   radius accounting send-acct-on-off

1.11.1   Purpose

Enables the sending of “accounting on” and “accounting off” messages to all RADIUS accounting servers that are configured in the current context.

1.11.2   Command Mode

context configuration

1.11.3   Syntax Description

This command has no keywords or arguments.

1.11.4   Default

Accounting on and accounting off messages are sent.

1.11.5   Usage Guidelines

Use the radius accounting send-acct-on-off command to enable the sending of accounting on and accounting off messages to all RADIUS accounting servers that are configured in the current context.

The SmartEdge router sends messages to RADIUS accounting servers in various circumstances:

• An Accounting-On message is sent when you enable RADIUS accounting in a context; this message is sent to all RADIUS accounting servers configured within the context. This type of message is also sent when you add a new RADIUS accounting server; however, the message is only sent to the newly added RADIUS accounting server.
• An Accounting-off message is sent when you disable RADIUS accounting within a context; this message is sent to all RADIUS accounting servers configured in a context. If you remove a single RADIUS accounting server, the message is only sent to the newly removed RADIUS accounting server.

  Note:  

  The SmartEdge router attempts to send a single accounting on message when more than one type of RADIUS accounting is enabled. For example, if you enable both subscriber accounting and L2TP accounting, the SmartEdge router sends a single accounting on message to each RADIUS accounting server, even if you enable L2TP accounting at a later time.

  Similarly, the accounting off message is not sent until you have disabled all types of RADIUS accounting.

  
  

Use the no form of this command to prevent the SmartEdge router from sending these messages.

Use the default form of this command to return the system to its default behavior.

1.11.6   Examples

The following example disables the sending of accounting on and off messages to all other RADIUS accounting servers in the local context:

[local]Redback(config)#context local

[local]Redback(config-ctx)#no radius send-acct-on-off

1.12   radius accounting server

1.12.1   Purpose

Configures the IP address or hostname of a RADIUS accounting server.

1.12.2   Command Mode

context configuration

1.12.3   Syntax Description

1.12.4   Default

RADIUS accounting server hostnames and IP addresses are not preconfigured. The UDP accounting port is 1813.

1.12.5   Usage Guidelines

Use the radius accounting server command to configure the IP address or hostname of a RADIUS accounting server. Use this command multiple times to configure up to five RADIUS accounting servers per context. To use the hostname argument, you must enable DNS; for more information.

Note:  

To enable accounting to be performed by RADIUS, you must also enter the aaa accounting subscriber command (in context configuration mode); for more information, see Configuring Bridging.

Use the no form of this command to delete a previously configured RADIUS accounting server.

1.12.6   Examples

The following example configures a RADIUS accounting server IP address of 10.3.3.3 with the key, secret, using port 4445 for accounting:

[local]Redback(config-ctx)#radius accounting server 10.3.3.3 key secret port 4445

1.13   radius accounting server-timeout

1.13.1   Purpose

Sets the time interval the SmartEdge router waits before marking a nonresponsive RADIUS accounting server as “dead.”

1.13.2   Command Mode

context configuration

1.13.3   Syntax Description

1.13.4   Default

The maximum time interval is 60 seconds.

1.13.5   Usage Guidelines

Use the radius accounting server-timeout command to set the time interval the SmartEdge router waits before marking a non-responsive RADIUS accounting server as “dead.”

The SmartEdge router marks a RADIUS accounting server as “dead” when no response is received to any RADIUS requests during the time period specified by the interval argument. Setting the value to 0 disables this feature; in this case, no RADIUS accounting server is marked as “dead.”

Use the default form of this command to specify the default interval.

1.13.6   Examples

The following example sets the waiting interval to 80 seconds:

[local]Redback(config-ctx)#radius accounting server-timeout 80

1.14   radius accounting timeout

1.14.1   Purpose

Sets the maximum time the SmartEdge router waits for a response from a RADIUS accounting server before assuming that a packet is lost, or that the RADIUS accounting server is unreachable.

1.14.2   Command Mode

context configuration

1.14.3   Syntax Description

1.14.4   Default

The maximum time is 10 seconds.

1.14.5   Usage Guidelines

Use the radius accounting timeout command to set the maximum time the SmartEdge router waits for a response from a RADIUS accounting server before assuming that a packet is lost, or that the RADIUS accounting server is unreachable.

Use the default form of this command to specify the default interval.

1.14.6   Examples

The following example sets the timeout interval to 30 seconds:

[local]Redback(config-ctx)#radius accounting timeout 30

1.15   radius algorithm

1.15.1   Purpose

Specifies the algorithm to use among multiple RADIUS servers.

1.15.2   Command Mode

context configuration

1.15.3   Syntax Description

1.15.4   Default

The SmartEdge router queries the first configured server first.

1.15.5   Usage Guidelines

Use the radius algorithm command to specify the algorithm to use among multiple RADIUS servers.

Use the default form of this command to reset the SmartEdge router to query the first configured RADIUS server first.

1.15.6   Examples

The following example sets the algorithm to round-robin:

[local]Redback(config-ctx)#radius algorithm round-robin

1.16   radius attribute acct-delay-time

1.16.1   Purpose

Sends the Acct-Delay-Time attribute in the RADIUS Accounting-Request packets for the current context regardless of whether the SmartEdge router had a delay in sending the accounting record to the RADIUS server.

1.16.2   Command Mode

context configuration

1.16.3   Syntax Description

This command has no keywords or arguments.

1.16.4   Default

The Acct-Delay-Time attribute is only sent in RADIUS Accounting-Request packets for the current context, if there is a delay in sending the accounting record.

1.16.5   Usage Guidelines

Use the radius attribute acct-delay-time command to send the Acct-Delay-Time attribute in RADIUS Accounting-Request packets for the current context regardless of whether the SmartEdge router had a delay in sending the accounting record to the RADIUS server. If there is no delay, the SmartEdge router sets the Acct-Delay-Time attribute to 0. By default, the Acct-Delay-Time attribute is sent in RADIUS Accounting-Request packets for the current context only if there is a delay in sending the accounting record to the RADIUS server.

Standard RADIUS attribute 41, Acct-Delay-Time, is described in RADIUS Attributes.

Use the no or default form of this command to reset the SmartEdge router behavior to the default condition.

1.16.6   Examples

The following example shows how to configure the SmartEdge router to send the Acct-Delay-Time attribute in RADIUS Accounting-Request packets:

[local]Redback(config-ctx)#radius attribute acct-delay-time

1.17   radius attribute acct-session-id

1.17.1   Purpose

Sends the Acct-Session-Id attribute in RADIUS Access-Request packets for the current context.

1.17.2   Command Mode

context configuration

1.17.3   Syntax Description

1.17.4   Default

The Acct-Session-Id attribute is only sent in Accounting-Request packets.

1.17.5   Usage Guidelines

Use the radius attribute acct-session-id command to send the Acct-Session-Id attribute in RADIUS Access-Request packets for the current context.

This command affects only subscriber sessions, not administrator sessions.

Standard RADIUS attribute 41, Acct-Session-Id, is described in RADIUS Attributes.

Use the no or default form of this command to disable the sending of the Acct-Session-Id attribute in Access-Request packets.

1.17.6   Examples

The following example configures the SmartEdge router to send the Acct-Session-Id attribute in RADIUS access-request packets:

[local]Redback(config-ctx)#radius attribute acct-session-id access-request

1.18   radius attribute acct-terminate-cause remap

1.18.1   Purpose

Enables the remapping of Ericsson AB account termination error codes and accesses terminate error cause configuration mode.

1.18.2   Command Mode

global configuration

1.18.3   Syntax Description

This command has no keywords or arguments.

1.18.4   Default

Remapping of account termination error codes is disabled.

1.18.5   Usage Guidelines

Use the radius attribute acct-terminate-cause remap command to enable the remapping of Ericsson AB account termination error codes and access terminate error cause configuration mode. By default, the SmartEdge router maps a Ericsson AB termination error code to a RADIUS Attribute 49 (Acct-Terminate-Cause) terminate cause error code, which it sends in RADIUS Accounting-Stop packets. RADIUS attribute 49 terminate cause error codes and their definitions are included in RFC 2866, RADIUS Accounting. RADIUS Attributes lists the default mapping of Ericsson AB account termination error codes to RADIUS attribute 49 error codes.

Use the no form of this command to remove the remapping of all Ericsson AB account termination error codes.

1.18.6   Examples

The following example enables the remapping of Ericsson AB account termination error codes:

[local]Redback(config)#radius attribute acct-terminate-cause remap

[local]Redback(config-term-ec)#

1.19   radius attribute acct-tunnel-connection l2tp-call-serial-num

1.19.1   Purpose

Sends a Layer 2 Tunneling Protocol (L2TP) call serial number type value in the Acct-Tunnel-Connection attribute in RADIUS packets for the current context, when the SmartEdge router is functioning as an L2TP access concentrator (LAC).

1.19.2   Command Mode

context configuration

1.19.3   Syntax Description

This command has no keywords or arguments.

