NN47263-507 03.02 Command Line Reference

Command Line Reference
Avaya Secure Router 2330/4134
10.3
NN47263-507, 03.02
October 2010
2010 Avaya Inc.
All Rights Reserved.

Notice
While reasonable efforts have been made to ensure that the
information in this document is complete and accurate at the time of
printing, Avaya assumes no liability for any errors. Avaya reserves the
right to make changes and corrections to the information in this
document without the obligation to notify any person or organization of
such changes.
Documentation disclaimer
Avaya shall not be responsible for any modifications, additions, or
deletions to the original published version of this documentation unless
such modifications, additions, or deletions were performed by Avaya.
End User agree to indemnify and hold harmless Avaya, Avaya's agents,
servants and employees against all claims, lawsuits, demands and
judgments arising out of, or in connection with, subsequent
modifications, additions or deletions to this documentation, to the
extent made by End User.
Link disclaimer
Avaya is not responsible for the contents or reliability of any linked Web
sites referenced within this site or documentation(s) provided by Avaya.
Avaya is not responsible for the accuracy of any information, statement
or content provided on these sites and does not necessarily endorse
the products, services, or information described or offered within them.
Avaya does not guarantee that these links will work all the time and has
no control over the availability of the linked pages.
Warranty
Avaya provides a limited warranty on this product. Refer to your sales
agreement to establish the terms of the limited warranty. In addition,
Avayas standard warranty language, as well as information regarding
support for this product, while under warranty, is available to Avaya
customers and other parties through the Avaya Support Web site:
http://www.avaya.com/support. Please note that if you acquired the
product from an authorized Avaya reseller outside of the United States
and Canada, the warranty is provided to you by said Avaya reseller and
not by Avaya.
Licenses
THE SOFTWARE LICENSE TERMS AVAILABLE ON THE AVAYA
WEBSITE, HTTP://SUPPORT.AVAYA.COM/LICENSEINFO/ ARE
APPLICABLE TO ANYONE WHO DOWNLOADS, USES AND/OR
INSTALLS AVAYA SOFTWARE, PURCHASED FROM AVAYA INC.,
ANY AVAYA AFFILIATE, OR AN AUTHORIZED AVAYA RESELLER
(AS APPLICABLE) UNDER A COMMERCIAL AGREEMENT WITH
AVAYA OR AN AUTHORIZED AVAYA RESELLER. UNLESS
OTHERWISE AGREED TO BY AVAYA IN WRITING, AVAYA DOES
NOT EXTEND THIS LICENSE IF THE SOFTWARE WAS OBTAINED
FROM ANYONE OTHER THAN AVAYA, AN AVAYA AFFILIATE OR AN
AVAYA AUTHORIZED RESELLER, AND AVAYA RESERVES THE
RIGHT TO TAKE LEGAL ACTION AGAINST YOU AND ANYONE
ELSE USING OR SELLING THE SOFTWARE WITHOUT A LICENSE.
BY INSTALLING, DOWNLOADING OR USING THE SOFTWARE, OR
AUTHORIZING OTHERS TO DO SO, YOU, ON BEHALF OF
YOURSELF AND THE ENTITY FOR WHOM YOU ARE INSTALLING,
DOWNLOADING OR USING THE SOFTWARE (HEREINAFTER
REFERRED TO INTERCHANGEABLY AS YOU AND END USER),
AGREE TO THESE TERMS AND CONDITIONS AND CREATE A
BINDING CONTRACT BETWEEN YOU AND AVAYA INC. OR THE
APPLICABLE AVAYA AFFILIATE (AVAYA).
protected by copyright and other intellectual property laws including the

sui generis rights relating to the protection of databases. You may not
modify, copy, reproduce, republish, upload, post, transmit or distribute
in any way any content, in whole or in part, including any code and
software. Unauthorized reproduction, transmission, dissemination,
storage, and or use without the express written consent of Avaya can
be a criminal, as well as a civil, offense under the applicable law.
Third-party components
Certain software programs or portions thereof included in the Product
may contain software distributed under third party agreements (Third
Party Components), which may contain terms that expand or limit
rights to use certain portions of the Product (Third Party Terms).
Information regarding distributed Linux OS source code (for those
Products that have distributed the Linux OS source code), and
identifying the copyright holders of the Third Party Components and the
Third Party Terms that apply to them is available on the Avaya Support
Web site: http://www.avaya.com/support/Copyright/.
Trademarks
The trademarks, logos and service marks (Marks) displayed in this
site, the documentation(s) and product(s) provided by Avaya are the
registered or unregistered Marks of Avaya, its affiliates, or other third
parties. Users are not permitted to use such Marks without prior written
consent from Avaya or such third party which may own the Mark.
Nothing contained in this site, the documentation(s) and product(s)
should be construed as granting, by implication, estoppel, or otherwise,
any license or right in and to the Marks without the express written
permission of Avaya or the applicable third party.
Avaya is a registered trademark of Avaya Inc.
All other trademarks are the property of their respective owners.
Downloading documents
For the most current versions of documentation, see the Avaya Support
Web site: http://www.avaya.com/support
Contact Avaya Support
Avaya provides a telephone number for you to use to report problems
or to ask questions about your product. The support telephone number
is 1-800-242-2121 in the United States. For additional support
telephone numbers, see the Avaya Web site: http://www.avaya.com/
support
Copyright
Except where expressly stated otherwise, no use should be made of
materials on this site, the Documentation(s) and Product(s) provided
by Avaya. All content on this site, the documentation(s) and the
product(s) provided by Avaya including the selection, arrangement and
design of the content is owned either by Avaya or its licensors and is
October 2010
Contents
Chapter 1: New in this release...............................................................................................51
Features..........................................................................................................................................................51
IPSec nailed up tunnel............................................................................................................................51
IPSec VPN bypass policy.......................................................................................................................51
Jumbo frame support..............................................................................................................................51
Key usage extension checking...............................................................................................................52
Multiple networks in a single IPSec policy..............................................................................................52
Packet filters for management services..................................................................................................52
Periodic DPD..........................................................................................................................................52
Prioritizing IPSec policies.......................................................................................................................53
RIP scalability enhancements................................................................................................................53
RSA certificate key size enhancement...................................................................................................53
SNMP interface index persistency..........................................................................................................53
Triggered RIP.........................................................................................................................................54
Tunnel failover using round robin DNS...................................................................................................54
Tunnel failover using static weighted tunnels.........................................................................................54
Debug commands..................................................................................................................................54
Other changes.................................................................................................................................................55
Release 10.2 commands........................................................................................................................55
Release 10.2.1 commands.....................................................................................................................62
Chapter 2: Basic CLI commands...........................................................................................63

clear................................................................................................................................................................63
configure admin_name....................................................................................................................................63
configure console_timeout..............................................................................................................................64
configure flash.................................................................................................................................................64
configure header.............................................................................................................................................64
configure interface...........................................................................................................................................65
configure network............................................................................................................................................65
configure secure_passwords..........................................................................................................................65
configure SYS_REM.......................................................................................................................................66
configure SYS_REM_.....................................................................................................................................66
configure terminal............................................................................................................................................66
configure user.................................................................................................................................................67
exit...................................................................................................................................................................67
password.........................................................................................................................................................68
pop..................................................................................................................................................................68
reboot..............................................................................................................................................................69
save.................................................................................................................................................................69
show................................................................................................................................................................69
show console_timeout.....................................................................................................................................70
show configuration running.............................................................................................................................70
show configuration stored...............................................................................................................................70
show system configuration..............................................................................................................................71
show user_accounts.......................................................................................................................................71
show users......................................................................................................................................................71
show whoami..................................................................................................................................................71
telnet...............................................................................................................................................................72
October 2010
Chapter 3: File management commands..............................................................................73

configure terminal interface bundle atm max-vcc............................................................................................73
configure terminal interface bundle link encapsulation atm atm.....................................................................73
configure terminal module xdsl.......................................................................................................................74
show module configuration xdsl......................................................................................................................75
show module userstats xdsl............................................................................................................................76
Chapter 4: Commissioning commands.................................................................................77

admin_name...................................................................................................................................................77
boot_params...................................................................................................................................................77
clear cfg_file....................................................................................................................................................77
clear telnet session.........................................................................................................................................78
clear event_log................................................................................................................................................78
configure dialer................................................................................................................................................79
configure dialer async modem........................................................................................................................79
configure dialer async uart..............................................................................................................................80
configure dst enable........................................................................................................................................81
configure dst set..............................................................................................................................................81
configure reverse_telnet set_baud_rate..........................................................................................................82
configure reverse_telnet set_data_bits...........................................................................................................83
configure reverse_telnet enable......................................................................................................................83
configure reverse_telnet set_flow_control.......................................................................................................84
configure reverse_telnet set_parity.................................................................................................................85
configure reverse_telnet set_stop_bits...........................................................................................................85
configure reverse_telnet telnet_port................................................................................................................86
configure reverse_telnet telnet_timeout..........................................................................................................87
configure router-id...........................................................................................................................................87
configure sntp source-address........................................................................................................................87
configure system source-address...................................................................................................................88
configure terminal system logging console priority.........................................................................................88
configure terminal system logging syslog module ike.....................................................................................89
configure terminal system logging syslog module radius................................................................................90
configure terminal system logging syslog module userdb...............................................................................91
configure terminal system logging syslog module xauth.................................................................................92
configure system logging syslog source-address...........................................................................................93
configure terminal system logging syslog enable............................................................................................94
configure terminal system logging syslog host_ipaddr....................................................................................94
configure terminal system logging syslog host_ipaddrv6................................................................................94
configure usb enable.......................................................................................................................................95
date.................................................................................................................................................................95
ftp_server........................................................................................................................................................96
ftp_user...........................................................................................................................................................96
hostname........................................................................................................................................................96
ip address........................................................................................................................................................97
ip route............................................................................................................................................................97
jumbo frame....................................................................................................................................................98
no user............................................................................................................................................................98
ping.................................................................................................................................................................99
show chassis...................................................................................................................................................99
show dst..........................................................................................................................................................99
show module alarms.....................................................................................................................................100
October 2010
show module configuration...........................................................................................................................100

show module configuration all.......................................................................................................................100
show telnet....................................................................................................................................................101
show sntp......................................................................................................................................................101
show usb_userstat........................................................................................................................................101
sntp broadcast...............................................................................................................................................101
sntp broadcast timeout..................................................................................................................................102
sntp enable....................................................................................................................................................102
sntp server....................................................................................................................................................103
sntp retries....................................................................................................................................................103
system jumbo-mtu-limit.................................................................................................................................104
system reset-to-factory..................................................................................................................................104
telnet banner.................................................................................................................................................105
telnet_server.................................................................................................................................................105
telnet timeout.................................................................................................................................................106
tftp server......................................................................................................................................................106
utc.................................................................................................................................................................106
Chapter 5: T1/E1 module configuration commands..........................................................109

clear module..................................................................................................................................................109
configure interface bundle drop.....................................................................................................................109
configure interface bundle link e1/t1..............................................................................................................110
configure module e1 alarms..........................................................................................................................111
configure module e1 alarms hierarchy..........................................................................................................112
configure module e1 circuitId.........................................................................................................................112
configure module e1 clock_source................................................................................................................113
configure module e1 contactInfo...................................................................................................................113
configure module e1 description....................................................................................................................114
configure module e1 enable..........................................................................................................................114
configure module e1 framing.........................................................................................................................115
configure module e1 linecode........................................................................................................................115
configure module e1 linemode......................................................................................................................115
configure module e1 name............................................................................................................................116
configure module e1 yellow_alarm................................................................................................................116
configure module t1 alarms thresholds user..................................................................................................117
configure module t1 alarms hierarchy...........................................................................................................118
configure module t1 circuitId..........................................................................................................................119
configure module t1 clock_source.................................................................................................................119
configure module t1 contactInfo....................................................................................................................120
configure module t1 description....................................................................................................................120
configure module t1 enable...........................................................................................................................120
configure module t1 framing..........................................................................................................................121
configure module t1 linecode........................................................................................................................121
configure module t1 linemode csu................................................................................................................122
configure module t1 linemode dsx................................................................................................................122
configure module t1 loopback_framing.........................................................................................................123
configure module t1 name.............................................................................................................................123
configure module t1 yellow_alarm.................................................................................................................124
show module ansistats..................................................................................................................................125
October 2010
show module ietfstats....................................................................................................................................126

show module itutstats....................................................................................................................................126
show module thresholds...............................................................................................................................126
show module userstats.................................................................................................................................127
Chapter 6: DS3 module configuration commands.............................................................129

clear module t3_userstats.............................................................................................................................129
configure interface bundle link t3..................................................................................................................129
configure module t3 alarms thresholds user.................................................................................................129
configure module t3 cable_length.................................................................................................................131
configure module t3 clock_source.................................................................................................................131
configure module t3 framing..........................................................................................................................132
configure module t3 name.............................................................................................................................132
Chapter 7: CT3 module configuration commands.............................................................137

clear module ct3_userstats...........................................................................................................................137
configure interface bundle link ct3.................................................................................................................137
configure module ct3 alarms thresholds user...............................................................................................138
configure module ct3 alarms hierarchy.........................................................................................................139
configure module ct3 cable_length...............................................................................................................140
configure module ct3 clock_source...............................................................................................................140
configure module ct3 enable.........................................................................................................................141
configure module ct3 framing........................................................................................................................141
configure module ct3 t1.................................................................................................................................142
Chapter 8: Serial module configuration commands..........................................................147

clear module serial_userstats.......................................................................................................................147
configure interface bundle link serial.............................................................................................................147
configure module serial.................................................................................................................................147
configure module serial clock_rate................................................................................................................148
configure module serial clock_source...........................................................................................................148
configure module serial crc...........................................................................................................................149
configure module serial data_mode..............................................................................................................149
configure module serial mode.......................................................................................................................150
configure module serial name.......................................................................................................................150
October 2010
Chapter 9: HSSI module configuration commands............................................................153

clear module hssi_userstats..........................................................................................................................153
configure interface bundle link hssi...............................................................................................................153
configure module hssi clock_rate..................................................................................................................153
configure module hssi clock_source.............................................................................................................154
configure module hssi crc.............................................................................................................................154
configure module hssi data_mode................................................................................................................155
configure module hssi mode.........................................................................................................................155
configure module hssi name.........................................................................................................................156
Chapter 10: ISDN configuration commands.......................................................................159

clear isdn bri-statistics...................................................................................................................................159
clear isdn pri-statistics...................................................................................................................................159
configure dialer answer-mode.......................................................................................................................159
configure dialer idle-timeout..........................................................................................................................160
configure interface bundle isdn activate........................................................................................................160
configure interface bundle isdn answer.........................................................................................................161
configure interface bundle isdn call-back......................................................................................................161
configure interface bundle isdn callednum....................................................................................................161
configure interface bundle isdn caller............................................................................................................162
configure interface bundle isdn callingnum...................................................................................................162
configure interface bundle isdn connect-delay..............................................................................................163
configure interface bundle isdn disconnect-cause........................................................................................163
configure interface bundle isdn idle-timeout..................................................................................................164
configure interface bundle isdn map.............................................................................................................165
configure interface bundle isdn q921-timers.................................................................................................166
configure interface bundle isdn q921-timers k..............................................................................................166
configure interface bundle isdn q921-timers n200........................................................................................167
configure interface bundle isdn q921-timers n201........................................................................................167
configure interface bundle isdn q921-timers t200.........................................................................................168
configure interface bundle isdn q931-timers.................................................................................................168
configure interface bundle isdn spid1............................................................................................................172
configure interface bundle isdn spid2............................................................................................................173
configure interface bundle isdn switch-type..................................................................................................173
configure interface bundle isdn tei-mode......................................................................................................174
configure interface bundle isdn tei-value.......................................................................................................174
configure interface bundle link bri.................................................................................................................175
configure interface bundle link dialer.............................................................................................................175
October 2010
configure interface bundle link prie1|prit1......................................................................................................176

show isdn bri-statistics..................................................................................................................................176
show isdn global............................................................................................................................................176
show isdn interface.......................................................................................................................................177
show isdn interfaces......................................................................................................................................177
show isdn pri-statistics..................................................................................................................................177
Chapter 11: WAN bundle commands...................................................................................179

clear interface bundle....................................................................................................................................179
configure interface bundle contact................................................................................................................179
configure interface bundle description..........................................................................................................179
configure interface bundle shutdown............................................................................................................180
show interface bundle...................................................................................................................................180
Chapter 12: HDLC configuration commands......................................................................181

configure interface bundle encapsulation hdlc..............................................................................................181
configure interface bundle hdlc.....................................................................................................................181
Chapter 13: PPP/MLPPP configuration commands...........................................................183

configure interface bundle encapsulation ppp|mlppp....................................................................................183
configure interface bundle mlppp..................................................................................................................183
configure interface bundle ppp authentication..............................................................................................184
configure interface bundle ppp authentication_database..............................................................................184
configure interface bundle ppp echo-interval................................................................................................185
configure interface bundle ppp interleave.....................................................................................................185
configure interface bundle ppp ip-rtp-reserve...............................................................................................186
configure interface bundle ppp lfi-fragment-delay.........................................................................................186
configure interface bundle ppp mtu-mru-magic.............................................................................................187
configure interface bundle ppp pap|chap peer-name....................................................................................188
configure interface bundle ppp pap|chap sent-username.............................................................................188
configure interface bundle ppp peer-addr.....................................................................................................189
configure interface bundle ppp retry-interval.................................................................................................189
configure interface bundle ppp src-addr........................................................................................................190
configure interface bundle rtp........................................................................................................................190
configure interface bundle rtp connections...................................................................................................191
configure interface bundle rtp negotiation ipcp.............................................................................................191
configure interface bundle rtp timeout...........................................................................................................191
Chapter 14: Frame Relay configuration commands..........................................................193

clear fr invarp................................................................................................................................................193
clear fr lmistats..............................................................................................................................................193
clear fr vcstats...............................................................................................................................................193
clear interface avcs.......................................................................................................................................194
configure fr invarp.........................................................................................................................................194
configure fr mfr_e2e_enhanced....................................................................................................................195
configure interface avc..................................................................................................................................195
configure interface avc class.........................................................................................................................196
configure interface avc cvc............................................................................................................................196
configure interface avc diff_delay..................................................................................................................197
configure interface avc enable avc................................................................................................................197
configure interface avc enable cvc................................................................................................................198
configure interface avc enable mfr_e2e_enhanced......................................................................................198
October 2010
configure interface avc fragment_size..........................................................................................................199

configure interface avc ip address................................................................................................................199
configure interface avc ip directed broadcast................................................................................................200
configure interface avc map..........................................................................................................................200
configure interface avc seg_threshold..........................................................................................................200
configure interface avc sequence.................................................................................................................201
configure interface bundle encapulation frelay|mfr.......................................................................................201
configure interface bundle fr enable interface...............................................................................................202
configure interface bundle fr enable pvc.......................................................................................................202
configure interface bundle fr enable fragment_rfc1490.................................................................................202
configure interface bundle fr frame_size.......................................................................................................203
configure interface bundle fr interleave enable.............................................................................................203
configure interface bundle fr interleave hiprio...............................................................................................204
configure interface bundle fr intf_type...........................................................................................................204
configure interface bundle fr lmi....................................................................................................................205
configure interface bundle fr lmi dce.............................................................................................................205
configure interface bundle fr lmi dte..............................................................................................................206
configure interface bundle fr lmi fast_recovery.............................................................................................206
configure interface bundle fr lmi keepalive....................................................................................................207
configure interface bundle fr mfr ack_msg....................................................................................................207
configure interface bundle fr mfr class..........................................................................................................208
configure interface bundle fr mfr diff_delay...................................................................................................208
configure interface bundle fr mfr fragment_size............................................................................................209
configure interface bundle fr mfr hello_timer.................................................................................................209
configure interface bundle fr mfr seg_threshold............................................................................................210
configure interface bundle fr pvc...................................................................................................................210
configure interface bundle fr pvc crypto.........................................................................................................211
configure interface bundle fr pvc desc...........................................................................................................211
configure interface bundle fr pvc enable........................................................................................................211
configure interface bundle fr pvc frf12...........................................................................................................212
configure interface bundle fr pvc frf20 config................................................................................................212
configure interface bundle fr pvc frf20 enable...............................................................................................213
configure interface bundle fr pvc ip address.................................................................................................213
configure interface bundle fr pvc ipv6 address..............................................................................................214
configure interface bundle fr pvc map...........................................................................................................214
configure interface bundle fr pvc policing......................................................................................................215
configure interface bundle fr pvc shaping.....................................................................................................216
configure interface bundle fr pvc switch........................................................................................................216
show fr avcs..................................................................................................................................................217
show fr cvcs..................................................................................................................................................217
show fr invarp................................................................................................................................................217
show fr invarp_int..........................................................................................................................................218
show fr lmistats.............................................................................................................................................218
show fr pvcs..................................................................................................................................................218
show fr vcstats..............................................................................................................................................219
show interface avcs.......................................................................................................................................219
Chapter 15: Static LSP commands......................................................................................221

mpls static-ftn................................................................................................................................................221
mpls static-ilm...............................................................................................................................................221
show mpls static-ftn.......................................................................................................................................222
October 2010
show mpls static-ilm......................................................................................................................................223

show mpls stats-ftn.......................................................................................................................................223
show mpls stats-ilm.......................................................................................................................................223
Chapter 16: LDP commands.................................................................................................225

clear ldp adjacency.......................................................................................................................................225
clear ldp statistics..........................................................................................................................................225
configure interface ldp advertisement-mode.................................................................................................226
configure interface ldp hello-interval.............................................................................................................226
configure interface ldp hold-time...................................................................................................................227
configure interface ldp keepalive-interval......................................................................................................227
configure interface ldp keepalive-timeout......................................................................................................228
configure interface ldp label-retention-mode.................................................................................................229
configure interface ldp multicast-hellos.........................................................................................................229
configure interface ldp targeted-peer-hello-interval.......................................................................................230
configure interface ldp targeted-peer-hold-time............................................................................................230
configure router ldp.......................................................................................................................................231
configure router ldp advertise-labels.............................................................................................................231
configure router ldp advertisement-mode.....................................................................................................232
configure router ldp control-mode.................................................................................................................232
configure router ldp explicit-null....................................................................................................................233
configure router ldp hello-interval..................................................................................................................233
configure router ldp hold-time.......................................................................................................................234
configure router ldp keepalive-interval..........................................................................................................234
configure router ldp keepalive-timeout..........................................................................................................235
configure router ldp label-retention-mode.....................................................................................................235
configure router ldp loop-detection................................................................................................................236
configure router ldp loop-detection-count......................................................................................................236
configure router ldp multicast-hellos.............................................................................................................237
configure router ldp propagate-release.........................................................................................................237
configure router ldp request-retry..................................................................................................................238
configure router ldp request-retry-timeout.....................................................................................................238
configure router ldp targeted-peer.................................................................................................................239
configure router ldp targeted-peer-hello-interval...........................................................................................239
configure router ldp targeted-peer-hold-time.................................................................................................240
configure router ldp transport-address..........................................................................................................240
show ldp adjacency.......................................................................................................................................241
show ldp advertise-labels..............................................................................................................................241
show ldp fec..................................................................................................................................................241
show ldp interface.........................................................................................................................................241
show ldp lsp..................................................................................................................................................242
show ldp lsp fec.............................................................................................................................................242
show ldp lsp host...........................................................................................................................................243
show ldp lsp prefix.........................................................................................................................................243
show ldp session...........................................................................................................................................244
show ldp statistics.........................................................................................................................................244
show ldp statistics advertise-labels...............................................................................................................244
Chapter 17: RSVP-TE commands........................................................................................247

clear mpls traffic-eng-lsp...............................................................................................................................247
clear rsvp session.........................................................................................................................................247
clear rsvp statistics........................................................................................................................................248
10
October 2010
configure interface rsvp ack-wait-timeout......................................................................................................248

configure interface rsvp hello-interval........................................................................................................... 249
configure interface rsvp hello-receipt............................................................................................................ 249
configure interface rsvp hello-timeout........................................................................................................... 250
configure interface rsvp keep-multiplier........................................................................................................ 250
configure interface rsvp message-ack.......................................................................................................... 251
configure interface rsvp refresh-reduction.....................................................................................................251
configure interface rsvp refresh-time.............................................................................................................251
configure mpls traffic-eng-lsp........................................................................................................................252
configure mpls traffic-eng-lsp ext-tunnel-id................................................................................................... 253
configure mpls traffic-eng-lsp from................................................................................................................253
configure mpls traffic-eng-lsp map-route.......................................................................................................254
configure mpls traffic-eng-lsp primary|secondary affinity.............................................................................. 254
configure mpls traffic-eng-lsp primary|secondary bandwidth........................................................................255
configure mpls traffic-eng-lsp primary|secondary cspf..................................................................................255
configure mpls traffic-eng-lsp primary|secondary cspf-retry-limit..................................................................256
configure mpls traffic-eng-lsp primary|secondary cspf-retry-timer................................................................ 256
configure mpls traffic-eng-lsp primary|secondary exclude-any.....................................................................257
configure mpls traffic-eng-lsp primary fast-reroute bandwidth...................................................................... 257
configure mpls traffic-eng-lsp primary fast-reroute exclude-any................................................................... 258
configure mpls traffic-eng-lsp primary fast-reroute hold-priority....................................................................259
configure mpls traffic-eng-lsp primary fast-reroute hop-limit.........................................................................259
configure mpls traffic-eng-lsp primary fast-reroute include-any.................................................................... 260
configure mpls traffic-eng-lsp primary fast-reroute node-protection..............................................................260
configure mpls traffic-eng-lsp primary fast-reroute protection one-to-one.................................................... 261
configure mpls traffic-eng-lsp primary fast-reroute setup-priority..................................................................261
configure mpls traffic-eng-lsp primary|secondary filter..................................................................................262
configure mpls traffic-eng-lsp primary|secondary hold-priority......................................................................262
configure mpls traffic-eng-lsp primary|secondary hop-limit...........................................................................263
configure mpls traffic-eng-lsp primary|secondary include-any......................................................................263
configure mpls traffic-eng-lsp primary|secondary label-record......................................................................264
configure mpls traffic-eng-lsp primary|secondary no-affinity.........................................................................265
configure mpls traffic-eng-lsp primary|secondary no-cspf.............................................................................265
configure mpls traffic-eng-lsp primary|secondary no-record-route................................................................266
configure mpls traffic-eng-lsp primary|secondary record-route.....................................................................266
configure mpls traffic-eng-lsp primary|secondary retry-limit..........................................................................267
configure mpls traffic-eng-lsp primary|secondary retry-timer........................................................................267
configure mpls traffic-eng-lsp primary|secondary reuse-route-record...........................................................268
configure mpls traffic-eng-lsp primary|secondary setup-priority....................................................................268
configure mpls traffic-eng-lsp primary|secondary traffic................................................................................269
configure mpls traffic-eng-lsp primary|secondary traffic-eng-path................................................................ 270
configure mpls traffic-eng-lsp to....................................................................................................................270
configure mpls traffic-eng-lsp traffic-eng-lsp-restart......................................................................................271
configure mpls traffic-eng-lsp update-type....................................................................................................271
configure mpls traffic-eng-path......................................................................................................................271
configure mpls traffic-eng-path hop-address.................................................................................................272
configure mpls tunnel-mode..........................................................................................................................273
configure router rsvp..................................................................................................................................... 273
configure router rsvp ack-wait-timeout..........................................................................................................274
configure router rsvp cspf..............................................................................................................................274
configure router rsvp detour-identification.....................................................................................................274
October 2010
11
configure router rsvp explicit-null..................................................................................................................275

configure router rsvp from.............................................................................................................................276
configure router rsvp hello-interval................................................................................................................276
configure router rsvp hello-receipt.................................................................................................................277
configure router rsvp hello-timeout................................................................................................................277
configure router rsvp keep-multiplier.............................................................................................................278
configure router rsvp loop-detection..............................................................................................................278
configure router rsvp message-ack...............................................................................................................278
configure router rsvp neighbor......................................................................................................................279
configure router rsvp no-cspf........................................................................................................................279
configure router rsvp no-loop-detection........................................................................................................280
configure router rsvp no-php.........................................................................................................................280
configure router rsvp php..............................................................................................................................280
configure router rsvp refresh-reduction.........................................................................................................281
configure router rsvp refresh-time.................................................................................................................281
configure RSVP-TE filter...............................................................................................................................282
configure retry limit........................................................................................................................................282
show mpls admin-groups..............................................................................................................................283
show mpls traffic-eng-lsp session.................................................................................................................283
show mpls traffic-eng-lsp session lsp-name..................................................................................................283
show mpls traffic-eng-lsp session count........................................................................................................284
show mpls traffic-eng-lsp session egress......................................................................................................284
show mpls traffic-eng-lsp session egress......................................................................................................285
show mpls traffic-eng-lsp session ingress.....................................................................................................285
show mpls traffic-eng-lsp session ingress.....................................................................................................286
show mpls traffic-eng-lsp session transit.......................................................................................................286
show mpls traffic-eng-path............................................................................................................................287
show mpls tunnel-mode................................................................................................................................287
show rsvp interface.......................................................................................................................................287
show rsvp neighbor.......................................................................................................................................288
show rsvp nexthop-cache.............................................................................................................................288
show rsvp statistics.......................................................................................................................................288
show rsvp summary-refresh..........................................................................................................................289
show rsvp version.........................................................................................................................................289
Chapter 18: Common MPLS commands.............................................................................291

clear mpls statistics.......................................................................................................................................291
show mpls interface......................................................................................................................................291
show mpls stats-interface..............................................................................................................................291
show mpls stats-lsp.......................................................................................................................................292
show mpls table-forwarding..........................................................................................................................292
show mpls table-ilm.......................................................................................................................................292
Chapter 19: MPLS pseudowire commands.........................................................................293

configure interface bundle mpls l2-circuit......................................................................................................293
configure interface bundle mpls l2-circuit encapsulation ppp........................................................................293
configure interface bundle mpls l2-circuit encapsulation...............................................................................293
configure interface ethernet mpls l2-circuit...................................................................................................294
configure interface ethernet switchport mode l2vpn......................................................................................294
configure interface mpls admin-group...........................................................................................................294
configure interface mpls ip............................................................................................................................295
configure interface mpls protocol-ldp............................................................................................................295
12
October 2010
configure interface mpls protocol-rsvp..........................................................................................................295

configure mpls l2-circuit................................................................................................................................296
configure mpls static-l2-circuit-ftn..................................................................................................................296
configure mpls static-l2-circuit-ilm.................................................................................................................297
show ldp mpls-l2-circuit.................................................................................................................................297
show mpls l2-circuit.......................................................................................................................................298
show mpls l2-circuit-group............................................................................................................................298
show mpls static-l2-circuit-ftn........................................................................................................................298
show mpls static-l2-circuit-ilm.......................................................................................................................299
show mpls stats-vc........................................................................................................................................299
show mpls table-vc........................................................................................................................................299
Chapter 20: Ethernet interface commands.........................................................................301

interface ethernet..........................................................................................................................................301
interface ethernet description........................................................................................................................301
interface ethernet ip tcp-mss.........................................................................................................................302
interface ethernet mtu...................................................................................................................................302
interface ethernet REM.................................................................................................................................303
interface ethernet REM_...............................................................................................................................303
interface ethernet speed...............................................................................................................................304
interface ethernet traffic-class-table..............................................................................................................304
interface ethernet user-priority......................................................................................................................305
system jumbo-mtu-limit.................................................................................................................................305
Chapter 21: Interface mode commands..............................................................................307

configure interface vlan ip helper-address service........................................................................................307
configure interface vlan ip helper-address protocol......................................................................................307
configure interface vlan ip helper-address port.............................................................................................308
switchport......................................................................................................................................................308
no switchport.................................................................................................................................................309
switchport mode hybrid.................................................................................................................................309
switchport mode trunk...................................................................................................................................309
switchport hybrid allowed..............................................................................................................................310
switchport hybrid remove..............................................................................................................................310
switchport trunk allowed................................................................................................................................311
switchport trunk remove................................................................................................................................311
switchport pvid...............................................................................................................................................311
show bridge port............................................................................................................................................312
show interface ethernet.................................................................................................................................312
show interface ethernets...............................................................................................................................312
Chapter 22: MAC address table commands.......................................................................313

mac address..................................................................................................................................................313
mac aging-time..............................................................................................................................................313
show bridge config........................................................................................................................................314
show bridge detail.........................................................................................................................................314
show bridge mac...........................................................................................................................................314
show bridge mac address.............................................................................................................................315
show bridge mac dynamic.............................................................................................................................315
show bridge mac static..................................................................................................................................316
show bridge mac multicast............................................................................................................................316
show bridge mac unicast...............................................................................................................................317
October 2010
13
Chapter 23: PoE commands.................................................................................................319

poe detect3af................................................................................................................................................319
poe portmode................................................................................................................................................319
poe portpower...............................................................................................................................................320
poe portpowerlimit.........................................................................................................................................321
poe portpriority..............................................................................................................................................322
show poe portconfig......................................................................................................................................323
show poe portspower....................................................................................................................................323
show poe portstatus......................................................................................................................................324
show poe totalpower.....................................................................................................................................324
Chapter 24: VLAN commands..............................................................................................325

vlan database................................................................................................................................................325
vlan................................................................................................................................................................325
show bridge vlan...........................................................................................................................................326
interface vlan.................................................................................................................................................326
shutdown.......................................................................................................................................................326
vlan classification..........................................................................................................................................326
rule ipv4.........................................................................................................................................................327
rule protocol..................................................................................................................................................327
vlan classification ipv4...................................................................................................................................328
vlan classification protocol rule.....................................................................................................................329
switchport mode access vlan-stacking..........................................................................................................329
show bridge port............................................................................................................................................330
Chapter 25: MSTP commands..............................................................................................331

bridge............................................................................................................................................................331
bridge forward-delay.....................................................................................................................................331
bridge hello-time............................................................................................................................................332
bridge max-age.............................................................................................................................................332
bridge priority................................................................................................................................................333
mstp..............................................................................................................................................................333
mstp instance................................................................................................................................................333
mstp instance priority....................................................................................................................................334
mstp max-hops..............................................................................................................................................334
mstp region...................................................................................................................................................335
mstp revision.................................................................................................................................................335
spanning-tree................................................................................................................................................336
spanning-tree force-version..........................................................................................................................336
spanning-tree link-type..................................................................................................................................337
instance path-cost.........................................................................................................................................337
instance priority.............................................................................................................................................338
spanning-tree portfast...................................................................................................................................338
spanning-tree portfast bpdu-filter..................................................................................................................339
spanning-tree portfast bpdu-guard................................................................................................................339
spanning-tree path-cost................................................................................................................................339
spanning-tree priority....................................................................................................................................340
show spanning-tree.......................................................................................................................................340
clear spanning-tree mstp...............................................................................................................................341
clear spanning-tree statistics.........................................................................................................................342
14
October 2010
Chapter 26: LACP commands..............................................................................................343

lacp................................................................................................................................................................343
lacp channel-group mode..............................................................................................................................343
lacp priority....................................................................................................................................................344
interface lag...................................................................................................................................................344
lacp timeout...................................................................................................................................................345
show lacp channel-group..............................................................................................................................345
show lacp dynamic........................................................................................................................................346
show lacp member-port.................................................................................................................................346
Chapter 27: IGMP snooping commands.............................................................................347

ip igmp snooping...........................................................................................................................................347
snooping enable............................................................................................................................................347
snooping disable...........................................................................................................................................347
fast-leave enable...........................................................................................................................................348
fast-leave disable..........................................................................................................................................348
last-member-query-interval...........................................................................................................................348
max-response-time.......................................................................................................................................349
ip igmp snooping mrouter..............................................................................................................................349
proxy enable..................................................................................................................................................350
proxy disable.................................................................................................................................................350
querier enable...............................................................................................................................................350
querier disable...............................................................................................................................................351
query-interval................................................................................................................................................351
ip igmp snooping version..............................................................................................................................352
clear ip igmp snooping groups......................................................................................................................352
clear ip igmp snooping mrouter.....................................................................................................................353
clear ip igmp snooping statistics...................................................................................................................353
configure interface ip igmp snooping mrouter interface................................................................................353
configure interface vlan ip igmp snooping.....................................................................................................354
configure interface vlan ip igmp snooping querier.........................................................................................354
configure interface vlan ip igmp snooping report-suppression......................................................................355
show ip igmp snooping configuration............................................................................................................355
show ip igmp snooping detail........................................................................................................................356
show ip igmp snooping groups......................................................................................................................356
show ip igmp snooping mrouter....................................................................................................................356
show ip igmp snooping statistics...................................................................................................................357
Chapter 28: GVRP commands..............................................................................................359

clear gvrp......................................................................................................................................................359
dynamic-vlan-creation...................................................................................................................................359
gvrp enable...................................................................................................................................................360
registration-state...........................................................................................................................................360
show gvrp......................................................................................................................................................361
timer join........................................................................................................................................................362
Chapter 29: Ethernet Connectivity Fault Management commands..................................365

configure oam cfm enable.............................................................................................................................365
configure oam cfm ethtype............................................................................................................................365
configure oam cfm linktrace..........................................................................................................................366
configure oam cfm md...................................................................................................................................366
configure oam cfm md name.........................................................................................................................366
October 2010
15
configure oam cfm md level..........................................................................................................................367

configure oam cfm md ma.............................................................................................................................368
configure oam cfm md ma cc........................................................................................................................368
configure oam cfm md ma mep.....................................................................................................................369
configure oam cfm md ma name...................................................................................................................370
configure oam cfm md ma remove-ad-rmeps...............................................................................................370
configure oam cfm md ma rmep...................................................................................................................370
configure oam cfm md ma vlan.....................................................................................................................371
configure oam cfm md mip............................................................................................................................371
configure oam cfm md mip interface.............................................................................................................372
configure oam cfm md mip state...................................................................................................................372
configure oam cfm md mip vlan....................................................................................................................373
test oam cfm..................................................................................................................................................373
test oam cfm lbmmep....................................................................................................................................374
test oam cfm lbmmip.....................................................................................................................................375
test oam cfm ltmmep.....................................................................................................................................376
test oam cfm ltmmip......................................................................................................................................376
show cfm cc-configs......................................................................................................................................377
show cfm cc-configs ma md..........................................................................................................................377
show cfm errors.............................................................................................................................................378
show cfm global-config..................................................................................................................................378
show cfm linktrace-cache..............................................................................................................................378
show cfm ma.................................................................................................................................................379
show cfm mas...............................................................................................................................................380
show cfm md.................................................................................................................................................380
show cfm mds...............................................................................................................................................380
show cfm mep...............................................................................................................................................381
show cfm meps.............................................................................................................................................381
show cfm mip................................................................................................................................................382
show cfm mips..............................................................................................................................................382
show cfm rmep..............................................................................................................................................383
show cfm stats..............................................................................................................................................383
clear cfm errors.............................................................................................................................................384
clear cfm linktrace-cache..............................................................................................................................384
clear cfm stats...............................................................................................................................................385
debug oam cfm dump-data...........................................................................................................................386
debug oam cfm debug-feature debug-level..................................................................................................386
Chapter 30: Port mirroring commands................................................................................389

mirror source.................................................................................................................................................389
show mirror...................................................................................................................................................389
Chapter 31: Bridge configuration commands....................................................................391

configure bridge priority.................................................................................................................................391
configure maximum aging time.....................................................................................................................391
configure forward time delay.........................................................................................................................392
configure static MAC address.......................................................................................................................392
Chapter 32: SNMP commands.............................................................................................393

clear snmp-stats............................................................................................................................................393
configure snmp-server chassis-id.................................................................................................................393
configure snmp-server community................................................................................................................393
16
October 2010
configure snmp-server contact......................................................................................................................394

configure snmp-server enable traps bgp.......................................................................................................394
configure snmp-server enable traps bundle..................................................................................................395
configure snmp-server enable traps cfm.......................................................................................................395
configure snmp-server enable traps config...................................................................................................396
configure snmp-server enable traps dvmrp...................................................................................................396
configure snmp-server enable traps enable-all.............................................................................................397
configure snmp-server enable traps environment.........................................................................................397
configure snmp-server enable traps frame_relay..........................................................................................397
configure snmp-server enable traps ospf error.............................................................................................398
configure snmp-server enable traps ospf lsa................................................................................................399
configure snmp-server enable traps ospf retransmit.....................................................................................399
configure snmp-server enable traps ospf state-change................................................................................399
configure snmp-server enable traps pim.......................................................................................................400
configure snmp-server enable traps pimv6...................................................................................................401
configure snmp-server enable traps snmp....................................................................................................401
configure snmp-server enable traps sntp......................................................................................................402
configure snmp-server enable traps ssm......................................................................................................402
configure snmp-server enable traps system.................................................................................................402
configure snmp-server enable traps vrrp......................................................................................................403
configure snmp-server location.....................................................................................................................403
configure snmp-server snmp-enable.............................................................................................................404
configure snmp-server snmp-source.............................................................................................................404
configure snmp-server source-address.........................................................................................................404
configure snmp-server trap-host...................................................................................................................405
configure snmp-server trap-source...............................................................................................................405
configure snmp-server trap-version..............................................................................................................406
configure system snmp-ifindex-persistent.....................................................................................................406
show snmp communities...............................................................................................................................407
show snmp configuration..............................................................................................................................407
show snmp snmp-source..............................................................................................................................407
show snmp status.........................................................................................................................................407
show snmp trap-host.....................................................................................................................................408
show snmp trap-source.................................................................................................................................408
show snmp trap-version................................................................................................................................408
show snmp traps...........................................................................................................................................409
Chapter 33: RMON commands.............................................................................................411

configure rmon alarm.....................................................................................................................................411
configure rmon enable..................................................................................................................................412
configure rmon event....................................................................................................................................412
configure rmon history...................................................................................................................................412
configure rmon statistics...............................................................................................................................413
show rmon alarm...........................................................................................................................................413
show rmon alarms.........................................................................................................................................414
show rmon ethernet_history..........................................................................................................................414
show rmon events.........................................................................................................................................414
show rmon history_control............................................................................................................................415
show rmon logs.............................................................................................................................................415
show rmon statistics......................................................................................................................................415
October 2010
17
Chapter 34: DHCPv4 commands..........................................................................................417

clear ip dhcps bindings..................................................................................................................................417
clear ip dhcps statistics.................................................................................................................................417
configure hostname.......................................................................................................................................417
configure interface ethernet dhcp-client........................................................................................................418
configure interface dhcp-relay.......................................................................................................................418
configure ip dhcps enable.............................................................................................................................419
configure ip dhcps interface..........................................................................................................................419
configure ip dhcps pool.................................................................................................................................419
configure ip dhcps pool altvlan......................................................................................................................420
configure ip dhcps pool callserver.................................................................................................................420
configure ip dhcps pool clientid.....................................................................................................................421
configure ip dhcps pool commit.....................................................................................................................421
configure ip dhcps pool default_router..........................................................................................................421
configure ip dhcps pool dnsserver................................................................................................................422
configure ip dhcps pool domain....................................................................................................................422
configure ip dhcps pool exclude-range.........................................................................................................423
configure ip dhcps pool host.........................................................................................................................423
configure ip dhcps pool hwaddr....................................................................................................................423
configure ip dhcps pool lease........................................................................................................................424
configure ip dhcps pool netbios_name_server..............................................................................................424
configure ip dhcps pool network....................................................................................................................424
configure ip dhcps pool tftpserver.................................................................................................................425
configure ip dhcps pool wireless...................................................................................................................425
configure ip dhcps relay................................................................................................................................426
configure ip dhcps remote_database............................................................................................................426
configure ip domain_name............................................................................................................................427
configure ip name_server..............................................................................................................................427
configure ip pname_server............................................................................................................................427
show dhcp-relay............................................................................................................................................428
show ip dhcps address_pools.......................................................................................................................428
show ip dhcps bindings.................................................................................................................................428
show ip dhcps config.....................................................................................................................................429
show ip dhcps interfaces...............................................................................................................................429
show ip dhcps statistics.................................................................................................................................429
show ip dns...................................................................................................................................................429
Chapter 35: DHCPv6 commands..........................................................................................431

configure interface ipv6 dhcp client...............................................................................................................431
configure interface ipv6 dhcp relay...............................................................................................................432
configure interface ipv6 dhcp server.............................................................................................................432
configure ipv6 dhcp pool...............................................................................................................................433
configure ipv6 dhcp pool dns-server.............................................................................................................433
configure ipv6 dhcp pool domain-name........................................................................................................434
configure ipv6 dhcp pool ntp-server..............................................................................................................434
configure ipv6 dhcp pool prefix-delegation....................................................................................................434
show ipv6 dhcp binding.................................................................................................................................435
show ipv6 dhcp DUIDs..................................................................................................................................435
show ipv6 dhcp interface...............................................................................................................................436
show ipv6 dhcp pool......................................................................................................................................436
18
October 2010
Chapter 36: Network access commands.............................................................................437

clear telnet_session......................................................................................................................................437
clear telnet_sessions.....................................................................................................................................437
configure ftp_server......................................................................................................................................437
configure ftp_user.........................................................................................................................................438
configure telnet_banner................................................................................................................................438
configure telnet_server..................................................................................................................................439
configure telnet_timeout................................................................................................................................439
configure tftp_server.....................................................................................................................................439
telnet.............................................................................................................................................................440
show ftp.........................................................................................................................................................440
show telnet....................................................................................................................................................440
show tftp_server_info....................................................................................................................................440
Chapter 37: IPv4 routing commands...................................................................................443

clear ip prefix-list...........................................................................................................................................443
configure access-list......................................................................................................................................443
configure interface ip address.......................................................................................................................444
configure interface ip proxy_arp....................................................................................................................444
configure interface ip redirects......................................................................................................................444
configure interface ip unreachables..............................................................................................................445
configure ip load-balancing...........................................................................................................................445
configure ip nat access-group.......................................................................................................................445
configure ip nat access-list............................................................................................................................446
configure ip nat address................................................................................................................................446
configure ip nat debug...................................................................................................................................447
configure ip nat default_addr.........................................................................................................................447
configure ip nat enable..................................................................................................................................447
configure ip nat interface...............................................................................................................................448
configure ip nat ip..........................................................................................................................................448
configure ip nat max_entries.........................................................................................................................449
configure ip nat max_ports............................................................................................................................449
configure ip nat pass_thru.............................................................................................................................450
configure ip nat pass-thru-multicast..............................................................................................................450
configure ip nat pool range............................................................................................................................451
configure ip nat port......................................................................................................................................451
configure ip nat reverse.................................................................................................................................452
configure ip nat reverseACL..........................................................................................................................452
configure ip nat timeout.................................................................................................................................453
configure ip nat trans_addr...........................................................................................................................453
configure ip nat trans_mode..........................................................................................................................454
configure ip nat unregistered.........................................................................................................................454
configure ip prefix-list....................................................................................................................................455
configure ip proxy-dns add-cache.................................................................................................................455
configure ip proxy-dns enable.......................................................................................................................456
configure ip route..........................................................................................................................................456
configure route-map......................................................................................................................................457
configure route-map match as-path..............................................................................................................457
configure route-map match community.........................................................................................................457
configure route-map match interface............................................................................................................458
configure route-map match ip address..........................................................................................................458
October 2010
19
configure route-map match ip address prefix-list..........................................................................................459

configure route-map match ip next-hop........................................................................................................459
configure route-map match metric................................................................................................................460
configure route-map match origin.................................................................................................................460
configure route-map match route-type..........................................................................................................461
configure route-map match source-protocol.................................................................................................461
configure route-map match tag.....................................................................................................................462
configure route-map set aggregator..............................................................................................................462
configure route-map set as-path...................................................................................................................462
configure route-map set atomic-aggregate...................................................................................................463
configure route-map set comm-list................................................................................................................463
configure route-map set community..............................................................................................................464
configure route-map set dampening.............................................................................................................464
configure route-map set ip next-hop.............................................................................................................465
configure route-map set local-preference.....................................................................................................466
configure route-map set metric.....................................................................................................................466
configure route-map set metric-type.............................................................................................................466
configure route-map set origin......................................................................................................................467
configure route-map set originator-id............................................................................................................467
configure route-map set tag..........................................................................................................................468
configure route-map set weight.....................................................................................................................468
show ip interfaces.........................................................................................................................................469
show ip prefix-list...........................................................................................................................................469
show ip protocols..........................................................................................................................................470
show ip route.................................................................................................................................................470
show route-map............................................................................................................................................471
Chapter 38: IPv6 routing commands...................................................................................473

clear ipv6 mroute...........................................................................................................................................473
clear ipv6 neighbors......................................................................................................................................473
clear ipv6 prefix-list.......................................................................................................................................474
configure interface ipv6 address...................................................................................................................474
configure interface ipv6 enable.....................................................................................................................475
configure interface ipv6 nd............................................................................................................................475
configure interface ipv6 redirects..................................................................................................................476
configure ipv6 access-list..............................................................................................................................476
configure ipv6 general-prefix.........................................................................................................................477
configure ipv6 hop-limit.................................................................................................................................477
configure ipv6 icmp rate-limit........................................................................................................................477
configure ipv6 load-balancing.......................................................................................................................478
configure ipv6 mroute....................................................................................................................................478
configure ipv6 multicast-routing....................................................................................................................479
configure ipv6 multicast-lookup-mrib-only.....................................................................................................480
configure ipv6 neighbor.................................................................................................................................480
configure ipv6 prefix-list................................................................................................................................481
configure ipv6 route.......................................................................................................................................481
configure ipv6 unicast-routing.......................................................................................................................482
configure route-map match ipv6 address......................................................................................................482
configure route-map match ipv6 address prefix-list......................................................................................483
configure route-map set ipv6 next-hop..........................................................................................................483
show ipv6 access-list....................................................................................................................................484
20
October 2010
show ipv6 general-prefix...............................................................................................................................484

show ipv6 interfaces......................................................................................................................................484
show ipv6 mroute..........................................................................................................................................485
show ipv6 mtu...............................................................................................................................................485
show ipv6 mvif...............................................................................................................................................485
show ipv6 neighbors.....................................................................................................................................486
show ipv6 prefix-list.......................................................................................................................................486
show ipv6 route.............................................................................................................................................486
show ipv6 routers..........................................................................................................................................487
Chapter 39: RIP commands..................................................................................................489

clear ip rip route............................................................................................................................................489
configure interface bundle ip rip default-originate-only.................................................................................490
configure interface bundle ip rip triggered.....................................................................................................490
configure interface ethernet ip rip default-originate-only...............................................................................491
configure interface ip rip................................................................................................................................491
configure interface ip rip authentication........................................................................................................492
configure interface ip rip receive...................................................................................................................492
configure interface ip rip receive-packet.......................................................................................................493
configure interface ip rip send version..........................................................................................................493
configure interface ip rip send-packet...........................................................................................................494
configure interface ip rip split-horizon...........................................................................................................494
configure interface tunnel ip rip default-originate-only..................................................................................494
configure interface tunnel ip rip triggered......................................................................................................495
configure interface vlan ip rip default-originate-only......................................................................................495
configure router rip........................................................................................................................................496
configure router rip default-information.........................................................................................................496
configure router rip default-metric.................................................................................................................496
configure router rip distance..........................................................................................................................497
configure router rip distribute-list...................................................................................................................497
configure router rip multi-nexthop.................................................................................................................498
configure router rip neighbor.........................................................................................................................498
configure router rip network..........................................................................................................................499
configure router rip offset-list.........................................................................................................................499
configure router rip passive-interface............................................................................................................500
configure router rip redistribute.....................................................................................................................500
configure router rip timers.............................................................................................................................501
configure router rip version...........................................................................................................................501
show ip protocols rip.....................................................................................................................................502
show ip rip.....................................................................................................................................................502
show ip rip database.....................................................................................................................................502
show ip rip interface......................................................................................................................................503
Chapter 40: OSPF commands..............................................................................................505

clear ip ospf...................................................................................................................................................505
configure interface ip ospf.............................................................................................................................505
configure interface ip ospf authentication......................................................................................................505
configure interface ip ospf authentication-key...............................................................................................506
configure interface ip ospf cost.....................................................................................................................506
configure interface ip ospf database-filter.....................................................................................................507
configure interface ip ospf dead-interval.......................................................................................................507
configure interface ip ospf disable all............................................................................................................507
October 2010
21
configure interface ip ospf hello-interval........................................................................................................508

configure interface ip ospf message-digest-key............................................................................................508
configure interface ip ospf mtu......................................................................................................................508
configure interface ip ospf mtu-ignore...........................................................................................................509
configure interface ip ospf network...............................................................................................................509
configure interface ip ospf priority.................................................................................................................509
configure interface ip ospf retransmit-interval...............................................................................................510
configure interface ip ospf te-metric..............................................................................................................510
configure interface ip ospf transmit-delay.....................................................................................................510
configure router ospf......................................................................................................................................511
configure router ospf area authentication......................................................................................................511
configure router ospf area default-cost.........................................................................................................512
configure router ospf area filter-list................................................................................................................512
configure router ospf area nssa....................................................................................................................513
configure router ospf area nssa default-information-originate.......................................................................513
configure router ospf area nssa no-redistribution..........................................................................................514
configure router ospf area nssa no-summary...............................................................................................514
configure router ospf area nssa translator-role.............................................................................................514
configure router ospf area range...................................................................................................................515
configure router ospf area stub.....................................................................................................................516
configure router ospf area virtual-link............................................................................................................516
configure router ospf auto-cost reference-bandwidth....................................................................................517
configure router ospf capability.....................................................................................................................518
configure router ospf compatible...................................................................................................................518
configure router ospf cspf retry-interval.........................................................................................................518
configure router ospf cspf tie-break...............................................................................................................519
configure router ospf default-information originate........................................................................................519
configure router ospf default-metric..............................................................................................................519
configure router ospf distance.......................................................................................................................520
configure router ospf log-adjacency-changes...............................................................................................520
configure router ospf max-concurrent-dd......................................................................................................521
configure router ospf network........................................................................................................................521
configure router ospf ospf abr-type...............................................................................................................522
configure router ospf passive-interface.........................................................................................................522
configure router ospf redistribute..................................................................................................................523
configure router ospf summary-address.......................................................................................................523
configure router ospf timers spf.....................................................................................................................524
show ip ospf border-routers..........................................................................................................................524
show ip ospf database..................................................................................................................................524
show ip ospf interface...................................................................................................................................525
show ip ospf neighbor...................................................................................................................................525
show ip ospf route.........................................................................................................................................526
show ip ospf te-database..............................................................................................................................526
show ip ospf virtual-links...............................................................................................................................526
show ip protocols ospf...................................................................................................................................526
Chapter 41: BGP commands................................................................................................529

clear bgp ipv4................................................................................................................................................529
clear bgp ipv4 dampening.............................................................................................................................529
clear bgp ipv4 external..................................................................................................................................530
clear bgp ipv4 flap-statistics..........................................................................................................................530
22
October 2010
clear bgp ipv4 peer-group.............................................................................................................................531

clear bgp ipv4 unicast...................................................................................................................................531
clear bgp ipv4 multicast.................................................................................................................................532
clear bgp ipv4 unicast external......................................................................................................................533
clear bgp ipv4 multicast external...................................................................................................................534
clear bgp ipv4 unicast peer-group.................................................................................................................534
clear bgp ipv4 multicast peer-group..............................................................................................................535
clear bgp ipv4 unicast dampening.................................................................................................................536
clear bgp ipv4 multicast dampening..............................................................................................................536
clear bgp ipv4 unicast flap-statistics..............................................................................................................537
clear bgp ipv4 multicast flap-statistics...........................................................................................................537
clear bgp all...................................................................................................................................................538
clear bgp all external.....................................................................................................................................538
clear bgp all peer-group................................................................................................................................539
clear bgp all dampening................................................................................................................................539
clear bgp all flap-statistics.............................................................................................................................540
configure bgp aggregate-nexthop-check.......................................................................................................540
configure bgp rfc1771-path-select.................................................................................................................540
configure bgp rfc1771-strict...........................................................................................................................540
configure ip as-path.......................................................................................................................................541
configure ip community-list............................................................................................................................541
configure router bgp......................................................................................................................................542
configure router bgp address-family ipv4 multicast.......................................................................................542
configure router bgp aggregate-address.......................................................................................................542
configure router bgp bgp always-compare-med............................................................................................543
configure router bgp bgp bestpath................................................................................................................543
configure router bgp bgp client-to-client reflection........................................................................................543
configure router bgp bgp cluster-id...............................................................................................................544
configure router bgp bgp confederation identifier..........................................................................................544
configure router bgp bgp confederation peers..............................................................................................545
configure router bgp bgp dampening............................................................................................................545
configure router bgp bgp default ipv4-unicast...............................................................................................546
configure router bgp bgp default local-preference........................................................................................546
configure router bgp bgp deterministic-med..................................................................................................546
configure router bgp bgp enforce-first-as......................................................................................................547
configure router bgp bgp fast-external-failover.............................................................................................547
configure router bgp bgp log-neighbor-changes...........................................................................................548
configure router bgp bgp router-id.................................................................................................................548
configure router bgp bgp scan-time..............................................................................................................548
configure router bgp distance........................................................................................................................549
configure router bgp ebgp-ecmp...................................................................................................................549
configure router bgp neighbor activate..........................................................................................................549
configure router bgp neighbor advertisement-interval...................................................................................550
configure router bgp neighbor allowas-in......................................................................................................550
configure router bgp neighbor as-origination-interval....................................................................................551
configure router bgp neighbor attribute-unchanged......................................................................................551
configure router bgp neighbor capability.......................................................................................................552
configure router bgp neighbor default-originate............................................................................................552
configure router bgp neighbor description.....................................................................................................553
October 2010
23
configure router bgp neighbor distribute-list..................................................................................................553

configure router bgp neighbor dont-capability-negotiate...............................................................................554
configure router bgp neighbor ebgp-multihop...............................................................................................554
configure router bgp neighbor filter-list..........................................................................................................554
configure router bgp neighbor interface........................................................................................................555
configure router bgp neighbor maximum-prefix............................................................................................555
configure router bgp neighbor next-hop-self.................................................................................................556
configure router bgp neighbor override-capability.........................................................................................556
configure router bgp neighbor passive..........................................................................................................556
configure router bgp neighbor password.......................................................................................................557
configure router bgp neighbor peer-group....................................................................................................557
configure router bgp neighbor prefix-list........................................................................................................557
configure router bgp neighbor remote-as......................................................................................................558
configure router bgp neighbor remove-private-AS........................................................................................558
configure router bgp neighbor route-map......................................................................................................559
configure router bgp neighbor route-reflector-client......................................................................................559
configure router bgp neighbor route-server-client.........................................................................................559
configure router bgp neighbor send-community............................................................................................560
configure router bgp neighbor shutdown.......................................................................................................560
configure router bgp neighbor soft-reconfiguration inbound.........................................................................560
configure router bgp neighbor strict-capability-match...................................................................................561
configure router bgp neighbor timers............................................................................................................561
configure router bgp neighbor unsuppress-map...........................................................................................562
configure router bgp neighbor update-source...............................................................................................562
configure router bgp neighbor weight............................................................................................................563
configure router bgp network........................................................................................................................563
configure router bgp redistribute...................................................................................................................563
configure router bgp synchronization............................................................................................................564
configure router bgp timers...........................................................................................................................564
show bgp ipv4 attribute-info..........................................................................................................................565
show bgp ipv4 cidr-only.................................................................................................................................565
show bgp ipv4 community.............................................................................................................................565
show bgp ipv4 community-info......................................................................................................................566
show bgp ipv4 community-list.......................................................................................................................566
show bgp ipv4 dampening............................................................................................................................567
show bgp ipv4 filter-list..................................................................................................................................567
show bgp ipv4 inconsistent-as......................................................................................................................568
show bgp ipv4 neighbors..............................................................................................................................568
show bgp ipv4 paths.....................................................................................................................................568
show bgp ipv4 prefix-list................................................................................................................................569
show bgp ipv4 quote-regexp.........................................................................................................................569
show bgp ipv4 regexp...................................................................................................................................569
show bgp ipv4 route-map..............................................................................................................................570
show bgp ipv4 scan.......................................................................................................................................570
show bgp ipv4 summary...............................................................................................................................570
show ip as-path-access-list...........................................................................................................................571
show ip community-list..................................................................................................................................571
show ip protocols bgp...................................................................................................................................571
show debug bgp............................................................................................................................................572
show bgp ipv4 unicast attribute-info..............................................................................................................572
show bgp ipv4 unicast cidr-only....................................................................................................................572
24
October 2010
show bgp ipv4 unicast community................................................................................................................572

show bgp ipv4 unicast community-info.........................................................................................................573
show bgp ipv4 unicast community-list...........................................................................................................573
show bgp ipv4 unicast dampening................................................................................................................574
show bgp ipv4 unicast filter-list.....................................................................................................................574
show bgp ipv4 unicast inconsistent-as..........................................................................................................575
show bgp ipv4 unicast neighbors..................................................................................................................575
show bgp ipv4 unicast paths.........................................................................................................................576
show bgp ipv4 unicast peer-group................................................................................................................576
show bgp ipv4 unicast prefix-list...................................................................................................................576
show bgp ipv4 unicast quote-regexp.............................................................................................................577
show bgp ipv4 unicast regexp.......................................................................................................................577
show bgp ipv4 unicast route-map.................................................................................................................577
show bgp ipv4 unicast summary...................................................................................................................578
show bgp ipv4 unicast scan..........................................................................................................................578
show bgp ipv4 multicast attribute-info...........................................................................................................578
show bgp ipv4 multicast cidr-only.................................................................................................................579
show bgp ipv4 multicast community..............................................................................................................579
show bgp ipv4 multicast community-info.......................................................................................................579
show bgp ipv4 multicast community-list........................................................................................................580
show bgp ipv4 multicast dampening.............................................................................................................580
show bgp ipv4 multicast filter-list...................................................................................................................581
show bgp ipv4 multicast inconsistent-as.......................................................................................................581
show bgp ipv4 multicast neighbors...............................................................................................................582
show bgp ipv4 multicast paths......................................................................................................................582
show bgp ipv4 multicast peer-group.............................................................................................................582
show bgp ipv4 multicast prefix-list.................................................................................................................583
show bgp ipv4 multicast quote-regexp..........................................................................................................583
show bgp ipv4 multicast regexp....................................................................................................................584
show bgp ipv4 multicast route-map...............................................................................................................584
show bgp ipv4 multicast summary................................................................................................................584
show bgp ipv4 multicast scan.......................................................................................................................585
debug bgp.....................................................................................................................................................585
show bgp all attribute-info.............................................................................................................................586
show bgp all community................................................................................................................................586
show bgp all community-info.........................................................................................................................586
show bgp all community-list..........................................................................................................................587
show bgp all dampening...............................................................................................................................587
show bgp all filter-list.....................................................................................................................................588
show bgp all inconsistent-as.........................................................................................................................588
show bgp all neighbors.................................................................................................................................588
show bgp all paths........................................................................................................................................589
show bgp all peer-group................................................................................................................................589
show bgp all prefix-list...................................................................................................................................590
show bgp all quote-regexp............................................................................................................................590
show bgp all regexp......................................................................................................................................590
show bgp all route-map.................................................................................................................................591
show bgp all summary..................................................................................................................................591
show bgp all scan..........................................................................................................................................592
October 2010
25
Chapter 42: VRRP commands..............................................................................................593

clear vrrp.......................................................................................................................................................593
configure interface ethernet vrrp...................................................................................................................593
configure interface ethernet vrrp advertisement_interval..............................................................................594
configure interface ethernet vrrp authentication............................................................................................594
configure interface ethernet vrrp description.................................................................................................594
configure interface ethernet vrrp enable.......................................................................................................595
configure interface ethernet vrrp ipaddr........................................................................................................595
configure interface ethernet vrrp learn_adv_internal.....................................................................................596
configure interface ethernet vrrp preempt.....................................................................................................596
configure interface ethernet vrrp priority.......................................................................................................596
configure interface ethernet vrrp track..........................................................................................................597
configure vrrp-virtualip allow-ping.................................................................................................................597
show vrrp.......................................................................................................................................................597
show vrrp virtualip-setting.............................................................................................................................598
Chapter 43: IPv4 multicast routing commands..................................................................599

clear ip mroute..............................................................................................................................................599
configure ip mroute.......................................................................................................................................599
configure interface ip multicast ttl-threshold..................................................................................................600
configure ip multicast-lookup-mrib-only.........................................................................................................601
configure ip multicast-routing........................................................................................................................601
show ip mroute..............................................................................................................................................602
show ip mvif..................................................................................................................................................602
Chapter 44: DVMRP commands...........................................................................................603

clear ip dvmrp prune.....................................................................................................................................603
clear ip dvmrp route......................................................................................................................................603
configure ip dvmrp holddown disable............................................................................................................604
configure ip dvmrp log-neighbor-changes.....................................................................................................604
configure ip dvmrp mfc-timeout.....................................................................................................................605
configure ip dvmrp neighbor-probe-interval..................................................................................................605
configure ip dvmrp neighbor-timeout.............................................................................................................606
configure ip dvmrp route-expiration-timeout..................................................................................................606
configure ip dvmrp switch-timeout.................................................................................................................607
configure ip dvmrp triggered-update-interval................................................................................................608
configure ip dvmrp unconfirmed-route-timeout.............................................................................................608
configure interface ip dvmrp default-listen....................................................................................................609
configure interface ip dvmrp default-supply..................................................................................................609
configure interface ip dvmrp enable..............................................................................................................610
configure interface ip dvmrp metric...............................................................................................................610
configure interface ip dvmrp output-report-delay..........................................................................................610
configure interface ip dvmrp prune-lifetime...................................................................................................611
configure interface ip dvmrp reject non-pruners............................................................................................611
show ip dvmrp interface................................................................................................................................612
show ip dvmrp neighbor................................................................................................................................612
show ip dvmrp prune.....................................................................................................................................613
show ip dvmrp route......................................................................................................................................613
show ip dvmrp statistics................................................................................................................................614
Chapter 45: IPv4 PIM commands.........................................................................................615

clear ip pim sparse-mode bsr rp-set all.........................................................................................................615
26
October 2010
clear ip pim sparse-mode statistics...............................................................................................................615

configure interface ip pim bsr-border............................................................................................................616
configure interface ip pim dr-priority..............................................................................................................616
configure interface ip pim exclude-genid.......................................................................................................616
configure interface ip pim hello-interval.........................................................................................................617
configure interface ip pim neighbor-filter.......................................................................................................617
configure interface ip pim sparse-mode........................................................................................................617
configure ip pim accept-register....................................................................................................................618
configure ip pim anycast-rp...........................................................................................................................618
configure ip pim bsr-candidate......................................................................................................................619
configure ip pim cisco-register-checksum.....................................................................................................620
configure ip pim ignore-rp-set-priority...........................................................................................................620
configure ip pim log-neighbor-changes.........................................................................................................620
configure ip pim multipath.............................................................................................................................621
configure ip pim register-source....................................................................................................................621
configure ip pim rp-address...........................................................................................................................622
configure ip pim rp-candidate........................................................................................................................622
configure ip pim spt-threshold-infinity............................................................................................................623
configure ip pim ssm.....................................................................................................................................623
show ip pim sparse-mode bsr-router.............................................................................................................624
show ip pim sparse-mode database.............................................................................................................624
show ip pim sparse-mode interface..............................................................................................................624
show ip pim sparse-mode neighbor..............................................................................................................625
show ip pim sparse-mode rp mapping..........................................................................................................625
show ip pim sparse-mode rp-hash................................................................................................................626
show ip pim sparse-mode rpf........................................................................................................................626
Chapter 46: IGMP commands...............................................................................................627

clear ip igmp group........................................................................................................................................627
clear ip igmp interface...................................................................................................................................627
clear ip igmp statistics...................................................................................................................................628
configure ip igmp limit...................................................................................................................................628
configure ip igmp ssm-map enable...............................................................................................................629
configure ip igmp ssm-map static..................................................................................................................629
configure interface ip igmp access-group.....................................................................................................630
configure interface ip igmp immediate-leave.................................................................................................630
configure interface ip igmp last-member-query-count...................................................................................631
configure interface ip igmp last-member-query-interval................................................................................631
configure interface ip igmp limit.....................................................................................................................632
configure interface ip igmp querier-timeout...................................................................................................632
configure interface ip igmp query-interval.....................................................................................................633
configure interface ip igmp query-max-response-time..................................................................................633
configure interface ip igmp robustness-variable............................................................................................634
configure interface ip igmp static-group........................................................................................................634
configure interface ip igmp version...............................................................................................................635
show ip igmp groups.....................................................................................................................................635
show ip igmp interface..................................................................................................................................636
show ip igmp statistics..................................................................................................................................636
Chapter 47: RIPng commands.............................................................................................637

clear ipv6 rip route.........................................................................................................................................637
configure interface ipv6 rip split-horizon........................................................................................................638
October 2010
27
configure interface ipv6 router rip..................................................................................................................638

configure router ipv6 rip................................................................................................................................638
configure router ipv6 rip aggregate-address.................................................................................................639
configure router ipv6 rip default-information..................................................................................................639
configure router ipv6 rip default-metric..........................................................................................................639
configure router ipv6 rip distance..................................................................................................................640
configure router ipv6 rip distribute-list...........................................................................................................640
configure router ipv6 rip neighbor.................................................................................................................641
configure router ipv6 rip offset-list.................................................................................................................641
configure router ipv6 rip passive-interface....................................................................................................642
configure router ipv6 rip redistribute..............................................................................................................642
configure router ipv6 rip route-map...............................................................................................................643
configure router ipv6 rip timers......................................................................................................................643
show ipv6 protocols rip..................................................................................................................................644
show ipv6 rip.................................................................................................................................................644
show ipv6 rip database.................................................................................................................................644
show ipv6 rip interface..................................................................................................................................645
Chapter 48: OSPFv3 commands..........................................................................................647

clear ipv6 ospf...............................................................................................................................................647
configure interface ipv6 router ospf...............................................................................................................647
configure interface ipv6 ospf cost..................................................................................................................648
configure interface ipv6 ospf dead-interval...................................................................................................648
configure interface ipv6 ospf hello-interval....................................................................................................649
configure interface ipv6 ospf mtu..................................................................................................................649
configure interface ipv6 ospf mtu-ignore.......................................................................................................649
configure router ospf neighbor......................................................................................................................650
configure interface ipv6 ospf network............................................................................................................650
configure interface ipv6 ospf priority.............................................................................................................651
configure interface ipv6 ospf retransmit-interval...........................................................................................651
configure interface ipv6 ospf transmit-delay..................................................................................................652
configure router ipv6 ospf..............................................................................................................................652
configure router ipv6 ospf abr-type...............................................................................................................653
configure router ipv6 ospf area default-cost..................................................................................................653
configure router ipv6 ospf area range...........................................................................................................654
configure router ipv6 ospf area stub..............................................................................................................655
configure router ipv6 ospf area virtual-link....................................................................................................655
configure router ipv6 ospf auto-cost..............................................................................................................656
configure router ipv6 ospf default-metric.......................................................................................................657
configure router ipv6 ospf distance...............................................................................................................657
configure router ipv6 ospf log-adjacency-changes........................................................................................658
configure router ipv6 ospf max-concurrent-dd..............................................................................................658
configure router ipv6 ospf passive-interface.................................................................................................658
configure router ipv6 ospf redistribute...........................................................................................................659
configure router ipv6 ospf timers spf.............................................................................................................659
configure terminal interface ip ospf demand-circuit.......................................................................................660
show ipv6 ospf border-routers.......................................................................................................................660
show ipv6 ospf database...............................................................................................................................661
show ipv6 ospf interface................................................................................................................................661
show ipv6 ospf neighbor...............................................................................................................................661
show ipv6 ospf route.....................................................................................................................................662
28
October 2010
show ipv6 ospf virtual-links...........................................................................................................................662
Chapter 49: BGP4+ commands............................................................................................663

clear bgp ipv6................................................................................................................................................663
clear bgp ipv6 dampening.............................................................................................................................663
clear bgp ipv6 external..................................................................................................................................664
clear bgp ipv6 flap-statistics..........................................................................................................................664
clear bgp ipv6 peer-group.............................................................................................................................665
clear bgp ipv6 unicast external......................................................................................................................667
clear bgp ipv6 multicast external...................................................................................................................668
clear bgp ipv6 unicast peer-group.................................................................................................................668
clear bgp ipv6 multicast peer-group..............................................................................................................669
clear bgp ipv6 unicast dampening.................................................................................................................669
clear bgp ipv6 multicast dampening..............................................................................................................670
clear bgp ipv6 unicast flap-statistics..............................................................................................................670
clear bgp ipv6 multicast flap-statistics...........................................................................................................671
configure router bgp......................................................................................................................................671
configure router bgp address-family ipv6......................................................................................................672
configure router bgp address-family ipv6 aggregate-address.......................................................................672
configure router bgp address-family ipv6 bgp dampening............................................................................672
configure router bgp address-family ipv6 bgp scan-time..............................................................................673
configure router bgp address-family ipv6 distance........................................................................................673
configure router bgp address-family ipv6 ebgp-ecmp...................................................................................674
configure router bgp address-family ipv6 neighbor activate..........................................................................674
configure router bgp address-family ipv6 neighbor allowas-in......................................................................675
configure router bgp address-family ipv6 neighbor attribute-unchanged......................................................675
configure router bgp address-family ipv6 neighbor capability orf prefix-list..................................................676
configure router bgp address-family ipv6 neighbor default-originate............................................................676
configure router bgp address-family ipv6 neighbor distribute-list..................................................................677
configure router bgp address-family ipv6 neighbor filter-list..........................................................................677
configure router bgp address-family ipv6 neighbor maximum-prefix............................................................678
configure router bgp address-family ipv6 neighbor next-hop-self.................................................................678
configure router bgp address-family ipv6 neighbor prefix-list........................................................................679
configure router bgp address-family ipv6 neighbor remove-private-AS........................................................679
configure router bgp address-family ipv6 neighbor route-map......................................................................680
configure router bgp address-family ipv6 neighbor route-reflector-client......................................................680
configure router bgp address-family ipv6 neighbor route-server-client.........................................................681
configure router bgp address-family ipv6 neighbor send-community............................................................681
configure router bgp address-family ipv6 neighbor soft-reconfiguration inbound.........................................682
configure router bgp address-family ipv6 neighbor unsuppress-map...........................................................682
configure router bgp address-family ipv6 network........................................................................................682
configure router bgp address-family ipv6 redistribute...................................................................................683
configure router bgp address-family ipv6 synchronization............................................................................683
show bgp ipv6 attribute-info..........................................................................................................................684
show bgp ipv6 community.............................................................................................................................684
show bgp ipv6 community-info......................................................................................................................685
show bgp ipv6 community-list.......................................................................................................................685
October 2010
29
show bgp ipv6 dampening............................................................................................................................685

show bgp ipv6 filter-list..................................................................................................................................686
show bgp ipv6 inconsistent-as......................................................................................................................686
show bgp ipv6 neighbors..............................................................................................................................687
show bgp ipv6 paths.....................................................................................................................................687
show bgp ipv6 prefix-list................................................................................................................................687
show bgp ipv6 quote-regexp.........................................................................................................................688
show bgp ipv6 regexp...................................................................................................................................688
show bgp ipv6 route-map..............................................................................................................................689
show bgp ipv6 scan.......................................................................................................................................689
show bgp ipv6 summary...............................................................................................................................689
show bgp ipv6 unicast attribute-info..............................................................................................................690
show bgp ipv6 unicast cidr-only....................................................................................................................690
show bgp ipv6 unicast community................................................................................................................690
show bgp ipv6 unicast community-info.........................................................................................................691
show bgp ipv6 unicast community-list...........................................................................................................691
show bgp ipv6 unicast dampening................................................................................................................691
show bgp ipv6 unicast filter-list.....................................................................................................................692
show bgp ipv6 unicast inconsistent-as..........................................................................................................692
show bgp ipv6 unicast neighbors..................................................................................................................693
show bgp ipv6 unicast paths.........................................................................................................................693
show bgp ipv6 unicast peer-group................................................................................................................693
show bgp ipv6 unicast prefix-list...................................................................................................................694
show bgp ipv6 unicast quote-regexp.............................................................................................................694
show bgp ipv6 unicast regexp.......................................................................................................................695
show bgp ipv6 unicast route-map.................................................................................................................695
show bgp ipv6 unicast summary...................................................................................................................695
show bgp ipv6 unicast scan..........................................................................................................................696
show bgp ipv6 multicast attribute-info...........................................................................................................696
show bgp ipv6 multicast cidr-only.................................................................................................................696
show bgp ipv6 multicast community..............................................................................................................697
show bgp ipv6 multicast community-info.......................................................................................................697
show bgp ipv6 multicast community-list........................................................................................................697
show bgp ipv6 multicast dampening.............................................................................................................698
show bgp ipv6 multicast filter-list...................................................................................................................698
show bgp ipv6 multicast inconsistent-as.......................................................................................................699
show bgp ipv6 multicast neighbors...............................................................................................................699
show bgp ipv6 multicast paths......................................................................................................................700
show bgp ipv6 multicast peer-group.............................................................................................................700
show bgp ipv6 multicast prefix-list.................................................................................................................700
show bgp ipv6 multicast quote-regexp..........................................................................................................701
show bgp ipv6 multicast regexp....................................................................................................................701
show bgp ipv6 multicast route-map...............................................................................................................702
show bgp ipv6 multicast summary................................................................................................................702
show bgp ipv6 multicast scan.......................................................................................................................702
Chapter 50: IPv6 PIM commands.........................................................................................703

clear ipv6 pim sparse-mode bsr rp-set all.....................................................................................................703
clear ipv6 pim sparse-mode statistics...........................................................................................................703
configure interface ipv6 pim bsr-border.........................................................................................................704
configure interface ipv6 pim dr-priority..........................................................................................................704
30
October 2010
configure interface ipv6 pim exclude-genid...................................................................................................704

configure interface ipv6 pim hello-interval.....................................................................................................705
configure interface ipv6 pim neighbor-filter...................................................................................................705
configure interface ipv6 pim sparse-mode....................................................................................................706
configure ipv6 pim accept-register................................................................................................................706
configure ipv6 pim anycast-rp.......................................................................................................................707
configure ipv6 pim bsr-candidate..................................................................................................................707
configure ipv6 pim log-neighbor-changes.....................................................................................................708
configure ipv6 pim multipath.........................................................................................................................708
configure ipv6 pim register-source................................................................................................................709
configure ipv6 pim rp-address.......................................................................................................................709
configure ipv6 pim rp-candidate....................................................................................................................710
configure ipv6 pim rp embedded...................................................................................................................710
configure ipv6 pim spt-threshold-infinity........................................................................................................711
configure ipv6 pim ssm..................................................................................................................................711
show ipv6 pim sparse-mode bsr-router.........................................................................................................712
show ipv6 pim sparse-mode database..........................................................................................................712
show ipv6 pim sparse-mode interface...........................................................................................................712
show ipv6 pim sparse-mode neighbor..........................................................................................................713
show ipv6 pim sparse-mode rp mapping......................................................................................................713
show ipv6 pim sparse-mode rp-hash............................................................................................................714
show ipv6 pim sparse-mode rpf....................................................................................................................714
show ipv6 pim sparse-mode statistics...........................................................................................................715
Chapter 51: MLD commands................................................................................................717

clear ipv6 mld groups....................................................................................................................................717
clear ipv6 mld interface.................................................................................................................................717
clear ipv6 mld statistics.................................................................................................................................718
configure ipv6 mld limit..................................................................................................................................718
configure ipv6 mld ssm-map enable.............................................................................................................719
configure ipv6 mld ssm-map static................................................................................................................719
configure interface ipv6 mld querier-timeout.................................................................................................720
configure interface ipv6 mld access-group....................................................................................................720
configure interface ipv6 mld immediate-leave...............................................................................................720
configure interface ipv6 mld last-member-query-count.................................................................................721
configure interface ipv6 mld last-member-query-interval..............................................................................721
configure interface ipv6 mld limit...................................................................................................................722
configure interface ipv6 mld query-interval...................................................................................................722
configure interface ipv6 mld query-max-response-time................................................................................723
configure interface ipv6 mld robustness-variable..........................................................................................723
configure interface ipv6 mld static-group......................................................................................................724
configure interface ipv6 mld version..............................................................................................................724
configure ipv6 multicast-routing....................................................................................................................725
show ipv6 mld groups...................................................................................................................................725
show ipv6 mld interface.................................................................................................................................725
show ipv6 mld statistics.................................................................................................................................726
Chapter 52: Chassis QoS commands..................................................................................727

clear qos chassis...........................................................................................................................................727
clear qos chassis red....................................................................................................................................727
configure interface qos chassis dscp-exp-cos-map......................................................................................728
configure interface qos chassis enable.........................................................................................................728
October 2010
31
configure interface qos enable-auto-qos.......................................................................................................729

configure interface qos chassis enable-red...................................................................................................730
configure interface qos chassis exp-dscp-cos-map......................................................................................730
configure interface qos chassis ewf..............................................................................................................731
configure interface qos chassis red...............................................................................................................731
configure interface qos chassis service-policy..............................................................................................733
configure interface qos chassis shaping.......................................................................................................733
configure interface qos disable-qos..............................................................................................................734
configure qos disable-qos.............................................................................................................................734
configure qos chassis clone-policy-map.......................................................................................................735
configure qos chassis dscp-exp-cos-map.....................................................................................................735
configure qos chassis exp-dscp-cos-map.....................................................................................................735
configure qos chassis historical-stats ftp-parameters...................................................................................736
configure qos chassis historical-stats sample-interval..................................................................................736
configure qos chassis historical-stats upload................................................................................................737
configure qos chassis policy-map.................................................................................................................737
configure qos chassis policy-map class-map................................................................................................738
configure qos chassis policy-map class-map cbq.........................................................................................738
configure qos chassis policy-map class-map enable-red..............................................................................739
configure qos chassis policy-map class-map ewf.........................................................................................740
configure qos chassis policy-map class-map excess-queue-buffers............................................................740
configure qos chassis policy-map class-map mark.......................................................................................741
configure qos chassis policy-map class-map match.....................................................................................741
configure qos chassis policy-map class-map pbr-redirect............................................................................743
configure qos chassis policy-map class-map police color-aware..................................................................744
configure qos chassis policy-map class-map police srtcm............................................................................744
configure qos chassis policy-map class-map police trtcm............................................................................745
configure qos chassis policy-map class-map red..........................................................................................746
configure qos enable-auto-qos......................................................................................................................748
show qos chassis..........................................................................................................................................748
show qos chassis dscp-exp-cos-map...........................................................................................................749
show qos chassis exp-dscp-cos-map...........................................................................................................749
show qos chassis historical-stats..................................................................................................................749
show qos chassis historical-stats configuration............................................................................................750
show qos chassis policy map........................................................................................................................750
show qos chassis red....................................................................................................................................751
show qos chassis service-policy...................................................................................................................751
show qos chassis system..............................................................................................................................752
Chapter 53: Ethernet module QoS commands...................................................................753

clear qos module policy-map........................................................................................................................753
configure interface ethernet qos module congestion-profile.........................................................................753
configure interface ethernet qos module default-queue................................................................................754
configure interface ethernet qos module egress-buffer-limit.........................................................................754
configure interface ethernet qos module ingress-buffer-limit........................................................................755
configure interface ethernet qos module mark-dscp.....................................................................................755
configure interface ethernet qos module mark-user-priority..........................................................................756
configure interface ethernet qos module queue priority-queue.....................................................................756
configure interface ethernet qos module queue wrr-queue...........................................................................757
configure interface ethernet qos module queue queue-limit.........................................................................757
configure interface ethernet qos module queue shape.................................................................................758
32
October 2010
configure interface ethernet qos module random-detect...............................................................................758

configure interface ethernet qos module service-policy................................................................................759
configure interface ethernet qos module shape............................................................................................759
configure interface ethernet qos module xoff-limit.........................................................................................760
configure interface ethernet qos module xon-limit........................................................................................760
configure qos module accounting disable.....................................................................................................760
configure qos module clone-policy-map........................................................................................................761
configure qos module congestion-profile drop-curve....................................................................................761
configure qos module congestion-profile exponential-weighting-constant....................................................762
configure qos module enable-rate-sampling.................................................................................................763
configure qos module policing-cos-map ip....................................................................................................763
configure qos module policing-cos-map non-ip.............................................................................................764
configure qos module policy-map.................................................................................................................765
configure qos module policy-map class-map................................................................................................765
configure qos module policy-map class-map accounting enable..................................................................766
configure qos module policy-map class-map assign-drop-precedence........................................................766
configure qos module policy-map class-map assign-queue.........................................................................767
configure qos module policy-map class-map mark-dscp..............................................................................767
configure qos module policy-map class-map mark-user-priority...................................................................768
configure qos module policy-map class-map match ipv4..............................................................................768
configure qos module policy-map class-map match ipv6..............................................................................769
configure qos module policy-map class-map match non-ip..........................................................................770
configure qos module policy-map class-map pbr-redirect.............................................................................771
configure qos module policy-map class-map police color-aware..................................................................771
configure qos module policy-map class-map police disable.........................................................................772
configure qos module policy-map class-map police drop-violate..................................................................772
configure qos module policy-map class-map police remark-cos...................................................................773
configure qos module policy-map class-map police srtcm............................................................................773
configure qos module policy-map class-map police trtcm.............................................................................774
configure qos module policy-map class-map rate-monitoring.......................................................................775
configure qos module queue-cos-map..........................................................................................................775
configure qos module rate-monitoring...........................................................................................................776
configure qos module user-priority-cos-map.................................................................................................777
show qos module congestion-profile.............................................................................................................777
show qos module ethernet............................................................................................................................778
show qos module policing-cos-map ip..........................................................................................................778
show qos module policing-cos-map non-ip...................................................................................................779
show qos module policy-map........................................................................................................................779
show qos module service-policy...................................................................................................................780
show qos module system..............................................................................................................................780
show qos system...........................................................................................................................................781
Chapter 54: SLA commands.................................................................................................783

clear sla profile..............................................................................................................................................783
configure sla profile.......................................................................................................................................783
configure sla profile action............................................................................................................................784
configure sla profile description.....................................................................................................................784
configure sla profile icmp-echo.....................................................................................................................785
configure sla profile icmp-v6-echo................................................................................................................785
configure sla profile threshold-type...............................................................................................................786
configure sla profile threshold-value.............................................................................................................786
October 2010
33
configure sla profile udp-echo.......................................................................................................................787

configure sla profile udp-jitter........................................................................................................................787
configure sla profile udp-v6-echo..................................................................................................................788
configure sla profile udp-v6-jitter...................................................................................................................789
configure sla schedule..................................................................................................................................790
show sla profile.............................................................................................................................................790
Chapter 55: Firewall commands..........................................................................................793

clear firewall connection................................................................................................................................793
clear firewall statistics...................................................................................................................................793
configure firewall global algs.........................................................................................................................793
configure firewall global algs dns enable......................................................................................................795
configure firewall global algs dns pool..........................................................................................................795
configure firewall global algs sip-p2p-media.................................................................................................796
configure firewall global bypass-trusted........................................................................................................796
configure firewall connection-reservation......................................................................................................796
configure firewall global dos-protect..............................................................................................................797
configure firewall global hairpinning-self-Ip...................................................................................................799
configure firewall global object address........................................................................................................799
configure firewall interface............................................................................................................................800
configure firewall internet policy self nat-ip...................................................................................................801
configure firewall global ip-reassembly enable.............................................................................................801
configure firewall global ip-reassembly fragment-count................................................................................802
configure firewall global ip-reassembly fragment-size..................................................................................802
configure firewall global ip-reassembly packet-size......................................................................................803
configure firewall global ip-reassembly timeout............................................................................................803
configure firewall global logging attacks........................................................................................................803
configure firewall global logging policy..........................................................................................................804
configure firewall global logging vpn.............................................................................................................804
configure firewall global max-connection-limit...............................................................................................805
configure firewall global nat-failover..............................................................................................................805
configure firewall object.................................................................................................................................806
configure firewall policy.................................................................................................................................807
configure firewall policy apply-object.............................................................................................................808
configure firewall policy bandwidth................................................................................................................809
configure firewall policy connection-rate.......................................................................................................809
configure firewall policy enable.....................................................................................................................810
configure firewall policy max-connection-limit...............................................................................................810
configure firewall policy policing....................................................................................................................811
configure firewall global port-trigger..............................................................................................................811
configure firewall global proxy-nat.................................................................................................................812
configure firewall reset-invalid-acks..............................................................................................................813
configure firewall stealth-mode.....................................................................................................................813
configure firewall global timeout general.......................................................................................................814
configure firewall global timeout service.......................................................................................................814
configure firewall global url-key-filter.............................................................................................................815
configure system security firewall-disable.....................................................................................................815
show firewall..................................................................................................................................................815
show firewall dns-alg translate-pool..............................................................................................................816
Chapter 56: Packet filter commands...................................................................................817

clear ip packet-filter counters........................................................................................................................817
34
October 2010
clear ip packet-filter statistics........................................................................................................................817

clear ipv6 packet-filter counters....................................................................................................................817
clear ipv6 packet-filter statistics....................................................................................................................818
configure ip packet-filter................................................................................................................................818
configure ip packet-filter delete.....................................................................................................................818
configure ipv6 packet-filter............................................................................................................................819
configure ip packet-filter add|insert...............................................................................................................819
configure ipv6 packet-filter delete.................................................................................................................821
configure mac packet-filter............................................................................................................................822
configure mac packet-filter add|insert...........................................................................................................822
configure mac packet-filter delete.................................................................................................................823
configure packet-filter-group.........................................................................................................................823
configure packet-filter-group management...................................................................................................824
show ip packet-filter......................................................................................................................................824
show ipv6 packet-filter...................................................................................................................................825
show mac packet-filter..................................................................................................................................825
show packet-filter-rules management...........................................................................................................825
show ip packet-filter-stats management........................................................................................................825
show ipv6 packet-filter-stats management....................................................................................................826
Chapter 57: IPsec VPN commands......................................................................................827

clear crypto ca certificates.............................................................................................................................827
clear crypto ca crl..........................................................................................................................................827
clear crypto ca key........................................................................................................................................827
clear crypto ike sa.........................................................................................................................................828
clear crypto ipsec sa.....................................................................................................................................828
clear crypto statistics.....................................................................................................................................828
configure crypto bypass-trusted-self.............................................................................................................828
configure crypto ca authenticate...................................................................................................................829
configure crypto ca crl request......................................................................................................................829
configure crypto ca enroll..............................................................................................................................830
configure crypto ca import responder-certificate...........................................................................................830
configure crypto ca import router-certificate..................................................................................................831
configure crypto ca trustpoint crl...................................................................................................................831
configure crypto ca trustpoint email..............................................................................................................832
configure crypto ca trustpoint enrollment......................................................................................................832
configure crypto ca trustpoint fqdn................................................................................................................833
configure crypto ca trustpoint ip-address......................................................................................................833
configure crypto ca trustpoint keypair...........................................................................................................833
configure crypto ca trustpoint ocsp...............................................................................................................834
configure crypto ca trustpoint password........................................................................................................834
configure crypto ca trustpoint subject-name.................................................................................................834
configure crypto contivity-iras ike policy........................................................................................................835
configure crypto contivity-iras ike policy client configuration address-pool...................................................835
configure crypto contivity-iras ike policy client configuration banner-enable.................................................836
configure crypto contivity-iras ike policy client configuration banner-text......................................................836
configure crypto contivity-iras ike policy client configuration client-domain-name........................................837
configure crypto contivity-iras ike policy client configuration client-may-store-password..............................837
configure crypto contivity-iras ike policy client configuration client-screen-saver.........................................838
configure crypto contivity-iras ike policy client configuration dns-server.......................................................838
configure crypto contivity-iras ike policy client configuration failover-list.......................................................839
October 2010
35
configure crypto contivity-iras ike policy client configuration keepalive enable.............................................839

configure crypto contivity-iras ike policy client configuration keepalive interval............................................840
configure crypto contivity-iras ike policy client configuration keepalive retransmitions.................................840
configure crypto contivity-iras ike policy client configuration nat-keepalive..................................................841
configure crypto contivity-iras ike policy client configuration private-side-address.......................................842
configure crypto contivity-iras ike policy client configuration split-tunnel mode............................................842
configure crypto contivity-iras ike policy client configuration split-tunnel network.........................................843
configure crypto contivity-iras ike policy client configuration wins-server.....................................................844
configure crypto contivity-iras ike policy local-address.................................................................................844
configure crypto contivity-iras ike policy mode..............................................................................................844
configure crypto contivity-iras ike policy proposal.........................................................................................845
configure crypto contivity-iras ike policy proposal authentication-method....................................................845
configure crypto contivity-iras ike policy proposal dh-group..........................................................................846
configure crypto contivity-iras ike policy proposal encryption-algorithm.......................................................847
configure crypto contivity-iras ike policy proposal hash-algorithm................................................................847
configure crypto contivity-iras ike policy remote-id........................................................................................848
configure crypto contivity-iras ipsec policy....................................................................................................848
configure crypto contivity-iras ipsec policy enable........................................................................................849
configure crypto contivity-iras ipsec policy match.........................................................................................849
configure crypto contivity-iras ipsec policy proposal encryption-algorithm....................................................850
configure crypto contivity-iras ipsec policy proposal lifetime.........................................................................851
configure crypto contivity-iras ipsec policy proposal hash-algorithm............................................................852
configure crypto dynamic ike policy..............................................................................................................852
configure crypto dynamic ike policy modecfg-group client authentication radius..........................................853
configure crypto dynamic ike policy modecfg-group client configuration address-pool................................853
configure crypto dynamic ike policy modecfg-group client configuration dns-server....................................854
configure crypto dynamic ike policy modecfg-group client configuration wins-server...................................854
configure crypto dynamic ike policy l2tp-server|modecfg-group key.............................................................855
configure crypto dynamic ike policy l2tp-server|modecfg-group local-address.............................................855
configure crypto dynamic ike policy l2tp-server|modecfg-group local-id.......................................................855
configure crypto dynamic ike policy l2tp-server|modecfg-group mode.........................................................856
configure crypto dynamic ike policy l2tp-server|modecfg-group ocsp...........................................................857
configure crypto dynamic ike policy l2tp-server|modecfg-group pfs..............................................................857
configure crypto dynamic ike policy l2tp-server|modecfg-group proposal....................................................857
configure crypto dynamic ike policy l2tp-server|modecfg-group proposal authentication-method................858
configure crypto dynamic ike policy l2tp-server|modecfg-group proposal dh-group.....................................858
configure crypto dynamic ike policy l2tp-server|modecfg-group proposal encryption-algorithm...................859
configure crypto dynamic ike policy l2tp-server|modecfg-group proposal hash-algorithm............................860
configure crypto dynamic ike policy l2tp-server|modecfg-group proposal lifetime........................................860
configure crypto dynamic ike policy l2tp-server|modecfg-group remote-id...................................................861
configure crypto dynamic ipsec policy l2tp-server|modecfg-group................................................................861
configure crypto dynamic ipsec policy l2tp-server|modecfg-group enable....................................................861
configure crypto dynamic ipsec policy l2tp-server|modecfg-group match.....................................................862
configure crypto dynamic ipsec policy l2tp-server|modecfg-group pfs-group...............................................863
configure crypto dynamic ipsec policy l2tp-server|modecfg-group proposal.................................................863
configure crypto dynamic ipsec policy l2tp-server|modecfg-group proposal encryption-algorithm...............864
configure crypto dynamic ipsec policy l2tp-server|modecfg-group proposal hash-algorithm........................864
configure crypto dynamic ipsec policy l2tp-server|modecfg-group proposal lifetime....................................865
configure crypto dynamic ipsec policy l2tp-server|modecfg-group proposal mode.......................................865
configure crypto failover................................................................................................................................866
configure crypto ike policy.............................................................................................................................867
36
October 2010
configure crypto ike policy exchange-type....................................................................................................867

configure crypto ike policy initial-contact.......................................................................................................868
configure crypto ike policy key......................................................................................................................868
configure crypto ike policy local-address......................................................................................................869
configure crypto ike policy local-id................................................................................................................869
configure crypto ike policy mode...................................................................................................................870
configure crypto ike policy ocsp....................................................................................................................870
configure crypto ike policy pfs.......................................................................................................................871
configure crypto ike policy proposal..............................................................................................................871
configure crypto ike policy proposal authentication-method.........................................................................871
configure crypto ike policy proposal dh-group...............................................................................................872
configure crypto ike policy proposal encryption-algorithm............................................................................873
configure crypto ike policy proposal hash-algorithm.....................................................................................873
configure crypto ike policy proposal lifetime..................................................................................................874
configure crypto ike policy remote-id.............................................................................................................874
configure crypto ipsec policy.........................................................................................................................875
configure crypto ipsec policy anti-replay.......................................................................................................876
configure crypto ipsec policy bypass match address....................................................................................876
configure crypto ipsec policy enable.............................................................................................................877
configure crypto ipsec policy match..............................................................................................................877
configure crypto ipsec policy match object....................................................................................................878
configure crypto ipsec policy nailed-up.........................................................................................................879
configure crypto ipsec policy pfs-group.........................................................................................................880
configure crypto ipsec policy proposal..........................................................................................................880
configure crypto ipsec policy proposal encryption-algorithm.........................................................................881
configure crypto ipsec policy proposal hash-algorithm.................................................................................881
configure crypto ipsec policy proposal lifetime..............................................................................................882
configure crypto ipsec policy proposal mode................................................................................................882
configure crypto keepalive enable.................................................................................................................883
configure crypto keepalive mode..................................................................................................................883
configure crypto keepalive retry-interval.......................................................................................................884
configure crypto keepalive transmit-interval..................................................................................................884
configure crypto keypair................................................................................................................................884
configure crypto ike policy keyusage............................................................................................................885
configure crypto pmtu df-bit...........................................................................................................................885
configure crypto pmtu threshold-mtu mtu-size..............................................................................................886
configure crypto pmtu unsecured-icmp-processing......................................................................................886
configure interface l2tp-server.......................................................................................................................886
configure interface l2tp-server ip address.....................................................................................................887
configure interface l2tp-server ipsec-protection............................................................................................887
configure interface l2tp-server remote-config................................................................................................888
configure interface l2tp-server remote-config address-pool|DNS|nbns.........................................................888
configure interface l2tp-server remote-user..................................................................................................889
configure interface l2tp-server shutdown......................................................................................................889
show crypto ca certificates............................................................................................................................889
show crypto ca crl.........................................................................................................................................890
show crypto ca trustpoint..............................................................................................................................890
show crypto clients contivity..........................................................................................................................890
show crypto contivity-iras ike policy..............................................................................................................890
show crypto contivity-iras ipsec policy..........................................................................................................891
show crypto dynamic clients.........................................................................................................................892
October 2010
37
show crypto dynamic ike policy.....................................................................................................................892

show crypto dynamic ipsec policy.................................................................................................................892
show crypto ike policy...................................................................................................................................892
show crypto ike sa.........................................................................................................................................893
show crypto interfaces..................................................................................................................................893
show crypto ipsec policy...............................................................................................................................893
show crypto ipsec sa.....................................................................................................................................894
show crypto keepalive...................................................................................................................................894
show crypto pmtu..........................................................................................................................................894
show crypto statistics....................................................................................................................................894
show interface l2tp-server.............................................................................................................................895
Chapter 58: GRE and IPIP tunneling commands................................................................897

clear interface tunnel.....................................................................................................................................897
configure interface tunnel..............................................................................................................................897
configure interface tunnel crypto...................................................................................................................897
configure interface tunnel gvrp......................................................................................................................898
configure interface tunnel ip|ipv6...................................................................................................................898
configure interface tunnel ip tcp-mss............................................................................................................899
configure interface tunnel keepalive..............................................................................................................899
configure interface tunnel shutdown.............................................................................................................900
configure interface tunnel tunnel checksum..................................................................................................900
configure interface tunnel tunnel destination.................................................................................................900
configure interface tunnel tunnel key............................................................................................................901
configure interface tunnel tunnel mode.........................................................................................................901
configure interface tunnel tunnel path_mtu_discovery..................................................................................902
configure interface tunnel tunnel protection..................................................................................................902
configure interface tunnel tunnel sequence..................................................................................................902
configure interface tunnel tunnel source.......................................................................................................903
configure interface tunnel tunnel tos.............................................................................................................903
configure interface tunnel tunnel ttl...............................................................................................................904
show interface tunnel....................................................................................................................................904
Chapter 59: AAA commands................................................................................................905

clear dot1x statistics......................................................................................................................................905
configure aaa accounting..............................................................................................................................905
configure aaa accounting update..................................................................................................................906
configure aaa authentication login................................................................................................................906
configure aaa authentication protocols.........................................................................................................907
configure aaa authorization commands........................................................................................................907
configure aaa enable.....................................................................................................................................908
configure aaa radius primary_server|secondary_server acct_port...............................................................908
configure aaa radius primary_server|secondary_server auth_port...............................................................909
configure aaa radius primary_server|secondary_server ipaddress..............................................................909
configure aaa radius primary_server|secondary_server retries....................................................................910
configure aaa radius primary_server|secondary_server shared_key...........................................................910
configure aaa radius primary_server|secondary_server time_out.................................................................911
configure aaa radius src_address.................................................................................................................911
configure aaa source-address.......................................................................................................................912
configure aaa tacacs primary_server|secondary_server...............................................................................912
configure aaa tacacs retries..........................................................................................................................912
configure aaa tacacs server_port..................................................................................................................913
38
October 2010
configure aaa tacacs shared_key.................................................................................................................913

configure aaa tacacs time_out......................................................................................................................914
configure dot1x..............................................................................................................................................914
configure interface ethernet dot1x dot1x-enable...........................................................................................914
configure interface ethernet dot1x max-req..................................................................................................915
configure interface ethernet dot1x port-control.............................................................................................915
configure interface ethernet dot1x quiet-period.............................................................................................915
configure interface ethernet dot1x reauthentication......................................................................................916
configure interface ethernet dot1x reauth-period..........................................................................................916
configure interface ethernet dot1x server-timeout.........................................................................................916
configure interface ethernet dot1x supplicant-timeout..................................................................................917
configure interface aaa authentication..........................................................................................................917
configure interface aaa authorization............................................................................................................917
configure interface aaa accounting...............................................................................................................917
show aaa accounting....................................................................................................................................918
show aaa authentication...............................................................................................................................918
show aaa authorization.................................................................................................................................918
show aaa interface........................................................................................................................................919
show aaa radius............................................................................................................................................919
show aaa status............................................................................................................................................919
show aaa tacacs...........................................................................................................................................919
show dot1x....................................................................................................................................................920
Chapter 60: PPPoE client commands..................................................................................921

configure interface virtual-access ip..............................................................................................................921
configure interface virtual-access ppp authentication...................................................................................921
configure interface virtual-access ppp keepalive..........................................................................................922
configure interface virtual-access pppoe ac-name........................................................................................922
configure interface virtual-access pppoe ethernet........................................................................................923
configure interface virtual-access protocol pppoe.........................................................................................923
configure interface virtual-access shutdown.................................................................................................923
show interface virtual-access........................................................................................................................924
Chapter 61: SSH2 commands..............................................................................................925

clear ip ssh session.......................................................................................................................................925
configure ssh_keygen change......................................................................................................................925
configure ssh_keygen convert......................................................................................................................926
configure ssh_keygen digest.........................................................................................................................926
configure ssh_keygen encrypt......................................................................................................................927
configure ssh_keygen generate....................................................................................................................927
configure ssh_server authRetries.................................................................................................................928
configure ssh_server authentication.............................................................................................................928
configure ssh_server cipher..........................................................................................................................929
configure ssh_server compression...............................................................................................................929
configure ssh_server enable.........................................................................................................................930
configure ssh_server hostfile........................................................................................................................930
configure ssh_server logevents....................................................................................................................930
configure ssh_server mac.............................................................................................................................931
configure ssh_server port..............................................................................................................................931
configure ssh_server restore.........................................................................................................................932
configure ssh_server sftpd............................................................................................................................932
configure ssh_server timeout........................................................................................................................932
October 2010
39
show ip ssh config.........................................................................................................................................933

show ip ssh session......................................................................................................................................933
Chapter 62: SIP Media Gateway commands.......................................................................935

DSP channel licensing command.................................................................................................................935
configure system licenses pvim_users..........................................................................................................935
SIP UA configuration commands..................................................................................................................936
clear sip-ua statistics.....................................................................................................................................936
configure sip-ua outbound-proxy...................................................................................................................936
configure sip-ua set pstn-cause sip-status....................................................................................................937
configure sip-ua set sip-status pstn-cause....................................................................................................937
configure sip-ua register dynamic.................................................................................................................938
configure sip-ua sip-server............................................................................................................................938
configure sip-ua sip-server keepalive target.................................................................................................939
configure sip-ua transport.............................................................................................................................940
show sip-ua calls...........................................................................................................................................941
show sip-ua map pstn-sip.............................................................................................................................941
show sip-ua map sip-pstn.............................................................................................................................941
show sip-ua statistics....................................................................................................................................942
show sip-ua status........................................................................................................................................942
show sip-ua timers........................................................................................................................................942
Global VoIP configuration commands...........................................................................................................943
configure terminal system logging syslog module voip-cdr...........................................................................943
configure voice call call-limit..........................................................................................................................945
configure voice class custom-cptone............................................................................................................945
configure voice class dualtone......................................................................................................................946
configure voice dsp agc-enable....................................................................................................................946
configure voice dsp dtmf-level.......................................................................................................................947
configure voice dsp dtmf-twist.......................................................................................................................947
configure voice dsp no-rtcp-timeout..............................................................................................................948
configure voice service voip codec...............................................................................................................948
configure voice service voip emergency-number..........................................................................................950
configure voice service voip pass-through-call-prefix...................................................................................950
configure voice service voip rtp port-validation.............................................................................................951
configure voice service voip sip bind.............................................................................................................952
configure voice service voip sip rel1xx..........................................................................................................953
show voice service voip................................................................................................................................953
ISDN configuration commands for voice.......................................................................................................953
link pri_t1 | pri_e1 | bri voice..........................................................................................................................953
E1 R2 configuration commands....................................................................................................................954
configure module e1 cas-custom..........................................................................................................954
configure module e1 cas-group timeslots.............................................................................................957
T1 CAS configuration command...................................................................................................................959
configure module t1 cas-group......................................................................................................................959
FXO port configuration commands...............................................................................................................960
configure voice-port ani mapping..................................................................................................................960
configure voice-port connection plar.............................................................................................................961
configure voice-port ring-number..................................................................................................................962
configure voice-port signal cama..................................................................................................................962
FXS port configuration commands................................................................................................................964
configure voice-port signal did......................................................................................................................964
40
October 2010
configure voice-port timeouts initial...............................................................................................................964

Common POTS and VoIP dial peer configuration commands......................................................................965
clear statistics dial-peer voice.......................................................................................................................965
configure dial-peer voice...............................................................................................................................966
configure dial-peer voice description.............................................................................................................966
configure dial-peer voice destination-pattern................................................................................................967
configure dial-peer voice shutdown...............................................................................................................968
show dial-peer voice.....................................................................................................................................969
POTS dial peer configuration commands.....................................................................................................969
configure dial-peer voice pots clid.................................................................................................................969
configure dial-peer voice pots digit-strip........................................................................................................970
configure dial-peer voice pots forward-digits.................................................................................................970
configure dial-peer voice pots port................................................................................................................972
configure dial-peer voice pots prefix.............................................................................................................972
VoIP dial peer configuration commands........................................................................................................973
configure dial-peer voice voip dtmf-relay rtp-nte...........................................................................................973
configure dial-peer voice voip rtp payload-type.............................................................................................974
configure dial-peer voice voip session target................................................................................................974
configure voice service voip dtmf-relay rtp-nte..............................................................................................975
configure voice service voip rtp payload-type...............................................................................................975
FXS port registration and authentication commands....................................................................................976
configure dial-peer voice pots authentication................................................................................................976
configure dial-peer voice pots register e164.................................................................................................977
configure sip-ua authentication.....................................................................................................................977
configure sip-ua registrar..............................................................................................................................978
show sip-ua register status...........................................................................................................................979
Caller ID configuration commands for FXS and FXO ports..........................................................................979
configure voice-port caller-id alerting ring.....................................................................................................979
configure voice-port caller-id block................................................................................................................980
configure voice-port caller-id enable.............................................................................................................980
configure voice-port station name.................................................................................................................981
configure voice-port station number..............................................................................................................982
DSP configuration commands.......................................................................................................................983
clear voice dsp statistics...............................................................................................................................983
configure voice-port comfort-noise................................................................................................................983
configure voice-port compand-type...............................................................................................................983
configure voice-port echo-cancel coverage..................................................................................................984
configure voice-port echo-cancel enable......................................................................................................984
configure voice-port input gain......................................................................................................................985
configure voice-port output attenuation.........................................................................................................985
show voice dsp statistics...............................................................................................................................986
show voice dsp status...................................................................................................................................986
Number translation commands.....................................................................................................................986
configure dial-peer voice translation-profile..................................................................................................986
configure voice translation-profile.................................................................................................................987
configure voice translation-profile translate...................................................................................................988
configure voice translation-rule.....................................................................................................................988
configure voice translation-rule rule..............................................................................................................989
Trunk group configuration commands...........................................................................................................990
configure trunk group....................................................................................................................................990
configure dial-peer voice pots trunkgroup.....................................................................................................990
October 2010
41
configure voice-port trunk-group...................................................................................................................991

show trunk group...........................................................................................................................................991
Fax/Modem configuration commands...........................................................................................................992
configure dial-peer voice voip fax protocol....................................................................................................992
configure dial-peer voice voip fax rate..........................................................................................................993
configure dial-peer voice voip modem passthrough......................................................................................993
configure voice service voip fax protocol......................................................................................................994
configure voice service voip fax rate.............................................................................................................995
configure voice service voip modem passthrough........................................................................................996
show call active t38.......................................................................................................................................996
Common voice port configuration commands...............................................................................................997
configure voice-port.......................................................................................................................................997
configure voice-port description....................................................................................................................997
configure voice-port shutdown......................................................................................................................998
show call active voice....................................................................................................................................998
show voice port.............................................................................................................................................999
Common FXS/FXO port configuration commands........................................................................................999
configure voice-port battery-reversal.............................................................................................................999
configure voice-port cptone.........................................................................................................................1000
configure voice-port signal..........................................................................................................................1001
configure voice-port supervisory-disconnect...............................................................................................1001
Common FXS and T1 CAS command........................................................................................................1002
configure voice-port timeouts interdigit.......................................................................................................1002
Common T1 CAS and ISDN commands.....................................................................................................1003
configure network-clock-select....................................................................................................................1003
show network-clock.....................................................................................................................................1003
Mediation Server module configuration commands....................................................................................1004
configure interface servmod description.....................................................................................................1004
configure interface servmod ip address......................................................................................................1004
configure interface servmod no shutdown..................................................................................................1005
show interface servmod..............................................................................................................................1005
Debugging commands................................................................................................................................1005
debug voip dial-peer....................................................................................................................................1005
debug voice cc............................................................................................................................................1006
debug voice dspapi.....................................................................................................................................1006
debug ccsip all............................................................................................................................................1007
debug ccsip messages................................................................................................................................1007
debug ccsip media......................................................................................................................................1008
debug ccsip api...........................................................................................................................................1008
debug ccsip errors.......................................................................................................................................1009
debug cas....................................................................................................................................................1009
debug isdn q921..........................................................................................................................................1009
debug isdn q931..........................................................................................................................................1010
debug fax....................................................................................................................................................1010
debug pots...................................................................................................................................................1011
Chapter 63: SSM commands..............................................................................................1013

clear ssm database.....................................................................................................................................1013
clear ssm sip-server statistics.....................................................................................................................1013
configure terminal system license ssm_users.............................................................................................1013
configure terminal system logging syslog module voip-ssm-cdr.................................................................1014
42
October 2010
configure terminal voice service voip ssm bind ip.......................................................................................1015

configure terminal voice service voip ssm bind transport............................................................................1015
configure terminal voice service voip ssm cac exclude-pool.......................................................................1016
configure terminal voice service voip ssm cac max-calls............................................................................1017
configure terminal voice service voip ssm congestion-thresholds memory................................................1017
configure terminal voice service voip ssm default-gateway........................................................................1019
configure terminal voice service voip ssm dialplan load.............................................................................1019
configure terminal voice service voip ssm dialplan store............................................................................1020
configure terminal voice service voip ssm domain......................................................................................1020
configure terminal voice service voip ssm enable.......................................................................................1021
configure terminal voice service voip ssm keepalive-server.......................................................................1021
configure terminal voice service voip ssm protocol-header........................................................................1022
configure terminal voice service voip ssm provisioning..............................................................................1023
configure terminal voice service voip ssm registrar....................................................................................1024
configure terminal voice service voip ssm sessiontimer.............................................................................1024
configure terminal voice service voip ssm sip-server dns-timeout..............................................................1025
configure terminal voice service voip ssm sip-server reject-services-in-survivable-mode..........................1026
configure terminal voice service voip ssm sip-server timer.........................................................................1026
show ssm cac status...................................................................................................................................1027
show ssm configuration...............................................................................................................................1027
show ssm congestion-thresholds................................................................................................................1028
show ssm dial-plan......................................................................................................................................1028
show ssm licensed-users............................................................................................................................1028
show ssm protocol-header..........................................................................................................................1028
show ssm registered-users.........................................................................................................................1029
show ssm registrar......................................................................................................................................1029
show ssm session-timer..............................................................................................................................1029
show ssm sip-server configuration..............................................................................................................1030
show ssm sip-server statistics.....................................................................................................................1030
show ssm sip-server status.........................................................................................................................1030
show ssm subscriber...................................................................................................................................1031
Chapter 64: Troubleshooting commands..........................................................................1033

debug..........................................................................................................................................................1033
debug bgp...................................................................................................................................................1033
debug bgp all...............................................................................................................................................1033
debug bgp dampening................................................................................................................................1034
debug bgp events........................................................................................................................................1034
debug bgp filters..........................................................................................................................................1034
debug bgp fsm............................................................................................................................................1034
debug bgp keepalives.................................................................................................................................1035
debug bgp nsm...........................................................................................................................................1035
debug bgp updates.....................................................................................................................................1035
debug clear_clisession................................................................................................................................1036
debug_eng..................................................................................................................................................1036
debug fr.......................................................................................................................................................1036
debug fr pvc-info.........................................................................................................................................1037
debug fr bundle-info....................................................................................................................................1037
debug fr packet...........................................................................................................................................1037
debug fr packet lmi......................................................................................................................................1038
debug fr packet inverse-arp........................................................................................................................1038
October 2010
43
debug fr packet mfr.....................................................................................................................................1038

debug fr mfr.................................................................................................................................................1039
debug fr mfr states......................................................................................................................................1039
debug fr mfr state-machine.........................................................................................................................1040
debug fr bundle-buffers...............................................................................................................................1040
debug fr frf20...............................................................................................................................................1040
debug hdlc...................................................................................................................................................1041
debug igmp.................................................................................................................................................1041
debug igmp all.............................................................................................................................................1041
debug igmp decode.....................................................................................................................................1041
debug igmp encode.....................................................................................................................................1042
debug igmp events......................................................................................................................................1042
debug igmp fsm...........................................................................................................................................1042
debug igmp tib.............................................................................................................................................1042
debug pim...................................................................................................................................................1043
debug pim sparse-mode.............................................................................................................................1043
debug pim sparse-mode all.........................................................................................................................1043
debug pim sparse-mode events..................................................................................................................1044
debug pim sparse-mode mfc.......................................................................................................................1044
debug pim sparse-mode mib.......................................................................................................................1044
debug pim sparse-mode nexthop................................................................................................................1044
debug pim sparse-mode database..............................................................................................................1045
debug pim sparse-mode packet..................................................................................................................1045
debug pim sparse-mode state.....................................................................................................................1045
debug pim sparse-mode timer....................................................................................................................1045
debug pim sparse-mode timer assert..........................................................................................................1046
debug pim sparse-mode timer bsr..............................................................................................................1046
debug pim sparse-mode timer hello............................................................................................................1046
debug pim sparse-mode timer joinprune.....................................................................................................1047
debug pim sparse-mode timer register.......................................................................................................1047
debug dvmrp...............................................................................................................................................1047
debug dvmrp all...........................................................................................................................................1047
debug dvmrp events....................................................................................................................................1048
debug dvmrp events igmp...........................................................................................................................1048
debug dvmrp events kernel.........................................................................................................................1048
debug dvmrp events neighbor.....................................................................................................................1048
debug dvmrp events packet........................................................................................................................1049
debug dvmrp events prune.........................................................................................................................1049
debug dvmrp events route..........................................................................................................................1049
debug dvmrp mfc........................................................................................................................................1050
debug dvmrp mib........................................................................................................................................1050
debug dvmrp nsm.......................................................................................................................................1050
debug dvmrp packet....................................................................................................................................1050
debug dvmrp packet graft...........................................................................................................................1051
debug dvmrp packet graft-ack.....................................................................................................................1051
debug dvmrp packet in................................................................................................................................1051
debug dvmrp packet out..............................................................................................................................1051
debug dvmrp packet probe.........................................................................................................................1052
debug dvmrp packet prune.........................................................................................................................1052
debug dvmrp packet report.........................................................................................................................1052
debug dvmrp timer......................................................................................................................................1053
44
October 2010
debug dvmrp timer probe............................................................................................................................1053

debug dvmrp timer prune............................................................................................................................1053
debug dvmrp timer route.............................................................................................................................1053
debug mld...................................................................................................................................................1054
debug mld all...............................................................................................................................................1054
debug mld decode.......................................................................................................................................1054
debug mld encode.......................................................................................................................................1054
debug mld events........................................................................................................................................1055
debug mld fsm.............................................................................................................................................1055
debug mld tib...............................................................................................................................................1055
debug ip......................................................................................................................................................1056
debug ip arp................................................................................................................................................1056
debug ip vrrp...............................................................................................................................................1056
debug ip vrrp all...........................................................................................................................................1056
debug ip vrrp error.......................................................................................................................................1057
debug ip vrrp state......................................................................................................................................1057
debug ip vrrp events....................................................................................................................................1057
debug ip vrrp packet....................................................................................................................................1057
debug ip tunnel............................................................................................................................................1058
debug ip tunnel all.......................................................................................................................................1058
debug ip tunnel error...................................................................................................................................1058
debug ip tunnel encap.................................................................................................................................1059
debug ip tunnel decap.................................................................................................................................1059
debug ip tunnel packet................................................................................................................................1059
debug ip tunnel keepalive...........................................................................................................................1059
debug ip tunnel state...................................................................................................................................1060
debug ip dhcps............................................................................................................................................1060
debug ip dhcps all.......................................................................................................................................1060
debug ip dhcps error...................................................................................................................................1060
debug ip dhcps state...................................................................................................................................1061
debug ip dhcps events................................................................................................................................1061
debug ip dhcps packet................................................................................................................................1061
debug ip ssh................................................................................................................................................1062
debug ip statistics........................................................................................................................................1062
debug ip statistics ipshow...........................................................................................................................1062
debug ip statistics icmpshow.......................................................................................................................1063
debug ip statistics rtshow............................................................................................................................1063
debug ip statistics tcpshow.........................................................................................................................1063
debug ip statistics udpshow........................................................................................................................1063
debug ip statistics ipmuxshow.....................................................................................................................1064
debug ip statistics ipmuxclear.....................................................................................................................1064
debug ip statistics ipclear............................................................................................................................1064
debug ip statistics icmpclear.......................................................................................................................1065
debug ip multicast.......................................................................................................................................1065
debug ip multicast all...................................................................................................................................1065
debug ip multicast fib-msg..........................................................................................................................1065
debug ip multicast mrt.................................................................................................................................1066
debug ip multicast register..........................................................................................................................1066
debug ip multicast stats...............................................................................................................................1066
debug ip multicast vif...................................................................................................................................1066
debug ipv6...................................................................................................................................................1067
October 2010
45
debug ipv6 dhcp..........................................................................................................................................1067

debug ipv6 dhcp detail................................................................................................................................1067
debug ipv6 dhcp error.................................................................................................................................1068
debug ipv6 dhcp warnings..........................................................................................................................1068
debug ipv6 dhcp info...................................................................................................................................1068
debug ipv6 dhcp more.................................................................................................................................1068
debug ipv6 nd..............................................................................................................................................1069
debug ipv6 nd error.....................................................................................................................................1069
debug ipv6 nd trace.....................................................................................................................................1069
debug ipv6 dad............................................................................................................................................1069
debug ipv6 dad error...................................................................................................................................1070
debug ipv6 dad trace...................................................................................................................................1070
debug ipv6 rtadv..........................................................................................................................................1070
debug ipv6 rtadv error.................................................................................................................................1071
debug ipv6 rtadv trace.................................................................................................................................1071
debug ipv6 statistics....................................................................................................................................1071
debug ipv6 statistics ipshow........................................................................................................................1071
debug ipv6 statistics icmpshow...................................................................................................................1072
debug ipv6 statistics tcpshow......................................................................................................................1072
debug ipv6 statistics udpshow....................................................................................................................1072
debug ipv6 statistics ipmuxshow.................................................................................................................1072
debug ipv6 statistics ipmuxclear.................................................................................................................1073
debug ipv6 tunnel........................................................................................................................................1073
debug ipv6 tunnel all...................................................................................................................................1073
debug ipv6 tunnel error...............................................................................................................................1074
debug ipv6 tunnel encap.............................................................................................................................1074
debug ipv6 tunnel decap.............................................................................................................................1074
debug ipv6 tunnel packet............................................................................................................................1074
debug ipv6 tunnel keepalive........................................................................................................................1075
debug ipv6 tunnel state...............................................................................................................................1075
debug ipv6 rip..............................................................................................................................................1075
debug ipv6 rip all.........................................................................................................................................1075
debug ipv6 rip events..................................................................................................................................1076
debug ipv6 rip nsm......................................................................................................................................1076
debug ipv6 rip packet..................................................................................................................................1076
debug ipv6 rip packet detail........................................................................................................................1077
debug ipv6 rip packet recv..........................................................................................................................1077
debug ipv6 rip packet send.........................................................................................................................1077
debug ipv6 ospf...........................................................................................................................................1077
debug ipv6 ospf packet...............................................................................................................................1078
debug ipv6 ospf ifsm...................................................................................................................................1078
debug ipv6 ospf nfsm..................................................................................................................................1078
debug ipv6 ospf lsa.....................................................................................................................................1078
debug ipv6 ospf route..................................................................................................................................1079
debug ipv6 ospf nsm...................................................................................................................................1079
debug ipv6 ospf events...............................................................................................................................1079
debug ipv6 ospf all......................................................................................................................................1080
debug ipv6 pim............................................................................................................................................1080
debug ipv6 pim sparse-mode......................................................................................................................1080
debug ipv6 pim sparse-mode all.................................................................................................................1080
debug ipv6 pim sparse-mode events..........................................................................................................1081
46
October 2010
debug ipv6 pim sparse-mode mfc...............................................................................................................1081

debug ipv6 pim sparse-mode mib...............................................................................................................1081
debug ipv6 pim sparse-mode nexthop........................................................................................................1081
debug ipv6 pim sparse-mode database......................................................................................................1082
debug ipv6 pim sparse-mode packet..........................................................................................................1082
debug ipv6 pim sparse-mode state.............................................................................................................1082
debug ipv6 pim sparse-mode timer.............................................................................................................1083
debug ipv6 pim sparse-mode timer assert..................................................................................................1083
debug ipv6 pim sparse-mode timer bsr.......................................................................................................1083
debug ipv6 pim sparse-mode timer hello....................................................................................................1083
debug ipv6 pim sparse-mode timer joinprune.............................................................................................1084
debug ipv6 pim sparse-mode timer register................................................................................................1084
debug ipv6 packet-filter...............................................................................................................................1084
debug ipv6 multicast...................................................................................................................................1084
debug ipv6 multicast all...............................................................................................................................1085
debug ipv6 multicast fib-msg.......................................................................................................................1085
debug ipv6 multicast mrt.............................................................................................................................1085
debug ipv6 multicast register......................................................................................................................1086
debug ipv6 multicast stats...........................................................................................................................1086
debug ipv6 multicast mif..............................................................................................................................1086
debug ppp...................................................................................................................................................1086
debug ppp mlpinfo.......................................................................................................................................1087
debug ppp pppstates...................................................................................................................................1087
debug ppp debug_link.................................................................................................................................1087
debug ppp negotiation.................................................................................................................................1087
debug ppp lcp..............................................................................................................................................1088
debug ppp ipcp............................................................................................................................................1088
debug ppp bcp............................................................................................................................................1088
debug ppp ipv6cp........................................................................................................................................1089
debug spanning-tree all...............................................................................................................................1089
debug spanning-tree cli...............................................................................................................................1089
debug spanning-tree event.........................................................................................................................1090
debug spanning-tree packet........................................................................................................................1090
debug spanning-tree timer..........................................................................................................................1091
debug ssm traces error...............................................................................................................................1091
debug ssm traces message........................................................................................................................1091
debug ssm traces module...........................................................................................................................1092
debug system..............................................................................................................................................1092
debug system show_crash..........................................................................................................................1093
debug system overwrite_crash_dump........................................................................................................1093
debug system clear_crash_dump...............................................................................................................1093
debug system display_overwrite_crash_dump...........................................................................................1093
debug system print_stats............................................................................................................................1094
debug system clear_stats...........................................................................................................................1094
debug rtp.....................................................................................................................................................1094
debug rtp tables..........................................................................................................................................1095
debug rtp txtable.........................................................................................................................................1095
debug rtp rxtable.........................................................................................................................................1095
debug rtp statistics......................................................................................................................................1095
debug dhcp-client........................................................................................................................................1096
debug dhcp_relay........................................................................................................................................1096
October 2010
47
debug dhcp_relay enable_debug................................................................................................................1096

debug dhcp_relay display_dhcp_table........................................................................................................1096
debug dhcp_relay display_hash_statistics..................................................................................................1097
debug qos...................................................................................................................................................1097
debug qos chassis......................................................................................................................................1097
debug qos chassis show-buf-mgmt-info......................................................................................................1098
debug qos chassis show-class....................................................................................................................1098
debug qos chassis show-intf-qos-info.........................................................................................................1098
debug qos chassis show-red-info................................................................................................................1098
debug qos chassis show-sch-list.................................................................................................................1099
debug qos chassis show-sch-info...............................................................................................................1099
debug qos chassis clear-sch-info................................................................................................................1099
debug qos chassis hist-stats-upload-info....................................................................................................1099
debug qos chassis clear-upload-counters...................................................................................................1100
debug qos chassis show-buf-overruns........................................................................................................1100
debug qos chassis clear-buf-overruns.........................................................................................................1100
debug virtual-access....................................................................................................................................1101
debug virtual-access pppoe.........................................................................................................................1101
debug virtual-access pppoe events.............................................................................................................1101
debug virtual-access pppoe all....................................................................................................................1101
debug virtual-access pppoe packet.............................................................................................................1102
debug virtual-access pppoe data.................................................................................................................1102
debug virtual-access ppp.............................................................................................................................1102
debug virtual-access l2tp-server..................................................................................................................1102
debug crypto................................................................................................................................................1103
debug crypto ike..........................................................................................................................................1103
debug crypto ca...........................................................................................................................................1103
debug crypto ipsec......................................................................................................................................1104
debug crypto ipsec mode spd......................................................................................................................1104
debug crypto all...........................................................................................................................................1105
debug crypto failover...................................................................................................................................1105
debug firewall..............................................................................................................................................1105
debug firewall alg.........................................................................................................................................1105
debug firewall attack....................................................................................................................................1106
debug firewall connections..........................................................................................................................1106
debug firewall ip-reassembly.......................................................................................................................1106
debug firewall packet...................................................................................................................................1106
debug firewall all..........................................................................................................................................1107
debug disable-firewall..................................................................................................................................1107
debug all......................................................................................................................................................1108
debug cspf...................................................................................................................................................1108
debug cspf events.......................................................................................................................................1108
debug cspf hexdump...................................................................................................................................1109
debug cspf lsp.............................................................................................................................................1109
debug pcap..................................................................................................................................................1109
debug pcap capture.....................................................................................................................................1110
debug pcap capture direction......................................................................................................................1110
debug pcap capture snaplen.......................................................................................................................1110
debug pcap capture count...........................................................................................................................1111
debug pcap capture filter.............................................................................................................................1111
debug pcap capture wrap............................................................................................................................1111
48
October 2010
debug pcap capture size..............................................................................................................................1112

debug pcap capture drop-nonip...................................................................................................................1112
debug pcap capture attach..........................................................................................................................1112
debug pcap capture commit........................................................................................................................1113
debug pcap capture show-config.................................................................................................................1113
debug pcap capture stats............................................................................................................................1113
debug pcap capture dump...........................................................................................................................1114
debug pcap capture clear-stats...................................................................................................................1114
debug pcap access-list................................................................................................................................1114
debug pcap max-sessions...........................................................................................................................1115
debug pcap enable......................................................................................................................................1115
debug pcap cleanup....................................................................................................................................1115
debug pcap upload......................................................................................................................................1115
debug pcap save.........................................................................................................................................1116
debug pcap show-config..............................................................................................................................1116
debug pcap stats.........................................................................................................................................1117
debug pcap dump........................................................................................................................................1117
debug pcap clear-stats................................................................................................................................1117
debug rip......................................................................................................................................................1117
debug rip all.................................................................................................................................................1118
debug rip events..........................................................................................................................................1118
debug rip nsm..............................................................................................................................................1118
debug rip packet..........................................................................................................................................1118
debug rsvp...................................................................................................................................................1119
debug rsvp all..............................................................................................................................................1119
debug rsvp cspf...........................................................................................................................................1119
debug rsvp events.......................................................................................................................................1120
debug rsvp fsm............................................................................................................................................1120
debug rsvp fsm egress................................................................................................................................1120
debug rsvp fsm ingress...............................................................................................................................1121
debug rsvp fsm transit.................................................................................................................................1121
debug rsvp nsm...........................................................................................................................................1121
debug rsvp hexdump...................................................................................................................................1122
debug rsvp packet.......................................................................................................................................1122
debug ldp.....................................................................................................................................................1122
debug ldp advertise-labels...........................................................................................................................1123
debug ldp all................................................................................................................................................1123
debug ldp events.........................................................................................................................................1123
debug ldp dsm.............................................................................................................................................1123
debug ldp fsm..............................................................................................................................................1124
debug ldp nsm.............................................................................................................................................1124
debug ldp hexdump.....................................................................................................................................1124
debug ldp packet.........................................................................................................................................1124
debug ldp packet address...........................................................................................................................1125
debug ldp packet hello.................................................................................................................................1125
debug ldp packet initialization......................................................................................................................1125
debug ldp packet keepalive.........................................................................................................................1126
debug ldp packet label.................................................................................................................................1126
debug ldp packet notification.......................................................................................................................1126
debug ldp tsm..............................................................................................................................................1126
debug ldp usm.............................................................................................................................................1127
October 2010
49
debug ldp vc................................................................................................................................................1127

debug ldp vc dsm........................................................................................................................................1127
debug ldp vc usm........................................................................................................................................1127
debug dot1x.................................................................................................................................................1128
debug dot1x all............................................................................................................................................1128
debug dot1x event.......................................................................................................................................1128
debug dot1x packet.....................................................................................................................................1129
debug dot1x timer........................................................................................................................................1129
debug lacp...................................................................................................................................................1129
debug lacp all..............................................................................................................................................1129
debug lacp event.........................................................................................................................................1130
debug lacp packet.......................................................................................................................................1130
debug lacp timer..........................................................................................................................................1130
debug igmp-snooping..................................................................................................................................1131
debug igmp-snooping all.............................................................................................................................1131
debug igmp-snooping event........................................................................................................................1131
debug igmp-snooping packet......................................................................................................................1131
debug igmp-snooping timer.........................................................................................................................1132
debug gvrp...................................................................................................................................................1132
debug gvrp all..............................................................................................................................................1132
debug gvrp cli..............................................................................................................................................1132
debug gvrp event.........................................................................................................................................1133
debug gvrp packet.......................................................................................................................................1133
debug gvrp timer..........................................................................................................................................1133
debug ospf...................................................................................................................................................1134
debug ospf events.......................................................................................................................................1134
debug ospf ifsm...........................................................................................................................................1134
debug ospf lsa.............................................................................................................................................1135
debug ospf nfsm..........................................................................................................................................1135
debug ospf nsm...........................................................................................................................................1136
debug ospf packet.......................................................................................................................................1136
debug ospf route..........................................................................................................................................1137
debug ospf all..............................................................................................................................................1137
debug isdn...................................................................................................................................................1138
debug isdn all..............................................................................................................................................1138
debug isdn cc..............................................................................................................................................1138
debug isdn q921..........................................................................................................................................1139
debug isdn q921-timers...............................................................................................................................1139
debug isdn q931..........................................................................................................................................1140
debug isdn q931-timers...............................................................................................................................1140
debug isdn physical-layer............................................................................................................................1140
debug isdn data-path...................................................................................................................................1141
debug isdn test-isdn-call..............................................................................................................................1141
debug isdn test-isdn-drop............................................................................................................................1142
debug isdn isdn-status.................................................................................................................................1142
debug isdn q931Statistics............................................................................................................................1142
debug isdn q921Statistics............................................................................................................................1143
debug packet-dump.....................................................................................................................................1143
debug tacacs...............................................................................................................................................1144
50
October 2010
Chapter 1: New in this release

The following section details what is new in Avaya Secure Router 2330/4134 Command Line Reference
(NN47263-507) for Release 10.3.
Features
See the following sections for information about feature changes:
IPSec nailed up tunnel

IPSec nailed up branch office connections are formed when a policy is configured and does
not require the presence of data to trigger the establishment of a tunnel. When IPSec nailed
up tunnel is enabled on a head office Secure Router and the router receives leading data
designated for a branch office, the data is forwarded to the branch office without delay, because
the tunnel is already established.
For more information, see configure crypto ipsec policy nailed-up on page 879.
IPSec VPN bypass policy

The IPSec VPN bypass policy allows system administrators more flexibility when configuring
a head office to branch office network connected by a VPN tunnel.
For more information, see configure crypto ipsec policy bypass match address on page 876.
Jumbo frame support

Secure Router 2330/4134 supports jumbo frames for interfaces configured with PPP
encapsulation.
October 2010
51
New in this release
For more information , see:

configure interface bundle ppp mtu-mru-magic on page 187
Key usage extension checking

Key usage extension checking enhances X.509 digital certificate peer authentication by
ensuring that a peer digital certificate includes a specified key usage constraint, before an SA
establishment with the peer is authorized.
For more information, see configure crypto ike policy keyusage on page 885.
Multiple networks in a single IPSec policy

You can avoid configuring multiple IPSec policies for multiple source and destination networks
by associating the source and destination network addresses with one common IP address
object variable.
For more information, see configure crypto ipsec policy match object on page 878.
Packet filters for management services

With packet filters for management services, you can simplify the blocking of management
services by creating and applying a packet-filter rule list globally on the router, independent of
the router interfaces.
For more information, see the following:
configure packet-filter-group management on page 824
show packet-filter-rules management on page 825
show ip packet-filter-stats management on page 825
show ipv6 packet-filter-stats management on page 826
Periodic DPD
Periodic DPD provides the Secure Router with detection for dead network peers earlier than
on demand DPD. You can use periodic DPD for applications where consistent network
availability is a high priority, to detect connectivity failures, and reroute data to secondary paths.
For more information, see configure crypto keepalive mode on page 883.
52
October 2010
Features
Prioritizing IPSec policies

With Release 10.3, variables for existing CLI commands are modified so administrators can
prioritize IPSec policies by specifying the order in which policies are applied.
For more information, see configure crypto ipsec policy on page 875.
RIP scalability enhancements

Secure Router 2330/4134 uses hub and spoke routing topology to connect branch offices
(spoke) to head a office (hub). This topology requires the establishment of a VPN tunnel (IPsec
protected IP in IP tunnel) between the hub and spoke, and support for dynamic routing
protocols over the VPN tunnels.
For more information, see the following:
configure interface bundle ip rip default-originate-only on page 490
configure interface ethernet ip rip default-originate-only on page 491
configure interface tunnel ip rip default-originate-only on page 494
configure interface vlan ip rip default-originate-only on page 495
RSA certificate key size enhancement

The maximum key size for RSA certificates is increased to 4096 bits. The Secure Router now
supports RSA keys with 512, 1024, 2048, 3072, and 4096 bits. The factory default is 1024 bits.
For more information, see configure crypto keypair on page 884.
SNMP interface index persistency

SNMP interface index persistency helps the Secure Router maintain a consistent SNMP
interface index over system reboots.
For more information, see:
configure system snmp-ifindex-persistent on page 406
show snmp configuration on page 407
October 2010
53
New in this release
Triggered RIP
Triggered Routing Information Protocol (RIP) improves RIP efficiency by providing
modifications for RIP to transmit information on point-to-point interfaces, only when an update
to the routing database occurs.
For more information, see
configure interface bundle ip rip triggered on page 490
configure interface tunnel ip rip triggered on page 495
Tunnel failover using round robin DNS

With Release 10.3, previously existing IKE policy and IPSec policy CLI command variables
are modified to support naming network peers with a Domain Name Server (DNS) name along
with a specific IP address. With this application, DNS round robin replies can provide a form
of failover and load balancing for IPsec VPN tunnels..
For more information , see the following:
configure crypto ipsec policy on page 875
configure crypto ike policy on page 867
Tunnel failover using static weighted tunnels

Static weighted tunnels can specify primary and secondary branch office tunnels, which
provides an IPSec VPN tunnel failover capability for branch offices.
For more information see configure crypto failover on page 866.
Debug commands
The following new debug commands are available with Release 10.3:
debug crypto ipsec mode spd on page 1104
debug crypto failover on page 1105
debug dhcp-client on page 1096
debug tacacs on page 1144
54
October 2010
Other changes
Other changes
This document is updated with commands that were new for previous releases:
Release 10.2 commands

clear commands
clear cfg_file on page 77
clear event_log on page 78
clear ip igmp statistics on page 628
clear ip pim sparse-mode statistics on page 615
clear ipv6 mld statistics on page 718
clear ipv6 pim sparse-mode statistics on page 703
configure aaa and configure dst commands

configure aaa source-address on page 912
configure dst enable on page 81
configure dst set on page 81
configure crypto commands

configure crypto contivity-iras ike policy on page 835
configure crypto contivity-iras ike policy client configuration address-pool on page 835
configure crypto contivity-iras ike policy client configuration banner-enable on page
836
configure crypto contivity-iras ike policy client configuration banner-text on page 836
configure crypto contivity-iras ike policy client configuration client-domain-name on
page 837
configure crypto contivity-iras ike policy client configuration client-may-storepassword on page 837
October 2010
55
New in this release
configure crypto contivity-iras ike policy client configuration client-screen-saver on

page 838
configure crypto contivity-iras ike policy client configuration dns-server on page 838
configure crypto contivity-iras ike policy client configuration failover-list on page 839
configure crypto contivity-iras ike policy client configuration keepalive enable on
page 839
configure crypto contivity-iras ike policy client configuration keepalive interval on
page 840
configure crypto contivity-iras ike policy client configuration keepalive retransmitions on
page 840
configure crypto contivity-iras ike policy client configuration nat-keepalive on page 841
configure crypto contivity-iras ike policy client configuration private-side-address on
page 842
configure crypto contivity-iras ike policy client configuration split-tunnel mode on
page 842
configure crypto contivity-iras ike policy client configuration split-tunnel network on
page 843
configure crypto contivity-iras ike policy client configuration wins-server on page 844
configure crypto contivity-iras ike policy local-address on page 844
configure crypto contivity-iras ike policy mode on page 844
configure crypto contivity-iras ike policy proposal on page 845
configure crypto contivity-iras ike policy proposal authentication-method on page 845
configure crypto contivity-iras ike policy proposal dh-group on page 846
configure crypto contivity-iras ike policy proposal encryption-algorithm on page 847
configure crypto contivity-iras ike policy proposal hash-algorithm on page 847
configure crypto contivity-iras ike policy remote-id on page 848
configure crypto contivity-iras ipsec policy on page 848
configure crypto contivity-iras ipsec policy enable on page 849
configure crypto contivity-iras ipsec policy match on page 849
configure crypto contivity-iras ipsec policy proposal encryption-algorithm on page 850
configure crypto contivity-iras ipsec policy proposal hash-algorithm on page 852
configure crypto contivity-iras ipsec policy proposal lifetime on page 851
configure crypto ike policy initial-contact on page 868
56
October 2010
Other changes
configure dialer commands

configure dialer on page 79
configure dialer answer-mode on page 159
configure dialer async modem on page 79
configure dialer async uart on page 80
configure dialer idle-timeout on page 160
configure firewall and configure module commands

configure firewall global algs on page 793
configure firewall internet policy self nat-ip on page 801
configure module e1 cas-custom on page 954
configure module e1 cas-group timeslots on page 957
configure interface commands

configure interface bundle isdn map on page 165
configure interface bundle link dialer on page 175
configure interface ethernet dhcp-client on page 418
configure interface ip dvmrp default-listen on page 609
configure interface ip dvmrp default-supply on page 609
configure interface ip dvmrp prune-lifetime on page 611
configure interface ip igmp limit on page 632
configure interface ip igmp snooping mrouter interface on page 353
configure interface ip igmp static-group on page 634
configure interface ipv6 mld limit on page 722
configure interface ipv6 mld static-group on page 724
configure interface mpls admin-group on page 294
configure interface mpls ip on page 295
configure interface mpls protocol-ldp on page 295
configure interface mpls protocol-rsvp on page 295
October 2010
57
New in this release
configure interface tunnel gvrp on page 898

configure interface vlan ip helper-address port on page 308
configure interface vlan ip helper-address protocol on page 307
configure interface vlan ip helper-address service on page 307
configure interface vlan ip igmp snooping on page 354
configure interface vlan ip igmp snooping querier on page 354
configure interface vlan ip igmp snooping report-suppression on page 355
configure ip commands
configure ip igmp limit on page 628
configure ip igmp ssm-map enable on page 629
configure ip igmp ssm-map static on page 629
configure ip mroute on page 599
configure ip multicast-lookup-mrib-only on page 601
configure ip pim anycast-rp on page 618
configure ip pim multipath on page 621
configure ip proxy-dns add-cache on page 455
configure ip proxy-dns enable on page 456
configure ip dvmrp commands

configure ip dvmrp holddown disable on page 604
configure ip dvmrp log-neighbor-changes on page 604
configure ip dvmrp mfc-timeout on page 605
configure ip dvmrp neighbor-probe-interval on page 605
configure ip dvmrp neighbor-timeout on page 606
configure ip dvmrp route-expiration-timeout on page 606
configure ip dvmrp switch-timeout on page 607
configure ip dvmrp triggered-update-interval on page 608
configure ip dvmrp unconfirmed-route-timeout on page 608
58
October 2010
Other changes
configure ip nat commands

configure ip nat access-group on page 445
configure ip nat access-list on page 446
configure ip nat address on page 446
configure ip nat debug on page 447
configure ip nat default_addr on page 447
configure ip nat enable on page 447
configure ip nat interface on page 448
configure ip nat ip on page 448
configure ip nat ip on page 448
configure ip nat max_ports on page 449
configure ip nat pass_thru on page 450
configure ip nat pass-thru-multicast on page 450
configure ip nat pool range on page 451
configure ip nat port on page 451
configure ip nat reverse on page 452
configure ip nat reverseACL on page 452
configure ip nat timeout on page 453
configure ip nat trans_addr on page 453
configure ip nat trans_mode on page 454
configure ip nat unregistered on page 454
configure ipv6 commands

configure ipv6 mld limit on page 718
configure ipv6 mld ssm-map enable on page 719
configure ipv6 mld ssm-map static on page 719
configure ipv6 mroute on page 478
configure ipv6 multicast-lookup-mrib-only on page 480
configure ipv6 pim anycast-rp on page 707
configure ipv6 pim log-neighbor-changes on page 708
October 2010
59
New in this release
configure ipv6 pim multipath on page 708

configure ipv6 pim rp embedded on page 710
configure reverse_telnet commands

configure reverse_telnet enable on page 83
configure reverse_telnet set_baud_rate on page 82
configure reverse_telnet set_data_bits on page 83
configure reverse_telnet set_flow_control on page 84
configure reverse_telnet set_parity on page 85
configure reverse_telnet set_stop_bits on page 85
configure reverse_telnet telnet_port on page 86
configure reverse_telnet telnet_timeout on page 87
configure router commands

configure router bgp address-family ipv4 multicast on page 542
configure router ospf neighbor on page 650
configure router-id on page 87
configure sip-ua commands

configure sip-ua outbound-proxy on page 936
configure sip-ua register dynamic on page 938
configure sip-ua sip-server keepalive target on page 939
configure system commands

configure system logging syslog source-address on page 93
configure system security firewall-disable on page 815
configure system source-address on page 88
60
October 2010
Other changes
debug commands
debug clear_clisession on page 1036
debug spanning-tree all on page 1089
debug spanning-tree cli on page 1089
debug spanning-tree event on page 1090
debug spanning-tree packet on page 1090
debug spanning-tree timer on page 1091
debug_eng on page 1036
show commands
show crypto clients contivity on page 890
show crypto contivity-iras ike policy on page 890
show crypto contivity-iras ipsec policy on page 891
show dst on page 99
show ip igmp statistics on page 636
show ip interfaces on page 469
show ip pim sparse-mode rpf on page 626
show ipv6 mld statistics on page 726
show ipv6 pim sparse-mode rpf on page 714
show ipv6 pim sparse-mode statistics on page 715
show module configuration xdsl on page 75
show module userstats xdsl on page 76
show sntp on page 101
show usb_userstat on page 101
show vrrp virtualip-setting on page 598
sntp commands
sntp broadcast on page 101
sntp enable on page 102
October 2010
61
New in this release
sntp retries on page 103

configure sntp source-address on page 87
configure usb and configure vrrp-virtualip commands

configure usb enable on page 95
configure vrrp-virtualip allow-ping on page 597
configure voice commands

configure voice class custom-cptone on page 945
configure voice class dualtone on page 946
configure voice dsp dtmf-level on page 947
Release 10.2.1 commands

configure interface tunnel ip tcp-mss on page 899
configure voice dsp agc-enable on page 946
configure voice dsp dtmf-twist on page 947
configure voice dsp no-rtcp-timeout on page 948
interface ethernet ip tcp-mss on page 302
62
October 2010
Chapter 2: Basic CLI commands

This chapter describes the basic CLI commands used in the Avaya Secure Router 2330/4134.
clear
Use this command to access the clear commands.
Syntax
clear
Example
SR# clear
configure admin_name
Use this command to modify the administrator account user name.
To modify the administrator user name, you must log in with level 1 user privileges using the
administrator account (default user name is admin and password is setup).
Syntax
admin_name <admin-name>
Table 1: Variable definitions
Variable
<admin-name>
Value
Specifies the new administrator user name.
Example
SR/configure# admin_name HQadmin
October 2010
63
Basic CLI commands
configure console_timeout
Use this command to configure a timeout in seconds for console sessions. The default value
is 0, which indicates no timeout.
Syntax
console_timeout <0-3600>
Example
SR/configure# console_timeout 900
configure flash
Use this command to copy a saved .cfg file from flash to the router to reinstate a previously
saved configuration. After you enter the command, the system prompts you to enter the full
file name.
Syntax
configure flash
Example
SR# configure flash
filename: SR4134.cfg
configure header
Use this command to add a header with descriptive information to the top of the configuration
file. The maximum length of the header is 80 characters.
Syntax
header "<header>"
Example
SR/configure# header "This file was originally activated on
07/16/07."
64
October 2010
configure interface
configure interface
Use this command to enter the interface mode, and configure interface properties.
Syntax
interface <IFNAME>
Variable
<IFNAME>
Value
name of the interface for which the properties
are to be configured.
Example
SR/configure# interface ethernet 0/0
configure network
Use this command to copy a saved .cfg file from the network to the router to reinstate a
previously saved configuration. After you enter the command, the system prompts you to enter
the DNS name or IP address of the host and the path and name of the configuration file.
Syntax
configure network
Example
SR# configure network
host: 1.2.3.4
filename: /networks/SR4134.cfg
configure secure_passwords
Use this command to encrypt the user passwords to ensure that no one can view them in plain
text when they are displayed on screen, or viewed in the configuration file. Use the no form of
the command to display passwords in plain text.
Syntax
[no] secure_passwords
October 2010
65
Basic CLI commands
Example
SR/configure# secure_passwords
configure SYS_REM
Use this command to add comments at the beginning of a configuration. The comments appear
after saving the configuration using the save local command.
The maximum length of the comment string is 80 characters.
Syntax
SYS_REM "<comments>"
Example
SR/configure# SYS_REM Configured on November 3, 2007 9:45 by JB.
configure SYS_REM_
Use this command to add comments at the end of a configuration file. The comments appear
after saving the configuration using the save local command.
The maximum length of the comment string is 80 characters.
Syntax
SYS_REM_ "<comments>"
Example
SR/configure# SYS_REM_ "Everything left unchanged except IP packet
filter. JB 11/06/07 12:20."
configure terminal
Use this command to enter the configuration command mode from a console terminal or
management workstation and manually configure the router system parameters.
Syntax
configure terminal
Example
SR#
66
configure terminal
October 2010
configure user
configure user
Use this command to configure users on the SR2330/4134.
To configure users, you must log in with level 1 user privileges using the administrator account.
You can configure any new user to have a user privilege level from 2 to 4. The administrator
account is the only account that has level 1 privileges.
Syntax
user <user-name> [<user-level>]
After you enter this command, the system prompts you to enter the password.
Variable
Value
<user-name>
Specifies the user name.
[<user-level>]
Specifies the privilege level for the user, from

2 to 4.
Example
SR/configure#
user user1 2
exit
Use this command to exits the system CLI or exit from a lower-level command prompt to a
higher-level command prompt in the CLI hierarchy.
Syntax
exit <n>
Variable
Value
<n>
Specifies the number of levels to exit. The

range is 1 - 6; the default is 1.
Example
SR/configure/interface/bundle wan1#
exit 2
October 2010
67
Basic CLI commands
password
Use this command to change your own user password. If you are logged in using the
administrator user account, you can also change the passwords of other users.
After you enter the command, the system prompts you for the new password information.
Syntax
password
Variable
Value
<old password>
current password in use.
<new password>
new password.
Example
SR#
password
pop
In configuration mode, use this command to reset the command prompt level to the main
configuration mode level ( SR/configure# ).
Syntax
pop
Variable
Value
<old password>
current password in use.
<new password>
new password.
Example
SR/configure/interface/ethernet 0/3)#
pop
SR/configure#
68
October 2010
reboot
reboot
Use this command to reboot the router using the current boot parameters.
Syntax
reboot
Example
SR#
reboot
save
Use this command to save the current configuration to a .cfg file on the flash. Save your
configuration to flash each time you make configuration changes to allow the system to boot
from the latest configuration upon subsequent reboot.
You can also use this command to save the configuration to a network location using TFTP,
providing a backup of your configuration, or to copy the configuration to another router.
Syntax
save {local [<filename>] | network <IP address> <file path>}
Variable
Value
local [<filename>]
Specifies to save the configuration file to the

local flash. You can also specify an optional
filename. The default filename is system.cfg.
network <IP address> <file path>
Specifies the network IP address, path, and

file name for the saved file.
Example
SR#
save local
show
Use this command to access the show commands.
October 2010
69
Basic CLI commands
Syntax
show
Example
SR#
show
show console_timeout
Use this command to display the configured console timeout value.
Syntax
Example
SR#
show configuration running

Use this command to display the current running configuration.
Syntax
Example
SR#
show configuration stored

Use this command to display the configuration that is stored in Flash.
Syntax
Example
SR#
70
October 2010
show system configuration

Use this command to display the system configuration.
Syntax
Example
SR#
show user_accounts
Use this command to display configured users and their associated account levels.
Syntax
show user_accounts
Example
SR#
show user_accounts
show users
Use this command to display users who are actively connected to the router.
Syntax
show users
Example
SR#
show users
show whoami
Use this command to display the account used to log on to the router for the current session.
Syntax
show whoami
October 2010
71
Basic CLI commands
Example
SR#
show whoami
telnet
Use this command to open a Telnet session.
Syntax
telnet <hostname> <port_number> <outgoing-interface>
Example
SR#
72
telnet 2.2.2.2 2602
October 2010
Chapter 3: File management commands
configure terminal interface bundle atm max-vcc

Syntax
max-vcc <1-8>
Example
SR/configure/interface bundle sr-bo/atm#max-vcc 2
configure terminal interface bundle link encapsulation atm

atm
Use the following command to configure ATM on an ADSL module.
Any ADSL bundle interface that is configured with ATM encapsulation can be configured as
an Ethernet Layer 2 switched interface, or as an IP routed interface (supporting static, OSPF, or
RIP routing). The commands used to configure the bundles are the same as those used to
configure Ethernet ports. For detailed information about these commands, see Avaya Secure
Router 2330/4134 ConfigurationLayer 2 Ethernet, NN47263-501 and Avaya Secure Router
2330/4134 ConfigurationIPv4 and Routing, NN47263-502 .
Syntax
atm
Variable
Value
pvc <vpi/vci>
Specifies the virtual channel identifier (VCI)

and virtual path identifier (VPI) in the ATM
cell header. The VCI is a 16 bit field that
identifies a virtual channel and the VPI is an
eight bit field that identifies the virtual path.
The default is 0/35.
atm-encapsulation {aal5Snap |
aal5Mux}
Specifies the ATM encapsulation:
October 2010
73
File management commands
Variable
Value
aal5Snap: Multiplexes multiple protocols
over the same PVC (LLC multiplexing).
aal5mux: Assigns a single protocol to the
PVC (VC multiplexing).
class-vc <class-vc>
Specifies the VC class type.
protocol {pppoe | pppoa | ipoe Specifies the protocol on the PVC:

| ipoa | bridge}
pppoe: Point to Point Protocol over
Ethernet
pppoa: Point to Point Protocol over ATM
ipoe: IP over Ethernet
ipoa: IP over ATM
bridge: Multi-Protocol Over ATM
Important:
Secure Router 2330/4134 release 10.2
does not support RIPv1 with IPoA or IPoE.
Only RIPv2 with IPoA or IPoE is
supported.
description <description>
Specifies a description for the PVC, delimited

by double quotes ().
enable
Enables the PVC. Use the no version of this

command to disable the PVC.
Example
SR/configure/interface bundle sr-bo/link xdsl 1/0/encapsulation
atm#atm
configure terminal module xdsl

Use this command to configure the ADSL small module.
Syntax
[no] module xdsl <slot/subslot>
Variable
[no] bitswap-coding
74
Value
Enables or disables bitswap coding on the
ADSL small module.
October 2010
show module configuration xdsl
Variable
Value
[no] L3-power-state
Enables or disables L3 power state on the

ADSL small module.
modulation-mode
Specifies the modulation mode for the ADSL

small module. Values include:
ansi-dmtANSI T1.413
adslITU G.992.1 ( G.DMT )
adslliteITU G.992.2 (G.Lite )
adsl2ITU G.992.3 ( ADSL2 )
adsl2plusITU G.992.5 (ADSL2+ )
reach-adsl2ITU G.992.3 (Annex L)
adsl2plusmITU G.992.5 (Annex M)
allAll (default)
software_upgrade
Upgrades to the latest available software

version.
[no] sra
Enables or disables Seamless Rate

Adaptation (SRA) on the ADSL small
module.
[no] trellis_coding
Enables or disables trellis coding on the

ADSL small module.
Example
SR/configure#module xdsl 0/1 software_upgrade
show module configuration xdsl

Use this command to display the ADSL small module configuration.
Syntax
show module configuration xdsl <slot/subslot>
Example
SR#show module configuration xdsl 1/0
October 2010
75
File management commands
show module userstats xdsl

Use this command to display ADSL small module user statistics.
Syntax
show module userstats xdsl <slot/subslot>
Example
SR#show module userstats xdsl 1/0
76
October 2010
Chapter 4: Commissioning commands
admin_name
Use this command to change the administrator log-in name (Level 1 access) to a userspecified name.
Syntax
admin_name <WORD>
Variable
<WORD>
Value
Specifies the new name.
Example
SR/configure# admin_name fremont
boot_params
Use this command to configure the boot parameters.
Syntax
boot_params
Example
SR/configure# boot_params
clear cfg_file
Use this command to remove a configuration file from the flash. Use this command with caution
as it can delete all current configurations from the router. If you do not specify a filename, the
command deletes the system.cfg file by default.
October 2010
77
Commissioning commands
Syntax
clear cfg_file [<filename>]
You are prompted to enter y to delete, or n to cancel the operation.
Variable
[<filename>]
Value
The name of the file to delete. This is an
optional parameter. if You do not specify a
filename, the router deletes the system
default file (system.cfg).
Example
SR#clear cfg_file oldfile.cfg
clear telnet session

You can disconnect a specific Telnet session, if necessary, or you can disconnect all Telnet
sessions simultaneously.
Syntax
clear telnet_session <value>
clear telnet_sessions
Variable
<value>
Value
Specifies the Telnet session sequence
number. Enter a value from 1 to 16.
Example
SR# clear telnet_session 6
To quickly disconnect all Telnet sessions, use the command: clear telnet_sessions
clear event_log
Use this command to clear the contents of the event log.
78
October 2010
configure dialer
Syntax
[no] clear event_log
Variable
Value
[no]
Leaves the contents of the event log intact.
Example
SR# clear event_log
configure dialer
Use this command to create a dialer for an external modem.
Syntax
[no] dialer <name>
Variable
Value
<name>
Specifies the dialer name, maximum 8 characters.
[no]
Deletes the dialer.
Example
SR/configure#dialer modem1
configure dialer async modem

Use this command to configure dialer async modem parameters.
Syntax
[no] async modem [answer <rings>] [at <at_string>] [call-set-timeout
<rings>] [dial-method {tone | pulse}] [enable] [phone-num <number>]
Variable
[answer <rings>]
Value
Specifies the number of rings before a call is answered. The
default value is 2.
October 2010
79
Variable
Value
at <at_string>
Specifies the AT string used to configure the dialer.
call-set-timeout <rings>
Specifies the number of unanswered rings before a call is

ended. The default value is 6.
dial-method {tone | pulse}
Specifies the dialing method. The default value is tone.
enable
Enables modem command functionality.
[no]
Disables dialer async parameters.
phone-num <number>
Specifies the called party phone number. The maximum is

25 characters.
Example
SR/configure/dialer dial1#
async modem answer 4
configure dialer async uart

Use this command to configure dialer async uart parameters.
Syntax
async uart [parity <parity>] [rate <baudrate>] [stopbits <stopbits>]
Variable
Value
rate <baudrate>
Specifies the Baud rate of the modem. Values include 2400,

9600, 38400, and 56000. The default value is 56000.
parity <parity>
Specifies the parity setting. Values include:

0none
1odd
2even
The default value is 0 (none).
stopbits <stopbits>
Specifies the number of stopbits. Values include 1, 2, or 3.

The default value is 1.
Example
SR/configure/dialer dial1#async uart parity 1
80
October 2010
configure dst enable
configure dst enable

Use this command to enable or disable daylight savings time.
Syntax
[no] dst enable
Variable
[no]
Value
Disables daylight savings time.
Example
SR/configure#
dst enable
configure dst set

The daylight saving time (DST) feature allows you to configure a time offset for daylight saving.
Use this command to to configure DST on the Secure Router 2330/4134.
Syntax
dst set <device location> <start hour> <start minute> <start week of
month> <start day of week> <start month> <end hour> <end minute> <end
week of month> <end day of week> <end month> <dst duration hrs> <dst
duration minutes>
Variable
Value
<device location>
Specifies the location of the device.
<start hour>
Specifies the start hour (00 - 23), in other

words, the hour at which the DST offset time
begins.
<start minute>
Specifies the start minute (00 - 59)
<start week of month>
Specifies the start week of <start month> (1

- 4)
<start day of week>
Specifies the start day of week (0 - sunday,

6 - saturday)
<start month>
Specifies the start month of year (1 - 12)
October 2010
81
Variable
Value
<end hour>
Specifies the end hour (00 - 23), in other

words, the hour at which the DST offset time
ends.
<end minute>
Specifies the end minute (00 - 59)
<end week of month>
Specifies the end week of <end month> (1 4)
<end day of week>
Specifies the end day of week (0 - sunday,

6 - saturday)
<end month>
Specifies the end month of year (1 - 12)
<dst duration hrs>
Specifies the number of offset hours to add

to the time at the start of DST (and remove
at the end of DST).
<dst duration minutes>
Specifies the number of offset minutes to add

to the time at the start of DST (and remove
at the end of DST).
Example
SR/configure#dst set office 08 30 1 2 5 23 59 3 0 11 12 30
configure reverse_telnet set_baud_rate

Reverse Telnet gives you the ability to Telnet to a device, and then use a console connection
to connect to another device from there. For example, you can Telnet to a router, and then
connect into a switch, modem, or any other device that has a console port. There are many
devices that do not have remote access built into them, and the only access option for these
devices is a console session. With reverse Telnet, you can remotely manage these type of
devices through the Secure Router 4134.
The Secure Router 2330 does not have an AUX port and therefore cannot support reverse
Telnet.
Use this command to configure the AUX port baud rate.
Syntax
[no] set_baud_rate <baud_rate>
Variable
<baud_rate>
82
Value
Sets the speed of the AUX port. Range is 50 115200 (default 9600).
October 2010
configure reverse_telnet set_data_bits
Variable
[no]
Value
Deletes the AUX port baud rate
configuration.
Example
SR/configure/reverse_telnet#
set_baud_rate 60
configure reverse_telnet set_data_bits

Telnet.
Use this command to configure data bits for the AUX port.
Syntax
[no] set_data_bits <data_bits>
Variable
Value
<data_bits>
Specifies the number of data bits for the AUX

port. Values range from 5 to 8. The default
value is 8.
[no]
Deletes the data bits configuration for the

AUX port.
Example
SR/configure/reverse_telnet# set_data_bits 7
configure reverse_telnet enable

October 2010
83
Telnet.
Use this command to enable or disable reverse Telnet.
Syntax
[no] enable
Variable
[no]
Value
Disables reverse Telnet.
Example
SR/configure/reverse_telnet# enable
configure reverse_telnet set_flow_control

Telnet.
Use this command to configure the flow control for the AUX port.
Syntax
[no] set_flow_control <flow_control>
Variable
84
Value
<flow_control>
Configures flow control on the AUX port.

Range: 0-none, 1-software, 2-hardware
(default: 0).
[no]
Disables flow control configuration on the

AUX port.
October 2010
configure reverse_telnet set_parity
Example
SR/configure/reverse_telnet# set_flow_control 2
configure reverse_telnet set_parity

Telnet.
Use this command to configure the AUX port parity.
Syntax
[no] set_parity <parity>
Variable
Value
<parity>
Sets parity of the AUX port. Range: 0-none,

1-odd, 2-even (default: no parity).
[no]
Disables the AUX port parity configuration.
Example
set_parity 1
configure reverse_telnet set_stop_bits

Telnet.
Use this command to configure the reverse Telnet stop bits.
October 2010
85
Syntax
[no] set_stop_bits <stop_bits>
Variable
Value
<stop_bits>
Configures the number of stop bits on the

AUX port. Range: 1 - 2 (default 1).
[no]
Disables the AUX port stop bits

configuration.
Example
set_stop_bits 2
configure reverse_telnet telnet_port

Telnet.
Use this command to configure the reverse telnet port.
Syntax
[no] telnet_port <telnet_port>
Variable
Value
<telnet_port>
Specifies the Telnet port which reverse

Telnet listens on to establish the remote
console though the AUX port. Range :2000 65535 (default 2001).
[no]
Deletes the Telnet port configuration.
Example
SR/configure/reverse_telnet# telnet_port 2010
86
October 2010
configure reverse_telnet telnet_timeout
configure reverse_telnet telnet_timeout

Telnet.
Use this command to configure the reverse Telnet timeout.
Syntax
[no] telnet_timeout <telnet_timeout>
Variable
<telnet_timeout>
Value
Specifies the timeout for the reverse telnet
session in seconds. Range: 0 ( disable
timeout) - 7200 (default 600).
Example
SR/configure/reverse_telnet# telnet_timeout 120
configure router-id
Use this command to configure the router identifier IP address.
Syntax
router-id <ip_addr>
Example
SR/configure/# router-id 1.1.2.3
configure sntp source-address

Use this command to configure the SNTP server source IP address for all services.
October 2010
87
Syntax
source-address <ip-address> | <interface-name>
Variable
Value
[ip-address]
Specifies the source address by IP address.
[interface-name]
Specifies the source address by interface name.
Example
SR/configure/sntp#source-address 1.2.2.1
configure system source-address

Use this command to configure the global source addresses for services.
Syntax
system source-address <ip-address> | <interface-name>
Variable
Value
[ip-address]
[interface-name]
Example
SR/configure#system source-address 10.10.10.1
configure terminal system logging console priority

Use this command to configure console logging priority.
Console logging priority is critical by default.
Syntax
[no] system logging console priority{emerg | alert | crit | err | warn
| notice | info | debug | none}
88
October 2010
configure terminal system logging syslog module ike

Variable
[no]
Value
Disables console logging priority.
{emerg | alert | crit | err Specifies the priority of messages to log:

| warn | notice | info |
emerg: emergency only alert
debug | none}
alert: alert and above
crit: critical and above

err: error and above
warn: warning and above
notice: notification and above
info: informational and above
debug: all messages
none: no messages
Example
SR/configure#system logging console priority warn
configure terminal system logging syslog module ike

Use this command to configure IKE message logging.
Syntax
[no] system logging syslog module ike{sys9 | sys10 | sys11 | sys12 |
sys13| sys14 | local0 | local1 | local2 | local3 | local4 | local5 |
local6 | local7}{emerg | alert | crit | err | warn | notice | info |
debug | none}
Variable
Value
[no]
Disables IKE message logging.
sys9 | sys10 | sys11 |

sys12 | sys13| sys14 |
local0 | local1 | local2 |
local6 | local7
Indicate system use.
October 2010
89
Variable

local6 | local7
Value
Indicate locally defined messages.
{emerg | alert | crit | err Specifies the level of messages to log:

debug | none}

debug: all messages
none: no messages
Example
SR/configure#system logging syslog module ike sys9 warn
configure terminal system logging syslog module radius

Use this command to configure RADIUS message logging priority.
Syntax
[no] system logging syslog module radius{sys9 | sys10 | sys11 | sys12
| sys13| sys14 | local0 | local1 | local2 | local3 | local4 | local5
| local6 | local7}{emerg | alert | crit | err | warn | notice | info
| debug | none}
Variable
90
Value
[no]
Disables RADIUS message logging priority.

local6 | local7
October 2010
configure terminal system logging syslog module userdb
Variable

local6 | local7
Value

debug | none}

debug: all messages
none: no messages
Example
SR/configure#system logging syslog module radius sys9 warn
configure terminal system logging syslog module userdb

Use this command to configure user database event message logging.
Syntax
[no] system logging syslog module userdb{sys9 | sys10 | sys11 | sys12
| debug | none}
Variable
Value
[no]
Disables user database event message logging.

local6 | local7
October 2010
91
Variable

local6 | local7
Value

debug | none}

debug: all messages
none: no messages
Example
SR/configure#system logging syslog module userdb sys9 warn
configure terminal system logging syslog module xauth

Use this command to configure extended authentication message logging for IKE.
Syntax
[no] system logging syslog module xauth{sys9 | sys10 | sys11 | sys12
| debug | none}
Variable
92
Value
[no]
Disables extended authentication message

logging for IKE.

local6 | local7
October 2010
configure system logging syslog source-address
Variable
Value

local6 | local7

debug | none}

debug: all messages
none: no messages
Example
SR/configure#system logging syslog module xauth sys9 warn
configure system logging syslog source-address

Use this command to configure the Syslog server source IP address for all services.
Syntax
Variable
Value
[ip-address]
Specifies the Syslog source IP address.
[interface-name]
Example
SR/configure/system/logging/syslog#source-address 10.1.1.1
October 2010
93
configure terminal system logging syslog enable

Use this command to enable syslog.
Syntax
system logging syslog enable
Example
SR/configure#system logging syslog enable
configure terminal system logging syslog host_ipaddr

Use this command to specify a host IP address and UDP port for syslog.
Syntax
[no] system logging syslog host_ipaddr <ipaddr> udp_portno <port>
Variable
Value
[no]
Disables the syslog host IP address and UDP

port.
host_ipaddr <ipaddr>
Specifies the syslog host IP address.
udp_portno <port>
Specifies the syslog UDP port. Values range

from 1 to 65535. The default value is 514.
Example
SR/configure#system logging syslog host_ipaddr 10.10.10.1 udp_portno
455
configure terminal system logging syslog host_ipaddrv6

Use this command to specify a host IPv6 address and UDP port for syslog.
Syntax
[no] system logging syslog host_ipaddrv6 <ipv6_addr> udp_portno
<port>
94
October 2010
configure usb enable

Variable
Value
[no]
Disables the syslog host IPv6 address and UDP

port.
host_ipaddrv6 <ipv6_addr>
Specifies the syslog host IPv6 address.
udp_portno <port>
Specifies the syslog UDP port. Values range

from 1 to 65535. The default value is 514.
Example
SR/configure#system logging syslog host_ipaddr ::FFFF:0000 udp_portno
455
configure usb enable

Use this command to enable or disable the rear-panel USB port.
The Secure Router 2330 does not support a USB port.
Syntax
[no] usb enable
Variable
[no]
Value
Disables the rear-panel USB port.
Example
SR/configure#usb enable
date
Use this command to configure the date on the Avaya Secure Router 2330/4134.
Syntax
date <month> <day> <year>
October 2010
95

Variable
Value
<day>
The current day in relation to the month.

Enter a value from 1 to 31.
<month>
The current month. Enter a value from 1 to

12.
<year>
The current year. Enter a value from 2000 to

2100.
Example
SR/configure# date 1 7 2005
ftp_server
Use this command to enable or disable the FTP server.
Syntax
[no] ftp_server
Example
SR/configure# ftp_server
ftp_user
Use this command to configure FTP users.
Syntax
ftp_user <username>
Example
SR/configure# ftp_user user01
hostname
Use this command to set or change the router name.
96
October 2010
ip address
Syntax
hostname <WORD>
Variable
<WORD>
Value
Specifies the name you want to assign to the
router.
Example
SR/configure# hostname samsung
ip address
Use this command to configure the IP address of the management port.
Syntax
ip address <ipaddr> <netmask>
Variable
Value
<ipaddr>
Specifies the IP address that you assign to

the management port.
<netmask>
Specifies the network mask that you assign

to the management port.
Example
SR/configure/interface/ethernet (0/0)# ip address 10.11.12.13
255.255.255.0
ip route
Use this command to configure a static route for specifying a preferred route to a destination.
Syntax
ip route <netaddr/mask> <gateway>
October 2010
97

Variable
Value
<netaddr/mask>
Specifies the IP address and the subnet

mask of the destination network.
<gateway>
Specifies the IP address or interface name of

the gateway.
Example
SR/configure# ip route 11.12.13.14/24 10.11.12.0
jumbo frame
Use 9216 to enable jumbo frames, save config and reboot.
Syntax
<WORD>Enter MTU Limit 1500 or 9216 (default =1500)
Variable
<WORD>
Value
Specifies the name you want to assign to the
router.
Example
SR/configure#system jumbo-mtu-limit>?
no user
Use this command to remove configured user names from the Secure Router 2330/4134.
Syntax
no user <username>
Example
SR/configure# no user user05
98
October 2010
ping
ping
Ping a device to verify the connection between the Secure Router 2330/4134 and that network
device. If the network device sends a ping reply, a message indicates that the specified IP
address is alive and can communicate with the router. If the router does not receive a reply,
the message indicates that the address is not responding.
Syntax
ping <ipaddr>
Variable
<ipaddr>
Value
Specifies the destination IP address.
Example
SR# ping 10.11.12.13
show chassis
Use the procedure in this section to view summary information about the Secure Router
2330/4134 chassis, including its operational status. After you install interface modules, you
can use the show chassis command to verify that the Secure Router 2330/4134 recognizes
the modules.
Syntax
show chassis
Example
SR# show chassis
show dst
Use this command to display the DST configuration and status.
Syntax
show dst
October 2010
99
Example
SR#
show dst
show module alarms

Use this command to check the system for alarms.
Syntax
show module alarms {t1|e1|ct3|serial|hssi|t3} <slot/port>
Example
SR# show module alarms serial 2/1
show module configuration

Use this command to quickly check the state and configuration of installed interface modules.
Syntax
show module configuration {t1|e1|ct3|serial|hssi|t3} <slot/port>
Example
SR# show module configuration serial 2/1
show module configuration all

Use this command to check the state and configuration of all installed interface modules.
Syntax
show module configuration all
Example
SR# show module configuration all
100
October 2010
show telnet
show telnet
View the Telnet server settings for information about the status of the Telnet server (enabled
or disabled) and the Telnet session timeout value.
Syntax
show telnet
Example
SR# show telnet
show sntp
Use this command to display the SNTP configuration.
Syntax
show sntp
Example
SR# show sntp
show usb_userstat
Use this command to display the status of the USB port.
Syntax
show usb_userstat
Example
SR#show usb_userstat
sntp broadcast
Use this command to enable or disable SNTP client broadcast.
October 2010
101
Syntax
sntp broadcast
Variable
[no]
Value
Disables SNTP client broadcast.
Example
SR/configure# sntp broadcast
sntp broadcast timeout

Use this command to set the timeout value for the response from the server.
Syntax
[no] sntp broadcast timeout <value>
Variable
Value
[no]
Disables SNTP broadcast timeout.
<value>
Specifies the timeout value in seconds. The

default timeout value is 1024 seconds.
Example
SR/configure# sntp broadcast timeout 500
sntp enable
Use this command to enable or disable SNTP client.
Syntax
sntp enable
Variable
[no]
102
Value
Disables SNTP client.
October 2010
sntp server
Example
SR/configure# sntp enable
sntp server
The Simple Network Time Protocol (SNTP) synchronizes the internal clocks of various network
devices across large, diverse networks to universal standard time.
Use this command to configure the location of the SNTP server.
Syntax
sntp server {ipaddr|hostname}
Variable
Value
{ipaddr|hostname}
The IP address or host name of the

broadcast server. The default value is any
broadcast server.
Example
SR/configure# sntp server 11.12.13.14
sntp retries
Use this command to the number of retries for each SNTP client to connect to an SNTP server.
Syntax
[no] sntp retries <count>
Variable
Value
<count>
Specifies the number of retries the SNTP client to connect to

an SNTP server. Values range from 1 to 5. The default value
is 3.
[no]
Disables SNTP client retries.
Example
SR/configure#sntp retries 4
October 2010
103
system jumbo-mtu-limit
The Avaya Secure Router 2330/4134 supports jumbo frames. Use this command to configure
the Secure Router 2330/4134 system settings to support jumbo frames.
Important:
The Secure Router 4134 management Ethernet interface (FE 0/0) on the rear panel does
not support jumbo frames. Therefore, the management port Maximum Transmission Unit
(MTU) can be configured with a value in the range of 64 to 1500 bytes.
Syntax
system jumbo-mtu-limit <value>
Variable
<value>
Value
Valid values for the jumbo MTU limit are 1500
and 9216 bytes. The default value is 1500
bytes.
Example
SR/configure# system jumbo-mtu-limit 9216
system reset-to-factory
Resetting the router returns it to a factory-default configuration. Use this command to reset the
Secure Router 2330/4134.
Syntax
system reset-to-factory {system|users}
Variable
{system|users}
104
Value
Enter system to remove all information
stored in memory, which includes user
information, event logs, crash logs,
command logs, and boot parameters. Enter
users to remove all users and information
related to users.
October 2010
telnet banner
Example
SR/configure# system reset-to-factory system
telnet banner
Use this command to configure a message to be showed after a telnet login.
Syntax
telnet_banner banner <string> [banner1] [banner2]
Variable
Value
<string>
The banner text that you want to appear in

Telnet sessions. Enter the banner text in
quotation marks. The banner text can be up
to 255 characters in length. Use \n to begin
a new line within the banner.
[banner1]
An optional parameter that you use to extend

the banner text. If you require the banner text
be more than 255 characters in length, use
banner1 <string> to continue the
banner text.
[banner2]
An optional parameter that you use to extend

the banner text.
Example
SR/configure# telnet_banner banner Welcome to Telnet
telnet_server
Use this command to enable or disable the telnet service.
Syntax
[no] telnet_server
Example
SR/configure# telnet_server
October 2010
105
telnet timeout
You can configure the timeout value for Telnet sessions. A Telnet session disconnects if it
remains inactive for the configured session duration. Use this command to enable or disable
the telnet server.
Syntax
telnet_timeout <value>
Variable
<value>
Value
Enter the time in seconds (from 0 to 3600)
after which inactive Telnet sessions
automatically disconnect. The default value
is 900 seconds. If you enter a value of 0
seconds, inactive Telnet sessions do not
automatically disconnect.
Example
SR/configure# telnet_timeout 300
tftp server
Use this command to enable the TFTP service.
Syntax
[no] tftp_server
Example
SR/configure# tftp_server
utc
Use this command to set the current time for the Secure Router 2330/4134 in relation to
Coordinated Universal Time (UTC).
Syntax
utc <+|-> <hour offset> <minute offset>
106
October 2010
utc

Variable
Value
<+|->
The time zone offset. Enter + to indicate that

your time zone is ahead of UTC. Enter - to
indicate that your time zone is behind UTC.
<hour offset>
The number of hours that your local time is

offset from UTC. Enter a value from 0 to 23.
<minute offset>
The number of minutes that your local time

is offset from UTC. Enter a value from 0 to 59.
Example
SR/configure# utc - 4 0
October 2010
107
108
October 2010
Chapter 5: T1/E1 module configuration

commands
clear module
Use this command to clear user statistics for a WAN module interface.
Syntax
clear module {e1_userstats|t1_userstats} <slot/port>
Example
SR#
clear module e1_userstats 2/1
configure interface bundle drop

Use this command to allow the router system to drop an errored T1 or E1 link from the bundle. A
bundle is dropped if excessive errors of a user-specified type occur for a user-defined time
interval.
This parameter does not apply for single-T1 or E1 link and N x DS0 (fractional T1 or E1)
bundles.
Syntax
drop error_type {es | ses | uas | eev | bpv | css | oof | crc } <dropvalue>
Variable
Value
error_type
Error condition that will cause droppage of a

T1 or E1 link from the bundle.
es
Errored Seconds
ses
Severely Errored Seconds
uas
Unavailable Seconds
eev
Excessive Error Violations Seconds
October 2010
109
T1/E1 module configuration commands
Variable
Value
bpv
Bipolar Violations
css
Controlled Slip Seconds
oof
Out of Frame Seconds
crc
CRC-6 Errors
<drop-value>
Drop time in consecutive seconds (1-10 for

es, ses, uas) or drop counts.
Example
SR/configure/interface/bundle wan1# drop error_type ses 10
configure interface bundle link e1/t1

Use this command to link a bundle to the T1/E1 interface to group DS0s into one configurable
interface, and to configure the encapsulation.
Syntax
link [t1 | e1] <slot/port>[:<DS0>] [speed {56 | 64}] [invert_data
{inverted_data}]
Variable
Value
<slot/port>
Specifies the slot and port of the T1 or E1

interface to configure.
[:<DS0>]
Optional DS0 channels to be assigned to a

fractional T1 bundle (1 - 24).
[speed {56 | 64}]
Transmission speed of all DS0 channels in

the bundle (56 or 64 kbps). If this parameter
is not entered, all DS0 channels operate at
64 kbps.
[invert_data {inverted_data}]
Whether or not to invert the data on all DS0

channels (optional entry). If inverted_data is
not entered, the data is not inverted on any
DS0 channels.
Example
SR/configure/interface/bundle SF_01# link e1 3/1
110
October 2010
configure module e1 alarms
configure module e1 alarms

When thresholds are exceeded, the system generates alarms that indicate the possible
deterioration of an E1 link. Use this command to define one alarm threshold for each available
parameter.
Syntax
alarms thresholds user < 1 - 10 > [ ses | es | uas | css | oof | crc
| bpv ] < sampling-interval > < rising-threshold > < fallingthreshold > sample_type [absolute | delta]
Variable
Value
1-10
Alarm threshold number.
absolute
The errored second or event count is

compared directly to the specified threshold
values, and the appropriate alarm type
(rising or falling) is reported.
ses | es | uas | css | oof | crc | bpv
bpv: Threshold for bipolar violation crc:

Threshold for cyclic redundancy check css:
Threshold for controlled slip second es:
Threshold for errored seconds oof:
Threshold for out of frame ses: Threshold for
severely errored seconds uas: Threshold for
unavailable seconds
delta

compared to the difference between the
rising and falling thresholds, and a rising
alarm is reported if the actual error count
exceeds that difference. This is the default
setting if you do not specify a sampling type.
falling-threshold
Minimum number of errored seconds or

events below which a falling alarm is
reported. This alarm is reported if a rising
alarm was previously reported and the
number of errored seconds or events
subsequently dropped below this minimum
threshold. The falling threshold value must
be less than the rising threshold value above.
The range is 0 - 2147483647.
rising-threshold
Number of errored seconds or events which,

if exceeded during any sampling interval,
October 2010
111
Variable
Value
results in a rising alarm. The range is 0 2147483647
sampling-interval
Sampling interval, in seconds. The range is

1 - 65535.
Example
SR/configure/module/e1 (3/1)/alarms/thresholds#
user 1 ses 300 50 30
In this example, the monitored parameter is the number of Severely Errored Seconds that
occur. The sampling interval is set to 300 seconds (5 minutes). The rising alarm threshold is
50 SES and the falling alarm threshold is 30 SES. Delta sampling is used (by default), in which a
rising alarm is reported if the SES count increases by 20 (50 - 30 = 20) during any sampling
interval. Similarly, a falling alarm is reported if the SES count decreases by 20 during any
interval.
configure module e1 alarms hierarchy

Use this command to enable or disable the hierarchy for displaying Receive Loss of Signal
(RLOS) and Receive Loss of Frame (RLOF) on an E1 link.
Syntax
[no] alarms hierarchy
Variable
no
Value
Disables hierarchy.
Example
SR/configure/module/e1 (3/1)# alarms hierarchy
configure module e1 circuitId

Use this command to specify an optional circuit ID for the E1 interface.
Syntax
cicuitId <circuit-id>
112
October 2010
configure module e1 clock_source

Variable
<circuit-id>
Value
optional circuit ID for the E1 channel.
Example
SR/configure/module/e1 (3/1)#
circuit_Id Main01
configure module e1 clock_source

Use this command to configure the clock source to set the network timing source for an E1 link.
Syntax
clock_source {internal | line}
Variable
Value
internal
Sets the clock source to the internal clock of

the Avaya Secure Router 2330/4134
(default).
line
Sets the clock source to be recovered from

the incoming E1 signal (loop timing).
Example
clock_source line
configure module e1 contactInfo

Use this command to specify contact information for a person who can provide details
regarding the E1 link.
Syntax
contactInfo <contact-info>
Variable
<contact-info>
Value
person to contact for information regarding
the E1 link.
October 2010
113
Example
contactInfo James Smythe
configure module e1 description

Use this command to enter a description for the E1 interface.
Syntax
description <port-description>
Variable
port-description
Value
Describes the E1 interface.
Example
description Connected to branch fas2/0
configure module e1 enable

Use this command to enable the E1 interface to allow the link to transmit and receive data.
Syntax
[no] enable
Variable
[no]
Value
Takes the E1 link out of service. This action
sends an all-ones Alarm Indication Signal
(AIS) to the far end and places the link out of
service.
Example
SR/configure/module/e1 (3/1)# enable
114
October 2010
configure module e1 framing
configure module e1 framing

Use this command to set the framing mode for the E1 link.
Syntax
framing {crc|non_crc|disable}
Variable
Value
crc
Specifies CRC framing format for E1

(default).
non_crc
Specifies non-CRC framing format for E1.
disable
Disables the E1 framer.
Example
framing noncrc
configure module e1 linecode

Use this command to set the type of line coding for the E1 link.
Syntax
linecode {hdb3|ami}
Variable
Value
ami
AMI linecode for E1.
hdb3
HDB3 linecode for E1 (default).
Example
linecode ami
configure module e1 linemode

Use this command to configure the line mode for the E1 interface.
October 2010
115
Syntax
linemode {long_haul | short_haul}
Variable
Value
long_haul
Long haul type for linemode configuration.

Operations up to 6 dB. (default).
short_haul
Short haul type for linemode configuration.