1.19.4   Default

When functioning as a LAC, the SmartEdge router sends an L2TP session ID type value in the Acct-Tunnel-Connection attribute.

1.19.5   Usage Guidelines

Use the radius attribute acct-tunnel-connection l2tp-call-serial-num command to send an L2TP call serial number ID type value in the Acct-Tunnel-Connection attribute in the RADIUS packets for the current context, when the SmartEdge router is functioning as a LAC. This enables the RADIUS server to correlate the ID type values received from the SmartEdge router and those received from L2TP network server (LNS) devices when it attempts to authenticate Point-to-Point Protocol over Ethernet (PPPoE) sessions. (LNS) devices send L2TP call serial numbers in the Acct-Tunnel-Connection attribute by default.)

This command affects only subscriber sessions, not administrator sessions.

Standard RADIUS attribute 68, Acct-Tunnel-Connection, is described in RADIUS Attributes.

Use the no or default form of this command to remove a tunnel with the RADIUS server from either a LAC or LNS.

1.19.6   Examples

The following example configures the SmartEdge router, when functioning as a LAC, to send the L2TP call serial number in the Acct-Tunnel-Connection attribute to the RADIUS server:

[local]Redback(config-ctx)#radius attribute acct-tunnel-connection l2tp-call-serial-num

1.20   radius attribute calling-station-id

1.20.1   Purpose

Using the specified format, sends the Calling-Station-Id attribute in RADIUS Access-Request and Accounting-Request packets for the current context.

1.20.2   Command Mode

context configuration

1.20.3   Syntax Description

1.20.4   Default

The Calling-Station-Id attribute is not sent.

1.20.5   Usage Guidelines

Use the radius attribute calling-station-id command to send the Calling-Station-Id attribute, using the specified format, in RADIUS Access-Request and Accounting-Request packets for the current context.

If you specify the media keyword, you can customize the format for ATM or Ethernet subscribers or for both. The default format is valid for all circuit types.

If you specify the agent-circuit-id keyword, you can also specify the agent-remote-id keyword.

If you specify the agent-circuit-id non-ascii keywords, you can also specify the agent-remote-id non-ascii keywords.

For Dynamic Host Configuration Protocol (DHCP) clients, the information for the Calling-Station-Id attribute is extracted from the suboption1 information in option 82 of the DHCP request packet; for Point-to-Point Protocol over Ethernet (PPPoE) clients, the information is extracted in the PPPoE Active Discovery Request (PADR) packet.

If the agent-circuit-id keyword is specified, but the circuit agent ID information is not present in the DHCP request packet or in the PADR packet sent by the client, the SmartEdge router inserts the “Agent-Circuit-Id Not Present” string.

If the agent-remote-id keyword is specified, but the remote agent ID information is not present in the DHCP request packet or in the PADR packet sent by the client, the SmartEdge router inserts the “Agent-Remote-Id Not Present” string.

For Asynchronous Transfer Mode (ATM) permanent virtual circuits (PVCs), the format for the slot-port keyword is #Hostname#slot/port#VPI#VCI; the description format is #Hostname#VC description#VPI#VCI.

Note:  

If the description keyword is used, but the description of the ATM PVC itself has not been configured using the description command (in ATM PVC configuration mode), the SmartEdge router defaults to the slot-port format.

For virtual LANs (VLANs), the formats for the slot-port keyword and description keyword, respectively, are:

• #Hostname#slot/port#Vlan-ID
• #Hostname#Vlan description#Vlan-ID

Use the no form of this command to disable the sending of the Calling-Station-Id attribute.

Use the default form of this command to specify the default separator. To change the default separator character, specify the separator keyword and character to use as the separator.

1.20.6   Examples

The following example sends the Calling-Station-Id attribute using the slot-port format and inserts agent-circuit-id and agent-remote-id information into Access-Request and Accounting-Request packets:

[local]Redback(config-ctx)#radius attribute calling-station-id format slot-port agent-circuit-id agent-remote-id separator #

The format in which the Calling-Station-Id attribute is sent for VLAN connections is as follows:

hostname#slot#port#(VLAN ID)#(Agent-Circuit-Id)#(Agent-Remote-Id)

The following example configures the context so that the Calling-Station-Id attribute is sent in Access-Request and Accounting-Request packets using a slash (/) as the separator character:

[local]Redback(config-ctx)#radius attribute calling-station-id separator /

1.21   radius attribute filter-id

1.21.1   Purpose

Specifies the behavior of the SmartEdge router when it receives a RADIUS Filter-Id attribute that does not specify a direction and there is an access control list (ACL) applied to the circuit.

1.21.2   Command Mode

• context configuration

1.21.3   Syntax Description

1.21.4   Default

If the Filter-Id attribute does not include a direction, the SmartEdge router applies the ACL to outbound packets only.

1.21.5   Usage Guidelines

Use the radius attribute filter-id command to specify the behavior of the SmartEdge router when it receives a RADIUS Filter-Id attribute that does not specify a direction and there is an ACL applied to the circuit. The choice of behavior depends on the nature of the ACL and the type of data that is exchanged.

The following sequence determines how the SmartEdge router applies the ACL:

• If the Filter-Id attribute includes a direction, it is honored.
• If the Filter-Id attribute does not include a direction, and you have configured this command, the SmartEdge router determines the direction from the configuration for this command.
• If the Filter-Id attribute does not include a direction, and this command is not configured, the SmartEdge router applies the ACL to outbound packets only (the default condition).

Use the no or default form of this command to specify the default condition.

1.21.6   Examples

The following example specifies that the ACL be applied to inbound packets only:

[local]Redback(config)#context local

[local]Redback(config-ctx)#radius attribute filter-id in

1.22   radius attribute nas-identifier

1.22.1   Purpose

Includes the network access server (NAS)-Identifier attribute in RADIUS Access-Request and Accounting-Request packets sent by the SmartEdge router.

1.22.2   Command Mode

context configuration

1.22.3   Syntax Description

1.22.4   Default

The NAS-Identifier attribute is not sent.

1.22.5   Usage Guidelines

Use the radius attribute nas-identifier command to include the NAS-Identifier attribute in RADIUS Access-Request and Accounting-Request packets sent by the SmartEdge router.

Standard RADIUS attribute 32, NAS-Identifier, is described in RADIUS Attributes

Use the no or default form of this command to specify the default behavior.

1.22.6   Examples

The following example shows how to configure the NAS-Identifier in RADIUS Access-Request and Accounting-Request packets sent by the SmartEdge router:

[local]Redback(config-ctx)#radius attribute nas-identifier somearbritrarystring

1.23   radius attribute nas-ip-address

1.23.1   Purpose

Includes the network access server (NAS)-IPv4 Address attribute in RADIUS Access-Request and Accounting-Request packets sent by the SmartEdge router.

1.23.2   Command Mode

context configuration

1.23.3   Syntax Description

1.23.4   Default

The NAS-IPv4 Address attribute is not sent.

1.23.5   Usage Guidelines

Use the radius attribute nas-ip-address command to include the IPv4 NAS-IP-Address attribute in RADIUS Access-Request and Accounting-Request packets sent by the SmartEdge router.

Standard RADIUS attribute 4, NAS-IP-Address, is described in RADIUS Attributes.

Use the no or default form of this command to reset the SmartEdge router behavior so that the NAS-IP-Address attribute for IPv4 is not included.

1.23.6   Examples

The following example sends the primary IPv4 address for interface ether21 as the source IPv4 address in RADIUS Access-Request and Accounting-Request packets sent by the SmartEdge router:

[local]Redback(config-ctx)#radius attribute nas-ip-address interface ether21

1.24   radius attribute nas-port

1.24.1   Purpose

Modifies the format of the network access server (NAS)-Port attribute, which is sent in RADIUS Access-Request and Accounting-Request packets for the current context.

1.24.2   Command Mode

context configuration

1.24.3   Syntax Description

1.24.4   Default

Standard RADIUS attribute 5, NAS-Port, is sent in the slot-port format. L2TP circuits (LNS or LAC), use “pseudo” formatting.

1.24.5   Usage Guidelines

Use the radius attribute nas-port command to modify the format of the NAS-Port attribute, which is sent in RADIUS Access-Request and Accounting-Request packets for the current context.

Use the radius attribute nas-port command with the no-pseudo keyword to remove “pseudo” formatting on L2TP circuits (LNS or LAC).

The standard RADIUS attribute 5, NAS-Port, is described in RADIUS Attributes.

Use the no or default form of this command to revert to the default behavior.

1.24.6   Examples

The following example sends the attribute NAS-Port using the slot-port format in RADIUS Access-Request and Accounting-Request packets for the local context:

[local]Redback(config)#context local

[local]Redback(config-ctx)#radius attribute nas-port format slot-port

1.25   radius attribute nas-port-id

1.25.1   Purpose

Modifies the format of the network access server (NAS)-Port-Id attribute, which is sent in RADIUS Access-Request and Accounting-Request packets for the current context.