Operations up to 43 dB.
Example
linemode short_haul
configure module e1 name

Use this command to assign a name to the E1 link.
Syntax
name <name>
Variable
<name>
Value
Assigns a name to the E1 link (max 16
bytes).
Example
name test1
configure module e1 yellow_alarm

Use this command to configure the yellow alarm operation on the E1 link.
Syntax
yellow_alarm {generate | detect | gen_det | disable}
116
October 2010
configure module t1 alarms thresholds user

Variable
Value
detect
Detect incoming yellow alarms from the

network.
disable
Disable yellow alarm generator.
gen_det
Generate and detect yellow alarms (default

state).
generate
Generate and send yellow alarms to the

network.
Example
SR/configure/module/e1 (3/1)/alarms/thresholds#
gen_det
yellow_alarm

Use this command to set the T1 user statistic alarm thresholds.
When user-configurable thresholds are exceeded, the SR2330/4134 generates alarms that
indicate the possible deterioration of a T1 link. Refer to the following parameters to determine
the specific T1 data type that needs to be configured. You can define one alarm threshold for
each parameter.
Syntax
alarms thresholds user < 1 - 10 > [ ses | es | uas | eev | css | oof
| crc | bpv ] < sampling-interval > < rising-threshold > < fallingthreshold > sample_type [ absolute | delta ]
Variable
Value
1-10
absolute | delta
absolute: The errored second or event count

is compared directly to the specified
threshold values, and the appropriate alarm
type (rising or falling) is reported. delta: The
errored second or event count is compared
to the difference between the rising and
falling thresholds, and a rising alarm is
reported if the actual error count exceeds
that difference. This is the default setting if
you do not specify a sampling type.
October 2010
117
Variable
Value
ses | es | uas | eev | css | oof | crc | bpv
Specifies the threshold type: bpv: Threshold

for bipolar violation crc: Threshold for cyclic
redundancy check css: Threshold for
controlled slip second eev: Threshold for esf
error events es: Threshold for errored
seconds oof: Threshold for out of frame ses:
Threshold for severely errored seconds uas:
Threshold for unavailable seconds
falling-threshold

The range is 0 - 2147483647.
rising-threshold

sampling-interval

1 - 65535.
Example
SR/configure/module/t1 (3/1)/alarms/thresholds#
user 1 ses 300 50 30
In this example, the monitored parameter is the number of Severely Errored Seconds that
occur. The sampling interval is set to 300 seconds (5 minutes). The rising alarm threshold is
50 SES and the falling alarm threshold is 30 SES. Delta sampling is used (by default), in which a
rising alarm is reported if the SES count increases by 20 (50 - 30 = 20) during any sampling
interval. Similarly, a falling alarm is reported if the SES count decreases by 20 during any
interval.
configure module t1 alarms hierarchy

(RLOS) and Receive Loss of Frame (RLOF) on a T1 link.
Syntax
[no] alarms hierarchy
118
October 2010
configure module t1 circuitId

Variable
no
Value
Disables hierarchy.
Example
SR/configure/module/t1 (3/1)# alarms hierarchy
configure module t1 circuitId

Use this command to specify an optional circuit name for a T1 channel.
Syntax
cicuitId [cktId] <circuit-id>
Variable
<circuit-id>
Value
Optional circuit ID for the T1 channel.
Example
SR/configure/module/t1 (3/1)#
circuit_Id Main01
configure module t1 clock_source

Use this command to specify a network timing source for a T1 link.
Syntax
clock_source {backplane|internal|line}
Variable
Value
backplane
Sets the clock source to the backplane of the

SR2330/4134.
internal
Sets the clock source to the internal clock of

the SR2330/4134 (default).
line
Sets the clock source to be recovered from

the incoming T1 signal (loop timing).
October 2010
119
Example
clock_source line
configure module t1 contactInfo

Use this command to specify a person to contact for information regarding the T1 link.
Syntax
contactInfo <contact-info>
Variable
<contact-info>
Value
Person to contact for information regarding
the T1 link.
Example
contactInfo James Smythe
configure module t1 description

Use this command to enter a description for the T1 interface.
Syntax
description <port-description>
Variable
<port-description>
Value
Describes the T1 interface.
Example
fas2/0
description Connected to Chicago's
configure module t1 enable

Use this command to places a T1 link in service and allow the link to transmit and receive data.
120
October 2010
configure module t1 framing
Syntax
[no] enable
Variable
[no]
Value
Takes the T1 link out of service. This action
service.
Example
SR/configure/module/t1 (3/1)# enable

Use this command to configure T1 framing.
Syntax
framing {esf| d4}
Variable
Value
esf
Specifies extended super frame framing

format for T1 (default).
d4
Specifies super frame framing format for T1.
Example
framing esf
configure module t1 linecode

Use this command to set the type of line coding for a T1 link.
Syntax
linecode {b8zs|ami}
October 2010
121

Variable
Value
ami
AMI linecode for T1
b8zs
B8Zs linecode for T1 (default)
Example
linecode b8zs
configure module t1 linemode csu

Use this command to set the amount of T1 line build out (LBO) for the Channel Service Unit
(CSU) interface.
Syntax
linemode csu [lbo] {db_zero | db7_5 | db15 | db22_5}
Variable
Value
db7_5
Configure LBO for zero db (default)
db15
Configure LBO for 7.5 db
db22_5
Configure LBO for 15 db
db_zero
Configure LBO for 22.5 db
Example
SR/configure/module/t1 (3/1)# linemode csu db15
configure module t1 linemode dsx

Use this command to set the amount of T1 signal equalization based on the cabling distance
to the DSX cross-connec.
Syntax
linemode dsx [cable-length] <length>
122
October 2010
configure module t1 loopback_framing

Variable
Value
1: specifies cable length of 0-110 2: specifies
cable length of 110-220 3: specifies cable
length of 220-330 4: specifies cable length of
330-440 5: specifies cable length of 440-550
6: specifies cable length of 550-660
<length>
Example
SR/configure/module/t1 (3/1)# linemode dsx 2
configure module t1 loopback_framing

Use this command to set the loopback framing mode for in-band loopcode to overwriting or
insertion.
Syntax
loopback_framing {overwrite | insert}
Variable
Value
overwrite
Overwriting of framing for in-band loopcode

for T1 (default).
insert
Insertion of framing for in-band loopcode for

T1.
Example
SR/configure/module/t1 (3/1)# loopback_framing insert
configure module t1 name

Use this command to specify a name for the T1 link.
Syntax
name <name>
October 2010
123

Variable
name
Value
Assigns a name to the T1 link (max 15 bytes).
Example
name test1
configure module t1 yellow_alarm

Use this command to set the yellow alarm operation on a T1 link.
Syntax
yellow_alarm {generate | detect | gen_det | disable}
Variable
Value
detect
Detect incoming yellow alarms from the

network.
disable
Disable yellow alarm generator.
gen_det
Generate and detect yellow alarms (default

state).
generate
Generate and send yellow alarms to the

network.
Example
yellow_alarm gen_det
show module alarms

Use this command to display the alarms detected on an E1 or T1 module.
This command also shows individual user threshold alarms for all user statistics currently
configured with alarm thresholds. To view the current user alarm threshold settings, use the
show module thresholds command.
To display the alarms in real-time, specify the desired refresh interval in minutes when entering
this command. To return to the system command prompt, type q.
124
October 2010
show module ansistats
Syntax
show module alarms {e1|t1} <slot/port> [refresh_interval <1-65535>]
Variable
Value
[refresh_interval <1-65535>] Specifies how often, in minutes, the alarm display is updated
(optional entry; minimum is 1 minute). If you do not specify
an interval, you must repeat the command to update the
alarm display.
Example
SR#
show module alarms t1 2/1

Use this command to display ANSI statistics for a T1 interface.
The command shows the current 15-minute interval statistics, the elapsed time in the current
sampling interval, and the total counts for the past 8 hours. These statistics can be cleared
only by the carrier by FDL requests from the remote end.
You can view statistics for multiple 15-minute intervals by specifying the number of intervals
you wish to view (from 1 to 96).
Syntax
show module ansistats t1 <slot/port> [interval_range <1-96>]
Example
SR#
show module ansistats t1 2/1

Use this command to display the configuration for a specified E1 or T1 WAN module.
Syntax
show module configuration {e1|t1} <slot/port>
Example
SR#
show module configuration t1 2/1
October 2010
125
show module ietfstats

Use this command to display IETF performance statistics for T1 or E1 module interfaces. You
can view statistics for multiple 15-minute intervals by specifying the number of intervals you
wish to view (from 1 to 96).
Syntax
show module ietfstats {e1|t1} <slot/port> [interval_range <1-96>]
Example
SR#
show module ietfstats t1 2/1
show module itutstats

Use this command to display ITUT performance statistics for an E1 interface. You can view
statistics for multiple 15-minute intervals by specifying the number of intervals you wish to view
(from 1 to 96).
Syntax
show module itutstats e1 <slot/port> [interval_range <1-96>]
Example
SR#
show module itutstats e1 2/1
show module thresholds

Use this command to show the alarm threshold settings for a module interface. Alarm
thresholds are configured on a per-module basis.
Syntax
show module thresholds {e1|t1} <slot/port>
Example
SR#
126
show module thresholds t1 2/1
October 2010
show module userstats

Use this command to display performance statistics for a WAN module interface.
you wish to view (from 1 to 96). To clear these statistics after viewing them, use the clear
module command.
Syntax
show module userstats {e1|t1} <slot/port> [interval_range <1-96>]
Example
SR#
show module userstats t1 2/1
October 2010
127
128
October 2010
Chapter 6: DS3 module configuration

commands
clear module t3_userstats

Use this command to clear user statistics for a DS3 WAN module interface.
Syntax
clear module t3_userstats <slot/port>
Example
SR#
clear module t3_userstats 6/1
configure interface bundle link t3

Use this command to link a bundle to a DS3 interface to configure the encapsulation for the
interface.
Syntax
link t3 <slot/port>
Variable
<slot/port>
Value
Specifies the slot and port of the DS3
Example
SR/interface/bundle/wan1#
link t3 7/1

Use this command to set the T1 user statistic alarm thresholds.
October 2010
129
DS3 module configuration commands
When user-configurable thresholds are exceeded, the SR4134 generates alarms that indicate
the possible deterioration of a T1 link. Refer to the following parameters to determine the
specific T1 data type that needs to be configured. You can define one alarm threshold for each
parameter.
Syntax
alarms thresholds user < 1 - 10 > [ lcv | fbe | pbe | cpbe| febe| |
exz | cofa ] < sampling-interval > < rising-threshold > < fallingthreshold > sample_type [absolute | delta] [t1 <1-28>]
Variable
Value
1-10
absolute

lcv | fbe | pbe | cpbe| febe| |exz | cofa
cofa: Threshold for COFA cpbe: Threshold

for CPBE exz: Threshold for EXZ fbe:
Threshold for FBE febe: Threshold for FEBE
lcv: Threshold for LCV pbe: Threshold for
PBE
falling-threshold

The range is 0 - 2147483647.
rising-threshold

sampling-interval

1 - 65535.
sampling-interval

1 - 65535.
Example
SR/configure/module/t3 (7/1)/alarms/thresholds#
absolute
user 1 lcv 300 50 25
In this example, the monitored parameter is the LCVs that occur. The sampling interval is set
to 300 seconds (5 minutes). The rising alarm threshold is 50 LCVs and the falling alarm
threshold is 25 LCVs. Absolute sampling is used, in which a rising alarm is reported if the LCV
130
October 2010
configure module t3 cable_length
count exceeds 50 during any sampling interval. A falling alarm is also reported if the LCV count
subsequently falls back below 25 during that interval.
configure module t3 cable_length

Use this command to set the DS3 link transmit signal build-out to condition the outgoing signal
according to the cabling distance to the external DS3 device.
Syntax
cable_length <1-2>
Variable
Value
0-225 feet (default)
226 - 450 feet
Example
cable_length 2
configure module t3 clock_source

Use this command to specify the network timing source for a DS3 WAN link.
Syntax
clock_source {internal|line}
Variable
Value
internal
Specifies the local clock (default).
line
Specifies the network clock.
Example
clock_source line
October 2010
131

Use this command to configure framing for the DS3 link.
Important:
The Clear Channel DS3 interface module does not currently support the use of the M13
framing format. Only the default framing format of C-BIT can be used on Clear Channel DS3
interface modules.
Syntax
framing {c_bit}
Variable
Value
c_bit
specifies the framing format for T3 (default).
m13
Specifies the M13 framing format for T3.
Example
framing c_bit
configure module t3 name

Use this command to assign a name to the DS3 link.
Syntax
name <name>
Variable
<name>
Value
Specifies a name to be assigned to the T3
link (max 15 bytes).
Example
132
name test1
October 2010
show module alarms
show module alarms

Use this command to display the alarms detected on a DS3 module.
Syntax
show module alarms t3 <slot/port> [refresh_interval <1-65535>]
Variable
Value
alarm display.
Example
SR#
show module alarms t3 6/1

Use this command to display ANSI statistics for a DS3 interface.
Syntax
show module ansistats t3 <slot/port> [interval_range <1-96>]
Example
SR#
show module ansistats t3 6/1
October 2010
133

Use this command to display the configuration for a specified DS3 WAN module interface.
Syntax
show module configuration t3 <slot/port>
Example
SR#
show module configuration t3 6/1

Use this command to display IETF performance statistics for DS3 module interfaces. You can
view statistics for multiple 15-minute intervals by specifying the number of intervals you wish
to view (from 1 to 96).
Syntax
show module ietfstats t3 <slot/port> [interval_range <1-96>]
Example
SR#
show module ietfstats t3 6/1

Use this command to show the alarm threshold settings for a DS3 module interface. Alarm
Syntax
show module thresholds t3 <slot/port>
Example
SR#
show module thresholds t3 6/1

Use this command to display performance statistics for a DS3 WAN module interface.
134
October 2010
module command.
Syntax
show module userstats t3 <slot/port> [interval_range <1-96>]
Example
SR#
show module userstats t3 6/1 interval_range 5
October 2010
135
136
October 2010
Chapter 7: CT3 module configuration

commands
clear module ct3_userstats

Use this command to clear user statistics for a CT3 WAN module interface.
Syntax
clear module ct3_userstats <slot/port>
Example
SR#
clear module ct3_userstats 6/1
configure interface bundle link ct3

Use this command to link a bundle to a DS3 interface to configure the encapsulation for the
interface.
Syntax
link ct3 <slot/port/t1no>[:<DS0>] [speed {56 | 64}] [invert_data
{inverted_data}]
Variable
Value
<slot/port/t1no>
Specifies the slot and port of the CT3

interface, as well as the T1 channels to
configure from the CT3 link.
[:<DS0>]
Optional DS0 channels to be assigned to a

fractional T1 bundle (1 - 24).
[speed {56 | 64}]
Transmission speed of all DS0 channels in

the bundle (56 or 64 kbps). If this parameter
is not entered, all DS0 channels will operate
at 64 kbps.
October 2010
137
CT3 module configuration commands
Variable
[invert_data {inverted_data}]
Value
Whether or not to invert the data on all DS0
channels (optional entry). If inverted_data is
not entered, the data will not be inverted on
any DS0 channels.
Example
link ct3 7/1/5-7
configure module ct3 alarms thresholds user

Use this command to set the alarm thresholds for the CT3 and CT3 T1 user statistics gathered
by the SR4134.
Each router gathers seven types of user statistics for a CT3 WAN link, and you can set a
separate alarm threshold for each type of statistic. Each router also gathers 10 types of user
statistics for every T1 channel of a CT3 link.
To show the current user statistic alarm threshold settings, use the show module
thresholds ct3 command.
To view the user statistic alarms in progress, use the show module alarms ct3
command.
To view the actual user statistics, use the show module userstats ct3 command.
Syntax
alarms thresholds user < 1 - 10 > [ lcv | fbe | pbe | cpbe| febe| cofa
| ses | es | bes | uas | eev | lofc | css | oof | crc | bpv ] <
sampling-interval > < rising-threshold > < falling-threshold >
sample_type [absolute | delta] [t1 <1-28>]
Variable
138
Value
1-10
absolute

lcv | fbe | pbe | cpbe| febe| |exz | cofa
cofa: Threshold for COFA cpbe: Threshold

for CPBE exz: Threshold for EXZ fbe:
Threshold for FBE febe: Threshold for FEBE
lcv: Threshold for LCV pbe: Threshold for
PBE
October 2010
configure module ct3 alarms hierarchy
Variable
Value
falling-threshold

The range is 0 - 2147483647.
rising-threshold

sampling-interval

1 - 65535.
sampling-interval

1 - 65535.
Example
SR/configure/module/ct3 (7/1)/alarms/thresholds#
25 absolute
user 1 lcv 300 50
In this example, the monitored parameter is the LCVs that occur. The sampling interval is set
to 300 seconds (5 minutes). The rising alarm threshold is 50 LCVs and the falling alarm
threshold is 25 LCVs. Absolute sampling is used, in which a rising alarm is reported if the LCV
count exceeds 50 during any sampling interval. A falling alarm is also reported if the LCV count
subsequently falls back below 25 during that interval.
configure module ct3 alarms hierarchy

(RLOS) and Receive Loss of Frame (RLOF) on a CT3 T1 link.
To verify that the alarms has been enabled or disabled, use the show module
configuration command. The display indicates whether RLOS and RLOF are On or
Off .
Syntax
[no] alarms hierarchy <t1no>
October 2010
139

Variable
Value
no
Disables hierarchy.
<t1no>
Specifies the T1 link.
Example
SR/configure/module/ct3 (7/1)# alarms hierarchy 3
configure module ct3 cable_length

Use this command to set the CT3 link transmit signal build-out to condition the outgoing signal
according to the cabling distance to the external CT3 device.
Syntax
cable_length [1|2]
Variable
Value
0-225 feet (default)
226 - 450 feet
Example
SR/configure/module/ct3(7/1)#
cable_length 2
configure module ct3 clock_source

Use this command to specify the network timing source for a CT3 WAN link.
Syntax
clock_source [internal|line]
Variable
internal
140
Value
Specifies the local clock generated by the
router (default).
October 2010
configure module ct3 enable
Variable
line
Value
Specifies the clock signal recovered from the
incoming CT3 signal. Use this setting if the
system is loop-timed from the far-end CT3
system.
Example
SR/configure/module/ct3(7/1)#
clock_source line
configure module ct3 enable

Use this command to place a CT3 T1 link in service and allow the link to transmit and receive
data. By default, the T1 links are enabled.
Syntax
[no] enable <1-28>
Variable
Value
[no]
Takes the T1 link out of service. This action

service.
<1-28>
Specifies an individual T1 or a range of T1s.
Example
SR/configure/module/ct3 (7/1)# enable 7
configure module ct3 framing

Use this command to configure either C-bit or M13 framing for the CT3 link.
Contact your carrier to determine the appropriate setting.
Syntax
framing [c_bit|m13]
October 2010
141

Variable
Value
c_bit
Specifies C-bit framing format for CT3

(default).
m13
Specifies M13 framing format for CT3
Example
SR/configure/module/ct3 (7/1)#
framing c_bit
configure module ct3 t1

Use this command to configure the properties for the T1 connections in the CT3 interface:
Syntax
t1 <t1-no> [framing {esf | d4}] [yellowalarm {generate | detect |
gen_det | disable}] [clock_source {backplane | internal | line}]
[name <name>] [description <t1-description>] [cicuitId <circuit-id>]
[contactInfo <contact-info>]
Variable
142
Value
<t1-no>
T1 number or range of T1s (1-28).
[framing {esf | d4}]
esf: Extended Super Frame framing format

for T1 (default) d4: Super Frame framing
format for T1
[yellowalarm {generate | detect | gen_det |

disable}]
generate: Generate and send yellow alarms

to the network. detect: Detect incoming
yellow alarms from the network. gen_det:
Generate and detect yellow alarms. disable:
Disable yellow alarm generator (default
state).
[clock_source {backplane | internal | line}]
backplane: Sets the clock source to the

backplane of the SR4134. internal: Sets the
clock source to the internal clock of the
SR4134. line: Sets the clock source to be
recovered from the incoming T1 signal (loop
timing).
[name <name>]
Assigns a name to the T1 link (max 15 bytes).
[description <t1-description>]
Describes the T1 interface.
October 2010
show module alarms
Variable
Value
[cicuitId <circuit-id>]
Optional circuit ID for the T1 channel.
[contactInfo <contact-info>]
Person to contact for information regarding

the T1 link.
Example
SR/configure/module/ct3 (7/1)# t1 4 esf line gen_det circuitId
Main01 contactInfo JamesSmythe description SJ-Fremont
In this example, T1 channel 4 is set up for ESF framing, B8ZS line coding, external clocking,
and yellow alarm generation and detection.
show module alarms

Use this command to display the alarms detected on a CT3 module.
Syntax
show module alarms ct3 <slot/port>[:t1-no]
Variable
Value
alarm display.
[:t1-no]
Specifies a T1 channel for viewing T1 alarms on CT3

modules. The range is 1 - 28. You can view only one channel
at a time.
Example
SR#
show module alarms ct3 6/1:10
October 2010
143

Use this command to display ANSI statistics for a CT3 interface.
Syntax
show module ansistats ct3 <slot/port> [t1_no <t1-no>] [interval_range
<1-96>]
Example
SR#
show module ansistats ct3 6/1 t1_no 10

Use this command to display the configuration for a specified CT3 WAN module interface.
Syntax
show module configuration ct3 <slot/port>[:t1-no]
Example
SR#
show module configuration ct3 6/1:10

Use this command to display IETF performance statistics for CT3 module interfaces. You can
view statistics for multiple 15-minute intervals by specifying the number of intervals you wish
to view (from 1 to 96).
Syntax
show module ietfstats ct3 <slot/port> [t1_no <t1-no>] [interval_range
<1-96>]
Example
SR#
144
show module ietfstats ct3 6/1 t1_no 10
October 2010

Use this command to show the alarm threshold settings for a CT3 module interface. Alarm
Syntax
show module thresholds ct3 <slot/port> [t1_no <t1-no>]
Example
SR#
show module thresholds ct3 6/1 t1_no 10

Use this command to display performance statistics for a CT3 WAN module interface.
module command.
Syntax
show module userstats ct3 <slot/port> [t1_no <t1-no>] [interval_range
<1-96>]
Example
SR#
show module userstats ct3 6/1 t1_no 10 interval_range 5
October 2010
145
146
October 2010
Chapter 8: Serial module configuration

commands
clear module serial_userstats

Use this command to clear user statistics for a serial WAN module interface.
Syntax
clear module serial_userstats <slot/port>
Example
SR#
clear module serial_userstats 2/1
configure interface bundle link serial

Use this command to link a bundle to the serial interface in order to configure the encapsulation
for the interface.
Syntax
link serial <slot/port>
Variable
<slot/port>
Value
Specifies the slot and port of the serial
Example
link serial 4/1
configure module serial

Use this command to configure the serial module mode
October 2010
147
Serial module configuration commands
Syntax
{ x21 | v35 | S232 | S449 | S530 | S530A }
Variable
Value
x21
X.21 mode.
v35
V.35 mode.
S232
RS-232 mode.
S449
RS-449 mode.
S530
EIA-530 mode.
S530A
EIA-530A mode.
Example
SR/configure/module/serial (4/1)#
x21
configure module serial clock_rate

Use this command to configure the clock rate for the serial interface.
Syntax
clock_rate <clock-rate>
Variable
<clock-rate>
Value
Valid range for X.21, V.35, S449, S530, and
S530A: 56000 - 2000000 Valid range for
S232: 1200 - 115000
Example
SR/configure/module/serial (4/1)/x21#
clock_rate 56000
configure module serial clock_source

Use this command to configure the clock source for the serial interface.
148
October 2010
configure module serial crc
Important:
When you specify the serial port clock source as an external network clock (clock_source
line), use the serial clock_rate command to specify a clock rate that is equal to the
speed of the clock provided by the far-end equipment.
Syntax
clock_source {internal | line}
Variable
Value
internal
Specifies the clock source is received from

the router.
line
Specifies the clock source is received from

an external network clock.
Example
clock_source internal
configure module serial crc

Use this command to configure the CRC check sum for the serial interface.
Syntax
crc {16 | 32}
Variable
Value
16
Specifies 16 bits in the check sum.
32
Example
SR/configure/module/serial (4/1)/x21# crc 32
configure module serial data_mode

Use this command to configure the data mode for the serial interface.
October 2010
149
Syntax
data_mode {normal | inverted}
Variable
Value
inverted
Specifies that data is sent inverted.
normal
Specifies that data is sent without

modification.
Example
SR/configure/module/serial (4/1)/x21# data_mode normal
configure module serial mode

Use this command to configure the operational mode for the serial interface.
Syntax
mode {dte | dce}
Variable
Value
dte
Specifies that the port is operating as a Data

Terminal Equipment. This is the default for all
serial port modes.
dce
Specifies that the port is operating as a Data

Communications Equipment
Example
SR/configure/module/serial (4/1)/x21# mode dte
configure module serial name

Use this command to configure the name for the serial interface.
Syntax
name <name>
150
October 2010
show module alarms

Variable
<name>
Value
Specifies the name of the interface (max 16
bytes)
Example
name toSJ
show module alarms

Use this command to display the alarms detected on a serial module.
Syntax
show module alarms serial <slot/port> [refresh_interval <1-65535>]
Variable
Value
alarm display.
Example
SR#
show module alarms serial 2/1

Use this command to display the configuration for a specified serial WAN module interface.
Syntax
show module configuration serial <slot/port>
Example
SR#
show module configuration serial 2/1
October 2010
151

Use this command to display performance statistics for a serial WAN module interface.
module command.
Syntax
show module userstats serial <slot/port> [interval_range <1-96>]
Example
SR#
152
show module userstats serial 2/1 interval_range 5
October 2010
Chapter 9: HSSI module configuration

commands
clear module hssi_userstats

Use this command to clear user statistics for a hssi WAN module interface.
Syntax
clear module hssi_userstats <slot/port>
Example
SR#
clear module hssi_userstats 6/1
configure interface bundle link hssi

Use this command to link a bundle to the HSSI interface in order to configure the encapsulation
for the interface.
Syntax
link hssi <slot/port>
Variable
<slot/port>
Value
specifies the slot and port of the HSSI
Example
link serial 6/1
configure module hssi clock_rate

Use this command to configure the clock rate for the HSSI interface.
October 2010
153
HSSI module configuration commands
Syntax
clock_rate <1000000 - 52000000>
Variable
<1000000 - 52000000>
Value
Specifies the clock rate for the HSSI
interface.
Example
SR/configure/module/hssi (5/1)#
clock_rate 1000001
configure module hssi clock_source

Use this command to configure the clock source for the HSSI interface.
Syntax
clock_source {internal|line}
Variable
Value
internal
specifies the clock source is received from

the router.
line
specifies the clock source is received from an

external network clock.
Example
clock_source internal
configure module hssi crc

Use this command to configure the CRC check sum for the HSSI interface.
Syntax
crc {16|32}
154
October 2010
configure module hssi data_mode

Variable
Value
16
32
Example
crc 16
configure module hssi data_mode

Use this command to configure the data mode for the HSSI interface.
Syntax
data_mode {normal|inverted}
Variable
Value
inverted
Specifies that data is sent inverted.
normal
Specifies that data is sent without modification.
Example
data_mode inverted
configure module hssi mode

Use this command to configure the operational mode for the HSSI interface.
Syntax
mode {dte|dce}
Example
mode dte
October 2010
155
configure module hssi name

Use this command to assign a name to the HSSI interface.
Syntax
name <name>
Variable
<name>
Value
specifies the name for the HSSI interface
(max 16 bytes).
Example
name test1
show module alarms

Use this command to display the alarms detected on a HSSI module.
Syntax
show module alarms hssi <slot/port> [refresh_interval <1-65535>]
Variable
Value
alarm display.
Example
SR#
156
show module alarms hssi 6/1
October 2010

Use this command to display the configuration for a specified HSSI WAN module interface.
Syntax
show module configuration hssi <slot/port>
Example
SR#
show module configuration hssi 6/1

Use this command to display performance statistics for a HSSI WAN module interface.
module command.
Syntax
show module userstats hssi <slot/port> [interval_range <1-96>]
Example
SR#
show module userstats hssi 6/1 interval_range 5
October 2010
157
158
October 2010
Chapter 10: ISDN configuration commands
clear isdn bri-statistics

Use this command to clear ISDN BRI statistics.
Syntax
clear isdn bri-statistics <slot/port>
Example
SR#
clear isdn bri-statistics 2/1
clear isdn pri-statistics

Use this command to clear ISDN PRI statistics.
Syntax
clear isdn pri-statistics <slot/port>
Example
SR#
clear isdn pri-statistics 2/1
configure dialer answer-mode

Use this command to configure management CLI service mode.
Syntax
[no] answer-mode [answer-mode <enable | disable>] [priority {high |
low}]
Variable
answer-mode <enable | disable>
Value
Enables or disables answer mode.
October 2010
159
ISDN configuration commands
Variable
Value
[no]
Disables the answer mode configuration.
priority {high | low}
Specifies the answer mode priority level. The

default is low.
Example
SR/configure/dialer dial2#answer-mode answer-mode enable
configure dialer idle-timeout

Use this command to configure the dialer idle-timeout interval.
Syntax
[no] idle-timeout <timeout>
Variable
Value
[no]
Disables the dialer idle-timeout interval configuration.
<timeout>
Specifies the idle timeout time. Values range from 1 to 6000

seconds. The default value is 180 seconds.
Example
SR/configure/#dialer dial2idle-timeout 120
configure interface bundle isdn activate

Use this command to activate ISDN with user data.
If you change any of the ISDN properties (except callingnum, callednum, idle-timeout, callback, and connect-delay), you must deactivate ISDN (using the no activate command) and
then reactivate ISDN for the changes to be applied.
Syntax
activate
Example
SR/configure/interface/bundle pri1/isdn#
160
activate
October 2010
configure interface bundle isdn answer
configure interface bundle isdn answer

Use this command to configure the called party and sub-address in the incoming setup
message.
Syntax
{answer1 | answer2} <callednum> [sub-address <sub-address>]
Variable
Value
callednum
Caller party number (maximum of 20 digits).
[sub-address <sub-address>]
Sub address (maximum of 10 digits).
Example
answer1 2342345
configure interface bundle isdn call-back

Use this command to enable call-back for the interface. (The interface uses the caller value to
place the call.)
Syntax
[no] call-back
Variable
no
Value
Disables call back.
Example
call-back
configure interface bundle isdn callednum

Use this command to configure the called party and sub-address. Typically this is the number to
be called.
October 2010
161
Syntax
callednum <called-num> sub-address <sub-address>
Example
callednum 2363623
configure interface bundle isdn caller

Use this command to configure the origin of the call. This command configures the caller to
screen the incoming call. If the incoming call matches with the caller configured then the call
is put through.
Syntax
caller <caller-num>
Variable
<caller-num>
Value
Telephone number (maximum of 20 digits) of
the caller.
Example
caller 180012345678
configure interface bundle isdn callingnum

Use this command to configure the calling number and the sub-address.
Synatx
callingnum <callingnum> [sub-address <sub-address>]
Variable
Value
<calling-num>
Calling number.
[sub-address <sub-address>]
Sub address (maximum of 10 digits).
Example
162
callingnum 2345632
October 2010
configure interface bundle isdn connect-delay
configure interface bundle isdn connect-delay

Use this command to configure the connect delay period used to connect the ISDN call.
Syntax
connect-delay <1-60>
Variable
<1-60>
Value
Delay in number of seconds. Valid range is
1-60. The default is 15.
Example
connect-delay 23
configure interface bundle isdn disconnect-cause

Use this command to configure the disconnect cause code.
Syntax
disconnect-cause <disconnect-cause>
Variable
Value
<disconnect-cause>
1 unassigned number 2 no route to transit

network 3 no route to destination 6 channel
unacceptable 7 call awarded and being
delivered 9 prefix 1 dialed in error 16 normal
call clearing 17 user busy (default) 18 no user
response 19 no answer (user alerted ) 21 call
rejected 22 number changed 24 number
unassigned 26 non selected User clearing 27
destination out of order 28 invalid number
format 29 facility rejected 30 response to
satus enquiry 31 normal unspecified 34 no
circuit/channel available 34 no circuit/
channel available 35 call queued 38 network
out of order 41 temporary failure 42 switch
equipment congestion 43 access info
discarded 44 requested circuit/channel
October 2010
163
unavailable 47 resources unavailable,

unspecified 49 quality of Service unavailable
50 requested facility not subscribed 52
outgoing calls barred 54 incoming calls
barred 57 bearer capability not authorized 58
bearer capability not available 59 call
restriction 60 terminal call redirection
rejected 62 unauthorized service 63 service
or option unavailable 65 bearer capability not
implemented 66 channel type not
implemented 69 requested facility not
implemented 70 only restricted digital bear
cap is avail 79 service or option not
implemented 81 invalid call reference 82
channel does not exist 83 susp. call exists,
call id is invalid 84 call identity is in use 85 no
call suspended 86 call id has been cleared
88 incompatible destination 91 invalid transit
network selection 92 invalid facility
parameter 95 invalid message, unspecified
96 mandatory info element is missing 97
message type is non-existent or not
implemented 98 message type invalid in call
state or not implemented 99 info element
non-existent or not implemented 100 invalid
info element 101 message type not
compatible with call state 102 recovery on
timer expiry 103 message received with
mandatory info element of incorrect length
111 protocol error, unspecified 112 protocol
discriminator error 113 bearer service not
available 114 end-to-end info transfer
impossible 126 entering conversation mode
127 interworking specified
Example
SR/configure/interface/bundle pri1 isdn#
disconnect-cause 34
configure interface bundle isdn idle-timeout

Use this command to configure the idle timeout period before disconnecting the ISDN call.
Syntax
idle-timeout <0-60>
164
October 2010
configure interface bundle isdn map

Variable
<0-60>
Value
Idle timeout in minutes. Valid range is 0-60
minutes. The default is 5 minutes. A value of
0 disables the timeout feature.
Example
idle-timeout 45
configure interface bundle isdn map

Use this command to override the default ISDN type and plan generated by the router with
custom values.
Syntax
[no] map <address> <plan> <type>
Variable
Value
[no]
Reverts to the default ISDN type and plan.
<address>
Specifies either the calling number or the

called number. This parameter can be a
regular expression also for pattern matching.
It specifies that the ISDN type and plan will
be overridden for addresses that match the
regular expression.
<plan>
Specifies the numbering plan:

Unknown: unknown with bit value 0000
isdn: ISDN/telephony numbering- E.164/E.
163 with bit value 0001
tel: telephony numberingE.163 with bit
value 0010
data: data numberingX.121 with bit
value 0011
telex: telex numbering
Recommendation F.69 with bit value 0100
October 2010
165
Variable
Value
national: national standard numbering with
bit value 1000
private: private numbering with bit value
1001
<type>
Specifies the type:

unknown: unknown with bit value 000
international: international number with bit
value 001
national: national number with bit value
010
network: network specific number with bit
value 011
subscriber: subscriber number with bit
value 100
overlap: overlap sending with bit value
1001
abbreviated: abbreviated number with bit
value 110
Example
map 2363623 1000 010
configure interface bundle isdn q921-timers

Use this command to access the ISDN Q921 timer commands, which are used to configure
Layer 2 timers for the ISDN interface.
Syntax
q921-timer
Example
q921-timers
configure interface bundle isdn q921-timers k

Use this command to configure outstanding I frames.
166
October 2010
configure interface bundle isdn q921-timers n200
Syntax
k <1-10>
Variable
<1-10>
Value
Value (default: 7)
Example
SR/configure/interface/bundle pri1/isdn/q921-timers#
q921-timer k 5

Use this command to configure the n200 value.
Syntax
n200 <1-10>
Variable
<1-10>
Value
Value (default: 3)
Example
n200 6

Use this command to configure the n201 value.
Syntax
n201 <500-2000>
Variable
<500-2000>
Value
Value (default: 1028)
Example
n201 1500
October 2010
167
configure interface bundle isdn q921-timers t200

Use this command to configure the t200 timer.
Syntax
t200 <1-10>
Variable
<1-10>
Value
Time in seconds (default: 2)
Example
t200 5
q921-timer

Syntax
t203 <5-15>
Variable
<5-15>
Value
Example
t203 10
configure interface bundle isdn q931-timers

Use this command to access the ISDN Q931 timer commands, which are used to configure
Layer 3 timers for the ISDN interface.
Syntax
q931-timers
168
October 2010
Example
q931-timers

Use this command to configure the t303 setup sent timer.
Syntax
t303 <2-10>
Variable
<2-10>
Value
Example
t303 5

Use this command to configure the t304 setup ack received timer.
Syntax
t304 <20-50>
Variable
<20-50>
Value
Example
t304 40

Use this command to configure the t305 disconnect sent timer (user).
October 2010
169
Syntax
t305 <20-50>
Variable
<20-50>
Value
Example
t305 40

Use this command to configure the t308 Release sent timer.
Syntax
t308 <2-10>
Variable
<2-10>
Value
Example
t308 6

Use this command to configure the t310 call proceeding received timer.
Syntax
t310 <20-50>
Variable
<20-50>
Value
Time in seconds (default: 30).
Example
170
t310 40
October 2010

Use this command to configure t313 connect sent, waiting for connect ack timer.
Syntax
t313 <2-10>
Variable
<2-10>
Value
Example
t313 6

Use this command to configure the t316 restart sent, wait for restart ack timer.
Syntax
t316 <110-140>
Variable
<110-140>
Value
Example
t316 130

Syntax
t319 <2-10>
October 2010
171

Variable
<2-10>
Value
Example
t319 6

Use this command to configure the t322 status enquiry sent timer
Syntax
t322 <2-10>
Variable
<2-10>
Value
Example
t322 6
configure interface bundle isdn spid1

Use this command to configure the service profile ID for channel B1. This is the primary service
profile ID. The service profile is applicable for ISDN BRI only
Syntax
spid1 <spid>
Variable
<spid>
Value
Service profile ID (maximum 20 digits)
Example
172
spid1 245345
October 2010

Use this command to configure the service profile ID for channel B2. This is the secondary
service profile ID. The service profile is applicable for ISDN BRI only
Syntax
spid2 <spid>
Variable
<spid>
Value
Service profile ID (maximum 20 digits)
Example
spid2 345345
configure interface bundle isdn switch-type

Use this command to configure the switch type for the specified bundle.
Primary switch types are only supported on PRI interfaces. Basic switch types are supported
on BRI interfaces. Shut down the bundle before changing the interface type.
Syntax
[no] switch-type <TYPE>
Variable
Value
basic-ni
National ISDN Switch type
basic-dms
NT DMS-100 switch type
basic-5ess
AT&T basic rate switch type (defaultdan)
basicntt
ntt switch type
basic-euro
Euro basic switch type
basic-ccitt
CCITT basic switch type
basic1tr6
German 1tr6 basic switch type
basicvn3
French basic switch type
primary-dms100
DMS100 primary rate switch type
October 2010
173
Variable
Value
primary-ntt
NTT primary rate switch type
primary-ni2
National ISDN 2 primary rate switch type
primary-euro
Euro ISDN primary rate switch type
primary-ccitt
CCITT/ITU-T primary rate switch type
primary-4ess
AT&T primary rate switch type
primary-5ess
AT&T primary switch type (default)
primary-vn3
French primary rate switch type
primary-qsig:
Q Signalling switch type
Example
switch-type primary-dms100
configure interface bundle isdn tei-mode

Use this command to configure the Terminal Endpoint Identifier (TEI) mode to provision ISDN
BRI as point-to-point or point-to-multipoint. The TEI mode is applicable for ISDN BRI only.
Syntax
tei-mode {point-to-point | point-to-multipoint}
Variable
Value
point-to-point
Point to point.
point-to-multipoint
Point to multipoint.
Example
SR#/configure/interface/bundle pri1/isdn#
tei-mode point-to-point
configure interface bundle isdn tei-value

Use this command to provision a static TEI value for the interface. The TEI value is applicable
only for ISDN BRI in point-to-point mode.
Syntax
tei-value <0-63>
174
October 2010
configure interface bundle link bri

Variable
<0-63>
Value
TEI value. Valid range is 0-63. The default is
0.
Example
tei-value 32
configure interface bundle link bri

Use this command to link a bundle to the BRI interface in order to configure the ISDN properties
and encapsulation for the interface.
Syntax
link bri <slot/port:links>
Variable
Value
slot/port
slot and port of the BRI module.
links
1 (64Kb/s) or 2 (128 Kb/s)
Example
SR/configure/interface/bundle bri1#
link bri 3/1:2
configure interface bundle link dialer

Use this command to configure a bundle to use a dialer.
Syntax
link dialer <dialer>
Variable
Value
<dialer>
Specifies the dialer name for the bundle to

use.
[no]
Disables the use of a dialer for the bundle.
October 2010
175
Example
SR/configure/interface/bundle SF_01#link dialer dial2
configure interface bundle link prie1|prit1

Use this command to link a bundle to the PRI interface in order to configure the ISDN properties
and encapsulation for the interface.
Syntax
link {pri_e1 | pri_t1} <slot/port:links>
Variable
Value
pri_e1
Configure a PRI link on E1 module.
pri_t1
Configure a PRI link on T1 module.
slot/port
slot and port of the PRI module.
links
Range for E1: 1 - 30 Range for T1: 1 - 23
Example
SR/configure/interface/bundle pri1#
link pri_t1 3/1:10
show isdn bri-statistics

Use this command to display ISDN BRI statistics.
Syntax
show isdn bri-statistics <slot/port>
Example
SR#
show isdn bri-statistics 2/1
show isdn global

Use this command to display global ISDN configuration for the router.
176
October 2010
show isdn interface
Syntax
show isdn global
Example
SR#
show isdn global
show isdn interface

Use this command to display ISDN information for the specified interface.
Syntax
show isdn interface <IFNAME>
Variable
<IFNAME>
Value
Specifies the name of the interface (max 8
characters).
Example
SR#
show isdn interface s1
show isdn interfaces

Use this command to display ISDN information for all interfaces.
Syntax
Example
SR#
show isdn pri-statistics

Use this command to display ISDN PRI statistics.
Syntax
show isdn pri-statistics <slot/port>
October 2010
177
Example
SR#
178
show isdn pri-statistics 2/1
October 2010
Chapter 11: WAN bundle commands
clear interface bundle

Use this command to clear the WAN bundle counters.
Syntax
clear interface {bundles | bundle <bundle-name> [<dlci>] }
Example
SR# clear interface bundle wan1
configure interface bundle contact

Use this command to specify contact information for a person who can provide information
regarding the WAN bundle.
Syntax
contact <"contact-info">
Variable
<"contact-info">
Value
Text string providing contact info. Specified
in quotation marks. Maximum 15 bytes.
Example
SR/configure/interface/bundle wan1# contact "j brown"
configure interface bundle description

Use this command to specify a description for the WAN bundle.
October 2010
179
WAN bundle commands
Syntax
Variable
<description>
Value
Text string providing a description of the
WAN bundle. Specified in quotation marks.
Maximum length is 25 bytes.
Example
SR/configure/interface/bundle wan1# description "to NC branch office"
configure interface bundle shutdown

Use this command to shut down the WAN bundle interface.
Syntax
[no] shutdown
Variable
[no]
Value
Re-enables the WAN bundle interface.
Example
SR/configure/interface/bundle wan1# shutdown
show interface bundle

Use this command to show the WAN bundle configuration.
Syntax
show interface bundle <bundle-name> [pvc <dlci>]
Example
SR# show interface bundle wan1
180
October 2010
Chapter 12: HDLC configuration commands
configure interface bundle encapsulation hdlc

Use this command to select HDLC as the protocol encapsulation for a bundle.
Syntax
encapsulation hdlc
Example
SR/configure/interface/bundle SF_01#
encapsulation hdlc
configure interface bundle hdlc

Use this command to set the mtu and keepalive parameters for an HDLC encapsulated bundle.
Syntax
hdlc [keepalive <0-120>] [packet_type {unicast|broadcast}] [mtu
<64-4500>]
Variable
Value
[keepalive <0-120>]
Specifies the keepalive interval for the link, in

seconds. Default is 10 seconds. To turn off
the keepalive, enter 0.
[packet_type {unicast|broadcast}]
Specifies the keepalive packet type, either

unicast or broadcast. Default is unicast.
[mtu <64-4500>]
Specifies the maximum transmission unit.

This is the maximum packet size that can be
transmitted, in bytes. Default is 1500.
Example
hdlc broadcast
October 2010
181
HDLC configuration commands
182
October 2010
Chapter 13: PPP/MLPPP configuration

commands
configure interface bundle encapsulation ppp|mlppp

Use this command to set the bundle encapsulation to PPP or MLPPP. If you choose PPP in a
multilink bundle, the router automatically activates MLPPP. Further, you can enable MLPPP
on a bundle containing a single link by specifying the encapsulation as MLPPP.
Syntax
encapsulation {ppp | mlppp}
Example
encapsulation ppp
configure interface bundle mlppp

Use this command to configure mlppp properties
Syntax
mlppp [mrru <mrru_range> ] [sequence {long | short} ] [seg_threshold
<64-4500> ] [differential_delay <0-128> ] [discriminator <A.B.C.D> ]
[minimum_links <min-links>]
Variable
Value
[mrru <mrru_range> ]
Maximum receive reconstructed unit range, specified as

<minimum-default-maxiumum>. Specifies the minimum,
default, and maximum number of octets in the information
fields of reassembled packets. Default value is
1500-1524-8192.
[sequence {long | short} ]
MLPPP sequence number length. Short is 12 bits, long is 24

bits. The default is long.
October 2010
183
PPP/MLPPP configuration commands
Variable
Value
[seg_threshold <64-4500> ]
All packet fragments are equal to or less than seg_threshold.

The range is 64 - 4500; the default is 512.
[differential_delay <0-128> ] Tolerance, in milliseconds, to differential delay between links

(default: 128)
[discriminator <A.B.C.D> ]
IP address of the MLPPP bundle (default: bundle IP address)
[minimum_links <min-links>] Minimum number of links that have to be active for this
interface to remain active (default: 1).
Example
SR/configure/interface/bundle SF_01# mlppp mrru 1200-1500-1800
sequence short seg_threshold 1400 differential_delay 20 discriminator
10.1.100.5
configure interface bundle ppp authentication

Use this command to configure the user authentication.
Syntax
ppp authentication {pap|chap}
Variable
Value
chap
Specifies CHAP authentication.
pap
Specifies PAP authentication.
Example
ppp authentication chap
configure interface bundle ppp authentication_database

Use this command to configure the method to use for user authentication.
Syntax
ppp authentication-database {local|radius}
184
October 2010
configure interface bundle ppp echo-interval

Variable
Value
local
Specifies local authentication.
radius
Specifies RADIUS authentication.
Example
local
ppp authentication-database
configure interface bundle ppp echo-interval

Use this command to configure the echo interval for the interface.
Syntax
ppp echo-interval <3-60>
Variable
<3-60>
Value
Specifies the interval in seconds (default is
5).
Example
ppp echo-interval 10
configure interface bundle ppp interleave

Use this command to enable or disable interleaving on the interface.
Syntax
[no] ppp interleave
Variable
[no]
Value
Disables interleaving.
Example
ppp interleave
October 2010
185
configure interface bundle ppp ip-rtp-reserve

Use this command to configure the UDP port range for LFI treatment along with maximum
bandwidth reserved for voice traffic.
Syntax
ppp ip-rtp-reserve <start-port> <end-port> <max-bwidth>
Variable
Value
<start-port>
Low-end port value in decimal - default 1024.

Valid range: 1024 - 65535
<end-port>
High-end port value in decimal - default

65535. Valid range: 1024 - 65535
<max-bwidth>
Maximum bandwidth in Kb/s. Default is 32.

Valid range: 4 - 2000
Example
ppp ip-rtp-reserve 2000 2002 64
configure interface bundle ppp lfi-fragment-delay

Use this command to configure the fragmentation delay for interleaving.
Syntax
ppp lfi-fragment-delay <10-50>
Variable
<10-50>
Value
Specifies the delay in milliseconds (default is
10).
Example
186
ppp lfi-fragment-delay 15
October 2010
configure interface bundle ppp mtu-mru-magic
configure interface bundle ppp mtu-mru-magic

Use this command to configure the MTU, MRU, and magic number parameters for the PPP or
MLPPP bundle.
Important:
Enable Jumbo frames in the system setting to allow max MTU of 4500 to be used.
SR/configure# system jumbo-mtu-limit >?
WORD Enter MTU Limit 1500 or 9216 (default =1500)
Enter 9216 to enable jumbo frames, save config and reboot.
Syntax
ppp mtu-mru-magic <mtu-range> [mru <mru-range>] [magic_check {enable|
disable}]
Variable
Value
<mtu-range>
Maximum transmission unit range, specified

as <minimum-default-maxiumum>. Default
value is 64-1500-9216. The Maximum
Transmit Unit (MTU) is the maximum size of
the PPP information field that the interface
can transmit.
<mru-range>
Maximum receive unit range, specified as

<minimum-default-maximum>. Default value
is 64-1500-9216. The Maximum Receive
Unit (MRU) is the maximum size of the PPP
information field that the interface can
receive.
enable
Enables magic number, which is a random

number chosen to distinguish the two ends
of a link and to detect loopback error
conditions.
disable
Disables magic number.
Example
mru 100-200-500 magic_check enable
ppp mtu-mru-range 100-250-1000
October 2010
187
configure interface bundle ppp pap|chap peer-name

Use this command to configure the peer name and password for PAP or CHAP authentication.
This command causes the bundle to flap in order to re-trigger negotiation. Therefore, before
you modify the PPP PAP or CHAP peer name (or sent username) parameters, shutdown the
bundle (using the shutdown command) and reenable it (using the no shutdown command)
after you complete the configuration .
Syntax
ppp {pap | chap} peer-name <peername> <password>
Variable
Value
chap
Configure properties for CHAP
pap
Configure properties for PAP
<peername>
PAP or CHAP username expected from the peer.
<password>
PAP or CHAP password for peer.
Example
ppp chap peer-name user2 pass2
configure interface bundle ppp pap|chap sent-username

Use this command to configure the sent username and password for PAP or CHAP.
This command causes the bundle to flap in order to re-trigger negotiation. Therefore, before
you modify the PPP PAP or CHAP sent username (or peername) parameters, shutdown the
bundle (using the shutdown command) and reenable it (using the no shutdown command)
after you complete the configuration .
Syntax
ppp {pap | chap} sent-username <username> <password>
Variable
188
Value
chap
Configure properties for CHAP.
pap
Configure properties for PAP.
October 2010
configure interface bundle ppp peer-addr
Variable
Value
<username>
PAP or CHAP username for PPP/MLPPP bundle.
<password>
PAP or CHAP password for PPP/MLPPP bundle.
Example
pass1
ppp chap sent-username user1
configure interface bundle ppp peer-addr

Use this command to configure the peer IP address for the PPP bundle.
Syntax
ppp peer-addr <A.B.C.D>
Variable
<A.B.C.D>
Value
Specifies the IP address of the peer.
Example
ppp peer_addr 105.100.10.1
configure interface bundle ppp retry-interval

Use this command to configure the retry timer for the PPP bundle.
Syntax
ppp retry-interval <3-60>
Variable
<3-60>
Value
Specifies the interval in seconds. Default
value is 3.
Example
ppp retry-interval 8
October 2010
189
configure interface bundle ppp src-addr

Use this command to configure the negotiating IP address of the bundle.
Syntax
ppp src-addr <A.B.C.D>
Variable
<A.B.C.D>
Value
Specifies the negotiating IP address of the
bundle (default is source forwarding address
of the bundle).
Example
ppp ipaddress 105.100.10.1
configure interface bundle rtp

Use this command to enable or disable the RTP Header Compression feature. Before enabling
RTP Header Compression, the bundle must be configured with a link, encapsulated with PPP
protocol, and assigned an IPv4 address. When this command is enabled, the RTP options are
negotiated with the peer during the IPCP phase.
Syntax
[no] rtp
Variable
[no]
Value
Disables RTP
Example
190
rtp
October 2010
configure interface bundle rtp connections
configure interface bundle rtp connections

Use this command to configure the maximum number of connections for which RTP header
compression is applicable on transmit or receive side.
Syntax
[no] connections <11000>
Variable
[no]
Value
Resets the number of connections to the
default value (1000).
Example
SR/configure/interface/bundle SF_01/rtp#
connections 500
configure interface bundle rtp negotiation ipcp

Use this command to enable negotiation of RTP options with the peer. This command allows
interoperability with legacy Tasman products. Since the default behaviour of RTP is to enable
negotiation, use the no form of this command in order to interoperate with legacy Tasman
products that do not support negotiation.
Syntax
[no] negotiation ipcp
Variable
[no]
Value
Disables negotiation of RTP options during
the IPCP phase
Example
no negotiation ipcp
configure interface bundle rtp timeout

Use this command to configure the timeout (flushing time) in seconds for the context table
entries for both compressor and decompressor engine. The flushing for any particular context
October 2010
191
entry will happen only if for this (timeout) duration no packets are received with that particular
context-identifier (CID).
Syntax
[no] timeout <3-1000>
Variable
[no]
Value
Sets the timeout value to the default (5
seconds).
Example
192
timeout 10
October 2010
Chapter 14: Frame Relay configuration

commands
clear fr invarp
Use this command to clear the inverse ARP statistics for a frame relay bundle.
Syntax
clear fr invarp {<bundle-name> | all}
Example
SR#
clear fr invarp wan1
clear fr lmistats
Use this command to clear the LMI statistics for a bundle.
Syntax
clear fr lmistats <bundle-name>
Example
SR#
clear fr lmistats wan1
clear fr vcstats
Use this command to clear virtual circuit statistics for a frame relay bundle.
Syntax
clear fr vcstats <bundle-name> <16-1022> [stat-type <1-3>]
October 2010
193
Frame Relay configuration commands

Variable
Value
<bundle-name>
Specifies the bundle name.
<16-1022>
Specifies the DLCI number.
[stat-type <1-3>]
Specifies the type of statistics: 1=RXMON, 2=INJECT,

3=1490. Default is 1.
Example
SR#
clear fr vcstats wan1 20
clear interface avcs

Use this command to clear the counters for AVC interfaces.
Syntax
clear interface {avc <avc-name> | avcs}
Example
SR#
clear interface avc avc1
configure fr invarp
Use this command to configure the Inverse ARP polling timer interval. This is how often the
system polls other frame relay devices for IP data. This function eliminates the need for PVC
map entries.
Syntax
fr invarp <interval>
Variable
<interval>
Value
Time interval for polling The range is 30 - 300 seconds; the
default is 30 seconds.
Example
SR/configure fr invarp 60
194
October 2010
configure fr mfr_e2e_enhanced
configure fr mfr_e2e_enhanced
Use this command to switch the MFR mode from MFR End-to-End standard FRF.15 mode
(default) to MFR End-to-End Router enhanced FRF.15 mode.
This command automatically applies the settings to all existing AVCs without rebooting the
system. However, if the settings are saved, they are used the next time that the system is
rebooted.
Enhanced FRF.15 is a proprietary protocol and can only work between Avaya Secure Router
2330/4134 systems.
In addition to the features of Standard FRF.15, Enhanced mode calculates differential delay
between CVCs; those with unacceptable delay are taken out of active data transfer, thus
improving overall throughput of the AVC. Also, end-to-end keepalive messages are sent per
CVC, thus helping to maintain the VC integrity across both ends. Keepalive messages also
detect software/hardware loopbacks.
Syntax
[no] fr mfr_e2e_enhanced
Example
SR/configure#
fr mfr_e2e_enhanced
configure interface avc

Use this command to configure a new AVC. Each AVC requires a unique AVC name for
identification.
Syntax
interface avc <avc_name> <dlci>
Variable
Value
avc <avc_name>
Assigns a name to the aggregated virtual

circuit.
dlci <dlci>
DLCI number of the AVC to be configured

The range is 16 - 1022.
Example
SR/configure# interface avc avc1 20
October 2010
195
configure interface avc class

Use this command to configure the number of links required to activate the AVC.
In class D and E, only the administrator can bring the AVC status up or down by modifying the
configured shaping parameters of one or more CVCs. In such cases, the remote AVC does
not learn of the updated status.
If the network administrator sets an AVC in the class D parameter and then administratively
reduces the CIR of any CVC that causes the local AVC to go down (because of the class D
setting), the remote AVC will not go down because the local and remote CIR values do not
match. To avoid this problem, either change the CIR for the remote CVC to match the local
CIR value or reduce the class D CIR value.
Syntax
class [A | B | C ][D | E]
Variable
Value
If any CVC is up, AVC is up. This is the

default.
If all CVCs are up, AVC is up.
If the user-supplied threshold is satisfied,

AVC is up
If every CVC has a CIR greater than or equal

to user supplied threshold value, AVC is up
If the total CIR is above the user supplied

threshold, then AVC is up
Example
SR/configure/interface/avc avc1 20# class A
configure interface avc cvc

Use this command to add a PVC from a specific bundle to the AVC. The system can bundle
as many as 28 PVCs into one AVC. A CVC cannot be shared between separate AVCs..
Syntax
cvc <dlci> <bundle-name>
196
October 2010
configure interface avc diff_delay

Variable
Value
<dlci>
DLCI of the virtual PVC. The range is 16

1022
<bundle-name>
Name of the bundle the CVC belongs to.
Example
SR/configure/interface/avc avc1 20#
cvc 22 wan03
configure interface avc diff_delay

Use this command to configure the maximum differential delay allows for a CVC.
When the AVC is in Router Enhanced FRF.15 mode, using the no diff_delay command will
disable differential delay calculations and will not take any action toward dropping any CVC
that is above the configured differential delay limit. The display of CVCs will, however, display
the individual differential delay values for the system administrators awareness when the show
interface avc x 16 command is used.
Syntax
[no] diff_delay <diff-delay>
Variable
<diff-delay>
Value
Tolerance, in milliseconds, to differential
delay between frame relay links The range is
10 - 128; the default is 100.
Example
SR/configure/interface/avc avc1 20# diff_delay 25
configure interface avc enable avc

Use this command to enable the AVC.
Syntax
[no] enable avc
October 2010
197

Variable
no
Value
Disables the AVC.
Example
enable avc
configure interface avc enable cvc

Use this command to enable a CVC on an AVC.
Syntax
[no] enable cvc <dlci> <bundle-name>
Variable
no
Value
Disables the CVC.
Example
enable cvc 30 wan1
configure interface avc enable mfr_e2e_enhanced

Use this command to enable enhanced FRF.15.
Enhanced FRF.15 is a proprietary protocol and can only work between SR2330/4134 systems.
In addition to the features of Standard FRF.15, Enhanced mode supports end-to-end status
integrity of CVCs (that does not depend on LMI), software loopback detection, and differential
delay calculations.
Syntax
[no] enable mfr_e2e_enhanced
Variable
no
198
Value
Specifies normal FRF.15.
October 2010
configure interface avc fragment_size
Example
enable mfr_e2e_enhanced
configure interface avc fragment_size

Use this command to configure fragment size for the bundle above which a packet is
fragmented. Packets are intelligently fragmented when the fragment size is exceeded.
Syntax
fragment_size <56-4096>
Variable
<56-4096>
Value
Maximum number of bytes in each frame.
The range is 56 4096; default is 1500.
Example
SR/configure/interface/avc avc1 20# fragment_size 2048
configure interface avc ip address

Use this command to assign a routing destination IP address and subnet to the AVC.
Syntax
ip address <A.B.C.D> <mask>
Variable
Value
<A.B.C.D>
IP address of the AVC is dotted notation.
<mask>
Subnet mask of the AVC.
Example
SR/configure/interface/avc avc1 20# ip address 192.5.72.1
255.255.255.0
October 2010
199
configure interface avc ip directed broadcast

Use this command to enable or disable forwarding of direct broadcasts from this interface. By
default, directed broadcasts are enabled.
Syntax
[no] ip directed_broadcast
Variable
no
Value
Disables directed broadcasts.
Example
SR/configure/interface/avc avc1 20# ip directed_broadcast
configure interface avc map

Use this command to assign a static route to an AVC. Once a static route has been assigned,
inverse ARP ceases to function. If a destination IP address is changed, the static route is not
updated.
Syntax
[no] map <A.B.C.D>
Variable
Value
<A.B.C.D>
Specifies the remote IP address.
[no]
Removes the static route.
Example
map 10.1.100.20
configure interface avc seg_threshold

Use this command to configure the segmentation threshold for the AVC.
200
October 2010
configure interface avc sequence
The segmentation threshold can never be greater than the frame size. This is the time interval
between acknowledgement requests sent to destination devices.
Syntax
mfr seg_threshold <56-4096>
Variable
<56-4096>
Value
All packet fragments will be equal to or
greater than this value. Packets less than
2xseg_threshold will be forwarded rather
than fragmented. The range is 56 4096;
default is 512 If the segmentation threshold
you enter is greater than the frame size, the
system disregards it.
Example
SR/configure/interface/avc avc1 20# seg_threshold 56
configure interface avc sequence

Use this command to set the sequence length of an AVC. You can choose either 12- or 24bit spacing.
Syntax
sequence {long | short}
Variable
Value
long
24-bit sequence space
short
12-bit sequence space
Example
SR/configure/interface/avc avc1 20# sequence long
configure interface bundle encapulation frelay|mfr

Use this command to set the bundle encapsulation to Frame Relay or MFR.
October 2010
201
Syntax
encapsulation [frelay|mfr]
Example
mfr
configure interface bundle fr enable interface

Use this command to enable or disable Frame Relay on the bundle.
Syntax
[no] enable interface
Example
SR/configure/interface/bundle SF_01/fr#
enable interface
configure interface bundle fr enable pvc

Use this command to enable or disable PVCs on the bundle
Syntax
[no] enable pvc {<dlci> | all }
Variable
Value
{<dlci> | all }
Specifies the DLCI number. Enter all to

specify all PVCs.
[no]
Disables the PVC.
Example
SR/configure/interface/bundle SF_01/fr# enable pvc 20
configure interface bundle fr enable fragment_rfc1490

Use this command to enable or disable RFC 1490 fragmentation on the bundle.
202
October 2010
configure interface bundle fr frame_size
Syntax
[no] enable fragment_1490
Example
enable fragment_1490
configure interface bundle fr frame_size

Use this command to configure the maximum frame size for the Frame Relay bundle.
Syntax
fr frame_size <56-9216>
Variable
<56-9216>
Value
Specifies the maximum frame size in bytes
(default 1600).
Example
fr frame_size 80
configure interface bundle fr interleave enable

Use this command to enable interleaving.
Syntax
[no] enable
Variable
[no]
Value
Disables interleaving.
Example
SR/configure/interface/bundle SF_01/fr/interleave#
enable
October 2010
203
configure interface bundle fr interleave hiprio

Use this command to configure the traffic properties for high-priority packets.
Syntax
hiprio <committed-rate> <burst-rate>
Variable
Value
<committed-rate>
Committed rate as a percentage of the total

CIR of FRF.12 fragmentation enabled PVCs.
<burst-rate>
Burst (excess) rate as a percentage of the

total CIR of FRF.12 fragmentation enabled
PVCs.
Example
SR/configure/interface/bundle SF_01/fr/interleave#
hiprio 10 20
configure interface bundle fr intf_type

Use this command to configure the interface as DCE, DTE, or NNI.
Syntax
intf_type {dce | dte | nni}
Variable
Value
dce
Data circuit-terminating equipment.
dte
Data terminal equipment.
nni
Network to network interface.
Example
204
intf_type dce
October 2010
configure interface bundle fr lmi
configure interface bundle fr lmi

Use this command to configure the local management interface type.
Syntax
lmi lmi_type {ansi | cisco | q933a}
Variable
Value
ansi
ANSI T1.617 Annex D (default)
cisco
Cisco LMI
q933a
ITU-T Q.933 Annex A
Example
lmi lmi_type ansi
configure interface bundle fr lmi dce

Use this command to configure the LMI status polling interval and error threshold parameters.
In the DCE mode, the system responds to LMI polls from the remote DTE device.
This command applies for both DCE and NNI interface types.
Syntax
dce [n392 <1-10>] [n393 <1-10>] [t392 <5-255>]
Variable
Value
[n392 <1-10>]
Error threshold (the maximum number of

unreceived LMI status inquiries accepted by
the system before the interface is declared
down). The range is 1 - 10; the default is 9.
This value must always be less than the n393
value.
[n393 <1-10>]
Maximum number of LMI polling intervals

during which the n392 error threshold is
counted. The range is 1 - 10; the default is 10.
October 2010
205
Variable
Value
Polling verification timer. The range is 5-255;
the default is 15.
[t392 <5-255>]
Example
SR/configure/interface/bundle SF_01/fr/lmi#
dce n392 4 n393 5
configure interface bundle fr lmi dte

Use this command to configure the LMI status polling interval and error threshold parameters.
In the DTE mode, the system sends LMI polls to the remote DTE device.
This command applies for both DTE and NNI interface types.
Syntax
dte [n392 <1-10>] [n393 <1-10>] [n391 <1-255>]
Variable
Value
[n392 <1-10>]
Error threshold (maximum number of unanswered LMI status

inquiries accepted by the system before the interface is
declared down). The range is 1 - 10; the default is 9. This
value must always be less than the n393 value below.
[n393 <1-10>]
Maximum number of LMI polling intervals during which the

n392 error threshold above is counted. The range is 1 - 10;
the default is 10.
[n391 <1-255>]
Number of LMI status inquiries that pass before the system

sends a full status inquiry message. The range is 1 - 255; the
default is 6.
Example
dte n392 4 n393 5
configure interface bundle fr lmi fast_recovery

Use this command to configure the local management interface
Syntax
[no] fast_recovery
206
October 2010
configure interface bundle fr lmi keepalive
Example
fast_recovery
configure interface bundle fr lmi keepalive

Use this command to configure the local management interface
Syntax
keepalive <5-255>
Variable
<5-255>
Value
The range is 5 - 255 seconds. The default is
10 seconds for DTE/NNI. The default is 15
seconds for DCE.
Example
SR/configure/interface/bundle SF_01/fr/lmi# keepalive 20
configure interface bundle fr mfr ack_msg

Use this command to configure the ack message timer and retries.
Syntax
mfr ack_msg [ack_timer <1-10>] [max_retry (1-5>]
Variable
Value
[ack_timer <1-10>]
Time interval for which the system waits for

an acknowledgement from the network
device. The range is 1 - 10 seconds; the
default is 4 seconds.
[max_retry (1-5>]
Maximum number of additional times the

system sends an acknowledgement request
to a device before dropping a link from the
bundle. The range is 1 - 5 attempts; the
default is 2.
October 2010
207
Example
SR/configure/interface/bundle SF_01/fr# mfr ack_msg ack_timer 5
max_retry 3
configure interface bundle fr mfr class

Use this command to configure the number of links required to activate the bundle.
Syntax
mfr class [A | B | C] [threshold <1-28>]
Variable
Value
bundle is up when at least one link is up

(default)
bundle is up when all links are up
bundle is up when user-specified number of

links are up
[threshold <1-28>]
Minimum number of activated links required

to activate the bundle (default: all).
Example
SR/configure/interface/bundle SF_01/fr# mfr class A
configure interface bundle fr mfr diff_delay

Use this command to configure the differential delay for the MFR bundle.
Syntax
mfr diff_delay <diff-delay>
Variable
<diff-delay>
208
Value
Tolerance, in milliseconds, to differential
delay between frame relay links The range is
10 - 128; the default is 100.
October 2010
configure interface bundle fr mfr fragment_size
Example
SR/configure/interface/bundle SF_01/fr# mfr diff_delay 110
configure interface bundle fr mfr fragment_size

Use this command to configure fragment size for the bundle above which a packet is
fragmented.
Syntax
mfr fragment_size <56-9216>
Variable
<56-9216>
Value
Maximum number of bytes in each frame.
The range is 56 4096; default is 1500.
Example
SR/configure/interface/bundle SF_01/fr# mfr fragment_size 2000
configure interface bundle fr mfr hello_timer

Use this command to configure the hello timer for the MFR bundle. This is the time interval
Syntax
mfr hello_timer <1-180>
Variable
<1-180>
Value
Interval in seconds (default: 10).
Example
SR/configure/interface/bundle SF_01/fr# mfr 20
October 2010
209
configure interface bundle fr mfr seg_threshold

Use this command to configure the segmentation threshold.
The segmentation threshold can never be greater than the frame size. This is the time interval
Syntax
mfr seg_threshold <56-4096>
Variable
<56-4096>
Value
All packet fragments will be equal to or
greater than seg_threshold. Packets less
than 2 x seg_threshold will be forwarded
rather than fragmented. The range is 56 4096; the default is 512. If the segmentation
threshold you enter is greater than the frame
size, the system disregards it.
Example
SR/configure/interface/bundle SF_01/fr# mfr seg_threshold 1024
configure interface bundle fr pvc

Use this command to add a PVC to the Frame Relay bundle.
Syntax
[no] pvc <16-1022>
Variable
Value
<16-1022>
specifies the data link connection identifier

(DLCI) of the PVC.
[no]
Deletes the PVC.
Example
210
pvc 999
October 2010
configure interface bundle fr pvc crypto
configure interface bundle fr pvc crypto

Configure the specified PVC as a trusted or untrusted interface for security features.
Syntax
crypto { trusted | untrusted }
Variable
Value
trusted
Interface is part of a trusted network.
untrusted
Interface is part of an untrusted network.
Example
SR/configure/interface/bundle SF_01/fr/pvc 20#
configure interface bundle fr pvc desc

Use this command to configure a description for the PVC.
Syntax
desc <"name">
Variable
<"name">
Value
Name of the PVC Use a string of upto 64
characters, enclosed in quotes.
Example
SR/configure/interface/bundle SF_01/fr/pvc 20# desc "link to east
branch"
configure interface bundle fr pvc enable

Use this command to enable or disable the selected PVC.
October 2010
211
Syntax
[no] enable
Variable
[no]
Value
Disables the PVC.
Example
SR/configure/interface/bundle SF_01/fr/pvc 20# enable
configure interface bundle fr pvc frf12

Use this command to provision FRF12 on the PVC.
Syntax
frf12 [framesize <56-4096>]
Variable
[framesize <56-4096>]
Value
Maximum frame size in bytes (default:1600)
Example
SR/configure/interface/bundle SF_01/fr/pvc 20# frf12 framesize 2000
configure interface bundle fr pvc frf20 config

Use this command to configure FRF.20 IP header compression properties.
Syntax
frf20 config [retries_timeout <retries_timeout>] [retries <retries>]
[f_max_period <f_max_period>] [f_max_time <f_max_time>] [timeout
<timeout>]
Variable
[retries_timeout <retries_timeout>]
212
Value
Specifies the timeout of the FRF.20 state
machine. 1-10 (default 3).
October 2010
configure interface bundle fr pvc frf20 enable
Variable
Value
[retries <retries>]
Specifies the number of retries for

negotiation. 1-10 (default 3).
[f_max_period <f_max_period>]
Negotiable number of TCP headers before

context state. 0-0xFFF. (default 256).
[f_max_time <f_max_time>]
Negotiable time interval between full

headers. 0-0xff (default 5).
[timeout <timeout>]
Timeout for RTP entries in seconds. 3-1000.

(default 5).
Example
SR/configure/interface/bundle SF_01/fr/pvc 20# frf20 config retries
5
configure interface bundle fr pvc frf20 enable

Use this command to enable FRF.20 IP header compression.
Syntax
[no] frf20 enable
Variable
no
Value
Disables FRF.20 compression.
Example
SR/configure/interface/bundle SF_01/fr/pvc 20# [no] frf20 enable
configure interface bundle fr pvc ip address

Use this command to configure an IP address for the PVC.
Syntax
ip address <A.B.C.D> <netmask> [type <broadcast>]}
October 2010
213

Variable
Value
<A.B.C.D>
IP address of the PVC.
<netmask>
Subnet mask of the PVC.
[type <broadcast>]
Specifies a broadcast interface.
Example
SR/configure/interface/bundle SF_01/fr/pvc 20# ip address 192.5.72.1
255.255.255.0 broadcast
configure interface bundle fr pvc ipv6 address

Use this command to configure an IPv6 address for the PVC.
Syntax
ipv6 address {<X:X::X:X/M> | <prefix-name> <Y:Y::Y:Y/M> }
Variable
Value
X:X::X:X/M
IPv6 prefix address.
<prefix-name>
Prefix name to be referred to assign IPv6

address to this interface.
<Y:Y::Y:Y/N>
Subnet prefix number to be ORed with NW

prefix referred by the prefix name.
Example
SR/configure/interface/bundle SF_01/fr/pvc 20# ipv6 address
PrefixName FFFF::0000/24
configure interface bundle fr pvc map

Use this command to assign a static route to a PVC. Once a static route has been assigned,
inverse ARP ceases to function. If a destination IP address is changed, the static route is not
updated.
Syntax
[no] map ipv4 <A.B.C.D>
214
October 2010
configure interface bundle fr pvc policing

Variable
Value
<A.B.C.D>
Specifies the remote IP address.
[no]
Removes the static route.
Example
SR/configure/interface/bundle SF_01/fr/pvc 20# map ipv4 10.1.100.2
configure interface bundle fr pvc policing

Use this command to enable or disable PVC traffic policing on incoming traffic for a PVC.
Policing sets the committed information rate (CIR) and data burst parameters that control the
data flow on the PVC in the incoming direction. Policing is automatically enabled on all PVCs of
all Frame Relay bundles.
Syntax
policing [cir <n>] [bc <n>] [be <n>] [<de>]
Variable
Value
cir <n>
The committed information rate for the PVC,

in bits per second. Non-committed PVCs are
created by setting the PVC CIR to 0.
bc <n>
Maximum committed (guaranteed)

transmission burst size for the PVC, in
bits.The default is bundle bandwidth rate.
Generally, this value exceeds CIR and may
be a multiple of that value.
be <n>
Excess burst size (number of bits in excess

of bc value); non-guaranteed. Default is 0
<de>
Enable discard-eligible (DE) bit on a PVC.

The default is OFF. This setting allows lower
priority PVCs to designate their traffic as
eligible for discard during the periods of
heavy congestion.
Example
SR/configure/interface/bundle SF_01/fr/pvc 20# policing cir 128000
bc 256000 be 32000 de
October 2010
215
configure interface bundle fr pvc shaping

Use this command to enable or disable PVC traffic shaping on outgoing traffic for a PVC.
Shaping sets the committed information rate and data burst parameters that control the data
flow on the PVC in the outgoing direction. Shaping is automatically enabled on all PVCs of all
Frame Relay bundles.
Syntax
shaping [cir <n>] [bcmax <n>] [bcmin <n>] [be <n>]
Variable
Value
cir <n>
The committed information rate for the PVC,

in bits per second. The default is bundle
bandwidth rate. Setting the PVC CIR to 0
creates non-committed PVCs.
bcmax <n>
Maximum committed (guanranteed)

transmission burst size for the PVC, in bits.
The default is bundle bandwidth rate.
Generally, this value exceeds CIR and may
be a multiple of that value
bcmin <n>
Minimum committed (guanranteed)

transmission burst size for the PVC, in bits.
Generally, this is a value greater than cir and
less than bcmax.
be <n>
Excess burst size (number of bits in excess

of bcmax); non-guaranteed. Default is 0.
Example
SR/configure/interface/bundle SF_01/fr/pvc 20# shaping cir 128000
bcmax 256000 bcmin 192000 be 64000
configure interface bundle fr pvc switch

Use this command to enable Layer 2 switching between the current PVC and another PVC on
the same bundle, or between the current PVC and a PVC on another bundle.
To ensure correct switching, specify both the PVC number and the bundle name. Before
enabling switching, configure the other bundle and associated PVC. Both of the bundles and
PVCs must exist to enable switching.
216
October 2010
show fr avcs
Syntax
[no] switch <dlci> <bundle>
Variable
Value
<dlci>
The DLCI number of the other PVC.

Allowable range: 16-1022
<bundle>
The name of the WAN bundle to which the

other PVC belongs. This entry is not required
if both PVCs are on the same bundle.
Example
SR/configure/interface/bundle SF_01/fr/pvc 20# switch 20 wan1
show fr avcs
Use this command to display the configured AVCs on the router.
Syntax
show fr avcs
Example
SR#
show fr avcs
show fr cvcs
Use this command to display the configured CVCs on the router.
Syntax
show fr cvcs
Example
SR#
show fr cvcs
show fr invarp
Use this command to display the inverse ARP statistics for a frame relay bundle.
October 2010
217
Syntax
show fr invarp {<bundle-name> | all}
Example
SR#
show fr invarp wan1
show fr invarp_int
Use this command to display the time interval configured for the frame relay inverse ARP timer..
Syntax
show fr invarp_int
Example
SR#
show fr invarp_int
show fr lmistats
Use this command to display the LMI statistics for a bundle.
Syntax
show fr lmistats <bundle-name>
Example
SR#
show fr lmistats wan1
show fr pvcs
Use this command to show all PVCs including their bundle name, PVC number and status,
and policing (enabled or disabled) information. If the PVC is switched to another PVC, that
PVC number is shown. If the PVC terminates at a LAN, the PVC IP address is shown.
Syntax
show fr pvcs
Example
SR#
218
show fr pvcs
October 2010
show fr vcstats
show fr vcstats
Use this command to display virtual circuit statistics for a frame relay bundle.
Syntax
show fr vcstats <bundle-name> <16-1022> [stat-type <1-3>]
Variable
Value
<bundle-name>
<16-1022>
Specifies the DLCI number.
[stat-type <1-3>]
Specifies the type of statistics: 1=RXMON, 2=INJECT,

3=1490. Default is 1.
Example
SR#
show fr vcstats wan1 20
show interface avcs

Use this command to display information about a DTE-to-DTE MFR AVC, including the status
of the AVC and the status of each CVC in the AVC.
Syntax
show interface avc <avc-name> <dlci>
Example
SR#
show interface avc avc1 30
October 2010
219
220
October 2010
Chapter 15: Static LSP commands
mpls static-ftn
Use this command to configure a static FTN entry on an ingress LER to set a static MPLS
action for a specific FEC.
Syntax
[no] mpls static-ftn <FEC/Mask> <outgoing-label> <next-hop>
<outgoing-if-name>
Variable
Value
[no]
Deletes the specified static FTN entry.
<FEC/Mask>
Specifies the Forwarding Equivalence Class,

with mask (A.B.C.D/M).
<outgoing-label>
Specifies the outgoing label value:

0: explicit null
3: implicit null
16-1048575
<next-hop>
Specifies the next hop IPv4 address.
<outgoing-if-name>
Specifies the outgoing interface name.
Example
SR/configure# mpls static-ftn 192.168.1.0/24 1000 192.168.2.1
ethernet0/2
mpls static-ilm
Use this command to configure a static ILM entry on a transit or egress LSR interface to set a
static MPLS action for packets with a specific label.
October 2010
221
Static LSP commands
Syntax
[no] mpls static-ilm <label-in> <if-name-in> [pop] | [swap <labelout> <next-hop> <if-name-out>]
Variable
Value
[no]
Deletes the specified static ILM entry.
<label-in>
Specifies the incoming label value. (16 1039)
<if-name-in>
Specifies the incoming interface name.
[pop]
Specifies to pop the incoming label.
swap
Specifies to swap the incoming label.
<label-out>
Specifies the outgoing label value for swap:

0: explicit null
3: implicit null
16-1048575
<next-hop>
Specifies the next hop IP address.
<if-name-out>
Specifies the outgoing interface name for

swap:
Example
SR/configure# mpls static-ilm 1000 ethernet0/2 swap 1010 192.168.2.2
ethernet 5/4
show mpls static-ftn

Use this command to display the static FTN entry to verify the configuration.
Syntax
show mpls static-ftn
Example
SR# show mpls static-ftn
222
October 2010
show mpls static-ilm

Use this command to display the static ILM entry to verify the configuration.
Syntax
Example
SR# show mpls static-ilm
show mpls stats-ftn

Use this command to display statistics for the MPLS static FTN.
Syntax
show mpls stats-ftn
Example
SR# show mpls stats-ftn
show mpls stats-ilm

Use this command to display statistics for the MPLS static ILM.
Syntax
Example
SR# show mpls stats-ilm
October 2010
223
Static LSP commands
224
October 2010
Chapter 16: LDP commands

Important:
LDP can only be enabled on WAN bundles and chassis Ethernet ports. Module Ethernet ports do not
support LDP.
clear ldp adjacency

Use this command to clear LDP adjacencies.
Syntax
clear ldp adjacency {<A.B.C.D>|all}
Variable
Value
<A.B.C.D>
LDP adjacency address.
all
Clears all LDP adjacencies.
Example
SR# clear ldp adjacency all
clear ldp statistics

Use this command to clear LDP statistics.
Syntax
clear ldp statistics [advertise-labels for <prefix-list>]
Variable
[advertise-labels for <prefix-list>]
Value
Clears IP prefix list of advertise-labels.
October 2010
225
LDP commands
Example
SR# clear ldp statistics
configure interface ldp advertisement-mode

Use this command to configure the label advertisement mode to control when the interface
advertises FEC-to-label bindings to LDP peers.
The label advertisement mode you configure for an interface overrides the global
advertisement mode.
Syntax
[no] ldp advertisement-mode {downstream-unsolicited}
Variable
Value
[no]
Sets the advertisement mode to the global

value.
{downstream-unsolicited}
Specifies downstream-unsolicited mode: the

router distributes labels to peers without
waiting for a label request. This mode is
typically used with the liberal label retention
mode.
Example
SR/interface/bundle wan# ldp advertisement-mode
configure interface ldp hello-interval

Use this command to configure the interval for sending hello packets through the interface to
create maintain adjacencies.
Whenever a new router comes up, it sends out a hello packet to a specified, multicast address
announcing itself to the network. Hello messages are sent to the All Routers Multicast Group
(224.0.0.2). Receipt of a hello packet from another LSR creates a hello adjacency with that
LSR.
For optimum performance, set the hello-interval value to no more than one-third the hold time
value.
The hello interval you configure for an interface overrides the global value.
226
October 2010
configure interface ldp hold-time
Syntax
[no] ldp hello-interval <1-65535>
Variable
Value
[no]
Sets the hello interval to the global value.
<1-65535>
Specifies the hello interval in seconds.
Example
SR/interface/bundle wan# ldp hello-interval 90
configure interface ldp hold-time

Use this command to set the maximum period that the interface waits for a hello packet from
a peer before it rejects an existing adjacency. The hold time timer is reset every time a hello
packet is received from the peer in question.
The hold time you configure for an interface overrides the global value.
Syntax
[no] ldp hold-time <1-65535>
Variable
Value
[no]
Sets the hold time to the global value.
<1-65535>
Specifies the hold time in seconds.
Example
SR/interface/bundle wan# ldp hold-time 180
configure interface ldp keepalive-interval

Use this command to set the interval at which the LSR sends keepalive messages to the peer in
order to maintain an LDP session.
Each LSR must send keepalive messages at regular intervals to LDP peers to keep the
sessions active. The keepalive interval determines the time-interval between successive
keepalive messages.
October 2010
227
LDP commands
The keepalive interval you configure for an interface overrides the global value.
Syntax
[no] ldp keepalive-interval <1-65535>
Variable
Value
[no]
Sets the keepalive interval to the global

value.
<1-65535>
Specifies the keepalive interval in seconds.
Example
SR/interface/bundle wan# ldp keepalive-interval 180
configure interface ldp keepalive-timeout

Use this command to configure the maximum period that the LSR waits for a keepalive
message from a peer before the LDP session times out. The keepalive timer is reset every
time a keepalive packet is received from the peer in question. For optimum performance, set
this value to no more than three times the keepalive interval value
When you configure this property at the interface level, the configured value overrides the value
set using the global keepalive-timeout command.
The keepalive timeout you configure for an interface overrides the global value.
Syntax
[no] ldp keepalive-timeout <1-65535>
Variable
Value
[no]
Sets the keepalive timeout to the global

value.
<1-65535>
Specifies the keepalive timeout in seconds.
Example
SR/interface/bundle wan# ldp keepalive-timeout 300
228
October 2010
configure interface ldp label-retention-mode
configure interface ldp label-retention-mode

Use this command to set the retention mode to be used for all labels exchanged through the
specified interface.
If an LDP session is already operational, any changes made to the retention mode apply only to
labels received after the router processes the mode change command. All previously received
labels remain unchanged.
The label retention mode you configure for an interface overrides the global value.
Syntax
[no] ldp label-retention-mode {liberal}
Variable
Value
[no]
Sets the keepalive timeout to the global

value.
{liberal}
Specifies to retain all labels binding to FEC

received from label distribution peers, even
if the LSR is not the current next hop.
Example
SR/interface/bundle wan# ldp label-retention-mode liberal
configure interface ldp multicast-hellos

Use this command to enable multicast hello exchange on an interface to enable autodiscovery of LDP peers on directly connected networks. Multicast hellos are enabled by default.
Enabling or disabling multicast hellos for an interface overrides the global state.
Syntax
[no] ldp multicast-hellos
Variable
[no]
Value
Disables multicast hellos on the interface.
October 2010
229
LDP commands
Example
SR/interface/bundle wan# ldp multicast-hellos
configure interface ldp targeted-peer-hello-interval

Use this command to configure the targeted peer hello interval for sending hello packets
through the interface to the targeted peer.
The targeted LDP peer hello interval configure for an interface overrides the global value.
Syntax
[no] ldp targeted-peer-hello-interval <1-65535>
Variable
Value
[no]
Sets the targeted peer hello interval to the

default value.
<1-65535>
Specifies the targeted peer hello interval in

seconds.
Example
SR/interface/bundle wan# ldp targeted-peer-hello-interval 60
configure interface ldp targeted-peer-hold-time

Use this command to configure the targeted LDP peer hold time to set time that the router
waits before rejecting an adjacency with targeted peers. For optimal performance, set this
value to no less than three times the hello interval value for targeted peers.
Syntax
[no] ldp targeted-peer-hold-time <1-65535>
Variable
Value
[no]
Sets the hold time to the global value.
<1-65535>
Specifies the hold time in seconds.
Example
SR/interface/bundle wan# ldp targeted-peer-hold-time 180
230
October 2010
configure router ldp
configure router ldp

Use this command to enable LDP and to allow configuration of LDP properties on the router.
Syntax
router ldp
Example
SR/configure# router ldp
configure router ldp advertise-labels

Use this command to configure ACL rules to permit or deny the advertisement of labels for
specific routes to a configured list of neighbors. After the routes are redistributed, denied routes
are no longer advertised to the listed LDP neighbors.
Syntax
[no] advertise-labels [for any to none] | {for <prefix-acl> to [any |
<peer-acl>] }
Variable
Value
[no]
Specifies destinations that do not advertise

their labels to specified LDP neighbors.
(When used together with for any to none,
this enables the distribution of all locally
assigned labels to all LDP neighbors.)
[for any to none]
Prevents the distribution of any locally

assigned labels to any neighbors.
<prefix-acl>
Prefix access control list that specifies the

destinations that have their labels
advertised.
[any | <peer-acl>]
Specifies the neighbors that receive label

advertisements, using a peer access control
list name. Enter any to specify all neighbors.
Example
SR/configure/router/ldp# advertise-labels for any to none
October 2010
231
LDP commands
configure router ldp advertisement-mode

Use this command to set the label advertisement mode for an interface for the current LSR to
downstream-on-demand.
Syntax
[no] advertisement-mode {downstream-unsolicited}
Variable
Value
[no]
Sets the default advertisement mode to the

default value. (Default: downstreamunsolicited.)
{downstream-unsolicited}
Specifies downstream-unsolicited mode: the

router distributes labels to peers without
waiting for a label request. This mode is
typically used with the liberal label retention
mode.
Example
SR/configure/router/ldp# advertisement-mode downstream-unsolicited
configure router ldp control-mode

Use this command to set the control mode for label processing.
Syntax
[no] control-mode {independent | ordered}
Variable
232
Value
[no]
Sets the label control mode to the default

value (independent).
independent
Independent processing sets the mode to

instant replies: the LSR advertises label
mappings to neighbors at any time.
ordered
In ordered mode, an LSR only advertises

label mappings for an FEC when it is the
October 2010
configure router ldp explicit-null
Variable
Value
egress router for the FEC, or when it has
received a label mapping from the current
next hop for the FEC.
Example
SR/configure/router/ldp# control-mode independent
configure router ldp explicit-null

Use this command to enable explicit null labels on router. By default, implicit null labels are
advertised on the egress route.
Syntax
[no] explicit-null
Variable
[no]
Value
Disables explicit null labels.
Example
SR/configure/router/ldp# explicit-null
configure router ldp hello-interval

Use this command to configure the interval for sending hello packets through LSR interfaces
to create and maintain adjacencies.
LSR.
For optimum performance, set the hello-interval value to no more than one-third the holdtime value.
Syntax
[no] hello-interval <1-65535>
October 2010
233
LDP commands

Variable
Value
[no]
Sets the hello interval to the default value (2

seconds).
<1-65535>
Example
SR/configure/router/ldp# hello-interval 635
configure router ldp hold-time

Use this command to configure the maximum period that the LSR waits for a hello packet
from a peer before it rejects an existing adjacency. The hold timer is reset every time a hello
packet is received from the peer in question.
Syntax
[no] hold-time <1-65535>
Variable
Value
[no]
Sets the hold time to the default value (15

seconds).
<1-65535>
Specifies the hold-time value in seconds.
Example
SR/configure/router/ldp# hold-time 635
configure router ldp keepalive-interval

Use this command to set the interval at which the LSR sends keepalive messages to the peer in
order to maintain an LDP session.
Each LSR must send keepalive messages at regular intervals to LDP peers to keep the
sessions active. The keepalive interval determines the time-interval between successive
keepalive messages.
Syntax
[no] keepalive-interval <1-65535>
234
October 2010
configure router ldp keepalive-timeout

Variable
Value
[no]
Sets the keepalive interval to the default

value (30 seconds).
<1-65535>
Example
SR/configure/router/ldp# keepalive-interval 60
configure router ldp keepalive-timeout

Configure the keepalive timeout to set the maximum period that the LSR waits for a keepalive
message from a peer before the LDP session times out. The keepalive timer is reset every
time a keepalive packet is received from the peer in question. For optimum performance, set
this value to no more than three times the keepalive interval value.
Syntax
[no] keepalive-timeout <1-65535>
Variable
Value
[no]
Sets the keepalive timeout to the default

value (30 seconds).
<1-65535>
Specifies the keepalive timeout in seconds.
Example
SR/configure/router/ldp# keepalive-timeout 90
configure router ldp label-retention-mode

Use this command to set the retention mode to be used for all labels exchanged via the given
interface.
Syntax
[no] label-retention-mode {liberal}
October 2010
235
LDP commands

Variable
Value
[no]
Sets the keepalive timeout to the default

value.
{liberal}
Specifies to retain all labels binding to FEC

received from label distribution peers, even
if the LSR is not the current next hop.
Example
SR/configure/router/ldp# label-retention-mode liberal
configure router ldp loop-detection

Use this command to enable the hop count limit method for detecting looping LSPs. Loop
detection ensures that a loop is detected while establishing a label switched path and before
any data is passed over that LSP.
Syntax
[no] loop-detection
Variable
[no]
Value
Disables loop-detection.
Example
SR/configure/router/ldp#
loop-detection
configure router ldp loop-detection-count

Use this command to set the maximum hop-count value for loop detection.
Syntax
[no] loop-detection-count <1-255>
236
October 2010
configure router ldp multicast-hellos

Variable
Value
[no]
Sets the loop detection count to the default

value.
<1-255>
Specifies the loop detection count.
Example
SR/configure/router/ldp# loop-detection-count 30
configure router ldp multicast-hellos

Use this command to enable multicast hello exchange on all interfaces to enable autodiscovery of LDP peers on directly connected networks. Multicast hellos are disabled by
default.
Syntax
[no] multicast-hellos
Variable
[no]
Value
Disables multicast hellos on all interfaces.
Example
SR/configure/router/ldp# multicast-hellos
configure router ldp propagate-release

The label advertisement mode (downstream unsolicited) controls how labels are propagated
to upstream routers. Use this command to enable the propagation of labels to next-hop routers
even if the upstream router does not hold a label for the specified FEC. In this case, the LSR
can propagate the label to the Next Hop.
Syntax
[no] propagate-release
October 2010
237
LDP commands

Variable
[no]
Value
Disables the release of labels to downstream
routers.
Example
SR/configure/router/ldp# propagate-release
configure router ldp request-retry

Use this command to enable to enable repeated requests for a label when it has been rejected
for a valid reason.
Syntax
[no] request-retry
Variable
[no]
Value
Disables request retries.
Example
SR/configure/router/ldp# request-retry
configure router ldp request-retry-timeout

Use this command to configure the interval between request retries.
Syntax
[no] request-retry-timeout <1-65535>
Variable
238
Value
[no]
Sets the request retry timeout to the default

value. The default timeout is 5 seconds.
<1-65535>
Specifies the interval between request

retries in seconds.
October 2010
configure router ldp targeted-peer
Example
SR/configure/router/ldp# request-retry-timeout 35
configure router ldp targeted-peer

Use this command to specify a targeted LDP peer to send targeted hello messages to a specific
IP address. This allows the router to establish an LDP session to a non-directly connected LSR.
Syntax
targeted-peer <targeted-peer-ip>
Variable
<targeted-peer-ip>
Value
Specifies the IPv4 address of the targeted
peer.
Example
SR/configure/router/ldp# targeted-peer 10.1.1.1
configure router ldp targeted-peer-hello-interval

Use this command to set the interval for sending unicast hello packets to targeted peers via
this interface.
Syntax
[no] targeted-peer-hello-interval <1-65535>
Variable
Value
[no]
Sets the targeted peer hello interval to the

default value.
<1-65535>
Specifies the targeted peer hello interval in

seconds.
Example
SR/configure/router/ldp# targeted-peer-hello-interval 635
October 2010
239
LDP commands
configure router ldp targeted-peer-hold-time

Use this command to set the time-out value that is the time that the router waits before rejecting
an adjacency with a targeted peer. The timer is reset every time a targeted hello packet is
received from a targeted peer. For optimal performance, set this value to no less than three
times the hello interval value for targeted peers.
Syntax
[no] targeted-peer-hold-time <1-65535>
Variable
<1-65535>
Value
Specifies the targeted peer hold time value
in seconds. The default is 45 seconds.
Example
SR/configure/router/ldp# targeted-peer-hold-time 635
configure router ldp transport-address

Use this command to configure the transport address for a label space. The transport address
is the address used for the TCP session over which LDP is running.
If you manually configure the transport address for the label space, the transport address must
be a loopback address.
If you do not manually configure the transport address, LDP uses a physical interface address
as the transport address.
Syntax
[no] transport-address <transport-ip-address>
Variable
Value
[no]
Deletes the transport address.
<transport-ip-address>
Specifies the transport IP address.
Example
SR/configure/router/ldp# transport-address 10.1.2.3
240
October 2010
show ldp adjacency
show ldp adjacency

Use this command to show LDP adjacencies.
Syntax
show ldp adjacency
Example
SR# show ldp adjacency
show ldp advertise-labels

Use this command to display the IP access list of LDP advertise-labels.
Syntax
show ldp advertise-labels
Example
SR# show ldp advertise-labels
show ldp fec

Use this command to display FECs known to the current LSR.
Syntax
show ldp fec [A.B.C.D/M]
If the IP address is not specified, all FECs are displayed.
Example
SR# show ldp fec 10.10.1.0/24
show ldp interface

Use this command to display detailed LDP information for an interface.
October 2010
241
LDP commands
Syntax
show ldp interface <interface-name>
Variable
<interface-name>
Value
Displays LDP information for the specified
interface. If this value is not specified,
information for all interfaces is displayed.
Example
SR# show ldp interface ethernet0/3
show ldp lsp

Use this command to display LDP LSP configuration.
Syntax
show ldp lsp [detail]
Variable
[detail]
Value
Displays advertise-label information in
addition to LDP LSP information.
Example
SR# show ldp lsp
show ldp lsp fec

Use this command to display the configuration of the LDP LSP corresponding to a particular
FEC.
Syntax
show ldp lsp fec <A.B.C.D/M> [detail]
Variable
<A.B.C.D/M>
242
Value
FEC with mask.
October 2010
show ldp lsp host
Variable
[detail]
Value
addition to LDP LSP information.
Example
SR# show ldp lsp fec 10.10.1.0/24
show ldp lsp host

Use this command to display LDP LSP host .
Syntax
show ldp lsp host [detail]
Variable
[detail]
Value
addition to LDP LSP host information.
Example
SR# show ldp lsp host
show ldp lsp prefix

Use this command to display LDP LSP prefix.
Syntax
show ldp lsp prefix [detail]
Variable
[detail]
Value
addition to LDP LSP prefix information.
Example
SR# show ldp lsp prefix
October 2010
243
LDP commands
show ldp session

Use this command to display LDP sessions.
Syntax
show ldp session [<A.B.C.D> | detail]
Variable
Value
<A.B.C.D>
Displays information for established

sessions with the peer specified by this IP
address. If this value is not specified,
information for all peers is displayed.
[detail]
Displays detailed information for all sessions

established between the current LSR and
other LSRs.
Example
SR# show ldp
show ldp statistics

Use this command to display LDP packet statistics.
Syntax
show ldp statistics
Example
SR# show ldp statistics
show ldp statistics advertise-labels

Use this command to display LDP advertise-labels statistics.
Syntax
244
October 2010
Example
SR# show ldp advertise-labels
October 2010
245
LDP commands
246
October 2010
Chapter 17: RSVP-TE commands

Important:
RSVP-TE can only be enabled on WAN bundles and chassis Ethernet ports. Module Ethernet ports do
not support RSVP-TE.
clear mpls traffic-eng-lsp

Use this command to clear data for MPLS traffic-engineered LSPs.
Syntax
clear mpls traffic-eng-lsp [ingress | non-ingress | all | <LSP-name>]
Variable
Value
ingress
Clears data for ingress LSP.
non-ingress
Clears data for non-ingress LSP.
all
Clears data for all configured LSPs.
<LSP-name>
Clears data for the specifies LSP.
Example
SR# clear mpls traffic-eng-lsp ingress
clear rsvp session

Use this command to clear RSVP sessions.
Syntax
clear rsvp session {<session-tunnel-id> | all}
October 2010
247
RSVP-TE commands

Variable
Value
<session-tunnel-id>
Specifies the session tunnel ID to clear.
all
Clears all RSVP sessions configured.
Example
SR# clear rsvp session tunnel1
clear rsvp statistics

Use this command to clear RSVP statistics.
Syntax
clear rsvp statistics
Example
SR# clear rsvp statistics
configure interface rsvp ack-wait-timeout

Use this command to configure the acknowledgement wait timeout for reliable messaging for
all neighbors detected on the specified interface.
Syntax
[no] rsvp ack-wait-timeout <1-65535>
Variable
Value
[no]
Sets the acknowledgement wait timeout to

the default value. (10 seconds)
<1-65535>
Specifies the acknowledgement wait timeout

value in seconds.
Example
SR/configure/interface/bundle wan1# rsvp ack-wait-timeout 30
248
October 2010
configure interface rsvp hello-interval
configure interface rsvp hello-interval

Use this command to enable the sending of Hello packets on the interface and set the interval
value between successive Hello packets to neighbors.
For optimum performance, set the Hello interval value to no more than one-third the hold time
value.
The hello interval you configure for an interface overrides the global value.
Syntax
[no] rsvp hello-interval <1-65535>
Variable
Value
[no]

seconds).
<1-65535>
Example
SR/configure/interface/bundle wan1# rsvp hello-interval 10
configure interface rsvp hello-receipt

Use this command to enable the receipt of Hello messages from peers connected through the
Syntax
[no] rsvp hello-receipt
Variable
[no]
Value
Disables hello receipt.
Example
SR/configure/interface/bundle wan1# rsvp hello-receipt
October 2010
249
RSVP-TE commands
configure interface rsvp hello-timeout

Use this command to configure the hello timeout on the interface to specify the interval that
the interface waits for a Hello message from a connected peer before the interface resets all
sessions shared with this particular peer.
Syntax
[no] rsvp hello-timeout <1-65535>
Variable
Value
[no]
Sets the hello timeout to the default value (10

seconds).
<1-65535>
Specifies the hello timeout in seconds.
Example
SR/configure/interface/bundle wan1# rsvp hello-timeout 20
configure interface rsvp keep-multiplier

Use this command to configure the interface keep multiplier.
The refresh time and keep multiplier are two interrelated timing parameters used to calculate
the valid Reservation Lifetime for an LSP. Use the following formula to calculate the reservation
lifetime for an LSP: L >= (K + 0.5)* 1.5 * R K = keep-multiplier R = refresh timer Refresh
messages are sent periodically so that the neighbors do not timeout.
Syntax
[no] rsvp keep-multiplier <1-255>
Variable
Value
[no]
Sets the keep multiplier to the global value.
<1-255>
Sets the keep multiplier value.
Example
SR/configure/interface/bundle wan1# rsvp keep-multiplier 15
250
October 2010
configure interface rsvp message-ack
configure interface rsvp message-ack

Use this command to enable the reliable messaging form of refresh reduction for all messages
being sent to the neighbors that have been detected on the specified interface.
Syntax
[no] rsvp message-ack
Variable
[no]
Value
Disables message acknowledgement.
Example
SR/configure/interface/bundle wan1# rsvp message-ack
configure interface rsvp refresh-reduction

Use this command to enable Refresh Reduction capability advertisement to allow an interface
to advertise the refresh reduction capability.
Syntax
[no] rsvp refresh-reduction
Variable
[no]
Value
Disable refresh reduction capability
advertisement on the interface.
Example
SR/configure/interface/bundle wan1# rsvp refresh-reduction
configure interface rsvp refresh-time

Use this command to configure the interface refresh time. The refresh time and keep multiplier
are two interrelated timing parameters used to calculate the valid Reservation Lifetime for an
LSP. Refresh time regulates the interval between Refresh messages which include Path and
Reservation Request (Resv) messages. Refresh messages are sent periodically so that the
October 2010
251
RSVP-TE commands
reservation does not timeout in the neighboring nodes. Each sender and receiver host sends
Path and Resv messages, downstream and upstream respectively, along the paths.
Syntax
[no] rsvp refresh-time <1-65535>
Variable
Value
[no]
Sets the interface RSVP refresh time to the

global value.
<1-65535>
Sets the interface RSVP refresh time.
Example
SR/configure/interface/bundle wan1# rsvp refresh-time 10
configure mpls traffic-eng-lsp

Use this command to create a new RSVP traffic-engineered LSP. Once the trafficengineered LSP is minimally configured with required attributes (ingress and egress IP
addresses), an RSVP session is created for this LSP, which enables the exchange of
messages and completes the LSP setup.
Syntax
[no] mpls traffic-eng-lsp <LSP-name>
Variable
Value
[no]
Removes the traffic-engineering LSP and all

the configured attributes, except the
specified primary path.
<LSP-name>
Specifies the name of the LSP.
Example
SR/configure# mpls traffic-eng-lsp lsp1
252
October 2010
configure mpls traffic-eng-lsp ext-tunnel-id
configure mpls traffic-eng-lsp ext-tunnel-id

Use this command to configure the extended tunnel identifier used in RSVP messages. The
extended tunnel ID specifies a unique 4 octet identifier for all sessions. If no extended tunnel
ID is specified, the LSR-ID for the router is used as the extended tunnel ID for all LSPs.
Syntax
[no] ext-tunnel-id <A.B.C.D>
Variable
Value
[no]
Deletes the extended tunnel ID.
<A.B.C.D>
IPv4 representation for extended tunnel ID.
Example
SR/configure/mpls/traffic-eng-lsp# ext-tunnel-id 10.2.3.4
configure mpls traffic-eng-lsp from

Use this command to specify the IPv4 address of the LSP ingress. This address is typically
the router-id.
Syntax
from <ingress-IP>
Variable
<ingress-IP>
Value
Specifies the IPv4 address for the LSP
ingress router or interface. The address
specified is uses as the sender address in the
sender template object in Path messages.
Example
SR/configure/mpls/traffic-eng-lsp# from 10.1.1.1
October 2010
253
RSVP-TE commands
configure mpls traffic-eng-lsp map-route

Use this command to map routes to a given RSVP-TE LSP to forward traffic to the LSP.
If the primary LSP goes down, all the mapped routes can automatically use a secondary LSP as
a backup for the primary LSP, if the secondary LSP is configured.
Syntax
[no] map-route <ipaddr/mask>
Variable
Value
[no]
Removes the route mapping.
<ipaddr/mask>
Specifies the IP address to be mapped. The

IP address and mask can be in format
A.B.C.D X.X.X.X or A.B.C.D/X.
Example
SR/configure/mpls/traffic-eng-lsp# map-route 10.1.1.1 255.255.0.0
configure mpls traffic-eng-lsp primary|secondary affinity

Use this command to reenable affinity for the LSP.
With affinity enabled, the LSP can match desired attributes, represented by affinity bits, to link
attributes. This allows the LSP to include (include-any) or exclude (exclude-any) the configured
administrative groups in the LSP.
Syntax
{primary | secondary} affinity
Variable
Value
primary
Specifies the primary LSP.
secondary
Specifies the secondary LSP.
Example
SR/configure/mpls/traffic-eng-lsp# primary affinity
254
October 2010
configure mpls traffic-eng-lsp primary|secondary bandwidth
configure mpls traffic-eng-lsp primary|secondary

bandwidth
Use this command to specify the bandwidth for the RSVP-TE LSP to ensure the LSP meets
desired traffic requirements.
Syntax
[no] [primary|secondary] {bandwidth <bandwidth> [k|m|g]}
Variable
Value
[no]
Removes the specified configuration.
primary
secondary
{bandwidth <bandwidth> [k|m|g]}
1000 - 10000000000 bits. You can also

specify the bandwidth in terms of kilobits (k)
megabits (m) or gigabits (g). For example, for
1 megabit, enter 1m
Example
SR/configure/mpls/traffic-eng-lsp# primary bandwidth 1m
configure mpls traffic-eng-lsp primary|secondary cspf

Use this command to reenable CSPF on a particular LSP. To enable CSPF on an LSP, CSPF
must be globally enabled.
Syntax
{primary | secondary} cspf
Variable
Value
primary
secondary
October 2010
255
RSVP-TE commands
Example
SR/configure/mpls/traffic-eng-lsp# primary cspf
configure mpls traffic-eng-lsp primary|secondary cspfretry-limit

Use this command to specify the number of retries that CSPF performs for a request received
from RSVP.
Syntax
[no] {primary | secondary} cspf-retry-limit <1-65535>
Variable
Value
[no]
Sets the retry limit to the default value: 0

(indefinite).
primary
secondary
<1-65535>
Specifies the number of times CSPF tries to

perform a request received from RSVP.
Example
SR/configure/mpls/traffic-eng-lsp# primary cspf-retry-limit 4
configure mpls traffic-eng-lsp primary|secondary cspfretry-timer

Use this command to specify the time between each retry that CSPF performs for a request
received from RSVP.
Syntax
[no] {primary | secondary} cspf-retry-timer <1-600>
Variable
[no]
256
Value
Sets the retry timer to the default value: 0
(indefinite).
October 2010
configure mpls traffic-eng-lsp primary|secondary exclude-any
Variable
Value
primary
secondary
<1-600>
Timeout between successive retries, in

seconds.
Example
SR/configure/mpls/traffic-eng-lsp# primary cspf-retry-timer 50
configure mpls traffic-eng-lsp primary|secondary excludeany

Use this command to specify administrative groups to be excluded from an LSP.
If you specify an exclude-any list, any link that belongs to even one of the groups specified
in the exclude list cannot be chosen for the LSP.
Syntax
[no] {primary | secondary} exclude-any <admin-group-name>
Variable
Value
[no]
Removes the specified group from the

exclude-any list.
primary
secondary
<admin-group-name>
Specifies the name of the administrative

group to exclude from the LSP.
Example
SR/configure/mpls/traffic-eng-lsp# primary exclude-any admingrp4
configure mpls traffic-eng-lsp primary fast-reroute

bandwidth
Use this command to configure bandwidth for fast reroute.
October 2010
257
RSVP-TE commands
Syntax
[no] primary fast-reroute bandwidth <bandwidth>
Variable
Value
[no]
Deletes the fast reroute bandwidth

configuration.
<bandwidth>
Specifies the fast reroute bandwidth, from 1

to 10000000000 bits. You can also specify
the bandwidth in units of kilobits, megabits,
or gigabits (k, m, or g). For example, to
specify 10 kilobits, enter 10k.
Example
SR/configure/mpls/traffic-eng-lsp# primary fast-reroute bandwidth
10k
configure mpls traffic-eng-lsp primary fast-reroute excludeany

Use this command to specify the administrative groups to be excluded from the fast reroute
set up.
When you specify the exclude-any list, any link that belongs to even one of the groups specified
in the exclude list cannot be chosen for the alternate route.
Syntax
[no] primary fast-reroute exclude-any <groupname>
Variable
Value
[no]
Deletes the specified group from the

exclude-any list.
<groupname>
Specify the administrative group to be

excluded from the fast reroute set up.
Example
SR/configure/mpls/traffic-eng-lsp# primary fast-reroute exclude-any
admingrp3
258
October 2010
configure mpls traffic-eng-lsp primary fast-reroute hold-priority
configure mpls traffic-eng-lsp primary fast-reroute holdpriority

Use this command to set the hold priority for the detour LSP
Configure the hold priority value for the alternate path. The hold priority determines the degree
to which the alternate path holds onto its reservation for a session after the path has been
set up successfully. When the hold priority is high, the existing path is less likely to give up its
reservation.
Syntax
[no] primary fast-reroute hold-priority <0-7>
Variable
Value
[no]
Sets the hold priority to the default value: 0

(highest).
<0-7>
Specifies the fast reroute hold priority, from

highest priority (0) to lowest priority (7)
Example
SR/configure/mpls/traffic-eng-lsp# primary fast-reroute holdpriority 6
configure mpls traffic-eng-lsp primary fast-reroute hop-limit

Use this command to place a limit on the number of hops in the alternate path.
Syntax
[no] primary fast-reroute hop-limit <1-255>
Variable
Value
[no]
Sets the configured hop limit to the default

value (255).
<1-255>
Specifies the maximum number of hops for

fast reroute.
October 2010
259
RSVP-TE commands
Example
SR/configure/mpls/traffic-eng-lsp# primary fast-reroute hop-limit 6
configure mpls traffic-eng-lsp primary fast-reroute includeany

Use this command to set the administrative groups to include in the fast reroute set up. To be
added to the alternate route, links must belong to at least one of the administrative groups
listed in the include-any list.
Syntax
[no] primary fast-reroute include-any <admin-group-name>
Variable
Value
[no]
Removes a previously configured group from the

specified list.
<admin-group-name>
Specifies the administrative group name.
Example
SR/configure/mpls/traffic-eng-lsp# primary fast-reroute include-any
admingrp1
configure mpls traffic-eng-lsp primary fast-reroute nodeprotection

Use this command to set node protection to bypass the failed node completely during fast
reroute.
Syntax
[no] primary fast-reroute node-protection
Variable
[no]
260
Value
Disables node protection.
October 2010
configure mpls traffic-eng-lsp primary fast-reroute protection one-to-one
Example
SR/configure/mpls/traffic-eng-lsp# primary fast-reroute nodeprotection
configure mpls traffic-eng-lsp primary fast-reroute

protection one-to-one
Use this command to enable the local repair of explicit routes for which this router is a transit
node. Use the no parameter with this command to disable local repair of explicit routes.
Syntax
[no] primary fast-reroute protection one-to-one
Example
SR/configure/mpls/traffic-eng-lsp# primary fast-reroute protection
one-to-one
configure mpls traffic-eng-lsp primary fast-reroute setuppriority

Use this command to determine whether the alternate path can preempt an existing LSP. The
setup priority of the alternate path must be higher than the hold priority of an existing LSP
for the existing LSP to be preempted..
For RSVP-TE LSP, do not configure the setup priority to be higher than the hold priority.
Syntax
[no] primary fast-reroute setup-priority <0-7>
Variable
Value
[no]
Sets the setup priority to the default value: 7

(lowest).
<0-7>
Specifies the setup priority, from highest

priority (0) to lowest priority (7)
Example
SR/configure/mpls/traffic-eng-lsp# primary fast-reroute setuppriority 1
October 2010
261
RSVP-TE commands
configure mpls traffic-eng-lsp primary|secondary filter

Use this command to configure the filter to fixed or shared filter style for RSVP-TE LSP. Use
the fixed filter style to prevent rerouting of an LSP and to prevent other LSPs from using the
bandwidth reserved for this LSP.
Syntax
[no] {primary | secondary} filter {fixed | shared-explicit}
Variable
Value
primary
secondary
fixed
Specifies a distinct reservation. A distinct

reservation request is created for data
packets from this LSP.
shared-explicit
Specifies a shared reservation environment.