1.25.2   Command Mode

context configuration

1.25.3   Syntax Description

1.25.4   Default

Standard RADIUS attribute 87, NAS-Port-Id, is sent using the all format.

1.25.5   Usage Guidelines

Risk of interoperability loss. The NetOp Policy Manager (PM) requires the default format setting for this command to assimilate the RADIUS attribute information. To avoid loss of interoperability with NetOp PM, use this command with its default setting only.

If you specify the agent-circuit-id keyword, you can also specify the agent-remote-id keyword.

For Dynamic Host Configuration Protocol (DHCP) clients, the information for the NAS-Port-Id attribute is extracted from the suboption1 information in option 82 of the DHCP request packet; for Point-to-Point Protocol over Ethernet (PPPoE) clients, the information is extracted in the PPPoE Active Discovery Request (PADR) packet.

If the agent-circuit-id keyword is specified, but the circuit agent ID information is not present in the DHCP request packet or in the PADR packet sent by the client, the SmartEdge router inserts the “Agent-Circuit-Id Not Present” string.

If the agent-remote-id keyword is specified, but the remote agent ID information is not present in the DHCP request packet or in the PADR packet sent by the client, the SmartEdge router inserts the “Agent-Remote-Id Not Present” string.

If you specify the all keyword, the physical circuit information includes the slot, port, circuit identifier, and session identifier; the format in which the NAS-Port-Id attribute is sent is: slot/port [vpi-vci vpi vci | vlan-id [tunl-vlan-id:]pvc-vlan-id] [pppoe sess-id | clips sess-id]

The circuit identifier can be the virtual path identifier (VPI) with the virtual channel identifier (VCI), or it can be the virtual LAN (VLAN) identifier, depending on the type of circuit.

If you specify the physical keyword, the format in which the NAS-Port-Id attribute is sent is: slot/port [vpi-vci vpi vci | vlan-id [tunl-vlan-id:]pvc-vlan-id].

If you specify the modified-agent-circuit-id keyword, the system inserts the specific subscriber line information in the NAS-Port-ID attribute. Line information includes: slot/port [vpi-vci vpi vci | vlan-id [tunl-vlan-id:]pvc-vlan-id] which is prepended to the subscriber identification fields.

To indicate that a text string description of the access link group is to be used as a prefix to the NAS-Port-Id attribute using the description command, specify the format, modified-agent-circuit-id, and prefix-lg-description keywords with the radius attribute nas-port-id command. For more information about the description command, see the Command List.

Standard RADIUS attribute 87, NAS-Port-Id, and vendor-specific attributes (VSAs) 96 provided by Ericsson AB, Agent-Remote-Id, and 97, Agent-Circuit-Id, are described in RADIUS Attributes.

Use the no or default form of this command to reset the format for the NAS-Port-Id attribute to the all format.

Use the default form of this command to specify the default separator. To change the default separator character, specify the separator keyword and character to use as the separator.

1.25.6   Examples

The following example shows how to send the NAS-Port-Id attribute using the physical format in RADIUS Access-Request and Accounting-Request packets for the local context:

[local]Redback(config)#context local

[local]Redback(config-ctx)#radius attribute nas-port-id format physical

1.26   radius attribute nas-port-type

1.26.1   Purpose

Modifies the value for the network access server (NAS)-Port-Type attribute sent in RADIUS Access-Request and Accounting-Request packets.

1.26.2   Command Mode

• ATM profile configuration
• dot1q profile configuration
• link-group configuration
• port configuration

1.26.3   Syntax Description

1.26.4   Default

The Nas-Port-Type attribute is sent in RADIUS Access-Request and Accounting-Request packets. The value is either 0 or 5, depending on how the subscriber is connected to its authenticating NAS.

1.26.5   Usage Guidelines

Use the radius attribute nas-port-type command to modify the value for the NAS-Port-Type attribute sent in RADIUS Access-Request and Accounting-Request packets. You can set this attribute for an ATM profile, an 802.1Q profile, a link group, or a port.

Note:  

For link groups, the NAS-Port-Type attribute can be set only at the link-group level, not for the constituent ports. Any ports that already have the NAS-Port-Type attribute configured cannot be added to a link group until this configuration is removed from the port.

Table 1 lists the definitions of the values for the port-type argument.

Standard RADIUS attribute 61, NAS-Port-Type, is described in RADIUS Attributes.

Use the no or default form of this command to reset the SmartEdge router behavior to the default condition.

1.26.6   Examples

The following example modifies the NAS-Port-Type attribute in RADIUS Access-Request and Accounting-Request packets to type 4 (ISDN) for an ATM profile:

[local]Redback(config)#atm profile ATMPROFILE
[local]Redback(config-atm-profile)#radius attribute nas-port-type 4

1.27   radius attribute nas-port-type from-encapsulation

1.27.1   Purpose

Enables authentication, authorization, and accounting (AAA) to set the value for the network access server (NAS)-Port-Type attribute sent in RADIUS Access-Request and Accounting-Request packets according to the L2TP bearer type.

1.27.2   Command Mode

context configuration

1.27.3   Syntax Description

1.27.4   Default

None

1.27.5   Usage Guidelines

For an LNS, to take the NAS port type from the subscriber's original ingress port type on the LAC, use the radius attribute nas-port-type from-encapsulation command.

Standard RADIUS attribute 61, NAS-Port-Type, is described in RADIUS Attributes.

Use the no form of this command to disable this behavior on the SmartEdge router.

1.27.6   Examples

The following example enables AAA in the local context to determine the NAS-Port-Type attribute from the L2TP bearer type:

[local]Redback(config)#context local
[local]Redback(config-ctx)#radius attribute nas-port-type from-encapsulation

1.28   radius attribute nas-ipv6-address

1.28.1   Purpose

Includes the network access server (NAS)-IPv6-Address attribute in RADIUS Access-Request and Accounting-Request packets sent by the SmartEdge router.

1.28.2   Command Mode

context configuration

1.28.3   Syntax Description

1.28.4   Default

The NAS-IPv6-Address attribute is not sent.

1.28.5   Usage Guidelines

Use the radius attribute nas-ipv6-address command to include the NAS-IPv6-Address attribute in RADIUS Access-Request and Accounting-Request packets sent by the SmartEdge router.

Standard RADIUS attribute 4, NAS-IPv6-Address, is described in RADIUS Attributes.

Use the no or default form of this command to reset the SmartEdge router behavior so that the NAS-IPv6-Address attribute is not included.

If using RADIUS to authenticate a subscriber, configure the NAS-IPV6-Address to match the IPv6 address of the NAS interface. When a subscriber is successfully authenticated, the radius server returns an IPv6 prefix /64 to the BRAS. If the circuit is configured for dual-stack, an IPv4 address is also returned.

1.28.6   Examples

The following example sends the primary IPv6 address for interface ABC as the source IPv6 address in RADIUS Access-Request and Accounting-Request packets sent by the SmartEdge router, where the interface ABC is already defined in the configuration as follows:

interface ABC
  ipv6 address 2001:1001:3001:4001:5001:6001:7001:7001/127

[local]Redback(config-ctx)#radius attribute nas-ipv6-address interface ABC

Following is sample output sent in the RADIUS packet.

NAS-IPv6-Address = 2001:1001:3001:4001:5001:6001:7001:7001

1.29   radius attribute username

1.29.1   Purpose

Specifies the format of the username attribute sent in RADIUS messages.

1.29.2   Command Mode

• context configuration

1.29.3   Syntax Description

1.29.4   Default

The SmartEdge router does not specify RADIUS username attribute options.

1.29.5   Usage Guidelines

Use the radius attribute username command to specify the format of the username attribute sent in RADIUS messages.

Use the no or default form of this command to return the specified username attribute to the default.

1.29.6   Examples

The following example specifies the MAC deliminator characters are stripped from the username in RADIUS messages for CLIPS subscribers:

[local]Redback(config)#context local
[local]Redback(config-ctx)#radius attribute username encaps clips strip-mac-delimiter

1.30   radius attribute vendor-specific

1.30.1   Purpose

Specifies the character the SmartEdge router uses to separate the fields in the specified RADIUS attribute, and whether attributes can be encrypted.

1.30.2   Command Mode

• context configuration

1.30.3   Syntax Description

1.30.4   Default

The SmartEdge router uses the hyphen (-) character, and vendor VSAs can be encrypted.

1.30.5   Usage Guidelines

Use the radius attribute vendor-specific command to specify the character the SmartEdge router uses to separate the fields in the specified RADIUS attribute, and whether attributes can be encrypted.

Use the no or default form of this command to specify the default character as the separator.

1.30.6   Examples

The following example specifies the colon (:) as the separator character:

[local]Redback(config)#context local

[local]Redback(config-ctx)#radius attribute vendor-specific Redback mac-address separator :

1.31   radius await-acct-on-ack

1.31.1   Purpose

In global configuration mode, enables the SmartEdge router to wait to receive an acknowledgement of the receipt of the Accounting-On message that it sent to the RADIUS accounting servers after the router reboots. The router waits for the acknowledgement message (ACK message) before it begins to send authentication and accounting requests to the RADIUS servers.