It creates a single reservation into which
flows from all LSPs are combined.
Example
SR/configure/mpls/traffic-eng-lsp# primary filter fixed
configure mpls traffic-eng-lsp primary|secondary holdpriority

Use this command to configure the hold priority value for the selected RSVP-TE LSP. The hold
priority determines the degree to which an LSP holds onto its reservation for a session after
the LSP has been set up successfully. When the hold priority is high, the existing LSP is less
likely to give up its reservation.
Syntax
[no] {primary | secondary} hold-priority <0-7>
Variable
[no]
262
Value
Sets the hold priority to the default value: 0
(highest).
October 2010
configure mpls traffic-eng-lsp primary|secondary hop-limit
Variable
Value
primary
secondary
<0-7>
Specifies the hold priority, from highest

Example
SR/configure/mpls/traffic-eng-lsp# primary hold-priority 6
configure mpls traffic-eng-lsp primary|secondary hop-limit

Use this command to place a limit on the number of hops in the RSVP-TE LSP.
If a primary path exists when you configure a hop limit, the hop limit is compared with the
current number of hops in the primary path. If the number of hops in the primary path exceeds
the configure hop limit, the existing session is torn down and no Path messages are sent out.
The hop limit data is sent to the CSPF server, if CSPF is being used.
Syntax
[no] {primary | secondary} hop-limit <1-255>
Variable
Value
[no]
Sets the hop limit to the default value (255).
primary
secondary
<1-255>
Specifies the acceptable number of hops.
Example
SR/configure/mpls/traffic-eng-lsp# primary hop-limit 15
configure mpls traffic-eng-lsp primary|secondary includeany

Use this command to set the administrative groups to include in an LSP. To be added to the
LSP, links must belong to at least one of the administrative groups listed in the include-any list.
October 2010
263
RSVP-TE commands
Syntax
[no] {primary | secondary} include-any <admin-group-name>
Variable
Value
[no]
Removes a previously configured group from the

specified list.
primary
secondary
<admin-group-name>
Specifies the administrative group name.
Example
SR/configure/mpls/traffic-eng-lsp# primary include-any admingrp1
configure mpls traffic-eng-lsp primary|secondary labelrecord

Use this command to set whether to record all labels exchanged between RSVP enabled
routers during the reservation setup process. Label recording can help in debugging problems.
Syntax
[no] {primary | secondary} label-record
Variable
Value
[no]
Disables label recording.
primary
secondary
label-record
Specifies to record all the labels exchanged

for an LSP from the ingress to the egress.
Example
SR/configure/mpls/traffic-eng-lsp# primary label-record
264
October 2010
configure mpls traffic-eng-lsp primary|secondary no-affinity
configure mpls traffic-eng-lsp primary|secondary noaffinity

Use this command to disable the use of sending out session attribute objects with resource
affinity data.
With affinity enabled, the LSP can match desired attributes, represented by affinity bits, to link
attributes. This allows the LSP to include (include-any) or exclude (exclude-any) the configured
administrative groups in the LSP.
Syntax
{primary | secondary} no-affinity
Variable
Value
primary
secondary
no-affinity
Disables affinity.
Example
SR/configure/mpls/traffic-eng-lsp# primary no-affinity
configure mpls traffic-eng-lsp primary|secondary no-cspf

Use this command to disable CSPF on a particular LSP.
Syntax
{primary | secondary} no-cspf
Variable
Value
primary
secondary
Example
SR/configure/mpls/traffic-eng-lsp# primary no-cspf
October 2010
265
RSVP-TE commands
configure mpls traffic-eng-lsp primary|secondary norecord-route

Use this command to disable recording of the route taken by PATH and RESV messages,
which confirm the establishment of reservations and identify errors. Route recording is enabled
by default.
Syntax
{primary|secondary} no-record-route
Variable
Value
primary
secondary
Example
SR/configure/mpls/traffic-eng-lsp# primary no-record-route
configure mpls traffic-eng-lsp primary|secondary recordroute

Use this command to reenable recording of the route taken by PATH and RESV messages,
which confirm the establishment of reservations and identify errors. Route recording is enabled
by default.
Syntax
{primary|secondary} record-route
Variable
Value
primary
secondary
Example
SR/configure/mpls/traffic-eng-lsp# primary record-route
266
October 2010
configure mpls traffic-eng-lsp primary|secondary retry-limit
configure mpls traffic-eng-lsp primary|secondary retry-limit

If a session is in a nonexistent state due to the receipt of a Path Error message, it tries to
recreate the LSP for the number of times specified by the retry-limit command.
Although the same retry command controls both the MPLS traffic engineering tunnel and the
session, the retry-limit value affects only the session and not the traffic-engineering tunnel. If
the traffic tunnel is in an incomplete state, the code keeps trying forever to bring it to a complete
state, irrespective of the retry-limit value.
Syntax
[no] {primary | secondary} retry-limit <1-65535>
Variable
Value
primary
secondary
<1-65535>
The number of times the system tries to set

up the LSP. Default is 0 (indefinite).
Example
SR/configure/mpls/traffic-eng-lsp# primary retry-limit 6
configure mpls traffic-eng-lsp primary|secondary retrytimer

Use this command to specify a retry interval for an RSVP-TE LSP. Use the no parameter to
revert to the default.
Syntax
[no] {primary | secondary} retry-timer <1-600>
Variable
Value
[no]
Reverts to the default value (30 seconds).
primary
secondary
October 2010
267
RSVP-TE commands
Variable
<1-600>
Value
Time, in seconds, that the system waits
before retrying LSP setup.
Example
SR/configure/mpls/traffic-eng-lsp# primary retry-timer 60
configure mpls traffic-eng-lsp primary|secondary reuseroute-record

Use this command to configure the updated Route Record List as an Explicit Route (with all
strict nodes) when a path message is sent out at the next refresh. Use the no parameter to
disable the use of the Route Record List as the explicit route.
The ERO list contains the hops to be taken to reach the egress from the current LSR. If CSPF is
not available, to place an ERO with all strict routes, use this command to modify the ERO after
receiving the Resv message. The future Path messages have the ERO with all strict nodes,
identifying each and every node to be traversed.
Syntax
[no] {primary | secondary} reuse-route-record
Variable
Value
[no]
Disables the route record list as an explicit

route.
primary
secondary
Example
SR/configure/mpls/traffic-eng-lsp# primary reuse-route-record
configure mpls traffic-eng-lsp primary|secondary setuppriority

Use this command to configure the setup priority to determine whether a new LSP can preempt
an existing LSP. The setup priority of the new LSP must be higher than the hold priority of an
existing LSP for the existing LSP to be preempted.
268
October 2010
configure mpls traffic-eng-lsp primary|secondary traffic
For RSVP-TE LSP, do not configure the setup priority to be higher than the hold priority.
Syntax
[no] {primary | secondary} setup-priority <0-7>
Variable
Value
[no]
Sets the setup priority to the default value: 7

(lowest).
primary
secondary
<0-7>
Specifies the setup priority, from highest

Example
SR/configure/mpls/traffic-eng-lsp# primary setup-priority 1
configure mpls traffic-eng-lsp primary|secondary traffic

Use this command tospecify controlled-load or guaranteed traffic for the LSP. Controlledload service approximates the behavior of best-effort service under unloaded conditions.
Syntax
[no] {primary | secondary} traffic {guaranteed | controlled-load}
Variable
Value
primary
secondary
guaranteed
Specifies guaranteed traffic.
controlled-load
Specifies controlled load traffic, which

approximates the behavior of best-effort
service under unloaded conditions.
Example
SR/configure/mpls/traffic-eng-lsp# primary traffic controlled-load
October 2010
269
RSVP-TE commands
configure mpls traffic-eng-lsp primary|secondary trafficeng-path

When you have defined an RSVP-TE explicit route path, use this command to associate the
path with a primary or secondary LSP.
Syntax
[no] {primary | secondary} traffic-eng-path <path-name>
Variable
Value
[no]
Removes the configured explicit route.
primary
secondary
<path-name>
Specifies the name of the path.
Example
SR/configure/mpls/traffic-eng-lsp# primary traffic-eng-path path1
configure mpls traffic-eng-lsp to

When configuring a traffic-engineered LSP, use this command to specify the address of the
egress router to create an RSVP session.
This is a mandatory step in the creation of a traffic-engineered LSP. If an egress router is not
defined, no RSVP-TE session cannot be created.
Syntax
[no] to <egress-IP>
Variable
270
Value
[no]
Deletes the specified LSP egress IP

address.
<egress-IP>
Specifies the IPv4 address for the LSP

egress router.
October 2010
configure mpls traffic-eng-lsp traffic-eng-lsp-restart
Example
SR/configure/mpls/traffic-eng-lsp# to 10.2.2.2
configure mpls traffic-eng-lsp traffic-eng-lsp-restart

Use this command to restart the LSP setup procedure if the creation of an RSVP-TE LSP fails.
Syntax
traffic-eng-lsp-restart
Example
SR/configure/mpls/traffic-eng-lsp# traffic-eng-lsp-restart
configure mpls traffic-eng-lsp update-type

Use this command to configure the method of creating and tearing down sessions (primary
and secondary) when attributes for the MPLS traffic-engineering LSP are modified.
Syntax
update-type {make-before-break | break-before-mak }
Variable
Value
make-before-break
Specifies that a new LSP is created for each

attribute update. Once the new LSP
becomes operational, the original LSP is torn
down. (Default value)
break-before-make
Specifies that, for each attribute update, the

existing LSP is torn down and then recreated with the new attributes.
Example
SR/configure/mpls/traffic-eng-lsp# update-type make-before-break
configure mpls traffic-eng-path

When all nodes in the path do not support the required traffic engineering extensions to enable
CSPF, use this command to configure an RSVP-TE explicit route.
October 2010
271
RSVP-TE commands
Syntax
[no] mpls traffic-eng-path <path-name>
Variable
Value
[no]
Removes the specified path.
<path-name>
Specifies the path name.
Example
SR/configure# mpls traffic-eng-path path1
configure mpls traffic-eng-path hop-address

When all nodes in the path do not support the required traffic engineering extensions to enable
CSPF, use this command to configure an RSVP-TE explicit route.
Syntax
[no] hop-address <hop-address> [loose|strict]
Variable
Value
[no]
Removes the specified hop.
<hop-address>
IPv4 address of the hop.
loose
Specifies loose hops: the route taken form

one router to the next need not be a direct
path: messages exchanged between the two
routers can pass through other routers.
strict
Specifies strict hops: the route taken from

one router to the next must be a directly
connected path. This ensures that routing is
enforced on the basis of each link.
Example
SR/configure/mpls/traffic-eng-path# hop-address 10.2.2.1 loose
272
October 2010
configure mpls tunnel-mode
configure mpls tunnel-mode

Configure the MPLS tunnel mode to determine the relationship between label EXP and IP
packet DSCP values.
Syntax
[no] mpls tunnel-mode {pipe | short-pipe | uniform}
Variable
Value
[no]
Sets the MPLS tunnel mode to the default

value (uniform).
pipe
Specifies that changes made to the EXP

value on the uppermost label are propagated
to other MPLS labels but not to the IP packet.
Here, the DSCP value in the IP packet
remains unchanged, but the PHB is chosen
based on the removed EXP value.
short-pipe

value on the uppermost label are propagated
to other MPLS labels but not to the IP packet.
Here, the DSCP value in the IP packet
remains unchanged, and the PHB is chosen
based on the removed EXP value.
uniform

value on the uppermost label are applied to
all labels in the stack, including the IP packet.
Example
SR/configure# mpls tunnel-mode pipe
configure router rsvp

Use this command to enable RSVP-TE and to enable configuration of RSVP-TE properties on
the router.
Syntax
router rsvp
October 2010
273
RSVP-TE commands
Example
SR/configure# router rsvp
configure router rsvp ack-wait-timeout

Use this command to configure the acknowledgement wait timeout for reliable messaging for
all neighbors detected on the LSR.
Syntax
[no] ack-wait-timeout <1-65535>
Variable
Value
[no]
Sets the acknowledgement wait timeout to

the default value. (10 seconds)
<1-65535>
Specifies the acknowledgement wait timeout

value in seconds.
Example
SR/configure/router/rsvp# ack-wait-timeout 50
configure router rsvp cspf

By default, CSPF is enabled for traffic-engineered LSPs. If you have disabled CSPF on the
router, use this command to reenable CSPF.
Syntax
cspf
Example
SR/configure/router/rsvp# cspf
configure router rsvp detour-identification

Use this command to specify the detour LSP identification method, either path-specific or
sender-template.
274
October 2010
configure router rsvp explicit-null
Syntax
[no] detour-identification [path | sender-template]
Variable
Value
[no]
Sets the detour LSP identification method to

the default value (sender-template).
path
Sets path specific detour LSP identification

method. In this method, a new RSVP object
(DETOUR) is added to the PATH message to
differentiate it from the protected LSP's path
messages. Since, a detour has the same
session object as the protected LSP, it might
share common network resources.
sender-template
Sets sender-template specific detour LSP

identification method. In this method, a
detour shares the RSVP Session object and
LSPID with the protected LSP and changes
the ingress IP address in the RSVP PATH
message. According to the RSVP resource
sharing rules, this LSP can be merged with
the protected LSP as they have same
session object.
Example
SR/configure/router/rsvp# detour-identification sender-template
configure router rsvp explicit-null

Use this command to enable explicit null labels on the router. By default, implicit null labels are
advertised on the egress router.
Syntax
[no] explicit-null
Variable
[no]
Value
Disable explicit null labels.
Example
SR/configure/router/rsvp#
explicit-null
October 2010
275
RSVP-TE commands
configure router rsvp from

Use this command to specify the source loopback address for IPv4 packets being sent out by
the RSVP daemon.
Syntax
[no] from <loopback-IP-address>
Variable
Value
[no]
Deletes the specified loopback address.
<loopback-IP-address>
Loopback IPv4 address.
Example
SR/configure/router/rsvp# from 10.1.1.1
configure router rsvp hello-interval

Use this command to enable the sending of Hello packets on all interfaces and set the interval
value between successive Hello packets to neighbors.
LSR.
For optimum performance, set the hello-interval value to no more than one-third the holdtime value.
Syntax
[no] hello-interval <1-65535>
Variable
276
Value
[no]

seconds).
<1-65535>
October 2010
configure router rsvp hello-receipt
Example
SR/configure/router/rsvp# hello-interval 5
configure router rsvp hello-receipt

Use this command to enable the receipt of Hello messages from peers connected through all
RSVP interfaces.
Syntax
[no] hello-receipt
Variable
[no]
Value
Disables hello receipt.
Example
SR/configure/router/rsvp# hello-receipt
configure router rsvp hello-timeout

Use this command to configure the global hello timeout, which specifies the interval that the
LSR waits for a Hello message from a connected peer before the LSR resets all sessions
shared with this particular peer.
Syntax
[no] hello-timeout <1-65535>
Variable
Value
[no]
Sets the Hello timeout to the default value (10

seconds).
<1-65535>
Specifies the Hello timeout in seconds.
Example
SR/configure/router/rsvp# hello-timeout 5
October 2010
277
RSVP-TE commands
configure router rsvp keep-multiplier

Use this command to configure the keep multiplier.
The refresh time and keep multiplier are two interrelated timing parameters used to calculate
the valid Reservation Lifetime for an LSP. Use the following formula to calculate the reservation
lifetime for an LSP: L >= (K + 0.5)* 1.5 * R K = keep-multiplier R = refresh timer Refresh
messages are sent periodically so that the neighbors do not timeout.
Syntax
[no] keep-multiplier <1-255>
Variable
Value
[no]
Sets the keep multiplier to the default value

(3).
<1-255>
Sets the keep multiplier value.
Example
SR/configure/router/rsvp# keep-multiplier 10
configure router rsvp loop-detection

Use this command to enable loop detection for RSVP LSPs. Loop detection ensures that a
loop is detected while establishing a label switched path and before any data is passed over
that LSP.
Syntax
loop-detection
Example
SR/configure/router/rsvp# loop-detection
configure router rsvp message-ack

Use this command to enable the reliable messaging form of refresh reduction for all messages
being sent to the neighbors that have been detected on the LSR.
278
October 2010
configure router rsvp neighbor
Syntax
[no] message-ack
Variable
[no]
Value
Disables message acknowledgement.
Example
SR/configure/router/rsvp# message-ack
configure router rsvp neighbor

Use this command to explicitly specify a neighbor to exchange Hello messages with. Any Hello
messages from a neighbor that is not explicitly specified will be rejected. Use the no parameter
to remove an IPv4 neighbor from the system.
Syntax
[no] neighbor <neighbor-IP-address>
Variable
Value
[no]
Removes an IPv4 neighbor from the system.
<neighbor-IP-address>
IPv4 address of the neighbor.
Example
SR/configure/router/rsvp# neighbor 10.1.2.3
configure router rsvp no-cspf

By default, CSPF is enabled for traffic-engineered LSPs. Use this command to disable CSPF
when all nodes in the path do not support the required traffic engineering extensions. You must
then manually configure LSPs to use an explicit path. The LSP is then established only along
the manually configured path.
Syntax
no-cspf
Example
SR/configure/router/rsvp# no-cspf
October 2010
279
RSVP-TE commands
configure router rsvp no-loop-detection

Use this command to disable loop detection for RSVP LSPs. Loop detection ensures that a
loop is detected while establishing a label switched path and before any data is passed over
that LSP.
Syntax
no-loop-detection
Example
SR/configure/router/rsvp# no-loop-detection
configure router rsvp no-php

Use this command to disable PHP, in which case the egress router sends neither implicit null
nor explicit null labels. Rather, it sends non-reserved labels (labels from the label pool range
allotted to RSVP) to the upstream router.
With the PHP state set to enabled on the router (the default state), an egress router sends
either implicit null or explicit null labels for LSPs.
Use the show rsvp command to display the status of Penultimate-Hop-Popping.
Syntax
no-php
Example
SR/configure/router/rsvp# no-php
configure router rsvp php

Use this command to reenable PHP after it has been disabled.
With the PHP state set to enabled on the router (the default state), an egress router sends
either implicit null or explicit null labels for LSPs.
Use the show rsvp command to display the status of Penultimate-Hop-Popping.
Syntax
php
280
October 2010
configure router rsvp refresh-reduction
Example
SR/configure/router/rsvp# php
configure router rsvp refresh-reduction

Use this command to enable Refresh Reduction capability advertisement to allow the LSR to
advertise the refresh reduction capability.
Syntax
[no] refresh-reduction
Variable
[no]
Value
Disables refresh reduction capability
advertisement.
Example
SR/configure/router/rsvp# refresh-reduction
configure router rsvp refresh-time

Use this command to configure the global refresh time. The refresh time and keep multiplier
are two interrelated timing parameters used to calculate the valid Reservation Lifetime for an
LSP. Refresh time regulates the interval between Refresh messages which include Path and
Reservation Request (Resv) messages. Refresh messages are sent periodically so that the
reservation does not timeout in the neighboring nodes. Each sender and receiver host sends
Path and Resv messages, downstream and upstream respectively, along the paths.
Syntax
[no] refresh-time <1-65535>
Variable
Value
[no]
Sets the global RSVP refresh time to the

default value.
<1-65535>
Sets the global RSVP refresh time.
Example
SR/configure/router/rsvp# refresh-time 10
October 2010
281
RSVP-TE commands
configure RSVP-TE filter

Use this command to filter style to prevent rerouting of an LSP and to prevent other LSPs from
using the bandwidth reserved for this LSP.
Syntax
filter [fixed|shared-explicit]
Variable
Value
fixed
specifies a distinct reservation. A distinct

reservation request is created for data
packets from this LSP.
shared-explicit
specifies a shared reservation environment.

It creates a single reservation into which
flows from all LSPs are combined.
Example
SR/configure/router/rsvp# refresh-time 10
SR/configure/rsvp-te LSP# filter fixed
configure retry limit

Use this command for configuring the retry limit for RSVP-TE LSP.
Syntax
retry-limit <1-65535>
Variable
<1-65535>
Value
The number of times the system tries to set
up the LSP. Default is 0.
Example
SR/configure/router/rsvp# retry-limit 10
282
October 2010
show mpls admin-groups

Use this command to display the configured MPLS administrative groups.
Syntax
Example
SR# show mpls admin-groups
show mpls traffic-eng-lsp session

Use this command to display session-related information for configured LSPs.
Syntax
show mpls traffic-eng-lsp session [up|down] [detail]
Variable
Value
up
Displays sessions that are currently

operational.
down
Displays sessions that are currently not

operational.
[detail]
Displays detailed session-related

information.
Example
SR#
show mpls traffic-eng-lsp session up
show mpls traffic-eng-lsp session lsp-name

Use this command to display information only for sessions with a specified name.
Syntax
show mpls traffic-eng-lsp session <lsp-name> [primary | secondary]
October 2010
283
RSVP-TE commands

Variable
Value
<lsp-name>
Specifies the name of the LSP to be

displayed.
primary
Displays primary sessions.
secondary
Displays secondary sessions.
Example
SR#
show mpls traffic-eng-lsp session LSP1
show mpls traffic-eng-lsp session count

Use this command to display the count of existing sessions on the router.
Syntax
Example
SR#
show mpls traffic-eng-lsp session egress

Use this command to display session-related information for an egress router.
Syntax
show mpls traffic-eng-lsp session egress [up|down] [detail]
Variable
284
Value
up

operational.
down

operational.
[detail]

information.
October 2010
Example
SR#
show mpls traffic-eng-lsp

Use this command to display session-related information for a specified egress router.
Syntax
show mpls traffic-eng-lsp session egress <A.B.C.D>
Variable
<A.B.C.D>
Value
IPv4 address of the router being specified as
the egress router.
Example
SR#
show mpls traffic-eng-lsp session egress 10.2.3.4
show mpls traffic-eng-lsp session ingress

Use this command to display session-related information for an ingress router.
Syntax
show mpls traffic-eng-lsp session ingress [up|down] [detail]
Variable
Value
up

operational.
down

operational.
[detail]

information.
Example
SR#
show mpls traffic-eng-lsp session ingress up
October 2010
285
RSVP-TE commands
show mpls traffic-eng-lsp session ingress

Use this command to display session-related information for a specified ingress router.
Syntax
show mpls traffic-eng-lsp session ingress <A.B.C.D>
Variable
<A.B.C.D>
Value
IPv4 address of the router being specified as
the ingress router.
Example
SR#
show mpls traffic-eng-lsp session ingress 10.1.1.2
show mpls traffic-eng-lsp session transit

Use this command to display session-related information for the transit or intermediate router.
Syntax
show mpls traffic-eng-lsp session transit [up | down] [detail]
Variable
Value
up

operational.
down

operational.
[detail]

information.
Example
SR#
286
show mpls traffic-eng-lsp session transit up
October 2010
show mpls traffic-eng-path
show mpls traffic-eng-path

Use this command to display the configured MPLS traffic engineering paths and their
configured hops. Specify the path name to show hops related to a specific path. If no path
name is specified all the mpls traffic engineering paths are displayed.
Syntax
show mpls traffic-eng-path <path-name>
Variable
<path-name>
Value
Specifies the path name.
Example
SR# show mpls traffic-eng-path path1
show mpls tunnel-mode

Use this command to display tunnel mode information.
Syntax
show mpls tunnel-mode
Example
SR# show mpls tunnel-mode
show rsvp interface

Use this command to display the RSVP-TE interface information.
Syntax
show rsvp interface <interface-name>
Variable
<interface-name>
Value
Displays RSVP-TE information for the
specified interface. If this value is not
October 2010
287
RSVP-TE commands
Variable
Value
specified, information for all interfaces is
displayed.
Example
SR# show rsvp interface ethernet0/3
show rsvp neighbor

Use this command to display the RSVP-TE neighbors.
Syntax
show rsvp neighbor <A.B.C.D>
Variable
<A.B.C.D>
Value
Neighbor IP address.
Example
SR# show rsvp neighbour 10.1.2.3
show rsvp nexthop-cache

Use this command to display the next-hop data cached by RSVP-TE.
Syntax
Example
SR#
show rsvp statistics

Use this command to display the counts for various messages exchanged by the daemon. This
displays the list of packet types, the number of sent packets and the number of received
packets.
288
October 2010
show rsvp summary-refresh
Syntax
show rsvp statistics
Example
SR# show rsvp statistics

Use this command to display RSVP-TE summary refresh data.
Syntax
Example
SR# show rsvp summary-refresh
show rsvp version

Use this command to display RSVP-TE version.
Syntax
show rsvp version
Example
SR# show rsvp version
October 2010
289
RSVP-TE commands
290
October 2010
Chapter 18: Common MPLS commands
clear mpls statistics

Use this command to clear MPLS statistics.
Syntax
clear mpls statistics [ftn | ilm | interface | lsp | vc]
Example
SR# clear mpls statistics ftn
show mpls interface

Use this command to display summarized information of the MPLs-enabled interfaces.
Syntax
show mpls interface
Example
SR# show mpls interface
show mpls stats-interface

Use this command to display MPLS interface statistics.
Syntax
show mpls stats-interface
Example
SR# show mpls stats-interface
October 2010
291
Common MPLS commands
show mpls stats-lsp

Use this command to display originating LSP statistics
Syntax
show mpls stats-lsp
Example
SR# show mpls stats-lsp
show mpls table-forwarding

Use this command to display all LSPs originating from this router. It also displays codes
indicating the selected FTN (FEC to Next-Hop-Label-Forwarding-Entry).
Syntax
show mpls table-forwarding
Example
SR# show mpls table-forwarding
show mpls table-ilm

Use this command to display the MPLS Incoming Label Map table.
Syntax
show mpls table-ilm
Example
SR# show mpls table-ilm
292
October 2010
Chapter 19: MPLS pseudowire commands
configure interface bundle mpls l2-circuit

Use this command to bind an interface (attachment circuit) to an MPLS Layer-2 virtual circuit.
This specifies the source interface where virtual circuit traffic is sent and received. In addition to
Ethernet ports, with the Avaya Secure Router 2330/4134, you can bind WAN bundles running
PPP.
To bind a bundle to the Layer 2 virtual circuit, you must first encapsulate the bundle with PPP.
Then, after the bundle is bound to the circuit, you must also set the encapsulation for the bound
WAN interface to PPP.
Syntax
mpls l2-circuit <VC-ID>
Example
SR/interface/bundle wan1# mpls l2-circuit vc1
configure interface bundle mpls l2-circuit encapsulation

ppp
Use this command to set the encapsulation for the bound WAN interface to PPP.
Syntax
encapsulation ppp
Example
SR/interface/bundle wan1/mpls/l2-circuit vc1# encapsulation ppp
configure interface bundle mpls l2-circuit encapsulation

Use this command to set the encapsulation for the bound Ethernet interface to Ethernet or
VLAN.
October 2010
293
MPLS pseudowire commands
Syntax
encapsulation {ethernet | vlan}
Example
SR/interface/bundle wan1/mpls/l2-circuit vc2# encapsulation ethernet
configure interface ethernet mpls l2-circuit

Use this command to bind an Ethernet interface (attachment circuit) to an MPLS Layer-2 virtual
circuit. This specifies the source interface where virtual circuit traffic is sent and received. With
the SR4134, you can bind any Ethernet ports (including ports on Ethernet modules). However,
the virtual circuit peer must be reachable through a WAN interface or a chassis Ethernet port,
otherwise, the pseudowire cannot be established.
Syntax
mpls l2-circuit <VC-ID>
Example
SR/interface/ethernet (6/12)# mpls l2-circuit vc1
configure interface ethernet switchport mode l2vpn

Use this command to configure the interface mode for the Ethernet attachment circuit as
L2VPN.
Syntax
switchport mode l2vpn
Example
SR/interface/ethernet (6/12)# switchport mode l2vpn
configure interface mpls admin-group

Use this command to assign an interface to an administrative group.
Syntax
[no] mpls admin-group <admin-group-name>
294
October 2010
configure interface mpls ip

Variable
Value
[no]
Removes the interface from the specified administrative

group.
<admin-group-name>
Specifies the name of the administrative group.
Example
SR/configure/interface/ethernet 0/1#mpls admin-group group1
configure interface mpls ip

Use this command to enable MPLS on the interface.
Syntax
mpls ip
Example
SR/configure/interface/ethernet 0/1#mpls ip
configure interface mpls protocol-ldp

Use this command to enable LDP on the interface.
Syntax
mpls protocol-ldp
Example
SR/configure/interface/ethernet 0/1#mpls protocol-ldp
configure interface mpls protocol-rsvp

Use this command to enable RSVP-TE on the interface.
Syntax
mpls protocol-rsvp
October 2010
295
Example
SR/configure/interface/ethernet 0/1#mpls protocol-rsvp
configure mpls l2-circuit

Use this command to create a Layer 2 virtual circuit.
Syntax
[no] mpls l2-circuit <VC-name> <VC-ID> <peer-IP> [<VC-groupname>]
Variable
Value
<VC-name>
Virtual circuit name.
<VC-ID>
Virtual circuit ID: 1-1000000.
<peer-ip>
IPv4 address for the virtual circuit end point.
[<VC-groupname>]
Virtual circuit group name identifier. Not

currently supported.
Example
SR#
mpls l2-circuit toSJ vc1 10.1.2.3
configure mpls static-l2-circuit-ftn

Use this command to create an MPLS Layer-2 Virtual Circuit static FTN entry for an interface.
Note: The interface must be bound to the Virtual Circuit ID specified before this command is
executed
Syntax
[no] mpls static-l2-circuit-ftn <VC-ID> <label-out> <peer-ip>
<incoming-l2-if-name> <outgoing-if-name>
Variable
296
Value
<VC-ID>
<label-out>
Outgoing label for the FEC.
<peer-ip>
IPv4 address for the virtual circuit peer.
October 2010
configure mpls static-l2-circuit-ilm
Variable
Value
<incoming-l2-if-name>
Specifies the incoming Layer 2 interface

name.
<outgoing-if-name>
Specifies the outgoing MPLS tunnel

interface name.
Example
SR# static-l2-circuit-ftn vc1 110 10.1.2.3 ethernet0/3 LSP2
configure mpls static-l2-circuit-ilm

Use this command to create an MPLS Layer-2 Virtual Circuit static ILM entry in the ILM table
to which the incoming interface specified is bound. Upon receipt of a labeled packet on an
MPLS-enabled router, a lookup is done based on the incoming label in the ILM table. If a match
is found, the packet is forwarded directly to the bound Layer 2 interface (without further
analysis).
Syntax
[no] mpls static-l2-circuit-ilm <VC-ID> <label-in> <peer-ip>
<incoming-if-name> <outgoing-l2-if-name>
Variable
Value
<VC-ID>
<label-in>
Incoming VC label: 1040-2063.
<peer-ip>
IPv4 address for the virtual circuit peer.
<incoming-if-name>
Specifies the incoming MPLS tunnel

interface name.
<outgoing-l2-if-name>
Specifies the outgoing Layer 2 interface

name.
Example
SR# static-l2-circuit-ilm vc1 100 10.1.2.3 LSP1 ethernet0/3
show ldp mpls-l2-circuit

Use this command to display the Layer-2 virtual circuit summary information.
October 2010
297
Syntax
show ldp mpls-l2-circuit [<VC-ID>][detail]
Example
SR# show ldp mpls-l2-circuit vc1
show mpls l2-circuit

Use this command to display MPLS Layer-2 Virtual Circuit data.
Syntax
show mpls l2-circuit [<VC-name>]
Example
SR# show mpls l2-circuit vc1
show mpls l2-circuit-group

Use this command to display MPLS Layer-2 Virtual Circuit group data.
Syntax
show mpls l2-circuit-group [<VC-group-name>]
Example
SR# show mpls l2-circuit-group vcgroup1
show mpls static-l2-circuit-ftn

Use this command to display the static L2-circuit FTN entry.
Syntax
show mpls static-l2-circuit-ftn
Example
SR# show mpls static-l2-circuit-ftn
298
October 2010
show mpls static-l2-circuit-ilm

Use this command to display the static L2-circuit ILM entry.
Syntax
Example
SR# show mpls static-l2-circuit-ilm
show mpls stats-vc

Use this command to display the Layer-2 virtual circuit statistics.
Syntax
show mpls stats-vc
Example
SR# show mpls stats-vc
show mpls table-vc

Use this command to display the Layer-2 virtual circuit table.
Syntax
show mpls table-vc
Example
SR# show mpls table-vc
October 2010
299
300
October 2010
Chapter 20: Ethernet interface commands
interface ethernet
Use this command to access next-level commands for configuring an Ethernet port.
Syntax
interface ethernet <slot/port>
Variable
<slot/port>
Value
The slot and port numbers that identify the
port to configure. For example, 7/1.
Example
SR/configure# interface ethernet 0/0
interface ethernet description

Use this command to configure a description for an Ethernet interface.
Syntax
description <string>
Variable
<string>
Value
Specifies the description. The string length
for a description is 76 characters. You must
enclose the description in quotation marks.
Example
SR/configure/interface/ethernet (0/1)# description "Main LAN"
October 2010
301
Ethernet interface commands
interface ethernet ip tcp-mss

Use this command to specify the TCP MSS clamping value for an Ethernet interface.
Syntax
ip tcp-mss <value>
Variable
<value>
Value
Specifies the TCP MSS clamping value for the tunnel. Values
range from 536 to 9176.
Example
SR/configure/interface/ethernet 0/4#ip tcp-mss 555
interface ethernet mtu

Use this command to configure the MTU size for an Ethernet interface.
Important:
Syntax
mtu <size>
Variable
<size>
Value
Specifies the MTU size. Valid values are 64
to 9216. The default value is 1500.
Example
SR/configure/interface/ethernet (0/1)# mtu 9216
302
October 2010
interface ethernet REM
interface ethernet REM

Use this command to add comments at the beginning of the Ethernet area of a configuration
file.
Syntax
REM <string>
Variable
<string>
Value
Specifies the comments. The string length
for comments is 80 characters. You must
enclose comments in quotation marks.
Example
SR/configure/interface/ethernet (0/1)# REM "Configured on July 30"
interface ethernet REM_

Use this command to add comments to an interface. The comments appear at the end of the
Ethernet area of a configuration file.
Syntax
REM_ <string>
Variable
<string>
Value
Specifies the comments. The string length
for comments is 80 characters. You must
enclose comments in quotation marks.
Example
SR/configure/interface/ethernet (0/1)# REM_ "Configured on July 30".
October 2010
303
interface ethernet speed

Use this command to configure the speed of an Ethernet interface.
Syntax
speed {10|100|1000|auto} mode {half_duplex| full_duplex}
Variable
Value
{10 | 100 | 1000 | auto}
Specifies the speed of the port. The default

value is auto.
{half_duplex | full_duplex}
Specifies the operating mode for the port.

The default value is half_duplex.
<slot/port>
Specifies the slot and port numbers that

identify the port for configuration. For
example, 6/1.
Example
SR/configure/interface/ethernet (0/1)# speed auto mode full_duplex
interface ethernet traffic-class-table

Use this command to configure the traffic class tables values, specifically, the user priority and
number of supported traffic classes.
Syntax
traffic-class-table user-priority <user priority> num-trafficclasses <traffic classes> value <value>
Variable
304
Value
<traffic classes>
Specifies the number of traffic classes

supported. Valid values are 1 to 8.
<user priority>
Specifies the user priority value. Valid values

are 0 to 7.
<value>
Specifies the value to be used for the given

user priority and number of traffic classes.
October 2010
interface ethernet user-priority
Example
SR/configure/interface/ethernet (0/1)# traffic-class-table userpriority 1 num-traffic-classes 3 value 3
interface ethernet user-priority

Use this command to configure the default user priority associated with a Layer 2 interface.
Syntax
user-priority <value>
Variable
<value>
Value
Specifies the user priority value for the
interface. Valid values are 0 to 7.
Example
SR/configure/interface/ethernet (0/1)# user-priority 3
system jumbo-mtu-limit
The Secure Router 2330/4134 supports jumbo frames. Use this command to configure the
Secure Router 2330/4134 system settings to support jumbo frames.
Important:
Syntax
system jumbo-mtu-limit <value>
Variable
<value>
Value
Valid values for the jumbo MTU limit are 1500
and 9216 bytes. The default value is 1500
bytes.
October 2010
305
Example
SR/configure# system jumbo-mtu-limit 9216
306
October 2010
Chapter 21: Interface mode commands
configure interface vlan ip helper-address service

Use this command to configure the VLAN IP Helper address service.
Syntax
[no] ip helper-address <A.B.C.D> service <service>
Variable
Value
<A.B.C.D>
Specifies the IP address.
[no]
Disables the VLAN IP Helper address service.
<service>
Specifies the service name to specify IP helper for a service.

Available options are:
dnsDomain Name Service
netbios-dgmNetBIOS datagram service
netbios-nsNetBIOS name service
netbios-ssNetBIOS session service
tftpTrivial File Transfer Protocol
timeTime
Example
SR/configure/interface/vlan vlan3#ip helper-address 10.10.1.1
service dns
configure interface vlan ip helper-address protocol

Use this command to configure the VLAN IP Helper address protocol
Syntax
[no] ip helper-address <A.B.C.D> protocol <protocol>
October 2010
307
Interface mode commands

Variable
Value
<A.B.C.D>
Specifies the IP address.
[no]
Specifies the service name to specify IP helper for a service.

Available options are:
<protocol>
Specifies the protocol to be used. Options available are:

UDPto a specific UDP port.
Example
SR/configure/interface/vlan vlan3#ip helper-address protocol udp
configure interface vlan ip helper-address port

Use this command to configure the VLAN IP helper address port.
Syntax
[no] ip helper-address <A.B.C.D> port <port>
Variable
Value
<A.B.C.D>
Specifies the IP helper address.
[no]
Disables the VLAN IP Helper address port.
<port>
Specifies the port number. Values range from 1 to 65535.
Example
SR/configure/interface/vlan vlan3#ip helper-address 10.10.1.1 port 52
switchport
Use this command to configure an interface as a Layer 2 interface. Also use this command to
create an access port.
Syntax
switchport
308
October 2010
no switchport
Example
SR/configure/interface/ethernet (6/1)# switchport
no switchport
Use this command to disable a configured link (trunk, access, or hybrid) on an interface.
Syntax
no switchport
Example
SR/configure/interface/ethernet (6/1)# no switchport
switchport mode hybrid

A hybrid link is a LAN segment that contains both VLAN-aware and VLAN-unaware devices.
Consequently, a hybrid link can carry both VLAN tagged frames and other (untagged or prioritytagged) frames.
Use this command to enable a hybrid link between devices.
Syntax
switchport mode hybrid
Example
SR/configure/interface/ethernet (6/1)# switchport mode hybrid
To disable a hybrid link on an interface, enter: no switchport
switchport mode trunk

Trunk links are required to pass VLAN information between devices. You can configure a trunk
port to be a member of all the VLANs that exist on the device. That port then carries traffic
for all the VLANs between the devices. To distinguish between the traffic flows, a trunk port
must mark the frames with special tags as they pass between the devices. You must enable
trunking on both sides of a link. If two devices are connected together, for example, you must
configure both device ports for trunking.
Use this command to enable trunking between the devices.
October 2010
309
Syntax
switchport mode trunk
Example
SR/configure/interface/ethernet (6/1)# switchport mode trunk
To disable a trunk link on an interface, enter: no switchport
switchport hybrid allowed

Use this command to add VLANs to the selected hybrid link.
Syntax
switchport hybrid allowed vlan {all|<vid>} egress {tagged|untagged}
Variable
<vid>
Value
Specifies a VLAN ID.
Example
SR/configure/interface/ethernet (6/1)# switchport hybrid allowed vlan
all egress tagged
switchport hybrid remove

Use this command to remove VLANs from the selected hybrid link.
Syntax
switchport hybrid remove vlan {all|<vid>} egress {tagged|untagged}
Variable
<vid>
Value
Example
SR/configure/interface/ethernet (6/1)# switchport hybrid remove vlan
3 egress tagged
310
October 2010
switchport trunk allowed
switchport trunk allowed

Use this command to add VLANs to the selected trunk link.
Syntax
switchport trunk allowed vlan {all|<vid>}
Variable
<vid>
Value
Example
SR/configure/interface/ethernet (6/1)# switchport trunk allowed vlan
all
switchport trunk remove

Use this command to remove VLANs from the selected trunk link.
Syntax
switchport trunk remove vlan {all|<vid>}
Variable
<vid>
Value
Example
SR/configure/interface/ethernet (6/1)# switchport trunk remove vlan 3
switchport pvid
There can be only one VLAN assigned to an access port. VLAN ID 1 is the default VLAN
assigned to each port. Use this command to change the VLAN assigned to an access link.
Syntax
switchport pvid <vid>
October 2010
311

Variable
<vid>
Value
Example
SR/configure/interface/ethernet (6/1)# switchport pvid 10
show bridge port

Use this command to view information related to the interface mode.
Syntax
show bridge port
Example
SR# show bridge port
show interface ethernet

Use this command to view information related to the operation of the port.
Syntax
show interface ethernet <slot/port>
Example
SR# show interface ethernet 6/1
show interface ethernets

Use this command to display information for all Ethernet interfaces.
Syntax
show interface ethernets
Example
SR#show interface ethernets
312
October 2010
Chapter 22: MAC address table commands
mac address
Use this command to add a list of interfaces and associated MAC addresses to the Layer 2
forwarding table.
Syntax
[no] mac address <mac addr> {forward|discard} <interface> vlan <vid>
Variable
Value
{forward | discard}
Specify whether frames received with the

configured MAC address are to be discarded
or forwarded.
<interface>
Specifies the interface on which the frame

enters the Avaya Secure Router 2330/4134.
For example, ethernet6/1.
[no]
Deletes a static MAC address entry from the

MAC address table.
<vid>
Specifies the VLAN ID of the received

frames.
Example
SR/configure# mac address 0000.5555.5550 forward ethernet6/1 vlan 10
mac aging-time
Use this command to specify an age-out time for a learned MAC address. The learned MAC
address will persist until the configured age-out time is expired.
Syntax
[no] mac aging-time <age-out value>
October 2010
313
MAC address table commands

Variable
Value
<age-out value>
The number of seconds that a learned MAC

address persists. The default age-out time
value is 300 seconds. Valid values are 10 to
630 seconds.
[no]
Restores the default age-out time for a

learned MAC address.
Example
SR/configure/bridge# mac aging-time 400
show bridge config

After you have configured the MAC Address entries and aging time, use this command to verify
successful operation by viewing summary information about bridge configuration.
Syntax
show bridge config
Example
SR# show bridge config
show bridge detail

After you have configured the MAC Address entries and aging time, use this command to verify
successful operation by viewing detailed bridge configuration information.
Syntax
show bridge detail
Example
SR# show bridge detail
show bridge mac

Use this command to view information about the MAC table on a bridge.
314
October 2010
show bridge mac address
Syntax
show bridge mac [slot/port] [vid]
Variable
Value
[slot/port]
Specifies the port from which you gather the

MAC table information. This is an optional
parameter.
[vid]
Specifies a VLAN ID. This is an optional

parameter.
Example
SR# show bridge mac 6/1 10
show bridge mac address

Use this command to view information for a specific MAC address on a bridge.
Syntax
show bridge mac address <mac addr>
Variable
<mac addr>
Value
Specifies the MAC address in
HHHH.HHHH.HHHH format.
Example
SR# show bridge mac address 0000.5555.6666
show bridge mac dynamic

Use this command to view information about dynamic MAC entries.
Syntax
show bridge mac dynamic [vid]
October 2010
315

Variable
[vid]
Value
parameter.
Example
SR# show bridge mac dynamic 10
show bridge mac static

After you have configured static MAC Address entries, use this command to verify operation
by viewing information about static MAC entries.
Syntax
show bridge mac static
Example
SR# show bridge mac static
show bridge mac multicast

Use this command to view information about multicast MAC entries.
Syntax
show bridge mac multicast [vid]
Variable
[vid]
Value
parameter.
Example
SR# show bridge mac multicast
316
October 2010
show bridge mac unicast
show bridge mac unicast

Use this command to view information about multicast MAC entries.
Syntax
show bridge mac unicast [vid]
Variable
[vid]
Value
parameter.
Example
SR# show bridge mac unicast 10
October 2010
317
318
October 2010
Chapter 23: PoE commands
poe detect3af
Use this command to enable 802.3af-compliant device detection.
Syntax
[no] poe detect3af <slot>
Variable
Value
[no]
Disables 802.3af detection for the module in

the specified slot. 802.3af is disabled by
default.
<slot>
Specifies the slot in which the interface

module is installed on which you enable
802.3af-compliant device detection. Valid
values for <slot> are 5, 6, and 7. When
disabled, both 802.3af compliant devices
and legacy devices are detected. For
example, if you configure poe
detect3af <5>, only legacy devices are
detected in the ports of the module inserted
in slot 5.
Example
SR/configure# poe detect3af 6
poe portmode
Use this command to configure PoE port modes. Port modes are auto, static, or never.
Important:
When the system comes up for the first time, power is disabled for safety reasons, even
though ports are in "auto" mode.
October 2010
319
PoE commands
Syntax
[no] poe portmode <slot/port> <mode>
Variable
Value
<mode>
Specifies the port mode. Valid values for

mode are 1 to 3 (1=auto; 2=static; 3=never.
The default value for mode is 1.
Auto mode: Enables port power on the
specified port (with a power limit of 16 W). If
you set the port to auto mode, then port
power is enabled to the port, and the default
power of 16 W (maximum) can be supplied
to the device connected to the specified port.
Static mode: Sets the power limit for the
specified port to 16 W and enables power on
the port. After setting the port mode to
"static", you can set the port power limit in the
range of 37 to 16000 milliwatts (mW) using
the poe portpowerlimit command.
Never mode: Disables power on the
specified port until you change the mode to
either "auto" or "static". Port power is always
disabled in "never" mode.
[no]
Resets the port mode to the default value of

"auto".
<slot/port>
Specifies the slot and port number that

identify the port to configure. Valid values for
slot are 5 to 7. Valid values for port are 1 to
24.
Example
SR/configure# poe portmode 6/1 never
poe portpower
Use this command to enable power on a port.
You can configure this only when the mode of operation is "auto" or "static" mode. If you use
this command when the mode of operation is "never", the command has no impact on the
system configuration. For ports that are in "auto" or "static" mode, the port power is enabled
and powered devices connected to these ports receive power.
The default value is power disabled on all 24 ports of a PoE card.
320
October 2010
poe portpowerlimit
Syntax
[no] poe portpower <slot/port>
Variable
Value
[no]
Disables power on the specified port.

You can configure this only when the mode
of operation is "auto" or "static" mode. If you
use this command when the mode of
operation is "never", the command has no
impact on the system configuration. For ports
that are in "auto" or "static" mode, the port
power is disabled and powered devices
connected to these ports do not receive
power.
<slot/port>

24.
Example
SR/configure# poe portpower 6/1
poe portpowerlimit
Use this command to configure PoE port power limits.
Important:
The power limit is set with an accuracy of 100mW. For example, if the power limit is set to
any value in the range 37 to 99, the power limit is set to 0. If the power limit is set to any
value in the range 100 to 199, the power limit is set to 100 mW. If the power limit is set to
any value in the range 15900 to 15999, the power limit is set to 15900 mW.
Syntax
[no] poe portpowerlimit <slot/port> <power limit>
Variable
Value
[no]
Resets the power limit to the default value

(16000 mW).
<power limit>
Specifies the power limit for a port that is in

static mode. Valid values for the power limit
October 2010
321
PoE commands
Variable
Value
are 37 to 16000 milliwatts (mW). The default
value is 16000 mW (that is, 16 W).
<slot/port>

24.
Example
SR/configure# poe portpowerlimit 6/1 37
poe portpriority
Use this command to configure the priority of PoE ports. When available power falls below the
configured value, the lowest priority ports are shut down first.
Syntax
[no] poe portpriority <slot/port> <port priority>
Variable
Value
[no]
Resets the port priority to the default value

(3). This command also removes the port
priority configuration for this port from the
running configuration.
<port priority>
Valid values for <port priority> are in the

range of 1 to 3 (1=critical; 2=high; 3=low).
The default value for port priority is 3.
<slot/port>

24.
Example
SR/configure# poe portpriority 6/1 2
322
October 2010
show poe portconfig
show poe portconfig

Use this command to view information about the priority and power limit configured for a
specified port.
Syntax
show poe portconfig <slot/port>
Variable
<slot/port>
Value
identify the port for which you want to view
information. Valid values for slot are 5 to 7.
Valid values for port are 1 to 24.
Example
SR# show poe portconfig 6/1
show poe portspower

Use this command to view information about the current power drawn by each device
connected to the ports of a PoE module.
Syntax
show poe portspower <slot>
Variable
<slot>
Value
module is installed. Valid values for <slot>
are 5, 6, and 7.
Example
SR# show poe portspower <slot>
October 2010
323
PoE commands
show poe portstatus

Use this command to view information about the status of port power for the given port, as well
as the reason for the port becoming disabled.
Syntax
show poe portstatus <slot/port>
Variable
<slot/port>
Value
identify the port for which you want to view
information. Valid values for slot are 5 to 7.
Valid values for port are 1 to 24.
Example
SR# show poe portstatus 6/1
show poe totalpower

Use this command to view information about the total power consumed by the devices
connected to the ports of a PoE module.
Syntax
show poe totalpower <slot>
Variable
<slot>
Value
module is installed. Valid values for <slot>
are 5, 6, and 7.
Example
SR# show poe totalpower 6
324
October 2010
Chapter 24: VLAN commands
vlan database
Use this command to enter the VLAN configuration mode.
Syntax
vlan database
Example
SR/configure# vlan database
vlan
Use this command to create VLANs in the bridge global database and to remove VLANs from
the database.
Syntax
[no] vlan <vid> [name <WORD>]
Variable
Value
[name <WORD>]
The name that you assign to the VLAN. This

parameter is optional.
[no]
Removes a VLAN from the database.
<vid>
The VLAN identification number that you

assign. Valid values are 2 to 4000.
Example
SR/configure/vlan#
vlan 10
October 2010
325
VLAN commands
show bridge vlan

After you have configured VLANs, use this command to verify operation and the interfaces to
which the VLAN is assigned.
Syntax
show bridge vlan
Example
SR# show bridge vlan
interface vlan
Use this command to select a VLAN interface.
Syntax
interface vlan vlan<vid>
Example
SR/configure# interface vlan vlan10
shutdown
Use this procedure to shut down a VLAN interface.
Syntax
shutdown
Example
SR/configure/interface/vlan vlan10# shutdown
vlan classification
Use this command to enter VLAN classification configuration mode.
326
October 2010
rule ipv4
Syntax
vlan classification
Example
SR/configure# vlan classification
rule ipv4
Use this command to create an IPv4 subnet-based VLAN classification rule. If the source IP
address matches the IP subnet specified in the VLAN classification rule, the received packets
are mapped to the specified VLAN.
Syntax
[no] rule <id> ipv4 {ipaddr/netmask|ipaddr} vlan <vid>
Variable
Value
<id>
Specifies the VLAN classifier rule ID. Valid

values are 1 to 12.
{ipaddr/netmask|ipaddr}
Specifies the IPv4 address. Specify either an

IP address, or a subnet. For example,
10.11.12.13/24.
[no]
Removes an IPv4 subnet-based VLAN

classification rule.
<vid>
Specifies the VLAN ID.
Example
SR/configure/vlan classification# rule 2 ip4 20.20.20.10/32 vlan 2
rule protocol
Use this command to create a protocol-based VLAN classification rule. If the protocol type
matches the protocol specified in the VLAN classification rule, the received packets are
mapped to the specified VLAN.
Syntax
[no] rule <id> protocol <protocol> encap <encapsulation>
October 2010
327
VLAN commands

Variable
Value
<id>

values are 1 to 12.
<protocol>
The protocol parameter is either a number

(from 0 to 65535), or one of the following:
ipv4
ipv6
mpls
arp
rarp
vlan-tagged
appletalk
ipx
pppoe-disc
pppoe-session
[no]
Removes a protocol-based VLAN

classification rule.
<encapsulation>
Specifies the encapsulation type. Enter one

of the following:
ethv2
llcsnap
llc
Example
SR/configure/vlan classification# rule 3 protocol mpls en llcsnap
vlan classification ipv4

After you have defined protocol rules, you can apply those rules to an interface. Use this
command to apply an IPv4 subnet-based classification rule to an interface.
Important:
You can apply VLAN classification rules only on hybrid ports.
328
October 2010
vlan classification protocol rule
Syntax
[no] vlan classification ipv4
Example
SR/configure/interface/ethernet (6/1)# vlan classification ipv4
vlan classification protocol rule

After you have defined protocol rules, you can apply those rules to an interface. Use this
command to apply a protocol-based classification rule to an interface.
Important:
You can apply VLAN classification rules only on hybrid ports.
Syntax
[no] vlan classification protocol rule <id> vlan <vid>
Variable
Value
<id>

values are 1 to 12.
[no]
Removes a protocol-based VLAN

classification rule from the interface.
<vid>
Example
SR/configure/interface/ethernet (6/1)# vlan classification protocol
rule 1 vlan 4
switchport mode access vlan-stacking

Use this command to enable VLAN stacking on an interface.
Note that the no command option is unavailable for VLAN stacking. To disable VLAN stacking,
enter switchport mode access for the interface.
Syntax
switchport mode access vlan-stacking
October 2010
329
VLAN commands
Example
SR/configure/interface/ethernet (6/2)# switchport mode access vlanstacking
show bridge port

Use this command to verify the successful operation of your VLAN stacking configuration.
Syntax
show bridge port
Example
SR# show bridge port
330
October 2010
Chapter 25: MSTP commands
bridge
Use this command to access the bridge configuration context.
Syntax
bridge
Example
SR/configure# bridge
bridge forward-delay
Forward delay is the time interval that bridges use to transition root and designated ports to
the forwarding state. When the Avaya Secure Router 2330/4134 powers up, or when a device is
connected to a port, the port normally enters the Spanning Tree listening state. When the
forward delay timer expires, the port enters the learning state. When the forward delay timer
expires a second time, the port transitions to the forwarding state.
Use this command to configure the forward-delay time interval.
Syntax
[no] forward-delay <time value>
Variable
Value
[no]
Restores the forward delay value to the

default setting (15 seconds).
<time value>
Specifies the forward time delay, expressed

in seconds. The default value is 15 seconds.
Valid values are 4 to 30 seconds.
Example
SR/configure/bridge#
forward-delay 20
October 2010
331
MSTP commands
bridge hello-time
The Secure Router 2330/4134 transmits a BPDU at every hello time.
The hello time is the time, in seconds, after which (if the bridge is the root bridge) all the bridges
in a bridged LAN exchange BPDUs. A very low hello time value results in excessive traffic on
the network, while a higher value delays the detection of topology change.
Use this command to configure the bridge hello time.
Syntax
[no] hello-time <time value>
Variable
Value
[no]
Restores the hello time value to the default

setting (2 seconds).
<time value>
Specifies the interval, expressed in seconds,

between BPDU exchanges. The default
value is 2 seconds. Valid values are 1 to 10
seconds.
Example
SR/configure/bridge# hello-time 5
bridge max-age
The maximum age time represents the maximum age of the information after which the
information becomes stale. Use this command to configure the maximum age time.
Syntax
[no] max-age <time value>
Variable
332
Value
[no]
Restores the maximum age time to the

default setting (20 seconds).
<time value>
The maximum age time, expressed in

Valid values are 6 to 40 seconds.
October 2010
bridge priority
Example
SR/configure/bridge# max-age 15
bridge priority
You can assign a priority to the bridge. The lower the priority, the greater the chance that the
bridge becomes root for the Common Spanning Tree.
Syntax
[no] priority <value>
Variable
Value
[no]
Restores the bridge priority value to the

default setting (32768).
<value>
Specifies the bridge priority. The default

value is 32768 (or hex 0x8000). Valid values
are 0 to 61440, and are increments of 4096.
Example
SR/configure/bridge# priority 61440
mstp
Use this command to access the Multiple Spanning Tree Protocol (MSTP) configuration
context.
Syntax
mstp
Example
SR/configure/bridge# mstp
mstp instance
Use this command to create an MSTP instance.
October 2010
333
MSTP commands
Syntax
instance <instance id>
Variable
<instance id>
Value
Specifies the MSTP instance ID. Valid values
are 1 to 15.
Example
SR/configure/bridge/mstp# instance 1
mstp instance priority

You can assign a priority value for a bridge associated with an instance. The lower the priority,
the greater the chance the bridge becomes root for that instance. Use the procedure in this
section to configure priority for an instance.
Syntax
Variable
Value
[no]
Restores the default priority value for an

instance. The default value for priority is
32768.
<value>
Specifies the priority that you assign to the

instance. The default value for priority is
32768. Bridge priority values are in
increments of 4096. Valid values are 0 to
61440.
Example
SR/configure/bridge/mstp/instance 1# priority 100
mstp max-hops
Hop count in the packet gets decremented on every node that it traverses. Once the hop count
reaches zero, the packet becomes stale. Use this command to configure the maximum hops
for a BPDU.
334
October 2010
mstp region
Syntax
[no] max-hops <value>
Variable
Value
[no]
Restores the default maximum hops value

for a BPDU (20).
<value>
The maximum hops for which a BPDU is

valid. Valid values are 1 to 40. The default
value is 20.
Example
SR/configure/bridge/mstp# max-hops 15
mstp region
Use this command to configure the MSTP region name.
Syntax
region <region-name>
Variable
<region-name>
Value
The name you specify for the MSTP region.
Example
SR/configure/bridge/mstp# region region1
mstp revision
Use this command to configure the MSTP revision number.
Syntax
[no] revision <revision number>
October 2010
335
MSTP commands

Variable
Value
[no]
Restores the default revision number (0).
<revision number>
The revision number that you assign. The

default value is 0. Valid values are 0 to 255.
Example
SR/configure/bridge/mstp# revision 1
spanning-tree
Use this command to access the Spanning Tree configuration context.
Syntax
spanning-tree
Example
SR/configure/interface/ethernet (6/1)# spanning-tree
spanning-tree force-version
You can configure MSTP, RSTP, or STP on a port of a bridge. If STP is configured on the port,
only STP packets flow through that port. MSTP is enabled on every port, by default. Use this
command to set the Spanning Tree version on a port.
Syntax
[no] force-version <WORD>
Variable
336
Value
[no]
Restores the default Spanning Tree version

(MSTP) on a port.
<WORD>
Specifies the STP version for the port. Valid

values for <WORD> are STP, RSTP, and
MSTP. The default value is MSTP.
October 2010
spanning-tree link-type
Example
SR/configure/interface/ethernet (6/1)/spanning-tree# force-version
RSTP
spanning-tree link-type
Use this command to configure the link type.
Syntax
[no] link-type <type>
Variable
Value
[no]
Restores the default link type (point-topoint) for an interface.
<type>
Specifies the link type. Valid values are pointto-point and shared. The default value is
point-to-point.
Example
SR/configure/interface/ethernet (6/1)/spanning-tree# link-type
shared
instance path-cost
Use this command to configure the cost of a path for an MSTP instance.
Syntax
[no] path-cost <value>
Variable
Value
[no]
Restores the default path cost value for an

MSTP instance.
<value>
Specifies the path cost that you assign to the

MSTP instance. Valid values are 1 to
200000000. The default value is auto-detect.
October 2010
337
MSTP commands
Example
SR/configure/interface/ethernet (6/1)/spanning-tree/instance 2#
path-cost 1
instance priority
Use this command to configure the port priority for an MSTP instance.
Syntax
Variable
Value
[no]
Restores the default priority value for an

MSTP instance.
<value>
Specifies the port priority that you assign to

the MSTP instance. The default value for
priority is 32768. Bridge priority values are in
increments of 4096. Valid values are 0 to
61440.
Example
SR/configure/interface/ethernet (6/1)/spanning-tree/instance 2#
priority 100
spanning-tree portfast
Use this command to enable rapid transitions.
Syntax
[no] portfast
Variable
[no]
Value
Disables rapid transitions.
Example
SR/configure/interface/ethernet (6/1)/spanning-tree# portfast
338
October 2010
spanning-tree portfast bpdu-filter
spanning-tree portfast bpdu-filter

The Spanning Tree Protocol sends BPDUs from all ports. Enabling the BPDU Filter feature
ensures that PortFast-enabled ports do not transmit or receive any BPDUs. Use this command
to enable PortFast BPDU filter on a port.
Syntax
[no] portfast bpdu-filter
Variable
[no]
Value
Disables PortFast BPDU filter for a port.
Example
SR/configure/interface/ethernet (6/1)/spanning-tree# portfast bpdufilter
spanning-tree portfast bpdu-guard

Use this command to enable BPDU Guard on a PortFast-enabled port.
Syntax
[no] portfast bpdu-guard
Variable
[no]
Value
Disables BPDU Guard on a port.
Example
SR/configure/interface/ethernet (6/1)/spanning-tree# portfast bpduguard
spanning-tree path-cost
The port with the least path cost is selected as the preferred port for traffic transmission. Use
this command to configure the path cost for a port.
October 2010
339
MSTP commands
Syntax
[no] path-cost <value>
Variable
Value
[no]
Restores the default path cost (auto-detect).
<value>
Specifies the path cost. The default value is

auto-detect. Valid values are 1 to
200000000.
Example
SR/configure/interface/ethernet (6/1)/spanning-tree# path-cost 1000
spanning-tree priority
The lower the port priority, the greater the chance that the port is selected for traffic
transmission. Use this command to configure the priority for a port.
Syntax
Variable
Value
[no]
Restores the default link priority (128).
<value>
Specifies the link priority. The default value is

128. Valid values are 0 to 240.
Example
SR/configure/interface/ethernet (6/1)/spanning-tree# priority 100
show spanning-tree
Use these commands to show information about the state and role of all ports in Common
Spanning Tree.
Syntax
show spanning-tree
show spanning-tree [detail]
340
October 2010
clear spanning-tree mstp
show spanning-tree [interface <interface id>]

show spanning-tree [mstp instance]
show spanning-tree [mstp instance vlan]
show spanning-tree [mstp instance <instance id>]
show spanning-tree [mstp instance <instance id> vlan]
show spanning-tree [mstp instance <instance id> port]
Variable
Value
<interface id>
Shows Spanning Tree information for the

<instance id>
Shows Spanning Tree information for the

specified instance. Instance ID is a value
from 1 to 15.
Example
SR# show spanning-tree mstp instance 5
clear spanning-tree mstp

Use this command to reset Spanning Tree.
Syntax
clear spanning-tree mstp all
clear spanning-tree mstp interface <interface id>
clear spanning-tree mstp instance <instance id>
Variable
Value
<interface id>
Resets Spanning Tree on the specified

interface.
<instance id>
Resets Spanning Tree on the specified

instance. Instance ID is a value from 1 to 15.
Example
SR# clear spanning-tree mstp interface ethernet6/1
October 2010
341
MSTP commands
clear spanning-tree statistics

Use this command to clear Spanning Tree statistics.
Syntax
clear spanning-tree statistics
Example
SR# clear spanning-tree statistics
342
October 2010
Chapter 26: LACP commands
lacp
Use this command to select the LACP configuration mode.
Syntax
lacp
Example
SR/configure# lacp
lacp channel-group mode

Use this command to enable LACP on an Ethernet interface.
Syntax
[no] channel-group <value> {static|mode <mode>}
Variable
Value
[no]
Removes LACP configuration from an

interface.
{static | mode <mode>}
Specifies the LACP mode of the channel

group. Enter static or mode <mode>.
Valid values for mode are active or
passive.
In static mode, the link aggregation forms
without any LACP negotiation. That is, the
Avaya Secure Router 2330/4134 neither
sends the LACP packet nor processes any
incoming LACP packet.
In passive mode, the Avaya Secure Router
2330/4134 does not initiate the channel, but
does understand incoming LACP packets.
The peer (in active state) initiates negotiation
October 2010
343
LACP commands
Variable
Value
to form the aggregation channel with the
peer.
In the active state, the Avaya Secure Router
2330/4134 initiates the negotiation. The link
aggregate forms if the other end is running in
LACP active or passive mode.
<value>
Specifies the channel group ID number. Valid

values are 1 to 8.
Example
SR/configure/interface/ethernet (6/1)/lacp# channel-group 1 mode
active
SR/configure/interface/ethernet (6/1)/lacp# channel-group 2 static
lacp priority
Use this command to configure the system priority for a local system. The system priority is
used in determining the system responsible for resolving conflicts in the choice of aggregation
groups. Lower numerical values have higher priorities.
Syntax
[no]priority <priority value>
Variable
Value
<priority value>
Specifies the LACP priority that you assign

to the system. The default value is 32768.
Valid values are 1 to 65535.
[no]
Resets the system priority of the local system

to the default value (32768).
Example
SR/configure/lacp# priority 65535
interface lag
You can treat a Link Aggregation Group (LAG) as an interface. You can configure a LAG as a
Layer 3, access, trunk, or hybrid interface. Use this command to select a LAG interface.
344
October 2010
lacp timeout
Syntax
interface lag lag<id>
Variable
lag<id>
Value
Specifies the LACP interface bundle. The
<id> parameter is a channel group ID. For
example, lag1. Valid values are 1 to 8.
Example
SR/configure# interface lag lag1
lacp timeout
Use this command to set a short or long timeout on a port.
Syntax
timeout <short|long>
Variable
<short | long>
Value
Specifies an interval of time between LACP
Protocol Data Units (PDUs), after which the
bridge considers the LACP link partner to be
down. The supported values are the
following:
short: a fast timeout. This is
approximately 3 seconds.
long: a slow timeout. This is
approximately 90 seconds.
The default value is long.
Example
SR/configure/interface/ethernet (6/1)# timeout short
show lacp channel-group

Use this command to view channel-group information
October 2010
345
LACP commands
Syntax
show lacp channel-group [summary]
Example
SR# show lacp channel-group
show lacp dynamic

Use this command to view LACP dynamic information.
Syntax
show lacp dynamic {channel-group|detail|memberport}
Example
SR# show lacp dynamic detail
show lacp member-port

Use this command to view aggregator member information.
Syntax
show lacp member-port
Example
SR# show lacp member-port
346
October 2010
Chapter 27: IGMP snooping commands
ip igmp snooping
Use this command to access the IGMP Snooping configuration mode.
Syntax
ip igmp snooping
Example
SR/configure# ip igmp snooping
snooping enable
Use this command to globally enable IGMP Snooping.
Syntax
snooping enable
Example
SR/configure/ip/igmp/snooping# snooping enable
snooping disable
Use this command to globally disable IGMP Snooping.
Syntax
snooping disable
Example
SR/configure/ip/igmp/snooping# snooping disable
October 2010
347
IGMP snooping commands
fast-leave enable
Use this command to enable fast leave processing.
Syntax
fast-leave enable
Example
SR/configure/ip/igmp/snooping/vlan 2# fast-leave enable
fast-leave disable
Use this command to disable fast leave processing.
Syntax
fast-leave disable
Example
SR/configure/ip/igmp/snooping/vlan 2# fast-leave disable
last-member-query-interval
Use the procedure in this section to configure the last member query interval.
The Avaya Secure Router 2330/4134 does not support the "no" command option to remove a
configured last member query interval. To remove existing configuration, you must reconfigure
the interval to a new value. For example, to reset a configured last member query interval to
the default value (1000 ms), you must explicitly reconfigure the last member query interval to
1000 ms.
Syntax
last-member-query-interval <interval>
Variable
<interval>
348
Value
Specifies the maximum response time
inserted into group-specific queries sent in
response to "leave group" messages, and is
October 2010
max-response-time
Variable
Value
also the amount of time between groupspecific query messages.
Valid values (in milliseconds) are in the range
of 1000 to 25500.
The default value is 1000 milliseconds.
Example
SR/configure/ip/igmp/snooping/vlan 2# last-member-query-interval
2500
max-response-time
Use this command to specify the maximum response time to insert into query messages.
The Secure Router 2330/4134 does not support the "no" command option to remove a
configured maximum response time from a VLAN. To remove existing configuration, you must
reconfigure the maximum response time to a new value. For example, to reset a configured
maximum response time to the default value (100 centiseconds [cs]), you must use the
procedure in this section to explicitly reconfigure the maximum response time to 100 cs.
Syntax
max-response-time <value>
Variable
<value>
Value
Specifies the maximum response time
(expressed in centiseconds) to insert into the
periodic general queries sent by a querier.
Valid values are 100 to 2000. The default
value is 100.
Example
SR/configure/ip/igmp/snooping/vlan 10# max-response-time 200
ip igmp snooping mrouter

Use this command to specify a static mrouter port. The interface you configure as an mrouter
port should be a member of the specified VLAN.
October 2010
349
Syntax
[no] mrouter <IFNAME>
Variable
<IFNAME>
Value
The interface name, or name of the port. For
example, ethernet7/1.
Example
SR/configure/ip/igmp/snooping/vlan 2# mrouter ethernet 6/1
proxy enable
IGMP proxy allows the router to function as proxy for the hosts that are attached downstream of
the router. Use this command to enable IGMP proxy for the Secure Router 2330/4134.
Syntax
proxy enable
Example
SR/configure/ip/igmp/snooping# proxy enable
proxy disable
Use this command to disable IGMP proxy for the Secure Router 2330/4134.
Syntax
proxy disable
Example
SR/configure/ip/igmp/snooping# proxy disable
querier enable
You can configure the Secure Router 2330/4134 as a querier or non-querier. Use this command
to enable querier functionality.
350
October 2010
querier disable
Syntax
querier enable
Example
SR/configure/ip/igmp/snooping# querier enable
querier disable
Use this command to disable querier functionality on the Secure Router 2330/4134.
Syntax
querier disable
Example
SR/configure/ip/igmp/snooping# querier disable
query-interval
Use this command to configure the query interval of the querier.
The Secure Router 2330/4134 does not support the "no" command option to remove a
configured query interval from a VLAN. To remove existing configuration, you must reconfigure
the interval to a new value. For example, to reset a configured query interval to the default
value (125000 ms), you must use the procedure in this section to explicitly reconfigure the
query interval to 125000 ms.
Syntax
query-interval <interval>
Variable
<interval>
Value
The time between two queries sent by the
IGMP querier, expressed in milliseconds.
Valid values are 125000 to 300000. The
default value is 125000.
Example
SR/configure/ip/igmp/snooping/vlan 2# query-interval 300000
October 2010
351
ip igmp snooping version

IGMP Snooping on the Secure Router 2330/4134 supports both IGMPv1 and IGMPv2 protocol
messages for learning hosts and routers. You can force the version to use.
Use this command to specify the IGMP version of the query messages generated when the
querier feature is enabled.
The Secure Router 2330/4134 does not support the "no" command option for configuring the
IGMP version on a VLAN. You can change the IGMP version on a VLAN.
Syntax
version {1|2}
Variable
<1-2>
Value
Specifies the IGMP version number. If you do
not specify an IGMP version, the Secure
Router 2330/4134 uses IGMPv2.
Example
SR/configure/ip/igmp/snooping/vlan 2# version 1
SR/configure/interface/ethernet (5/1)/ip/igmp/snooping# version 1
clear ip igmp snooping groups

You can clear IP IGMP Snooping groups based on an interface name, a multicast group
address, or based on a VLAN.
Syntax
clear ip igmp snooping groups
clear ip igmp snooping groups [interface name]
clear ip igmp snooping groups [multicast group addr]
clear ip igmp snooping groups [vid]
352
October 2010
clear ip igmp snooping mrouter

Variable
Value
<interface name>
Specifies the name of the interface. For

example, ethernet6/1.
<multicast group addr>
Specifies the multicast group address.
<vid>
Example
SR# clear ip igmp snooping groups ethernet6/1

Use this command to clear the IGMP Snooping multicast router information.
Syntax
Example
SR# clear ip igmp snooping mrouter
clear ip igmp snooping statistics

Use the following command to clear IGMP Snooping statistics.
Syntax
clear ip igmp snooping statistics
Example
SR# clear ip igmp snooping statistics
configure interface ip igmp snooping mrouter interface

Use this command to configure mrouter ports on a VLAN for IGMP snooping. By default, no
mrouter ports are configured.
Syntax
[no] ip igmp snooping mrouter interface <if-name>
October 2010
353

Variable
Value
<vid>
Specifies the ID of the VLAN interface to

configure.
[no]
Removes the specified mrouter port.
<if-name>
Specifies the name of the interface to

configure as an mrouter port.
Example
SR/configure/interface/vlan vlan3#ip igmp snooping mrouter interface
vlan3
configure interface vlan ip igmp snooping

Use this command to configure the status of IGMP snooping on a VLAN interface. By default,
IGMP snooping is enabled on a VLAN.
Syntax
[no] ip igmp snooping
Variable
[no]
Value
Disables IGMP snooping on the interface.
Example
SR/configure/interface/vlan vlan3#ip igmp snooping
configure interface vlan ip igmp snooping querier

If a VLAN receives no IGMP traffic from a multicast router, enable IGMP-snooping querier on
the VLAN to provide multicast traffic support. With IGMP-snooping querier enabled, the
interface uses its own IP address as the querier address. By default, IGMP-snooping querier
is disabled.
Syntax
[no] ip igmp snooping querier
354
October 2010
configure interface vlan ip igmp snooping report-suppression

Variable
[no]
Value
Disables the IGMP-snooping querier on the
VLAN.
Example
SR/configure/interface/vlan vlan3#ip igmp snooping querier
configure interface vlan ip igmp snooping reportsuppression

Use this command to configure IGMP report suppression on a VLAN. IGMP report
suppression, also known as IGMP proxy, forwards the first IGMP report for a group, and
suppresses any subsquent reports for the same group. By default, IGMP report suppression
is disabled.
Syntax
[no] ip igmp snooping report-suppression
Variable
[no]
Value
Disables IGMP report suppression.
Example
SR/configure/interface/vlan vlan3#ip igmp snooping reportsuppression
show ip igmp snooping configuration

Use this command to display IGMP Snooping configuration information.
Syntax
show ip igmp snooping configuration
Example
SR# show ip igmp snooping configuration
October 2010
355
show ip igmp snooping detail

Use this command to view detailed information about your IGMP Snooping configuration.
Syntax
show ip igmp snooping detail
Example
SR# show ip igmp snooping detail
show ip igmp snooping groups

Use the following commands to view information about the IGMP Snooping groups configured
on the Secure Router 2330/4134.
Syntax
show ip igmp snooping groups
show ip igmp snooping groups [vid]
show ip igmp snooping groups [interface name]
show ip igmp snooping groups [multicast group addr]
Example
SR# show ip igmp snooping groups ethernet6/1
show ip igmp snooping mrouter

Use this command to view information about the IGMP Snooping multicast router port.
Syntax
show ip igmp snooping mrouter <vid>
Variable
<vid>
Value
Specifies the VLAN ID for which to display
the IGMP snooping configuration.
Example
SR# show ip igmp snooping mrouter
356
October 2010
show ip igmp snooping statistics

Use this command to view IGMP Snooping statistics.
Syntax
Example
SR# show ip igmp snooping statistics
October 2010
357
358
October 2010
Chapter 28: GVRP commands
clear gvrp
Use this command to clear GVRP statistics or to reset GVRP state-machine.
Syntax
clear gvrp <option>
Variable
<option>
Value
Specifies the option you want to clear. Values
are state-machine [interface
name], which resets the GVRP state
machine, and statistics
[interface name], which clears the
GVRP statistics.
Example
SR# clear gvrp statistics ethernet6/1
dynamic-vlan-creation
GVRP can dynamically create VLANs on devices for trunking purposes. When you enable
GVRP dynamic VLAN creation, an Avaya Secure Router 2330/4134 adds VLANs to its
database when it receives GVRP join messages about VLANs it does not have.
You configure dynamic VLAN creation on a device-by-device basis. GVRP does not
synchronize between devices, but adds VLANs only on devices that have dynamic creation
enabled to pass traffic between trunks.
To enable dynamic VLAN creation, all the trunk ports on the router must be 802.1Q and they
all must be GVRP-enabled ports. If the router has any non-802.1Q trunk ports, or if the 802.1Q
ports that exist are not configured for GVRP, you cannot enable the feature. VLANs are added
only for join messages received across a normal registration port.
Use the commands in this section to configure GVRP for dynamic VLAN creation.
October 2010
359
GVRP commands
Syntax
[no] dynamic-vlan-creation
Variable
Value
[no]
Disables dynamic VLAN creation.
Example
SR/configure/gvrp#
dynamic-vlan-creation
gvrp enable
By default, GVRP is not enabled for the router. You must first enable GVRP on the router before
you can configure the 802.1Q ports for GVRP operation.
Use the commands in this section to enable or disable GVRP globally and on an interface.
Syntax
[no] gvrp-enable
Variable
[no]
Value
Disables GVRP.
Example
SR/configure/gvrp# no gvrp-enable
SR/configure/interface/ethernet (6/1)/gvrp# no gvrp-enable
registration-state
By default, GVRP ports are in the "normal" registration mode. The ports use GVRP join
messages from neighboring switches to prune the VLANs running across the 802.1Q trunk
link. If the device on the other side is incapable of sending GVRP messages, or if you do not
want to allow the switch to prune any of the VLANs, use the "fixed" mode. Fixed mode ports
will forward for all VLANs that exist in the switch database. Ports in forbidden mode forward
only for VLAN 1.
Use this command to configure the port registration state.
360
October 2010
show gvrp
Syntax
registration-state {normal|fixed|forbidden}
Variable
{normal | fixed | forbidden}
Value
Specify the port registration state. By default,
GVRP ports are in the "normal" registration
mode. The ports use GVRP join messages
from neighboring switches to prune the
VLANs running across the 802.1Q trunk link.
If the device on the other side is incapable of
sending GVRP messages, or if you do not
want to allow the switch to prune any of the
VLANs, use the "fixed" mode. Fixed mode
ports will forward for all VLANs that exist in
the switch database.
Ports in forbidden mode forward only for
VLAN 1.
Example
SR/configure/interface/ethernet (6/1)/gvrp# registration-state
normal
show gvrp
Use this command to view information about the GVRP configuration and operation on the
Secure Router 2330/4134.
Syntax
show gvrp <option>
Variable
<option>
Value
Specifies the type of GVRP information you
want to view. Enter one of the following
options:
detail: detailed information.
state-machine: the finite state machine.
You can specify a specific interface for
which to gather information with this option.
October 2010
361
GVRP commands
Variable
Value
statistics: GVRP statistics. You can specify
a specific interface for which to gather
information with this option.
timer: the GVRP timer. You can specify a
specific interface for which to gather
information with this option.
Example
SR# show gvrp statistics ethernet6/1
timer join
Use the GVRP timer command to adjust the values of the join, leave, and leaveall timers. Timer
values are in centi-seconds and valid values are from 1 to 10000. You must maintain the
following relationship for the various timer values:
Leave time must be greater than or equal to three times the join time.
Leaveall time must be greater than the leave time.
Use the command in this section to configure GVRP timers. This procedure is optional.
To reset GVRP timers to default values, you must reconfigure the timers to the default values
(the Secure Router 2330/4134 does not support the no command option for this command.
Syntax
timer join <value> leave <value> leaveall <value>
Variable
362
Value
join <value>
Specifies the value for the join timer. Each

GARP application entity sends a "join"
message twice, for reliability, and uses a join
timer to set the sending interval.
The timer value is expressed in centiseconds. Valid values are in the range 1 to
10000.
The join timer default is 20.
leave <value>
Specifies the value for the leave timer. The

leave timer starts upon receipt of a "leave"
message sent for deregistering attribute
information. If no join message is received
before this timer expires, the GARP
October 2010
timer join
Variable
Value
application entity removes the attribute
information, as requested.
10000.
The leave timer default is 60.
leaveall <value>
Specifies the value for the leaveall timer. The

leaveall timer starts when a GARP
application entity starts. When this timer
expires, the entity sends a "leaveall"
message so that other entities can reregister attribute information, and then a
leaveall timer starts again.
10000.
The leaveall timer default is 1000.
Example
SR/configure/interface/ethernet (6/1)/gvrp# timer join 10 leave 30
leaveall 100
October 2010
363
GVRP commands
364
October 2010
Chapter 29: Ethernet Connectivity Fault

Management commands
configure oam cfm enable

Use this command to enable Ethernet CFM globally.
Syntax
[no] enable
Variable
[no]
Value
Disables CFM globally.
Example
SR/configure/oam/cfm# enable
configure oam cfm ethtype

Use this command to configure the ethertype for CFM frames.
Syntax
ethtype <value>
Variable
<value>
Value
Valid values are 88E6 and 8902. The default
value is 88E6. Use the value 88E6 for
interaction with MERS. Use the value 8902
for interaction with third-party equipment.
Example
SR/configure/oam/cfm# ethtype 8902
October 2010
365
Ethernet Connectivity Fault Management commands
configure oam cfm linktrace

Use this command to specify the path trace cache entries in the database.
Syntax
linktrace <cache size>
Variable
<cache size>
Value
The number of path trace cache entries in the
database. Enter a value in the range 1 to 200.
Example
SR/configure/oam/cfm# linktrace 150
configure oam cfm md

Use this command to create a Maintenance Domain (MD) within which you can manage
Ethernet traffic.
Syntax
md <WORD>
Variable
<WORD>
Value
The short name for the MD (up to eight
characters).
Example
SR/configure/oam/cfm# md MD1
configure oam cfm md name

Use this command to a full name for an MD.
366
October 2010
configure oam cfm md level
Syntax
name <WORD>
Variable
<WORD>
Value
The full name of the MD (up to 31
characters). Place quotation marks around
the full name. The full name is used in CCM,
if you configure a full name for the MD. If you
do not configure a full name, the short name
of the MD is used in CCM.
Example
SR/configure/oam/cfm/md MD1# name MD1 full-name
configure oam cfm md level

Use this command to specify the MD level. Ensure you specify the level for each MD. The
levels separate MDs from each other and provide different areas of functionality.
Syntax
level <level>
Variable
<level>
Value
The MD level. The default value for this
parameter is 7. To configure the level, enter
a value in the range 0 to 7. The levels define
the MD as follows:
02 (operator levels)
34 (provider levels)
57 (customer levels)
Example
SR/configure/oam/cfm/md MD1# level 6
October 2010
367
configure oam cfm md ma

Use this command to define a Maintenance Association (MA) within an MD.
Syntax
ma <WORD>
Variable
<WORD>
Value
The short name for the MA (up to eight
characters).
Example
SR/configure/oam/cfm/md MD1# ma MA1
configure oam cfm md ma cc

Use this command to define continuity check parameters for an MA.
Syntax
cc [cc-interval <value>] [cc-priority <value>] [auto-detect-rmeps
{enable|disable}]
Variable
Value
auto-detect-rmeps {enable|disable}
Turns the auto-detection of remote MEPs on

or off. The default is disable.
cc-interval <value>
The CCM transmission interval in ms. Enter

one of the following values:
1000
10000
60000
600000
The default value is 10000 ms.
368
October 2010
configure oam cfm md ma mep
Variable
cc-priority <value>
Value
The CCM priority. This value is the 3-bit user
priority field in the VLAN tag. Enter a value in
the range 0 to 7. The default value is 7.
Example
SR/configure/oam/cfm/md MD1/ma MA1# cc cc-interval 1000 cc-priority 3
auto-detect-rmeps enable
configure oam cfm md ma mep

Use this command to define an MEP within an MA. Each MEP and remote MEP must have a
unique ID within an MA. If two or more MEPs share the same ID, CFM raises an event indicating
a duplicate MEP exists in the MA.
Important:
The Avaya Secure Router 2330/4134 does not support the Fault Notification Generator
(FNG) in Release 10.1. You may see these parameters in the CLI for MEPs, but you cannot
configure this feature.
Syntax
[no] mep <mep id> <interface id> mep-state {enable|disable} [ccstate {enable|disable}]
Variable
Value
cc-state {enable|disable}
Enable or disable the transmission of CCM

on the MEP. The default value is enable.
mep-state {enable | disable}
An MEP is disabled by default. Enter

enable when you create the MEP to ensure
it is activated. If you must later deactivate the
MEP, use this command and enter
disable.
<interface id>
The interface name. The interface ID can be

up to 16 characters. There is no default
value.
<mep id>
The numerical identifier for the MEP. There

is no default value. Enter a value in the range
from 1 to 8191.
[no]
Enter no to delete an existing MEP.
October 2010
369
Example
SR/configure/oam/cfm/md MD1/ma MA1# mep 101 0/1 mep-state enable
SR/configure/oam/cfm/md MD1/ma MA1# no mep 101 0/1
configure oam cfm md ma name

Use this command to specify the full name for the MA.
Syntax
name <WORD>
Variable
<WORD>
Value
The full name of the MA (up to 31
characters). Place quotation marks around
the full name.
Example
SR/configure/oam/cfm/md MD1/ma MA1# name "MA1 full-name"
configure oam cfm md ma remove-ad-rmeps

Use this command to remove auto-detected remote MEPs from an MA.
Syntax
remove-ad-rmeps
Example
SR/configure/oam/cfm/md MD1/ma MA1# remove-ad-rmeps
configure oam cfm md ma rmep

Use this command to create a remote MEP (RMEP).
Syntax
[no] rmep <rmep id> [mac addr]
370
October 2010
configure oam cfm md ma vlan

Variable
Value
[mac addr]
The MAC address of the host. Enter the MAC

address in the form aa:bb:cc:dd:ee:ff. This
parameter is optional. The Secure Router
2330/4134 can auto-detect remote MEPs.
<rmep id>
The numerical identifier for the remote MEP.