1.31.2   Command Mode

• global configuration

1.31.3   Syntax Description

This command has no keywords or arguments.

1.31.4   Default

By default, after the SEOS router reboots, an Accounting-On message is sent to the RADIUS servers. However, the router does not wait for an acknowledgement of the receipt of this message from the servers before sending the authentication and accounting requests to the RADIUS servers.

1.31.5   Usage Guidelines

Use the radius await-acct-on-ack command in global configuration mode to enable the SmartEdge router to wait to receive an acknowledgement of the receipt of the Accounting-On message that it sent to the RADIUS accounting servers after the router reboots. This command ensures that the router waits for an ACK message before it begins to send authentication and accounting requests to the servers.

If the SmartEdge router has not yet received an ACK message from the RADIUS server within 10 seconds of sending the Accounting-On message, the router checks again. If after 30 retries, and still no ACK message is received, the router sends authentication and accounting requests to the RADIUS servers. The interval time between retries is 10 seconds. The maximum time the router waits for a response from a RADIUS server before assuming that a packet is lost, or that the RADIUS server is unreachable is 5 minutes.

If more than one RADIUS accounting server is configured, and the router receives an ACK message from any one of the servers, the router considers this message as an acknowledgement of the receipt of the Accounting-On message. If “two-stage accounting” is configured, an ACK message from the global accounting server (configured in context local) is the one that is counted as the acknowledgement of the receipt of the Accounting-On message.

Note:  

The radius await-acct-on-ack command does not take effect, if local authentication with RADIUS accounting is configured.

Use the no or default form of this command to return the SmartEdge router to its default setting of not waiting to receive an acknowledgement of receipt of the Accounting-On message from the RADIUS servers before the router sends authentication and accounting requests to the servers.

1.31.6   Examples

The following example shows how to configure the radius await-acct-on-ack command:

[local]Redback(config)#radius await-acct-on-ack

[local]Redback(config)#

1.32   radius coa server

1.32.1   Purpose

Configures the IP address or hostname of a RADIUS Change of Authorization (CoA) server.

1.32.2   Command Mode

context configuration

1.32.3   Syntax Description

1.32.4   Default

RADIUS CoA server hostnames and IP addresses are not preconfigured. Port 3799 is the User Datagram Protocol (UDP) CoA port.

1.32.5   Usage Guidelines

Use the radius coa server command to configure the IP address or hostname of a RADIUS CoA server. You can enter this command multiple times to configure up to 36 RADIUS CoA servers per context. RADIUS CoA servers configured in a non-local context can change session settings only for subscribers in the same context. CoA servers configured in the local context can change settings for all subscribers.

To use the hostname argument, DNS must be enabled; for more information.

Note:  

To enable authentication to be performed by RADIUS, you must also enter the aaa authentication subscriber command (in context configuration mode); for more information, see Configuring Bridging.

The RADIUS CoA server can use one or more of the identifiers listed in Table 2 to identify a subscriber session.

For CoA disconnect messages, specify at least one keyword in Table 2. For all other CoA messages, specify at least one keyword in Table 2, as well as one or more attributes to change. If multiple keywords are specified, all specified keywords must match subscriber session attributes.

RADIUS Attributes lists the RADIUS attributes supported by the SmartEdge router. If a CoA message contains any unsupported attributes, the request fails. RADIUS CoA and disconnect features are described in RFC 3576, Dynamic Authorization Extensions to Remote Authentication Dial-In User Service (RADIUS). If the specified keyword matches multiple subscriber sessions, and the requested change is successful for only a subset of the sessions, all successful changes are preserved. The SmartEdge router sends a negative acknowledgement (NAK). When an attempt to modify any other attribute fails, the subscriber session is terminated.

Use the no form of this command to delete a previously configured RADIUS CoA server.

1.32.6   Examples

The following example configures a RADIUS CoA server IP address of 10.3.3.3 with the key, secret, using port 4444 for CoA messages:

[local]Redback(config-ctx)#radius coa server 10.3.3.3 key secret port 4444 

The following example configures 36 CoA servers in the local context:

[local]Redback(config-ctx)#radius coa server 1.1.1.1 encrypted-key 6840234DDC4A32D4 port 3799
[local]Redback(config-ctx)#radius coa server 1.1.1.2 encrypted-key 6840234DDC4A32D4 port 3800
[local]Redback(config-ctx)# radius coa server 1.1.1.3 encrypted-key 6840234DDC4A32D4 port 3801
[local]Redback(config-ctx)# radius coa server 1.1.1.4 encrypted-key 6840234DDC4A32D4 port 3802
[local]Redback(config-ctx)# radius coa server 1.1.1.5 encrypted-key 6840234DDC4A32D4 port 3803
[local]Redback(config-ctx)# radius coa server 1.1.1.6 encrypted-key 6840234DDC4A32D4 port 3804
[local]Redback(config-ctx)# radius coa server 1.1.1.7 encrypted-key 6840234DDC4A32D4 port 3805
[local]Redback(config-ctx)# radius coa server 1.1.1.8 encrypted-key 6840234DDC4A32D4 port 3806
[local]Redback(config-ctx)# radius coa server 1.1.1.9 encrypted-key 6840234DDC4A32D4 port 3807
[local]Redback(config-ctx)# radius coa server 1.1.1.10 encrypted-key 6840234DDC4A32D4 port 3808
[local]Redback(config-ctx)# radius coa server 1.1.1.11 encrypted-key 6840234DDC4A32D4 port 3809
[local]Redback(config-ctx)# radius coa server 1.1.1.12 encrypted-key 6840234DDC4A32D4 port 3810
[local]Redback(config-ctx)# radius coa server 1.1.1.13 encrypted-key 6840234DDC4A32D4 port 3811
[local]Redback(config-ctx)# radius coa server 1.1.1.14 encrypted-key 6840234DDC4A32D4 port 3812
[local]Redback(config-ctx)# radius coa server 1.1.1.15 encrypted-key 6840234DDC4A32D4 port 3813
[local]Redback(config-ctx)# radius coa server 1.1.1.16 encrypted-key 6840234DDC4A32D4 port 3814
[local]Redback(config-ctx)# radius coa server 1.1.1.17 encrypted-key 6840234DDC4A32D4 port 3815
[local]Redback(config-ctx)# radius coa server 1.1.1.18 encrypted-key 6840234DDC4A32D4 port 3816
[local]Redback(config-ctx)# radius coa server 1.1.1.19 encrypted-key 6840234DDC4A32D4 port 3817
[local]Redback(config-ctx)# radius coa server 1.1.1.20 encrypted-key 6840234DDC4A32D4 port 3818
[local]Redback(config-ctx)# radius coa server 1.1.1.21 encrypted-key 6840234DDC4A32D4 port 3819
[local]Redback(config-ctx)# radius coa server 1.1.1.22 encrypted-key 6840234DDC4A32D4 port 3820
[local]Redback(config-ctx)# radius coa server 1.1.1.23 encrypted-key 6840234DDC4A32D4 port 3821
[local]Redback(config-ctx)# radius coa server 1.1.1.24 encrypted-key 6840234DDC4A32D4 port 3822
[local]Redback(config-ctx)# radius coa server 1.1.1.25 encrypted-key 6840234DDC4A32D4 port 3823
[local]Redback(config-ctx)# radius coa server 1.1.1.26 encrypted-key 6840234DDC4A32D4 port 3824
[local]Redback(config-ctx)# radius coa server 1.1.1.27 encrypted-key 6840234DDC4A32D4 port 3825
[local]Redback(config-ctx)# radius coa server 1.1.1.28 encrypted-key 6840234DDC4A32D4 port 3826
[local]Redback(config-ctx)# radius coa server 1.1.1.29 encrypted-key 6840234DDC4A32D4 port 3827
[local]Redback(config-ctx)# radius coa server 1.1.1.30 encrypted-key 6840234DDC4A32D4 port 3828
[local]Redback(config-ctx)# radius coa server 1.1.1.31 encrypted-key 6840234DDC4A32D4 port 3829
[local]Redback(config-ctx)# radius coa server 1.1.1.32 encrypted-key 6840234DDC4A32D4 port 3830
[local]Redback(config-ctx)# radius coa server 1.1.1.33 encrypted-key 6840234DDC4A32D4 port 3831
[local]Redback(config-ctx)# radius coa server 1.1.1.34 encrypted-key 6840234DDC4A32D4 port 3832
[local]Redback(config-ctx)# radius coa server 1.1.1.35 encrypted-key 6840234DDC4A32D4 port 3833
[local]Redback(config-ctx)# radius coa server 1.1.1.36 encrypted-key 6840234DDC4A32D4 port 3834

1.33   radius deadtime

1.33.1   Purpose

Sets the interval during which the SmartEdge router treats a nonresponsive RADIUS server as “dead.”