There is no default value. Enter a value in the
[no]
Enter no to delete an existing remote MEP.
Example
SR/configure/oam/cfm/md MD1/ma MA1# rmep 12 11:12:13:14:15:16
SR/configure/oam/cfm/md MD1/ma MA1# no rmep 12
configure oam cfm md ma vlan

Use this command to specify the VLAN with which the MA is associated.
Syntax
vlan <vid>
Variable
<vid>
Value
The VLAN ID with which to associate the MA.
The default value is 0 (untagged). Enter a
VID in the range 0 to 4000.
Example
SR/configure/oam/cfm/md MD1/ma MA1# vlan <vid>
configure oam cfm md mip

Use this command to define a Maintenance Intermediate Point (MIP) within an MD.
Syntax
[no] mip <mip id>
October 2010
371

Variable
Value
<mip id>
The numerical identifier for the MIP. There is

no default value. Enter a value in the range
from 1 to 8191.
[no]
Enter no to delete an existing MIP.
Example
SR/configure/oam/cfm/md MD1# mip 10
configure oam cfm md mip interface

Use this command to specify the MIP interface.
Syntax
mip <mip id> interface <interface id>
Variable
Value
<interface id>
The interface name. The interface ID can be

up to 16 characters. There is no default
value.
<mip id>

from 1 to 8191.
Example
SR/configure/oam/cfm/md MD1# mip 10 interface ethernet0/1
configure oam cfm md mip state

Use this command to specify the state (enabled or disabled) for a MIP. An MIP is enabled by
default when you create it.
Syntax
mip <mip id> state {enable|disable}
372
October 2010
configure oam cfm md mip vlan

Variable
Value
<mip id>

from 1 to 8191.
{enable | disable}
Enable or disable the MIP. An MIP is enabled

when you create itit is not necessary to
configure the state as enabled when you
create an MIP.
Example
SR/configure/oam/cfm/md MD1# mip 10 state disable
configure oam cfm md mip vlan

Use this command to specify the VLAN with which the MIP is associated.
Syntax
mip <mip id> vlan <vid>
Variable
Value
<mip id>

from 1 to 8191.
<vid>
The VLAN ID with which to associate the

MIP. The default value is 0 (untagged). Enter
a VID in the range 0 to 4000.
Example
SR/configure/oam/cfm/md MD1# mip 10 vlan 10
test oam cfm

Use this command to access the CFM test commands. Use these commands to send loopback
or linktrace messages.
October 2010
373
Syntax
cfm <md-short-name> <ma-short-name> <mep id>
Variable
Value
<ma-short-name>
The short name of the MA.
<md-short-name>
The short name of the MD.
<mep id>
The numerical identifier for the local MEP.

There is no default value. Enter a value in the
Example
SR/test/oam# cfm MD1 MA1 11
test oam cfm lbmmep

Use this command to issue CFM loopback messages and to verify a successful path to a
remote MEP.
Syntax
lbmmep {rmep-id <remote_identifier>|mac-addr <remote_macaddr>}
[burst-count <burst_count>] [data-size <data_size>] [pattern-type
<pattern_type>] [priority <priority_indicator>]
Variable
374
Value
{rmep-id <remote_identifier> | mac-addr

<remote_macaddr>}
Enter either the remote MEP ID or the MAC

address of the host for the remote MEP.
Enter a value in the range from 1 to 8191 for
the RMEP ID. Enter a MAC address in the
form aa:bb:cc:dd:ee:ff.
[burst-count <burst_count>]
The LBM burst count. The default burst count

is 1. The range is 1 to 200.
[data-size <data_size>]
The LBM data size. The default data size is

0. The range is 0 to 504.
[pattern-type <pattern_type>]
The pattern type for the CFM loopback test.

The pattern type is applicable only if the data
size is non-zero. The default is a pattern of
all ones.
October 2010
test oam cfm lbmmip
Variable
[priority <priority_indicator>]
Value
The user priority field in the VLAN tag. The
default priority indicator is 7. The range is 0
to 7.
Example
SR/test/oam/cfm MD1 MA1 11# lbmmep rmep-id 12
test oam cfm lbmmip

Use this command to issue CFM loopback messages and to verify a successful path to a
remote MIP.
Syntax
lbmmip <remote_macaddr> [burst-count <burst_count>] [dataSize
<data_size>] [pattern-type <pattern_type>] [priority
<priority_indicator>]
Variable
Value
<remote_macaddr>
The MAC address of the host for the remote

MIP. Enter a MAC address in the form
aa:bb:cc:dd:ee:ff.
[burst-count <burst_count>]
The LBM burst count. The default burst count

is 1. The range is 1 to 200.
[dataSize <data_size>]
The LBM data size. The default data size is

0. The range is 0 to 504.
[pattern-type <pattern_type>]
The pattern type for the CFM loopback test.

The pattern type is applicable only if the data
size is non-zero. The default is a pattern of
all ones.

to 7.
Example
SR/test/oam/cfm MD1 MA1 11# lbmmip 21:22:23:24:25:26
October 2010
375
test oam cfm ltmmep

Use this command to issue CFM path trace messages and to discover the path to a remote
MEP.
Syntax
ltmmep {rmep-id <remote_identifier>|mac-addr <remote_macaddr>} [ttl
<ttl_value>] [priority <priority_indicator>]
Variable
Value
{rmep-id <remote_identifier> | mac-addr

<remote_macaddr>}
Enter either the remote MEP ID or the MAC

address of the host for the remote MEP.
[ttl <ttl_value>]
The "time to live" value. Similar to the IPv4

TTL value, the CFM TTL value is
decremented by one unit on every hop. If the
TTL value drops to zero before the LTM
reaches its destination, the linktrace test
terminates. Enter a value from 1 to 255. The

to 7.
Example
SR/test/oam/cfm MD1 MA1 11# ltmmep rmep-id 12
test oam cfm ltmmip

Use this command to issue CFM path trace messages and to discover the path to a remote MIP.
Syntax
ltmmip <remote_macaddr> [ttl <ttl_value>] [priority
<priority_indicator>]
Variable
<remote_macaddr>
376
Value
The MAC address of the host for the remote
MIP.
October 2010
show cfm cc-configs
Variable
Value
[ttl <ttl_value>]
The "time to live" value. Similar to the IPv4

TTL value, the CFM TTL value is
decremented by one unit on every hop. If the
TTL value drops to zero before the LTM
reaches its destination, the linktrace test
terminates. Enter a value from 1 to 255. The

to 7.
Example
SR/test/oam/cfm MD1 MA1 11# ltmmip 21:22:23:24:25:26
show cfm cc-configs

Use this command to display information about CC configuration.
Syntax
show cfm cc-configs
Example
SR# show cfm cc-configs
show cfm cc-configs ma md

Use this command to display information about CC configuration for a specific MA within a
specific MD.
Syntax
show cfm cc-configs ma <WORD> md <WORD>
Example
SR# show cfm cc-configs ma MA1 md MD1
October 2010
377
show cfm errors

Use this command to display information about CC errors logged to the Secure Router
2330/4134 since the reset or clear of a specific MEP.
Syntax
show cfm errors mep <mep id> md <WORD> ma <WORD>
Variable
Value
ma <WORD>
The short name of the MA (up to eight

characters).
md <WORD>
The short name of the MD (up to eight

characters).
<mep id>
The numerical identifier for the MEP. Values

are in the range from 1 to 8191.
Example
SR# show cfm errors mep 11 md MD1 ma MA1
show cfm global-config

Use this command to display CFM global configuration.
Syntax
show cfm global-config
Example
SR# show cfm global-config
show cfm linktrace-cache

Use this command to display path trace cache entries logged to the Secure Router 2330/4134
since a reset or clear.
378
October 2010
show cfm ma
Syntax
show cfm linktrace-cache [session <session id>] [mep <mep id>] [rmepid <rmep id>] [ma <WORD>] [md <WORD>] [mac-addr <mac addr>]
Variable
Value
<mep id>

Values are in the range from 1 to 8191.
<rmep id>

md <WORD>

characters). For example MD1.
ma <WORD>

characters). For example MA1.
<mac addr>
The MAC address of the remote host. Enter

a MAC address in the form aa:bb:cc:dd:ee:ff.
<session id>
The linktrace test session ID. Values are in

the range 1 to 4294967295.
Example
SR# show cfm linktrace-cache session 5527
show cfm ma
Use this command to display detailed information for a specific MA.
Syntax
show cfm ma <WORD> [md-name <WORD>]
Variable
Value
ma <WORD>

characters). For example, MA1.
md-name <WORD>

characters). For example, MD1.
Example
SR# show cfm ma MA1
October 2010
379
show cfm mas

Use this command to display summary information for all MAs within an MD.
Syntax
show cfm mas md <WORD>
Variable
<WORD>
Value
characters).
Example
SR# show cfm mas md MD1
show cfm md
Use this command to display detailed information for a specific MD.
Syntax
show cfm md <WORD>
Variable
<WORD>
Value
characters).
Example
SR# show cfm md MD1
show cfm mds

Use this command to display summary information for all MDs.
Syntax
show cfm mds
380
October 2010
show cfm mep
Example
SR# show cfm mds
show cfm mep

Use this command to display detailed information for a specific MEP.
Syntax
show cfm mep <mep id> [ma <WORD>] [md <WORD>]
Variable
Value
<mep id>

ma <WORD>

characters).
md <WORD>

characters).
Example
SR# show cfm mep 11
show cfm meps

Use this command to display summary information for all MEPs configured within the specified
MA (and MD).
Syntax
show cfm meps ma <WORD> md <WORD>
Variable
Value
ma <WORD>

characters).
md <WORD>

characters).
October 2010
381
Example
SR# show cfm meps ma MA1 md MD1
show cfm mip

Use this command to display detailed information for a specific MIP.
Syntax
show cfm mip <mip id> [md <WORD>]
Variable
Value
<mip id>
The numerical identifier for the MIP. Values

md <WORD>

characters).
Example
SR# show cfm mip 1
show cfm mips

Use this command to display summary information for all MIPs configured in the Secure Router
2330/4134.
Syntax
show cfm mips [md <WORD>]
Variable
md <WORD>
Value
characters).
Example
SR# show cfm mips
382
October 2010
show cfm rmep
show cfm rmep

Use this command to display summary information for a remote MEP configured within the
specified MA (and MD).
Syntax
show cfm rmep <rmep id> ma <WORD> md <WORD>
Variable
Value
ma <WORD>

characters).
md <WORD>

characters).
<rmep id>

Example
SR# show cfm rmep 11 ma MA1 md MD1
show cfm stats

Use this command to display statistics logged to the Secure Router 2330/4134 since a reset
or clear.
Syntax
show cfm mep-stats [mep <mep id> md <WORD> ma <WORD>]
show cfm mip-stats [md <WORD> mip <mip id>]
Variable
Value
ma <WORD>

characters).
md <WORD>

characters).
<mep id>

October 2010
383
Variable
<mip id>
Value
The numerical identifier for the MIP. Values
Example
SR# show cfm mep-stats mep 12
clear cfm errors

Use this command to clear CCM errors logged to the Secure Router 2330/4134.
Syntax
clear cfm errors mep <mep id> md <WORD> ma <WORD>
Variable
Value
mep <mep id>

ma <WORD>

characters).
md <WORD>

characters).
Example
SR# clear cfm errors mep 11 md MD1 ma MA1
clear cfm linktrace-cache

Use this command to clear the path trace cache entries logged to the Secure Router
2330/4134.
Syntax
clear cfm linktrace-cache [session <session id>] [mep <mep id>]
[rmep-id <rmep id>] [ma <WORD>] [md <WORD>] [mac-addr <mac addr>]
384
October 2010
clear cfm stats

Variable
Value
<mep id>

<rmep id>

md <WORD>

characters). For example MD1.
ma <WORD>

characters). For example MA1.
<mac addr>
The MAC address of the remote host. Enter

a MAC address in the form aa:bb:cc:dd:ee:ff.
<session id>
The linktrace test session ID. Values are in

the range 1 to 4294967295.
Example
SR# clear cfm linktrace-cache session 2
clear cfm stats

Use this command to clear CFM stats logged to the Secure Router 2330/4134.
Syntax
clear cfm mep-stats [mep <mep id> md <WORD> ma <WORD>]
clear cfm mip-stats [md <WORD> mip <mip id>]
Variable
Value
mep <mep id>

mip <mip id>
The numerical identifier for the local MIP.

ma <WORD>

characters).
md <WORD>

characters).
October 2010
385
Example
SR# clear cfm mip-stats md MD1 mip 12
debug oam cfm dump-data

Use this command to enable or disable the dump of data for Ethernet CFM.
Syntax
cfm dump-data {0|1}
Variable
{0 | 1}
Value
Enables or disables the dump of data. Enter
0 for disable and 1 to enable. The default
value is 0.
Example
SR/debug/oam# cfm dump-data 0
debug oam cfm debug-feature debug-level

Use this command to specify the feature to debug and the level at which to debug.
Secure Router 2330/4134 does not write the debug information to a log file. The Secure Router
2330/4134 displays the debug information only on your screen.
Important:
You can use a debug level of 1 to 4. As the level increases, the amount of debug information
also increases.
Important:
Use the debug commands with caution. The debug command output is code-specific. Use
the show commands to understand the behavior of your system.
Syntax
cfm debug-feature <"value"> debug-level <level>
386
October 2010
debug oam cfm debug-feature debug-level

Variable
<level>
Value
Sets the debug level. Enter a value in the
range of 0 to 4. The default value is 0. The
level values correspond to the following
descriptions:
0 = none
1 = major
2 = minor
3 = detail
4 = flood
<"value">
Specifies the feature. Use quotation marks

around the feature description. The feature
description can be up to 127 characters and
uses any of the following words:
ALL
CCI
CCR
CLI
DISPATCH
ERR
FRAME
LB
LPORT
LT
MA
MD
MEP
MIP
PORT
QUE
RMEP
RSP
RX
STARTUP
October 2010
387
Variable
Value
TIMERS
TX
Example
SR/debug/oam# cfm debug-feature "LT LPORT MIP" debug-level 3
388
October 2010
Chapter 30: Port mirroring commands
mirror source
Use this command to configure one mirroring port (destination port) for each mirrored port
(source port). The analyzer and monitor ports can reside either on the same slot or on different
slots.
Syntax
[no] mirror source <interface id> destination <interface id>
direction {both|receive}
Variable
Value
destination <interface id>
The interface ID that identifies the mirroring

port. For example, ethernet5/1.
direction {both|receive}
The direction of packets that you want to

mirror. Use a value of both to mirror both
transmit and receive packets. Use a value of
receive to mirror receive packets only.
[no]
Disables port mirroring.
source <interface id>
The interface ID that identifies the mirrored

port. For example, ethernet6/1.
Example
SR/configure# mirror source ethernet5/1 destination 6/1 direction
both
show mirror
Use this command to view summary information about mirrored ports on the Avaya Secure
Router 2330/4134.
Syntax
show mirror
October 2010
389
Port mirroring commands
Example
SR# show mirror
390
October 2010
Chapter 31: Bridge configuration commands
configure bridge priority

Use this command to set the bridge priority for the common instance. The lower the priority
value, the greater the chance that the bridge becomes the root bridge.
Syntax
priority <value>
Variable
value
Value
bridge priority. The default value is 32768.
Valid values are 0 to 61440, and are
increments of 4096.
Example
SR# priority 5
configure maximum aging time

Use this command to set the maximum aging time for a bridge.
Syntax
max-age < max-age value>
Variable
max-age value
Value
maximum time, expressed in seconds, to
listen for the root bridge. The default value is
20 seconds. Valid values are 6 to 40
seconds.
Example
SR# max-age 36
October 2010
391
Bridge configuration commands
configure forward time delay

Use this command to set the time after which (if this bridge is the root bridge) each port changes
its state to learning and forwarding.
Syntax
forward-time <forward delay value>
Variable
forward delay value
Value
forwarding time delay, expressed in seconds.
The default value is 15 seconds. Valid values
are 4 to 30 seconds.
Example
SR# forward-time 5
configure static MAC address

Use this command to to statically configure a bridge entry to forward or discard matching
frames.
Syntax
mac address <mac addr> {forward|discard} <interface> vlan <vid>
Variable
Value
<mac addr>
MAC address, expressed in

HHHH.HHHH.HHHH format.
<forward|discard>
action to take when matching frames enter

the specified interface.
<interface>
interface on which the frame enters the unit.
<vid>
VLAN ID. Valid values are 1 to 4094.
Example
SR# mac address HHHH.HHHH.HHHH forward interface vlan 5
392
October 2010
Chapter 32: SNMP commands
clear snmp-stats
use this command to clear SNMP statistics.
Syntax
clear snmp-stats
Example
SR#
clear snmp-stats
configure snmp-server chassis-id

Use this command to name the SNMP host system.
Syntax
chassis-id <name>
Variable
<name>
Value
Specifies the name of the host system.
Example
SR/configure/snmp-server# chassis-id SJ-ca
configure snmp-server community

Use this command to set the SNMP community name and access privileges.
Syntax
community <string> [access_privilege {ro|rw}]
October 2010
393
SNMP commands

Variable
Value
ro
Read-only (can get but not set MIB

parameters)
rw
Read/write (can get and set MIB parameters)
Example
SR/configure/snmp-server# community network1 rw
configure snmp-server contact

Use this command to specify a contact person for the SNMP MIB.
Syntax
contact <"contact-name">
Variable
Value
<"contact-name">
Name of the person to contact regarding the

SNMP MIB, enclosed in quotation marks.
Example
SR/configure/snmp-server#
contact "JCameron"
configure snmp-server enable traps bgp

Use this command to enable or disable BGP-related traps.
Syntax
[no] bgp [trap_est] [trap_back]
Variable
394
Value
[trap_est]
Enables BGP established notification trap.
[trap_back]
Enables BGP backward transition

notification trap.
October 2010
configure snmp-server enable traps bundle
Example
SR/configure/snmp-server/enable/traps#
bgp trap_est
configure snmp-server enable traps bundle

Use this command to enable or disable bundle-related traps.
Syntax
[no] bundle [trap_bundle bundle_up_down] [trap_link link_up_down]
Variable
Value
[trap_bundle bundle_up_down]
Enables bundle Enable/Disable notification

trap.
[trap_link link_up_down]
Enables bundle link Enable/Disable

notification trap.
Example
bundle_up_down
bundle trap_bundle
configure snmp-server enable traps cfm

Use this command to enable or disable the CFM group of traps.
Syntax
[no] cfm
Variable
[no]
Value
Disables the CFM group of traps.
Example
SR/configure/snmp-server/enable/traps#cfm
October 2010
395
SNMP commands
configure snmp-server enable traps config

Use this command to enable or disable traps for configuration changes and saves.
Syntax
[no] config [trap_change change] [trap_save save]
Variable
Value
[trap_change change]
Enables the configuration trap.
[trap_save save]
Enables the save trap.
Example
config trap_change change
configure snmp-server enable traps dvmrp

Use this command to enable or disable DVMRP related traps.
Syntax
dvmrp <neighbor-loss> <neighbor-not-pruning>
Variable
Value
<neighbor-loss>
Specifies DVMRP neighbor loss traps.
<neighbor-not-pruning>
Specifies DVMRP non-pruning neighbor

traps.
[no]
Disables the DVMRP related traps.
Example
SR/configure/snmp-server/enable/traps#dvmrp neighbor-loss
396
October 2010
configure snmp-server enable traps enable-all
configure snmp-server enable traps enable-all

Use this command to enable or disable all traps.
Syntax
[no] enable-all
Variable
[no]
Value
Disables all traps.
Example
SR/configure/snmp-server/enable/traps#enable-all
configure snmp-server enable traps environment

Use this command to enable or disable traps for fan failure or temperature level changes.
Syntax
[no] environment [trap_fan fan] [trap_temp temperature] [trap_power
power]
Variable
Value
[trap_fan fan]
Enables fan failure trap.
[trap_temp temperature]
Enables temperature level change trap.
[trap_power power]
Enables power supply status change trap.
Example
environment trap_fan fan
configure snmp-server enable traps frame_relay

Use this command to enable or disable traps for frame relay virtual circuit state changes.
October 2010
397
SNMP commands
Syntax
[no] frame_relay [trap_vcstate vcstate]
Variable
[trap_vcstate vcstate]
Value
Enables VC state change trap.
Example
vcstate
frame_relay trap_vcstate
configure snmp-server enable traps ospf error

Use this command to enable or disable OSPF error-related traps.
Syntax
[no] ospf error [authentication-failure | bad-packet | config-error |
virt-authentication-failure | virt-bad-packet | virt-config-error]
Variable
Value
authentication-failure
Authentication failure on non-virtual

interfaces.
bad-packet
Packet parse failure on non-virtual

interfaces.
config-error
Config mismatch errors on non-virtual

interfaces.
virt-authentication-failure
Authentication failure on virtual interfaces.
virt-bad-packet
Packet parse failure on virtual interfaces.
virt-config-error
Config mismatch errors on virtual interfaces.
Example
failure
398
ospf error authentication-
October 2010
configure snmp-server enable traps ospf lsa
configure snmp-server enable traps ospf lsa

Use this command to enable or disable OSPF LSA-related traps.
Syntax
[no] ospf lsa [lsa-maxage|lsa-originate]
Variable
Value
lsa-maxage
LSA aged to maxage.
lsa-originate
New LSA originated.
Example
ospf lsa lsa-maxage
configure snmp-server enable traps ospf retransmit

Use this command to enable or disable OSPF retransmit-related traps.
Syntax
[no] ospf retransmit [packets|virt-packets]
Variable
Value
packets
Packet retransmission on non-virtual

interfaces.
virt-packets
Packet retransmission on virtual interfaces.
Example
ospf retransmit packets
configure snmp-server enable traps ospf state-change

Use this command to enable or disable OSPF state-change-related traps.
October 2010
399
SNMP commands
Syntax
[no] ospf state-change [if-state-change|neighbor-state-change|
virtif-state-change|virtneighbor-state-change]
Variable
Value
if-state-change
Non-virtual interface state changes.
neighbor-state-change
Non-virtual neighbor state changes.
virtif-state-change
Virtual interface state changes.
virtneighbor-state-change
Virtual neighbor state changes.
Example
change
ospf state-change if-state-
configure snmp-server enable traps pim

Use this command to configure PIM-SM related traps.
Syntax
[no] pim <interface-election> <invalid-join-prune> <invalidregister> <neighbor-loss> <rp-mapping-change>
Variable
Value
<interface-election>
Specifies a new DR or DF election trap.
<invalid-join-prune>
Specifies an invalid join or prune receive

message trap.
<invalid-register>
Specifies an invalid register received trap.
<neighbor-loss>
Specifies neighbor loss traps.
[no]
Disables PIM-SM related traps.
<rp-mapping-change>
Specifies RP mapping change trap.
Example
SR/configure/snmp-server/enable/trap#pim interface-election
400
October 2010
configure snmp-server enable traps pimv6
configure snmp-server enable traps pimv6

Use this command to configure PIM IPv6 related traps.
Syntax
[no] pimv6 <interface-election> <invalid-join-prune> <invalidregister> <neighbor-loss> <rp-mapping-change>
Variable
Value
<interface-election>
Specifies a new IPv6 DR or DF election trap.
<invalid-join-prune>
Specifies an invalid IPv6 join or prune

receive message trap.
<invalid-register>
Specifies an invalid IPv6 register received

trap.
<neighbor-loss>
Specifies IPv6 neighbor loss traps.
[no]
Disables PIM IPv6 related traps.
<rp-mapping-change>
Specifies IPv6 RP mapping change trap.
Example
SR/configure/snmp-server/enable/trap#pimv6 invalid-join-prune
configure snmp-server enable traps snmp

Use this command to enable or disable traps for SNMP authentication failure.
Syntax
[no] snmp [trap_auth auth_fail]
Variable
[trap_auth auth_fail]
Value
Enables authentication failure trap
Example
snmp trap_auth auth_fail
October 2010
401
SNMP commands
configure snmp-server enable traps sntp

Use this command to enable or disable client traps for the simple network timing protocol.
Syntax
[no] sntp
Example
sntp
configure snmp-server enable traps ssm

Use this command to enable or disable an SSM group of traps.
Syntax
[no] ssm
Variable
[no]
Value
Disables an SSM group of traps.
Example
SR/configure/snmp-server/enable/traps# ssm
configure snmp-server enable traps system

Use this command to enable or disable traps for reporting system shutdowns, user logins and
logouts, and user login failures.
Syntax
[no] system [trap_shutdown shutdown] [trap_login login] [trap_logoff
logoff] [trap_loginfail loginfail] [trap_authloginfail authfail]
[trap_authloginsuccess authsuccess] [trap_logout logout]
Variable
[trap_shutdown shutdown]
402
Value
Enables traps for system shutdowns.
October 2010
configure snmp-server enable traps vrrp
Variable
Value
[trap_login login]
Enables traps for system logons.
[trap_logoff logoff]
Enables traps for system logoffs.
[trap_loginfail loginfail]
Enables traps for failed user login attempts.
[trap_authloginfail authfail]
Enables authentication login fail trap.
[trap_authloginsuccess authsuccess]
Enables authentication login success trap.
[trap_logout logout]
Enables authentication logout trap.
Example
shutdown
system trap_shutdown
configure snmp-server enable traps vrrp

Use this command to enable or disable VRRP group traps.
Syntax
[no] vrrp
Example
vrrp
configure snmp-server location

Use this command to define the SNMP host system location.
Syntax
location <"location-name">
Variable
<"location-name">
Value
Specifies the location of the host system,
enclosed in quotation marks.
Example
location SJ-ca
October 2010
403
SNMP commands
configure snmp-server snmp-enable

Use this command to enable or disable the SNMP server.
Syntax
[no] snmp-enable
Variable
[no]
Value
Disables the SNMP server.
Example
snmp-enable
configure snmp-server snmp-source

Use this command to configures the SNMP source IP address.
Syntax
snmp-source <A.B.C.D>
Variable
<A.B.C.D>
Value
Specifies the SNMP source IP address.
Example
snmp-source 10.12.3.4
configure snmp-server source-address

Use this command to configure the SNMP server source address for all services.
Syntax
404
October 2010
configure snmp-server trap-host

Variable
Value
[ip-address]
Specifies the SNMP server source IP address.
[interface-name]
Example
SR/configure/snmp-server#source-address 10.1.1.2
configure snmp-server trap-host

Use this command to assign IP addresses and names to the hosts that will receive SNMP traps
from the Avaya Secure Router 2330/4134 system.
When configuring SNMP operation, use this command first to allow the system to send traps
when it boots up and finds events to send as traps. Then, use the configure snmp-server
enable traps commands to specify which traps to report.
If multiple hosts are used, repeat this command for each host. Up to 10 hosts can be configured.
Syntax
trap-host <host> <community>
Variable
Value
<host>
Host name of SNMP trap hose Enter an IP

address.
<community>
SNMP community string. Enter a word; use

up to 64 characters.
Example
trap-host 10.10.10.4 Alarm_sys
configure snmp-server trap-source

Use this command to configure SNMP trap messages so that they are sent to a specific IP
address. Otherwise, traps are sent to the system default address.
Syntax
trap-source <A.B.C.D>
October 2010
405
SNMP commands

Variable
<A.B.C.D>
Value
Specifies the IP address for SNMP trap
messages
Example
trap-source 10.10.10.3
configure snmp-server trap-version

Use this command to configure the SNMP version for trap hosts.
Syntax
trap-version {1|2}
Variable
{1|2}
Value
Specifies the trap version. Default is 1.
Example
trap-version 2
configure system snmp-ifindex-persistent

Use this command to enable or disable SNMP interface index persistency for the Secure
Router.
Syntax
[no] system snmp-ifindex-persistent
The following message appears:
WARNING : System configuration must be saved (in system.cfg) after
enabling/disabling Index Persistence
Variable
[no]
406
Value
Disables SNMP interface index persistency
for the Secure Router.
October 2010
show snmp communities
Example
SR/configure#system snmp-ifindex-persistent

Use this command to display the configured SNMP communities.
Syntax
Example
SR#
show snmp configuration

Use this command to display the SNMP interface index persistency configuration status.
Syntax
show snmp configuration
Example
SR#show snmp configuration
show snmp snmp-source

Use this command to display the configured SNMP source IP address.
Syntax
Example
SR#
show snmp status

Use this command to display the SNMP generic status information.
October 2010
407
SNMP commands
Syntax
show snmp status
Example
SR#
show snmp status
show snmp trap-host

Use this command to display the configured trap receivers.
Syntax
show snmp trap-host
Example
SR#
show snmp trap-host
show snmp trap-source

Use this command to display the configured trap source IP address.
Syntax
Example
SR#
show snmp trap-version

Use this command to display the configured trap version.
Syntax
Example
SR#
408
October 2010
show snmp traps
show snmp traps

Use this command to display the SNMP trap configurations.
Syntax
show snmp traps
Example
SR#
show snmp traps
October 2010
409
SNMP commands
410
October 2010
Chapter 33: RMON commands
configure rmon alarm

Use this command to configure an RMON Alarm for a variable. Before configuring an alarm a
valid RMON event should be configured which can be associated with the RMON alarm.
The maximum number of alarms is 100.
Syntax
[no] rmon alarm <1-65535> <variable> <interval> <rising-threshold>
<falling-threshold> <rising-event> <falling-event> [type <type>]
[startup <startup>] [owner <owner>]
Variable
Value
<1-65535>
Specifies the index number for the alarm entry.
<variable>
Specifies the variable to be monitored.
<interval>
Specifies the alarm interval. Valid range is 1 - 3600.
<rising-threshold>
Specifies the rising threshold.
<falling-threshold>
Specifies the falling threshold.
<rising-event>
Specifies the rising event index.
<falling-event>
Specifies the falling event index.
[type <type>]
Optional parameter. Specifies the alarm sample type,

absolute or delta. If not specified, the default value is used
(absolute).
[startup <startup>]
Optional parameter. Specifies the alarm trigger, rising, falling,

or rise_fall. If not specified, the default value is used
(rise_fall).
[owner <owner>]
Optional parameter. Specifies the owner of the entry. If not

specified, the default value is used (CLI-Manager).
Example
SR/configure# rmon alarm 12 1.3.6.1.2.1.5.1.0 100 2300 4300 1 3 type
delta startup rising owner Manager-1
October 2010
411
RMON commands
configure rmon enable

Use this command to enable Remote Monitoring to collect Ethernet statistics or history
statistics.
Syntax
rmon enable
Example
SR/configure# rmon enable
configure rmon event

Use this command to configure an RMON event which can be associated with the RMON
alarms.
The maximum number of events is 100, and the maximum number of logs per event is also 100.
Syntax
[no] rmon event <1-65535> <type> [community <community>] [description
<description>] [owner <owner>]
Variable
Value
<1-65535>
Specifies the index number for the event entry.
<type>
Specifies the type of event: log, trap, or log-trap.
[community <community>]
Specifies the community for sending traps.
[description <description>]
Specifies a description about the event.
[owner <owner>]
Specifies the owner of the event.
Example
SR/configure# rmon event 2 log description "event 2" owner Manager-2
configure rmon history

To collect the Ethernet history statistics, use this command after enabling RMON .
412
October 2010
configure rmon statistics
The maximum number of history controls per interface is 10. The maximum number of history
buckets per control is 100.
Syntax
[no] history <ethernet_interface> [interval <interval>] [buckets
<buckets>] [owner <owner>]
Variable
Value
<ethernet_interface>
Specifies the Ethernet interface on which to collect history

statistics.
[interval <interval>]
Specifies the history interval.
[buckets <buckets>]
Specifies the number of buckets for Ethernet history.
[owner <owner>]
Specifies the owner of this entry.
Example
SR/configure# rmon history ethernet0/1 interval 2 buckets 100
configure rmon statistics

Use this command to collect the Ethernet statistics
Syntax
statistics <ethernet_interface> [owner <owner>]
Variable
Value
<ethernet_interface>
Specifies the Ethernet interface on which to collect history

statistics.
[owner <owner>]
Specifies the owner of this entry.
Example
SR/configure# rmon statistics ethernet0/2
show rmon alarm

Use this command to show configuration information for a specific RMON alarm .
October 2010
413
RMON commands
Syntax
show rmon alarm <1-65535>
Example
SR# show rmon alarm 1
show rmon alarms

Use this command to show all RMON alarm configuration information.
Syntax
show rmon alarms
Example
SR# show rmon alarms
show rmon ethernet_history

Use this command shows RMON ethernet history table information.
Syntax
show rmon ethernet_history
Example
SR# show rmon ethernet_history ethernet0/4
show rmon events

Use this command to show the configuration of RMON events.
Syntax
show rmon events {<1-65535>|all}
Example
SR# show rmon events 1
414
October 2010
show rmon history_control
show rmon history_control

Use this command to show the RMON history control configuration,
Syntax
show rmon history_control <ethernet-interface>
Example
SR# show rmon history_control ethernet0/1
show rmon logs

Use this command to show RMON logs.
Syntax
show rmon logs
Example
SR# show rmon logs
show rmon statistics

Use this command to show RMON statistics data for a specific Ethernet interface.
Syntax
show rmon statistics <ethernet-interface>
Example
SR# show rmon statistics ethernet0/2
October 2010
415
RMON commands
416
October 2010
Chapter 34: DHCPv4 commands
clear ip dhcps bindings

Use this command to clear DHCPv4 server bindings.
Syntax
clear ip dhcps bindings
Example
SR# clear ip dhcps bindings
clear ip dhcps statistics

Use this command to clear DHCPv4 server statistics.
Syntax
clear ip dhcps statistics
Example
SR# clear ip dhcps statistics
configure hostname
Use this command to configure the host name.
Syntax
[no] hostname <host-name>
Variable
<host-name>
Value
Specifies the network name of the system.
October 2010
417
DHCPv4 commands
Example
SR/configure# hostname 10.1.10.1
configure interface ethernet dhcp-client

Use this command to configure a DHCP client on an Ethernet interface.
Syntax
[no] dhcp-client [enable] [hostname <host-name>] [lease <duration>]
[request-default-router] [retry-interval <interval>] [route-metric
<route-metric>]
Variable
Value
enable
Enables DHCP client.
lease <duration>
Specifies the duration of the lease in seconds. Values range

from 30 to 4294967 seconds..
hostname <host-name>
Specifies the hostname of the DHCP client.
[no]
Disables DHCP parameters.
request-default-router
Specifies the interface to work with.
retry-interval <interval>
Specifies the timeout interval, in seconds, for the DHCPv4

client negotiation process.
route-metric <route-metric>
Specifies a route metric for the default route: 1254. Default

value is 254.
Example
SR/configure/interface/ethernet 1/1#dhcp-client enable
configure interface dhcp-relay

Use this command to configure the DHCP relay server and gateway addresses.
Syntax
dhcp-relay <server-ip-address> <gateway-ip-address>
Example
SR/configure/interface/ethernet (6/13)# dhcp-relay 120.5.4.3
100.4.3.2
418
October 2010
configure ip dhcps enable
configure ip dhcps enable

Use this command to enable the DHCP server.
Syntax
[no] enable
Example
SR/configure/ip/dhcps# enable
configure ip dhcps interface

Use this command to enable DHCP server on an interface.
Syntax
interface <interface-name> [<dlci>]
Variable
Value
<interface-name>
Specifies the Ethernet slot and port or the

WAN bundle interface name.
[<dlci>]
Specifies the DLCI for a frame relay PVC.
Example
SR/configure/ip/dhcps# interface ethernet0/1
configure ip dhcps pool

Use this command to configure the DHCP address pool. This command enters the DHCP
configuration mode for the specified pool, hence, all commands executed before the next exit
command apply to this pool.
You can create multiple DHCP server pools on devices with multiple interfaces. The router can
act as DHCP server on two interfaces to distribute different information to clients on the two
different networks.
Syntax
[no] pool <pool-name>
October 2010
419
DHCPv4 commands

Variable
Value
<pool-name>
The pool identifier.
Example
SR/configure/ip/dhcps# pool P2
configure ip dhcps pool altvlan

Use this command to configure the Avaya IP Deskphone alternate VLAN ID for the address
pool.
Syntax
altvlan <0-65535>
Variable
Value
<0-65535>
Specifies the alternate VLAN ID value.
Example
SR/configure/ip/dhcps/pool p2# altvlan 100
configure ip dhcps pool callserver

Use this command to configure the Avaya Call Server name for the address pool.
Syntax
callserver <A.B.C.D> [port <port>] [appserver <A.B.C.D>] [svpserver
<A.B.C.D>]
420
Variable
Value
callserver <A.B.C.D>
Specifies the call server IP address.
[port <port>]
Specifies the call server port. Range is 1024 65535 (default 4100).
[appserver <A.B.C.D>]
Specifies the application server IP address.
October 2010
configure ip dhcps pool clientid
[svpserver <A.B.C.D>]
Specifies the spectraLink Voice Priority

(SVP) server IP address.
Example
SR/configure/ip/dhcps/pool p2# callserver 10.2.3.4
configure ip dhcps pool clientid

Use this command to configure the client ID for the address pool.
Syntax
clientid <client-id>
Variable
Value
<client-id>
Specifies the client ID in form of

aa:bb:cc:dd:ee:ff.
Example
SR/configure/ip/dhcps/pool p2# clientid 00:50:52:f5:20:00
configure ip dhcps pool commit

Use this command to commit the current pool configuration.
Syntax
commit
Example
SR/configure/ip/dhcps/pool p2# commit
configure ip dhcps pool default_router

Use this command to configure the default router address for the address pool.
Syntax
default_router <A.B.C.D>
October 2010
421
DHCPv4 commands

Variable
Value
<A.B.C.D>
Network number in A.B.C.D form.
Example
SR/configure/ip/dhcps/pool p2# default_router 10.5.4.3
configure ip dhcps pool dnsserver

Use this command to configure the DNS server name for the address pool.
Syntax
dnsserver <A.B.C.D>
Variable
Value
<A.B.C.D>
DNS server IP address.
Example
SR/configure/ip/dhcps/pool p2# dnsserver 10.8.7.6
configure ip dhcps pool domain

Use this command to configure the domain name for the address pool.
Syntax
domain <domain>
Variable
Value
<domain>
Domain name string.
Example
SR/configure/ip/dhcps/pool p2# domain mydomain
422
October 2010
configure ip dhcps pool exclude-range
configure ip dhcps pool exclude-range

Use this command to add or modify address ranges to be excluded from the address pool.
Syntax
exclude-range <start-ip> <end-ip>
Variable
Value
<start-ip> <end-ip>
Specifies the starting and ending IP address

range to exclude.
Example
SR/configure/ip/dhcps/pool p2# exclude-range 10.1.1.0 10.1.1.5
configure ip dhcps pool host

Use this command to configure the host IP address for the address pool.
Syntax
host <A.B.C.D> <mask>
Variable
Value
<A.B.C.D> <mask>
Specifies the host IP address.
Example
SR/configure/ip/dhcps/pool p2# host 10.2.3.1 255.255.255.0
configure ip dhcps pool hwaddr

Use this command to configure the hardware address for the address pool.
Syntax
hwaddr <hwaddr>
October 2010
423
DHCPv4 commands

Variable
Value
<hwaddr>
Specifies the hardware address in the form

of aa:bb:cc:dd:ee:ff.
Example
SR/configure/ip/dhcps/pool p2# hwaddr 00:50:52:a5:10:00
configure ip dhcps pool lease

Use this command to set the address lease time in seconds (default: 3600 seconds).
Syntax
lease <0-4294967>
Example
SR/configure/ip/dhcps/pool p2# lease 4000
configure ip dhcps pool netbios_name_server

Use this command to configure NetBIOS name server for the address pool.
Syntax
netbios_name_server <A.B.C.D>
Variable
Value
<A.B.C.D>
NetBIOS name server IP address.
Example
SR/configure/ip/dhcps/pool p2# netbios_name_server 10.6.7.8
configure ip dhcps pool network

Use this command to configure the network for the address pool.
424
October 2010
configure ip dhcps pool tftpserver
Syntax
network <A.B.C.D> <mask>
Variable
Value
<A.B.C.D> <mask>
Speciies the network number and mask.
Example
SR/configure/ip/dhcps/pool p2# network 10.2.4.5 255.255.255.0
configure ip dhcps pool tftpserver

Use this command to configure TFTP server name for address pool.
Syntax
tftpserver <A.B.C.D>
Variable
Value
<A.B.C.D>
Specifies the TFTP server IP address.
Example
SR/configure/ip/dhcps/pool p2# tftpserver 10.9.8.7
configure ip dhcps pool wireless

Use this command to configure Avaya Phone Wireless server name for the address pool.
Syntax
wireless <A.B.C.D>
Variable
Value
<A.B.C.D>
Specifies the wireless IP address.
Example
SR/configure/ip/dhcps/pool p2# wireless 10.10.9.8
October 2010
425
DHCPv4 commands
configure ip dhcps relay

Use this command to configure the addresses of relay agents.
Syntax
relay <relay-address> <network-address>
Variable
Value
<relay-address> <network-address>
Specifies the IP address and network of relay

agents that DHCP listens to.
Example
SR/configure/ip/dhcps# relay 192.169.1.1 10.1.1.1
configure ip dhcps remote_database

Use this command to configure a remote DHCP server database.
Syntax
remote_database <database-url> <interval>
Variable
Value
<database-url>
Specifies the database URL: ftp://

<user>:<password>@<host>:<port>/<urlpath>
<interval>
Specifies the update interval in seconds.

Default: 600.
Example
SR/configure/ip/dhcps#
426
ftp://test:123@avaya:2222/test/config
October 2010
configure ip domain_name
configure ip domain_name
Use this command to configure the default domain name.
Syntax
[no] ip domain_name <domain-name>
Variable
Value
<domain-name>
Domain name.
Example
SR/configure# ip domain_name myDomain
configure ip name_server
Use this command to configure the secondary DNS name server.
Syntax
[no] ip name_server <server-ip>
Variable
Value
<server-ip>
IP address or IPv6 address of the name

server to add.
Example
SR/configure# ip name_server 123.70.0.23
configure ip pname_server
Use this command to configure the primary DNS name server.
Syntax
[no] ip pname_server <server-ip>
October 2010
427
DHCPv4 commands

Variable
Value
<server-ip>
IP address or IPv6 address of the name

server to add.
Example
SR/configure# ip pname_server 10.1.100.16
show dhcp-relay
Use this command to display the DHCP relay state on the Avaya Secure Router 2330/4134.
Syntax
show dhcp-relay
Example
SR# show dhcp-relay
show ip dhcps address_pools

Use this command to display DHCPv4 server address pools.
Syntax
show ip dhcps address_pools
Example
SR# show ip dhcps address_pools
show ip dhcps bindings

Use this command to display DHCPv4 server bindings.
Syntax
show ip dhcps bindings
Example
SR# show ip dhcps bindings
428
October 2010
show ip dhcps config

Use this command to display DHCPv4 server configuration.
Syntax
Example
SR# show ip dhcps config
show ip dhcps interfaces

Use this command to display DHCPv4 server interface.
Syntax
show ip dhcps interface
Example
SR# show ip dhcps interfaces
show ip dhcps statistics

Use this command to display DHCPv4 server statistics.
Syntax
show ip dhcps statistics
Example
SR# show ip dhcps statistics
show ip dns
Use this command to display the current DNS configuration.
Syntax
show ip dns
October 2010
429
DHCPv4 commands
Example
SR# show ip dns
430
October 2010
Chapter 35: DHCPv6 commands
configure interface ipv6 dhcp client

Use this command to enable DHCPv6 client on the specified interface.
The current implementation can enable the client on only one interface at any time.
Syntax
[no] ipv6 dhcp client pd <pdname> [rapid-commit]
Variable
Value
<pdname>
The general prefix name that has to be

associated with the prefix(es) obtained by
this DHCPv6 client.
[rapid-commit]
Enables the client to use the rapid-commit

option feature provided by the protocol.
When the rapid-commit is enabled, the client
will use the SOLICIT-REPLY message
exchange to get the prefix information. In
other words, the client would send the
SOLICIT message with rapid-commit
enabled. If the server is configured to accept
the rapid-commit option from the client, it
would send a REPLY packet with all the
prefix information back to client. With these
two messages, the DHCPv6 protocol
operation will be complete. If the rapidcommit is not enabled by client or if the
server is not accepting the rapid-commit, the
server will send an ADVERTISE message as
a reply to the SOLICIT message (rather than
a REPLY message). The client will receive
the ADVERTISE message and it would send
a REQUEST message to server. The server
will then reply with a REPLY message along
with prefix information. In this non rapidcommit mode, FOUR messages are needed
in the message exchange.
October 2010
431
DHCPv6 commands
Example
SR/configure/interface/ethernet (6/13)# ipv6 dhcp client pd pdname
configure interface ipv6 dhcp relay

Use this command to enable DHCPv6 relay on this interface to listen for client messages.
The current implementation can enable the relay on only one interface at any time.
If you have to change the server IPv6 address, then disable the relay and re-enable it with the
required server IPv6 address. The no form of the command disables the relay.
Syntax
[no] ipv6 dhcp relay server-ipv6 <server-ipv6-address> <interfacename>
Variable
Value
<server-ipv6-address>
Specifies the IPv6 address of the DHCPv6

server to which the client requests have to be
forwarded.
<interface-name>
If the DHCPv6 server address is a global

scope address, this parameter is not
required. If the DHCPv6 server address is a
link local scope address, this parameter is
mandatory.
Example
SR/configure/interface/ethernet (6/13)# ipv6 dhcp relay server-ipv6
fe80::99 ethernet0/4
configure interface ipv6 dhcp server

Use this command to enable DHCPv6 client on the specified interface. The current
implementation can enable DHCPv6 server on only one interface at any time.
The rapid-commit option and the preference value can be modified even after the server is
enabled.
If this command is executed with a pool name, for example, xyz, that does not exist, the
command will still succeed, but the server will not be able to provide any parameter to the
client. At the same time, it is possible to configure this new pool (the same xyz) after enabling
432
October 2010
configure ipv6 dhcp pool
the server. This methodology is chosen to provide the flexibility for the user to configure the
pool either before or after enabling the server.
Syntax
[no] ipv6 dhcp server <pool-name> [rapid-commit] [preference <0-255>]
Variable
Value
<pool-name>
Identifies the DHCPv6 pool from which the

server has to lookup the parameters.
[rapid-commit]
Optional parameter that allows the DHCPv6

server to accept the rapid-commit option
from clients.
[preference <0-255>]
Optional parameter that specifies a

preference value.
Example
SR/configure/interface/ethernet (6/13)# ipv6 dhcp server pool1
configure ipv6 dhcp pool

Use this command to configure a DHCPv6 address pool.
Syntax
ipv6 dhcp pool <poolname>
Example
SR/enable# ipv6 dhcp pool pool1
configure ipv6 dhcp pool dns-server

Use this command to configure the DNS servers for the pool.
Syntax
dns-server <dns-server-value>
Variable
<dns-server-value>
Value
DNS server ipv6 prefix (X:X::X:X)
October 2010
433
DHCPv6 commands
Example
SR/enable/ipv6/dhcp/pool pool1# dns-server ::FFFF:0000
configure ipv6 dhcp pool domain-name

Use this command to configure the domain name for the pool.
Syntax
domain-name <domain-name value>
Variable
<domain-name value>
Value
Domain name.
Example
SR/enable/ipv6/dhcp/pool pool1# domain-name mydomain
configure ipv6 dhcp pool ntp-server

Use this command to configure the NTP server for the pool.
Syntax
ntp-server <ntp-server-value>
Variable
<ntp-server-value>
Value
NTP server (X:X::X:X).
Example
SR/enable/ipv6/dhcp/pool pool1# ntp-server ::FFFF:0000
configure ipv6 dhcp pool prefix-delegation

Use this command to build a prefix list.
434
October 2010
show ipv6 dhcp binding
Syntax
prefix-delegation <IPPrefix> <DUID> [ lifetime {<valid-lifetimevalue> | infinite} {<preferred-lifetime-value> | infinite} ]
Variable
Value
<IPPrefix>
IPv6 prefix (X:X::X:X/M)
<DUID>
DUID in hh:hh:tt:tt:m1:m2:m3:m4:m5:m6,
last 6 bytes are MAC
{ <valid-lifetime-value> | infinite }
Specifies the valid lifetime in seconds, in the

range of 60 - 4294967295, or infinite.
{<preferred-lifetime-value> | infinite}
Specifies the preferred lifetime in seconds, in

the range of 60 - 4294967295, or infinite.
Example
SR/enable/ipv6/dhcp/pool pool1# prefix-delegation 4444::/64
00:03:00:01:11:22:33:44:55:66 lifetime 70 60

Use this command to display DHCPv6 binding.
Syntax
Example
SR# show ipv6 dhcp binding
show ipv6 dhcp DUIDs

Use this command to display DHCPv6 DUIDs.
Syntax
show ipv6 dhcp duids
Example
SR# show ipv6 dhcp duids
October 2010
435
DHCPv6 commands
show ipv6 dhcp interface

Usethis command to display DHCPv6 interface.
Syntax
show ipv6 dhcp interface
Example
SR# show ipv6 dhcp interface
show ipv6 dhcp pool

Use this command to display DHCPv6 pool.
Syntax
show ipv6 dhcp pool
Example
SR# show ipv6 dhcp pool
436
October 2010
Chapter 36: Network access commands
clear telnet_session
Use this command to clear a specific Telnet connection. Use the show users command to
show a Telnet session's sequence number.
Syntax
clear telnet_session <1-16>
Example
SR# clear telnet_sesion 3
Use this command to clear all Telnet connections.
Syntax
Example
SR# clear telnet_sesions
configure ftp_server
Use this command to enable the File Transfer Protocol (FTP) server on the Secure Router.
Syntax
[no] ftp_server
Example
SR/configure# ftp_server
October 2010
437
Network access commands
configure ftp_user
Use this command to create the FTP user account.
Syntax
ftp_user <username>
Variable
Value
<username>
Creates the new username for the FTP

account.
Example
SR/configure# ftp_user username
configure telnet_banner
Use this command to configure a Telnet session display banner.
Syntax
telnet_banner banner <banner> [banner1 <banner1>] [banner2 <banner2>]
Variable
Value
banner <banner>
Sets the banner text.
[banner1 <banner1>]
Use this option to configure a message of

more than 80 characters (for the second line
of text).
[banner2 <banner2>]
Use this option to add a third text line to the

message. The entire message cannot
exceed 255 characters. To insert a blank line
between text lines, type '\n'.
Example
SR/configure#
438
telnet_banner banner NC branch router
October 2010
configure telnet_server
configure telnet_server
Use this command to enable the Telnet server.
Syntax
[no] telnet_server
Example
SR/configure#
telnet_server
configure telnet_timeout
Use this command to configure the Telnet session timeout.
Syntax
telnet_timeout <0-3600>
Variable
Value
<0-3600>
Specifies the number of seconds after which

an inactive Telnet session times out.
Example
SR/configure#
telnet_timeout 300
configure tftp_server
Use this command to enable the Trivial File Transfer Protocol (TFTP) server on the Secure
Router.
Syntax
[no] tftp_server
Example
SR/configure#
tftp_server
October 2010
439
telnet
Use this command to telnet to a remote system.
Syntax
telnet <host-name> [portno <port>] [interface <outgoing-if>]
Example
SR/configure#
telnet 10.12.34.5
show ftp
Use this command to display the status of the FTP server.
Syntax
show ftp
Example
SR# show ftp
show telnet
Use this command to display the status of the Telnet server.
Syntax
show telnet
Example
SR# show telnet
show tftp_server_info
Use this command to display the status of the TFTP server.
Syntax
440
October 2010
Example
SR# show tftp_server_info
October 2010
441
442
October 2010
Chapter 37: IPv4 routing commands
clear ip prefix-list
Use this command to reset the hit count to zero in the prefix-list entries.
Syntax
ip prefix-list <listname> [<A.B.C.D/M>]
Variable
Value
<listname>
Specifies the name of the prefix-list.
[<A.B.C.D/M>]
IP prefix and length.
Example
SR/configure#
clear ip prefix-list List1
configure access-list
Use this command to configure an access list.
Syntax
access-list <listname> [permit|deny|remark]
Variable
<listname>
Value
A name for the access list.
Example
SR/configure#
access-list mylist permit any
October 2010
443
IPv4 routing commands
configure interface ip address

Use this command to configure the IP address and subnet mask for an interface.
Syntax
ip address <address> <mask>
Variable
Value
<address>
The IP address for the interface.
<mask>
The subnet mask for the interface.
Example
SR/configure/interface/ethernet (0/3)#
255.255.0.0
ip address 10.10.0.1
configure interface ip proxy_arp

Use this command to enable proxy arp.
Syntax
ip proxy_arp
Example
ip proxy_arp
configure interface ip redirects

Use this command to configure ICMP redirect messages on an interface. Use the no form of
this command to disable redirects.
Syntax
[no] ip redirects
Example
444
ip redirects
October 2010
configure interface ip unreachables
configure interface ip unreachables

Use this command to enable ICMP destination unreachable messages on an interface. Use
the no form of this command to disable this feature.
Syntax
[no] ip unreachables
Example
ip unreachables
configure ip load-balancing
Use this command to specify a load balancing policy for equal cost routes.
Syntax
ip load-balancing policy [per-flow|per-packet]
Variable
Value
per-flow
Per IP destination load balancing.
per-packet
Round robin load balancing. Not effective on

Ethernet module cards.
Example
SR/configure# ip load-balancing policy per-flow
configure ip nat access-group

Use this command to apply and access list to a NAT pool.
Syntax
[no] access-group <name> <static> <dynamic> <address>
Variable
Value
October 2010
445
<address>
Specifies dynamic address translation.
<dynamic>
Specifies dynamic port translation.
<name>
Specifies the rule list name.
[no]
Deletes the access-group.
<static>
Specifies static address and port translation.
Example
SR/configure/ip/nat#access-group list2 static
configure ip nat access-list

Use this command to create or modify an IP access list.
Syntax
[no] access-list <name>
Variable
Value
<name>
Specifies the filter rule list name.
[no]
Deletes the access list.
Example
SR/configure/ip/nat#access-list office
configure ip nat address

Use this command to add a static IP address to the network address translation table..
Syntax
[no] address <local_ipaddr> <global_ipaddr>
446
Variable
Value
<global_ipaddr>
Specifies a global IP address to add to the

translation table.
October 2010
configure ip nat debug
<local_ipaddr>
Specifies a local IP address to add to the

translation table.
[no]
Deletes the static IP addresses.
Example
SR/configure/ip/nat#address 10.10.10.1 10.1.1.1
configure ip nat debug

Use this command to recalculate the entire TCP checksum.
Syntax
[no] debug
Example
SR/configure/ip/nat#debug
configure ip nat default_addr

Use this command to add or delete a default dynamic port translation IP address.
Syntax
[no] default_addr <ipaddr>
Variable
Value
<ipaddr>
Specifies the default IP address.
[no]
Deletes the default IP address.
Example
SR/configure/ip/nat#default_addr 1.1.1.1
configure ip nat enable

Use this command to enable or disable network address translation modes.
October 2010
447
Syntax
[no] enable
Variable
Value
[no]
Disables network address translation

modes.
Example
SR/configure/ip/nat#enable
configure ip nat interface

Use this command to add or delete a global NAT interface.
Syntax
[no] interface <slot/port> | <bundle_name>
Variable
Value
<bundle_name>
Specifies a bundle name for and interface

bundle.
[no]
Deletes the global NAT interface.
<slot/port>
Specifies an Ethernet interface slot and port

number.
Example
SR/configure/ip/nat#interface 1/2
configure ip nat ip
Use this command to change the dynamic port translation IP address.
Syntax
[no] ip <old_ipaddr> <new_ipaddr>
448
October 2010
configure ip nat max_entries

Variable
Value
<new_ipaddr>
Specifies the new dynamic port translation IP

address.
[no]
Disables the change of the dynamic port

translation IP address.
<old_ipaddr>
Specifies the old dynamic port translation IP

address.
Example
SR/configure/ip/nat#ip 1.1.1.1 1.2.2.1
configure ip nat max_entries

Use this command to configure the maximum limit for port translations.
Syntax
[no] max_entries <number>
Variable
Value
[no]
Deletes the maximum number for port

translations.
<number>
Specifies the maximum number for port

translations.
Example
SR/configure/ip/nat#max_entries 4
configure ip nat max_ports

Use this command to configure the maximum number of port translations for a translation
address.
Syntax
[no] max_ports <ipaddr> <number>
October 2010
449

Variable
Value
<ipaddr>
Specifies the translation IP address.
[no]
Deletes the maximum number of ports

translations for a translation address.
<number>
Specifies the maximum number of port

translations for the selected IP address.
Example
SR/configure/ip/nat#max_ports 10.10.10.1 4
configure ip nat pass_thru

Use this command to allow or disallow the passing of non-translated packets through the NAT
pool.
Syntax
[no] pass_thru
Variable
Value
[no]
Disallows the passing of non-translated

packets through the NAT pool.
Example
SR/configure/ip/nat#pass_thru
configure ip nat pass-thru-multicast

Use this command to allow or disallow the passing of multicast packets through the NAT pool.
Syntax
[no] pass-thru-multicast
Variable
450
Value
October 2010
configure ip nat pool range
[no]
Disallows the passing of multicast packets

through the NAT pool.
Example
SR/configure/ip/nat#pass-thru-multicast
configure ip nat pool range

Use this command to configure the address pool range for dynamic IP address translation..
Syntax
[no] range <start_ipaddr> <end_ipaddr> <net_mask>
Variable
Value
<end_ipaddr>
Specifies the IP address at the end of the

pool range.
<net_mask>
Specifies the network mask.
[no]
Deletes the address pool range.
<start_ipaddr>
Specifies the IP address at the start of the

pool range.
Example
SR/configure/ip/nat/pool p2#range 10.10.10.2
10.10.10.8.255.255.255.0
configure ip nat port

Use this command to add a static port to the network address translation table..
Syntax
[no] port <tcp | udp | addr> <local_ipaddr> <local_port>
<global_ipaddr> <global_port>
Variable
Value
<global_ipaddr>
Specifies the global IP address.
October 2010
451
<global_port>
Specifies the global port to translate. Values

<local_ipaddr>
Specifies the local IP address.
<local_port>
Specifies the local port to translate. Values

[no]
Deletes the static port.
<tcp | udp | addr>
Specifies the protocol.
Example
SR/configure/ip/nat#port tcp 10.10.10.1 40 10.10.0.0 25
configure ip nat reverse

Use this command to enable or disable reverse NAT.
Syntax
[no] reverse
Variable
Value
[no]
Disables reverse NAT.
Example
SR/configure/ip/nat#reverse
configure ip nat reverseACL

Use this command to enable or disable reverse ACL NAT.
Syntax
[no] reverseACL
452
Variable
Value
[no]
Disables reverse ACL NAT.
October 2010
configure ip nat timeout
Example
SR/configure/ip/nat#reverseACL
configure ip nat timeout

Use this command to configure the timeout for dynamic translation entries..
Syntax
[no] timeout <tcp | udp | addr> <seconds>
Variable
Value
[no]
<seconds>
Specifies the timeout time in seconds.

Defaults by protocol are:
tcp7200
udp60
addr3600
<tcp | udp | addr>
Specifies the protocol.
Example
SR/configure/ip/nat#timeout tcp 2200
configure ip nat trans_addr

Use this command to add or delete a dynamic port translation IP address.
Syntax
[no] trans_addr <ip_addr>
Variable
Value
<ip_addr>
Specifies the translation IP address.
[no]
Deletes the translation IP address.
October 2010
453
Example
SR/configure/ip/nat#trans_addr 10.1.1.1
configure ip nat trans_mode

Use this command to configure the translation mode.
Syntax
[no] trans_mode mode <overflow | round_robin>
Variable
Value
[no]
Disables the translation mode.
<overflow | round_robin>
Specifies Overflow or Round Robin

translation mode.
Example
SR/configure/ip/nat#trans_mode mode overflow
configure ip nat unregistered

Use this command to select that only unregistered local IP addresses are translated.
Syntax
[no] unregistered
Variable
Value
[no]
Selects that not only unregistered local IP

addresses are translated.
Example
SR/configure/ip/nat#unregistered
454
October 2010
configure ip prefix-list
configure ip prefix-list
Use this command to configure IP prefix lists.
Syntax
ip prefix-list {sequence-number | <listname>} {description
<description> | [seq <1-4294967295>] {deny|permit} {<A.B.C.D/M>|any} }
Variable
Value
sequence-number
Include/exclude sequence numbers in

NVGEN.
<listname>
The name of the prefix list.
Up to 80 characters describing this prefix-list.
{deny|permit}
Reject or forward packets.
{<A.B.C.D/M>|any}
Configure by IP address or any prefix match.
Example
SR/configure# ip prefix-list mylist deny 10.0.0.0/8
configure ip proxy-dns add-cache

Use this command to add or delete a DNS cache entry.
Syntax
[no] ip proxy-dns add-cache <domain>
Variable
Value
<domain>
Specifies the domain to add to the proxy cache.
[no]
Deletes the DNS cache entry.
Example
SR/configure#ip proxy-dns add-cache Dom2
October 2010
455
configure ip proxy-dns enable

Use this command to enable or disable Proxy DNS.
Syntax
[no] ip proxy-dns enable
Variable
[no]
Value
Disables Proxy DNS.
Example
SR/configure#ip proxy-dns enable
configure ip route
Use this command to configure a static IP route.
Syntax
ip route <destprefix> <ipaddressmask> <gatewayip|interface>
<distvalue>
Variable
Value
<address>
The IP destination prefix for the route to be

added.
<mask>
The IP destination prefix mask for the route

to be added.
<gatewayip>
The IP gateway address of the route to be

added.
<interface>
The name of the interface.
<distvalue>
The distance value for the route, in the range

1 to 255.
Example
SR/configure# ip route 10.1.200.0 255.255.0.0 10.2.71.5 2
456
October 2010
configure route-map
configure route-map
Use this command to configure a route map.
Syntax
route-map <route-map-name> [deny|permit] <1-65535>
Variable
Value
<1-65535>
Specifies the sequence number for insertion

or deletion.
Example
SR/configure# route-map route1 permit 1
configure route-map match as-path

Use this command to match a BGP autonomous system path access list. Use the no form of
this command to remove a path list entry.
Syntax
[no] match as-path <list-name>
Variable
<list-name>
Value
Specifies an autonomous system path
access list name.
Example
SR/configure/route-map#
match as-path myaccesslist
configure route-map match community

Use this command to specify the BGP community to be matched. Use the no parameter with
this command to remove the community list entry.
October 2010
457
Syntax
[no] match community <community>
Variable
Value
<community>
Specifies the community-list name.
Example
match community mylist
configure route-map match interface

Use this command to configure interface match criterion. Before configuring match criterion,
you first need to configure the route map using the route-map command. The match interface
command specifies the next-hop interface name of a route to be matched. Use the no form of
this command to remove the specified match criterion
Syntax
[no] match interface <ifname>
Variable
<ifname>
Value
Specifies the interface you want to match.
Example
match interface ethernet0/3
configure route-map match ip address

Use this command to configure the match address of a route. Use the no form of this command
to remove the ip address entry.
Syntax
[no] match ip address <accesslistid>
458
October 2010
configure route-map match ip address prefix-list

Variable
<accesslistid>
Value
The access list to match. Can be specified
as:
<WORD> - The name of the access list
<1 - 199> - The IP access list number
<1300 - 2699> - The expanded-range IP
access list number
Example
match ip address mylist1
configure route-map match ip address prefix-list

Use this command to match entries of prefix lists. Use the no form of this command to disable
this function.
Syntax
[no] match ip address prefix-list <listname>
Variable
<listname>
Value
The IP address prefix list name.
Example
match ip address prefix-list prefix1
configure route-map match ip next-hop

Use this command to specify a next-hop address to be matched in a route-map. Use the no
parameter with this command to disable this function.
Syntax
[no] match ip next-hop <accesslistid>
October 2010
459

Variable
Value
<accesslistid>

as:
access list number
prefix-list <prefix-list> - The IP address
prefix list name.
Example
match ip next-hop prefix-list prefix2
configure route-map match metric

Use this command to match a route metric value. Use the no form of this command to disable
this function
Syntax
[no] match metric <metric>
Variable
<metric>
Value
The metric value, in the range 0 to
4294967295.
Example
match metric 106 888999
configure route-map match origin

Use this command to match BGP origin code. Use the no parameter with this command to
disable this matching.
Syntax
[no] match origin {egp|igp|incomplete}
460
October 2010
configure route-map match route-type

Variable
Value
egp
Remote EGP
igp
Local IGP
incomplete
Unknown heritage
Example
match origin egp
configure route-map match route-type

Use this command to match specified external route type. Use the no parameter with this
command to turn off the matching.
Syntax
[no] match route-type {type-1 | type-2}
Example
match route-type type-1
configure route-map match source-protocol

Use this command to match source protocols. Use the no form of this command to disable this
function.
Syntax
[no] match source-protocol <protocol>
Variable
<protocol>
Value
The protocol to match. Possible values are:
connected - Match all connected protocols
ospf - Match ospf source protocol
rip - Match rip source protocol
static - Match all static protocols
October 2010
461
Example
match source-protocol rip
configure route-map match tag

Use this command to match the specified tag value. Use the no parameter with this command
to turn off the declaration.
Syntax
[no] match tag <0-4294967295>
Example
match tag 1234
configure route-map set aggregator

Use this command to set the BGP AS number for the route map and router ID. Use the no
Syntax
[no] set aggregator as <1-65535> <A.B.C.D>
Variable
Value
<1-65535>
Specifies the AS number of aggregator.
<A.B.C.D>
Specifies the IP address of aggregator.
Example
set aggregator as 2 10.2.4.6
configure route-map set as-path

Use this command to modify a BGP autonomous system path for a route. Use the no parameter
with this command to disable this function.
Syntax
[no] set as-path prepend <1-65535>
462
October 2010
configure route-map set atomic-aggregate

Variable
<1-65535>
Value
Prepends this number to the AS path.
Maximum list size is 255.
Example
set as-path prepend 10
configure route-map set atomic-aggregate

Use this command to set a BGP atomic aggregate attribute. Use the no parameter with this
command to disable this function
Syntax
[no] set atomic-aggregate
Example
set atomic-aggregate
configure route-map set comm-list

Use this command to delete the matched BGP communities from the community attribute of
an inbound or outbound update when applying route-map. Use the no parameter with this
command to disable this feature
Syntax
[no] set comm-list <comm-list> delete
Variable
<comm-list>
Value
Specifies the community-list name.
Example
set comm-list 34 delete
October 2010
463
configure route-map set community

Use this command to set the BGP communities attribute. Use the no parameter with this
command to delete the entry.
Syntax
[no] set community [community-number <AA:NN>] [internet] [local-AS]
[no-advertise] [no-export][additive]
Variable
Value
[community-number <AA:NN>]
Specifies the community number in aa:nn

format.
[internet]
Specifies the Internet.
[local-AS]
Specifies no sending outside the local AS

(well-known community).
[no-advertise]
Specifies no advertisement of this route to

eBGP peers.
[no-export]
Specifies no advertisement of this route to

any peer.
[additive]
Adds to the existing community.
Example
set community no-export no-advertise
configure route-map set dampening

Use this command to enable route-flap dampening and set parameters.
Syntax
[no] set dampening <reachtime> [<reuse-value> <suppress-value> <maxsuppress-time>] [<unreachtime>]
Variable
<reachtime>
464
Value
Specifies the reachability half-life time in
minutes (1-145). The time for the penalty to
October 2010
configure route-map set ip next-hop
Variable
Value
decrease to one-half of its current value. The
default is 15 minutes.
<reuse-value>
Specifies the reuse-limit value (1-20000).

When the penalty for a suppressed route
decays below the reuse value, the routes
become unsuppressed. The default reuse
limit is 750.
<suppress-value>
Specifies the suppress-limit value (1-20000).

When the penalty for a route exceeds the
suppress value, the route is suppressed. The
default suppress limit is 2000.
<max-suppress-time>
Specifies the max-suppress-time in minutes.

Maximum time that a dampened route is
suppressed (1-255). The default maxsuppress value is 4 times the half-life time
(60 minutes).
[<unreachtime>]
Specifies the un-reachability half-life time for

penalty, in minutes (1-45). The default value
is 15 minutes.
Example
set dampening 20 333 534 30
configure route-map set ip next-hop

Use this command to set the next-hop IP address to the routes. Use the no form of this
command to turn off the setting.
Syntax
[no] set ip next-hop <A.B.C.D>
Variable
<A.B.C.D>
Value
Specifies the IP address of the next-hop.
Example
set ip next-hop 10.10.0.67
October 2010
465
configure route-map set local-preference

Use this command to set the BGP local preference path attribute.
Syntax
[no] set local-preference <0 - 4294967295>
Variable
<0 - 4294967295>
Value
Sets the local preference value.
Example
set local-preference 100
configure route-map set metric

Use this command to specify a metric value for a route. Use the no form of this command to
disable this function.
Syntax
[no] set metric <metric>
Variable
<metric>
Value
The metric value for the route, in the range 0
to 4294967295.
Example
set metric 600
configure route-map set metric-type

Use this command to set the metric type for the destination routing protocol. Use the no form
of this command to return to the default.
466
October 2010
configure route-map set origin
Syntax
[no] set metric-type {type1|type2}
Variable
Value
type1
Sets to external type 1 metric.
type2
Sets to external type 2 metric.
Example
metric-type type1
configure route-map set origin

Use this command to set the BGP origin code. Use the no form of this command to delete an
entry.
Syntax
[no] set origin {egp|igp|incomplete}
Variable
Value
egp
Specifies a remote EGP system.
igp
Specifies a local IGP system.
incomplete
Specifies a system of unknown heritage.
Example
set origin egp
configure route-map set originator-id

Use this command to set the BGP originator ID attribute. Use the no form of this command to
Syntax
[no] set originator-id <A.B.C.D>
October 2010
467

Variable
Value
<A.B.C.D>
Specifies the IP address of originator.
Example
set originator-id 1.1.1.1
configure route-map set tag

Use this command to set a specified tag value. Use the no form of this command to return to
the default.
This command is valid for OSPF only.
Syntax
[no] set tag <0-4294967295>
Variable
<0 - 4294967295>
Value
Tag value for the destination routing protocol.
Example
set tag 6
configure route-map set weight

Use this command to set BGP weights for the routing table. Use the no form of this command to
delete an entry.
The weight value is used to assist in best path selection. It is assigned locally to a router. When
there are several routes with a common destination, the routes with a higher weight value are
preferred.
To use the set weight command, you must first have a match clause. Match and set commands
set the conditions for redistributing routes from one routing protocol to another. The match
command specifies the match criteria under which redistribution is allowed for the current
route-map. The set command specifies the set redistribution actions to be performed, if the
match criteria are met.
468
October 2010
show ip interfaces
In the configuration: match as-path 10 set weight 400 all routes that apply to accesslist 10 will have the weight set at 400. If the packets do not match any of the defined criteria,
they are routed through the normal routing process.
Syntax
[no] set weight <0 - 4294967295>
Variable
Value
<0 - 4294967295>
Specifies the weight value.
Example
set weight 400
show ip interfaces
Use this command to display interface information
Syntax
show ip interfaces [interface <ifname>] [format <detail | brief>]
Variable
Value
[interface <ifname>]
Specifies the interface name for which you

want to display information.
format <detail | brief>
Displays a summary of interface information.

briefdisplays a brief summary for the
detaildisplays a detailed summary for
the specified interface.
Example
SR#
show ip interfaces interface ethernet0/3
show ip prefix-list
Use this command to display a prefix list.
October 2010
469
Syntax
show ip prefix-list [<name>|detail|summary]
Variable
<name>
Value
The name of the prefix list you want to
display.
Example
SR#
show ip prefix-list list1
show ip protocols
Use this command to display IP routing protocol process parameters and statistics.
Syntax
show ip protocols [bgp|ospf|rip]
Example
SR#
show ip protocols rip
show ip route
Use this command to display the IP routing table.
Syntax
show ip route <routetype>
Variable
<routetype>
Value
Optional route-type information to display.
Possible options are:
A.B.C.D - The network in the IP routing
table to display.
database - The IP routing table database
to display.
bgp - Display BGP information.
470
October 2010
show route-map
Variable
Value
connected - Display connected route
information.
ospf - Display OSPF information.
rip - Display RIP information.
static - Display static information.
summary - Display a summary of all routes.
Example
SR#
show ip route bgp
show route-map
Use this command to show user readable route-map information.
Syntax
show route-map
Example
SR#
show route-map
October 2010
471
472
October 2010
Chapter 38: IPv6 routing commands
clear ipv6 mroute

Use this command to clear configured IPv6 multicast static routes.
Syntax
clear ipv6 mroute {all | <group-addr> [<source-addr>]}
Variable
Value
all
Deletes routes for all multicast groups.
<group-addr>
Specifies the group IPv6 address of the

routes to clear.
[source-addr]
Specifies the source IPv6 address of the

routes to clear.
Example
SR#
clear ipv6 mroute all
clear ipv6 neighbors

Use this command to remove all the dynamically learnt neighbor entries.
Syntax
clear ipv6 neighbors
Example
SR# clear ipv6 neighbors
October 2010
473
clear ipv6 prefix-list

Use this command to reset the hit count to zero in the prefix-list entries.
Syntax
clear ipv6 prefix-list <prefix-list>
Variable
Value
<prefix-list>
Specifies the name of the prefix-list.
Example
SR#
clear ipv6 prefix-list List1
configure interface ipv6 address

Use this command to configure the IPv6 address for an interface.
Syntax
ipv6 address {<X:X::X:X/M> [eui-64 | anycast] | <prefix-name>
[<X:X::X:X/M>] }
Variable
Value
<X:X::X:X/M>
IPv6 prefix address.
<prefix-name>
Prefix name to be referred to assign IPv6

address to this interface
[<X:X::X:X/M>]
Subnet prefix number to be ORed with NW

prefix referred by gen_prefix_name
Example
474
ipv6 address ::FFFF:0000/4
October 2010
configure interface ipv6 enable
configure interface ipv6 enable

Use this command to enable IPv6 on the interface.
Syntax
ipv6 enable
Example
ipv6 enable
configure interface ipv6 nd

Use this command to configure Neighbor Discovery (ND) parameters.
Syntax
[no] ipv6 nd { dad-attempts <dad-attempts> | managed-config-flag |
ns-interval <ns-interval> | other-config-flag | ra-interval <rainterval> | ra-interval-min <ra-interval-min> | ra-lifetime <ralifetime> | reachable-time <nd-reachable-time>| suppress-ra }
Variable
Value
dad-attempts <dad-attempts>
Number of NS to be sent to validate DUP

status (0-600). Use 0 to disable DAD on this
interface. (default: 1)
managed-config-flag
Enable MANAGED bit on the RAs sent on

this interface.
ns-interval <ns-interval>
Configure the interval in milliseconds

between IPv6 NS retransmission on an
interface (1000 - 3600000). Default is 1000.
other-config-flag
Enable OTHER bit on the RAs sent on this

interface.
ra-interval <ra-interval>
Configure maximum interval between router

advertisements in seconds (4 - 1800).
ra-interval-min <ra-interval-min>
Configure minimum interval between router

advertisements in seconds (1 - 600).
ra-lifetime <ra-lifetime>
Router lifetime value in seconds (0-9000).
October 2010
475
reachable-time <nd-reachable-time>
NS Reachability time in milliseconds (0 3600000; default: 30000).
suppress-ra
Suppress the transmission of RA on this

interface. Use the no parameter to enable it
again.
Example
ipv6 nd dad-attempts 30
configure interface ipv6 redirects

Use this command to allow the interface to send ICMP redirect messages when a better route
exists for a destination IP address.
Syntax
ipv6 redirects
Example
ipv6 redirects
configure ipv6 access-list

Use this command to configure an access list for filtering frames. Use the no parameter to
remove a specified access-list.
Syntax
[no] ipv6 access-list <listname> [permit|deny|remark] {X:X::X:X/M |
any}
Variable
Value
<listname>
A name for the access list.
{X:X::X:X/M | any}
Specifies the prefix to match.
Example
SR/configure#
476
ipv6 access-list mylist permit 3ffe:506::/32
October 2010
configure ipv6 general-prefix
configure ipv6 general-prefix

Use this command to configure a general prefix name with an NW prefix.
Syntax
ipv6 general-prefix <prefix-name> <NW-name>
Variable
Value
<prefix-name>
Prefix name
<NW-name>
NW prefix in the format: xxxx:yyyy::/

prefix_len
Example
SR/configure#
ipv6 general-prefix myprefix ::FFFF:0000/24
configure ipv6 hop-limit

Use this command to configure the hop-limit for outgoing IPv6 packets.
Syntax
ipv6 hop-limit <hop-limit>
Variable
Value
<hop-limit>
Hop limit on outgoing IPv6 packets, in the

range 1 - 255.
Example
SR/configure#
ipv6 hop-limit 65
configure ipv6 icmp rate-limit

Use this command to configure ICMPv6 rate limit.
October 2010
477
Syntax
ipv6 icmp rate-limit <rate-limit>
Variable
Value
<rate-limit>
Specifies the time interval for sending ICMP

messages in milliseconds (default : 500ms,
0 disables rate limit). Acceptable values are
in the range: 0 - 1000000
Example
SR/configure#
ipv6 icmp rate-limit 5000
configure ipv6 load-balancing

Use this command to specify load balancing policy for equal cost routes (default = per flow).
Syntax
ipv6 load-balancing policy { per-flow | per-packet }
Variable
Value
per-flow
per IP destination load balancing
per-packet
round robin load balancing
Example
SR/configure#
ipv6 load-balancing policy per-flow
configure ipv6 mroute

Use this command to configure a multicast static route. By default no multicast static routes
are configured.
Syntax
[no] ipv6 mroute <source-address/mask> [<protocol>] [<RPF-addr>| <ifname>] [<distance>]
478
October 2010
configure ipv6 multicast-routing

Variable
Value
[no]
Removes the configured multicast static

route.
<source-address/mask>
Specifies the multicast source IPv6 address

(X:X::X:X) and address mask length (0-128).
[<protocol>]
Specifies the unicast routing protocol:

bgp: BGP
isis: IS IS
ospf: OSPF
rip: RIP
static
[<RPF-addr>]
Specifies the RPF address (X:X::X:X) for the

multicast route. The host IPV6 address can
be a directly connected system or a remote
system. When it is a remote system, a
recursive lookup is done from the unicast
routing table to find a directly connected
system; the recursive lookup is done up to
only one level.
<if-name>
Specifies the incoming interface name. You

can specify the interface for non-broadcast
interfaces only.
[<distance>]
Specifies a distance for the multicast route,

which determines whether a unicast route or
multicast static route is used for the RPF
lookup. Lower distances take precedence. If
the multicast static route has the same
distance as other RPF sources, the multicast
static route takes precedence. Default is 0.
Range is 0-255.
Example
SR/configure#ipv6 mroute 100::0/64 10.0.0.1/24 bgp

Use this command to enable the routing and forwarding of IPv6 multicast.
October 2010
479
Syntax
ipv6 multicast-routing
Example
SR/configure#
ipv6 multicast-routing
configure ipv6 multicast-lookup-mrib-only

Use this command to configure the router to perform IPv6 multicast lookups in the MRIB only. If
you do not enable this feature, the device does a multicast route lookup in the URIB as well
as in the MRIB. By default, this feature is disabled.
Syntax
[no] ipv6 multicast-lookup-mrib-only
Variable
[no]
Value
Disables the multicast lookup in MRIB only
feature.
Example
SR/configure#ipv6 multicast-lookup-mrib-only
configure ipv6 neighbor

Use this command to configure a static entry in IPv6 ND Cache.
Syntax
ipv6 neighbor <neighbor-ip> <neighbor-mac> <interface_name>
480
Variable
Value
<neighbor-ip>
Neighbor's IPv6 address.
<neighbor-mac>
Neighbor's MAC address in

HH:HH:HH:HH:HH:HH format.
<interface_name>
Interface on which this neighbor entry has to

be added, for example: ethernet0/2. This
October 2010
configure ipv6 prefix-list
parameter is required for link-local

neighbors.
Example
SR/configure#
ethernet0/1
ipv6 neighbor 4465:: 00:04:00:01:11:22:33:44:55:66
configure ipv6 prefix-list

Use this command to create an entry for an IPv6 prefix-list.
Syntax
ipv6 prefix-list {sequence-number | <listname>} {description
<description> | [seq <1-4294967295>] {deny|permit} {<X:X::X:X/M>|
any} }
Variable
Value
<sequence-number>
Include/exclude sequence numbers in

NVGEN.
<listname>
The name of the prefix list.
Up to 80 characters describing this prefix-list.
{deny|permit}
Reject or forward packets.
{<X:X::X:X/M> | any}
Configure by IP address or any prefix match.
Example
SR/configure#
ipv6 prefix-list list deny ::FFFF:FFF0/2
configure ipv6 route

Use this command to establish static routes.
Syntax
ipv6 route <X:X::X:X/M> <gatewayip|interface> [<distvalue>]
Variable
Value
October 2010
481
<X:X::X:X/M>
The IPv6 destination prefix for the route to be

added.
<gatewayip|interface>
The address or interface name of the IPv6

gateway of the route to be added.
[<distvalue>]
The distance value for the route, in the range

1 to 255.
Example
SR/configure#
ipv6 route 3ffe:506::/32
configure ipv6 unicast-routing

Use this command to enable IPv6 unicast forwarding.
Syntax
ipv6 unicast-routing
Example
SR/configure#
ipv6 unicast-routing
configure route-map match ipv6 address

Use this command to configure the match address of a route. Use the no form of this command
to remove the IPv6 address entry.
Syntax
[no] match ipv6 address <accesslistid>
Variable
<accesslistid>
Value
as:
access list number
482
October 2010
configure route-map match ipv6 address prefix-list
Example
match ip address mylist1
configure route-map match ipv6 address prefix-list

Use this command to match entries of prefix lists. Use the no form of this command to disable
this function.
Syntax
[no] match ipv6 address prefix-list <listname>
Variable
<listname>
Value
The IPv6 address prefix list name.
Example
match ipv6 address prefix-list prefix1
configure route-map set ipv6 next-hop

Use this command to set a next hop-address. Use the no parameter with this command to
delete an entry.
Syntax
[no] set ipv6 next-hop [local] <X:X::X:X>
Variable
Value
local
Specifies that the address is local. (If not

specified, the address is considered global.)
<X:X::X:X>
Specifies the IPv6 address if the next hop.
Example
set ipv6 next-hop ffff::10:10
October 2010
483
show ipv6 access-list

Use this command to display a list of IPv6 access lists.
Syntax
show ipv6 access-list [<access-list>]
Variable
Value
[<access-list>]
Specifies the IPv6 access-list to display.
Example
SR# show ipv6 access-list list2
show ipv6 general-prefix

Use this command to display the general prefixes that are configured through CLI and also
obtained from DHCPv6.
Syntax
show ipv6 general-prefix
Example
SR# show ipv6 general-prefix
show ipv6 interfaces

Use this command to display IPv6 interface configuration information. If no interface is
specified, information for all interfaces is displayed.
Syntax
show ipv6 interfaces [interface <interface-name>] [format {detail|
brief}]
Example
SR# show ipv6 interfaces ethernet0/3 format brief
484
October 2010
show ipv6 mroute
show ipv6 mroute

Use this command to display the IPv6 multicast routing table.
Syntax
show ipv6 mroute [<group-ip>] [<source-ip>] [summary]
Variable
Value
[<group-ip>]
Specifies the group IP address {<X:X::X:X>).
[<source-ip>]
Specifies the source IP address

{<X:X::X:X>).
summary
Specifies a summary display.
Example
SR# show ipv6 mroute 3ffe::10 summary
show ipv6 mtu

Use this command to display the learned PMTU.
Syntax
show ipv6 mtu
Example
SR# show ipv6 mtu
show ipv6 mvif

Use this command to display IPv6 multicast interfaces.
Syntax
show ipv6 mvif [<interface-name>]
Example
SR# show ipv6 mvif ethernet6/7
October 2010
485
show ipv6 neighbors

Use this command to display the Neighbor Discovery (ND) Cache Information.
Syntax
show ipv6 neighbors
Example
SR# show ipv6 neighbors
show ipv6 prefix-list

Use this command to display information about a prefix list.
Syntax
show ipv6 prefix-list [detail|summary] [<list-name>]
Variable
Value
detail
Specifies detailed display.
summary
Specifies summary display.
<list-name>
Specifies the name of the prefix list to display.
Example
SR# show ipv6
show ipv6 route

Use this command to display the IPv6 routing table.
Syntax
show ip route <routetype>
Variable
486
Value
October 2010
show ipv6 routers
<routetype>
Optional route-type information to display.

Possible options are:
X:X::X:X - IPv6 address
X:X::X:X/M - IPv6 prefix
database - The IP routing table database
to display.
bgp - Display BGP information.
connected - Display connected route
information.
ospf - Display OSPF information.
rip - Display RIP information.
static - Display static information.
summary - Display a summary of all routes.
Example
SR# show ipv6 route bgp
show ipv6 routers

Use this command to display IPV6 Router Advertisement Information.
Syntax
show ipv6 routers
Example
SR# show ipv6 routers
October 2010
487
488
October 2010
Chapter 39: RIP commands
clear ip rip route

Use this command to clear specific data from the RIP routing table.
Syntax
clear ip rip route [A.B.C.D/M | static | connected | rip | ospf | bgp
|all]
Variable
Value
A.B.C.D/M
Removes entries which exactly match this

destination address from the RIP routing
table.
static
Removes static entries from the RIP routing

table..
connected
Removes redistributed connected entries

from RIPng routing table.
rip
Removes only RIP routes from the RIP

routing table.
ospf
Removes only BGP routes from the RIP

routing table.
bgp
Removes only BGP routes from the RIP

routing table.
all
Clears the entire RIP routing table.
Example
SR# clear ip rip route rip
October 2010
489
RIP commands
configure interface bundle ip rip default-originate-only

Use this command to enable or disable the ability for a Secure Router to send only default RIP
route information to a network peer on an interface bundle.
Syntax
[no] ip rip default-originate-only [metric <1 15>]
Variable definitions
Variable
Value
metric <1 15>
Specifies the metric value to be used in

redistributing information. Values range from
1 to 15.
[no]
Disables the ability for a Secure Router to

send only default RIP route information to a
network peer on an interface bundle.
Example
SR/configure/interface/bundle bun1#ip rip default-originate-only
metric 11
configure interface bundle ip rip triggered

Use this command to enable or disable triggered RIP for an interface bundle. Triggered RIP
is disabled by default.
Syntax
[no] ip rip triggered [retransmit-interval <5 20> | poll-interval
<5 180>]
490
Variable
Value
retransmit-interval <5 20>
Specifies the request and response

retransmit interval. Values range from 5 to 20
October 2010
configure interface ethernet ip rip default-originate-only
poll-interval < 5 180>
Specifies the poll interval. Values range from

5 to 180 seconds. The default value is 10
seconds.
[no]
Disables triggered RIP for an interface

bundle.
Example
SR/configure/interface/bundle bund1#ip rip triggered retransmitinterval 7 poll-interval 80
configure interface ethernet ip rip default-originate-only

route information to one or more network peers on an Ethernet interface.
Syntax
Variable
Value
metric <1 15>

1 to 15.
[no]

send only default RIP route information to
one or more network peers on an Ethernet
interface.
Example
SR/configure/interface/ethernet 0/1#ip rip default-originate-only
metric 11
configure interface ip rip

Use this command to enable RIP on an interface.
Syntax
ip rip
October 2010
491
RIP commands

Variable
Value
<interface>
interface name
Example
SR/configure/interface/ethernet (6/12)# ip rip
configure interface ip rip authentication

Use this command to configure authentication control.
Syntax
ip rip authentication <authtype>
Variable
Value
<authtype>
The type of authentication. Possible types

are:
keychain <name of keychain> Keychain authentication
mode <md5|text> - Mode
authentication
string <name of string> - String
authentication
Example
SR/configure/interface/ethernet (6/12)# ip authentication string
authstring
configure interface ip rip receive

Use the following command to specify the version of RIP that can be received on the interface.
This configuration overrides the 'version' command.
Syntax
ip rip receive version <version>
492
October 2010
configure interface ip rip receive-packet

Variable
Value
<version>
Specifies the version of RIP to receive, 1 or 2.
Example
SR/configure/interface/ethernet (6/12)# ip rip receive version 2
configure interface ip rip receive-packet

Use this command to enable receiving packets through a specified interfac
Syntax
ip rip receive-packet
Example
SR/configure/interface/ethernet (6/12)# ip rip receive-packet
configure interface ip rip send version

Use this command to specify the version of RIP packets that are sent out of an interface.
Syntax
ip rip send version <version>
Variable
Value
<version>
The RIP version to send. Possible values

are:
1
2
1-compatible
Example
SR/configure/interface/ethernet (6/12)# ip rip version 2
October 2010
493
RIP commands
configure interface ip rip send-packet

Use this command to enable sending packets through the specified interface.
Syntax
ip rip send-packet
Example
SR/configure/interface/ethernet (6/12)# ip rip send-packet
configure interface ip rip split-horizon

Configure split horizon to prevent loops by not advertising erroneous routes from neighbors.
Use the no form of this command to disable this function.
Syntax
ip rip split-horizon [poisoned]
Example
SR/configure/interface/ethernet (6/12)# ip rip split-horizon
configure interface tunnel ip rip default-originate-only

route information to a network peer over tunnel interfaces.
Syntax
494
Variable
Value
metric <1 15>

1 to 15.
[no]

send only default RIP route information to a
network peer over tunnel interfaces.
October 2010
configure interface tunnel ip rip triggered
Example
SR/configure/interface/tunnel tun1#ip rip default-originate-only
metric 5
configure interface tunnel ip rip triggered

Use this command to enable or disable triggered RIP for an interface tunnel. Triggered RIP is
disabled by default.
Syntax
[no] ip rip triggered [retransmit-interval <5 20> ] [ pollinterval <5 180>]
Variable
Value
retransmit-interval <5 20>
Specifies the request and response

retransmit interval. Values range fro 5 to 20
poll-interval <5 180>
Specifies the poll interval. Values range from

5 to 180 seconds. The default value is 10
seconds.
Example
SR/configure/interface/tunnel tun1#ip rip triggered retransmitinterval 7 poll-interval 80
configure interface vlan ip rip default-originate-only

route information to one or more network peers on a VLAN.
Syntax
[no] ip rip default-originate-only [metric <1 | 15>]
Table 590: Variable definition
Variable
metric <1 15>
Value
Specifies the metric value to be used in redistributing
information. Values range from 1 to 15.
October 2010
495
RIP commands
Variable
[no]
Value
Disables the ability for a Secure Router to send only default
RIP route information to one or more network peers on a
VLAN.
Example
SR/configure/interface/vlan vlan1#ip rip default-originate-only
metric 12
configure router rip

Use this command to enable RIP to use the Avaya Secure Router 2330/4134 in a RIP network.
Syntax
router rip
Example
SR# router rip
configure router rip default-information

Use this command to generate a default route into the Routing Information Protocol. Use the
no form of this command to disable this feature.
Syntax
[no] default-information originate
Example
SR/configure/router/rip#
default-information originate
configure router rip default-metric

Use this command to specify the metrics to be assigned to redistributed routers. Use the no
form of this command to disable this feature.
Use this command with the redistribute command to make the routing protocol use the
specified metric value for all redistributed routes. Default metric is useful in redistributing routes
with incompatible metrics. Every protocol has different metrics and cannot be compared
496
October 2010
configure router rip distance
directly. Default metric provides the standard to compare. All routes that are redistributed will
use the default metric
Syntax
[no] default-metric <1-16>
Variable
Value
<1-16>
Specifies the default metric.
Example
SR/configure/router/rip# default-metric 10
configure router rip distance

Use this command to set the administrative distance.
Syntax
distance <distancevalue> [A.B.C.D/M [accesslist]]
Variable
Value
<distancevalue>
The administrative distance value.
Example
SR/configure/router/rip# distance 10
configure router rip distribute-list

Use this command to filter incoming or outgoing route updates using the access-list or the
prefix-list. Use the no form of this command to disable this feature. This command is disabled
by default.
Syntax
distribute-list [<prefix>|<accesslist>] <direction> <interface>
Variable
Value
October 2010
497
RIP commands
<prefix>
Filter prefixes in routing updates.
<accesslist>
The access list name.
<direction>
Direction to filter routing updates, in or out.
<interface>
The interface name.
Example
SR/configure/router/rip# distribute-list access1 in ethernet6/12
configure router rip multi-nexthop

Use this command to enable or disable the storage of multiple alternative next hops to any
prefix in the RIP database.
Syntax
[no] multi-nexthop
The following message appears:
Enable/Disable of multi-nexthop will reset the RIP instance. Do you
want to continue? (y/n):
Variable
Value
[no]
Disables the storage of multiple alternative

next hops to any prefix in the RIP database.
Example
SR/configure/router/rip#multi-nexthop
configure router rip neighbor

Use this command to configure a router neighbor.
Syntax
neighbor <address>
Variable
498
Value
October 2010
configure router rip network
<address>
The address of the neighbor.
Example
SR/configure/router/rip# neighbor 10.1.2.3
configure router rip network

Use this command to enable RIP on a network or interface.
Syntax
network <interface>
Variable
Value
<interface>
Ethernet or WAN interface name. Example:

Ethernet0/1 or wan1.
Example
SR/configure/router/rip# network wan1
configure router rip offset-list

Use this command to modify a RIP metric.
Syntax
offset-list <name> <direction> <metricvalue> <interfacename>
Variable
Value
<name>
<direction>
Direction of updates. In or out.
<metricvalue>
The metric value to modify.
<interfacename>
The interface name.
Example
SR/configure/router/rip# offset-list access1 in 5 ethernet0/1
October 2010
499
RIP commands
configure router rip passive-interface

Use this command to configure an interface to suppress routing updates
Syntax
passive-interface <interface>
Variable
Value
<interface>
The interface for which you want to suppress

routing updates.
Example
SR/configure/router/rip# passive-interface ethernet6/12
configure router rip redistribute

Use this command to redistribute information from other routing protocols. Use the no form of
this command to disable this function.
Syntax
redistribute [connected|static|ospf|bgp] <metric> <routemap>
500
Variable
Value
connected
Redistribute from connected routes
static
Redistribute from static routes
ospf
Redistribute from Open Shortest Path First

(OSPF)
bgp
Redistribute from Border Gateway Protocol

(BGP)
<metric>
Metric <0-16> Specifies metric value to be

used in redistributing information
<routemap>
Specifies route-map to be used to

redistribute information
October 2010
configure router rip timers
Example
SR/configure/router/rip# redistribute ospf route-map map1
configure router rip timers

Use this command to adjust routing network timers. Use the no form of this command to return
to default setting.
Syntax
timers basic <update> <timeout> <garbage>
Variable
Value
<update>
<5-2147483647> Specifies the routing table

update timer in seconds. The default is 30
seconds.
<timeout>
<5-2147483647> Specifies the routing

information timeout timer in seconds. The
default is 180 seconds. After this interval has
elapsed and no updates for a route are
received, the route is declared invalid.
<garbage>

garbage collection timer in seconds. The
default is 120 seconds. If a route remains
invalid for the period specified by this
variable, it is permanently removed from the
routing table.
Example
SR/configure/router/rip# timers basic 30 180 120
configure router rip version

Use this command to set the routing protocol version that is used globally by the router.
Syntax
version <version>
October 2010
501
RIP commands

Variable
Value
<version>
The routing protocol version, 1 or 2.
Example
SR/configure/router/rip# version 2

Use this command to display current RIP configuration.
Syntax
Example
SR# show ip protocols rip
show ip rip
Use this command to display the RIP routes.
Syntax
show ip rip
Example
SR# show ip rip
show ip rip database

Use this command to display the RIP database.
Syntax
show ip rip database
Example
SR# show ip rip database
502
October 2010
show ip rip interface

Use this command to display RIP information for interfaces.
Syntax
Example
SR# show ip rip interface
October 2010
503
RIP commands
504
October 2010
Chapter 40: OSPF commands
clear ip ospf
Use this command to clear and restart the OSPF routing process. You can specify the Process
ID to clear one particular OSPF process. When no process ID is specified, this command clears
all running OSPF processes.
Syntax
clear ip ospf {<processid> | process}
Variable
Value
<processid>
The OSPF process to clear.
Example
SR# clear ip ospf process
configure interface ip ospf

Use this command to configure OSPF on an interface.
Syntax
ip ospf
Example
SR/configure/interface/ethernet (6/12)# ip ospf
configure interface ip ospf authentication

Use this command to send and receive OSPF packets with the specified authentication
method.
October 2010
505
OSPF commands
Syntax
ip ospf authentication [null | message-digest]
Variable
Value
message-digest
Specifies message-digest authentication
null
Specifies null authentication
Example
SR/configure/interface/ethernet (6/12)# ip ospf authentication
message-digest
configure interface ip ospf authentication-key

Use this command to configure the authentication password.
Syntax
ip ospf authentication-key <key>
Variable
Value
<key>
The OSPF password (key).
Example
test
ip ospf authentication-key
configure interface ip ospf cost

Use this command to make a route the preferred route by changing its cost.
Syntax
ip ospf cost <cost>
Variable
506
Value
October 2010
configure interface ip ospf database-filter
<cost>
<1-65535> Specifies the link-state metric.