1.33.2   Command Mode

context configuration

1.33.3   Syntax Description

1.33.4   Default

The waiting interval is five minutes.

1.33.5   Usage Guidelines

Use the radius deadtime command to set the interval during which the SmartEdge router treats a nonresponsive RADIUS server as “dead.” During the interval, the SmartEdge router tries to reach another RADIUS server; after the interval expires, the SmartEdge router tries again to reach the server. If there is no response, the RADIUS server remains marked as “dead” and the timer is set again to the configured interval.

If you disable this feature (with the 0 value), the SmartEdge router never waits but attempts to reach the server immediately.

Note:  

You must configure at least one RADIUS server using the radius server command (in context configuration mode) prior to entering this command.

Use the default form of this command to specify the default interval.

1.33.6   Examples

The following example sets the deadtime interval to 10 minutes:

[local]Redback(config-ctx)#radius deadtime 10

1.34   radius max-outstanding

1.34.1   Purpose

Modifies the number of simultaneous outstanding requests that can be sent by the SmartEdge router to RADIUS servers.

1.34.2   Command Mode

context configuration

1.34.3   Syntax Description

1.34.4   Default

The maximum number of allowable outstanding requests is 256.

1.34.5   Usage Guidelines

Use the radius max-outstanding command to modify the number of simultaneous outstanding requests the SmartEdge router can send to RADIUS servers.

Use the no or default form of this command to reset the maximum number of outstanding requests to 256.

1.34.6   Examples

The following example limits the number of simultaneous outstanding requests to 128:

[local]Redback(config-ctx)#radius max-outstanding 128

1.35   radius max-retries

1.35.1   Purpose

Modifies the number of retransmission attempts the SmartEdge router makes to a RADIUS server in the event that no response is received from the server within the timeout period.

1.35.2   Command Mode

context configuration

1.35.3   Syntax Description

1.35.4   Default

The SmartEdge router makes three retransmission attempts.

1.35.5   Usage Guidelines

Use the radius max-retries command to modify the number of retransmission attempts the SmartEdge router makes to a RADIUS server in the event that no response is received from the server within the timeout period.

You set the timeout period with the radius timeout command (in context configuration mode).

If an acknowledgment is not received, each successive server is tried (wrapping from the last server to the first, if necessary) until the maximum number of retransmissions is reached.

Use the default form of this command to specify the default number of retries.

1.35.6   Examples

The following example sets the retransmit value to 5:

[local]Redback(config-ctx)#radius max-retries 5

The following example resets the retransmit value to the default (3):

[local]Redback(config-ctx)#default radius max-retries

1.36   radius policy

1.36.1   Purpose

In global configuration mode, creates or modifies a RADIUS policy and accesses RADIUS policy configuration mode; in context configuration mode, assigns a RADIUS policy to the context.

1.36.2   Command Mode

• context configuration
• global configuration

1.36.3   Syntax Description

1.36.4   Default

No RADIUS policy is created or assigned to a context.

1.36.5   Usage Guidelines

Use the radius policy command in global configuration mode to create or modify a RADIUS policy and access RADIUS policy configuration mode; use it in context configuration mode to assign a RADIUS policy to the context.

The SmartEdge router supports RADIUS policy filter functionality in both inbound and outbound directions. The RADIUS policy specifies which RADIUS attributes and vendor-specific attributes (VSAs) are to be removed from RADIUS Access-Request, Access-Accept, CoA, and various Accounting-Request messages (Accounting-On, Accounting-Off, Accounting-Start, Accounting-Stop, and Accounting-Update). Up to 30 policy filters can be defined in global context.

Use the attribute command (in RADIUS policy configuration mode) to specify the attributes to be removed from the messages. Up to 500 attributes can be filtered in a single RADIUS policy.

Use the no form of this command in global configuration mode to delete the policy; use it in context configuration mode to remove the policy from the context configuration.

Use the no form of this command in global configuration mode to delete the policy; use it in context configuration mode to remove the policy from the context configuration.

1.36.6   Examples

The following example creates the custom RADIUS policy:

[local]Redback(config)#radius policy name custom

[local]Redback(config-rad-policy)#

The following example assigns the custom RADIUS policy to the gold-isp context:

[local]Redback(config)#context gold-isp

[local]Redback(config-ctx)#radius policy custom

1.37   radius route-download algorithm

1.37.1   Purpose

Specifies the load-balancing algorithm to use when multiple servers are configured. The default algorithm is first; the request is sent to the first available radius server. When round-robin is configured, the subsequent request is sent to the next available server.

1.37.2   Command Mode

context configuration

1.37.3   Syntax Description

1.37.4   Default

The default setting for this command is first.

1.37.5   Usage Guidelines

Specify round-robin route download algorithm if you have configured multiple servers using the radius route-download server command.

1.37.6   Examples

The example shows how to set the route download algorithm to round-robin.

[local]Redback(config-ctx)#radius route-download algorithm round-robin 

1.38   radius route-download deadtime

1.38.1   Purpose

The interval, in minutes, to consider a RADIUS route-download server unavailable before declaring it available again. If not specified, the default value is used.

1.38.2   Command Mode

context configuration

1.38.3   Syntax Description

1.38.4   Default

The default radius route download deadtime value is 5 minutes.

1.38.5   Examples

[local]Redback(config-ctx)#radius route-download deadtime 10 

1.39   radius route-download max-retries

1.39.1   Purpose

The maximum number of times a route download request is retried.

1.39.2   Command Mode

context configuration

1.39.3   Syntax Description

1.39.4   Default

The default number of retries is 3.

1.39.5   Examples

The example shows how to set the maximum number of times route download retries are attempted, in this case, 255 times:

[local]Redback(config-ctx)#radius route-download max-retries 255 

1.40   radius route-download server

1.40.1   Purpose

Designates a RADIUS route download server, and configures the shared key (encrypted or in plain text) and optional port. If the port is not specified, port 1812 is used.

This command is a prerequisite for all the route download commands.

1.40.2   Command Mode

context configuration

1.40.3   Syntax Description

1.40.4   Default

The default value for the port is 1812.

1.40.5   Usage Guidelines

This command is a prerequisite for all the route download commands.

When using the no form of this command, keep the following guidelines in mind:

• The no radius route-download server command with no additional keywords deletes the existing single server address.
• To delete multiple servers, you must enter each server address individually using the no radius route-download server server-address command.
• To delete multiple ports on the same server or multiple ports on multiple servers, you must enter each server address individually and each port individually using the no radius route-download server server-address key | encrypted-key key [port port-num] command.

Defining the ports is optional, however, you must always indicate a plain-text or encrypted key.

1.40.6   Examples

This example shows how to configure multiple ports on the same route-download server.

[local]Redback(config-ctx)#radius route-download server 10.18.18.33 
encrypted-key redback port 1850
[local]Redback(config-ctx)#radius route-download server 10.18.18.33 
encrypted-key redback port 1860

This example shows how to configure different route-download servers and identifies the ports to use on each server.

[local]Redback(config-ctx)#radius route-download server 10.18.18.33 
encrypted-key redback port 1850
[local]Redback(config-ctx)#radius route-download server 10.18.18.60 
encrypted-key redback port 1850

This example shows how to configure two different servers using an encrypted key (first configuration command) and a plain-text key (second configuration command).

[local]Redback(config-ctx)#radius route-download server 10.18.18.60 
encrypted-key redback port 1829
[local]Redback(config-ctx)#radius route-download server 10.18.18.33 
key redback port 1850

1.41   radius route-download server-timeout

1.41.1   Purpose

The interval, in seconds, to wait for a response from the RADIUS server before declaring it unavailable. If not specified, the default value is used.

1.41.2   Command Mode

context configuration

1.41.3   Syntax Description

1.41.4   Default

The default value is 60 seconds.

1.41.5   Examples

The following example shows a server timeout value of 40 seconds:

[local]Redback(config-ctx)#radius route-download server-timeout 40 

1.42   radius route-download timeout

1.42.1   Purpose

The interval, in seconds, to wait before retrying a route download request. If no timeout value is specified, the default interval is used.

1.42.2   Command Mode

context configuration

1.42.3   Syntax Description

1.42.4   Default

The default route download timeout value is 10 seconds.

1.42.5   Examples

The following example configures 20 seconds as the route download timeout value:

[local]Redback(config-ctx)#radius route-download timeout 20 

1.43   radius server

1.43.1   Purpose

Configures the IP address or hostname of a RADIUS server.

1.43.2   Command Mode

context configuration

1.43.3   Syntax Description

1.43.4   Default

RADIUS server hostnames and IP addresses are not preconfigured. 1812 is the UDP authentication port.

1.43.5   Usage Guidelines

Use the radius server command to configure the IP address or hostname of a RADIUS server. You can use this command multiple times to configure up to five RADIUS servers per context.

Use the no form of this command to delete a previously configured RADIUS server.