Example
SR/configure/interface/ethernet (6/12)# ip ospf cost 20
configure interface ip ospf database-filter

Use this command to filter OSPF LSA during synchronization and flooding.
Syntax
ip ospf database-filter all out
Example
SR/configure/interface/ethernet (6/12)# ip ospf database-filter all
out
configure interface ip ospf dead-interval

Use this command to configure the interval after which a neighbor is declared dead.
Syntax
ip ospf dead-interval [1-65535]
Example
SR/configure/interface/ethernet (6/12)# ip ospf dead-interval 10
configure interface ip ospf disable all

Use this command to disable OSPF.
Syntax
ip ospf disable all
Example
SR/configure/interface/ethernet (6/12)# ip ospf disable all
October 2010
507
OSPF commands
configure interface ip ospf hello-interval

Use this command to configure the time between HELLO packets.
Syntax
ip ospf hello-interval <1-65535>
Example
SR/configure/interface/ethernet (6/12)# ip ospf hello-interval 3
configure interface ip ospf message-digest-key

Use this command to specify the message digest authentication password.
Syntax
ip ospf message-digest-key [1-255] md5 <password>
Variable
Value
<password>
The OSPF password.
Example
SR/configure/interface/ethernet (6/12)# ip ospf message-digest-key 20
configure interface ip ospf mtu

Use this command to specify the OSPF interface Maximum Transmission Units (MTU).
Syntax
ip ospf mtu <576-65535>
Example
SR/configure/interface/ethernet (6/12)# ip ospf mtu 1480
508
October 2010
configure interface ip ospf mtu-ignore
configure interface ip ospf mtu-ignore

Use this command to set OSPF to ignore the MTU in DBD packets.
Syntax
ip ospf mtu-ignore
Example
SR/configure/interface/ethernet (6/12)# ip ospf mtu-ignore
configure interface ip ospf network

Use this command to specify the OSPF network type.
Syntax
network <type>
Variable
Value
<type>
The OSPF network type. Possible values

are:
broadcast - broadcast multi-access
network
point-to-point - point to point
network
Example
SR/router/ospf# network point-to-point
configure interface ip ospf priority

Use this command to configure the priority for an interface. Default value is 1.
Syntax
ip ospf priority <priority>
October 2010
509
OSPF commands

Variable
Value
<priority>
Interface priority. Range is 0 to 255. Default

is 1.
Example
SR/configure/interface/ethernet (6/12)# ip ospf priority 10
configure interface ip ospf retransmit-interval

Use this command to specify the time between retransmitting lost link state advertisements.
Syntax
retransmit-interval <1-65535>
Example
SR/configure/interface/ethernet (6/12)# retransmit-interval 5
configure interface ip ospf te-metric

Use this command to configure the OSPF te-metric.
Syntax
ip ospf te-metric [1-65535]
Example
SR/configure/interface/ethernet (6/12)# te-metric 6
configure interface ip ospf transmit-delay

Use this command to specify the OSPF link state transmit delay.
Syntax
ip ospf transmit-delay <1-65535>
Example
SR/configure/interface/ethernet (6/12)# ip ospf transmit-delay 5
510
October 2010
configure router ospf
configure router ospf

Use this command to enable OSPF and specify an OSPF process to configure.
Syntax
router ospf <process-id>
Variable
Value
<process-id>
The OSPF process-id you want to configure,

in the range 1 to 65535.
Example
SR# router ospf 1
configure router ospf area authentication

Use this command to enable authentication on an OSPF area.
Syntax
area <area-id> authentication [message-digest]
Variable
Value
<area-id>
The OSPF area id specified in integer (1 to

4294967295) or IP address (A.B.C.D)
format.
[message-digest]
Specifies to use message-digest

authentication.
Example
SR/router/ospf# area 1 authentication
October 2010
511
OSPF commands
configure router ospf area default-cost

Use this command to specify the summary-default cost of a NSSA or stub area.
Syntax
area <area-id> default-cost <cost>
Variable
Value
<area-id>

format.
<cost>
An integer specifying the stub's advertised

default summary cost in the range 0 to
16777215.
Example
SR/router/ospf# area 1 default-cost 100
configure router ospf area filter-list

Use this command to configure an OSPF filter list.
Syntax
area <area-id> filter-list {<access>|<prefix>} <listname> {<in>|
<out>}
512
Variable
Value
<access>
Filter networks by access list.
<area-id>

format.
<in>
Filter networks sent to the specified area.
<listname>
The name of the IP prefix or access list.
<out>
Filter networks sent from the specified area.
October 2010
configure router ospf area nssa
<prefix>
Filter networks by prefix list.
Example
SR/router/ospf# area 1 filter-list access 1 in
configure router ospf area nssa

Use this command to configure an OSPF not-so-stubby-area.
Syntax
area <area-id> nssa
Variable
Value
<area-id>

format.
Example
SR/router/ospf# area 3 nssa
configure router ospf area nssa default-informationoriginate

Use this command to originate Type 7 defaults into a NSSA area.
Syntax
area <area-id> nssa default-information-originate
Variable
Value
<area-id>

format.
Example
SR/router/ospf# area 3 nssa default-information-originate
October 2010
513
OSPF commands
configure router ospf area nssa no-redistribution

Use this command to restrict redistribution into an OSPF NSSA area.
Syntax
area <area-id> nssa no-redistribution
Variable
Value
<area-id>

format.
Example
SR/router/ospf# area 3 nssa no-redistribution
configure router ospf area nssa no-summary

Use this command to restrict sending summary LSAs into a NSS .
Syntax
area <area-id> nssa no-summary
Variable
Value
<area-id>

format.
Example
SR/router/ospf# area 3 nssa no-summary
configure router ospf area nssa translator-role

Use this command to configure the NSSA-ABR translator role.
514
October 2010
configure router ospf area range
Syntax
area <area-id> nssa translator-role {<always>|<candidate>|<never>}
Variable
Value
<always>
Always translate NSSA-LSA to Type-5 LSA.
<area-id>

format.
<candidate>
Translate NSSA-LSA to Type-5 LSA if

elected.
<never>
Never translate NSSA-LSA.
Example
SR/router/ospf# area 3 nssa translator-role always
configure router ospf area range

Use this command to configure an OSPF area range.
Syntax
area <area-id> range <A.B.C.D/M> [advertise|not-advertise]
Variable
Value
advertise
Advertise the range.
<area-id>

format.
not-advertise
Do not advertise the range.
<A.B.C.D/M>
The area range prefix in address/mask

format.
Example
SR/router/ospf# area range 10.10.10.10/24
October 2010
515
OSPF commands
configure router ospf area stub

Use this command to configure an OSPF area as a stub area.
Syntax
area <area-id> stub [no-summary]
Variable
Value
<area-id>

format.
[no-summary]
Specifies to not inject inter-area routes into

the stub.
Example
SR/router/ospf# area 1 stub
configure router ospf area virtual-link

Use this command to configure a virtual link and define its parameters.
Syntax
area <area-id> virtual-link <A.B.C.D> [authentication <null>|
<message-digest>] [dead-interval <interval>] [hello-interval
<interval>] [retransmit-interval <interval>] [transmit-delay
<interval>] [authentication-key <key>] [message-digest-key]
516
Variable
Value
<A.B.C.D>
The router ID of the virtual link neighbor.
<area-id>

format.
<authentication>
Enable authentication for this OSPF area

virtual link.
<authentication-key>
Specify the authentication key.
October 2010
configure router ospf auto-cost reference-bandwidth
<dead-interval>
Specify the dead router detection interval.
<hello-interval>
Specify the hello packet interval.
<interval>
The interval, in the range 1 to 65535.
<key>
The authentication key.
<message-digest>
Specify to use message-digest

authentication.
<message-digest-key>
Specifies the message digest key.
<null>
Specifies to use null authentication.
<retransmit-interval>
Specify the LSA retransmit interval.
<transmit-delay>
Specify the LSA transmittion delay.
Example
SR/router/ospf# area 1 virtual-link 10.10.11.50 hello-interval 5
configure router ospf auto-cost reference-bandwidth

Use this command to modify the reference bandwidth used to calculate the OSPF cost.
By default OSPF calculates the OSPF metric for an interface by dividing the reference
bandwidth by the interface bandwidth. The default value for the reference bandwidth is
100Mbps. The auto-cost command is used to differentiate high bandwidth links. For multiple
links with high bandwidth, specify a larger reference bandwidth value to differentiate cost on
those links.
Syntax
auto-cost reference-bandwidth <bandwidth>
Variable
Value
<bandwidth>
Reference bandwidth in terms of Mbits per

second, in the range 1 to 4294967.
Example
SR/router/ospf# auto-cost reference-bandwidth 250
October 2010
517
OSPF commands
configure router ospf capability

Use this command to enable a specific OSPF feature
Syntax
capability <feature>
Variable
Value
<feature>
The feature to enable. Possible values are:

cspf - Constrained Shortest Path First
opaque - Opaque LSA
traffic-engineering - OSPF
Traffic Engineering extension
Example
SR/router/ospf# capability cspf
configure router ospf compatible

Use this command to configure the OSPF compatibility list.
Syntax
compatible rfc1583
Example
SR/router/ospf# compatible rfc1583
configure router ospf cspf retry-interval

Use this command to configure the CSPF default computation retry interval.
Syntax
cspf default-retry-interval <interval>
518
October 2010
configure router ospf cspf tie-break

Variable
Value
<interval>
The default computation interval, in the

range 1 to 3600.
Example
SR/router/ospf# cspf default-retry-interval 10
configure router ospf cspf tie-break

Use this command to configure the CSPF tie break method.
Syntax
cspf tie-break <random|least-fill|most-fill>
Example
SR/router/ospf# cspf tie-break random
configure router ospf default-information originate

Use this command to control distribution of default information.
Syntax
default-information originate [always] [metric <0-16777214>] [metrictype [1|2]] [route-map <name>]
Example
SR/router/ospf# default-information originate always metric 23
metric-type 2 route-map myinfo
configure router ospf default-metric

Use this command to set the metric of redistributed routes.
Syntax
default-metric <value>
October 2010
519
OSPF commands

Variable
Value
<value>
The default metric value, in the range 0 to

16777214.
Example
SR/router/ospf# default-metric 1000
configure router ospf distance

Use this command to define an administrative distance.
Syntax
distance <distance>
Variable
Value
<distance>
The OSPF administrative distance, in the

range 1 to 255.
Example
SR/router/ospf# distance 20
configure router ospf log-adjacency-changes

Use this command to enable logging of adjacency state changes.
Syntax
log-adjacency-changes [detail]
Variable
Value
[detail]
Log all state changes.
Example
SR/router/ospf# log-adjacency-changes
520
October 2010
configure router ospf max-concurrent-dd
configure router ospf max-concurrent-dd

Use this command to specify the maximum number allowed to process DD concurrently.
Syntax
max-concurrent-dd <maxprocess>
Variable
Value
<maxprocess>
Maximum number of DD processes.
Example
SR/router/ospf# max-concurrent-dd 5
configure router ospf network

Use this command to enable OSPF on an IP network.
Syntax
network <networkaddress> area <areaid>
Variable
Value
<networkaddress>
Network address to configure. Can be IPv4

network address<A.B.C.D> or IPv4 network
address with prefix length <A.B.C.D/M>.
<areaid>
The area ID. Can be in IPv4 address format

<A.B.C.D> or as 4 octets <0-4294967295>
unsigned integer value
Example
SR/configure/router/ospf# network 11.2.3.4 area 1
October 2010
521
OSPF commands
configure router ospf ospf abr-type

Use this command to specify the OSPF ABR type.
Syntax
ospf abr-type <type>
Variable
Value
<type>
Type of implementation. Possible choices

are:
cisco - Alternative ABR, Cisco
implementation
ibm - Alternative ABR, IBM
implementation
standard - Standard behavior
Example
SR/router/ospf# ospf abr-type standard
configure router ospf passive-interface

Use this command to suppress routing updates on an interface.
Syntax
Variable
Value
<interface>
The interface you want to suppress routing

updates.
Example
SR/router/ospf# passive-interface ethernet0/1
522
October 2010
configure router ospf redistribute
configure router ospf redistribute

Use this command to redistribute routes from other protocols into OSPF.
Syntax
redistribute <protocol> [metric <0 - 16777214>] [metric-type <1-2>]
[route-map <map>] [tag <0-4294967295>]
Variable
Value
<protocol>
Protocol to redistribute: bgp, connected, rip,

or static.
metric <0 - 16777214>
Specifies a default metric.
metric-type <1-2>
Specifies the OSPF metric type for default

routes.
route-map <map>
Route map reference.
tag <0-4294967295>
Specifies a tag for routes redistributed into

OSPF.
Example
SR/router/ospf# redistribute static
configure router ospf summary-address

Use this command to summarize or suppress external routes with the specified address range.
Syntax
summary-address <A.B.C.D/M> [tag <0 - 4294967295>] [not-advertise]
Variable
Value
<A.B.C.D/M>
The summary prefix.
[not-advertise]
Suppresses routes that match the prefix.
[tag <0 - 4294967295>]
Sets a tag value. The default tag value is 0.
October 2010
523
OSPF commands
Example
SR/router/ospf# summary-address 172.16.0.0/16 tag 3
configure router ospf timers spf

Use this command to adjust routing timers.
Syntax
timers spf <delay> <hold>
Variable
Value
<delay>
Delay between receiving a change to SPF

calculation, in the range 0 to 2147483647.
<hold>
Hold time between consecutive SPF

calculations, in the range 0 to 2147483647.
Example
SR/router/ospf# timers spf 5 10
show ip ospf border-routers

Use this command to show border and boundary router information.
Syntax
show ip ospf border-routers
Example
SR# show ip ospf border-routers
show ip ospf database

Use this command to show the OSPF database summary.
Syntax
show ip ospf database
524
October 2010
show ip ospf interface
Example
SR# show ip ospf database
show ip ospf interface

Use this command to display detailed OSPF interface information.
Syntax
show ip ospf interface <interface>
Variable
Value
<interface>
Interface name. Example: Ethernet 0/1
Example
SR# show ip ospf interface ethernet6/12
show ip ospf neighbor

Use this command to display router neighbor information.
Syntax
show ip ospf neighbor [<if-name>|<A.B.C.D>|detail]
Variable
Value
<if-name>
Interface name. Example: ethernet0/1.
<A.B.C.D>
Specifies the neighbor ID.
detail
Displays detailed information.
Example
SR# show ip ospf neighbor
October 2010
525
OSPF commands
show ip ospf route

Use this command to display OSPF routes learned from neighbors
Syntax
show ip ospf route
Example
SR# show ip ospf route
show ip ospf te-database

Use this command to show the OSPF te-database.
Syntax
show ip ospf te-database
Example
SR# show ip ospf te-database
show ip ospf virtual-links

Use this command to show OSPF virtual link information.
Syntax
show ip ospf virtual-links
Example
SR# show ip ospf virtual-links
show ip protocols ospf

Use this command to show IP routing protocol process parameters and statistics.
Syntax
526
October 2010
Example
SR# show ip protocols ospf
October 2010
527
OSPF commands
528
October 2010
Chapter 41: BGP commands
clear bgp ipv4

Use this command to reset an IPv4 BGP connection.
Syntax
clear bgp ipv4 {* | v4 | v6 | <1-65535> | <A.B.C.D>} [in|out|soft]
[prefix-filter]
Variable
Value
Clears all peers.
v4
Clears all IPv4 peers
v6
<1-65535>
Clears peers with the specified AS number.
<A.B.C.D>
Specifies a BGP neighbor address to clear.
in
Indicates that incoming advertised routes are to be cleared.
out
Indicates that outgoing advertised routes are to be cleared.
soft
Indicates that both incoming and outgoing routes are to be

cleared
[prefix-filter]
Pushes out prefix-list ORF and does inbound soft

reconfiguration.
Example
SR#
clear bgp ipv4 1.2.3.4
clear bgp ipv4 dampening

Use this command to reset all dampened BGP routes under the specified address family.
October 2010
529
BGP commands
Syntax
clear bgp ipv4 dampening <A.B.C.D|A.B.C.D/M>
Example
SR#
clear bgp ipv4 dampening 10.10.0.121
clear bgp ipv4 external

Use this command to reset the BGP connection for all external peers.
Syntax
clear bgp ipv4 external [in|out|soft] [prefix-filter]
Variable
Value
in
out
soft

cleared
[prefix-filter]

reconfiguration.
Example
SR# clear bgp ipv4 external in prefix-filter
clear bgp ipv4 flap-statistics

Use this command to clear the flap count and history duration for all the prefixes under the
specified address family.
Syntax
clear bgp ipv4 flap-statistics (A.B.C.D|A.B.C.D/M)
Example
SR#
530
clear bgp ipv4 flap-statistics 10.10.0.121
October 2010
clear bgp ipv4 peer-group

Use this command to reset the BGP connection for all members of a peer group.
Syntax
clear bgp ipv4 peer-group <peer-group> [in|out|soft]
Variable
Value
in
out
soft

cleared
[prefix-filter]

reconfiguration.
Example
SR#
clear bgp ipv4 peer-group P1 soft in
clear bgp ipv4 unicast

Use this command to reset the BGP connection for ipv4 peers having the unicast capability
enabled.
Syntax
clear bgp ipv4 unicast * [in|out|soft]
Variable
Value
in
Indicates that incoming advertised routes will be

cleared.
[prefix-filter]
Pushes out the existing ORF prefix-list.
out
Indicates that outgoing advertised routes will be cleared.
soft
Indicates that both incoming and outgoing routes will be

cleared.
October 2010
531
BGP commands
Example
SR# clear bgp ipv4 unicast* soft in
clear bgp ipv4 multicast

Use this command to reset the BGP connection for ipv4 peers having the multicast capability
enabled.
Syntax
clear bgp ipv4 multicast * [in|out|soft]
Variable
Value
in

cleared.
[prefix-filter]
out
Indicates that outgoing advertised routes will be

cleared.
soft
Indicates that both incoming and outgoing routes will

be cleared.
Example
SR# clear bgp ipv4 multicast * soft in

Use this command to reset the BGP connection for all ipv4 peers having the unicast capability
enabled.
Syntax
clear bgp ipv4 unicast <A.B.C.D | X:X::X:X> [in|out|soft]
Variable
532
Value
in
Indicates that incoming advertised routes will be cleared.
[prefix-filter]
out
October 2010
Variable
Value
soft

cleared.
<A.B.C.D>
Specifies the BGP neighbor address to clear.
<X:X::X:X>
Example
SR# clear bgp ipv4 unicast 3.3.3.3 soft in prefix-filter

Use this command to reset the BGP connection for all ipv4 peers having the multicast capability
enabled.
Syntax
clear bgp ipv4 multicast <A.B.C.D | X:X::X:X> [in|out|soft]
Variable
Value
in
[prefix-filter]
out
soft

cleared.
<A.B.C.D>
<X:X::X:X>
Example
SR# clear bgp ipv4 multicast 3.3.3.3 soft in prefix-filter
clear bgp ipv4 unicast external

Use this command to reset the BGP connection for ipv4 external peers having the unicast
capability enabled.
Syntax
clear bgp ipv4 unicast external [in | out | soft]
October 2010
533
BGP commands

Variable
Value
in
[prefix-filter]
out
soft

cleared.
Example
SR# clear bgp ipv4 unicast external
clear bgp ipv4 multicast external

Use this command to reset the BGP connection for ipv4 external peers having the multicast
capability enabled.
Syntax
clear bgp ipv4 multicast external [in | out | soft]
Variable
Value
in
[prefix-filter]
out
soft

cleared.
Example
SR# clear bgp ipv4 multicast external
clear bgp ipv4 unicast peer-group

Use this command to reset the BGP connection for all members of a ipv4 peer group having
the unicast capability enabled.
534
October 2010
clear bgp ipv4 multicast peer-group
Syntax
clear bgp ipv4 unicast peer-group <WORD> [in|out|soft]
Variable
Value
in
[prefix-filter]
out
soft

cleared.
Example
SR# clear bgp ipv4 unicast peer-group GRP

the multicast capability enabled.
Syntax
clear bgp ipv4 multicast peer-group <WORD> [in|out|soft]
Variable
Value
in

cleared.
[prefix-filter]
out
Indicates that outgoing advertised routes will be

cleared.
soft
Indicates that both incoming and outgoing routes will

be cleared.
Example
SR# clear bgp ipv4 multicast peer-group GRP
October 2010
535
BGP commands
clear bgp ipv4 unicast dampening

Use this command to reset all dampened BGP routes under the unicast address family.
Syntax
clear bgp ipv4 unicast dampening <A.B.C.D | A.B.C.D/M>
Variable
Value
<A.B.C.D>
Specifies the IPv4 address for which BGP dampening is to be

cleared.
<A.B.C.D/M>
Specifies the IPv4 address with mask for which BGP dampening
is to be cleared.
Example
SR# clear bgp ipv4 unicast dampening 10.1.1.1
clear bgp ipv4 multicast dampening

Use this command to reset all dampened BGP routes under the multicast address family.
Syntax
clear bgp ipv4 multicast dampening <A.B.C.D | A.B.C.D/M>
Variable
Value
<A.B.C.D>

cleared.
<A.B.C.D/M>
Specifies the IPv4 address with mask for which BGP dampening
is to be cleared.
Example
SR# clear bgp ipv4 multicast dampening 10.1.1.1
536
October 2010
clear bgp ipv4 unicast flap-statistics

Syntax
clear bgp ipv4 unicast flap-statistics <A.B.C.D | A.B.C.D/M>
Variable
Value
<A.B.C.D>
Specifies the IPv4 address for which the flap-statistics is to be

cleared.
<A.B.C.D/M>
Specifies the IPv4 address with mask for which the flap-statistics is
to be cleared.
Example
SR# clear bgp ipv4 unicast flap-statistics 10.1.1.1
clear bgp ipv4 multicast flap-statistics

Syntax
clear bgp ipv4 multicast flap-statistics <A.B.C.D | A.B.C.D/M>
Variable
Value
<A.B.C.D>
Specifies the IPv4 address for which the flap-statistics is to be

cleared.
<A.B.C.D/M>
Specifies the IPv4 address with mask for which the flap-statistics is
to be cleared.
Example
SR# clear bgp ipv4 multicast flap-statistics 10.1.1.1
October 2010
537
BGP commands
clear bgp all

Use this command to reset the BGP connection for all peers having the specified capability
enabled.
Syntax
clear bgp all <A.B.C.D | X:X::X:X> [in|out|soft]
Variable
Value
in
[prefix-filter]
out
soft

cleared.
<A.B.C.D>
<X:X::X:X>
Example
SR# clear bgp all 3.3.3.3 soft in prefix-filter
clear bgp all external

Use this command to reset the BGP connection for all external peers having the specified
capability enabled.
Syntax
clear bgp all external [in | out | soft]
Variable
538
Value
in
[prefix-filter]
Push out the existing ORF prefix-list.
out
October 2010
clear bgp all peer-group
Variable
soft
Value
cleared.
Example
SR# clear bgp all external
clear bgp all peer-group

Use this command to reset the BGP connection for all members of all peer group having the
specified capability enabled.
Syntax
clear bgp all peer-group <WORD> [in|out|soft]
Variable
Value
in
out
soft

cleared.
[prefix-filter]
Pushes out prefix-list ORF and does inbound soft reconfiguration.
Example
SR# clear bgp all peer-group GRP
clear bgp all dampening

Use this command to reset all dampened BGP routes under the specified address family.
Syntax
clear bgp all dampening
Example
SR# clear bgp all dampening
October 2010
539
BGP commands
clear bgp all flap-statistics

Syntax
clear bgp all flap-statistics
Example
SR# clear bgp all flap-statistics
configure bgp aggregate-nexthop-check

Use this command to configure BGP to perform aggregation only when next-hop matches the
specified IP address.
Syntax
bgp aggregate-nexthop-check
Example
SR/configure# bgp aggregate-nexthop-check
configure bgp rfc1771-path-select

Use this command to set RFC1771 compatible path selection mechanism. Use the no form of
this command to remove this setting.
Syntax
[no] bgp rfc1771-path-select
Example
SR/configure# bgp rfc1771-path-select
configure bgp rfc1771-strict

Use this command to set the Strict RFC1771 setting. Use the no form of this command to
remove this setting. This setting is disabled by default.
540
October 2010
configure ip as-path
Syntax
[no] bgp rfc1771-strict
Example
SR/configure#
bgp rfc1771-strict
configure ip as-path
Use this command to configure a BGP autonomous system path filter.
Syntax
ip as-path access-list <name> [deny|permit] [<line>]
Variable
Value
<name>
Regular expression access list name.
[<line>]
A regular-expression to match the BGP AS paths
Example
SR#
ip as-path access-list mylist deny ^65535$
configure ip community-list
Use this command to add a community list entry.
Syntax
ip community-list <name> [permit|deny] <line>
Variable
Value
<name>
The community list name.
[<line>]
Specifies a community number in aa:nn format or internet |

local-AS | no-advertise | no-export.
Example
SR# ip community-list mylist permit 7675:80 7675:90
October 2010
541
BGP commands
configure router bgp

Use this command to enable BGP to support the exchange of routes between autonomous
systems. This command enables BGP with mainly default configuration values. Any peer
groups created under BGP inherit these default values. You can choose to override (customize)
many of these BGP global values at the BGP group or individual peer level.
Syntax
[no] router bgp <1-65535>
Example
SR/configure# router bgp 12
configure router bgp address-family ipv4 multicast

Use this command to specify the IPv4 multicast address-family to configure MBGP properties.
Syntax
address-family ipv4 multicast
Example
SR/configure#address-family ipv4 multicast
configure router bgp aggregate-address

Use this command to configure BGP aggregate entries.
Syntax
aggregate-address <prefix> [as-set] [summary-only]
Variable
Value
[as-set]
Generate AS set path information.
[summary-only]
Filter more specific routes from updates.
Example
SR/configure# aggregate-address 10.2.0.0/16
542
October 2010
configure router bgp bgp always-compare-med
configure router bgp bgp always-compare-med

Use this command to compare the multi-exit discriminator (MED) value of routes learned from
eBGP peers so that the Avaya Secure Router 2330/4134 can select the route with the lowest
advertised MED value.
Syntax
bgp always-compare-med
Example
SR/configure/router/bgp 100# bgp always-compare-med
configure router bgp bgp bestpath

Use this command to modify the default bestpath selection.
Syntax
[no] bgp bestpath [as-path ignore] [compare-confed-aspath] [comparerouterid] [med [confed] [missing-as-worst]]
Variable
Value
[as-path ignore]
Ignore as-path length in selecting a route.
[compare-confed-aspath]
Allow comparing confederation AS path length.
[compare-routerid]
Compare router-id for identical EBGP paths.
[confed]
Compare MED among confederation paths.
[med]
Configure MED attribute.
[missing-as-worst]
Treat missed MED as the least preferred one.
Example
SR/configure/router/bgp 100# bgp bestpath as-path ignore
configure router bgp bgp client-to-client reflection

Use this command to restore route reflection from a BGP route reflector to clients.
October 2010
543
BGP commands
Syntax
bgp client-to-client reflection
Example
SR/configure/router/bgp 100#
bgp client-to-client reflection
configure router bgp bgp cluster-id

Use this command configure a BGP Route Reflector cluster to achieve full iBGP meshing within
a large AS. With this configuration, an administrator subdivides an AS into peer clusters.
Syntax
bgp cluster-id <id>
Variable
<id>
Value
The route reflector cluster-id. Can be configured as 32bit
quantity, in the range 1 to 4294967295 or in IP address
format.
Example
bgp cluster-id 1.1.1.1
configure router bgp bgp confederation identifier

Use this command to configure a BGP confederation to avoid the scaling issues that the fullmesh connectivity requirement causes. A confederation splits a major AS into multiple subASs. Although each sub-AS contains a group of fully-meshed iBGP peers, the sub-AS BGP
border router communicates with other sub-AS BGP border routers using a smaller number of
eBGP sessions. Together, the sub-ASs and their respective peers form a confederation, which
appears to external ASs as a single AS.
Syntax
bgp confederation identifier <id>
544
Variable
Value
<id>
Identifier name. Valid range is 1-65535.
October 2010
configure router bgp bgp confederation peers
Example
bgp confederation identifier 1
configure router bgp bgp confederation peers

Use this command to configure the BGP confederation peer ASs. A confederation splits a
major AS into multiple sub-ASs. Although each sub-AS contains a group of fully-meshed iBGP
peers, the sub-AS BGP border router communicates with other sub-AS BGP border routers
using a smaller number of eBGP sessions. Together, the sub-ASs and their respective peers
form a confederation, which appears to external ASs as a single AS.
Syntax
bgp confederation peers <AS-numbers>
Example
bgp confederation peers 1234 21345
configure router bgp bgp dampening

Use this command to enable and configure BGP route flap dampening.
Syntax
bgp dampening [route-map <mapname>] [<hltime> <reuse> <suppress>
<duration> <uhltime>]
Variable
Value
<duration>
Maximum duration to suppress a stable

route.
<hltime>
Reachability half-life time for a penalty, in

minutes.
<reuse>
Value to start reusing a route.
[route-map <mapname>]
Configure route-map criteria by map name.
<suppress>
Value to start suppressing a route.
<uhltime>
Unreachability half-life time for a penalty, in

minutes.
October 2010
545
BGP commands
Example
bgp dampening 20 800 2500 80 25
configure router bgp bgp default ipv4-unicast

Use this command to configure BGP defaults and activate ipv4-unicast for a peer by default.
This affects the BGP global configuration.
Syntax
bgp default ipv4-unicast
Example
bgp default ipv4-unicast
configure router bgp bgp default local-preference

Use this command to change the default local preference value.
Syntax
bgp default local-preference <value>
Variable
Value
<value>
Configure default local preference value.

Valid range is 0-4294967295. The higher the
value, the more preferred.
Example
bgp default local-preference 2345555
configure router bgp bgp deterministic-med

Use this command to have the SR2330/4134 software compare the Multi Exit Discriminator
(MED) variable when choosing among routes advertised by different peers in the same
autonomous system.
546
October 2010
configure router bgp bgp enforce-first-as
Multi Exit Discriminator (MED) is used in best path selection by BGP. MED is compared after
BGP attributes weight, local preference, AS-path and origin have been compared and are
equal.
When the BGP deterministic MED is enabled, routes from the same AS are grouped together,
and the best routes of each group are compared.
Enable BGP deterministic MED on all routers in the local AS, for a correct comparison result.
After enabling this command, all paths for the same prefix are grouped together and arranged
according to their MED value. Based on this comparison, the best path is then chosen.
To choose routes from neighbors in different ASs, use the bgp always-compare-med
command.
Use the no form of this command to remove this setting.
Syntax
[no] bgp deterministic-med
Example
bgp deterministic-med
configure router bgp bgp enforce-first-as

Use this command to enforce the first as for an EBGP route.
Syntax
bgp enforce-first-as
Example
bgp enforce-first-as
configure router bgp bgp fast-external-failover

Use this command to reset a BGP session immediately, if the interface used for BGP
connection goes down.
Syntax
bgp fast-external-failover
Example
bgp fast-external-failover
October 2010
547
BGP commands
configure router bgp bgp log-neighbor-changes

Use this command to enable logging of status change messages without turning on debug bgp
commands.
Syntax
bgp log-neighbor-changes
Example
bgp log-neighbor-changes
configure router bgp bgp router-id

Use this command to configure the router identifier.
Syntax
bgp router-id <1-65535>
Example
bgp router-id 1.1.2.3
configure router bgp bgp scan-time

Use this command to set the interval for BGP route next-hop scanning.
Syntax
bgp scan-time <interval>
Variable
Value
<interval>
Scanning interval in seconds. Value range is

10-60. Default scanning interval is 60
seconds.
Example
548
bgp scan-time 10
October 2010
configure router bgp distance
configure router bgp distance

Use this command to configure the administrative distance.
Syntax
distance [<distance>] [bgp <ext> <int> <local>]
Variable
Value
[bgp]
Configure the BGP distance.
[<distance>]
Configure the administrative distance, in the

range 1 to 255.
<ext>
Distance for routes external to the AS, in the

range 1 to 255.
<int>
Distance for routes internal to the AS, in the

range 1 to 255.
<local>
Distance for local routes, in the range 1 to

255.
Example
distance 20
configure router bgp ebgp-ecmp

Use this command to preform EBGP ECMP processing.
Syntax
ebgp-ecmp
Example
ebgp-ecmp
configure router bgp neighbor activate

Use this command to activate the current address family for the supplied neighbor.
October 2010
549
BGP commands
Syntax
neighbor <A.B.C.D> activate
Example
neighbor 10.1.2.3 activate
configure router bgp neighbor advertisement-interval

Use this command to configure the minimum interval between sending BGP routing updates.
Syntax
neighbor <A.B.C.D> advertisement-interval <interval>
Variable
Value
<interval>
The advertisement interval, in seconds, in

the range 0 to 600.
Example
interval 30
neighbor 10.1.2.3 advertisement-
configure router bgp neighbor allowas-in

Use this command to accept as-path with my AS present in it.
Syntax
neighbor <A.B.C.D> allowas-in [<1-10>]
Variable
Value
[<1-10>]
Number of occurences of AS number.
Example
550
neighbor 10.1.2.3 allowas-in 2
October 2010
configure router bgp neighbor as-origination-interval
configure router bgp neighbor as-origination-interval

Use this command to set the minimum interval between sending AS-origination routing
updates.
Syntax
neighbor <A.B.C.D> as-origination-interval <interval>
Variable
Value
<interval>
The minimum interval, in seconds, in the

range 1 to 600.
Example
interval 60
neighbor 10.1.2.3 as-origination-
configure router bgp neighbor attribute-unchanged

Use this command to advertise unchanged BGP attributes to the specified neighbor. Use the
no form of this command to disable this function.
Syntax
[no] neighbor <A.B.C.D> attribute-unchanged [med] [next-hop] [aspath]
Variable
Value
[med]
MED attribute.
[next-hop]
Next-hop attribute.
[as-path]
AS-path attribute.
Example
med
neighbor 10.1.2.3 attribute-unchanged
October 2010
551
BGP commands
configure router bgp neighbor capability

Use this command to advertise capabilities to a neighbor.
Syntax
neighbor <A.B.C.D> capability <dynamic|orf|route-refresh>
Variable
Value
<dynamic>
Advertise dynamic capability to this

neighbor.
<orf>
Advertise ORF capability to this neighbor.
<route-refresh>
Advertise route-refresh capability to this

neighbor.
Example
neighbor 10.1.2.3 capability dynamic
configure router bgp neighbor default-originate

Use this command to originate a default route to the specified neighbor.
Syntax
neighbor <A.B.C.D> default-originate route-map <mapname>
Variable
Value
<mapname>
The route-map name.
Example
route-map myroute
552
neighbor 10.1.2.3 default-originate
October 2010
configure router bgp neighbor description
configure router bgp neighbor description

Use this command to configure a description for a neighbor.
Syntax
neighbor <A.B.C.D> description <description>
Variable
Value
<description>
A short description of this neighbor, up to 80

characters.
Example
neighbor 10.1.2.3 description SJrouter
configure router bgp neighbor distribute-list

Use this command to
Syntax
neighbor <A.B.C.D> distribute-list <identifier> {in|out}
Variable
Value
<identifier>
The distribute list identifier. Possible values

are:
IP access list number, in the range 1 to 199
Expanded range IP access list number, in
the range 1300 to 2699
The IP access list name
{in|out}
Indicates that incoming or outgoing

advertised routes are to be filtered.
Example
neighbor 10.1.2.3 distribute-list 2
October 2010
553
BGP commands
configure router bgp neighbor dont-capability-negotiate

Use this command to disallow capability negotiation with the specified neighbor.
Syntax
neighbor <A.B.C.D> dont-capability-negotiate
Example
negotiate
neighbor 10.1.2.3 dont-capability-
configure router bgp neighbor ebgp-multihop

Use this command to allow EBGP neighbors not on directly connected networks.
Syntax
neighbor <A.B.C.D> ebgp-multihop <maxhop>
Variable
Value
<maxhop>
The maximum hop count, in the range 1 to

255.
Example
neighbor 10.1.2.3 ebgp-multihop 12
configure router bgp neighbor filter-list

Use this command to establish BGP filters.
Syntax
neighbor <A.B.C.D> filter-list <listname> <in|out>
554
Variable
Value
<in>
Filter incoming routes.
October 2010
configure router bgp neighbor interface
<listname>
The AS path access list name.
<out>
Filter outgoing routes.
Example
neighbor 10.1.2.3 list1 in
configure router bgp neighbor interface

Use this command to enable BGP on an interface.
Syntax
neighbor <A.B.C.D> interface <interface>
Variable
Value
<interface>
The interface for which you want to enable

BGP.
Example
ethernet6/12
neighbor 10.1.2.3 interface
configure router bgp neighbor maximum-prefix

Use this command to set the maximum number of prefixes accepted from the specified peer.
Syntax
neighbor <A.B.C.D> maximum-prefix <maxprefix>
Variable
Value
<maxprefix>
The maximum number of prefixes, in the

range 1 to 4294967295.
Example
neighbor 10.1.2.3 maximum-prefix 1244
October 2010
555
BGP commands
configure router bgp neighbor next-hop-self

Use this command to advertise the local router ID as the next hop to force iBGP peers and/
or eBGP Confederation Peers in the local AS to use that local node as the next hop for routing
traffic to destinations outside the AS.
Syntax
neighbor <A.B.C.D> next-hop-self
Example
neighbor 10.1.2.3 next-hop-self
configure router bgp neighbor override-capability

Use this command to override the capability negotiation result.
Syntax
neighbor <A.B.C.D> override-capability
Example
neighbor 10.1.2.3 override-capability
configure router bgp neighbor passive

Use this command to configure a passive session OPEN if you do not want BGP to send the
active OPEN message to another peer to establish a BGP session. Instead, the local peer
waits for the remote peer to initiate the BGP session and responds accordingly. (By default,
BGP actively initiates session OPEN with another peer.)
Syntax
neighbor <A.B.C.D> passive
Example
556
neighbor 10.1.2.3 passive
October 2010
configure router bgp neighbor password
configure router bgp neighbor password

Use this command to set a password for the specified neighbor.
Syntax
neighbor <A.B.C.D> password <password>
Variable
Value
<password>
The password for the specified neighbor.
Example
neighbor 10.1.2.3 password mypassword
configure router bgp neighbor peer-group

Use this command to add the specified interface as a peer-group member.
Syntax
neighbor <A.B.C.D> peer-group <groupname>
Variable
Value
<groupname>
The name of the peer group to join.
Example
neighbor 10.1.2.3 peer-group mygroup
configure router bgp neighbor prefix-list

Use this command to filter updates to and from the specified neighbor.
Syntax
neighbor <A.B.C.D> prefix-list <name> <in|out>
October 2010
557
BGP commands

Variable
Value
<in>
Filter incoming updates.
<name>
The name given to the prefix list.
<out>
Filter outgoing updates.
Example
neighbor 10.1.2.3 prefix-list mylist in
configure router bgp neighbor remote-as

Use this command to set the AS number of a remote BGP neighbor
Syntax
neighbor <A.B.C.D> remote-as <asnumber>
Variable
Value
<asnumber>
The AS number of the specified remote BGP

neighbor, in the range 1 to 65535.
Example
neighbor 10.1.2.3 remote-as 10
configure router bgp neighbor remove-private-AS

Use this command to remove private AS numbers from route advertisements to avoid
propagating those routes to other BGP peers. When an ISPs local eBGP peer receives a route
update message from an eBGP peer on a private AS, the ISPs peer must remove the private
AS numbers.
Syntax
neighbor <A.B.C.D> remove-private-AS
Example
558
neighbor 10.1.2.3 remove-private-AS
October 2010
configure router bgp neighbor route-map
configure router bgp neighbor route-map

Use this command to apply a route map to the specified neighbor.
Syntax
neighbor <A.B.C.D> route-map <mapname> <in|out>
Variable
Value
<in>
Apply route map to incoming routes.
<mapname>
The name of the route map.
<out>
Apply route map to outbound routes.
Example
neighbor 10.1.2.3 route-map route2 in
configure router bgp neighbor route-reflector-client

Use this command to configure the specified neighbor as a route reflector client. Use the no
form of this command to disable this function.
Syntax
[no] neighbor <A.B.C.D> route-reflector-client
Example
client
neighbor 10.1.2.3 route-reflector-
configure router bgp neighbor route-server-client

Use this command to configure the specified neighbor as a route server client. Use the no form
of this command to disable this function.
Syntax
[no] neighbor <A.B.C.D> route-server-client
October 2010
559
BGP commands
Example
neighbor 10.1.2.3 route-server-client
configure router bgp neighbor send-community

Use this command to send a community attribute to the specified neighbor.
Syntax
neighbor <A.B.C.D> send-community <both|extended|standard>
Variable
Value
<both>
Send Standard and Extended Community

attributes.
<extended>
Send Extended Community attributes.
<standard>
Send Standard Community attributes.
Example
extended
neighbor 10.1.2.3 send-community
configure router bgp neighbor shutdown

Use this command to administratively shutdown any active sessions for the specified neighbor
and clear all related routing data.
Syntax
neighbor <A.B.C.D> shutdown
Example
neighbor 10.1.2.3 shutdown
configure router bgp neighbor soft-reconfiguration inbound

Use this command to configure the software to start storing updates. Use the no parameter
560
October 2010
configure router bgp neighbor strict-capability-match
Syntax
neighbor <A.B.C.D> soft-reconfiguration inbound
Variable
Value
<A.B.C.D>
Specifies the address of the BGP neighbor.
Example
inbound
neighbor 10.1.2.3 soft-reconfiguration
configure router bgp neighbor strict-capability-match

Use this command to close the BGP connection if the capability value does not completely
match to remote peer. Use the no parameter with this command to disable this function
Syntax
neighbor <A.B.C.D> strict-capability-match
Variable
Value
<A.B.C.D>
Specifies the address of the BGP neighbor.
Example
match
neighbor 10.1.2.3 strict-capability-
configure router bgp neighbor timers

Use this command to configure BGP per-neighbor timers.
Syntax
neighbor <A.B.C.D> timers <keepalive> [connect <interval>]
Variable
Value
[connect]
Configure the neighbor connect timer.
October 2010
561
BGP commands
<interval>
The connect timer interval, in the range 1 to

65535.
<keepalive>
The keepalive interval for the specified

neighbor, in the range 0 to 65535.
Example
neighbor 10.1.2.3 timers 600
configure router bgp neighbor unsuppress-map

Use this command to selectively unsuppress suppressed routes.
Syntax
neighbor <A.B.C.D> unsuppress-map <route-map>
Variable
Value
<route-map>
Name of the route map.
Example
myroute
neighbor 10.1.2.3 unsuppress-map
configure router bgp neighbor update-source

Use this command to configure a source for the specified neighbor's routing updates.
Syntax
neighbor <A.B.C.D> update-source <source>
Variable
Value
<source>
The interface name or address of the update

source.
Example
562
neighbor 10.1.2.3 update-source wan1
October 2010
configure router bgp neighbor weight
configure router bgp neighbor weight

Use this command to configure the weight for the specified BGP neighbor.
Syntax
neighbor <A.B.C.D> weight <weight>
Variable
Value
<weight>
The default weight, in the range 0 to 65535.
Example
neighbor 10.1.2.3 weight 80
configure router bgp network

Use this command to specify a network to announce via BGP
Syntax
network [<prefix>] [synchronization]
Variable
Value
<prefix>
IP prefix of the network. Length is optional.
[synchronization]
Perform IGP synchronization on network

routes.
Example
network 35.0.0.0
configure router bgp redistribute

Use this command to redistribute information from another protocol.
October 2010
563
BGP commands
Syntax
redistribute <protocol> route-map <mapname>
Variable
Value
<mapname>
The pointer to route-map entries.
<protocol>
The protocol you want to redistribute from.

Possible choices are:
connected - redistribute from connected
routes.
ospf - redistribute from OSPF routes.
rip - redistribute from RIP routes.
static - redistribute from Static routes.
Example
myroute
redistribute connected route-map
configure router bgp synchronization

Use this command to configure IGP synchronization.
Syntax
synchronization
Example
synchronization
configure router bgp timers

Use this command to configure routing keepalive and holdtime timers.
Syntax
timers bgp <keepalive> <holdtime>
Variable
564
Value
October 2010
show bgp ipv4 attribute-info
<holdtime>
The hold timer value, in the range 0 to 65535.
<keepalive>
The keepalive interval, in the range 0 to

65535.
Example
timers bgp 40 120

Use this command to display BGP attribute information.
Syntax
Example
SR#
show bgp ipv4 cidr-only

Use this command to display BGP cidr-only information.
Syntax
Example
SR#
show bgp ipv4 community

Use this command to show routes matching the communities.
Syntax
show bgp ipv4 community [<AA:NN>] [local-as] [no-advertise] [noexport] [exact-match]
Variable
Value
October 2010
565
BGP commands
[<AA:NN>]
Specifies a valid value for a community

number.
[local-AS]
Do not send outside local AS (well-known

community).
[no-advertise]
Do not advertise to any peer (well-known

community).
[no-export]
Do not export to next AS (well-known

community).
[exact-match]
Specifies that the router shows the exact

match of the communities.
Example
SR#
show bgp ipv4 community local-AS
show bgp ipv4 community-info

Use this command to list all BGP community information.
Syntax
Example
SR#
show bgp ipv4 community-list

Use this command to display routes matching the community-list.
Syntax
show bgp ipv4 community-list <listname> [exact-match]
Variable
566
Value
<listname>
The community list to match against.
[exact-match]
Shows only routes that have exactly the

same specified communities.
October 2010
show bgp ipv4 dampening
Example
SR#
show bgp ipv4 community-list mylist exact-match

Use this command to display detailed information about dampening.
Syntax
show bgp ipv4 dampening <type>
Variable
Value
<type>
The type of dampening information to

display. Possible choices are:
dampened-paths - Display paths
suppressed due to dampenin.
flap-statistics - Display flap
statistics of routes.
parameters - Display details of
configured dampening parameters.
Example
SR#
show bgp ipv4 dampening dampened-paths
show bgp ipv4 filter-list

Use this command to show routes matching a particular filter list..
Syntax
show bgp ipv4 filter-list <listname>
Variable
<listname>
Value
The filter list to match against.
Example
SR#
show bgp filter-list mylist
October 2010
567
BGP commands
show bgp ipv4 inconsistent-as

Use this command to display routes with inconsistent AS Paths.
Syntax
Example
SR#
show bgp ipv4 neighbors

Use this command to display detailed information about BGP neighbor connections.
Syntax
show bgp ipv4 neighbors <A.B.C.D> [advertised-routes | received |
received-routes | routes]
Variable
Value
advertised-routes
Display the routes advertised to a BGP

neighbor.
received
Display information received from a BGP

neighbor/
received-routes
Display the received routes from neighbor.
routes
Display routes learned from neighbor.
Example
SR#
show bgp ipv4 neighbors 10.2.3.4 advertised-routes
show bgp ipv4 paths

Use this command to show information on IPv4 paths.
Syntax
show bgp ipv4 paths
568
October 2010
show bgp ipv4 prefix-list
Example
SR#
show bgp ipv4 paths

Use this command to display routes matching the prefix-list.
Syntax
show bgp ipv4 prefix-list <listname>
Variable
<listname>
Value
The prefix list to match against.
Example
SR#
show bgp ipv4 prefix-list mylist
show bgp ipv4 quote-regexp

Use this command to display routes matching the AS path regular expression (quoted string).
Syntax
show bgp ipv4 quote-regexp <"quoted-string">
Example
SR#
show bgp ipv4 quote-regexp "my AS path"
show bgp ipv4 regexp

Use this command to display routes matching the AS path regular expression.
Syntax
show bgp ipv4 regexp <expression>
October 2010
569
BGP commands

Variable
<expression>
Value
A regular expression used to match the BGP AS paths.
Example
SR#
show bgp ipv4 multicast regexp 50
show bgp ipv4 route-map

Use this command to display routes matching the route-map.
Syntax
show bgp ipv4 route-map <mapname>
Variable
<mapname>
Value
The route map to match against.
Example
SR#
show bgp ipv4 multicast route-map myroutemap
show bgp ipv4 scan

Use this command to display the BGP scan status.
Syntax
show bgp ipv4 scan
Example
SR#
show bgp ipv4 scan
show bgp ipv4 summary

Use this command to show a summary of BGP neighbor status.
570
October 2010
show ip as-path-access-list
Syntax
Example
SR#
show ip as-path-access-list
Use this command to list AS path access lists.
Syntax
show ip as-path-access-list <name>
Variable
<name>
Value
The name of the AS path access list you want to display.
Example
SR#
show ip as-path-access-list list1
show ip community-list
Use this command to display a community list.
Syntax
show ip community-list <name>
Example
SR#
show ip community-list list2
show ip protocols bgp

Use this command to display BGP process parameters and statistics.
Syntax
October 2010
571
BGP commands
Example
SR#
show debug bgp

Use this command to display the BGP debugging option set.
Syntax
show debug bgp
Example
SR# show debug bgp
show bgp ipv4 unicast attribute-info

Use this command to show internal attribute hash information.
Syntax
Example
SR# show bgp ipv4 unicast attribute-info
show bgp ipv4 unicast cidr-only

Use this command to display routes with non-natural network masks.
Syntax
Example
SR# show bgp ipv4 unicast cidr-only
show bgp ipv4 unicast community

Use this command to display routes matching the communities.
572
October 2010
show bgp ipv4 unicast community-info
Syntax
show bgp ipv4 unicast community [WORD] [local-AS ][no-export][noadvertise]
Variable
Value
[WORD]
Specifies the community number in AA:NN format.
[local-AS]
Does not send outside local AS (well-known

community).
[no-advertise]
Does not advertise to any peer (well-known

community).
[no-export]
Does not export to next AS (well-known community).
[exact-match]
Specifies the exact match of the community.
Example
SR# show bgp ipv4 unicast community local-AS exact-match

Use this command to show all internal community attribute hash information.
Syntax
Example
SR# show bgp ipv4 unicast community-info
show bgp ipv4 unicast community-list

Syntax
show bgp ipv4 unicast community-list <LISTNAME>[exact-match]
Variable
<LISTNAME>
Value
Specifies the community list name.
October 2010
573
BGP commands
Variable
[exact-match]
Value
Displays only routes that have exactly the same specified
communities.
Example
SR# show bgp ipv4 community-list CLIST
show bgp ipv4 unicast dampening

Syntax
show bgp ipv4 unicast dampening [dampened-paths|flap-statistics|
parameters]
Variable
<type>
Value
The type of dampening information to display. Possible choices
are:
dampened-pathsDisplay paths suppressed due to
dampening.
flap-statistics Display flap statistics of routes.
parametersDisplay details of configured dampening
parameters.
Example
SR# show bgp ipv4 unicast dampening dampened-paths
show bgp ipv4 unicast filter-list

Use this command to display routes conforming to the filter-list.
Syntax
show bgp ipv4 unicast filter-list <WORD>
574
October 2010
show bgp ipv4 unicast inconsistent-as

Variable
<WORD>
Value
Specifies the regular-expression access list name.
Example
SR# show bgp ipv4 unicast filter-list mylist

Syntax
Example
SR# show bgp ipv4 unicast inconsistent-as
show bgp ipv4 unicast neighbors

Use this command to display detailed information on TCP and BGP neighbor connections.
Syntax
show bgp ipv4 unicast neighbors <A.B.C.D|X:X::X:X> [advertisedroutes|received <prefix-filter>|received-routes|routes]
Variable
Value
<A.B.C.D>
Specifies the neighbor to display information about.
<X:X::X:X>
advertised-routes
Displays the routes advertised to a BGP neighbor.
received <prefix-filter>
Displays all received routes, both accepted and rejected.

prefix-filter Displays the prefix-list filter.
received-routes
Displays the received routes from neighbor.
routes
Displays all accepted routes learned from neighbors.
Example
SR# show bgp ipv4 unicast neighbors 3ffe::1
October 2010
575
BGP commands
show bgp ipv4 unicast paths

Use this command to display BGP path information.
Syntax
Example
SR# show bgp ipv4 unicast paths
show bgp ipv4 unicast peer-group

Use this command to display information regarding BGP peer groups.
Syntax
show bgp ipv4 unicast peer-group <WORD> [summary]
Variable
Value
<WORD>
Refers peer-group name.
[summary]
Summary of peer-group member status.
Example
SR# show bgp ipv4 unicast peer-group PEER6 summary
show bgp ipv4 unicast prefix-list

Syntax
show bgp ipv4 unicast prefix-list <WORD>
Variable
<WORD>
576
Value
Specifies the name of the IP prefix list.
October 2010
show bgp ipv4 unicast quote-regexp
Example
SR# show bgp ipv4 unicast prefix-list mylist

Use this command to display routes matching the AS path regular expression in quotes.
Syntax
show bgp ipv4 unicast quote-regexp <WORD>
Variable
<WORD>
Value
Specifies a regular-expression to match the BGP
AS_paths.
Example
SR# show bgp ipv4 unicast quote-regexp _500_
show bgp ipv4 unicast regexp

Syntax
show bgp ipv4 unicast regexp <LINE>
Variable
<LINE>
Value
Specifies a regular-expression to match the BGP
AS_paths.
Example
SR# show bgp ipv4 unicast regexp _500_
show bgp ipv4 unicast route-map

Use this command to display routes that match the specified route-map.
October 2010
577
BGP commands
Syntax
show bgp ipv4 unicast route-map <WORD>
Variable
<WORD>
Value
Specifies a route-map that is matched.
Example
SR# show bgp ipv4 unicast route-map NT
show bgp ipv4 unicast summary

Use this command to display a summary of BGP neighbor status.
Syntax
Example
SR# show bgp ipv4 unicast summary
show bgp ipv4 unicast scan

Use this command to display BGP scan status.
Syntax
Example
SR# show bgp ipv4 unicast scan
show bgp ipv4 multicast attribute-info

Syntax
578
October 2010
show bgp ipv4 multicast cidr-only
Example
SR# show bgp ipv4 multicast attribute-info

Syntax
Example
SR# show bgp ipv4 multicast cidr-only
show bgp ipv4 multicast community

Syntax
show bgp ipv4 multicast community <WORD> [local-AS ][no-export][noadvertise]
Variable
Value
<WORD>
[local-AS]
Does not send outside local AS (well-known community).
[no-advertise]
Does not advertise to any peer (well-known community).
[no-export]
[exact-match]
Example
SR# show bgp ipv4 multicast community local-AS exact-match
show bgp ipv4 multicast community-info

October 2010
579
BGP commands
Syntax
Example
SR# show bgp ipv4 multicast community-info
show bgp ipv4 multicast community-list

Syntax
show bgp ipv4 multicast community-list <LISTNAME>[exact-match]
Variable
Value
<LISTNAME>
[exact-match]

communities.
Example
show bgp ipv4 multicast dampening

Syntax
show bgp ipv4 multicast dampening [dampened-paths|flap-statistics|
parameters]
Variable
<type>
580
Value
are:
October 2010
show bgp ipv4 multicast filter-list
Variable
Value
dampening.
parameters.
Example
SR# show bgp ipv4 multicast dampening dampened-paths

Syntax
show bgp ipv4 multicast filter-list <WORD>
Variable
<WORD>
Value
Example
SR# show bgp ipv4 multicast filter-list mylist
show bgp ipv4 multicast inconsistent-as

Syntax
Example
SR# show bgp ipv4 multicast inconsistent-as
October 2010
581
BGP commands
show bgp ipv4 multicast neighbors

Syntax
show bgp ipv4 multicast neighbors <A.B.C.D|X:X::X:X> [advertisedroutes|received <prefix-filter>|received-routes|routes]]
Variable
Value
<A.B.C.D>
<X:X::X:X>
advertised-routes

prefix-filter: Displays the prefix-list filter.
received-routes
routes
Example
SR# show bgp ipv4 multicast neighbors 3ffe::1
show bgp ipv4 multicast paths

Syntax
Example
SR# show bgp ipv4 multicast paths
show bgp ipv4 multicast peer-group

582
October 2010
show bgp ipv4 multicast prefix-list
Syntax
show bgp ipv4 multicast peer-group <WORD> [summary]
Variable
Value
<WORD>
[summary]
Example
SR# show bgp ipv4 multicast peer-group PEER6 summary

Syntax
show bgp ipv4 multicast prefix-list <WORD>
Variable
Value
<WORD>
Example
SR# show bgp ipv4 multicast prefix-list mylist
show bgp ipv4 multicast quote-regexp

Syntax
show bgp ipv4 multicast quote-regexp <WORD>
Variable
<WORD>
Value
Specifies a regular-expression to match the BGP AS_paths.
October 2010
583
BGP commands
Example
SR# show bgp ipv4 multicast quote-regexp _500_
show bgp ipv4 multicast regexp

Syntax
show bgp ipv4 multicast regexp <LINE>
Variable
<LINE>
Value
Example
SR# show bgp ipv4 multicast regexp _500_
show bgp ipv4 multicast route-map

Syntax
show bgp ipv4 multicast route-map <WORD>
Variable
<WORD>
Value
Example
SR# show bgp ipv4 multicast route-map NT
show bgp ipv4 multicast summary

584
October 2010
show bgp ipv4 multicast scan
Syntax
Example
SR# show bgp ipv4 multicast summary

Syntax
Example
SR# show bgp ipv4 multicast scan
debug bgp
Use this command to enable all BGP troubleshooting functions. Use the no parameter with
this command to disable this function.
Syntax
(no) debug bgp [(ipv4 (unicast|multicast)|(ipv6 (unicast|multicast)|
all] [dampening|events|filters|nsm|updates]
(no) debug bgp all [fsm|keepsalives]
Variable
Value
filters
Specifies debugging for BGP filters.
nsm
Specifies debugging for NSM messages.
updates
updates [in | out].
dampening
Specifies debugging for BGP dampening.
updates in
Inbound updates.
updates out
Outbound updates.
keepsalives
Specifies debugging for BGP keepalives.
fsm
Specifies debugging for BGP Finite State Machine (FSM).
October 2010
585
BGP commands
Example
SR# debug bgp ipv4 unicast dampening
show bgp all attribute-info

Syntax
show bgp all attribute-info
Example
SR# show bgp all attribute-info
show bgp all community

Syntax
show bgp all community [WORD] [local-AS ][no-export][no-advertise]
Variable
Value
[WORD]
[local-AS]
[no-advertise]
[no-export]
[exact-match]
Example
SR# show bgp all community local-AS exact-match
show bgp all community-info

586
October 2010
show bgp all community-list
Syntax
show bgp all community-info
Example
SR# show bgp all community-info
show bgp all community-list

Syntax
show bgp all community-list <WORD>[exact-match]
Variable
Value
<WORD>
[exact-match]

communities.
Example
SR# show bgp all community-list CLIST
show bgp all dampening

Syntax
show bgp all dampening [dampened-paths|flap-statistics|parameters]
Variable
<type>
Value
The type of dampening information to display. Possible choices are:
dampening.
parameters.
October 2010
587
BGP commands
Example
SR# show bgp all dampened-paths
show bgp all filter-list

Syntax
show bgp all filter-list <WORD>
Variable
<WORD>
Value
Example
SR# show bgp all filter-list mylist
show bgp all inconsistent-as

Syntax
show bgp all inconsistent-as
Example
SR# show bgp all inconsistent-as
show bgp all neighbors

Syntax
show bgp all neighbors <A.B.C.D|X:X::X:X> [advertised-routes|
received <prefix-filter>|received-routes|routes]]
588
October 2010
show bgp all paths

Variable
Value
<A.B.C.D>
<X:X::X:X>
advertised-routes

received-routes
routes
Example
SR# show bgp all neighbors 3ffe::1
show bgp all paths

Syntax
show bgp all paths
Example
SR# show bgp all paths
show bgp all peer-group

Syntax
show bgp all peer-group <WORD> [summary]
Variable
Value
<WORD>
[summary]
October 2010
589
BGP commands
Example
SR# show bgp all peer-group PEER6 summary
show bgp all prefix-list

Syntax
show bgp all prefix-list <WORD>
Variable
<WORD>
Value
Example
SR# show bgp all prefix-list mylist
show bgp all quote-regexp

Syntax
show bgp all quote-regexp <WORD>
Variable
<WORD>
Value
Example
SR# show bgp all quote-regexp _500_
show bgp all regexp

590
October 2010
show bgp all route-map
Syntax
show bgp all regexp <LINE>
Variable
<LINE>
Value
Example
SR# show bgp all regexp _500_
show bgp all route-map

Syntax
show bgp all route-map <WORD>
Variable
<WORD>
Value
Example
SR# show bgp all route-map NT
show bgp all summary

Syntax
show bgp all summary
Example
SR# show bgp all summary
October 2010
591
BGP commands
show bgp all scan

Syntax
show bgp all scan
Example
SR# show bgp all scan
592
October 2010
Chapter 42: VRRP commands
clear vrrp
Use this command to clear VRRP-related statistics.
Syntax
show vrrp [group <1-255>] [interface <ifname>]
Variable
Value
[group <1-255>]
Specifies VRRP group.
Specifies a VRRP interface.
Example
SR#
clear vrrp group 1 interface ethernet0/3
configure interface ethernet vrrp

Use this command to configure VRRP on a port.
Syntax
vrrp <1-255>
Variable
Value
<1-255>
A unique integer value that represents the

virtual router ID in the range 1 to 254. The
virtual router acts as the default router for one
or more assigned addresses.
Example
SR/configure/interface/ethernet (6/12)# vrrp 10
October 2010
593
VRRP commands
configure interface ethernet vrrp advertisement_interval

Use this command to configure the time interval for VRRP advertisements in seconds.
Syntax
advertisement_interval adv_interval <1-255>
Variable
Value
<1-255>
The advertisement interval (in seconds).

Range is 1-255 and the default is 1.
Example
SR/configure/interface/ethernet (6/12)/vrrp 10#
advertisement_interval 5
configure interface ethernet vrrp authentication

Use this command to specify the authentication string used to authenticate VRRP packets
received from other routers in a group.
Syntax
authentication <key>
Variable
Value
<key>
The authentication string, maximum 8

characters.
Example
SR/configure/interface/ethernet (6/12)/vrrp 10# authentication
alfxitz
configure interface ethernet vrrp description

Use this command to assign a description to the VRRP group.
594
October 2010
configure interface ethernet vrrp enable
Syntax
description <desc_string>
Variable
Value
desc_string
value range for a description string group is

upto 80 characters within quotation marks.
Example
SR/configure/interface/ethernet (6/12)/vrrp 10# description virtual
router for wan
configure interface ethernet vrrp enable

Use this command to enable a VRRP group.
Syntax
enable
Example
SR/configure/interface/ethernet (6/12)/vrrp 10# enable
configure interface ethernet vrrp ipaddr

Use this command to configure IP addresses associated with this virtual router.
Syntax
ipaddr <address>
Variable
Value
<address>
The IP address of the virtual router.
Example
SR/configure/interface/ethernet (6/12)/vrrp 10# ipaddr 128.44.10.24
October 2010
595
VRRP commands
configure interface ethernet vrrp learn_adv_internal

Use this command to configure the backup router to learn the advertisement interval from the
master.
Syntax
learn_adv_interval
Example
SR/configure/interface/ethernet (6/12)/vrrp 10# learn_adv_interval
configure interface ethernet vrrp preempt

Use this command to configure the virtual router to prempt the current VRRP master if it has
a higher priority than the current master.
Syntax
preempt
Example
preempt
configure interface ethernet vrrp priority

Use this command to configure the priority level of the router within a VRRP group.
Syntax
priority <1-254>
Variable
Value
<1-254>
The priority level. Range is 1-254 and the

default is 100.
Example
596
priority 100
October 2010
configure interface ethernet vrrp track
configure interface ethernet vrrp track

Use this command to configure tracked interface and track priority.
Syntax
track <ifname> <priority>
Variable
Value
<ifname>
The name of the interface to track.
<priority>
The priority given to the track.
Example
140
track ethernet0/2
configure vrrp-virtualip allow-ping

Use this command to configure ping to VRRP virtual IP.
Syntax
[no] allow-ping
Example
SR/configure/vrrp-virtualip#allow-ping
show vrrp
Use this command to display VRRP-related information.
Syntax
show vrrp [group <1-255>] [interface <ifname>] [mode {summary|
detailed}]
Variable
Value
October 2010
597
VRRP commands
[group <1-255>]
Specifies VRRP group.
Specifies a VRRP interface.
[mode {summary | detailed}]
Specifies the display mode, either summary

or detailed.
Example
SR#
show vrrp group 10 interface ethernet0/3 mode detailed
show vrrp virtualip-setting

Use this command to display the status of ping to virtual IP.
Syntax
show vrrp virtualip-setting
Example
SR# show vrrp virtualip-setting
598
October 2010
Chapter 43: IPv4 multicast routing

commands
clear ip mroute
Use this command to delete multicast routing table entries. You can either delete table entries
by Group ID, or you can clear the entire table.
Syntax
clear ip mroute <all>|<group-addr> [<source-addr>]
Variable
Value
<all>
Specifies the group IP address of the

forwarding entries to clear.
<group-addr>
Address of group to clear.
[<source-addr>]
Specifies the source IP address of the

forwarding entries to clear.
Example
SR# clear ip mroute 10.10.10.1
configure ip mroute
Use this command to configure a multicast static route. Multicast static routes are unicast
routes that allow multicast and unicast topologies to be incongruous. Multicast routing
protocols use these routes to perform reverse-path forwarding (RPF) checks. By default, no
multicast static routes are configured.
Syntax
[no] ip mroute <source-address/mask> [<protocol>] [<RPF-addr> |<ifname>] [<distance>]
October 2010
599
IPv4 multicast routing commands

Variable
Value
[no]
Removes the configure multicast static

route.
<source-address/mask>
Specifies the multicast source IP address

(A.B.C.D) and address mask length (032).
[<protocol>]
Specifies the unicast routing protocol: bgp:

BGP isis: IS-IS ospf: OSPF rip: RIP static
[<RPF-addr>]
Specifies the RPF address (A.B.C.D) for the

multicast route. The host IP address can be
a directly connected system or a remote
system. When it is a remote system, a
recursive lookup is done from the unicast
routing table to find a directly connected
system; the recursive lookup is done up to
only one level.
<if-name>]
Specifies the incoming interface name. The

interface can only be specified for
nonbroadcast interfaces.
<distance>
Specifies a distance for the multicast route,

which determines whether a unicast route or
multicast static route is used for the RPF
lookup. Lower distances take precedence. If
the multicast static route has the same
distance as other RPF sources, the multicast
static route takes precedence. Default is 0.
Range is 0255.
Example
SR/configure#ip mroute 10.0.0.0/8 ethernet0/1
configure interface ip multicast ttl-threshold

Use this command to configure the minimum permissible time-to-live threshold value of
packets being forwarded out of an interface. Use the no form of this command to return to the
default threshold (0).
Syntax
[no] ip multicast ttl-threshold <ttl-value>
600
October 2010
configure ip multicast-lookup-mrib-only

Variable
Value
<ttl-value>
The time-to-live threshold. Valid range is 1 to

255.
Example
SR/interface/ethernet (6/13)# ip multicast ttl-threshold 30
configure ip multicast-lookup-mrib-only
Use this command to configure the router to perform IP multicast lookups in the MRIB only. If
this feature is not enabled, multicast route lookup is done in the URIB as well as in the MRIB. By
default, this feature is disabled.
Syntax
[no] ip multicast-lookup-mrib-only
Variable
[no]
Value
Disables the multicast lookup in MRIB-only
feature.
Example
SR/configure#ip multicast-lookup-mrib-only
configure ip multicast-routing
Use this command to enable multicast routing on the Avaya Secure Router 2330/4134. Use
the no form of this command to disable multicast routing.
Syntax
[no] ip multicast-routing
Example
SR# ip multicast-routing
October 2010
601
IPv4 multicast routing commands
show ip mroute
Use this command to configure ..
Syntax
show ip mroute [summary | <address>]
Variable
Value
<address>
The source or group IP address.
Example
SR# show ip mroute <address>
show ip mvif
Use this command to display multicast interface information.
Syntax
show ip mvif [interface <interface>]
Variable
Value
<interface>
The interface for which you want to show

multicast information.
Example
SR# show ip mvif interface ethernet0/1
602
October 2010
Chapter 44: DVMRP commands
clear ip dvmrp prune

Use this command to flush all DVMRP prune states. You can delete all statistics, or you can
delete by group or network prefix.
Syntax
clear ip dvmrp prune {all|<network>|<groupIP>}
Variable
Value
all
Clear all prune states.
<groupIP>
Clear prune states by group address.
<network>
Clear prune states by network prefix.
Example
SR#
clear ip dvmrp prune 10.10.10.2/2
clear ip dvmrp route

Use this command to delete DVMRP unicast routes. You can delete all unicast routes, or delete
by network prefix..
Syntax
clear ip dvmrp route {A.B.C.D/M|all}
Variable
Value
all
Delete all DVMRP unicast routes.
A.B.C.D/M
Delete DVMRP unicast by network prefix.
October 2010
603
DVMRP commands
Example
SR#
clear ip dvmrp route 5.5.5.5/16
configure ip dvmrp holddown disable

Use this command to disable or reenable the DVMRP holddown timer. During the holddown
period, the deleted route is advertised as unreachable, and all forwarding cache entries based
on the route are flushed. If you disable the holddown timer, it does not affect timers that are
already running. By default, the holddown timer is enabled.
If you enable the holddown timer for deleted routes, configure the full update interval to one
half of the difference between the unconfirmed (garbage) route timeout value and the route
expiration timeout value. The default values for these timer parameters comply with this
requirement as follows:
Full update interval (60) * 2 = 120
Unconfirmed route timer route expiration timer (260 140) = 120
If you enable the holddown timer and reset the full update timer, you are required to reset the
route expiration timer and the unconfirmed route timer.
Syntax
[no] ip dvmrp holddown disable
Variable
[no]
Value
Reenables the DVMRP holddown timer.
Example
SR/configure#ip dvmrp holddown disable
configure ip dvmrp log-neighbor-changes

Use this command to enable logging of the DVMRP neighbor changes to the console. By
default, neighbor change logging is enabled.
Syntax
[no] ip dvmrp log-neighbor-changes
604
October 2010
configure ip dvmrp mfc-timeout

Variable
[no]
Value
Disables neighbor change logging value (2
minutes).
Example
SR/configure#ip dvmrp log-neighbor-changes
configure ip dvmrp mfc-timeout

Use this command to configure the timeout for negative entries in the multicast forwarding
cache (MFC).
Syntax
[no] ip dvmrp mfc-timeout <mfc-timeout>
Variable
Value
[no]
Resets the MFC timeout to the default value

(2 minutes).
<mfc-timeout>
Specifies the MFC timeout. Range is 2120

minutes.
Example
SR/configure#ip dvmrp mfc-timeout 4
configure ip dvmrp neighbor-probe-interval

Use this command to configure how often DVMRP sends a probe on interfaces from which no
neighbors have been heard. The default value is 10 seconds.
Syntax
[no] ip dvmrp neighbor-probe-interval <neighbor-probe-interval>
October 2010
605
DVMRP commands

Variable
Value
[no]
Resets the DVMRP neighbor probe interval

to the default value: 10 seconds.
<neighbor-probe-interval>
Specifies the DVMRP neighbor probe

interval. Range is 530 seconds.
Example
SR/configure#ip dvmrp neighbor-probe-interval 5
configure ip dvmrp neighbor-timeout

Use this command to configure how long the router waits to receive a report from a neighbor
before considering the connection inactive, if the neighbor is learned by report messages. The
default value is 190 seconds.
Syntax
[no] ip dvmrp neighbor-timeout <neighbor-timeout>
Variable
Value
[no]
Resets the DVMRP neighor timeout to the

default value: 190 seconds.
<neighbor-timeout>
Specifies the DVMRP neighbor timeout

value. Range is 358000 seconds.
Example
SR/configure#ip dvmrp neighbor-timeout 35
configure ip dvmrp route-expiration-timeout

Use this command to configure how long DVMRP waits for an update message indicating
that a route is reachable. The default value is 140 seconds.
If the holddown timer is enabled and you change the value of the route expiration timer, then
also change the value of the unconfirmed route timer accordingly.
606
October 2010
configure ip dvmrp switch-timeout
If you enable the holddown timer and reset the full update timer, you must reset the route
expiration timer and the unconfirmed route timer.
Syntax
[no] ip dvmrp route-expiration-timeout <route-expiration-timeout>
Variable
Value
[no]
Resets to the default value: 140 seconds.
<route-expiration-timeout>
Specifies the route expiration timeout.

Range is 21-4001 seconds.
Example
SR/configure#ip dvmrp route-expiration-timeout 22
configure ip dvmrp switch-timeout

Use this command to configure how long the router waits, without receiving a subsequent route
update from the original neighbor, before switching to a different neighbor advertising equal
cost for this route. The default value is 140 seconds.
Syntax
[no] ip dvmrp switch-timeout <switch-timeout>
Variable
Value
[no]
Resets the DVMRP switch timeout to the

<switch-timeout>
Specifies the DVMRP switch timeout value.

Range is 202000 seconds.
Example
SR/configure#ip dvmrp switch-timeout 25
October 2010
607
DVMRP commands
configure ip dvmrp triggered-update-interval

Use this command to specify the minimum amount of time between triggered DVMRP updates.
The default value is 5 seconds.
Syntax
[no] ip dvmrp triggered-update-interval <triggered-update-interval>
Variable
Value
[no]
Resets the triggered update interval to the

<triggered-update-interval>
Specifies the triggered update interval.

Example
SR/configure#ip dvmrp triggered-update-interval 25
configure ip dvmrp unconfirmed-route-timeout

Use this command to configure how long DVMRP advertises a route as unreachable before it
removes the route from the routing table. The default value is 260 seconds.
If the holddown timer is enabled and you change the value of the unconfirmed route timer, then
also change the value of the route expiration timer accordingly.
If you enable the holddown timer and reset the full update timer, you must reset the route
expiration timer and the unconfirmed route timer.
Syntax
[no] ip dvmrp unconfirmed-route-timeout <unconfirmed-route-timeout>
608
October 2010
configure interface ip dvmrp default-listen

Variable
Value
[no]
Resets the unconfirmed route timeout to the

<unconfirmed-route-timeout>
Specifies the unconfirmed route timeout

value. Range is 4181001 seconds.
Example
SR/configure#ip dvmrp unconfirmed-route-timeout 42
configure interface ip dvmrp default-listen

Use this command to configure whether the router accepts default routes on this interface. By
default, default route listening is disabled.
Syntax
[no] ip dvmrp default-listen disable
Variable
[no]
Value
Enables DVMRP default route listening.
Example
SR/configure/interface/ethernet 0/1#ip dvmrp default-listen disable
configure interface ip dvmrp default-supply

Use this command to advertise a default route (0.0.0.0) on this interface. By default, default
route advertisement is disabled.
Syntax
[no] ip dvmrp default-supply enable
Variable
[no]
Value
Disables default route advertisement on the
interface.
October 2010
609
DVMRP commands
Example
SR/configure/interface/ethernet 0/1#ip dvmrp default-supply
configure interface ip dvmrp enable

Use this command to enable DVMRP on the current interface. Use the no form of this command
to disable DVMRP on the interface.
Syntax
[no] ip dvmrp enable
Example
ip dvmrp enable
SR/configure/interface/ethernet (0/4)# ip dvmrp enable
configure interface ip dvmrp metric

Use this command to assign a metric value (other than the default 1) to the current interface.
Syntax
ip dvmrp metric <1-31>
Variable
Value
<1-31>
Metric value for the interface.
Example
SR/configure/interface/ethernet (0/4)# ip dvmrp metric 20
configure interface ip dvmrp output-report-delay

Use this command to adjust the delay (in seconds) in sending DVMRP reports and to specifies
valid burst sizes.
Syntax
ip dvmrp output-report-delay <1-5> [<1-65535>]
610
October 2010
configure interface ip dvmrp prune-lifetime

Variable
Value
<1-5>
Output delay in seconds.
<1-65535>
Number of back-to-back reports sent after

delay.
Example
SR/configure/interface/ethernet (0/4)# ip dvmrp output-report-delay 4
1000
configure interface ip dvmrp prune-lifetime

Use this command to configure the lifetime of prune messages that are sent to upstream
neighbors. By default, the value is 7200 seconds.
Syntax
[no] ip dvmrp prune-lifetime <prune-lifetime>
Variable
Value
<if-name>
Specifies the interface to configure.
[no]
Resets the DVMRP prune lifetime to the

<prune-lifetime>
Specifies the DVMRP prune lifetime value.