1.43.6   Examples

The following example configures a RADIUS server with an IP address of 10.3.3.3 with the key, secret, using ports 4444 for authentication:

[local]Redback(config-ctx)#radius server 10.3.3.3 key secret port 4444 

1.44   radius server-timeout

1.44.1   Purpose

Sets the time interval the SmartEdge router waits before marking a non-responsive RADIUS server as “dead.”

1.44.2   Command Mode

context configuration

1.44.3   Syntax Description

1.44.4   Default

The maximum time interval is 60 seconds.

1.44.5   Usage Guidelines

Use the radius server-timeout command to set the time interval the SmartEdge router waits before marking a non-responsive RADIUS accounting server as “dead.”

The SmartEdge router marks a RADIUS server as “dead” when no response is received to any RADIUS requests during the time period specified by the interval argument. Setting the value to 0 disables this feature; in this case, no RADIUS server is marked as “dead.”

Use the default form of this command to specify the default interval.

1.44.6   Examples

The following example sets the waiting interval to 80 seconds:

[local]Redback(config-ctx)#radius server-timeout 80

1.45   radius service profile

1.45.1   Purpose

Creates or selects a RADIUS-guided service profile and accesses service profile configuration mode.

1.45.2   Command Mode

• context configuration

1.45.3   Syntax Description

1.45.4   Default

No RADIUS-guided service profiles exist.

1.45.5   Usage Guidelines

Use the radius service profile command to create or select a RADIUS-guided service profile and access service profile configuration mode.

A RADIUS service profile specifies various service conditions and is used to activate services and establish service conditions for that subscriber session. It is these service conditions against which the service data in a CoA Request and Access Response message is matched. You can specify as many as 16 conditions in a service profile.

Use the no form of this command to delete the RADIUS-guided service profile from the configuration.

1.45.6   Examples

The following example creates the redirect service profile in the local context and accesses service profile configuration mode:

[local]Redback(config)#context local

[local]Redback(config-ctx)#radius service profile redirect

[local]Redback(config-svc-profile)#

1.46   radius source-port

1.46.1   Purpose

In context configuration mode, enables the SmartEdge router to ignore the source port sent by the RADIUS server in Access-Response messages. In global configuration mode, increases the number of outstanding requests for each RADIUS server by sending requests using a different source port value.

1.46.2   Command Mode

• context configuration
• global configuration

1.46.3   Syntax Description

1.46.4   Default

This feature is disabled.

1.46.5   Usage Guidelines

In context configuration mode, use the radius source-port command to enable the SmartEdge router to ignore the source port sent by the RADIUS server in Access-Response messages. In this configuration mode, this command refers to the source port that the RADIUS server uses when sending a RADIUS Access-Response message to the SmartEdge router.

In global configuration mode, use the radius source-port command to increase the number of outstanding requests for each RADIUS server by sending requests using a different source port value. In this configuration mode, this command refers to the source port that the SmartEdge router uses when sending a RADIUS Access-Request message to a RADIUS server.

Use the no form of this command to return to the default number of outstanding requests.

1.46.6   Examples

The following example configures a port number of 2000 and sets the number of ports to 5:

[local]Redback(config)#radius source-port 2000 5

1.47   radius strip-domain

1.47.1   Purpose

Strips the domain portion of a structured username before relaying an authentication request to a RADIUS server.

1.47.2   Command Mode

context configuration

1.47.3   Syntax Description

This command has no keywords or arguments.

1.47.4   Default

The entire username, including the domain name, is sent to the RADIUS server.

1.47.5   Usage Guidelines

Use the radius strip-domain command to strip the domain portion of a structured username before relaying an authentication request to a RADIUS server. The username can be either a subscriber name or administrator name.

Use the no form of this command to disable stripping the domain portion of the structured username.

1.47.6   Examples

The following example prevents the domain portion of the structured username from being sent to the RADIUS server for authentication:

[local]Redback(config-ctx)#radius strip-domain

1.48   radius timeout

1.48.1   Purpose

Sets the maximum time the SmartEdge router waits for a response from a RADIUS server before assuming that a packet is lost, or that the RADIUS server is unreachable.

1.48.2   Command Mode

context configuration

1.48.3   Syntax Description

1.48.4   Default

The maximum time is 10 seconds.

1.48.5   Usage Guidelines

Use the radius timeout command to set the maximum time the SmartEdge router waits for a response from a RADIUS server before assuming that a packet is lost, or that the RADIUS server is unreachable.

Use the default form of this command to specify the default interval.

1.48.6   Examples

The following example sets the timeout interval to 30 seconds:

[local]Redback(config-ctx)#radius timeout 30

1.49   range

1.49.1   Purpose

Summarizes interarea routes advertised by an area border router (ABR).

1.49.2   Command Mode

• OSPF area configuration
• OSPF3 area configuration

1.49.3   Syntax Description

1.49.4   Default

Route address ranges for interarea route summarization are not specified.

1.49.5   Usage Guidelines

Use the range command to summarize interarea routes advertised by an ABR.

Use the optional not-advertise keyword to prevent the specified route from being advertised in route summarizations.

Use the no form of this command to disable route summarization for a particular summary range. All individual routes contained in the summary range will be advertised to other areas.

1.49.6   Examples

The following example advertises routes that fall into the range 10.1.0.0 255.255.0.0 in interarea route summaries (one each of the other areas):

[local]Redback(config-ospf-area)#range 10.1.0.0 255.255.0.0 

1.50   range (DHCP)

1.50.1   Purpose

Assigns a range of IP addresses to this Dynamic Host Configuration Protocol (DHCP) subnet.

1.50.2   Command Mode

• DHCP subnet configuration

1.50.3   Syntax Description

1.50.4   Default

No range of IP addresses is assigned to any subnet.

1.50.5   Usage Guidelines

Use the range command to assign a range of IP addresses to this DHCP subnet.

The values of the start-ip-addr and end-ip-addr arguments must be within the subnet of IP addresses that you have assigned to this subnet using the subnet command (in DHCP server configuration mode).

Use the optional threshold keyword to enable the monitoring and reporting of available leases at the range level and specify rising and falling values that can trigger an SNMP trap and log message.

You can enter either or both of the falling min-threshold and rising max-threshold constructs in any order. You can enter either or both of the trap and log keywords in any order for either construct.

Use the no form of this command to delete the range from the subnet configuration.

1.50.6   Examples

The following example assigns a range of IP addresses to the sub2 subnet; it also enables the monitoring and reporting of available leases for this subnet and triggers an SNMP trap when the number of available leases is decreasing and reaches 100:

[local]Redback(config)#context dhcp

[local]Redback(config-ctx)#dhcp server policy

[local]Redback(config-dhcp-server)#subnet 13.1.1.1/24 name sub2

[local]Redback(config-dhcp-subnet)#range 13.1.1.50 13.1.1.100 threshold falling 100 trap

1.51   rate

1.51.1   Purpose

Sets the rate, burst tolerance, and excess burst tolerance for traffic on the circuit, port, or subscriber record to which the quality of service (QoS) policy is attached, or for a policy group, policy access control list (ACL), or class-definition class of traffic for that policy.

1.51.2   Command Mode

• metering policy configuration
• policy group class configuration
• policing policy configuration

1.51.3   Syntax Description

1.51.4   Default

No rate is enforced by default.

1.51.5   Usage Guidelines

Use the rate command to set the rate, burst tolerance, and excess burst for traffic on the circuit , port, or subscriber record to which the QoS policy is attached, or for a policy group class of traffic for that policy. If entered in metering or policing policy configuration mode, this command accesses policy rate configuration mode; if entered in policy group class configuration mode, this command accesses policy class rate configuration mode.

Use the informational keyword to specify that the policy rate will not be used to enforce an overall circuit rate limit, but will be used only to calculate the class rate if you specify the rate for a policy group class as a percentage of the policy rate, using the rate percentage command (in policy group class configuration mode). This keyword is not available in policy group class configuration mode.

Use the excess-burst bytes construct to optionally configure the excess burst tolerance. The burst tolerance and excess burst tolerance are thresholds that can be used to determine the traffic rate at which packets can be dropped or marked. Use the time-burst msec and time-excess-burst msec constructs to specify the burst and excess burst as time intervals.

rate 100000 burst 12500

rate 100000 burst time-burst 1

rate 100000 burst 12500000

rate 100000 burst time-burst 1000

rate 100000 burst time-burst 1000 time-burst 2500

For information about dropping or marking packets when the traffic rate exceeds the burst tolerance, but does not exceed the excess burst tolerance, see the exceed commands. For information about dropping or marking packets when the traffic rate exceeds the excess burst tolerance, see the violate commands.

Use the counters keyword to log statistics related to packets that conform to or exceed the rate. For a circuit with a noninherited metering or policing policy (neither the inherit nor hierarchical keyword is specified), the counters keyword enables statistics collection based on enforcement of this rate at the individual circuit level. For a parent circuit that propagates a metering or policing policy to its children through the inherit or hierarchical keyword, the counters option enables statistics collection based on collective metering or policing policy enforcement at the parent circuit level. In other words, the statistics collected for the parent circuit (where the policy is configured) reflect the totals for enforcement of this rate on this circuit and all of its children that are subject to this policy through inheritance.

Use the hierarchical-counters keyword to log statistics related to packets dropped on circuits subject to this rate due to the policy configured on a parent circuit with the hierarchical keyword specified. The hierarchical-counters keyword enables counters on each child circuit subject to this rate through hierarchical inheritance. These counters record the number of drops on the child circuit due to enforcement of the parent circuit policy rate.

Use the no form of this command to specify the default traffic rate and burst tolerance.

1.51.6   Examples

The following example marks all traffic conforming to the configured policy rate with expedited forwarding (ef) and marks traffic that exceeds the policy rate with default forwarding (df):

[local]Redback(config)#qos policy GE-in policing

[local]Redback(config-policy-policing)#rate 6000000 burst 9000000 counters

[local]Redback(config-policy-rate)#conform mark dscp ef

[local]Redback(config-policy-rate)#exceed mark dscp df

By including the counters keyword in the rate command, you can use the show circuit counters command (in any mode) with the detail keyword to display the number of packets that conform to the rate and the number of packets that exceed the rate.

1.52   rate (EDRR/MDRR)

1.52.1   Purpose

Specifies a maximum transmit scheduling rate to be enforced for an entity (circuit, port, or subscriber session) subject to the queuing policy.

1.52.2   Command Mode

• EDRR policy configuration
• MDRR policy configuration

1.52.3   Syntax Description

1.52.4   Default

No maximum scheduling rate is enforced for an entity (circuit, port, or subscriber session) subject to the queuing policy.

1.52.5   Usage Guidelines

Use the rate command to specify a maximum transmit scheduling rate to be enforced for an entity (circuit, port, or subscriber session) subject to the queuing policy.

Use the no form of this command to remove the specified scheduling rate.

1.52.6   Examples

The following example shows how to specify a maximum scheduling rate of 600 Mbps for the MDRR policy MDRRpolicy1:

[local]Redback(config)#qos policy MDRRpolicy1 mdrr

[local]Redback(config-policy-mdrr)#rate 60000 burst 50000

1.53   rate (PWFQ)

1.53.1   Purpose

Specifies a maximum transmit scheduling rate to be enforced or a minimum transmit scheduling rate to be allocated for an entity (circuit, port, or subscriber session) subject to the queuing policy.

1.53.2   Command Mode

PWFQ policy configuration

1.53.3   Syntax Description

1.53.4   Default

No maximum scheduling rate is enforced and no minimum rate allocated for an entity (circuit, port, or subscriber session) subject to the queuing policy.

1.53.5   Usage Guidelines

Use the rate command with the maximum keyword to specify a maximum transmit scheduling rate to be enforced for an entity (circuit, port, or subscriber session) subject to the queuing policy. Use the rate command with the minimum keyword to specify a minimum transmit scheduling rate to be allocated for an entity (circuit, port, or subscriber session) subject to the queuing policy.

For PWFQ policies:

• You must specify the maximum rate for the policy using the rate command; otherwise, you cannot attach the policy to any traffic-managed port, or any of the 802.1Q tunnels, or permanent virtual circuits (PVCs) configured on it.
• You cannot specify a minimum rate if you intend to specify a relative weight for this policy, using the weight command (in PWFQ policy configuration mode) and attach the policy to any traffic-managed port, or any of the 802.1Q tunnels, or PVCs configured on it. The rate mimimum and qos weight commands are mutually exclusive under a single PWFQ policy.
• The maximum and minimum rates, if both are specified, are compared to ensure that the minimum value is always less than the maximum value.

Use the no form of this command to remove the specified minimum or maximum rate.

1.53.6   Examples

The following example shows how to specify a maximum rate of 600 Mbps and a minimum rate of 100 Mbps for the PWFQ policy GE-in:

[local]Redback(config)#qos policy GE-in pwfq

[local]Redback(config-policy-pwfq)#rate maximum 600000

[local]Redback(config-policy-pwfq)#rate minimum 100000

1.54   rate-adjust dhcp pwfq

1.54.1   Purpose

Adjusts the enforcement of a priority weighted fair queuing (PWFQ) policy on a circuit based on whether the subscriber is granted a Dynamic Host Configuration Protocol (DHCP) lease.

1.54.2   Command Mode

subscriber configuration

1.54.3   Syntax Description

1.54.4   Default

No DHCP-based rate adjustments are applied to the subscriber.

1.54.5   Usage Guidelines

Use the rate-adjust dhcp pwfq command to adjust how a PWFQ policy is enforced on a circuit based on whether the subscriber is granted a DHCP lease. When a lease request is granted to a device on a circuit that has this attribute applied, the enforced bandwidth for the specified priority group rate is decremented by the specified amount in (kilobits per second) kbps. If there is no priority group rate configured for the policy, the rate is less than the minimal enforceable value (64 kbps), or the rate adjustment is not applied to the subscriber.

Once applied, the rate adjustment persists until the DHCP lease is released or expires. At this time, the rate enforced is restored to its full configured value.

This command might be useful for an IPTV in which Remote Multicast Replication (RMR) is being used. When a set-top box (STB) configured as a static subscriber on an 802.1q VLAN comes online and requests an IP address, the PWFQ policy enforced on the VLAN can be adjusted to account for the multicast bandwidth required for IPTV traffic.

Note:  

To use this command, you must have a quality of service (QoS) PWFQ policy bound to the subscriber session circuit. The policy must include an absolute rate value configured for the specified priority group. You cannot use percentage to specify the rate. For information about the qos policy pwfq and queue priority-group commands, see Command List.

Use the no form to remove currently configured DHCP rate adjustment commands and return the subscriber record to the default state (no rate adjustments will be made in response to DHCP lease events).

1.54.6   Examples

The following example shows how to adjust a PWFQ policy for subscriber stb1:

[local]Redback(config)#context local

[local]Redback(config-ctx)#subscriber name stb1

[local]Redback(config-sub)#password pass

[local]Redback(config-sub)#dhcp max-addr 1

[local]Redback(config-sub)#rate-adjust dhcp pwfq 3000 priority-group 3

1.55   rate-calculation

1.55.1   Purpose

Specifies that rate calculation is to exclude the size of Layer 2 overhead for the Layer 3 circuit on which a policy is applied.

1.55.2   Command Mode

• metering policy configuration
• policing policy configuration

1.55.3   Syntax Description

1.55.4   Default

Rate calculations consider the size of the entire Layer 2 frame.

1.55.5   Usage Guidelines

Use the rate-calculation command to specify that rate calculation excludes the size of Layer 2 overhead for Layer 3 circuits on which a rate-limiting policy is applied. In this case, the size of the rate-limited packet equals the size of the Layer 3 packet.

The rate-calculation command is global across the entire policy, implying that it applies to the overall circuit level and all classes under the policy.

Use the no form of this command to return to the default behavior.

1.56   rate circuit

1.56.1   Purpose

Specifies a different rate for a circuit that has a quality of service (QoS) metering, policing, modified deficit round-robin (MDRR), or priority weighted fair queuing (PWFQ) policy attached to it.

1.56.2   Command Mode

• ATM PVC configuration
• dot1q PVC configuration
• CLIPS PVC configuration
• Frame Relay PVC configuration
• link group configuration
• port configuration

1.56.3   Syntax Description

1.56.4   Default

The circuit rate is based on the policy rate as specified by the attached QoS policy.

1.56.5   Usage Guidelines

Use the rate circuit command to specify a different rate for a circuit that has a QoS metering, policing, MDRR, or PWFQ policy attached to it. The rate that you specify for the circuit overrides the rates specified by the attached metering, policing, MDRR, and PWFQ policies.

This command allows you to attach the same policy to a number of circuits, but specify a different rate for each circuit.

This command is not supported for dynamic 802.1Q permanent virtual circuits (PVCs).

Note:  

Configuring the rate circuit command on an ATM port is not supported. To limit ATM traffic, configure this command on ATM PVCs.

Note:  

The application of a different rate in either direction occurs only while you have attached the appropriate QoS policy to the circuit.

Use the default or no form of this command to specify the default condition.

1.56.6   Examples

The following example changes the rate for port 1 to 2,000 kbps:

[local]Redback(config)#port ethernet 4/1

[local]Redback(config-port)#qos policy metering example2

[local]Redback(config-port)#rate circuit out 2000

[local]Redback(config)#port ethernet 5/1
[local]Redback(config-port)#encapsulation dot1q
[local]Redback(config-port)#dot1q pvc 1
[local]Redback(config-port)#qos policy metering my-meter1
[local]Redback(config-port)#qos policy metering my-mdrr1
[local]Redback(config-port)#rate circuit out 1000 burst 2000 queuing-burst 1200

1.57   rate-factor

1.57.1   Purpose

Defines the percentage of bandwidth for a specific access-line type that is unavailable to traffic on the circuit, port, or subscriber record to which the quality of service (QoS) policy is attached.