Example
SR/configure/interface/ethernet 0/1#ip dvmrp prune-lifetime 30
configure interface ip dvmrp reject non-pruners

Use this command to configure the router such that it does not peer with a DVMRP neighbor
that does not support pruning or grafting.
Syntax
ip dvmrp reject-non-pruners
October 2010
611
DVMRP commands
Example
SR/configure/interface/ethernet (0/4)# ip dvmrp reject-non-pruners
show ip dvmrp interface

Use this command to show information on all DVMRP-enabled interfaces or a specified
interface.
Syntax
show ip dvmrp interface [<ifname>] [detail]
Variable
Value
[<ifname>]
Specifies the name of the interface.
[detail]
Displays detailed DVMRP interface

information.
Example
SR#
show ip dvmrp interface
show ip dvmrp neighbor

Use this command to show the DVMRP neighbor entry in detail indicated by interface IFNAME
and its IP address A.B.C.D.
Syntax
show ip dvmrp neighbor [detail] <ifname> <nbr-address>
Variable
Value
[detail]
Display detailed information (optional).
<ifname>
The interface name.
<nbr-address>
The IP address of the neighbor.
Example
SR#
612
show ip dvmrp neighbor detail ethernet0/1 10.10.10.1
October 2010
show ip dvmrp prune
show ip dvmrp prune

Use this command to show DVMRP prune information.
Syntax
show ip dvmrp prune [detail] [group <group-address] [source <sourceaddress_mask>]
Variable
Value
[detail]
[group]
Show group information (optional).
<group-address>
The multicast group address.
[source]
Show matching source entry (optional).
<source-address_mask>
The source IP address.
Example
SR#
show ip dvmrp prune
show ip dvmrp route

Use this command to show all the DVMRP neighbor tables in detail.
Syntax
show ip dvmrp route [detail] [<A.B.C.D/M>] [next-hop <ipaddress>]
[best-match <ipaddress>]
Variable
Value
[best-match]
Show best-match (optional).
[detail]
<ipaddress>
The address of the neighbor.
[<A.B.C.D/M>]
The source network address and subnet

mask.
[next-hop]
Show next hop (optional).
October 2010
613
DVMRP commands
Example
SR#
show ip dvmrp route next-hop 10.10.10.11
show ip dvmrp statistics

Use this command to show DVMRP statistics.
Syntax
show ip dvmrp statistics [<ifname>] [detail]
Variable
Value
[<ifname>]
Specifies the interface for which the statistics

are to be displayed.
[detail]
Provides additional detail to the command

output.
Example
SR#
614
show ip dvmrp statistics
October 2010
Chapter 45: IPv4 PIM commands
clear ip pim sparse-mode bsr rp-set all

Use this command to clear all PIM bootstrap router information.
Syntax
clear ip pim sparse-mode bsr rp-set all
Example
SR# clear ip pim sparse-mode bsr rp-set all
clear ip pim sparse-mode statistics

Use this command to clear PIM statistics. If no options are specified, the router clears the
interface and global statistics counters.
Syntax
clear ip pim sparse-mode statistics [interface [<ifname>] | all ]
Variable
Value
[interface [<ifname>]
Clears statistics for the particular interface. If

the interface name is not specified, the router
clears statistics for all interfaces.
all
Clears the interface and global statistics

counters and Tree Information Base (TIB)
information.
Example
SR#clear ip pim sparse-mode statistics all
October 2010
615
IPv4 PIM commands
configure interface ip pim bsr-border

Use this command to enable a BSR border router. Use the no form of this command to disable.
Syntax
[no] ip pim bsr-border
Example
SR/configure/interface/ethernet (0/1)# ip pim bsr-border
configure interface ip pim dr-priority

Use this command to configure PIM router DR priority. Use the no form of this command to
revert to default.
Syntax
[no] ip pim dr-priority <priority>
Variable
Value
<priority>
The PIM router DR priority, in the range 0 to

4294967294.
Example
SR/configure/interface/ethernet (0/1)# ip pim dr-priority 255
configure interface ip pim exclude-genid

Use this command to configure PIM to exclude Gen-id option from PIM hello packets on the
specified interface. Use the no form of this command to revert to default behavior.
Syntax
[no] ip pim exclude-genid
Example
SR/configure/interface/ethernet (0/1)# ip pim exclude-genid
616
October 2010
configure interface ip pim hello-interval
configure interface ip pim hello-interval

Use this command to configure the hello interval value. Use the no form of this command to
disable.
Syntax
[no] ip pim hello-interval <interval>
Variable
Value
<interval>
The hello interval value in seconds. Valid

range is 10 to 65535 (default is 30).
Example
SR/configure/interface/ethernet (0/1)# ip pim hello-interval 60
configure interface ip pim neighbor-filter

Use this command to configure a PIM peering filter. Use the no form of this command remove
the peer filter.
Syntax
[no] ip pim neighbor-filter <accesslist>
Variable
Value
<accesslist>
The IP access list name used in filtering.
Example
SR/configure/interface/ethernet (0/1)# ip pim neighbor-filter
testlist
configure interface ip pim sparse-mode

Use this command to enable PIM-SM on the active interface. Use the no form of the command
to disable PIM-SM on the interface.
October 2010
617
IPv4 PIM commands
Use the passive option to enable passive mode operation for local IGMP members on the
interface. Passive mode stops PIM-SM transactions on the interface, allowing only IGMP
mechanism to be active. Use the no form of this command to turn off passive mode.
Syntax
[no] ip pim sparse-mode [passive]
Variable
Value
[passive]
Enables passive mode.
Example
SR/configure/interface/ethernet (0/1)# ip pim sparse-mode
configure ip pim accept-register

Use this command to configure the ability to filter out multicast sources specified by the given
access-list at the RP so that the RP will accept/refuse to perform Register mechanism for the
packets sent by the specified sources. Use the no form of this command to revert to default
(off).
Syntax
[no] ip pim accept-register list {<accesslist>|<word>}
Variable
Value
<accesslist>
The IP standard access list. Valid ranges are

1 to 99 for simple range value and 1300 to
1999 for expanded range value.
<word>
The IP named access-list.
Example
SR/configure# ip pim accept-register list 50
configure ip pim anycast-rp

Use this command to configure an Anycast member RP address. By default, no Anycast
members are configured.
618
October 2010
configure ip pim bsr-candidate
Prerequisites
To specify the Anycast RP address in this procedure, you must first configure the Anycast
RP address as a static RP address.
Syntax
[no] ip pim anycast-rp <anycast-RP-address> <anycast-member-RPaddress>
Variable
Value
[no]
Removes the configured Anycast RP

member.
<anycast-RP-address>
Specifies the IP address of the Anycast RP

address.
<anycast-member-RP-address>
Specifies the IP address of the Anycast

member RP address.
Example
SR/configure#ip pim anycast-rp 10.1.1.1
configure ip pim bsr-candidate

Use this command to enable BSR status using a specific interface name. Use the no form of
this command to disable the function.
Syntax
[no] ip pim bsr-candidate <ifname> [<hash>] [<priority>]
Variable
Value
<ifname>
<hash>
The mask hash length for RP selection, in the

range 0 to 32.
<priority>
The priority for a BSR candidate, in the range

0 to 255.
Example
SR/configure# ip pim bsr-candidate fxp0 20 30
October 2010
619
IPv4 PIM commands
configure ip pim cisco-register-checksum

Use this command to configure the option to calculate register checksum over the whole
packet. This command is used to inter-operate with older Cisco IOS versions. Use the no form
of this command to revert to the default setting (off).
Syntax
[no] ip pim cisco-register-checksum
Example
SR/configure# ip pim cisco-register-checksum
configure ip pim ignore-rp-set-priority

Use this command to configure the Avaya Secure Router 2330/4134 to ignore the RP set
priority value. Use the no form of this command to revert to default.
Syntax
[no] ip pim ignore-rp-set-priority
Example
SR/configure# ip pim ignore-rp-set-priority
configure ip pim log-neighbor-changes

Use this command to enable logging of neighbor up/down status changes and DR changes.
Syntax
[no] ip pim log-neighbor-changes
Variable
Value
[no]
[no]
Example
SR/configure# ip pim log-neighbor-changes
620
October 2010
configure ip pim multipath
configure ip pim multipath

Use this command to configure PIM multipath to enable the selection of different equal cost
multipath (ECMP) next hops for a given destination. By default, PIM multipath is disabled.
Syntax
[no] ip pim multipath [hashing]
Variable
Value
[no]
Disabes PIM multipath.
[hashing]
Enables the next hop selection based on key,

which is calculated using source address,
group address and next-hop address. By
default, round-robin mechanism is used to
select the next hop.
Example
SR/configure#ip pim multipath hashing
configure ip pim register-source

Use this command to configure the source address of Register packets sent by this DR,
overriding the default source address, which is the address of the RPF interface toward the
source host. Use the no form of this command to revert to the default source address.
The configured address must be reachable in order to be used by the RP to send corresponding
Register-Stop messages in response. It can be either the loopback interface address or other
physical addresses. This address must be advertised by unicast routing protocols on the DR.
The configured interface does not require being PIM-SM enabled.
Syntax
[no] ip pim register-source {<sourceaddress>|<ifname>}
Variable
Value
<sourceaddress>
The IP address used as the source of register

packets.
October 2010
621
IPv4 PIM commands
<ifname>
The interface name. The address of this

interface is used as the source of register
packets.
Example
SR/configure# ip pim register-source 10.1.1.1
configure ip pim rp-address

Use this command to configure the PIM Rendezvous Point address. Use the no form of this
command to revert to default.
Syntax
[no] ip pim rp-address <address>
Variable
Value
<address>
The address of the Rendezvous Point.
Example
SR/configure# ip pim rp-address 10.10.10.2
configure ip pim rp-candidate

Use this command to configure the PIMv2 Rendezvous Point candidate. Use the no form of
this command to revert to default behavior.
Syntax
[no] ip pim rp-candidate <interface> [interval <1-16383>] [priority
<0-255>] [group-list <listname>]
622
Variable
Value
<interface>
The interface name of the RP candidate.
<interval>
The candidate RP advertisement interval.
<priority>
The candidate RP priority.
<group-list>
The group range for this candidate RP.
October 2010
configure ip pim spt-threshold-infinity
Example
SR/configure# ip pim rp-candidate ethernet6/2 interval 255 priority
100 group-list testlist
configure ip pim spt-threshold-infinity

Use this command to configure a group to have no source-tree switching threshold. Use the
no form of this command to revert to default behavior.
Syntax
[no] ip pim spt-threshold-infinity [group-list <accesslist>]
Variable
Value
<accesslist>
The IP access list name you want to remove

the threshold from.
Example
SR/configure# ip pim spt-threshold-infinity group-list testlist
configure ip pim ssm

Use this command to configure the source-specific multicast (SSM) default value or accesslist filter range. Use the no form of this command to disable source-specific multicast.
Syntax
[no] ip pim ssm [default] [range <accesslist> <word>]
Variable
Value
<accesslist>
The IP standard access list. Valid range is 1

to 99 for simple range and 1300 to 1999 for
expanded range. Access list variable must
first be configured using access-list
command.
[default]
To use 232/8 group range for SSM (optional).
[range]
To configure a range using access list or

word (optional).
October 2010
623
IPv4 PIM commands
<word>
The IP named access list.
Example
SR/configure# ip pim ssm range ssmgrp
show ip pim sparse-mode bsr-router

Use this command to show the bootstrap router address.
Syntax
show ip pim sparse-mode bsr-router
Example
SR# show ip pim sparse-mode bsr-router
show ip pim sparse-mode database

Use this command to show the PIM tree information base.
Syntax
show ip pim sparse-mode database [<src-addr>|<grp-addr>]
Variable
Value
<src-addr>
Filter by source address (optional).
<grp-addr>
Filter by group address (optional).
Example
SR# show ip pim sparse-mode database 10.1.1.2
show ip pim sparse-mode interface

Use this command to show PIM interface information.
Syntax
show ip pim sparse-mode interface <ifname> [detail]
624
October 2010
show ip pim sparse-mode neighbor

Variable
Value
<ifname>
The interface name.
[detail]
Example
SR# show ip pim sparse-mode interface ethernet0/1 detail
show ip pim sparse-mode neighbor

Use this command to show PIM neighbor information.
Syntax
show ip pim sparse-mode neighbor <ifname> [detail]
Variable
Value
<ifname>
The PIM-enabled interface name or number
[detail]
Show detailed PIM neighbor information

(optional).
Example
SR# show ip pim sparse-mode neighbor ethernet0/1 detail
show ip pim sparse-mode rp mapping

Use this command to display group-to-RP mapping information.
Syntax
show ip pim sparse-mode rp mapping
Example
SR# show ip pim sparse-mode rp mapping
October 2010
625
IPv4 PIM commands
show ip pim sparse-mode rp-hash

Use this command to display rendezvous-point (RP) information based on group.
Syntax
show ip pim sparse-mode rp-hash <group-address>
Variable
Value
<group-address>
The IPv4 group address.
Example
SR# show ip pim sparse-mode rp-hash 10.1.1.10
show ip pim sparse-mode rpf

Use this command to display RPF information based on source address and, optionally, group
address.
The router displays RPF information for all ECMP routes if
Multipath (round-robin or hashing) is enabled and group address is not specified.
Multipath (round-robin) is enabled and a matching (S,G) entry does not exist.
Syntax
show ip pim sparse-mode rpf <source-addr> [<group-addr>]
Variable
Value
<source-addr>
Specifies the IPv4 source address for which

to display PIM RPF information.
<group-addr>
Specifies the IPv4 group address for which

Example
SR#show ip pim sparse-mode rpf 10.1.1.1
626
October 2010
Chapter 46: IGMP commands
clear ip igmp group

Use this command to clear all the IGMP group cache entries.
Syntax
clear ip igmp group [all|<A.B.C.D>]
Variable
Value
all
Clear all IGMP group entries.
<A.B.C.D>
Clear IGMP group entries by multicast group

address.
Example
SR# clear ip igmp group all
clear ip igmp interface

Use this command to clear IGMP interface entries.
Syntax
clear ip igmp interface <interface>
Variable
Value
<interface>
The interface from which to remove IGMP

entries.
Example
SR# clear ip igmp interface ethernet0/1
October 2010
627
IGMP commands
clear ip igmp statistics

Use this command to clear IGMP statistics to set all the IGMP statistics counters to zero.
Syntax
clear ip igmp statistics <if-name>
Variable
<if-name>
Value
Specifies the interface for which to clear the
IGMP statistics. If no interface is specified, all
statistics information is set to zero.
Example
SR#clear ip igmp statistics
configure ip igmp limit

Use this command to configure a maximum global limit to the number of allowable IGMP states
(groups) on the router. By default, no IGMP limit exists.
Syntax
[no] ip igmp limit <limit>
Variable
Value
[no]
Removes the configured IGMP state limit.
<limit>
Specifies the maximum allowable IGMP

states on the router. Values range from 1 to
2097152.
Example
SR/configure#ip igmp limit 45
628
October 2010
configure ip igmp ssm-map enable
configure ip igmp ssm-map enable

Use this command to enable static source specific multicast (SSM) mapping. By default, SSM
mapping is disabled.
Syntax
[no] ip igmp ssm-map enable
Variable
[no]
Value
Disables SSM mapping.
Example
SR/configure#ip igmp ssm-map enable
configure ip igmp ssm-map static

Use this command to statically map a specified source address to an SSM group specified in
the access list. The router applies the mapping after it receives an IGMPv1/v2 report for the
specified group. By default, no static SSM maps are configured.
Syntax
[no] ip igmp ssm-map static <access-list> <source-addr>
Variable
Value
[no]
Removes the specified static SSM map.
<access-list>
Specifies an IP named access-list.
<source-addr>
Specifies am IPv4 multicast source address.
Example
SR/configure#ip igmp ssm-map static newlist 10.10.10.1
October 2010
629
IGMP commands
configure interface ip igmp access-group

Use this command to control the multicast groups on an interface. Hosts on a subnet serviced
by a particular interface have the access to join certain multicast groups. Use the no form of
the command to disable groups on an interface.
Syntax
[no] ip igmp access-group {<accesslist>|<word>}
Variable
Value
<accesslist>

to 99 for simple range value and 1300 to
<word>
Example
ip igmp access-group 1
configure interface ip igmp immediate-leave

Use this command to minimize the leave latency of IGMP memberships for IGMPv2. Use the
no form of this command to disable this feature.
Use this command on an interface if only one IGMP-enabled neighbor is connected to the
interface.
Syntax
[no] ip igmp immediate-leave group-list {<accesslist>|<word>}
630
Variable
Value
<accesslist>

to 99 for simple range value and 1300 to
<word>
October 2010
configure interface ip igmp last-member-query-count
Example
group-list 34
ip igmp immediate-leave
configure interface ip igmp last-member-query-count

Use this command to configure the last member query counter. Use the no form of this
command to return to the default.
Syntax
[no] ip igmp last-member-query-count <count>
Variable
Value
<count>
The last member query count value, in the

range 2 to 7.
Example
count 3
ip igmp last-member-query-
configure interface ip igmp last-member-query-interval

Use this command to configure the frequency at which the router sends IGMP group specific
host query messages. Use the no form of this command to return to the default.
Syntax
[no] ip igmp last-member-query-interval <interval>
Variable
Value
<interval>
The last member query interval, in the range

1 to 25.
Example
interval 5
ip igmp last-member-query-
October 2010
631
IGMP commands
configure interface ip igmp limit

Use this command to configure a maximum limit to the number of allowable states (groups)
on an interface. By default, no IGMP limit exists.
Syntax
[no] ip igmp limit <limit>
Variable
Value
[no]
Removes the configured IGMP state limit.
<limit>
Specifies the maximum allowable IGMP

states on the interface. Values range from 1
to 2097152.
Example
SR/configure/interface/vlan vlan3#ip igmp limit
configure interface ip igmp querier-timeout

Use this command to configure the timeout period before the router takes over as the querier for
the interface after the previous querier has stopped querying. Use the no form of this command
to restore the default value.
Syntax
[no] ip igmp querier-timeout <timeout>
Variable
Value
<timeout>
The number of seconds the router waits after

the previous querier has stopped its query
before it takes over. Valid range is 60 to 300
(default is 255 seconds).
Example
632
ip igmp querier-timeout 120
October 2010
configure interface ip igmp query-interval
configure interface ip igmp query-interval

Use this command to configure the frequency at which NSM sends IGMP host query
messages. Use the no form of this command to return the frequency to default.
Syntax
[no] ip igmp query-interval <interval>
Variable
Value
<interval>
The frequency, in seconds, at which IGMP

group-specific host query message are sent.
Valid range is 1 to 65535 (default is 125
seconds).
Example
ip igmp query-interval 120
configure interface ip igmp query-max-response-time

Use this command to configure the maximum response time advertised in IGMP queries. Use
the no form of this command to restore the default value
Syntax
[no] ip igmp query-max-response-time <responsetime>
Variable
Value
<responsetime>
The maximum response time, in seconds,

advertised in IGMP queries. Valid range is 1
to 25 (default is 10 seconds).
Example
time 8
ip igmp query-max-response-
October 2010
633
IGMP commands
configure interface ip igmp robustness-variable

Use this command to set the Robustness-Variable value. Use the no form of this command to
return to the default value.
Syntax
[no] ip igmp robustness-variable <value>
Variable
Value
<value>
The Robustness Variable value. Valid range

is 2 to 7 (default is 2).
Example
SR/configure/interface/ethernet (6/13)# ip igmp robustness-variable 4
configure interface ip igmp static-group

Use this command to add a static IGMP group on an interface. By default, no static IGMP
groups are configured.
Syntax
[no] ip igmp static-group <group-addr> [source {<source-addr> | ssmmap}] [interface <if-name>}]
Variable
634
Value
[no]
Removes the specified static group.
<group-addr>
Specifies the multicast group address to

statically configure.
<source-addr>
Specifies the multicast source address to

associate with this group.
ssm-map
Specifies to use Source Specific Multicast

(SSM) mapping to identify the source to
<if-name>
Specifies the interface name to associate

with this group.
October 2010
configure interface ip igmp version
Example
SR/configure/interface/vlan vlan3#ip igmp static-group 10.1.1.2
source 10.10.10.2
configure interface ip igmp version

Use this command to set the IGMP version to be used. Use the no form of this command to
return to the default version.
Syntax
[no] ip igmp version <version>
Variable
Value
<version>
The IGMP version number to be used. Valid

Example
SR/configure/interface/ethernet (6/13)# ip igmp version 2
show ip igmp groups

Use this command to show the multicast groups with receivers directly connected to the router
and learned through IGMP.
Syntax
show ip igmp groups <groupaddress> <ifname> [detail]
Variable
Value
<groupaddress>
The multicast group address.
<ifname>
The multicast group name.
[detail]
Show detailed information (optional).
Example
SR# show ip igmp groups 10.1.1.0
October 2010
635
IGMP commands
show ip igmp interface

Use this command display multicast-related information about an interface. Use the command
without parameters to display information for all interfaces or with an interface name for a
specific interface.
Syntax
show ip igmp interface [<interface>]
Variable
Value
[<interface>]
Example
SR# show ip igmp interface ethernet0/2
show ip igmp statistics

Use this command to display IGMP statistics.
Syntax
show ip igmp statistics <if-name> [detail]
Variable
Value
<if-name>
Specifies the interface for which to display

the IGMP statistics.
[detail]
Provides additional detail in the command

output.
Example
SR#show ip igmp statistics detail
636
October 2010
Chapter 47: RIPng commands
clear ipv6 rip route

Use this command to clear specific data from the RIPng routing table.
Syntax
clear ipv6 rip route [X:X::X:X/M | static | connected | rip | ospf |
bgp |all]
Variable
Value
X:X::X:X/M
Removes entries which exactly match this

destination address from the RIPng routing
table.
static
Removes redistributed static entries from the

RIPng routing table.
connected
Removes redistributed connected entries

from RIPng routing table.
rip
Removes RIPng routes from the RIPng

routing table.
ospf
Removes redistributed OSPFv3 routes from

the RIPng routing table.
bgp
Removes redistributed BGP4+ routes from

the RIPng routing table.
all
Clears the entire RIPng routing table.
Example
SR# clear ipv6 rip route bgp
October 2010
637
RIPng commands
configure interface ipv6 rip split-horizon

Use this command to perform the split-horizon action on the interface. Use the no parameter
Syntax
[no] ipv6 rip split-horizon [poisoned]
Variable
Value
[poisoned]
Performs split-horizon with poisoned

reversed (the default setting).
Example
SR/configure/interface/ethernet (6/13)# ipv6 rip split-horizon
configure interface ipv6 router rip

Use this command to enable RIPng on the interface. Use the no parameter with this command
to remove RIPng routes learned from neighbors and keep the RIPng network intact.
Syntax
[no] ipv6 router rip
Variable
Value
[poisoned]
Performs split-horizon with poisoned

reversed (the default setting).
Example
SR/configure/interface/ethernet (6/13)# ipv6 router rip
configure router ipv6 rip

Use this global command to enable a RIPng routing process. Use the no parameter with this
command to disable the RIPng routing process.
638
October 2010
configure router ipv6 rip aggregate-address
Syntax
[no] router ipv6 rip
Example
SR/configure/router/ipv6/rip#
router ipv6 rip
configure router ipv6 rip aggregate-address

Use this command to aggregate RIPng routes. Use the no parameter with this command to
disable this feature.
Syntax
[no] aggregate-address X:X::X:X/P
Example
aggregate-address 12AB::CD30:0:0/8
configure router ipv6 rip default-information

Use this command to add default routes to the RIPng updates. Use the no form of this
command to disable this feature.
Syntax
[no] default-information originate
Example
SR/configure/router/ipv6/rip# default-information originate
configure router ipv6 rip default-metric

Use this command to specify the metrics to be assigned to redistributed routers. Use the no
form of this command to disable this feature. The default metric value is 1.
Use this command with the redistribute command to make the routing protocol use the
specified metric value for all redistributed routes. Default metric is useful in redistributing routes
with incompatible metrics. Every protocol has different metrics and cannot be compared
directly. Default metric provides the standard to compare. All routes that are redistributed will
use the default metric
October 2010
639
RIPng commands
Syntax
[no] default-metric <1-16>
Example
SR/configure/router/ipv6/rip# default-metric 10
configure router ipv6 rip distance

Use this command to set the administrative distance.
Syntax
distance <distancevalue>
Variable
Value
<distancevalue>
The administrative distance value.
Example
SR/configure/router/ipv6/rip# distance 10
configure router ipv6 rip distribute-list

Use this command to filter incoming or outgoing route updates using the access-list or the
prefix-list. Use the no form of this command to disable this feature. This command is disabled
by default.
Syntax
distribute-list [<prefix>|<accesslist>] <direction> <interface>
640
Variable
Value
<prefix>
Specifies the name of the IPv6 prefix-list to

use.
<accesslist>
Specifies the IPv6 access-list number or

name to use.
<direction>
Direction to filter routing updates, in or out.
<interface>
Specifies the name of the interface for which

distribute-list applies.
October 2010
configure router ipv6 rip neighbor
Example
SR/configure/router/ipv6/rip# distribute-list access10 in
ethernet6/12
configure router ipv6 rip neighbor

Use this command to configure a router neighbor. Use the no parameter with this command
to disable the specific router.
Syntax
[no] neighbor <address> <interface>
Variable
Value
<address>
Specifies the link-local IPv6 address

(X:X::X:X) of a neighboring router with which
the routing information is exchanged.
<interface>
RIPng interface.
Example
SR/configure/router/ipv6/rip# neighbor 3ffe:30::10:10 ethernet6/13
configure router ipv6 rip offset-list

Use this command to add an offset to in and out metrics to routes learned through RIPng. Use
the no parameter with this command to remove this function.
Syntax
offset-list <name> <direction> <metricvalue> <interfacename>
Variable
Value
<name>
<direction>
Direction of updates. In or out.
<metricvalue>
The metric value to modify.
<interfacename>
The interface name.
October 2010
641
RIPng commands
Example
offset-list 1 in 5 ethernet0/1
configure router ipv6 rip passive-interface

Use this command to enable suppression of routing updates on an interface. Use the no
Syntax
[no] passive-interface <interface>
Variable
Value
<interface>
The interface for which you want to suppress

routing updates.
Example
passive-interface ethernet6/6
configure router ipv6 rip redistribute

Use this command to redistribute information from other routing protocols. Use the no
Syntax
redistribute [connected|static|ospf|bgp] <metric> <routemap>
642
Variable
Value
connected
Redistribute from connected routes
static
Redistribute from static routes
ospf
Redistribute from Open Shortest Path First

(OSPF)
bgp
Redistribute from Border Gateway Protocol

(BGP)
<metric>
Metric <0-16> Specifies metric value to be

used in redistributing information
October 2010
configure router ipv6 rip route-map
<routemap>
Specifies route-map to be used to

redistribute information
Example
SR/configure/router/ipv6/rip# redistribute ospf route-map map1
configure router ipv6 rip route-map

Use this command to set a route map. Use the no form of this command to disable this function.
Syntax
[no] route-map <route-map-name> {in|out} <if-name>
Variable
Value
<route-map-name>
Specifies the route map name.
<if-name>
Specifies the interface name.
Example
SR/configure/router/ipv6/rip# route-map rmap in wan1
configure router ipv6 rip timers

Use this command to adjust routing network timers. Use the no parameter with this command to
restore the defaults.
Syntax
timers basic <update> <timeout> <garbage>
Variable
Value
<update>
<5-2147483647> Specifies the routing table

update timer in seconds. The default is 30
seconds.
<timeout>

information timeout timer in seconds. The
default is 180 seconds. After this interval has
October 2010
643
RIPng commands
elapsed and no updates for a route are

received, the route is declared invalid.
<garbage>

garbage collection timer in seconds. The
default is 120 seconds. If a route remains
invalid for the period specified by this
variable, it is permanently removed from the
routing table.
Example
SR/configure/router/ipv6/rip# timers basic 30 180 120
show ipv6 protocols rip

Use this command to display RIPng process parameters and statistics.
Syntax
show ipv6 protocols rip
Example
SR# show ipv6 protocols rip
show ipv6 rip

Use this command to display the IPv6 RIP routes.
Syntax
show ipv6 rip
Example
SR# show ipv6 rip
show ipv6 rip database

Use this command to display the IPv6 RIP database.
Syntax
show ipv6 rip database
644
October 2010
show ipv6 rip interface
Example
SR# show ipv6 rip database
show ipv6 rip interface

Use this command to display IPv6 RIP interface status and configuration.
Syntax
show ipv6 rip interface [<if-name>]
Example
SR# show ipv6 rip interface ethernet0/1
October 2010
645
RIPng commands
646
October 2010
Chapter 48: OSPFv3 commands
clear ipv6 ospf

Use this command to clear and restart the OSPFv3 routing process. You can specify the
Process ID to clear one particular OSPFv3 process. When no process ID is specified, this
command clears all running OSPFv3 processes.
Syntax
clear ipv6 ospf {<processid> | process}
Variable
Value
<processid>
The OSPFv3 process to clear.
Example
SR# clear ip ospf process
configure interface ipv6 router ospf

Use this command to enable OSPFv3 routing on an interface. Use the no parameter with this
command to disable OSPFv3 routing on an interface.
Syntax
[no] ipv6 router ospf area <area-id> [tag <tag>] [instance-id
<0-255>]
Variable
Value
area <area-id>

format.
[tag <tag>]
Specifies the OSPF process tag.
October 2010
647
OSPFv3 commands
[instance-id <0-255>]
Specifies the interface instance ID.
Example
SR/configure/interface/ethernet (6/7)# ipv6 ospf area 1
configure interface ipv6 ospf cost

Use this command to specify the link-cost described in LSAs. Use the no parameter with this
command to reset the cost to default.
Syntax
[no] ipv6 ospf cost <cost> [instance-id <1-255>]
Variable
Value
<cost>
Specifies the cost of the interface (1-65535).

Specifies the instance ID of the interface

(1-255). The default value is 0.
Example
SR/configure/interface/ethernet (6/7)# ipv6 ospf cost 300 instanceid 5
configure interface ipv6 ospf dead-interval

Use this command to set the interval during which no hello packets are received and after
which a neighbor is declared dead. Use the no parameter with this command to reset the
interval to default.
Syntax
[no] ipv6 ospf dead-interval <interval> [instance-id <1-255>]
648
Variable
Value
<interval>
Specifies the interval in seconds. The default

interval is 40 seconds.
October 2010
configure interface ipv6 ospf hello-interval

Example
SR/configure/interface/ethernet (6/7)# ipv6 ospf dead-interval 10
configure interface ipv6 ospf hello-interval

Use this command to specify the interval between hello packets. Use the no parameter with
this command to reset the interval to default.
Syntax
[no] ipv6 ospf hello-interval <interval> [instance-id <1-255>]
Variable
Value
<interval>
Specifies the interval in seconds. The default

interval is 10 seconds.

Example
SR/configure/interface/ethernet (6/7)# ipv6 ospf hello-interval 3
configure interface ipv6 ospf mtu

Use this command to specify the OSPFv3 interface Maximum Transmission Units (MTU).
Syntax
ipv6 ospf mtu <576-65535>
Example
SR/configure/interface/ethernet (6/7)# ipv6 ospf mtu 1480
configure interface ipv6 ospf mtu-ignore

Use this command to set OSPFv3 to ignore the MTU in DBD packets.
October 2010
649
OSPFv3 commands
Syntax
ipv6 ospf mtu-ignore
Example
SR/configure/interface/ethernet (6/7)# ipv6 ospf mtu-ignore
configure router ospf neighbor

Use this command to configure a router OSPF neighbor.
Syntax
neighbor <A.B.C.D> [cost <cost_metric>] [poll-interval <interval>]
[priority <priority>]
Variable
Value
<A.B.C.D>
Specifies the OSPF neighbor IP address.
cost <cost_metric>
Specifies the OSPF cost metric for point-to-multipoint

neighbor. Values range from 1 to 65535.
poll-interval <interval>
Specifies the OSPF neighbor dead router poll interval in

seconds. Values range from 1 to 65535 seconds.
priority <priority>
Specifies the OSPF neighbor non-broadcast priority value.

Values range from 0 to 255.
Example
SR/configure/router/ospf#neighbor 10.10.10.1 priority 4
configure interface ipv6 ospf network

Use this command to configure the OSPF network type to a type different from the default for
the media. Use the no form of this command to return to the default value.
Syntax
[no] ipv6 ospf network {broadcast | point-to-point} [instance-id
<1-255>]
Variable
650
Value
October 2010
configure interface ipv6 ospf priority
{broadcast | point-to-point}
The OSPF network type. Possible values

are:
broadcast - broadcast multi-access
network
point-to-point - point to point
network

Example
SR/configure/interface/ethernet (6/7)# ipv6 ospf network point-topoint
configure interface ipv6 ospf priority

Use this command to set the router priority for determining the designated router for the
network. Use the no parameter with this command to reset the value to default.
Syntax
[no] ipv6 ospf priority <priority> [instance-id <1-255>]
Variable
Value
<priority>
Interface priority. Range is 0 to 255. Default

is 1.

Example
SR/configure/interface/ethernet (6/7)# ipv6 ospf priority 3
configure interface ipv6 ospf retransmit-interval

Use this command to set the interval between retransmission of Link State Update packets for
adjacencies belonging to the interface. Use the no parameter with this command to reset the
interval to the default value.
October 2010
651
OSPFv3 commands
Syntax
[no] ipv6 ospf retransmit-interval <interval> [instance-id <1-255>]
Variable
Value
<interval>
Specifies the interval in seconds (1-65535).

The default interval is 5 seconds.

Example
SR/configure/interface/ethernet (6/7)# ipv6 ospf retransmit-interval
6
configure interface ipv6 ospf transmit-delay

Use this command to set the estimated time it takes to transmit a Link State Update packet
over the interface. Use the no parameter with this command to reset the delay to the default
value.
Syntax
[no] ipv6 ospf transmit-delay <delay> [instance-id <1-255>]
Variable
Value
<delay>
Specifies the time, in seconds, to transmit a

link-state update (1-65535). The default
interval is 1 second.

Example
SR/configure/interface/ethernet (6/7)# ipv6 ospf transmit-delay 3
configure router ipv6 ospf

Use this command to initiate the OSPFv3 routing process and specify an OSPFv3 routing
process to configure. Use the no parameter with this command to remove the OSPFv3 process.
652
October 2010
configure router ipv6 ospf abr-type
Syntax
router ipv6 ospf <tag>
Variable
Value
<tag>
OSPFv3 process tag. It is a string comprised

of any characters, numbers or symbols.
Example
SR/configure# router ipv6 ospf 100
configure router ipv6 ospf abr-type

Use this command to specify the OSPFv3 ABR type.
Syntax
abr-type <type>
Variable
Value
<type>
Type of implementation. Possible choices

are:
cisco - Alternative ABR, Cisco
implementation (RFC3509)
ibm - Alternative ABR, IBM
implementation (RFC3509)
standard - Standard behavior
(RFC2328)
Example
SR/configure/router/ipv6/ospf# ospf abr-type standard
configure router ipv6 ospf area default-cost

Use this command to specify a cost for the default summary route sent into a stub or NSSA
area. Use the no form of this command to remove the assigned default-route cost.
October 2010
653
OSPFv3 commands
Syntax
area <area-id> default-cost <cost>
Variable
Value
<area-id>

format.
<cost>
An integer specifying the stub's advertised

default summary cost in the range 0 to
16777215.
Example
SR/configure/router/ipv6/ospf# area 1 default-cost 100
configure router ipv6 ospf area range

Use this command to configure the OSPFv3 IPv6 address range. Use the no parameter with
this command to remove the assigned area range.
Syntax
area <area-id> range <X:X::X:X/M> [advertise|not-advertise]
Variable
Value
advertise
Advertise the range.
<area-id>
The OSPFv3 area id specified in integer (1

to 4294967295) or IPv4 address (A.B.C.D)
format.
not-advertise
Do not advertise the range.
<A.B.C.D/M>
Area range for iPv6 prefix.
Example
SR/configure/router/ipv6/ospf# area 1 range 12AB::CD30:0:0/24
654
October 2010
configure router ipv6 ospf area stub
configure router ipv6 ospf area stub

Use this command to define an area as a stub area. Use the no parameter with this command to
Syntax
area <area-id> stub [no-summary]
Variable
Value
<area-id>

4294967295) or IPv4 address (A.B.C.D)
format.
[no-summary]
Stops an ABR from sending summary link

advertisements into the stub area.
Example
SR/configure/router/ipv6/ospf# area 1 stub
configure router ipv6 ospf area virtual-link

Use this command to configure a link between two backbone areas that are physically
separated through other nonbackbone areas. Use the no parameter with this command to
break the virtual-link.
Syntax
[no] area <area-id> virtual-link <A.B.C.D> [dead-interval <interval>]
[hello-interval <interval>] [retransmit-interval <interval>]
[transmit-delay <interval>] <0-255>
Variable
Value
<A.B.C.D>
The router ID of the virtual link neighbor.
<area-id>

format.
[dead-interval <interval>]
The interval during which no packets are

received and after which the router considers
October 2010
655
OSPFv3 commands
neighboring router as off-line. The default is

40 seconds
[hello-interval <interval>]
The interval during which no packets are

received and after which the router considers
neighboring router as off-line. The default is
40 seconds
[retransmit-interval <interval>]
The interval the router waits before it

retransmit a packet. The default is 5
seconds.
[transmit-delay <interval>]
The delay to be added to LS age when an

LSA is transmitted.
<0-255>
Specifies interface instance ID. The default

value is 0.
Example
SR/configure/router/ipv6/ospf# area 1 virtual-link 10.10.11.50 hellointerval 5 dead-interval 10
configure router ipv6 ospf auto-cost

Use this command to control how OSPF calculates default metrics for the interface. Use the
no parameter with this command to assign cost based only on the interface type.
By default OSPF calculates the OSPF metric for an interface by dividing the reference
bandwidth by the interface bandwidth. The default value for the reference bandwidth is
100Mbps. The auto-cost command is used to differentiate high bandwidth links. For multiple
links with high bandwidth, specify a larger reference bandwidth value to differentiate cost on
those links.
Syntax
auto-cost reference-bandwidth <bandwidth>
Variable
Value
<bandwidth>
Reference bandwidth in terms of Mbits per

second, in the range 1 to 4294967.
Example
SR/configure/router/ipv6/ospf# auto-cost reference-bandwidth 250
656
October 2010
configure router ipv6 ospf default-metric
configure router ipv6 ospf default-metric

Use this command to set default metric values for the OSPF routing protocol. Use the no
parameter with this command to return to the default state.
Syntax
default-metric <value>
Variable
Value
<value>
The default metric value, in the range 0 to

16777214.
Example
SR/configure/router/ipv6/ospf# default-metric 100
configure router ipv6 ospf distance

Use this command to define an administrative distance.
Syntax
distance [ospf {external | inter-area | intra-area}] <distance>
Variable
Value
[ospf {external | inter-area | intra-area}]
Specifies administrative distance for OSPF

external, inter-area, or intra-area routes.
<distance>
The OSPF administrative distance, in the

range 1 to 255.
Example
SR/configure/router/ipv6/ospf# distance 20
October 2010
657
OSPFv3 commands
configure router ipv6 ospf log-adjacency-changes

Use this command to enable logging of adjacency state changes.
Syntax
log-adjacency-changes [detail]
Variable
Value
[detail]
Log all state changes.
Example
SR/configure/router/ipv6/ospf# log-adjacency-changes
configure router ipv6 ospf max-concurrent-dd

Use this command to specify the maximum number allowed to process DD concurrently.
Syntax
max-concurrent-dd <maxprocess>
Variable
Value
<maxprocess>
Maximum number of DD processes.
Example
SR/configure/router/ipv6/ospf# max-concurrent-dd 5
configure router ipv6 ospf passive-interface

Use this command to suppress sending Hello packets on the specified interface.
Syntax
658
October 2010
configure router ipv6 ospf redistribute

Variable
Value
<interface>
The interface you want to suppress routing

updates.
Example
SR/configure/router/ipv6/ospf# passive-interface ethernet0/1
configure router ipv6 ospf redistribute

Use this command to redistribute routes from other routing protocols and static routes into the
OSPF routing table. Use the no parameter with this command to disable this function.
Syntax
redistribute <protocol> [metric <0 - 16777214>] [metric-type <1-2>]
[route-map <map>] [tag <0-4294967295>]
Variable
Value
<protocol>
Protocol to redistribute: bgp, connected, rip,

or static.
metric <0 - 16777214>
Specifies a metric for redistributed routes.
metric-type <1-2>
Specifies the OSPFv3 exterior metric type for

redistributed routes.
route-map <map>
Route map reference.
tag <0-4294967295>
Specifies a tag for routes redistributed into

OSPFv3.
Example
SR/configure/router/ipv6/ospf# redistribute static
configure router ipv6 ospf timers spf

Use this command to adjust routing timers.
October 2010
659
OSPFv3 commands
This command configures the delay time between the receipt of a topology change and the
calculation of the Shortest Path First (SPF). This command also configures the hold time
between two consecutive SPF calculations.
Syntax
timers spf <delay> <hold>
Variable
Value
<delay>
Delay between receiving a change to SPF

calculation, in the range 0 to 2147483647.
<hold>
Hold time between consecutive SPF

calculations, in the range 0 to 2147483647.
Example
SR/configure/router/ipv6/ospf# timers spf 5 10
configure terminal interface ip ospf demand-circuit

Use this command to configure an interface as an OSPF demand circuit. By default, no OSPF
demand circuits are configured.
Syntax
[no] ip ospf demand-circuit
Variable
[no]
Value
Disables OSPF demand circuit
Example
SR/configure/interface ethernet 0/1#ip ospf demand-circuit
show ipv6 ospf border-routers

Use this command to show border and boundary router information.
Syntax
show ipv6 ospf border-routers
660
October 2010
show ipv6 ospf database
Example
SR# show ip ospf border-routers

Use this command to show the OSPFv3 database summary.
Syntax
Example
SR# show ipv6 ospf database
show ipv6 ospf interface

Use this command to display detailed OSPFv3 interface information.
Syntax
show ipv6 ospf interface <interface>
Variable
Value
<interface>
Example
SR# show ipv6 ospf interface ethernet6/12
show ipv6 ospf neighbor

Use this command to display router neighbor information.
Syntax
show ipv6 ospf neighbor [<if-name>|<A.B.C.D>|detail]
Variable
Value
October 2010
661
OSPFv3 commands
<if-name>
<A.B.C.D>
Specifies the neighbor ID.
detail
Example
SR# show ipv6 ospf neighbor
show ipv6 ospf route

Use this command to display OSPFv3 routes learned from neighbors
Syntax
show ipv6 ospf route
Example
SR# show ipv6 ospf route
show ipv6 ospf virtual-links

Use this command to show OSPFv3 virtual link information.
Syntax
show ipv6 ospf virtual-links
Example
SR# show ipv6 ospf virtual-links
662
October 2010
Chapter 49: BGP4+ commands
clear bgp ipv6

Use this command to reset an IPv6 BGP connection.
Syntax
clear bgp ipv6 {* | v4 | v6 | <1-65535> | <A.B.C.D> | <X:X::X:X>}
[in|out|soft] [prefix-filter]
Variable
Value
Clears all peers.
v4
v6
<1-65535>
Clears peers with the specified AS number.
<A.B.C.D> | <X:X::X:X>
Specifies a BGP neighbor address to clear.
in
out
soft

cleared
[prefix-filter]

reconfiguration.
Example
SR#
clear bgp ipv6 v6
clear bgp ipv6 dampening

Use this command to reset all dampened BGP4+ routes under the specified address family.
October 2010
663
BGP4+ commands
Syntax
clear bgp ipv6 dampening <X:X::X:X|X:X::X:X/M>
Example
SR#
clear bgp ipv6 dampening 2003::/64
clear bgp ipv6 external

Use this command to reset the BGP4+ connection for all external peers.
Syntax
clear bgp ipv6 external [in|out|soft] [prefix-filter]
Variable
Value
in
out
soft

cleared
[prefix-filter]

reconfiguration.
Example
SR# clear bgp ipv6 external in prefix-filter
clear bgp ipv6 flap-statistics

Syntax
clear bgp ipv6 flap-statistics <X:X::X:X|X:X::X:X/M>
Example
SR#
664
clear bgp ipv6 flap-statistics 2003::/64
October 2010

Use this command to reset the BGP4+ connection for all members of a peer group.
Syntax
clear bgp ipv6 peer-group <peer-group> [in|out|soft] [prefix-filter]
Variable
Value
in
out
soft

cleared
[prefix-filter]

reconfiguration.
Example
SR#
clear bgp ipv6 peer-group P1 soft in

Use this command to reset the BGP connection for ipv6 peers having the unicast capability
enabled.
Syntax
clear bgp ipv6 unicast * [in|out|soft]
Variable
Value
in
out
soft
Indicates that both incoming and outgoing routes will be cleared.
[prefix-filter]
Pushes out existing ORF prefix-list.
Example
SR# clear bgp| ipv6 unicast * in prefix-filter
October 2010
665
BGP4+ commands

Use this command to reset the BGP connection for ipv6 peers having the multicast capability
enabled.
Syntax
clear bgp ipv6 multicast * [in|out|soft]
Variable
Value
in
out
soft
[prefix-filter]
Pushes out existing ORF prefix-list.
Example
SR# clear bgp ipv6 multicast * in prefix-filter

Use this command to reset the BGP connection for all ipv6 peers having the unicast capability
enabled.
Syntax
clear bgp ipv6 unicast <A.B.C.D | X:X::X:X> [in|out|soft]
Variable
666
Value
in
out
soft

cleared.
[prefix-filter]
<A.B.C.D>
<X:X::X:X>
October 2010
Example
SR# clear bgp ipv6 unicast 2.2.2.2 out

Use this command to reset the BGP connection for all ipv6 peers having the multicast capability
enabled.
Syntax
clear bgp ipv6 multicast <A.B.C.D | X:X::X:X> [in|out|soft]
Variable
Value
in
out
soft

cleared.
[prefix-filter]
<A.B.C.D>
<X:X::X:X>
Example
SR# clear bgp ipv6 multicast 2.2.2.2 out
clear bgp ipv6 unicast external

Use this command to reset the BGP connection for ipv6 external peers having the unicast
capability enabled.
Syntax
clear bgp ipv6 unicast external [in | out | soft]
Variable
Value
in
out
October 2010
667
BGP4+ commands
Variable
Value
soft
[prefix-filter]
Example
SR# clear bgp ipv6 unicast external
clear bgp ipv6 multicast external

Use this command to reset the BGP connection for ipv6 external peers having the multicast
capability enabled.
Syntax
clear bgp ipv6 multicast external [in | out | soft]
Variable
Value
in
out
soft
[prefix-filter]
Example
SR# clear bgp ipv6 multicast external
clear bgp ipv6 unicast peer-group

the unicast capability enabled.
Syntax
clear bgp ipv6 unicast peer-group <WORD> [in|out|soft]
Variable
in
668
Value
October 2010
Variable
Value
out
soft
[prefix-filter]
Example
SR# clear bgp ipv6 unicast peer-group GRP

the multicast capability enabled.
Syntax
clear bgp ipv6 multicast peer-group <WORD> [in|out|soft]
Variable
Value
in
out
soft
[prefix-filter]
Example
SR# clear bgp ipv6 multicast peer-group GRP
clear bgp ipv6 unicast dampening

Use this command to reset all dampened BGP routes under the unicast address family.
Syntax
clear bgp ipv6 unicast dampening <X:X::X:X | X:X::X:X /M>
October 2010
669
BGP4+ commands

Variable
Value
<X:X::X:X>

cleared.
<X:X::X:X /M>
Specifies the IPv6 address with mask for which BGP dampening is
to be cleared.
Example
SR# clear bgp ipv6 unicast dampening 1000::1
clear bgp ipv6 multicast dampening

Use this command to reset all dampened BGP routes under the multicast address family.
Syntax
clear bgp ipv6 multicast dampening <X:X::X:X | X:X::X:X /M>
Variable
Value
<X:X::X:X>

cleared.
<X:X::X:X /M>
Specifies the IPv6 address with mask for which BGP

dampening is to be cleared.
Example
SR# clear bgp ipv6 multicast dampening 1000::1/64

Syntax
clear bgp ipv6 unicast flap-statistics <X:X::X:X | X:X::X:X /M>
670
October 2010

Variable
Value
<X:X::X:X>
Specifies the IPv6 address for which BGP the flap-statistics is to be

cleared.
<X:X::X:X /M>
Specifies the IPv6 address with mask for which the flap-statistics is to
be cleared.
Example
SR# clear bgp ipv6 unicast flap-statistics 1000::1

Syntax
clear bgp ipv6 multicast flap-statistics <X:X::X:X | X:X::X:X /M>
Variable
Value
<X:X::X:X>
Specifies the IPv6 address for which BGP the flap-statistics is to

be cleared.
<X:X::X:X /M>
Specifies the IPv6 address with mask for which the flap-statistics
is to be cleared.
Example
SR# clear bgp ipv6 multicast flap-statistics 1000::1/64
configure router bgp

Use this command to enable BGP to support the exchange of routes between autonomous
systems. This command enables BGP with mainly default configuration values. Any peer
groups created under BGP inherit these default values. You can choose to override (customize)
many of these BGP global values at the BGP group or individual peer level.
Syntax
[no] router bgp <1-65535>
October 2010
671
BGP4+ commands
Example
SR/configure# router bgp 12
configure router bgp address-family ipv6

Use this command to enter the address family configuration level allowing configuration of
IPv6-specific parameters.
Syntax
address-family ipv6
Example
SR/configure/router/bgp 12# address-family ipv6 [unicast|multicast]
configure router bgp address-family ipv6 aggregateaddress

Use this command to configure BGP aggregate entries.
Syntax
aggregate-address <prefix> [as-set] [summary-only]
Variable
Value
[as-set]
Generate AS set path information.
[summary-only]
Filter more specific routes from updates.
Example
SR/configure/router/bgp 1001/address-family ipv6# aggregate-address ::FFFF:000
configure router bgp address-family ipv6 bgp dampening

Use this command to enable and configure BGP route flap dampening.
Syntax
bgp dampening [route-map <mapname>] [<hltime> <reuse> <suppress>
<duration> <uhltime>]
672
October 2010
configure router bgp address-family ipv6 bgp scan-time

Variable
Value
<duration>
Maximum duration to suppress a stable

route.
<hltime>
Reachability half-life time for a penalty, in

minutes.
<reuse>
Value to start reusing a route.
[route-map <mapname>]
Configure route-map criteria by map name.
<suppress>
Value to start suppressing a route.
<uhltime>
Unreachability half-life time for a penalty, in

minutes.
Example
SR/configure/router/bgp 1001/address-family ipv6#
800 2500 80 25
bgp dampening 20
configure router bgp address-family ipv6 bgp scan-time

Use this command to set the interval for BGP route next-hop scanning.
Syntax
bgp scan-time <interval>
Variable
Value
<interval>
Scanning interval in seconds. Value range is

10-60. Default scanning interval is 60
seconds.
Example
bgp scan-time 10
configure router bgp address-family ipv6 distance

Use this command to configure the administrative distance.
October 2010
673
BGP4+ commands
Syntax
distance [<distance>] [bgp <ext> <int> <local>]
Variable
Value
[bgp]
Configure the BGP distance.
[<distance>]
Configure the administrative distance, in the

range 1 to 255.
<ext>
Distance for routes external to the AS, in the

range 1 to 255.
<int>
Distance for routes internal to the AS, in the

range 1 to 255.
<local>
Distance for local routes, in the range 1 to

255.
Example
distance 20
configure router bgp address-family ipv6 ebgp-ecmp

Use this command to preform EBGP ECMP processing.
Syntax
ebgp-ecmp
Example
ebgp-ecmp
configure router bgp address-family ipv6 neighbor activate

Use this command to activate the current address family for the supplied neighbor.
Syntax
neighbor {<X:X::X:X> | <tag>} activate
Example
0006 activate
674
neighbor ::FFFF:
October 2010
configure router bgp address-family ipv6 neighbor allowas-in
configure router bgp address-family ipv6 neighbor allowasin

Use this command to accept as-path with my AS present in it.
Syntax
neighbor {<X:X::X:X> | <tag>} allowas-in [<1-10>]
Variable
Value
[<1-10>]
Number of occurences of AS number.
Example
0006 allowas-in 2
neighbor ::FFFF:
configure router bgp address-family ipv6 neighbor

attribute-unchanged
Use this command to advertise unchanged BGP attributes to the specified neighbor. Use the
no form of this command to disable this function.
Syntax
[no] neighbor {<X:X::X:X> | <tag>} attribute-unchanged [med] [nexthop] [as-path]
Variable
Value
[med]
MED attribute.
[next-hop]
Next-hop attribute.
[as-path]
AS-path attribute.
Example
0006 attribute-unchanged med
neighbor ::FFFF:
October 2010
675
BGP4+ commands

capability orf prefix-list
Use this command to advertise ORF capabilities to a neighbor. Use the no parameter with this
command to disable this function.
Syntax
[no] neighbor {<X:X::X:X> | <tag>} capability orf prefix-list {both |
receive | send}
Variable
Value
both
Indicates that the local router can send ORF

entries to its peer as well as receive ORF
entries from its peer.
receive
Indicates that the local router is willing to

receive ORF entries from its peer.
send
Indicates that the local router is willing to

send ORF entries to its peer.
Example
0006 capability orf prefix-list both
neighbor ::FFFF:
configure router bgp address-family ipv6 neighbor defaultoriginate

Use this command to originate a default route to the specified neighbor.
Syntax
neighbor {<X:X::X:X> | <tag>} default-originate route-map <mapname>
676
Variable
Value
<mapname>
The route-map name.
October 2010
configure router bgp address-family ipv6 neighbor distribute-list
Example
0006 default-originate route-map myroute
neighbor ::FFFF:

distribute-list
Use this command to filter route updates from a particular BGP neighbor. Use the no parameter
with this command to remove an entry.
Syntax
[no] neighbor {<X:X::X:X> | <tag>} distribute-list <identifier> {in|
out}
Variable
Value
<identifier>
The distribute list identifier. Possible values

are:
IP access list number, in the range 1 to 199
Expanded range IP access list number, in
the range 1300 to 2699
The IP access list name
{in|out}
Indicates that incoming or outgoing

advertised routes are to be filtered.
Example
0006 distribute-list 2
neighbor ::FFFF:
configure router bgp address-family ipv6 neighbor filter-list

Use this command to establish BGP filters.
Syntax
neighbor {<X:X::X:X> | <tag>} filter-list <listname> {in|out}
October 2010
677
BGP4+ commands

Variable
Value
in
Filter incoming routes.
<listname>
The AS path access list name.
out
Filter outgoing routes.
Example
0006 list1 in
neighbor ::FFFF:

maximum-prefix
Use this command to set the maximum number of prefixes accepted from the specified peer.
Syntax
neighbor {<X:X::X:X> | <tag>} maximum-prefix <maxprefix>
Variable
Value
<maxprefix>
The maximum number of prefixes, in the

range 1 to 4294967295.
Example
0006 maximum-prefix 1244
neighbor ::FFFF:
configure router bgp address-family ipv6 neighbor nexthop-self

Use this command to advertise the local router ID as the next hop to force iBGP peers and/
or eBGP Confederation Peers in the local AS to use that local node as the next hop for routing
traffic to destinations outside the AS.
Syntax
neighbor {<X:X::X:X> | <tag>} next-hop-self
678
October 2010
configure router bgp address-family ipv6 neighbor prefix-list
Example
0006 next-hop-self
neighbor ::FFFF:
configure router bgp address-family ipv6 neighbor prefixlist

Use this command to filter updates to and from the specified neighbor.
Syntax
neighbor {<X:X::X:X> | <tag>} prefix-list <name> {in|out}
Variable
Value
in
Filter incoming updates.
<name>
The name given to the prefix list.
out
Filter outgoing updates.
Example
0006 prefix-list mylist in
neighbor ::FFFF:
configure router bgp address-family ipv6 neighbor removeprivate-AS

Use this command to remove private AS numbers from route advertisements to avoid
propagating those routes to other BGP peers. When an ISPs local eBGP peer receives a route
update message from an eBGP peer on a private AS, the ISPs peer must remove the private
AS numbers.
Syntax
neighbor {<X:X::X:X> | <tag>} remove-private-AS
Example
0006 remove-private-AS
neighbor ::FFFF:
October 2010
679
BGP4+ commands
configure router bgp address-family ipv6 neighbor routemap

Use this command to apply a route map to the specified neighbor.
Syntax
neighbor {<X:X::X:X> | <tag>} route-map <mapname> {in|out}
Variable
Value
in
Apply route map to incoming routes.
<mapname>
The name of the route map.
out
Apply route map to outbound routes.
Example
0006 route-map route2 in
neighbor ::FFFF:
configure router bgp address-family ipv6 neighbor routereflector-client

Use this command to configure the specified neighbor as a route reflector client. Use the no
form of this command to disable this function.
Syntax
[no] neighbor {<X:X::X:X> | <tag>} route-reflector-client
Example
0006 route-reflector-client
680
neighbor ::FFFF:
October 2010
configure router bgp address-family ipv6 neighbor route-server-client
configure router bgp address-family ipv6 neighbor routeserver-client

Use this command to configure the specified neighbor as a route server client. Use the no form
of this command to disable this function.
Syntax
[no] neighbor {<X:X::X:X> | <tag>} route-server-client
Example
0006 route-server-client
neighbor ::FFFF:
configure router bgp address-family ipv6 neighbor sendcommunity

Use this command to send a community attribute to the specified neighbor.
Syntax
neighbor {<X:X::X:X> | <tag>} send-community <both|extended|standard>
Variable
Value
<both>
Send Standard and Extended Community

attributes.
<extended>
Send Extended Community attributes.
<standard>
Send Standard Community attributes.
Example
0006 send-community extended
neighbor ::FFFF:
October 2010
681
BGP4+ commands
configure router bgp address-family ipv6 neighbor softreconfiguration inbound

Use this command to configure the software to start storing updates. Use the no parameter
Syntax
[no] neighbor {<X:X::X:X> | <tag>} soft-reconfiguration inbound
Example
0006 soft-reconfiguration inbound
neighbor ::FFFF:

unsuppress-map
Use this command to selectively unsuppress suppressed routes.
Syntax
neighbor {<X:X::X:X> | <tag>} unsuppress-map <route-map>
Variable
Value
<route-map>
Name of the route map.
Example
0006 unsuppress-map myroute
neighbor ::FFFF:
configure router bgp address-family ipv6 network

Use this command to specify a network to announce via BGP
Syntax
network [<X:X::X:X/M>] [synchronization]
682
October 2010
configure router bgp address-family ipv6 redistribute

Variable
Value
<X:X::X:X/M>
IPv6 prefix of the network.
[synchronization]
Perform IGP synchronization on network

routes.
Example
network 3ffe::/16
configure router bgp address-family ipv6 redistribute

Use this command to redistribute information from another protocol.
Syntax
redistribute <protocol> route-map <mapname>
Variable
Value
<mapname>
The pointer to route-map entries.
<protocol>
The protocol you want to redistribute from.

Possible choices are:
connected - redistribute from connected
routes.
ospf - redistribute from OSPF routes.
rip - redistribute from RIP routes.
static - redistribute from Static routes.
Example
connected route-map myroute
redistribute
configure router bgp address-family ipv6 synchronization

Use this command to configure IGP synchronization.
October 2010
683
BGP4+ commands
Syntax
synchronization
Example
synchronization

Use this command to display BGP4+ attribute information.
Syntax
show bgp ipv6 [unicast|multicast] attribute-info
Example
SR# show bgp ipv6 attribute-info
show bgp ipv6 community

Use this command to show routes matching the communities.
Syntax
show bgp ipv6 [unicast|multicast] community [<AA:NN>] [local-as] [noadvertise] [no-export] [exact-match]
Variable
Value
[<AA:NN>]
Specifies a valid value for a community

number.
[local-AS]
Do not send outside local AS (well-known

community).
[no-advertise]
Do not advertise to any peer (well-known

community).
[no-export]
Do not export to next AS (well-known

community).
[exact-match]
Specifies that the router shows the exact

match of the communities.
Example
SR#
684
show bgp ipv6 community local-AS
October 2010

Use this command to list all BGP4+ community information.
Syntax
show bgp ipv6 [unicast|multicast] community-info
Example
SR#
show bgp ipv6 community-list

Syntax
show bgp ipv6 [unicast|multicast] community-list <listname> [exactmatch]
Variable
Value
<listname>
The community list to match against.
[exact-match]
Shows only routes that have exactly the

same specified communities.
Example
SR#
show bgp ipv6 community-list mylist exact-match

Syntax
show bgp ipv6 [unicast|multicast] dampening <type>
October 2010
685
BGP4+ commands

Variable
Value
<type>
The type of dampening information to

display. Possible choices are:
dampened-paths - Display paths
suppressed due to dampenin.
flap-statistics - Display flap
statistics of routes.
parameters - Display details of
configured dampening parameters.
Example
SR#
show bgp ipv6 dampening dampened-paths
show bgp ipv6 filter-list

Use this command to show routes matching a particular filter list..
Syntax
show bgp ipv6 [unicast|multicast] filter-list <listname>
Variable
<listname>
Value
The filter list to match against.
Example
SR#
show bgp filter-list mylist

Syntax
show bgp ipv6 [unicast|multicast] inconsistent-as
Example
SR#
686
October 2010

Use this command to display detailed information about BGP4+ neighbor connections.
Syntax
show bgp ipv6 [unicast|multicast] neighbors [<A.B.C.D> | <X:X::X:X>]
[advertised-routes | received | received-routes | routes]
Variable
Value
[<A.B.C.D> | <X:X::X:X>]
Neighbor for which to display information.
advertised-routes
Display the routes advertised to a BGP

neighbor.
received
Display information received from a BGP

neighbor.
received-routes
Display the received routes from neighbor.
routes
Display routes learned from neighbor.
Example
SR#
show bgp ipv6 neighbors 10.2.3.4 advertised-routes
show bgp ipv6 paths

Use this command to show information on IPv6 paths.
Syntax
show bgp ipv6 [unicast|multicast] paths
Example
SR#
show bgp ipv6 paths

October 2010
687
BGP4+ commands
Syntax
show bgp ipv6 [unicast|multicast] prefix-list <listname>
Variable
<listname>
Value
The prefix list to match against.
Example
SR#
show bgp ipv6 prefix-list mylist
show bgp ipv6 quote-regexp

Use this command to display routes matching the AS path regular expression (quoted string).
Syntax
show bgp ipv6 [unicast|multicast] quote-regexp <"quoted-string">
Example
SR#
show bgp ipv6 quote-regexp "my AS path"
show bgp ipv6 regexp

Syntax
show bgp ipv6 [unicast|multicast] regexp <expression>
Variable
<expression>
Value
A regular expression used to match the BGP AS paths.
Example
SR#
688
show bgp ipv6 multicast regexp 50
October 2010

Use this command to display routes matching the route-map.
Syntax
show bgp ipv6 [unicast|multicast] route-map <mapname>
Variable
<mapname>
Value
The route map to match against.
Example
SR#
show bgp ipv6 multicast route-map myroutemap
show bgp ipv6 scan

Use this command to display the BGP4+ scan status.
Syntax
show bgp ipv6 [unicast|multicast] scan
Example
SR#
show bgp ipv6 scan

Use this command to show a summary of BGP4+ neighbor status.
Syntax
show bgp ipv6 [unicast|multicast] summary
Example
SR#
October 2010
689
BGP4+ commands

Syntax
Example
SR# show bgp ipv6 unicast attribute-info

Syntax
Example
SR# show bgp ipv6 unicast cidr-only
show bgp ipv6 unicast community

Syntax
show bgp ipv6 unicast community <WORD> [local-AS ][no-export][noadvertise]
Variable
690
Value
<WORD>
[local-AS]
[no-advertise]
[no-export]
[exact-match]
October 2010
Example
SR# show bgp ipv6 unicast community local-AS exact-match

Syntax
Example
SR# show bgp ipv6 unicast community-info
show bgp ipv6 unicast community-list

Syntax
show bgp ipv6 unicast community-list <LISTNAME>[exact-match]
Variable
Value
<LISTNAME>
[exact-match]

communities.
Example
show bgp ipv6 unicast dampening

Syntax
show bgp ipv6 unicast dampening [dampened-paths|flap-statistics|
parameters]
October 2010
691
BGP4+ commands

Variable
<type>
Value
are:
dampening.
parameters.
Example
SR# show bgp ipv6 dampening dampened-paths
show bgp ipv6 unicast filter-list

Syntax
show bgp ipv6 unicast filter-list <WORD>
Variable
<WORD>
Value
Example
SR# show bgp ipv6 unicast filter-list mylist

Syntax
Example
SR# show bgp ipv6 unicast inconsistent-as
692
October 2010

Syntax
show bgp ipv6 unicast neighbors <A.B.C.D|X:X::X:X> [advertisedroutes |received <prefix-filter>|received-routes|routes]]
Variable
Value
<A.B.C.D>
<X:X::X:X>
advertised-routes

received-routes
routes
Example
SR# show bgp ipv6 unicast neighbors 3ffe::1

Syntax
Example
SR# show bgp ipv6 unicast paths
show bgp ipv6 unicast peer-group

October 2010
693
BGP4+ commands
Syntax
show bgp ipv6 unicast peer-group <WORD> [summary]
Variable
Value
<WORD>
[summary]
Example
SR# show bgp ipv6 unicast peer-group PEER6 summary
show bgp ipv6 unicast prefix-list

Syntax
show bgp ipv6 unicast prefix-list <WORD>
Variable
Value
<WORD>
Example
SR# show bgp ipv6 unicast prefix-list mylist

Syntax
show bgp ipv6 unicast quote-regexp <WORD>
Variable
<WORD>
694
Value
October 2010
Example
SR# show bgp ipv6 unicast quote-regexp _500_

Syntax
show bgp ipv6 unicast regexp <LINE>
Variable
<LINE>
Value
Example
SR# show bgp ipv6 unicast regexp _500_
show bgp ipv6 unicast route-map

Syntax
show bgp ipv6 unicast route-map <WORD>
Variable
<WORD>
Value
Example
SR# show bgp ipv6 unicast route-map NT

October 2010
695
BGP4+ commands
Syntax
Example
SR# show bgp ipv6 unicast summary

Syntax
Example
SR# show bgp ipv6 unicast scan

Syntax
Example
SR# show bgp ipv6 multicast attribute-info

Syntax
Example
SR# show bgp ipv6 multicast cidr-only
696
October 2010

Syntax
show bgp ipv6 multicast community <WORD> [local-AS ][no-export][noadvertise]
Variable
Value
<WORD>
[local-AS]
[no-advertise]
[no-export]
[exact-match]
Example
SR# show bgp ipv6 multicast community local-AS exact-match

Syntax
Example
SR# show bgp ipv6 multicast community-info
show bgp ipv6 multicast community-list

Syntax
show bgp ipv6 multicast community-list <LISTNAME>[exact-match]
October 2010
697
BGP4+ commands

Variable
Value
<LISTNAME>
[exact-match]

communities.
Example
show bgp ipv6 multicast dampening

Syntax
show bgp ipv6 multicast dampening [dampened-paths|flap-statistics|
parameters]
Variable
<type>
Value
The type of dampening information to display. Possible choices are:
dampening.
parameters.
Example
SR# show bgp ipv6 dampening dampened-paths

Syntax
show bgp ipv6 multicast filter-list <WORD>
698
October 2010

Variable
Value
<WORD>
Example
SR# show bgp ipv6 multicast filter-list mylist

Syntax
Example
SR# show bgp ipv6 multicast inconsistent-as
show bgp ipv6 multicast neighbors

Syntax
show bgp ipv6 multicast neighbors <A.B.C.D|X:X::X:X>[adveritedroutes |received <prefix-filter>|received-routes |routes]]
Variable
Value
<A.B.C.D>
<X:X::X:X>
advertised-routes

received-routes
routes
October 2010
699
BGP4+ commands
Example
SR# show bgp ipv6 multicast neighbors 3ffe::1

Syntax
Example
SR# show bgp ipv6 multicast paths
show bgp ipv6 multicast peer-group

Syntax
show bgp ipv6 multicast peer-group <WORD> [summary]
Variable
Value
<WORD>
[summary]
Example
SR# show bgp ipv6 multicast peer-group PEER6 summary

Syntax
show bgp ipv6 multicast prefix-list <WORD>
700
October 2010

Variable
Value
<WORD>
Example
SR# show bgp ipv6 multicast prefix-list mylist

Syntax
show bgp ipv6 multicast quote-regexp <WORD>
Variable
<WORD>
Value
Specifies a regular-expression to match the BGP AS_paths
Example
SR# show bgp ipv6 multicast quote-regexp _500_
show bgp ipv6 multicast regexp

Syntax
show bgp ipv6 multicast regexp <LINE>
Variable
<LINE>
Value
Example
SR# show bgp ipv6 multicast regexp _500_
October 2010
701
BGP4+ commands
show bgp ipv6 multicast route-map

Syntax
show bgp ipv6 multicast route-map <WORD>
Variable
<WORD>
Value
Example
SR# show bgp ipv6 multicast route-map NT

Syntax
Example
SR# show bgp ipv6 multicast summary

Syntax
Example
SR# show bgp ipv6 multicast scan
702
October 2010
Chapter 50: IPv6 PIM commands
clear ipv6 pim sparse-mode bsr rp-set all

Use this command to clear all PIM bootstrap router information.
Syntax
clear ipv6 pim sparse-mode bsr rp-set all
Example
SR# clear ipv6 pim sparse-mode bsr rp-set all
clear ipv6 pim sparse-mode statistics

Use this command to clear PIM statistics. If no options are specified, the router clears the
interface and global statistics counters.
Syntax
clear ipv6 pim sparse-mode statistics [ interface <ifname> | all]
Variable
Value
Clears statistics for the particular interface. If

the interface name is not specified, the router
clears statistics for all interfaces.
all
Clears the interface and global statistics

counters and Tree Information Base (TIB)
information.
Example
SR#clear ipv6 pim sparse-mode statistics all
October 2010
703
IPv6 PIM commands
configure interface ipv6 pim bsr-border

Use this command to enable a BSR border router. Use the no form of this command to disable.
Syntax
[no] ipv6 pim bsr-border
Example
SR/configure/interface/ethernet (0/1)# ipv6 pim bsr-border
configure interface ipv6 pim dr-priority

Use this command to configure PIM router DR priority. Use the no form of this command to
revert to default.
Syntax
[no] ipv6 pim dr-priority <priority>
Variable
Value
<priority>
The PIM router DR priority, in the range 0 to

4294967294.
Example
SR/configure/interface/ethernet (0/1)# ipv6 pim dr-priority 255
configure interface ipv6 pim exclude-genid

Use this command to configure PIM to exclude Gen-id option from PIM hello packets on the
specified interface. Use the no form of this command to revert to default behavior.
Syntax
[no] ipv6 pim exclude-genid
Example
SR/configure/interface/ethernet (0/1)# ipv6 pim exclude-genid
704
October 2010
configure interface ipv6 pim hello-interval
configure interface ipv6 pim hello-interval

Use this command to configure the hello interval value. Use the no form of this command to
disable.
Syntax
[no] ipv6 pim hello-interval <interval>
Variable
Value
<interface>
The Interface name. Example: ethernet 0/1
<interval>
The hello interval value in seconds. Valid

Example
SR/configure/interface/ethernet (0/1)# ipv6 pim hello-interval 60
configure interface ipv6 pim neighbor-filter

Use this command to configure a PIM peering filter. Use the no form of this command remove
the peer filter.
Syntax
[no] ipv6 pim neighbor-filter <accesslist>
Variable
Value
<accesslist>
The IPv6 access list name used in filtering.
Example
SR/configure/interface/ethernet (0/1)# ipv6 pim neighbor-filter
testlist
October 2010
705
IPv6 PIM commands
configure interface ipv6 pim sparse-mode

Use this command to enable PIM-SM on the active interface. Use the no form of the command
to disable PIM-SM on the interface.
Use the passive option to enable passive mode operation for local IGMP members on the
interface. Passive mode stops PIM-SM transactions on the interface, allowing only IGMP
mechanism to be active. Use the no form of this command to turn off passive mode.
Syntax
[no] ipv6 pim sparse-mode [passive]
Variable
Value
[passive]
Enables passive mode.
Example
SR/configure/interface/ethernet (0/1)# ipv6 pim sparse-mode
configure ipv6 pim accept-register

Use this command to configure the ability to filter out multicast sources specified by the given
access-list at the RP so that the RP will accept/refuse to perform Register mechanism for the
packets sent by the specified sources. Use the no form of this command to revert to default
(off).
Syntax
[no] ipv6 pim accept-register list [<accesslist>|<word>]
Variable
Value
<accesslist>
The IPv6 standard access list. Valid ranges

are 1 to 99 for simple range value and 1300
to 1999 for expanded range value.
<word>
The IPv6 named access-list.
Example
SR/configure# ipv6 pim accept-register list 50
706
October 2010
configure ipv6 pim anycast-rp
configure ipv6 pim anycast-rp

Use this command to configure an anycast member RP address. By default, no anycast
members are configured.
Syntax
[no] ipv6 pim anycast-rp <anycast-RP-address> <anycast-member-RPaddress>
Variable
Value
[no]
Removes the configured anycast RP

member.
<anycast-RP-address>
Specifies the IPv6 address of the anycast RP

address.
<anycast-member-RP-address>
Specifies the IPv6 address of the anycast

member RP address.
Example
SR/configure#ipv6 pim anycast-rp 10.1.1.1
configure ipv6 pim bsr-candidate

Use this command to enable BSR status using a specific interface name. Use the no form of
this command to disable the function.
Syntax
[no] ipv6 pim bsr-candidate <ifname> [<hash>] [<priority>]
Variable
Value
<ifname>
<hash>
The mask hash length for RP selection, in the

range 0 to 32.
<priority>
The priority for a BSR candidate, in the range

0 to 255.
October 2010
707
IPv6 PIM commands
Example
SR/configure# ipv6 pim bsr-candidate fxp0 20 30
configure ipv6 pim log-neighbor-changes

Use this command to enable logging of the PIM neighbor changes to the console. By default,
PIM neighbor change logging is enabled.
Syntax
[no] ipv6 pim log-neighbor-changes
Variable
[no]
Value
Disables PIM neighbor change logging.
Example
SR/configure#ipv6 pim log-neighbor-changes
configure ipv6 pim multipath

Use this command to enable the selection of equal cost multipath (ECMP) next hops for a
given destination. By default, PIM multipath is disabled.
Syntax
[no] ipv6 pim multipath [hashing]
Variable
Value
[no]
Disables PIM multipath.
[hashing]
Enables the next hop selection based on key,

which is calculated using source address,
group address and nexthop address. By
default, a round-robin mechanism is used to
select the next hop
Example
SR/configure#ipv6 pim multipath
708
October 2010
configure ipv6 pim register-source
configure ipv6 pim register-source

Use this command to configure the source address of Register packets sent by this DR,
overriding the default source address, which is the address of the RPF interface toward the
source host. Use the no form of this command to revert to the default source address.
The configured address must be reachable in order to be used by the RP to send corresponding
Register-Stop messages in response. It can be either the loop back interface address or other
physical addresses. This address must be advertised by unicast routing protocols on the DR.
The configured interface does not require being PIM-SM enabled.
Syntax
[no] ipv6 pim register-source <sourceaddress> <ifname>
Variable
Value
<sourceaddress>
The IPv6 address used as the source of

register packets.
<ifname>
The interface name. The address of this

interface is used as the source of register
packets.
Example
SR/configure# ipv6 pim register-source 3ffe::30:30:5
configure ipv6 pim rp-address

Use this command to configure the PIM Rendezvous Point address. Use the no form of this
command to revert to default.
Syntax
[no] ipv6 pim rp-address <address>
Variable
Value
<address>
The address of the Rendezvous Point.
Example
SR/configure# ipv6 pim rp-address 3ffe::30:30:10
October 2010
709
IPv6 PIM commands
configure ipv6 pim rp-candidate

Use this command to configure the Rendezvous Point candidate. Use the no form of this
command to revert to default behavior.
Syntax
[no] ipv6 pim rp-candidate <X:X::X:X> [interval <1-16383>] [priority
<0-255>] [group-list <listname>]
Variable
Value
<X:X::X:X>
The IPv6 address of the RP candidate.
<interval>
The candidate RP advertisement interval.
<priority>
The candidate RP priority.
<group-list>
The group range for this candidate RP.
Example
SR/configure# ipv6 pim rp-candidate 3ffe::30:30:30 interval 255
priority 100 group-list testlist
configure ipv6 pim rp embedded

Use this procedure to enable or disable embedded RP mapping.
Syntax
[no] ipv6 pim rp embedded
Variable
[no]
Value
Disables embedded RP mapping.
Example
SR/configure#ipv6 pim rp embedded
710
October 2010
configure ipv6 pim spt-threshold-infinity
configure ipv6 pim spt-threshold-infinity

Use this command to configure a group to have no source-tree switching threshold. Use the
no form of this command to revert to default behavior.
Syntax
[no] ipv6 pim spt-threshold-infinity [group-list <accesslist>]
Variable
Value
<accesslist>
The IPv6 access list name you want to

remove the threshold from.
Example
SR/configure# ipv6 pim spt-threshold-infinity group-list testlist
configure ipv6 pim ssm

Use this command to configure the source-specific multicast (SSM) default value or accesslist filter range. Use the no form of this command to disable source-specific multicast.
Syntax
[no] ipv6 pim ssm [default] [range <accesslist> <word>]
Variable
Value
[default]
To use 232/8 group range for SSM (optional).
[range]
To configure a range using access list or

word (optional).
<accesslist>
The IPv6 standard access list. Valid range is

1 to 99 for simple range and 1300 to 1999 for
expanded range. Access list variable must
first be configured using access-list
command.
<word>
The IPv6 named access list.
October 2010
711
IPv6 PIM commands
Example
SR/configure# ipV6 pim ssm range ssmgrp
show ipv6 pim sparse-mode bsr-router

Use this command to show the bootstrap router address.
Syntax
show ipv6 pim sparse-mode bsr-router
Example
SR# show ipv6 pim sparse-mode bsr-router
show ipv6 pim sparse-mode database

Use this command to show the PIM tree information base.
Syntax
show ipv6 pim sparse-mode database [<src-addr>|<grp-addr>]
Variable
Value
<src-addr>
Filter by source address (optional).
<grp-addr>
Filter by group address (optional).
Example
SR# show ipv6 pim sparse-mode database 3ffe:30:30:5
show ipv6 pim sparse-mode interface

Use this command to show PIM interface information.
Syntax
show ipv6 pim sparse-mode interface <ifname> [detail]
712
October 2010
show ipv6 pim sparse-mode neighbor

Variable
Value
<ifname>
The interface name.
[detail]
Example
SR# show ipv6 pim sparse-mode interface ethernet0/1 detail
show ipv6 pim sparse-mode neighbor

Use this command to show PIM neighbor information.
Syntax
show ipv6 pim sparse-mode neighbor <ifname> [detail]
Variable
Value
<ifname>
The PIM-enabled interface name or number
[detail]
Show detailed PIM neighbor information

(optional).
Example
SR# show ipv6 pim sparse-mode neighbor ethernet0/1 detail
show ipv6 pim sparse-mode rp mapping

Use this command to display group-to-RP mapping information.
Syntax
show ipv6 pim rp mapping
Example
SR# show ipv6 pim rp mapping
October 2010
713
IPv6 PIM commands
show ipv6 pim sparse-mode rp-hash

Use this command to display rendezvous-point (RP) information based on group.
Syntax
show ipv6 pim rp-hash <group-address>
Variable
Value
group-address
filter by group address
Example
SR# show ipv6 pim rp-hash 3ffe::30:30:5
show ipv6 pim sparse-mode rpf

Use this command to display RPF information based on source address and, optionally, group
address.
The router displays RPF information for all ECMP routes if:
- Multipath (round-robin / hashing) is enabled and group address is not specified
- Multipath (round-robin) is enabled and a matching (S,G) entry does not exist.
Syntax
show ipv6 pim sparse-mode rpf <source-addr> [<group-addr>]
Variable
Value
<source-addr>
Specifies the IPv6 source address for which

<group-addr>
Specifies the IPv6 group address for which

Example
SR#show ipv6 pim sparse-mode rpf 2001:0db8:3c4d:
0015:0000:0000:abcd:ef12
714
October 2010
show ipv6 pim sparse-mode statistics

Use this command to display IPv6 PIM statistics.
Syntax
Example
SR#show ipv6 pim sparse-mode statistics
October 2010
715
IPv6 PIM commands
716
October 2010
Chapter 51: MLD commands
clear ipv6 mld groups

Use this command to clear Multicast Listener Discovery (MLD) group entries.
Syntax
clear ipv6 mld group [all|<groupaddress>|<ifname>]
Variable
Value
[all]
Clear all MLD group entries.
<groupaddress>
Clear by group address.
<ifname>
Clear by interface name.
Example
SR# clear ipv6 mld group all
clear ipv6 mld interface

Use this command to clear MLD interface entries.
Syntax
clear ipv6 mld interface <ifname>
Variable
Value
<ifname>
The interface for which you want to clear

MLD interface entries.
Example
SR# clear ipv6 mld interface ethernet0/1
October 2010
717
MLD commands
clear ipv6 mld statistics

Use this command to set all MLD statistics counters to zero, or to clear interface-specific
counters.
Syntax
clear ipv6 mld statistics <if-name>
Variable
<if-name>
Value
Specifies the interface for which to clear the
MLD statistics. If no interface is specified, all
statistics information is set to zero.
Example
SR#clear ipv6 mld statistics
configure ipv6 mld limit

Use this command to configure a maximum global limit to the number of allowable states
(groups) on the router. By default, no state limit exists.
Syntax
[no] ipv6 mld limit <limit>
Variable
Value
[no]
Removes the configured state limit.
<limit>
Specifies the maximum allowable states on

the router. Values range from 1 to 2097152.
Example
SR/configure#ipv6 mld limit 25
718
October 2010
configure ipv6 mld ssm-map enable
configure ipv6 mld ssm-map enable

Use this command to enable static source specific multicast (SSM) mapping. By default, SSM
mapping is disabled.
Syntax
[no] ipv6 mld ssm-map enable
Variable
[no]
Value
Disables SSM mapping.
Example
SR/configure#ipv6 mld ssm-map enable
configure ipv6 mld ssm-map static

Use this command to statically map a specified source address to an SSM group specified in
the access list. The router applies the mapping after it receives an MLDv2 report for the
specified group. By default, no static SSM maps are configured.
Syntax
[no] ipv6 mld ssm-map static [<access-list>>] <source-addr>
Variable
Value
[no]
Removes the static mapping.
<access-list>
Specifies an IP named access-list.
<sorce-addr>
Specifies an IPv6 multicast source address.
Example
SR/configure#ipv6 mld ssm-map static avaya 2001:0db8:3c4d:
0015:0000:0000:abcd:ef12
October 2010
719
MLD commands
configure interface ipv6 mld querier-timeout

Use this command to configure the timeout period before the router takes over as the querier for
the interface after the previous querier has stopped querying. Use the no form of this command
to restore default values.
Syntax
[no] ipv6 mld querier-timeout <timeout>
Variable
Value
<timeout>
The timeout interval. (Default: 255 seconds).
Example
SR/configure/interface/bundle wan# ipv6 mld querier-timeout 200
configure interface ipv6 mld access-group

Use this command to configure the multicast group membership on an interface.
Syntax
[no] ipv6 mld access-group [<accesslist>|<word>]
Example
SR/configure/interface/bundle wan# ipv6 mld access-group 25
configure interface ipv6 mld immediate-leave

Use this command to minimize the leave latency of MLD memberships. This command is used
when only one receiver node is connected to each interface. Use the no form of this command
to disable.
Syntax
[no] ipv6 mld immediate-leave group-list [<accesslist>|<word>]
Example
SR/configure/interface/bundle wan# ipv6 mld immediate-leave grouplist 1
720
October 2010
configure interface ipv6 mld last-member-query-count
configure interface ipv6 mld last-member-query-count

Use this command to set the last-member query-count value.
Syntax
ipv6 mld last-member-query-count <2-7>
Variable
Value
<2-7>
Specifies the last member query count value.

Example
SR/configure/interface/bundle wan# ipv6 mld last-member-query-count 5
configure interface ipv6 mld last-member-query-interval

Use this command to configure the frequency at which the router sends MLD group-specific
query messages. To set this frequency to the default value, use the no parameter with this
command.
Syntax
[no] ipv6 mld last-member-query-interval <interval>
Variable
Value
<interval>
Specifies the frequency (in seconds) at

which IGMP group-specific host query
messages are sent. It ranges from 1 to 25.
The default is 1 second.
Example
SR/configure/interface/bundle wan#
interval 10
ipv6 mld last-member-query-
October 2010
721
MLD commands
configure interface ipv6 mld limit

Use this command to configure a maximum limit to the number of allowable states (groups)
on an interface. By default, no state limit exists.
Syntax
[no] ipv6 mld limit <limit>
Important:
If the L2 VLAN is not created before you enter the interface vlan vlan<vid>
command, an error message is displayed.
Variable
Value
<vid>

configure.
[no]
Removes the configured state limit.
<limit>
Specifies the maximum allowable states on

the router. Values range from 0 to 2097152.
Example
SR/configure/interface/ethernet 0/1#ipv6 mld limit 25
configure interface ipv6 mld query-interval

Use this command to configure the frequency at which MLD sends General query messages.
Use the no form of this command to return to default frequency.
Syntax
[no] ipv6 mld query-interval <interval>
722
Variable
Value
<interval>
Specifies the frequency (in seconds) at

which MLD General query messages are
sent. It ranges from 2 to 18000 . The default
is 125 seconds.
October 2010
configure interface ipv6 mld query-max-response-time
Example
SR/configure/interface/bundle wan# ipv6 mld query-interval 250
configure interface ipv6 mld query-max-response-time

Use this command to configure the maximum response time advertised in MLD queries.
Syntax
ipv6 mld query-max-response-time <responsetime>
Variable
Value
<responsetime>
Specifies the maximum response time (in

seconds) advertised in MLD queries. It
ranges from 1 to 240. The default is 10
seconds.
Example
SR/configure/interface/bundle wan# ipv6 mld query-max-response-time
20
configure interface ipv6 mld robustness-variable

Use this command to configure the robustness variable for MLD. Use the no form of this
command to restore default values.
Syntax
[no] ipv6 mld robustness-variable <robustnessvalue>
Variable
Value
<robustnessvalue>
Specifies the robustness value, from 2 to 7.

Default is 2.
Example
SR/configure/interface/bundle wan# ipv6 mld robustness-variable 4
October 2010
723
MLD commands
configure interface ipv6 mld static-group

Use this command to add a static group on an interface. By default, no static groups are
configured.
Syntax
[no] ipv6 mld static-group <group-addr> [source {<source-addr> |ssmmap}] {interface <if-name>}
Variable
Value
[no]
Removes the specified static mapping.
<vid>

configure.
<group-addr>
Specifies the IPv6 multicast group address

to statically configure.
<source-addr>
Specifies the IPv6 multicast source address

to associate with this group.
ssm-map
Specifies to use Source Specific Multicast

(SSM) mapping to identify the source to
<if-name>
Specifies the VLAN interface name to

Example
SR/configure/interface/vlan vlan2#ipv6 mld static-group 1:1::1:1
interface vlan
configure interface ipv6 mld version

Use this command to configure the version of MLD. Use the no form of this command to use
the default version.
Syntax
[no] ipv6 mld version <1-2>
724
October 2010

Variable
Value
<1-2>
Specifies the MLD version.
Example
SR/configure/interface/bundle wan# ipv6 mld version 2

Use this command to enable IPv6 multicast routing. Use the no form of this command to disable
multicast routing.
Syntax
[no] ipv6 multicast-routing
Example
SR/configure# ipv6 multicast-routing
show ipv6 mld groups

Use this command to display the multicast groups with receivers directly connected to the
router and learned through MLD.
Syntax
show ipv6 mld groups [<groupaddress>|<ifname>] [detail]
Example
SR# show ipv6 mld groups ethernet0/3
show ipv6 mld interface

Use this command to display MLD information.
Syntax
show ipv6 mld interface <ifname>
October 2010
725
MLD commands

Variable
Value
<ifname>
The interface for which you want to display

information.
Example
SR# show ipv6 mld interface ethernet0/3
show ipv6 mld statistics

Use this command to display MLD statistics.
Syntax
show ipv6 mld statistics <if-name> [detail]
Variable
Value
<if-name>
Specifies the interface for which to display

the MLD statistics.
[detail]
Provides additional detail in the command

output.
Example
SR#show ipv6 mld statistics detail
726
October 2010
Chapter 52: Chassis QoS commands
clear qos chassis

Use this command to clear QoS statistics for the specified interface and/or class map. Execute
this command to clear the statistics information for the specified interface. If class map is
specified then it clear statistics for the class map only.
Syntax
clear qos chassis <interface-type> <interface-name> [pvc <pvc-id>]
[class <class-map-name>]
Variable
Value
<interfacetype>
Can be Ethernet, bundle, tunnel, vlan or

crypto.
<interfacename>
Name of the interface.
[class-map <class-map-name>]
Class map name to clear the statistics.

String(1-19)
[pvc < pvc-id>]
PVC identifier for the FR interface.

Mandatory parameter for FR interfaces.
Example
SR# clear qos chassis ethernet 0/3 class class1
clear qos chassis red

Use this command to clear the RED information for a specified bundle.
Syntax
clear qos chassis red <bundle-name> [pvc < pvc-id>]
October 2010
727
Chassis QoS commands

Variable
Value
[pvc < pvc-id>]

<bundle-name>
Specifies the name for the bundle.
Example
SR# clear qos chassis red wan1
configure interface qos chassis dscp-exp-cos-map

Use this command to configure MPLS EXP to DSCP markings for an interface.
Syntax
dscp-exp-cos-map <0-63> exp <0-7>
Variable
Value
<0-63>
DSCP value. You can also specify as ef, af,

and cs code points.
<0-7>
MPLS EXP value.
Example
SR/configure/interface/ethernet (0/3)/qos/chassis#
10 exp 1
dscp-exp-cos-map
configure interface qos chassis enable

Use this command to enable features that are specified in a policy map. For the features
specified in the policy map to be applied to an interface, you must explicitly enable the features
using this command.
Important:
On Frame Relay bundles, whenever a PVC is created, it uses all the available or unassigned
bandwidth. When CBQ is enabled either manually or using auto QoS, subsequent PVC
creation fails because there is no available bandwidth. To avoid this scenario, you must
change the bandwidth for created PVCs such that there is always non-zero bandwidth
available.
728
October 2010
configure interface qos enable-auto-qos
Syntax
[no] enable [cbq | policing | monitoring | pbr] {inbound | outbound}
Variable
Value
cbq
Enables CBQ on the interface. CBQ,

policing, and monitoring are mutuallyexclusive features in either direction on the
interface.
{inbound | outbound}
Specifies the traffic direction in which the

feature applies.
policing
Enables policing on the interface.
monitoring
Enables monitoring on the interface.
pbr
Enables policy-based redirect on the

interface.
[no]
Disables the specified feature.
Example
outbound
enable cbq
configure interface qos enable-auto-qos

Use this command to enable auto QoS at the interface level. If the interface already has a
policy map applied, auto QoS is not applied.
Syntax
[no] enable-auto-qos
Variable
[no]
Value
Removes the auto QoS configuration from
the interface.
Example
SR/configure/interface/ethernet (0/3)/qos#
enable-auto-qos
October 2010
729
configure interface qos chassis enable-red

Use this command to enable WRED or DS-RED on an interface to enable congestion
avoidance on outbound flows.
At the interface level, you can only enable WRED or DS-RED for WAN interfaces.
Syntax
[no] enable-red {wred | ds-red}
Variable
Value
{wred | ds-red}
RED type to be enabled, either WRED or DSRED.
[no]
Disables the corresponding RED type.
Example
SR/configure/interface/bundle wan1/qos/chassis#
wred
configure interface qos chassis exp-dscp-cos-map

Use this command to configure MPLS EXP to DSCP markings for an interface.
Syntax
Variable
Value
<0-63>

and cs code points.
<0-7>
MPLS EXP value.
Example
1 dscp 10
730
exp-dscp-cos-map
October 2010
configure interface qos chassis ewf
configure interface qos chassis ewf

Use this command to configure the Exponential Weight Factor on this class for average queue
size calculation on the interface.
Syntax
[no] ewf weighting-factor <1-15> [pvc <dlci>]
Variable
Value
<1-15>
Specifies the EWF value.
[no]
Removes the configuration.
[pvc <dlci>]
PVC identifier. Optional for non-frame relay

interfaces
Example
factor 3
ewf weighting-
configure interface qos chassis red

Use this command to specify WRED or DS-RED parameters on an interface to configure
congestion avoidance on outbound flows.
At the interface level, you can only enable WRED or DS-RED for WAN interfaces.
Syntax
[no] red [pvc <1-4096>] {[minth-green <percent>] [maxth-green
<percent>] [mpdgreen <1-15>] [minth-yellow <percent>] [maxth-yellow
<percent>] [mpd-yellow <1-15>] [minth-red <percent>] [maxth-red
<percent>] [mpd-red <1-15>] } | {[dscp <0-63>] [minth <percent>]
[maxth <percent>]}[mpd <1-15>]
Variable
Value
[pvc <1-4096>]
Specifies the PVC ID. Not required for nonFrame Relay interfaces.
[minth-green <percent>]
Minimum Threshold for green (WRED). Valid

Range: 1-100.
October 2010
731
Variable
Value
[minth-yellow <percent>]
Minimum Threshold for yellow (WRED).

Valid Range: 1-100.
[minth-red <percent>]
Minimum Threshold for red (WRED). Valid

Range: 1- 100.
[maxth-green <percent>]
Maximum Threshold for green (WRED).

Valid Range: 1-100.
[maxth-yellow <percent>]
Maximum Threshold for yellow (WRED).

Valid Range: 1-100.
[maxth-red <percent>]
Maximum Threshold for red (WRED). Valid

Range: 1- 100.
[mpdgreen <1-15>]
Mark Probability Denominator (as power of

2) for green(WRED). Valid Range: 1-15.
[mpd-yellow <1-15>]

2) for yellow(WRED). Valid Range: 1-15.
[mpd-red <1-15>]

2) for red(WRED). Valid Range: 1-15.
[minth <percent>]
Minimum Threshold for DS-RED. Valid

Range: 1-100.
[maxth <percent>]
Maximum Threshold for DS-RED. Valid

Range: 1-100.
[dscp <0-63>]
DiffServ Codepoint for DS-RED. Valid

Range: 0-63/string.
[mpd <1-15>]

2) for DS-RED. Valid Range: 1-15.
[no]
Resets the WRED parameters to their

default values, which depends on the
interface, and removes the DS-RED
parameters if specified.
Example
SR/configure/interface/bundle wan1/qos/chassis# red minth-red 30
maxth-red 60 mpd-red 5 minth-yellow 40 maxth-yellow 80 mpd-yellow 4
minth-green 60 maxth-green 95 mpd-green 6
732
October 2010
configure interface qos chassis service-policy
configure interface qos chassis service-policy

Syntax
After you have configured a policy map, use this command to assign it to one or more
interfaces.
The policy map can be associated with an interface in the inbound or outbound direction. When
you associate a policy map with an interface, an instance of the policy map is instantiated over
the interface in the specified direction. If you change the policy map after applying it to the
interface, the changes are applied across all associated interfaces.
[no] service-policy {input | output} <policy-name> [pvc <PVC>]
Variable
Value
<interface-type> <interface-name>
Interface type can be Ethernet, bundle,

tunnel, vlan or crypto.
{input | output}
Specifies whether the policy map is applied

in the inbound direction or outbound
direction.
<policy-name>
The policy map name that has to be applied.
[pvc <PVC>]
Specifies the PVC identifier for Frame Relay

interfaces: 16-1022.
[no]
Removes the policy map from that interface.
Example
input map1
service-policy
configure interface qos chassis shaping

Use this command to configure shaping parameters for outbound traffic on a chassis Ethernet
interface.
Syntax
shaping <value>
October 2010
733

Variable
<value>
Value
Value of the interface bandwidth in kbps;
Default value is 50000.
Example
shaping 100
configure interface qos disable-qos

Use this command to enable or disable QoS for all the applicable interfaces.
Syntax
[no] disable-qos
Variable
[no]
Value
Re-enables QoS at interface level.
Example
SR/configure/interface/ethernet (0/3)/qos#
disable-qos
configure qos disable-qos

Use this command to disable or reenable QoS for all applicable chassis and module interfaces.
Syntax
[no] disable-qos
Variable
[no]
Value
Reenables QoS at global level.
Example
SR/configure/qos# disable-qos
734
October 2010
configure qos chassis clone-policy-map
configure qos chassis clone-policy-map

Use this command to clone a policy-map and copy an existing configuration to another policymap name. The new policy-map can then be edited to create a new configuration.
Syntax
clone-policy-map <new-policy-name> <existing-policy-name>
Variable
Value
<new-policy-name>
Name of the policy map to be created.
<existing-policy-name>
The policy-map to be copied.
Example
SR/configure/qos/chassis#
clone-policy-map newmap map1
configure qos chassis dscp-exp-cos-map

Use this command to configure MPLS EXP to DSCP markings.
Syntax
Variable
Value
<0-63>

and cs code points.
<0-7>
MPLS EXP value.
Example
dscp-exp-cos-map 10 exp 1
configure qos chassis exp-dscp-cos-map

Use this command to configure MPLS EXP to DSCP markings.
October 2010
735
Syntax
exp-dscp-cos-map <0-7> dscp <0-63>
Variable
Value
<0-63>

and cs code points.
<0-7>
MPLS EXP value.
Example
exp-dscp-cos-map 1 dscp 10
configure qos chassis historical-stats ftp-parameters

Use this command to configure FTP parameters for the upload of statistics.
Syntax
ftp-parameters
The system prompts you to enter values for the primary FTP server IP address, secondary
FTP server IP address, user name, and password.
Example
SR/configure/qos/chassis/historical-stats#
ftp-parameters
Primary Ftp Server: 10.1.1.1 Secondary Ftp Server: 10.2.2.2

Ftp user name: admin
Ftp password:
configure qos chassis historical-stats sample-interval

Use this command to configure the sample interval for statistics.
Syntax
sample-interval <interval>
736
October 2010
configure qos chassis historical-stats upload

Variable
<interval>
Value
Sample Interval length (5, 10 or 15 minutes).
Example
sample-interval 10
configure qos chassis historical-stats upload

Use this command to configure the file name and interval for upload of statistics to an FTP
server.
Syntax
[no] upload [interval <value>] [file-id <name>]
Variable
Value
[interval <value>]
Upload Interval (1, 2, 3 or 4 hours).
[file-id <name>]
Upload-file ID.
[no]
Disables uploading of historical statistics.
Example
upload interval 1
configure qos chassis policy-map

Use this command to create a policy map to allow for the creation of class maps and associated
actions.
Syntax
[no] policy-map <policy-name> [force]
Variable
<policy-name>
Value
Specifies the name of the policy map.
October 2010
737
Variable
Value
[force]
When specified with the no parameter,

forces the removal of the specified policy
map from all applicable interfaces before
deleting the policy map. If you do not specify
this parameter, you must first manually
remove the policy map from all applicable
interfaces before you can delete the policy
map.
[no]
Deletes the policy map.
Example
policy-map map1
configure qos chassis policy-map class-map

Use this command to create a class map within the policy map to classify the traffic as desired.
The class map describes the classification attributes and actions. A policy map can have
multiple class maps.
Syntax
[no] class-map <class-name> <parent-class-name>
Variable
Value
<class-name>
The name of the class map to be created.
<parent-class-name>
Parent class name for the class map. "root"

is the pre-created class map that is the root
class map for the policy map. All traffic on an
interface is matched to the root class.
[no]
Deletes the class-map from the policy map.
Example
SR/configure/qos/chassis/policy-map map1#
class-map class1 root
configure qos chassis policy-map class-map cbq

Use this command to configure CBQ parameters to enable shaping on outbound queues.
738
October 2010
configure qos chassis policy-map class-map enable-red
Syntax
[no] cbq [cr-percent <value>] [pr-percent <value>] [priority <1-8>]
Variable
Value
[cr-percent <value>]
Committed Rate as percentage of interface

bandwidth. Meaningful only for leaf classes.
[pr-percent <value>]
Peak Rate as percentage of interface

bandwidth.
[priority <1-8>]
Scheduling priority. Meaningful only for leaf

classes
[no]
Clears the CBQ parameters.
Example
SR/configure/qos/chassis/policy-map map1/class-map class1#
percent 5 pr-percent 10 priority 7
cbq cr-
configure qos chassis policy-map class-map enable-red

Use this command to enable WRED or DS-RED on a class to enable congestion avoidance
on outbound flows.
Syntax
qos module policy-map
Variable
Value
{wred | ds-red}
RED type to be enabled, either WRED or DSRED.
[no]
Disables the corresponding RED type.
Example
red wred
enable-
October 2010
739
configure qos chassis policy-map class-map ewf

Use this command to configure the Exponential Weight Factor on this class for average queue
size calculation
Syntax
[no] ewf <1-15>
Variable
Value
<1-15>
Specifies the EWF value.
[no]
Removes the configuration.
Example
ewf 3
configure qos chassis policy-map class-map excessqueue-buffers

Use this command to set the maximum buffer limit for the class queue.
Syntax
[no] excess-queue-buffers <max-allowed-buffer-percentage>
Variable
Value
<max-allowed-buffer-percentage>
Excess maximum queue buffer limit, in

percentage.
[no]
Resets the values based on the class

parameters.
Example
queue-buffers 20
740
excess-
October 2010
configure qos chassis policy-map class-map mark
configure qos chassis policy-map class-map mark

Use this command to configure CoS marking for a class map to mark the header fields of the
matching class packets.
Syntax
[no] mark {[dscp <string/0-63>] | [precedence <0-7>] | [userpriority <0-7>] | [exp <0-7>]}
Variable
Value
[dscp <string/0-63>]
Mark packets with DiffServ Codepoint. Valid:

0-63, ef, af and cs code points.
[precedence <0-7>]
Mark packets with IP precedence. Valid: 0-7.
[user-priority <0-7>]
Mark packets with 802.1p priority. Valid: 0-7.
[exp <0-7>]
Mark packets with EXP value. Valid: 0-7.
[no]
Deletes the specified marking configuration

for the class.
Example
10 user-priority 1
mark dscp
configure qos chassis policy-map class-map match

Use this command to configure classification parameters to specify the attributes that the
packets must match in order to be classified into the specified class map.
To create a default class map, enter default as the match value.
Syntax
[no] match { [packet-class <packet-classvalue/string>] | [src-ip
<src-ip>[/<netmask>]] | [dest-ip <destip>[/<netmask>]] | [port
<1-65535>] [step-size <1-65535>] | [vlan-id <1-4095>] | [dscp
<string/0-63>] | [precedence <0-7>] | [tos <0-255>] | [user-priority
<0-7>] |[protocol <value/string>] | [exp <0-7>] | [src-ipv6 <srcipv6>[/prefixlen]] | [dest-ipv6 <dest-ipv6>[/<prefixlen <1-128>]] |
[traffic-class <0-255>] | [flow-label <0-1048575>] | [mpls-label
<0-1048575>]}
October 2010
741

Variable
Value
[packet-class <packet-classvalue/string>]
Match protocol type in layer 2 header or

'default' (E.g. packet-class IPV4). Valid:
{IPV4, IPV6, MPLS} -or- <hex-value (0001FFFF)>.
[src-ip <src-ip>[/<netmask>]]
Match source IP address. Valid: IP address/

range/subnet or 'default' Range of subnets
are not allowed. Always defaults to 32
(255.255.255.255).
[dest-ip <destip>[/<netmask>]]
Match destination IP address. Valid: IP

address/range/subnet or 'default'. Range of
subnets are not allowed. Always defaults to
32 (255.255.255.255).
[port <1-65535>]
Match TCP/UDP ports. Valid: port number/

range or 'default'. (1-65535)
[step-size <1-65535>]
Step increment (for example, match port

21-1000 step-size 2). Defaults to 1.
Valid: 1-65535.
[vlan-id <1-4095>]
VLAN ID/range or 'default' . Valid: 1-4095.
[dscp <string/0-63>]
Match DiffServ codepoints. DSCP/range or

'default'. Valid: 0-63, ef, af and cs code point
[precedence <0-7>]
Match precedence in IP header. Precedence

value/range or 'default'. Valid: 0-7
[tos <0-255>]
IP ToS field value/range or 'default' (e.g. tos

5-8). Valid: 0- 255.
[user-priority <0-7>]
Match 802.1p priority. Priority value/range or

'default'. Valid: 0-7
[protocol <value/string>]
Match Protocol type in IP header. Protocol id

or 'default'. Valid: {UDP TCP OSPF MPLS} or- value (1-255)
[exp <0-7>]
Match MPLS EXP bits. EXP value/range or

'default'. Valid : 0-7
[src-ipv6 <src-ipv6>[/prefixlen]]
Match IPv6 source address. IPv6 address/

prefix or 'default'. The prefix, if not specified
defaults to 128.
[dest-ipv6 <dest-ipv6>[/<prefixlen <1-128>]] Match IPv6 destination address. IPv6

address/prefix or 'default'. The prefix, if not
specified defaults to 128.
[traffic-class <0-255>]
742
Match Traffic Class field of IPv6. Value/

range or 'default'. Valid: 0-255
October 2010
configure qos chassis policy-map class-map pbr-redirect
Variable
Value
[flow-label <0-1048575>]
IPv6 Flow Label value/range or 'default'.