1.57.2   Command Mode

• overhead profile configuration
• overhead type configuration

1.57.3   Syntax Description

1.57.4   Default

Overhead on the access line is 0%, which allows full bandwidth usage.

1.57.5   Usage Guidelines

Use the rate-factor command to define the percentage of bandwidth for a specific access-line type that is unavailable to traffic on the circuit, port, or subscriber record to which the QoS policy is attached.

Use the no or default form of this command to remove the percentage from the access-line configuration and assume for rate enforcement calculation purposes that all the bandwidth specified by the qos rate maximum command in the PWFQ policy is available to traffic on the circuit.

Note:  

The maximum rate set by the qos rate command (in port configuration mode) is the rate at which the port, 802.1Q tunnel, or 802.1Q permanent virtual circuit (PVC) operates; any priority queuing (PQ), enhanced deficit round-robin (EDRR), or priority weighted fair queuing (PWFQ) queue or circuit with a PQ, an EDRR, or a PWFQ policy is limited by the rate specified by that command for the circuit. Also, the sum of all traffic on the port carried by the queues belonging to the circuits or subscribers is limited to the rate specified by that command.

1.57.6   Examples

The following example configures an overhead profile for example1, and sets the default rate factor to 15, a reserve value to 8, and the encapsulation type to pppoa-llc. After you set the overhead profile with default values, you configure adsl1 and vdsl1 with custom encapsulation and reserve values with a rate factor of 20%:

[local]Redback(config)#qos profile example1 overhead

[local]Redback(config-profile-overhead)#rate-factor 15

[local]Redback(config-profile-overhead)#encaps-access-line pppoa-llc

[local]Redback(config-profile-overhead)#reserved 8

[local]Redback(config-profile-overhead)#type adsl1

[local]Redback(config-type-overhead)#rate-factor 20

1.58   rate-limit ccod

1.58.1   Purpose

Enables rate limiting and specifies the rate and burst limits for Point-to-Point Protocol (PPP) over Ethernet over Asynchronous Transfer Mode (PPPoEoA) Active Discovery Initiation (PADI) packets and PPP over Asynchronous Transfer Mode (PPPoA) Configure-Request packets that arrive at the SmartEdge router over circuit creation on demand (CCOD) Asynchronous Transfer Mode (ATM) permanent virtual circuits (PVCs).

1.58.2   Command Mode

card configuration

1.58.3   Syntax Description

1.58.4   Default

Rate limiting for PPPoEoA PADI packets and PPPoA Configure-Request packets is enabled using the default burst and rate values.

1.58.5   Usage Guidelines

Use the rate-limit ccod command to enable rate limiting and specify the rate and burst limits for PPPoEoA PADI packets and PPPoA Configure-Request packets that arrive at the SmartEdge router on on-demand ATM PVCs. By specifying the rate and burst limit values, you can establish finer control over the rate of these kinds of subscriber sessions. For example, applying card-level rate-limiting can improve the bringup rate for PPPoA and PPPoEoA subscribers when many subscribers attempt to connect simultaneously.

Use the show rate-limit card command (in any mode) to display the current configuration of rate limiting; see the Command List.

Note:  

The rate limit and burst limit values cannot be configured independently.

Use the default form of this command to enable rate limiting with the default rate and burst limits.

Use the no form of this command to disable rate limiting.

1.58.6   Examples

The following example shows how to configure the rate limit of PPPoEoA PADI packets and PPPoA Configure-Request packets to 500 and the burst limit to 999:

[local]Redback(config-card)#rate-limit ccod 500 burst 999

1.59   rate-limit circuit dhcp

1.59.1   Purpose

Limits the number of Dynamic Host Configuration Protocol (DHCP) packets that the system accepts in an interval for each MAC address or each unique combination of MAC address and DHCP relay server address on a circuit.

1.59.2   Command Mode

• global configuration

1.59.3   Syntax Description

1.59.4   Default

The SmartEdge router does not limit the number of DHCP packets that it accepts on a circuit.

1.59.5   Usage Guidelines

Use the rate-limit circuit dhcp command to limit the number of DHCP packets that the system accepts in an interval for each MAC address or each unique combination of MAC address and DHCP relay server address on a circuit.

The operating system does not distinguish between DHCP Discover, Request, Release, NAK, or Inform messages when it limits the number DHCP packets on a circuit.

The rate-limit circuit dhcp command is supported only on ATM and Ethernet traffic cards that are PPA2-based and above.

The rate-limit circuit dhcp command supports access link groups but not Ethernet or 802.1Q link groups. That is, the rate-limit circuit dhcp command affects only incoming DHCP packet traffic on the access side and includes both regular PVCs and link-group aggregated PVCs.

Use the no form of this command to specify the default condition.

1.59.6   Examples

The following example shows how to accept 155 DHCP messages for the unique combination of the MAC address and DHCP relay server address in every 3-second interval. If more than 155 DHCP packets are received during the interval, all DHCP packets are dropped for 4 seconds starting at the time when the limit was exceeded. For example, if the 156th packet is received at 2 seconds into the 3-second interval, then the count for the drop interval starts at 2 seconds and stops at 6 seconds. Following that, 155 DHCP packets are allowed for the unique combination of the MAC address and DHCP relay server address for the next 3-second interval:

[local]Redback(config)#rate-limit circuit dhcp 155 interval 3 drop-interval 4 per-mac-and-relay

1.60   rate-limit circuit dhcpv6

1.60.1   Purpose

Limits the number of Dynamic Host Configuration Protocol Version 6 (DHCPv6) packets that the system accepts in an interval on a circuit.

1.60.2   Command Mode

global configuration

1.60.3   Syntax Description

1.60.4   Default

The SmartEdge router does not limit the number of DHCPv6 packets that it accepts on a circuit.

1.60.5   Usage Guidelines

Use the rate-limit circuit dhcpv6 command to limit the number of DHCPv6 packets that the system accepts in an interval on each circuit. When enabled, rate limiting is performed on DHCPv6 packets arriving on every circuit , or virtual circuit in the case of PPPoE, even though it is configured on the parent circuit at the card level.

The operating system does not distinguish between types of messages when it limits the number DHCPv6 packets on a circuit.

This command applies only to line cards that support IPv6 single-stack or dual-stack packets.

The rate-limit circuit dhcpv6 command supports access link groups but not Ethernet or 802.1Q link groups. That is, this command affects only incoming DHCPv6 packet traffic on the access side and includes both regular PVCs and link-group aggregated PVCs.

Use the no form of this command to specify the default condition.

1.60.6   Examples

The following example shows how to accept 155 DHCPv6 messages in every 3-second interval on each circuit. If more than 155 DHCPv6 packets are received during the interval, all DHCPv6 packets are dropped for 4 seconds, starting at the time when the limit was exceeded. For example, if the 156th packet is received at 2 seconds into the 3-second interval, then the count for the drop interval starts at 2 seconds and stops at 6 seconds. Following that, 155 DHCPv6 packets are for the circuit for the next 3-second interval:

[local]Redback(config)#rate-limit circuit dhcpv6 155 interval 3 drop-interval 4

1.61   rate-limit circuit nd

1.61.1   Purpose

Limits the number of Neighbor Discovery (ND) packets that the system accepts in an interval on a circuit.

1.61.2   Command Mode

global configuration

1.61.3   Syntax Description

1.61.4   Default

The SmartEdge router does not limit the number of ND packets that it accepts on a circuit.

1.61.5   Usage Guidelines

Use the rate-limit circuit nd command to limit the number of ND packets that the system accepts in an interval on each circuit. When enabled, rate limiting is performed on ND packets coming on every circuit, or virtual circuit in the case of PPPoE, even though it is configured on the parent circuit at the card level.

The operating system does not distinguish between types of messages when it limits the number ND packets on a circuit.

This command applies only to line cards that support IPv6 single-stack or dual-stack packets.

The rate-limit circuit nd command supports access link groups but not Ethernet or 802.1Q link groups. That is, this command affects only incoming ND packet traffic on the access side and includes both regular PVCs and link-group aggregated PVCs.

Use the no form of this command to specify the default condition.

1.61.6   Examples

The following example shows how to accept 155 ND messages in every 3-second interval on each circuit. If more than 155 ND packets are received during the interval, all ND packets are dropped for 4 seconds starting at the time when the limit was exceeded. For example, if the 156th packet is received at 2 seconds into the 3-second interval, then the count for the drop interval starts at 2 seconds and stops at 6 seconds. Following that, 155 ND packets are for the circuit for the next 3-second interval:

[local]Redback(config)#rate-limit circuit nd 155 interval 3 drop-interval 4

1.62   rate-limit dhcp

1.62.1   Purpose

Enables rate limiting and specifies the rate and burst limits for Dynamic Host Configuration Protocol (DHCP) packets that arrive at the SmartEdge router.

1.62.2   Command Mode

card configuration

1.62.3   Syntax Description