Valid: 0- 1048575
[mpls-label <0-1048575>]
MPLS Label value/range or 'default' . Valid :

0-1048575
[no]
Removes the classification keys from the

class-map.
Example
src-address 11.6.7.8-11.6.7.200
match
configure qos chassis policy-map class-map pbr-redirect

Use this command to configure policy-based redirect to redirect traffic from a specified class
to a particular interface or next hop.
Syntax
[no] pbr-redirect {[nexthop <ip-address>] | [lsp <lsp-name>] |
[interface <interface name>]}
Variable
Value
[nexthop <ip-address>]
Nexthop IPv4/IPv6 address.
[lsp <lsp-name>]
MPLS LSP interface name.
[interface <interface name>]
Egress interface name.
[no]
Resets the values to null. It will disable the

feature as well.
Example
redirect interface wan1
pbr-
October 2010
743
configure qos chassis policy-map class-map police coloraware

Use this command to enable srTCM or trTCM to run in color aware mode for the class map to
allow consideration of previous DSCP markings.
Syntax
[no] color-aware
Variable
[no]
Value
Disables color aware mode.
Example
SR/configure/qos/chassis/policy-map map1/class-map class1/police#
color-aware
configure qos chassis policy-map class-map police srtcm

Use this command to configure srTCM related parameters to apply single-rate policing to a
class map in the inbound or outbound direction.
Syntax
[no] srtcm [cir <1-1000000>] [cir-percentage <cir%>] [cbs <1
5000000>][cbs-time <100-5000>] [ebs <1 5000000>] [ebs-time
<100-5000>] [green-action {permit | mark-dscp-<value> | drop}]
[yellow-action {permit | mark-dscp-< value> | drop}] [red-action
{permit | markdscp-<value> | drop}]
Variable
744
Value
[cir <1-1000000>]
Committed rate in Kbps. Valid: 1 1000000.
[cir-percentage <cir%>]
Committed rate in percentage.
[cbs <1 5000000>]
Committed burst size in Kbits. The valid

range corresponding to CIR should be >=
(100 msec * CIR)/1000 and <= (5000 msec *
CIR)/1000.
October 2010
configure qos chassis policy-map class-map police trtcm
Variable
Value
[cbs-time <100-5000>]
Committed burst size in milliseconds. The

valid range is 100 to 5000. Default value is
1000 ms.
[ebs <1 5000000>]
Excess burst size in Kbits. The valid range

corresponding to CIR should be >= (100
msec * CIR)/1000 and <= (5000 msec * CIR)/
1000.
[ebs-time <100-5000>]
Excess burst size in milliseconds. The valid

range is 100 to 5000. Default value is 1000
ms.
[green-action {permit | mark-dscp-<value> |

drop}]
Action to be taken on green packet. Valid

permit, mark-dscp-<value> or drop.
[yellow-action {permit | mark-dscp-< value> | Action to be taken on yellow packet. Valid

drop}]
permit, mark-dscp-<value> or drop
[red-action {permit | markdscp-<value> |
drop}]
Action to be taken on red packet. Valid

[no]
Deletes the specified policing configuration

for the class.
Example
srtcm cir 50 ebs 60 green-action permit
configure qos chassis policy-map class-map police trtcm

Use this command to configure trTCM related parameters to apply two-rate policing to a class
map in the inbound or outbound direction.
Syntax
[no] trtcm [cir <cir>] [cir-percentage <cir%>] [pir <pir>] [pirpercentage <pir%>] [cbs <1 - 5000000>] [cbs-time <100-5000>] [pbs <1
- 5000000>] [pbs-time <100-5000>][green-action {permit | mark-dscp<value> | drop}] [yellow-action {permit | mark-dscp-<value> | drop}]
[red-action {permit | markdscp-<value> | drop}]
Variable
Value
[cir <cir>]
Committed rate in Kbps. Valid: 1 1000000.
[cir-percentage <cir%>]
Committed rate in percentage.
October 2010
745
Variable
Value
[pir <pir>]
Peak rate in Kbps. Valid: 1 1000000.
[pir-percentage <pir%>]
Peak rate in percentage.
[cbs <1 - 5000000>]
Committed burst size in Kbits. The valid

range corresponding to CIR should be >=
(100 msec * CIR)/1000 and <= (5000 msec *
CIR)/1000.
[cbs-time <100-5000>]
Committed burst size in milliseconds. The

valid range is 100 to 5000. Default value is
1000 ms.
[pbs <1 - 5000000>]
Peak burst size in Kbits. The valid range

corresponding to PIR should be >= (100
msec * PIR)/1000 and <= (5000 msec * PIR)/
1000.
[pbs-time <100-5000>]
Peak burst size in milliseconds. The valid

range is 100 to 5000. Default value is 1000
ms.
[green-action {permit | mark-dscp-<value> |

drop}]
Action to be taken on green packet. Valid

permit, mark-dscp-<value> or drop.
[yellow-action {permit | mark-dscp-<value> | Action to be taken on yellow packet. Valid

drop}]
[red-action {permit | markdscp-<value> |
drop}]
Action to be taken on red packet. Valid

[no]
Deletes the specified policing configuration

for the class.
Example
trtcm cir 50 pir 1000 pbs 60 yellow-action permit
configure qos chassis policy-map class-map red

Use this command to specify WRED or DS-RED parameters on a class to configure congestion
avoidance on outbound flows.
Syntax
[no] red {[minth-green <percent>] [maxth-green <percent>] [mpdgreen
<1-15>] [minth-yellow <percent>] [maxth-yellow <percent>] [mpdyellow <1-15>] [minth-red <percent>] [maxth-red <percent>] [mpd-red
<1-15>] } | {[dscp <0-63>] [minth <percent>] [maxth <percent>]}[mpd
<1-15>]
746
October 2010
configure qos chassis policy-map class-map red

Variable
Value
[minth-green <percent>]
Minimum Threshold for green (WRED). Valid

Range: 1-100.
[minth-yellow <percent>]
Minimum Threshold for yellow (WRED).

Valid Range: 1-100.
[minth-red <percent>]
Minimum Threshold for red (WRED). Valid

Range: 1- 100.
[maxth-green <percent>]
Maximum Threshold for green (WRED).

Valid Range: 1-100.
[maxth-yellow <percent>]
Maximum Threshold for yellow (WRED).

Valid Range: 1-100.
[maxth-red <percent>]
Maximum Threshold for red (WRED). Valid

Range: 1- 100.
[mpdgreen <1-15>]

2) for green(WRED). Valid Range: 1-15.
[mpd-yellow <1-15>]

2) for yellow(WRED). Valid Range: 1-15.
[mpd-red <1-15>]

2) for red(WRED). Valid Range: 1-15.
[minth <percent>]
Minimum Threshold for DS-RED. Valid

Range: 1-100.
[maxth <percent>]
Maximum Threshold for DS-RED. Valid

Range: 1-100.
[dscp <0-63>]
DiffServ Codepoint for DS-RED. Valid

Range: 0-63/string.
[mpd <1-15>]

2) for DS-RED. Valid Range: 1-15.
[no]
Resets the WRED parameters to its default

values, which depends on the interface, and
removes the DS-RED parameters if
specified.
Example
SR/configure/qos/chassis/policy-map map1/class-map class1# red
minth-red 30 maxth-red 60 mpd-red 5 minth-yellow 40 maxth-yellow 80
mpd-yellow 4 minth-green 60 maxth-green 95 mpd-green 6
October 2010
747
configure qos enable-auto-qos

Use this command to enable auto QoS at the global level. If an interface already has a policy
map applied, auto QoS is not applied.
Important:
For PPP bundles, when auto QoS is enabled, if the bundle bandwidth is less than or equal to
768Kbps, the LFI feature is enabled automatically. The feature is disabled when auto QoS
is removed.
Syntax
[no] enable-auto-qos
Variable
[no]
Value
Removes auto QoS configuration.
Example
SR/configure#
qos enable-auto-qos
show qos chassis

Use this command to display service policy map information for the specified interface. If a
class map is specified then the output displays information about that class map only.
Syntax
show qos chassis <interface-type> <interface-name> [pvc <pvc-id>]
[class <class-map-name>] [direction {inbound | outbound}] [mpls] [lsp
<lsp>]
Variable
748
Value
[direction {inbound | outbound}]
Specifies to display statistics for inbound or

outbound direction.
<interface-type>
Specifies the interface type: ethernet,

bundle, tunnel, vlan or crypto.
<interface-name>
[class <class-map-name>]
Class map name to display. String(1-19)
October 2010
show qos chassis dscp-exp-cos-map
Variable
Value
[pvc <pvc-id>]

[mpls]
Display MPLS LSP tunnel name information.
[lsp <lsp>]
Example
SR# show qos chassis ethernet 0/3 class class1 direction inbound

Use this command to display the DSCP to EXP mappings for MPLS QoS.
Syntax
Example
SR# show qos chassis dscp-exp-cos-map
show qos chassis exp-dscp-cos-map

Use this command to display the EXP to DSCP mappings for MPLS QoS.
Syntax
show qos chassis exp-dscp-cos-map
Example
SR# show qos chassis exp-dscp-cos-map
show qos chassis historical-stats

Use this command to display the historical statistics for class maps for the specified interface
and/or specified class map.
Syntax
show qos chassis historical-stats <interface-type> <interface-name>
[pvc < pvc-id>] [class-map <class-mapname>] [direction {inbound |
outbound}]
October 2010
749
Example
SR# show qos chassis historical-stats ethernet 0/3
show qos chassis historical-stats configuration

Use this command to display the configuration for the collection of historical statistics.
Syntax
show qos chassis historical-stats configuration
Example
SR# show qos chassis historical-stats configuration
show qos chassis policy map

Use this command to display policy map and class map information.
Syntax
show qos chassis policy-map [<policy-map-name>] [class-map [<classmap-name>]] [detail]
Variable
Value
[<policy-map-name>]
Name of policy map to display. String(1-19).

If you do not specify a policy map name, the
system displays all the configured policy
maps.
[<class-map-name>]
Name of class map to display. String(1-19).

If you do not specify a class map name, the
system displays all the configured class
maps for the specified policy map.
[detail]
Example
SR# show qos chassis policy-map policy1
750
October 2010
show qos chassis red
show qos chassis red

Use this command to display the RED information for a specified bundle.
Syntax
show qos chassis red <bundle-name> [pvc < pvc-id>]
Variable
Value
[pvc < pvc-id>]

<bundle-name>
Specifies the name for the bundle.
Example
SR# show qos chassis red wan1
show qos chassis service-policy

Use this command to to view the policy maps that are applied to all applicable interfaces. The
output displays in the format of interface and inbound and outbound service policy maps.
Syntax
show qos chassis service-policy <interface-type> <interface-name>
[pvc <pvc-id>]
Variable
Value
<interface-type>
Specifies the interface type: ethernet,

bundle, tunnel, vlan or crypto.
<interface-name>
[pvc <pvc-id>]
Specifies the PVC ID for Frame Relay

interfaces. Range: 16-1022.
Example
SR# show qos chassis service-policy ethernet 0/3
October 2010
751
show qos chassis system

Use this command to display the system level chassis QoS configuration.
Syntax
show qos chassis system
Example
SR# show qos chassis system
752
October 2010
Chapter 53: Ethernet module QoS

commands
clear qos module policy-map

Use this command to clear the counters associated with the specified policy map and classes..
Syntax
clear qos module policy-map <policy-name> [class <class-name>] [ratemonitoring-stats]
Variable
Value
<policy-name>
Name of the policy-map.
[class <class-name>]
Optional. Name of the class-map If classname is not specified, the counters

associated with all the class maps within the
policy-map specified will be cleared
[rate-monitoring-stats]
Optional. Specifies the rate monitoring

statistics If rate-monitoring stats is specified,
the rate-monitoring stats associated with the
class map will be cleared
Example
SR# clear qos module policy-map policy1
configure interface ethernet qos module congestion-profile

Use this command to attach a congestion profile to an interface.
Syntax
[no] congestion-profile <profile-no>
October 2010
753
Ethernet module QoS commands

Variable
Value
<profile-no>
The congestion profile to apply. Valid ranges:

1-4
[no]
Removes the profile from the interface.
Example
SR/configure/interface/ethernet (6/12)/qos/module# congestionprofile 1
configure interface ethernet qos module default-queue

Use this command to to specify the queue assigned to all untagged packets ingressing on the
interface. To force output-queue assignment for both untagged and tagged packets, you can
use the force-all parameter.
Syntax
[no] default-queue <queue-no> [force-all]
Variable
Value
<queue-no>
The output queue assigned. Valid Range:

1-8
[force-all]
Optional parameter. If specified, outputqueue assignment is forced for both

untagged and tagged packets. Otherwise, it
is assigned only for untagged packets.
[no]
Resets the default queue to 8.
Example
SR/configure/interface/ethernet (6/12)/qos/module# default-queue 7
configure interface ethernet qos module egress-buffer-limit

Use this command to configure the transmit descriptors on an egress port.
Syntax
egress-buffer-limit <buffers>
754
October 2010
configure interface ethernet qos module ingress-buffer-limit

Variable
<buffers>
Value
Buffer count. Valid Range: 0 4000
Example
SR/configure/interface/ethernet (6/12)/qos/module# egress-bufferlimit 40
configure interface ethernet qos module ingress-bufferlimit

Use this command to configure the receive buffers on an ingress port
Syntax
ingress-buffer-limit <buffers>
Variable
<buffers>
Value
Example
SR/configure/interface/ethernet (6/12)/qos/module# ingress-bufferlimit 40
configure interface ethernet qos module mark-dscp

Use this command to configure the DSCP value to apply for marking of untagged packets
ingressing on the interface.
Syntax
[no] mark-dscp <dscp-value>
Variable
Value
<dscp-value>
The DSCP value marked for the IP packets.

Valid Range: 0-63
[no]
Removes the marking
October 2010
755
Example
SR/configure/interface/ethernet (6/12)/qos/module# mark-dscp 63
configure interface ethernet qos module mark-user-priority

Use this command to configure the user priority value to apply for marking of untagged packets
ingressing on the interface
Syntax
[no] mark-user-priority <user-priority-value>
Variable
Value
<user-priority-value>
The user priority value marked for the

untagged packet. Valid Range: 0-7
[no]
Removes the marking
Example
SR/configure/interface/ethernet (6/12)/qos/module#
priority 6
mark-user-
configure interface ethernet qos module queue priorityqueue

Use this command to configure the queue for Strict Priority scheduling to enable interrupt
queuing.
Syntax
priority-queue
Example
SR/configure/interface/ethernet (6/12)/qos/module/queue 3#
priority-queue
756
October 2010
configure interface ethernet qos module queue wrr-queue
configure interface ethernet qos module queue wrr-queue

Use this command to configure the queue as part of Weighted Round Robin scheduling group
to provide WRR scheduling for the queue group.
Syntax
wrr-queue <queue-weight> <WRR-group>
Variable
Value
<queue-weight>
Specifies the relative queue weight (1-255).
<WRR-group>
Specifies the WRR group to which the queue

belongs. Within the same WRR group,
queues must be consecutive.
Example
queue 20 1
wrr-
configure interface ethernet qos module queue queue-limit

Syntax
queue-limit <16-4000>
Variable
<16-4000>
Value
Queue limit in packets. Specify in multiples
of 16.
Example
limit 320
queue-
October 2010
757
configure interface ethernet qos module queue shape

Syntax
[no] shape [rate <rate>] [burst <burst>]
Variable
Value
[rate <rate>]
Queue shaping rate in Kb/s. Valid range: 651

- 999936 in multiples of 651 Kb/s.
[burst <burst>]
Burst size in bytes in multiples of 4KB. Valid

range: 4 16000
[no]
disables shaping
Example
rate 3255 burst 20
shape
configure interface ethernet qos module random-detect

Use this command to disable RED for an interface to enable tail drop on the interface. If tail
drop is no longer required, you can re-enable RED on the interface.
Syntax
[no] random-detect
Variable
[no]
Value
Disables random-early-detect on the
interface
Example
758
no random-detect
October 2010
configure interface ethernet qos module service-policy
configure interface ethernet qos module service-policy

After you have configured a policy map, you can use this command to assign the policy map
to one or more interfaces. With Ethernet module QoS, you can only apply the policy map in
the inbound direction.
Syntax
[no] service-policy input <policy-name>
Variable
Value
<policy-name>
Name of the policy map. Name can be up to

255 alphanumeric characters
[no]
Removes the policy map from that interface.
Example
input map1
service-policy
configure interface ethernet qos module shape

Use this command to configure the shaping rate and burst size for the port.
Syntax
[no] shape [rate <rate>] [burst <burst>]
Variable
Value
[rate <rate>]
Queue shaping rate in Kb/s.Valid range: 651

- 999936 in multiples of 651 Kb/s.
[burst <burst>]
Burst size in bytes in multiples of 4KB. Valid

range: 4 16000
[no]
disables shaping
Example
burst 40
shape rate 6510
October 2010
759
configure interface ethernet qos module xoff-limit

Use this command to configure the XOFF threshold limit for an interface
Syntax
xoff-limit <buffers>
Variable
<buffers>
Value
Example
xoff-limit 40
configure interface ethernet qos module xon-limit

Use this command to configure the XON threshold limit for an interface.
Syntax
xon-limit <buffers>
Variable
<buffers>
Value
Example
xon-limit 40
configure qos module accounting disable

Use this command to disable QoS accounting for billing counters at the system level.
By default, accounting is enabled at the system level.
Syntax
[no] accounting disable
760
October 2010
configure qos module clone-policy-map

Variable
[no]
Value
Reenables accounting at the system level
Example
SR/configure/qos/module#
accounting disable
configure qos module clone-policy-map

Use this command to copy an existing configuration to another policy-map name. The new
policy-map can then be edited to create a new configuration.
Syntax
clone-policy-map <new-policy-name> <existing-policy-name>
Variable
Value
<new-policy-name>
Name of the new policy map to be created.
<existing-policy-name>
The policy map to be copied.
Example
clone-policy-map newmap map1
configure qos module congestion-profile drop-curve

Use this command to configure the congestion avoidance parameters for one of the four
congestion profiles.
Syntax
[no] drop-curve <queue-id> <drop-precedence-value> [maxthreshold
<max-threshold-value>] [min-threshold <minthreshold- value>] [dropprob-denominator <mpd>]
Variable
<queue-id>
Value
Identifier for the queue. Valid ranges: 1-8
October 2010
761
Variable
Value
<drop-precedence-value>
Drop precedence value. Valid ranges: {low,

min, high}
[maxthreshold <max-threshold-value>]
Optional. Maximum threshold value for

WRED. Valid range: 1 - 4000
[min-threshold <minthreshold- value>]
Optional. Minimum threshold value for

WRED. Valid range: 1 - 4000
[drop-prob-denominator <mpd>]
Optional. Mark probability denominator. Valid

range: 1 - 10
[no]
Disables accounting for the class.
Example
SR/configure/qos/module/ congestion-profile 1#
maxthreshold drop-prob-denominator 2
drop-curve 8 high
configure qos module congestion-profile exponentialweighting-constant

Use this command to configure the exponential weighting factor (EWF) constant for the
specified congestion profile.
Syntax
[no] exponential-weighting-constant <queue-id> <ewf-value>
Variable
Value
<queue-id>
Identifier for the queue. Valid ranges: 1-8
<ewf-value>
EWF value. Valid ranges: 0 10
[no]
resets the EWF parameter to default value
Example
SR/configure/qos/module/congestion-profile 1#
weighting-constant 8 2
762
exponential-
October 2010
configure qos module enable-rate-sampling
configure qos module enable-rate-sampling

Use this command to enable rate sampling at the system level to initiate the flow rate monitoring
of all classes configured for monitoring.
Syntax
[no] enable-rate-sampling
Variable
[no]
Value
Disables rate sampling.
Example
enable-rate-sampling
configure qos module policing-cos-map ip

Use this command to configure policing based CoS mappings for IP packets. You can configure
user-priority, DSCP, and drop-precedence marking for the packets based on the conformance
level and incoming DSCP value.
One of the optional parameter must be specified while configuring the CoS map
Syntax
[no] policing-cos-map ip <dscp-value> <conformance-level> [dropprecedence <drop-precedencevalue>] {[user-priority <user-priorityvalue>] | [dscp <dscp-value>]}
Variable
Value
<dscp-value>
The DSCP value in the IP packet. Valid

Range: 0- 63
<conformance-level>
The conformance-level assigned by the

policer to the packet. Valid Range: conform /
exceed / violate
[drop-precedence <drop-precedencevalue>] Optional. The drop precedence value to be

assigned. Valid Range: low / medium / high
[user-priority <user-priority-value>]
Optional. The user priority value to be

assigned. Valid Range: 0-7
October 2010
763
Variable
Value
[dscp <dscp-value>]
Optional. The DSCP value to be assigned.

Valid Range: 0-63
[no]
resets the CoS mappings for the packet
Example
precedence medium
policing-cos-map ip 10 conform drop-
configure qos module policing-cos-map non-ip

Use this command to configure policing based CoS mappings for non-IP packets. You can
configure user-priority and drop-precedence marking for the packets based on the
conformance level and incoming user-priority.
You must specify at least one of the optional parameters when configuring the CoS map.
Syntax
[no] policing-cos-map non-ip <user-priority-value> <conformancelevel> [drop-precedence <drop-precedence-value>] [user-priority
<user-priority-value>]
Variable
Value
<user-priority-value>
The user priority value in the priority tagged

packet. Valid Range: 0-7
<conformance-level>
The conformance-level assigned by the

policer to the packet. Valid Range: conform /
exceed / violate
[drop-precedence <drop-precedencevalue>]
Optional. The drop precedence value to be

assigned. Valid Range: low / medium / high
[user-priority <user-priority-value>]
Optional. The user priority value to be

assigned. Valid Range: 0-7
[no]
Resets the CoS mappings for the packet
Example
precedence high
764
policing-cos-map non-ip 0 exceed drop-
October 2010
configure qos module policy-map
configure qos module policy-map

Use this command to create a policy map to allow for the creation of class maps and associated
actions.
Syntax
[no] policy-map <policy-name> [force]
Variable
Value
<policy-name>
Specifies the name of the policy map.
[force]
When specified with the no parameter,

forces the removal of the specified policy
map from all applicable interfaces before
deleting the policy map. If you do not specify
this parameter, you must first manually
remove the policy map from all applicable
interfaces before you can delete the policy
map.
[no]
Deletes the policy map.
Example
policy-map map1
configure qos module policy-map class-map

Use this command to create a class map within the policy map to classify the traffic as desired.
The class map describes the classification attributes and actions. A policy map can have
multiple class maps.
Syntax
[no] class-map <class-name>
Variable
Value
<class-name>
The name of the class map to be created.
[no]
Deletes the class-map from the policy map.
October 2010
765
Example
class-map class1
configure qos module policy-map class-map accounting

enable
Use this command to enable flow-based accounting of the number of forwarded, conforming,
exceeding, and violated packets for the class.
By default, accounting is disabled for the class.
Syntax
[no] accounting enable
Variable
[no]
Value
Disables accounting for the class.
Example
SR/configure/qos/module/policy-map map1/class-map class1#
accounting enable
configure qos module policy-map class-map assign-dropprecedence

Syntax
[no] assign-drop-precedence {low | medium | high}
Variable
[no]
Value
Removes the drop precedence assignment
from the class.
Example
drop-precedence low
766
assign-
October 2010
configure qos module policy-map class-map assign-queue
configure qos module policy-map class-map assign-queue

Use this command to assign the queue for all the packets matching the classification criteria
of the class.
Syntax
[no] assign-queue <queue-no>
Variable
Value
<queue-no>

1-8
[no]
Removes the queue assignment for the

class.
Example
queue 7
assign-
configure qos module policy-map class-map mark-dscp

Use this command to mark the DSCP value for all the packets matching the classification
criteria of the class.
Syntax
[no] mark-dscp <0-63>
Variable
Value
<0-63>
The DSCP value marked for the IP packets.
[no]
Removes the DSCP marking for all the

packets classified into the class.
Example
60
mark-dscp
October 2010
767
configure qos module policy-map class-map mark-userpriority

Use this command to mark the user priority value for all the packets matching the classification
criteria of the class.
Syntax
[no] mark-user-priority <0-7>
Variable
Value
<0-7>
The user priority value marked for the priority

tagged packet.
[no]
Removes the user-priority marking for the

class.
Example
user-priority 6
mark-
configure qos module policy-map class-map match ipv4

Use this command to configure the match criteria to classify IPv4 packets for a class map.
The match criteria "any" cannot be used along with other criteria in a matching rule. However
other fields can be used together in a matching rule.
Syntax
[no] match ipv4 {any | [src-mac <src-mac-address>] [dest-mac <destmac-address>] [ether-type <ethernet-type-value>] [vlan-id <vlan-idvalue>] [user-priority <user-priorityvalue>] [src-address <src-ipv4address>] [dest-address <dest-ipv4-address>] [protocol <protocolvalue>] [src-port <src-port-value>] [dest-port <dest-port-value>]
[dscp <dscp-value>] [tos <tos-value>] [precedence <precedencevalue>]}
Variable
any
768
Value
Wildcard rule to match any IPv4 packet
October 2010
Variable
Value
[src-mac <src-mac-address>]
Source MAC address in xx:xx:xx:xx:xx:xx

format
[dest-mac <dest-mac-address>]
Destination MAC address in

xx:xx:xx:xx:xx:xx format
[ether-type <ethernet-type-value>]
Ethernet type value in hexa-decimal notation
[vlan-id <vlan-id-value>]
VLAN Identifier value. Valid Ranges: 0-4095
[user-priority <user-priorityvalue>]
User Priority value. Valid Ranges: 0-7
[src-address <src-ipv4-address>]
Source IPv4 address
[dest-address <dest-ipv4-address>]
Destination IPv4 address
[protocol <protocol-value>]
IP protocol value
[src-port <src-port-value>]
UDP/TCP source port value
[dest-port <dest-port-value>]
UDP/TCP source port value
[dscp <dscp-value>]
IP DSCP value. Valid Range: 0-63
[tos <tos-value>]
IP TOS value. Valid Range: 0-255
[precedence <precedencevalue>]
IP Precedence value. Valid Range: 0-7
Example
dscp 40
match ipv4

Use this command to configure the match criteria to classify IPv6 packets for a class map.
Syntax
[no] match ipv6 {any | [vlan-id <vlan-id-value>] [userpriority <userpriority-value>] [src-address <src-ipv6- address>] [dest-address
<dest-ipv6-address>] [protocol <protocol-value>] [dscp < dscpvalue>] [traffic-class <traffic-value>] [flow-label <flow-labelvalue>]}
Variable
any
Value
Wildcard rule to match any IPv6 packet
October 2010
769
Variable
Value
VLAN Identifier value. Valid Range: 0-4095
[userpriority <user-priority-value>]
User Priority value. Valid Range: 0-7
[src-address <src-ipv6- address>]
Source IPv6 address
[dest-address <dest-ipv6-address>]
Destination IPv6 address
IP protocol value
[dscp <dscp-value>]
IP DSCP value. Valid Range: 0-63
[traffic-class <traffic-value>]
IP TC value. Valid Range: 0-255
[flow-label <flow-label-value>]
Flow label value. Valid Range: 0- 1048575
Example
flow-label 200
match ipv6
configure qos module policy-map class-map match non-ip

Use this command to create or modify a class map that can be used for matching packets to
a specified class
Syntax
[no] match non-ip {any | [src-mac <mac-address>] [dest-mac <macaddress>] [ether-type <ethernet-type-value>] [vlan-id <vlan-idvalue>] [user-priority <user-priority-value>]}
Variable
770
Value
any
Wildcard rule to match any non-IP packet
[src-mac <src-mac-address>]
Source MAC address in xx:xx:xx:xx:xx:xx

format
[dest-mac <dest-mac-address>]
Destination MAC address in

xx:xx:xx:xx:xx:xx format
[ether-type <ethernet-type-value>]
Ethernet type value in hexa-decimal notation
VLAN Identifier value. Valid Ranges: 0-4095
[user-priority <user-priorityvalue>]
User Priority value. Valid Ranges: 0-7
October 2010
configure qos module policy-map class-map pbr-redirect
Example
ip dest-mac 00:23:44:fe:02:fa
match non-
configure qos module policy-map class-map pbr-redirect

Use this command to configure policy-based redirect to redirect traffic from a specified class
to a particular interface.
Syntax
[no] pbr-redirect {[nexthop <ip-address>] | [lsp <lsp-name>] |
[interface <interface name>]}
Variable
Value
[nexthop <ip-address>]
Nexthop IPv4/IPv6 address.
[lsp <lsp-name>]
[interface <interface name>]
Egress interface name.
[no]
Resets the values to null. It will disable the

feature as well.
Example
redirect nexthop 10.2.34.5
pbr-
configure qos module policy-map class-map police coloraware

Use this command to enable srTCM or trTCM to run in color aware mode for the class map to
allow consideration of previous DP markings.
Syntax
[no] color-aware
October 2010
771

Variable
[no]
Value
Configures color blind operation for the
policer
Example
SR/configure/qos/module/policy-map map1/class-map class1/police#
color-aware
configure qos module policy-map class-map police disable

By default, after you configure srTCM or trTCM properties for a class, the configuration is
automatically enabled for the class. Use this command to disable policing for a class.
Syntax
[no] disable
Variable
[no]
Value
Enables policing for the class
Example
disable
configure qos module policy-map class-map police dropviolate

Use this command to enable packet drop for packets that violate the policing profile
By default, packet drop is disabled.
Syntax
[no] drop-violate
772
October 2010
configure qos module policy-map class-map police remark-cos

Variable
[no]
Value
Removes dropping of policing profile violated
packets
Example
drop-violate
configure qos module policy-map class-map police remarkcos

Use this command to enable CoS re-marking for the policer assigned to the class
By default, Policing based CoS re-marking is disabled.
Syntax
[no] remark-cos
Variable
[no]
Value
disable policing based CoS remarking for the
class
Example
remark-cos
configure qos module policy-map class-map police srtcm

Use this command to configure srTCM to configure single-rate policing for the class. By default,
after you configure srTCM properties, the configuration is automatically enabled for the class.
Syntax
srtcm <cir-value> [cbs <cbs-value>] [ebs <ebs-value>]
October 2010
773

Variable
Value
<cir-value>
The committed information rate. Valid

Range: 3Kbps - 10000000 Kbps
[cbs <cbs-value>]
Optional. The committed burst size in Kbits.

The valid range corresponding to CIR should
be >= (1 * CIR Kbps) and <= (5* CIR Kbps).
The value must be at least as large as the
largest possible packet.
[ebs <ebs-value>]
Optional. The excess burst size in Kbits. The

valid range corresponding to CIR should be
>= (1 * CIR Kbps) and <= (5* CIR Kbps). The
value must be at least as large as the largest
possible packet.
[no]
Removes srTCM configuration for the class
Example
srtcm 400 cbs 3000 ebs 6000
configure qos module policy-map class-map police trtcm

Syntax
trtcm <cir-value> <pir-value> [cbs <cbs-value>] [pbs <pbs-value>]
Variable
774
Value
<cir-value>
The committed information rate. Valid

Range: 3 Kbps - 10000000 Kbps.
<pir-value>
The peak information rate. Valid Range: 3

Kbps - 10000000 Kbps.
[cbs <cbs-value>]
Optional. The committed burst size. The

valid range corresponding to CIR should be
>= (1 * CIR Kbps) and <= (5* CIR Kbps). The
value must be at least as large as the largest
possible packet.
[pbs <pbs-value>]
Optional. The peak burst size. The valid

range corresponding to CIR should be >= (1 *
CIR Kbps) and <= (5* CIR Kbps). The value
October 2010
configure qos module policy-map class-map rate-monitoring
Variable
Value
must be at least as large as the largest
possible packet.
[no]
Removes the trTCM configuration for the

class.
Example
trtcm 10 20 cbs 5000 ebs 10000
configure qos module policy-map class-map ratemonitoring

Use this command to configure flow rate monitoring for a class to monitor the class traffic flows.
By default, rate monitoring is disabled for a new class.
Syntax
[no] rate-monitoring enable
Variable
[no]
Value
Disables rate-monitoring for the class.
Example
monitoring enable
rate-
configure qos module queue-cos-map

Use this command to map the output queue to a user priority value for untagged packets
egressing on that queue.
Syntax
[no] queue-cos-map <queue-no> <userpriority-value>
October 2010
775

Variable
Value
<queue-no>

1-8
<userpriority-value>
The user priority value of the priority tagged

[no]
Resets the queue and user-priority mapping

to default values.
Example
queue-cos-map 0 7
configure qos module rate-monitoring

Use this command to configure rate-monitoring parameters at the global level to specify the
sampling interval and sampling period.
Syntax
[no] rate-monitoring [sampling-interval <interval>] [sampling-period
<period>]
Variable
Value
[sampling-interval <interval>]
Optional. Sampling interval in seconds. Valid

range: 1 300
[sampling-period <period>]
Optional. Sampling period in seconds. Valid

range: 1 4294967295
[no]
Resets the flow-rate monitoring parameters

to default
Example
776
rate-monitoring sampling-interval 60
October 2010
configure qos module user-priority-cos-map
configure qos module user-priority-cos-map

Syntax
[no] user-priority-cos-map <userpriority-value> { [queue <queue-no> ]
[drop-precedence <low | medium | high>] }
Variable
Value
<userpriority-value>
The user priority value of the priority tagged

[queue <queue-no>]

1-8
[drop-precedence <low | medium | high>]
The drop precedence value assigned. Valid

Range: low / medium / high.
[no]
Resets the user-priority CoS mapping to

default values.
Example
precedence high
user-priority-cos-map 0 queue 8 drop-
show qos module congestion-profile

Syntax
show qos module congestion-profile <profile-id> [<queue-id>]
Variable
Value
<profile-id>
One of the four congestion profile IDs. Valid

range: 1 4
[<queue-id>]
Optional. Queue identifier. Valid range: 1 8

If queue-id is not specified, the congestion
avoidance parameters associated with all 8
queues in the congestion profile will be
displayed.
October 2010
777
Example
SR# show qos module congestion-profile 1 2
show qos module ethernet

Use this command to display the interface-level Module QoS configuration.
Syntax
show qos module ethernet <slot/port>
Variable
<slot/port>
Value
Slot/port of the interface
Example
SR# show qos module ethernet 6/12
show qos module policing-cos-map ip

Use this command to display the policy CoS mappings configured for the IP packets.
Syntax
show qos module policing-cos-map ip [<dscp-value> | <conformancelevel>]
Variable
778
Value
<dscp-value>
Optional. The DSCP value in the IP packet.

Valid Range: 0-63 If dscp-value is specified,
all the policing-cos-mappings associated
with the DSCP value will be displayed.
Otherwise, displays all the mappings
<conformance-level>
Optional. The conformance-level assigned

by the policer to the packet. Valid Range:
conform / exceed / violate. If conformancelevel is specified, the policing-cos-mapping
associated with the DSCP value and the
conformance level specified will be
displayed. Otherwise, all the policing-cos-
October 2010
show qos module policing-cos-map non-ip
Variable
Value
mappings associated with the DSCP value
specified will be displayed.
Example
SR# show qos module policing-cos-map ip 63
show qos module policing-cos-map non-ip

Use this command to display the policy CoS mappings configured for the non-IP packets.
Syntax
show qos module policing-cos-map non-ip [<user-priority-value>]
Variable
[<user-priorityvalue>]
Value
Optional. The user priority value in the
priority tagged packet. Valid Range: 0-7 If
user-priority-value is specified, all the
policing-cos-mappings associated with the
user-priority value will be displayed.
Otherwise, displays all the mappings
Example
SR# show qos module policing-cos-map non-ip 7
show qos module policy-map

Use this command to display the module QoS policy map and class map configuration.
Syntax
show qos module policy-map [<policy-name>] [class <class-name>]
[detail]
Variable
[<policy-name>]
Value
Optional. Name of the policy-map. Valid
range: Up to 19 characters. If policy-name is
October 2010
779
Variable
Value
not specified, the QoS configuration of all the
policy maps in the system will be displayed.
[class <class-name>]
Optional. Name of the class-map. Valid

range: Up to 19 characters If class-name is
not specified, the QoS configuration of all the
class maps within the policy map will be
displayed
[detail]
Optional. Used for detailed display of the

configuration User may opt to display the
detailed information using the detail
parameter
Example
SR# show qos module policy-map policy1
show qos module service-policy

Use this command to display the policy map attached with the interface.
Syntax
show qos module service-policy [<if-name>]
Variable
[<if-name>]
Value
Optional. Name of the interface. If if-name is
not specified, all the policy map and interface
mappings in the system will be displayed.
Example
SR# show qos module service-policy ethernet6/12
show qos module system

Use this command to display the system level Module QoS configuration.
Syntax
show qos module system
780
October 2010
show qos system
Example
SR# show qos module system
show qos system

Use this command to display the status of system-level QoS configuration (QoS enabled/
disabled and auto-QoS enabled/disabled).
Syntax
show qos system
Example
SR# show qos system
October 2010
781
782
October 2010
Chapter 54: SLA commands
clear sla profile

Use this command to clear the SLA profile statistics.
Syntax
clear sla profile [<1-1000> | all]
Variable
Value
[<1-1000> | all]
Specifies the SLA profile statistics to clear.
Example
SR# clear sla profile 100
configure sla profile

Use this command to configure the SLA profile.
Syntax
[no] sla profile <profile-id>
Variable
Value
<profile-id>
ID of the profile to be configured. Valid range

is 1- 1000.
[no]
Removes the SLA profile.
Example
SR/configure#
sla profile 1
October 2010
783
SLA commands
configure sla profile action

Use this command to configure the effect type and action type for the SLA.
Syntax
[no] action <effect-type> [<action-type>]
Variable
Value
<effect-type>
The SLA variable that has to be monitored.

Valid: jitter-average,jitter-average-srcdest,jitter-average-dest-src,jittermaxpositive-src-dest,jitter-max-positive-destsrc,jitter-maxnegative- src-dest,jitter-maxnegative-dest-src,delayaverage, delayaverage-src-dest,delay-average-destsrc,delaymax- src-dest,delay-max-destsrc,packet-loss,packet-out-oforder, packetlate-arrival, response-time or response-timeaverage.
[<action-type>]
The action to be taken when the monitored

variable exceeds the range. Valid: consolelogging (default), syslog or trap.
[no]
Makes the effect type as null.
Example
SR/configure/sla profile 1#
packet-out-oforder syslog
configure sla profile description

Use this command to configure description for the SLA profile.
Syntax
[no] description <name>
Variable
<name>
784
Value
This parameter specifies the description for
the SLA profile.
October 2010
configure sla profile icmp-echo
Variable
[no]
Value
Removes the description.
Example
SR/configure/sla/profile 1#
description SLA toSJ
configure sla profile icmp-echo

To calculate RTT delay, use this command to configure ICMP echo parameters.
Syntax
[no] icmp-echo <ip-address>
Variable
Value
<ip-address>
IP address of the destination system.
[no]
Removes all the icmp-echo configurations.
Example
icmp-echo 10.1.2.3
configure sla profile icmp-v6-echo

Use this command to configure ICMPv6 echo
Syntax
[no] icmp-v6-echo <ipv6-address>
Variable
Value
<ipv6-address>
IPv6 address of the destination system.
[no]
Removes all the icmp-v6-echo

configurations.
Example
icmp-v6-echo 2001::3
October 2010
785
SLA commands
configure sla profile threshold-type

Use this command to configure the threshold violation type.
Syntax
[no] threshold-type <type>
Variable
Value
<type>
Threshold type to be configured. Valid:

immediate, average, consecutive or xofy.
[no]
Makes the threshold type as null.
Example
threshold-type consecutive
configure sla profile threshold-value

Use this command to configure SLA profile threshold values.
Syntax
[no] threshold-value <value1> <value2>
Variable
Value
<value1>
Threshold Value1. Valid: 1-10000
<value2>
Threshold Value2. Valid: 1-10000
[no]
Sets the threshold values to null.
Example
786
threshold-value 200 400
October 2010
configure sla profile udp-echo
configure sla profile udp-echo

To calculate RTT for UDP packets to the destination system, use this command to configure
the IPv4 address and port number of the destination system.
Syntax
[no] udp-echo <ip-address> [port <7|50001>]
Variable
Value
<ip-address>
[port <7|50001>]
The port to which the SLA packets will be

sent. Valid: 7 or 50001. Default: 50001
[no]
Removes all the udp-echo configurations.
Example
udp-echo 10.1.2.3 port 50001
configure sla profile udp-jitter

To calculate two-way/one-way delay/jitter, use this command to configure the IPv4 address of
the destination and other related parameters.
Syntax
[no] udp-jitter <operation> <ip-addr> [port <port>] [packet-spacing
<value>] [packet-size <value>] [packet-count <value>] [periodicity
<value>] {[dscp <value>] | [ip-precedence <value>] | [tos-byte
<value>]} [ttl <value>]
Variable
Value
<operation>
The type of parameter it has to measure and

monitor. Valid: delay, jitter and packet-loss
<ip-addr>
[port <port>]
The port to which the packets have to be

sent. Valid: 7 or 50001. Default: 50001.
October 2010
787
SLA commands
Variable
Value
[packet-spacing <value>]
Time spacing between two consecutive

packets in mill seconds. Valid: 10 5000.
Default: 20
[packet-size <value>]
Size of the packet in bytes. Valid: 1 1400.

Default: 80
[packet-count <value>]
Number of packets to be sent. Valid: 1 100.

Default: 20
[periodicity <value>]
After every specified periodicity minutes the

sla will be scheduled again. Valid: 10 60.
Default: 10
[dscp <value>]
DSCP value to be marked on the packets.

Valid: 0 63. Default: 0
[ip-precedence <value>
IP-precedence to be marked. Valid: 0 7.

Default: 0
[tos-byte <value>]
ToS for the packets. Valid: 0 255. Default: 0
[ttl <value>]
Time to Live for the packet. Valid: 1 255.

Default: 64
[no]
Removes all the udp-jitter configurations.
Example
udp-jitter delay 10.12.34.5
configure sla profile udp-v6-echo

To calculate RTT delay for UDPv6 packets to the destination system, use this command to
configure the IPv6 address and port number of destination system.
Syntax
[no] udp-v6-echo <ipv6-address> [port <7|50002>]
Variable
788
Value
<ipv6-address>
[port <7|50002>]
The port to which the SLA packets will be

sent. Valid: 7 or 50002. Default: 50002
[no]
Removes all the udp-v6-echo configurations.
October 2010
configure sla profile udp-v6-jitter
Example
udp-v6-echo 2001::3
configure sla profile udp-v6-jitter

To calculate two-way/one-way delay/jitter for UDPv6 packets, use this command to configure
the IPv6 address of destination and other related parameters.
Syntax
[no] udp-v6-jitter <operation> <ipv6-addr> [port <port>] [packetspacing <value>] [packet-size <value>] [packet-count <value>]
[periodicity <value>] [tc <value>] [hop-limit <value>] [flow-label
<value>]
Variable
Value
<operation>
The type of parameter it has to measure and

monitor. Valid: delay, jitter and packet-loss
<ipv6-addr>
[port <port>]
The port to which the packets have to be

sent. Valid: 7 or 50002. Default: 50002.
[packet-spacing <value>]
Time spacing between two consecutive

packets in mill seconds. Valid: 10 5000.
Default: 20
[packet-size <value>]
Size of the packet in bytes. Valid: 1 1400.

Default: 80
[packet-count <value>]
Number of packets to be sent. Valid: 1 100.

Default: 20
[periodicity <value>]
After every specified periodicity minutes the

sla will be scheduled again. Valid: 10 60.
Default: 10
[tc <value>]
Traffic class of the IPv6 header. Valid: 0

255. Default: 0
[hop-limit <value>]
Hop limit for the IPv6 packet. Valid: 1 255.

Default: 64
[flow-label <value>]
Flow label for the packet Valid: 0 1048575.

Default: 0
[no]
Removes all the udp-v6-jitter configurations.
October 2010
789
SLA commands
Example
udp-v6-jitter delay 2001::3
configure sla schedule

Use this command to configure the SLA profile schedule.
Syntax
sla schedule <sla-profile> [life <time-inmin>] [start <time-in-min>]
Variable
Value
<sla-profile>
This parameter specifies which sla profile

has to be scheduled. Valid : 1-1000
[life <time-inmin>]
It is the time until which the sla profile will be

in Active state. Valid: 1 1440. Default value:
Forever (means SLA will be active forever till
no sla schedule command is given)..
[start <time-in-min>]
This specifies the time after which the profile

will be scheduled. Valid: 0 60. Default
value: 0.
[no]
Stop the scheduling of the SLA profile.
Example
SR/configure#
sla schedule 1 life 5 start 5
show sla profile

Use this command to show the SLA profile schedule.
Syntax
show sla profile [<1-1000>] [detail]
790
Variable
Value
[<1-1000>]
Specifies the SLA profile to display.
October 2010
show sla profile
[detail]
Displays detailed information about the SLA

profile.
Example
SR# show sla profile 100
October 2010
791
SLA commands
792
October 2010
Chapter 55: Firewall commands
clear firewall connection

Use this command to clear firewall connections.
Syntax
clear firewall connection {<ip-address>|all>}
Example
SR#
clear firewall connection 10.1.2.3
clear firewall statistics

Use this command to clear firewall statistics.
Syntax
Example
SR#
configure firewall global algs

Use this command to choose the ALGs to enable on the router.
All firewall ALGs are disabled by default.
Syntax
[no] {<alg>|enable-all | enable-typical}
October 2010
793
Firewall commands

Variable
Value
<alg>
aim enable/disable aim aimudp enable/

disable nntp cuseeme enable/disable
cuseeme dns enable/disable dns ftp enable/
disable ftp gatekeeper enable/disable
gatekeeper h323 enable/disable h323 icq
enable/disable icq ike enable/disable nntp ils
enable/disable ils ils2 enable/disable nntp irc
enable/disable irc l2tp enable/disable l2tp
msgtcp enable/disable msgtcp msgudp
enable/disable msgudp msn enable/disable
msn mszone enable/disable mszone n2p
enable/disable n2p n2pe enable/disable
n2pe netbios enable/disable nntp nntp
enable/disable nntp pcanywhere enable/
disable pcanywhere pptp enable/disable
pptp rpc enable/disable rpc rtsp554 enable/
disable rtsp rtsp7070 enable/disable
rtsp7070 sip enable/disable sip smtp enable/
disable smtp sql enable/disable sql tftp
enable/disable tftp web enable/disable web
enable-all
Enables all ALGs.
enable-typical
This option enables only a specific set of

ALGs as follows
aim
aimudp
ftp
ike
msn
pptp
rpc
rtsp554
rtsp7070
smtp
tftp
web
The remaining ALGs (tftp, gatekeeper,
msnudp, dns, n2p, pcanywhere, sql, msgtcp,
irc, n2pe, ils, cuseeme, mszone, ils2, nntp)
are in the disabled state.
794
October 2010
configure firewall global algs dns enable
Variable
[no]
Value
Disables the specified ALGs.
Example
SR/configure/firewall/global/algs#
ftp
configure firewall global algs dns enable

Use this command to enable the DNS ALG.
The DNS ALG is used when the DNS client in the untrusted side wants to access the DNS
server behind NAT in the trusted side.
A DNS client in the untrusted side sends a "DNS Standard Query" to the Secure Router. The
Secure Router receives the DNS query with the destination port 53. The Secure Router
translates the IP header based on the reverse NAT policy. When the response comes from the
DNS server (that is present in the trusted side), the Secure Router translates the header based
on the reverse NAT policy, and the DNS payload is translated from the private IP record to the
global IP record, which is taken from the DNS pool database.
A DNS client in the untrusted side sends a "DNS Reverse Query" to the Secure Router. The
Secure Router translates the IP header based on the reverse NAT policy, and the DNS payload
is translated from the global IP record to the private IP record, which were added using the
CLI. When the response comes from the DNS server (that is present in the trusted side), the
Secure Router translates the header based on the reverse NAT policy, and the DNS payload
is translated from the private IP record to the global IP record, which is taken from the DNS
pool database.
Syntax
[no] {<alg>|enable-all}
Example
SR/configure/firewall/global/algs/dns#
enable
configure firewall global algs dns pool

Use this command to specify the DNS pool for the DNS ALG.
Syntax
pool <pool-name> <private-ip> <global-ip>
October 2010
795
Firewall commands
Example
SR/configure/firewall/global/algs/dns#
10.10.10.1
pool pool1 192.168.0.1
configure firewall global algs sip-p2p-media

Use this command to configure Peer-Peer RTP media between clients in a trusted network.
Syntax
[no] sip-p2p-media
Variable
[no]
Value
Disables SIP peer-to-peer media.
Example
SR/configure/firewall global/algs#sip-p2p-media
configure firewall global bypass-trusted

Use this command to configure the firewall to bypass processing of traffic from trusted to trusted
interface.
Syntax
[no] bypass-trusted
Variable
[no]
Value
Disables bypass trusted.
Example
SR/configure/firewall/global#
bypass-trusted
configure firewall connection-reservation

Use this command to configure connection reservations.
796
October 2010
configure firewall global dos-protect
Syntax
connection-reservation {out|in} <1-29912> {<address> | <startaddress> <end-address> | <address-object> }
Variable
Value
{out | in}
out: outbound direction in: inbound direction
<1-29912>
Number of connections to reserve.
{<address> | <start-address> <endaddress> | <address-object>}
Specifies the destination address for

inbound traffic from the Internet, or the
source address for traffic that is outbound
from the trusted zone.
Example
SR/configure/firewall corp#
connection-reservation out 100 10.1.1.1
configure firewall global dos-protect

Use this command to configure global Denial of Service (DOS) protection to protect the network
against intrusion attempts such as SYN attacks, Win-nuke attacks, and IP sequence number
spoofing.
By default, all DOS protection checks are disabled except for SYN flooding, ICMP error, and
DNS replay.
Syntax
[no] <dos-protect-option>
Variable
<dos-protectoption>
Value
enable-all
Enables/disables all DOS protect checks.
dns-replayattack
Enables/disables DNS replay attack check. A DNS

replay attack occurs when an individual intercepts
traffic, analyzes the captured packets and obtains
authentication information. The individual can then
use this information to gain access to other systems
by reinserting the authenticated packets on the
Internet and replaying them. When this command is
enabled, the DNS connection limit is 2000. By default,
this option is enabled.
October 2010
797
Firewall commands
Variable
Value
ftp-bounce
Enables/disables FTP bounce check. In a bounce

attack, the hacker uploads a file to the FTP (File
Transfer Protocol) server and then requests this file to
be sent to an internal server. The file can contain
malicious software that destroys data, or it can contain
a simple script that executes instructions on the
internal server that uses up all the memory and CPU
resources. By default, this option is disabled.
icmp-error
Enables/disables ICMP error check. The icmp-error

attacks target ICMP (Internet Control Message
Protocol) error reporting system. By constructing
packets that generate ICMP error responses, an
attacker can overwhelm a servers incoming network
and cause the server to overwhelm its outgoing
network with ICMP responses. By default, this option
is enabled.
ip-unalignedtimestamp
Enables/disables IP unaligned timestamp. Provides

support for an unaligned IP timestamp check. Some
operating systems crash if they receive a frame with
the IP timestamp option not aligned on a 32-bit
boundary. By default, this option is disabled.
mime-flood
Enables/disables MIME flood check. The MIME

(Multipurpose Internet Mail Extensions) flood attack is
possible on a web server. Here the attacker keeps
sending numerous request headers of extremely long
lengths to the target web server. Over time (and with
enough headers), remote attackers can crash the web
server or consume massive CPU resources, memory,
and so on. By default, this option is disabled.
source-routing
Enables/disables source routing check. After enabling

source routing check, the firewall filters out all the
datagrams with the strict or loose source routing
option enabled. By default, this option is disabled.
syn-flooding
Enables/disables syn flooding check. This option

protects the Secure Router from syn-flooding attacks.
By default, this option is enabled.
tcp-seq-number- Enable/disables TCP sequence number check.

predict
Prevents attempts to predict IP sequence numbers. If
an attacker can predict the initial sequence number in
the TCP (Transport Control Protocol) handshake, the
attacker may be able to hijack the TCP session. This
option randomizes the TCP ISNs (Initial Sequence
Number) going through the firewall. By default, this
option is disabled.
798
October 2010
configure firewall global hairpinning-self-Ip
Variable
Value
tcp-seq-number- Enables/disables TCP sequence number range. An
range <20000 attacker can attempt to replay a captured packet
through the firewall by brut-force and thus consume
2147483647>
the bandwidth as well as the resources of the target
CPU. With this check turned on, the firewall allows
only those packets that have sequence numbers in a
configured range from the last acknowledgement
seen on the connection. The range can be configured
with value between 20000 and 2147483647. By
default, this option is disabled.
win-nuke
Enables/disables Win-nuke check. The Win-nuke

attack sends out-of-band data to an IP address of a
Windows machine connected to a network and/or
Internet. By default, this option is disabled.
Example
SR/configure/firewall/global/dos-protect#
win-nuke
configure firewall global hairpinning-self-Ip

Use this command to enable hairpinning. If you enable hairpinng, you disable self-IP
connections. If you disable hairpinning, self-IP connections are allowed.
Syntax
[no] hairpinning-SelfIp
Variable
[no]
Value
Disables hairpinning.
Example
hairpinning-SelfIp
configure firewall global object address

Use this command to assign an object name to an individual IP address or range of IP
addresses.
October 2010
799
Firewall commands
Syntax
[no] address <object-name> [<start-ipaddr> <end-ipaddr> | <ipaddr>
<prefix-len>]
Variable
Value
[no]
Deletes the IP address object name.
<object-name>
Specifies an object name for an IP address or range of IP

addresses.
<start-ipaddr>
Specifies the first IP address in a range of addresses.
<end-ipaddr>
Specifies the last IP address in a range of addresses.
<ipaddr> <prefix-len>
Specifies an IP address subnet.
Example
SR/configure/firewall global/object#address branchoffice 10.10.10.2
10.10.10.15
configure firewall interface

Use this command to add one or more interfaces to a map. Up to 32 interfaces can be added to
one zone, with a maximum of five interfaces specified at one time.
Syntax
[no] interface <interface-name>
Variable
Value
<interface-name>
The interface can be specified as one of the

following: ethernet<slot/port> <bundlename> <bundle-name>:<pvc-number> Up
to five interfaces, separated by spaces, can
be listed at once.
[no]
Removes the specified interfaces from the

zone.
Example
800
interface wan1
October 2010
configure firewall internet policy self nat-ip
configure firewall internet policy self nat-ip

Use this command to configure a self firewall policy with NAT.
Self-NAT allows the traffic generated from routers to be translated from a private IP address
to a public IP address. You can use self-NAT to bind the Media Gateway and SSM to private
IP addresses and handle the SIP ALG translation using a forward-NAT scenario.
Syntax
policy <1 - 1024> <out | in> self nat-ip <untrusted-interface>
Variable
Value
[no]
Disables ??
<1 - 1024>
Specifies the map priority, and also uniquely

identifies the map.
<out | in>

policy is applied.
self
Specifies a self firewall policy.
nat-ip <untrusted-interface>
Specifies the IP address or interface to use

for NAT translation. Can be ethernet <slot/
port>, intf-name, intf-name:pvc-num.
Example
SRSR/configure/firewall internet#policy 10 out self nat-ip 10.1.1.1
24
configure firewall global ip-reassembly enable

Use this command to enable or disable IP packet reassembly. By default, IP reassembly is
enabled.
IP allows packets to be split in transit and reassembled on delivery. This allows longer packets
to be routed through intermediate networks that have rules limiting packets to lengths smaller
than the routed packet. The oversized packet can be broken up into pieces small enough to
pass. The IP reassembly feature allow the split packets to be reassembled upon delivery.
Syntax
[no] enable
October 2010
801
Firewall commands

Variable
[no]
Value
Disables IP reassembly.
Example
SR/configure/firewall/global/ip-reassembly#
enable
configure firewall global ip-reassembly fragment-count

Use this command to specify the IP reassembly fragment count to control the maximum
number of fragments allowed per IP packet. This value limits the number of fragments into
which a packet can be fragmented.
Syntax
fragment-count <1 - 214748364>
Variable
<1 - 214748364>
Value
Specifies the maximum number of fragments
allowed per IP packet. Default value: 44.
Example
fragment-count 50
configure firewall global ip-reassembly fragment-size

Use this command to specify the maximum allowable fragment size of the IP packet.
Syntax
fragment-size <1 - 65535>
Variable
<1 - 65535>
Value
Fragment header length. Default value: 28.
Example
802
fragment-size 56
October 2010
configure firewall global ip-reassembly packet-size
configure firewall global ip-reassembly packet-size

Use this command to set the maximum size of the IP packet for IP reassembly.
Syntax
packet-size <1 - 65535>
Variable
<1 - 65535>
Value
Specifies the size of the IP packet for
reassembly. Default value: 65535.
Example
packet-size 1000
configure firewall global ip-reassembly timeout

Use this command to specify the maximum allowable fragment size of the IP packet.
Syntax
timeout <11-120>
Variable
<11-120>
Value
Time value in seconds (default: 60)
Example
timeout 90
configure firewall global logging attacks

Use this command to configure a threshold for logging attacks to control the recording of attack
logs. Whenever the number of attacks reaches the configured threshold value, a log message
is generated. By default, logged information is written to console. If a syslog server is
configured, the log information is directed to the syslog server and the console.
October 2010
803
Firewall commands
Syntax
attacks <1-2147483647>
Variable
<1-2147483647>
Value
Number of attacks logging events (default:
100)
Example
SR/configure/firewall/global/logging#
attacks 125
configure firewall global logging policy

Use this command to configure the access policy logging threshold to control the recording of
policy logs. The threshold for policy-based logging defines the number of events against an
access policy that are required to generate a log message. By default, logged information is
written to the console. If a syslog server is configured, the log information is directed to the
syslog server and the console.
Syntax
policy <1-2147483647>
Variable
<1-2147483647>
Value
Specifies the events threshold for policy
logging. Default value: 1.
Example
policy 3
configure firewall global logging vpn

Use this command to configure the VPN logging threshold to control the recording of VPN logs.
When the VPN log reaches the configured threshold value (default is 100 events), a log is
created. By default, logged information is written to console. If a syslog server is configured,
the log information is directed to the syslog server and the console.
Syntax
vpn <1-2147483647>
804
October 2010
configure firewall global max-connection-limit

Variable
<1-2147483647>
Value
Specifies the events threshold for VPN
logging. Default value:100.
Example
vpn 125
configure firewall global max-connection-limit

Use this command to configure the maximum number of allowed global connections through
the firewall.
Syntax
max-connection-limit { self | int2self | <map-name> } <1-29912>
Variable
Value
<1-29912>
Specifies the number of allowed

connections.
self
Global self connections.
int2self
Global connections from internet to self.
<map-name>
Specifies the name of a map to configure with

maximum allowed connections.
Example
max-connection-limit map1 5000
configure firewall global nat-failover

Use this command to configure NAT failover to allow a primary interface (for example, T1 WAN
bundle) using PAT to failover to a backup interface (for example, PPPoE or ISDN). In this case,
when the primary interface is up, packets going out through the interface are translated using
the IP address of the primary interface. When the primary interface goes down, the IP address
of the backup interface is used for the translations, and the stale firewall connections are
flushed.
October 2010
805
Firewall commands
Syntax
nat-failover <primary-interface-name> <secondary-interface-name>
Example
nat-failover wan1 pppoe1
configure firewall object

Use this command to assign a set of policy parameters to an object entity, which you can then
apply to one or more policies. The ability to differentiate and name different sets of parameters
can make your policies easier to write and, when applied, understand.
You can configure objects globally or for a specific firewall zone. When configured globally,
configured objects can be applied to any number of policies in any map. When configured for a
specific map, the object is available for that map only.
Syntax
[no] [address <object-name> <ipaddress>] [ftp-filter <object-name>
{permit | deny | log} <ftp-commands>] [http-filter <object-name>
{deny | log} <web-extensions> [nat-pool <object-name> {static |
dynamic | pat} <NAT-startip> <NAT-endip>] [rpc-filter <object-name>
{permit | deny | log} <rpc-numbers>] [schedule <object-name> [weekday <start-day> <end-day>] [start-time <hour> <minutes>] [end-time
<hour> <minutes>] ] [service <object-name> {tcp | udp} <port>] [smtpfilter <object-name> {permit | deny | log} <smtp-commands>]
Variable
[address <object-name> <ipaddress>]
Value
IP address object. Can be specified as
<start-address> <end-address> or
<address> <prefix-len>
[ftp-filter <object-name> {permit | deny | log} List of FTP commands to permit (for
<ftp-commands>]
example: put, get, ls, mkdir, cd, pasv).
Creates an FTP application filter object.
[http-filter <object-name> {deny | log} <web- List of web extensions to deny (for example,
extensions>]
java, activex, jar, *.url extension)
[nat-pool <object-name> {static | dynamic |
pat} <NAT-startip> <NAT-endip>]
Specifies the start IP and end IP for NAT, in

the form A.B.C.D or by specifying the
address object name.
[rpc-filter <object-name> {permit | deny | log} List of RPC numbers to permit or deny. The
<rpc-numbers>]
RPC allow filter allows only the listed
program numbers and denies the others. An
806
October 2010
configure firewall policy
Variable
Value
RPC deny filter denies only the listed
programs and allows the others.
[week-day <start-day> <end-day>]
Specifies the days of the week for the

schedule. Can be sun, mon, tue, wed, thu, fri,
or sat. For example mon tue.
[start-time <hour> <minutes>]
Activation time on each specified day.
[end-time <hour> <minutes>]
Deactivation time on each specified day.
[service <object-name> {tcp | udp} <port>]
TCP or UDP port. Can be specified as <startport> <end-port> or <port>.
[smtp-filter <object-name> {permit | deny |

log} <smtp-commands>]
List of SMTP commands to permit or deny

(for example, helo, mail, rcpt, data, quit,
send, saml, rset, verfy, expn).
Example
SR/configure/firewall/global/object#
*.gif *.jpg
http-filter httpdeny deny java
configure firewall policy

Use this command to configure firewall policies for a specific map. The maximum number of
policies for each map is 1024.
Syntax
[no] policy <1-1024> {out|in} action {permit | deny | reject}
[address <ipaddress> ] [service <service-name> ] [protocol <protocolvalue> ] [port <port-value> ] [traffic {transit | self} ] [nat-ip
<nat-ip-value> ] [port-map <port-map-value> ] [log {enable-log |
disable-log}]
Variable
Value
<1-1024>
Specifies the map priority, and also uniquely

identifies the map.
{out|in}

policy is applied.
{permit | deny | reject}
Specifies the action of the policy. If none is

specified, the default action is permit.
[address <ipaddress>]
IP address. Can be specified as <src-ip>

<prefix-len> <dst-ip> <prefix-len> OR <src-
October 2010
807
Firewall commands
Variable
Value
start> <src-end> <dst-start> <dst-end> OR
<src-object> <dst-object>
[service <service-name>]
Service name, or any to specify any service.
Can be one of the following: tcp udp icmp ah

esp gre any
[port <port-value>]
Can be specified as <src-start> <src-end>

<dst-start> <dst-end> OR <src-port> <dstport>
[traffic {transit | self}]
Type of traffic, either transit or self. Default is

transit.
[nat-ip <nat-ip-value>]
Specifies the IP address or interface to use

for NAT translation. Can be ethernet<slot/
port>, intf-name, intf-name:pvc-num
[port-map <port-map-value>]
Port to application mapping (pam) for

reverse NAT IP only. Can be specified as
<start-port> <end-port> or <port>.
[log {enable-log | disable-log}]
Enable or disable logging.
[no]
Deletes the specified policy from the map.
Example
address 10.1.1.1 24 any any
policy 2 out action permit protocol tcp
This example adds a transit policy to permit TCP traffic from 10.1.1.1 with prefix-len 24 to any IP
address.
configure firewall policy apply-object

Use this command to apply pre-configured objects to a policy.
Syntax
apply-object <object-type> <object-name>
Variable
808
Value
<object-type>
Specifies the object type. Valid options are:

ftp-filter http-filter smtp-filter rpc-filter
schedule nat-pool
<object-name>
Specifies the object name.
October 2010
configure firewall policy bandwidth
Example
SR/configure/firewall corp/policy 10 out#
ftpout10
apply-object ftp-filter
configure firewall policy bandwidth

Use this command to specify the maximum allowed bandwidth for the policy in kilobytes per
second. By default, this feature is disabled.
Syntax
[no] bandwidth <1-4194303>
Variable
Value
<1-4194303>
Specifies the maximum bandwidth in

kilobytes per second.
[no]
Disables the bandwidth-limiting feature for

this policy (disabled by default).
Example
bandwidth 100
configure firewall policy connection-rate

Use this command to specify the maximum number of connections for a given policy in a
particular time.
Syntax
[no] connection-rate <1-38160> [<sample-time>]
Variable
Value
<1-38160>
Specifies the maximum number of

connections.
[no]
Disables the feature.
[<sample-time>]
Specifies the sample time in seconds. Valid

range is 1-36000. If not specified, the default
value is used (1 second).
October 2010
809
Firewall commands
Example
connection-rate 500 1
configure firewall policy enable

Use this command to enable or disable the policy. By default, the policy is enabled.
Syntax
[no] enable
Variable
[no]
Value
Disables the policy.
Example
enable
configure firewall policy max-connection-limit

Use this command to specify the maximum number of connections for a given policy at any
given time.
Syntax
[no] max-connection-limit <1-29912>
Variable
Value
<1-29912>

connections for the policy.
no
Resets the number of connections to the

default value, which is the maximum number
of connections for the current map.
Example
810
max-connection-limit 600
October 2010
configure firewall policy policing
configure firewall policy policing

Use this command to configure policing to control the maximum flow rate for a given policy in
packets per second. By default, this feature is disabled.
Syntax
[no] policing <1-2147483647>
Variable
Value
<1-2147483647>
Specifies the maximum number of packets

per second.
[no]
Disables the policing feature. (By default, this

feature is disabled.)
Example
policing 20000
configure firewall global port-trigger

Use this command to configure a port trigger record.
Port triggering lets you define an application-specific customized firewall policy. This feature
lets you configure forward or reverse conduits through the firewall that are opened when the
trigger application is launched.
Port triggering can be understood as a manual ALG. If an application that is not currently
supported by an ALG needs to open port x to function, port-triggering allows you to open the
desired port so long as the application is running.
The trigger application is defined by the trigger IP address, protocol and port, and the conduit is
defined by a combination of transport protocol and port number.
Syntax
[no] port-trigger <record-name> {port <start-port> <end-port>}
[protocol {tcp | udp}] [address <src-ip>] { {forward-direction |
reverse-direction} {tcp | udp} <start-port> <end-port>} [timeout
<timeout>] [status {enable | disable}]
October 2010
811
Firewall commands

Variable
Value
<record-name>
Port trigger record name.
port {<start-port> <end-port>}
Port trigger ports.
[protocol {tcp | udp}]
Port trigger protocol. Default is TCP.
[address <src-ip>]
Source IP adddress for port-trigger. Enter a

valid IP address, or any. Default is any.
{ {forward-direction | reverse-direction} {tcp | Specifies the protocol (TCP or UDP) and the
udp} <start-port> <end-port>}
port numbers (start and end port) to open in
the same direction (forward-direction) or
opposite direction (reverse-direction) as the
established control connection.
[timeout <timeout>]
Port trigger timeout. Default: 600
[status {enable | disable}]
Enables or disables same-direction or

reverse-direction conduits through the
firewall. (default: enable)
Example
SR/configure/firewall/global# port-trigger app1 proto tcp port 3001
address 10.1.1.1 reverse-direction udp 6000 6020
configure firewall global proxy-nat

Use this command to enable Proxy NAT. Proxy NAT allows SIP trunking to function behind a
NAT. With Proxy NAT enabled, the SIP ALG can perform multiple translations within a single
packet. The ALG performs a Static NAT translation for the SIP header, and a NAPT translation
for the SIP message body (SDP). This results in a single firewall connection between the two
call servers on port 5060, for all SIP signaling, and multiple RTP connections for media traffic
between the phones.
Syntax
proxy-nat <A.B.C.D>
Example
812
proxy-nat 10.1.2.3
October 2010
configure firewall reset-invalid-acks
configure firewall reset-invalid-acks

Use this command to enable the sending of a reset when the firewall detects an invalid ACK
packet. You can configure this feature globally or for a specific firewall zone.
Syntax
[no] reset-invalid-acks
Variable
Value
[no]
Disables reset-invalid-acks.
Example
SR/configure/firewall/map1#
reset-invalid-acks
configure firewall stealth-mode

Use this command to enable stealth mode on the firewall to stop the sending of TCP reset
packets when there is no corresponding matching policy for an incoming packet. You can
configure this option either globally or for a specific firewall zone.
By default, this feature is disabled.
Syntax
[no] stealth-mode [<map-name>]
Variable
Value
[<map-name>]
Specifies the map name.
[no]
Disables stealth mode.
Example
SR/configure/firewall/map1#
stealth-mode
October 2010
813
Firewall commands
configure firewall global timeout general

Use this command to set the default timeout values for protocols like TCP, UDP, ICMP, FTP
and DNS.
Syntax
general {tcp | udp | tcp-reset | icmp | ftp-inactivity | dnsinactivity} <0-65535>
Variable
Value
0-65535
Specifies the timeout in seconds.
{tcp | udp | tcp-reset | icmp | ftp-inactivity |

dns-inactivity}
tcp: Specifies the Transport Control Protocol

timeout. udp: Specifies the User Datagram
Protocol timeout. tcp-reset: Specifies the
Transport Control Protocol reset timeout.
icmp: Specifies the Internet Control Message
Protocol timeout.t ftp-inactivity: Specifies
how long the File Transport Protocol waits for
a response before timing out. dns-inactivity:
Specifies how long the Domain Name
Service waits for a response before timeout.
Example
SR/configure/firewall/global/timeout#
general tcp 900
configure firewall global timeout service

Use this command to configure a timeout for a service record.
Syntax
service <service-name> {tcp | udp} <port-number> <0-65535>
Variable
814
Value
service-name
Specifies the name of the service.
0-65535
Specifies the timeout in seconds.
{tcp | udp }
tcp: TCP timeout udp: UDP timeout
October 2010
configure firewall global url-key-filter
Variable
port-number
Value
Specifies the TCP or UDP port number.
Example
SR/configure/firewall/global/timeout#
service test udp 4444 600
configure firewall global url-key-filter

Use this command to configure global URL key filters to filter web access for out bound
connections, based on the key words. You can filter up to 20 key words at a time.
Syntax
[no] url-key-filter <key-names>
Variable
Value
<key-names>
The list of word strings, separated by a

space. The maximum list size is 20 words.
[no]
Removes the specified key word string.
Example
url-key-filter games movies
configure system security firewall-disable

Use this command to allow IPSec VPN to be configured without a firewall.
Syntax
[no] system security firewall-disable
Example
SR/configure#system security firewall-disable
show firewall
Use this command to display firewall configuration information.
October 2010
815
Firewall commands
Syntax
show firewall algs attack-checks bypass-trusted connectionreservation <map-name> [statistics] connections <map-name> [address
<A.B.C.D>] [port <port>] [protocol <protocol>] [summary] hairpinning
interface <map-name> ip-reassembly logging maps max-connection-limit
<map-name> nat-failover nat-translations <map-name> [address
<A.B.C.D>] [port <port>] [protocol <protocol>] object <object-type>
{<map-name> | global} <object-name> policy <map-name> [priority
<1-1024>] [statistics] [detail] port-trigger <port-trigger-name>
proxy-nat reset-invalid-acks statistics stealth-mode timeout [general
| <service-name>] url-key-filter
Example
SR#
show firewall algs
show firewall dns-alg translate-pool

Use this command to the DNS ALG configuration.
Syntax
show firewall dns-alg translate-pool [<pool-name>]
Example
SR#
816
show firewall dns-alg translate-pool
October 2010
Chapter 56: Packet filter commands
clear ip packet-filter counters

Use this command to clear the IPv4 packet filter counters.
Syntax
clear ip packet-filter counters {packet-filter-list-name | all}
Example
SR# clear ip packet-filter counters ipfilter1
clear ip packet-filter statistics

Use this command to clear the IPv4 packet filter statistics for an interface.
Syntax
clear ip packet-filter statistics {<ethernet> | <bundle-name> |
<bundle-name:pvc_no> | management | all}
Example
SR#
clear ip packet-filter statistics ethernet0/3
clear ipv6 packet-filter counters

Use this command to clear the IPv6 packet filter counters.
Syntax
clear ipv6 packet-filter counters {<packet-filter-list-name> | all}
Example
SR#
clear ipv6 packet-filter ipv6filter1
October 2010
817
Packet filter commands
clear ipv6 packet-filter statistics

Use this command to clear the IPv6 packet filter statistics for an interface.
Syntax
clear ipv6 packet-filter statistics {<ethernet> | <bundle-name> |
management | all}
Example
SR#
clear ipv6 packet-filter statistics ethernet0/3
configure ip packet-filter
Use this command to configure the IPv4 packet filter.
Syntax
ip packet-filter <packet-filter-name>
Variable
Value
<packet-filter-name>
name of the packet filter.
Example
SR/configure#
ip packet-filter ipfilter1
configure ip packet-filter delete

Use this command to delete rule from the IPv4 packet filter.
Syntax
delete <1-65535>
Example
SR/configure/ ip/packet-filter ipfilter1#
818
delete 1
October 2010
configure ipv6 packet-filter
configure ipv6 packet-filter

Use this command to configure the IPv6 packet filter.
Syntax
configure ipv6 packet-filter <packet-filter-name>
Variable
Value
Example
SR/configure#
ipv6 packet-filter ipv6filter1
configure ip packet-filter add|insert

Use this command to add an IPv4 packet filter rule to the rule list or insert an IPv4 packet filter
rule at a specific line number in the rule list.
Syntax
[no] {add | insert <line-no>} {permit | deny} {tcp | udp | icmp | ip
| igmp | <0-255>} <src-address> <dst-address> [sport <src-port>]
[dport <dst-port>] [icmptype <icmp-type>] [icmpcode <icmp-code>]
[igmptype <igmp-type>] [precedence <0-7] [tos <0-15>] [dscp <dscpvalue>] [flags <tcp-flags>] [fragments <on|off>] [log {on|off}]
[expire <expiry-time>]
Variable
Value
add
Adds an IPv4 packet-filter rule to the rule list.
insert <line-no>
Inserts an IPv4 packet filter rule at a specific

line number in the rule list
{permit | deny}
Specifies the action to perform when a

packet matches the filter rule: permit: allow
the packet to cross the filter deny: drop the
packet
{tcp | udp | icmp | ip | igmp | <0-255>}
Specifies the name or number of an Internet

protocol. This can be one of the key words
October 2010
819
(TCP, UDP, ICMP, IGMP, or IP), or an integer

in the range 0 - 255 representing an IP
protocol number. To match any Internet
protocol, including ICMP, TCP, and UDP, use
the keyword IP.
<src-address>
Specifies the source host or network

address, in format <A.B.C.D>. Or, enter any
to specify a source address/wildcard of
0.0.0.0/32.
<dst-address>
Destination host or network address. Or,

enter any to specify a destination address/
wildcard of 0.0.0.0/32.
[sport <src-port>] [dport <dst-port>]
Optional entry for TCP and UDP protocols;

allows the source or destination port to be
filtered. =p: Specifies port number p, where
p is 1- 65535. !=p: Excludes port p. >p:
Specifies any port number greater than p
>=p: Specifies any port number greater than
or equal to p <p: Specifies any port number
less than p <=p: Specifies any port number
less than or equal to p p1-p2: Specifies any
port number within the range p1 - p2
[icmptype <icmp-type>]
Optional numeric entry for ICMP protocol,

allowing the ICMP message type to be
filtered (optional, range is 0 - 255).
[icmpcode <icmp-code>]
Optional numeric entry for ICMP protocol,

allowing the ICMP message code to be
filtered, if specified along with a message
type. The range is 0 - 255.
[igmptype <igmp-type>]
Specifies the IGMP type. Values include:

group-query
v1report
dvmrp
pim
trace
v2report
v2leave
mtrace-response
mtrace
v3report
mra
820
October 2010
configure ipv6 packet-filter delete
mrs
mrt or 012
[precedence <0-7]
Specifies the IP precedence. Values range

from 0 to 7.
[tos <0-15>]
Specifies the IP type of service. Values range

from 0 to 15.
[dscp <dscp-value>]
IP DSCP value. Range is 0-63.
[flags <tcp-flags>]
Allows TCP flags to be filtered (optional).You

can specify multiple TCP flags by separating
the above keywords with commas (no
spaces allowed). This entry may be any of
the following words: established Used to
match an established connection (Ciscocompatible). fin Matches the TCP FIN
header flag. syn Matches the TCP SYN
header flag. ack Matches the TCP ACK
header flag. psh Matches the TCP PSH
header flag. rst Matches the TCP RST
header flag. urg Matches the TCP URG
header flag.
[fragments <on|off>]
Specifies non initial IP fragments.
[log {on|off}]
Allows a logging message to be reported to

the user when a rule match occurs (optional).
on: Turns on logging of matching packets.
off: Turns off logging the matching packet off
(default)
[expire <expiry-time>]
Specifies the rule expiry time in seconds
[no]
Removes the specified packet filter.
Example
SR/configure/ ip/packet-filter ipfilter1# add permit tcp 10.1.1.1
10.2.1.1
configure ipv6 packet-filter delete

Use this command to delete rules from the IPv6 packet filter.
Syntax
delete <1-65535>
October 2010
821
Example
SR/configure/ipv6/packet-filter ipv6filter1#
delete 1
configure mac packet-filter

Use this command to configure MAC packet filter.
Syntax
mac packet-filter <packet-filter-name>
Variable
Value
Example
SR/configure#
mac packet-filter macfilter1
configure mac packet-filter add|insert

Use this command to add an L2 rule to a MAC packet filter rule list or insert an L2 rule at a
specific line number in a MAC packet filter rule list.
Syntax
[no] {add | insert <line-no>} {permit | deny} {<src-mac> <dst-mac>}
[smask <src-mask>] [dmask <dst-mask>] [ethertype <ether-type>] [cos
<cos-value>] [vlan <vlan-id>]
822
Variable
Value
add
Adds an L2 rule to a MAC packet filter rule

list.
insert <line-no>
Inserts an L2 rule at a specific line number in

a MAC packet filter rule list.
{permit | deny}
Specifies the action to perform when a

packet matches the filter rule: permit: allow
the packet to cross the filter deny: drop the
packet
<src-mac>
Source MAC address.
October 2010
configure mac packet-filter delete
<dst-mac>
Destination MAC address.
[smask <src-mask>]
Specifies MAC source mask.
[dmask <dst-mask>]
Specifies MAC destination mask.
[ethertype <ether-type>]
Specifies the Ethernet type: arp, mpls, aarp,

ppp or Ethernet type value in hex.
[cos <cos-value>]
CoS value. Range is 0-7.
[vlan <vlan-id>]
Specifies the VLAN ID. Range is 1-4000.
[no]
Removes the specified packet filter.
Example
SR/configure/mac/packet-filter macfilter1# add deny 0000.4700.0011
any smask ffff.ffff.ffff
configure mac packet-filter delete

Use this command to delete rules from the MAC packet filter.
Syntax
delete <1-65535>
Example
SR/configure/mac/packet-filter macfilter1#
delete 1
configure packet-filter-group
Use this command to apply a packet filter to an interface. With WAN modules and chassis
Ethernet ports, you can apply one IPv4 and one IPv6 packet filter to an interface in either
direction (you cannot enable the IPv4 packet filter and the firewall on the same interface). With
Ethernet module interfaces, you can apply one IPv4, one IPv6, and one MAC packet filter in
the inbound direction only (no restrictions related to firewalls apply).
Syntax
packet-filter-group <interface-name> [in | out] {[mac <mac-packetfilter>] | [ip <ip-packet-filter>] | [ipv6 <ipv6-packet-filter>]}
Example
SR/configure#
packet-filter-group ethernet0/3 in ipv6 ipv6filter1
October 2010
823
configure packet-filter-group management

Use this command to apply a management service packet filter globally on a Secure Router.
Prerequisites
Configure an IPv4, IPv6, or Mac packet filter.
Configure a rule list for the packet filter.
Syntax
[no] packet-filter-group management [in | out] [ip <packet-filtername> | ipv6 <packet-filter-name>]
Variable
Value
[in | out]
Applies the management service packet filter to inbound (in)

or local outbound (out) packets.
You can apply an individual management service packet filter
to both inbound and outbound traffic.
ip <packet-filter-name>
Specifies the IPv4 management service packet filter to apply.
ipv6 < packet-filter-name>
Specifies an IPv6 management service packet filter to apply.
mac < packet-filter-name>
Specifies a Mac management service packet filter to apply.
Example
SR/configure#packet-filter-group management in ip pfilter1
show ip packet-filter
Use this command to show IPv4 packet filter rules.
Syntax
show ip packet-filter {<packet-filter-name> | all}
Example
SR# show ip packet-filter all
824
October 2010
show ipv6 packet-filter
show ipv6 packet-filter

Use this command to show IPv6 packet filter rules.
Syntax
show ipv6 packet-filter {<packet-filter-name> | all}
Example
SR# show ipv6 packet-filter all
show mac packet-filter

Use this command to show MAC packet filter rules.
Syntax
show mac packet-filter {<packet-filter-name> | all}
Example
SR# show mac packet-filter all
show packet-filter-rules management

Use this command to display configuration information for global management service packet
filters.
Syntax
show packet-filter-rules management
Example
SR#show packet-filter-rules management
show ip packet-filter-stats management

Use this command to display statistical information for IPv4 management service packet filters.
October 2010
825
Syntax
show ip packet-filter-stats management
Example
SR#show ip packet-filter-stats management
show ipv6 packet-filter-stats management

Use this command to display statistical information for IPv6 management service packet filters.
Syntax
show ipv6 packet-filter-stats management
Example
SR#show ipv6 packet-filter-stats management
826
October 2010
Chapter 57: IPsec VPN commands
clear crypto ca certificates

Use this command to delete the CA certificate
Syntax
clear crypto ca certificates ca-name <ca-name> serialnumber <serialnumber>
Example
SR# clear ca certificates ca-name myCA serialnumber serialno
clear crypto ca crl

Use this command to delete the CRL.
Syntax
clear crypto ca crl <ca-name>
Example
SR# clear crypto ca crl myCA
clear crypto ca key

Use this command to delete the private key.
Syntax
clear crypto ca key <key-id>
Example
SR# clear crypto ca key key1
October 2010
827
IPsec VPN commands
clear crypto ike sa

Use this command to clear IKE SA information.
Syntax
clear crypto ike sa {<policy-name> | all}
Example
SR# clear crypto ike sa all
clear crypto ipsec sa

Use this command to clear IPsec SA information,
Syntax
clear crypto ipsec sa {<policy-name> | all}
Example
SR# clear crypto ipsec sa all
clear crypto statistics

Use this command to clear IPsec statistics.
Syntax
clear crypto statistics
Example
SR# clear crypto statistics
configure crypto bypass-trusted-self

Use this command to enable or disable the bypassing of VPN processing for traffic between
the local Secure Router and a trusted peer router interface.
828
October 2010
configure crypto ca authenticate
Syntax
[no] bypass-trusted-self
Variable
[no]
Value
Disables the bypassing of VPN processing
for traffic between the local Secure Router
and a trusted peer router interface.
Example
SR/configure/crypto#bypass-trusted-self
Note:
An alternative to the bypass-trusted-self command is to configure an appropriate
IPsec VPN bypass policy. For information about configuring an IPsec VPN bypass policy,
see configure crypto ipsec policy bypass match address on page 876.
configure crypto ca authenticate

Use this command to authenticate the certificate authority and import the CA certificate.
Importing CA certificate varies depending on the configured enrollment method (terminal or
SCEP).
If the enrollment method is SCEP, the system imports the digital certificate of the CA using the
SCEP protocol. And if the enrollment method is terminal, the system prompts you to paste the
certificate obtained from the CA.
In order to authenticate the CA, you should verify the fingerprint of the imported certificate with
the actual fingerprint of the CA obtained through any out-of-band mechanism.
Syntax
ca authenticate <ca-name>
Example
SR/configure/crypto# ca authenticate ms2003
If SCEP enrollment, the system imports the digital certificate of the CA using SCEP. If manual
enrollment is specified, the system prompts you to enter the certificate.
configure crypto ca crl request

Use this command to request the Certificate revocation list (CRL) from the CA.
October 2010
829
IPsec VPN commands
If you have configured the LDAP client parameters (crl query <url-with-ldap://>)
the LDAP client is used to obtain the CRL. The LDAP client supports periodic downloads of
the CRL using the next update time as specified by the CA in the CRL.
If the LDAP client parameters are not configured, and the SCEP URL is configured, the CRL
is obtained using the SCEP client. However, the SCEP client does not support the periodic
download of CRLs.
If the enrollment mode is set to terminal, the system prompts you to paste the obtained CRL.
Syntax
request <ca-server-name>
Example
SR/configure/crypto/ca/crl#
request ms2003
configure crypto ca enroll

Use this command to generate a certificate request for enrollment with the certificate authority.
This command interactively collects the certificate information from the user, generates the
private and public keys, and generates the certificate request in the required format. The
generated certificate request is submitted to the CA through the configured enrollment method.
If the configured enrollment method is SCEP, then, the certificate request is automatically
submitted to the CA. If the enrollment method is manual, the certificate request is printed on
the standard output in the required format.
Syntax
ca enroll <ca-name>
Example
SR/configure/crypto#
ca enroll ms2003
configure crypto ca import responder-certificate

Use this command to manually import the OCSP Responder certificate into the router using
the cut and paste method. This procedure is optional and is used only if the OCSP Responder
does not send the responder certificate along with the certificate status information. To delete
the responder certificate, use the no form of the command.
Syntax
[no] responder-certificate
830
October 2010
configure crypto ca import router-certificate
Example
SR/configure/crypto/ca/import ms2003# [no] responder-certificate
The system prompts you to enter the certificate.
configure crypto ca import router-certificate

If you are not using SCEP to import certificates, you can use this command to manually import
the router certificate into the router using the cut and paste method.
Syntax
router-certificate
Example
SR/configure/crypto/ca/import ms2003#
router-certificate
The system prompts you to enter the certificate.
configure crypto ca trustpoint crl

Use this command to configure the LDAP server URL to retrieve the CRL (certificate revocation
list) from the directory database server. The LDAP client supports periodic downloads of the
CRL using the next update time as specified by the CA in the CRL.
If the LDAP server URL is not configured, the CRL is retrieved through SCEP or using the
manual (cut and paste) method.
Syntax
crl query <url-with-ldap://>
Variable
<url-with-ldap://>
Value
Specifies a complete URL (with ldap://)
Example
SR/configure/crypto/ca/trustpoint trust1#
192.168.114.3:389/o=avaya,c=us
crl query
October 2010
831
IPsec VPN commands
configure crypto ca trustpoint email

Use this command to specify the email address (user fully qualified domain name) as the
subjectAltName that is used in the certificate request. To clear the email address from the
configuration, use the no form of the command.
Syntax
[no] email <email-address>
Example
jimsmail@avaya.com
configure crypto ca trustpoint enrollment

Use this command to configure the certificate enrollment method.
To modify a pre-configured enrollment method for a trustpoint, you must delete the trustpoint
and reconfigure it for the new enrollment method.
Syntax
enrollment {terminal | url <url> }
Variable
Value
url <url>
Specifies the SCEP server URL through

which the Certificate Authority can be
accessed for submitting certificate requests
or retrieving the approved certificates
through SCEP. Specify the complete URL
(with http://), including the cgi path and
server port number, if any.
terminal
Specifies cut and paste mode for enrollment.
Example
832
October 2010
configure crypto ca trustpoint fqdn
configure crypto ca trustpoint fqdn

Use this command to specify the fully qualified domain name as the subjectAltName to be used
in the certificate request. To clear the FQDN from the configuration, use the no form of the
command.
Syntax
[no] fqdn <fqdn>
Example
fqdn avaya.com
configure crypto ca trustpoint ip-address

Specify the IP address as the subjectAltName to be used in the certificate request. To clear
the IP address from the configuration, use the no form of the command.
In addition to the subject name, the certificate can support a SubjectAltName as an alternate
means of identifying the router.
Syntax
[no] ip-address <A.B.C.D>
Example
ip-address 10.1.2.3
configure crypto ca trustpoint keypair

Use this command to specify the key pair details like key ID, signature algorithm (RSA/DSS)
and key size to be used in the certificate request. To clear the key pair details from the
Syntax
[no] keypair <keypair-name> {rsa | dss} {512 | 1024 | 2048}
Variable
<keypair-name>
Value
Specifies the name of the key pair.
October 2010
833
IPsec VPN commands
Variable
Value
{rsa | dss}
Specifies the key type, either RSA or DSS.
{512 | 1024 | 2048}
Specifies the key size: 512, 1024, or 2048.
Example
keypair key1 rsa 1024
configure crypto ca trustpoint ocsp

Use this command to configure OCSP parameters. This specifies the URL of an OCSP server
so that certificate status can be verified in real time during the IKE negotiation. To enable OCSP
for a particular policy, you must use the ike policy ocsp command.
Syntax
ocsp {nonce | signature | url}
Example
ocsp nonce
configure crypto ca trustpoint password

Although it is not a common scenario, depending upon the policy of the CA, the certificates
issued by the CA can be encrypted. In cases where the certificate is encrypted, then a
password is needed to decrypt them. Use this command to define this password.
Syntax
password <password>
Example
password pass123
configure crypto ca trustpoint subject-name

Use this command to specify the subject name that identifies the Secure Router in the
certificate request.
Syntax
subject-name "<subject-name>"
834
October 2010
configure crypto contivity-iras ike policy
Example
"cn=router1,ou=security,o=avaya,C=US"
subject-name
configure crypto contivity-iras ike policy

Use this command to create a dynamic IKE policy for Avaya VPN client.
Syntax
[no] ike policy <policy-name>
Example
SR/configure/crypto/contivity-iras#ike policy ikepolicy1
configure crypto contivity-iras ike policy client

configuration address-pool
Use this command to configure an address pool. By default, an address pool is not configured.
Syntax
[no] address-pool <pool-no> <start-address> <end-address>
Variable
Value
[no]
Removes the specified address pool

configuration.
<pool-no>
Specifies a number for the address pool.

<start-address>
Specifies the start IP address for the address

pool.
<end-address>
Specifies the end IP address for the address

pool.
Example
SR/configure/crypto/contivity-iras/ike/ policy pol2/client
configuration#address-pool 3 10.10.10.1 20.1.1.0
October 2010
835
IPsec VPN commands

configuration banner-enable
Use this command to enable or disable the banner for the Avaya VPN client. By default, the
client banner is disabled.
Syntax
[no] banner-enable
Variable
[no]
Value
Disables the client banner.
Example
SR/configure/crypto/contivity-iras/ike/policy pol2/client
configuration#banner-enable

configuration banner-text
Use this command to configure a banner to display on the Avaya VPN client. By default, banner
text is not configured. When banner text is not configured, the system attempts to extract
banner text from the following location: /cf0/contivityBanner.txt.
Syntax
[no] banner-text <banner-text>
Variable
Value
[no]
Removes the specified banner text.
<banner-text>
Specifies the Avaya VPN client banner up to

200 characters, delimited by quotation marks
( ).
Example
configuration#banner-text Welcome
836
October 2010
configure crypto contivity-iras ike policy client configuration client-domain-name

configuration client-domain-name
Use this command to configure the client domain name for the Avaya VPN client connection.
By default, the client domain name is not configured.
Syntax
[no] client-domain-name <domain-name>
Variable
Value
[no]
Removes the specified client domain name.
<domain-name>
Specifies the client domain name. The client

assumes this value as its domain name
suffix.
Example
configuration#client-domain-name office1

configuration client-may-store-password
Use this command to configure whether the Avaya VPN client can store username and
password information. By default, this parameter is enabled.
Syntax
[no] client-may-store-password
Variable
[no]
Value
Disables storage of username and password
on the Avaya VPN client.
Example
configuration#client-may-store-password
October 2010
837
IPsec VPN commands

configuration client-screen-saver
Use this command to configure the maximum allowed wait time, in minutes, to which the
password-protected screen saver on the client host must be configured. If the wait-time
exceeds this value, the host cannot activate the VPN connection. By default, the wait-time is
not specified.
Syntax
[no] client-screen-saver <minutes>
Variable
Value
[no]
Removes the specified client screen saver

configuration.
<minutes>
Specifies the maximum number of minutes

to which the password protected screen
saver on the client host must be set before
activation. Values range from 0 to 65535
seconds. The default value is 0, which
indicates off or infinite time .
Example
configuration#client-screen-saver 2

configuration dns-server
Use this command to configure a DNS server address for the Avaya VPN client connection.
By default, a DNS server address is not configured.
Syntax
[no] dns-server <primary-dns> <secondary-dns>
Variable
[no]
838
Value
Removes the specified DNS server address.
October 2010
configure crypto contivity-iras ike policy client configuration failover-list
Variable
Value
<primary-dns>
Specifies the primary DNS server address.
<secondary-dns>
Specifies the secondary DNS server

address.
Example
SRconfigure/crypto/contivity-iras/ike/policy pol2/client
configuration#dns-server 10.1.1.1 20.1.1.1

configuration failover-list
Use this command to configure up to three IP addresses of failover Avaya VPN servers. By
default, no failover servers are specified.
Syntax
[no] failover-list <failover-ip-1> <failover-ip-2> <failover-ip-3>
Variable
Value
[no]
Removes the specified failover Avaya VPN

IRAS.
<failover-ip-1>
Specifies the IP address of a primary failover

Avaya VPN IRAS.
<failover-ip-2>
Specifies the IP address of a secondary

failover Avaya VPN IRAS.
<failover-ip-3>
Specifies the IP address of a tertiary failover

Avaya VPN IRAS.
Example
configuration#failover-list 10.1.1.1

configuration keepalive enable
Use this command to enable or disable keepalives. By default, keepalives are disabled.
October 2010
839
IPsec VPN commands
Syntax
[no] enable
Variable
[no]
Value
Disables keepalives.
Example
configuration/keepalive#enable

configuration keepalive interval
Use this command to configure the keepalive time interval. By default, keepalives are disabled.
Syntax
[no] interval <interval>
Variable
Value
<interval>
Specifies the keepalive time interval in

multiples of 10 seconds. Values range from
10 to 120 seconds. The default value is 0.
[no]
Disables the keepalive time interval.
Example
configuration/keepalive#interval 20

configuration keepalive retransmitions
Use this command to configure the number of keepalive retransmissions. By default,
keepalives are disabled.
840
October 2010
configure crypto contivity-iras ike policy client configuration nat-keepalive
Syntax
[no] retransmitions <retransmitions>
Variable
Value
<retransmitions>

retransmissions. Values range from 1 to 10.
[no]
Disables keepalive retransmissions.
Example
configuration/keepalive#retransmitions 2

configuration nat-keepalive
Use this command to configure the frequency at which the Avaya VPN server sends Network
Address Translation (NAT) keepalives when a NAT is detected. By default, NAT keepalives are
disabled.
Syntax
[no] nat-keepalive <seconds>
Variable
Value
[no]
Removes the specified NAT keepalive

configuration.
<seconds>
Specifies the NAT keepalive interval. Values

range from 20 to 120 seconds.
Example
configuration#nat-keepalive 20
October 2010
841
IPsec VPN commands

configuration private-side-address
Use this command to configure a private side address for the Avaya VPN client connection.
By default, a private side address is not configured.
Syntax
[no] private-side-address <private-side-address>
Variable
Value
[no]
Removes the specified private-side address

configuration.
<private-side-address>
Specifies a crypto trusted IP address on this

device. The client tests reachablity to this
address.
Example
configuration#private-side-address 10.10.10.1

configuration split-tunnel mode
Use this command to configure the split tunnel mode. By default, split tunneling is disabled.
Syntax
[no] mode {disable | enabled | inverse | local-inverse}
Variable
842
Value
[no]
Removes the specified split-tunneling

configuration.
disabled
Disables split tunneling. The Avaya VPN

client routes all traffic through the tunnel.
Disabled is the default value.
October 2010
configure crypto contivity-iras ike policy client configuration split-tunnel network
Variable
Value
enabled
Configures the Avaya VPN client to route

networks specified by the network command
through the tunnel and other networks in the
clear.
inverse
Configures the Avaya VPN client to route

networks specified by the network command
in the clear and other networks through the
tunnel.
local-inverse
Configures the Avaya VPN client to route any

networks which are locally connected to the
client in the clear and route other networks
through the tunnel.
Example
configuration/split-tunnel#mode enabled

configuration split-tunnel network
Use this command to configure the split tunnel network. By default, split tunneling is disabled.
Syntax
[no] network <network> <prefix>
Variable
Value
<network>
Specifies the network IP address.
<prefix>
Specifies the network IP address prefix.

Example
configuration/split-tunnel#network 10.1.1.1 24
October 2010
843
IPsec VPN commands

configuration wins-server
Use this command to configure a WINS server address for the Avaya VPN client connection.
By default, a WINS server is not configured.
Syntax
[no] wins-server <primary-wins> <secondary-wins>
Variable
Value
[no]
Removes the specified WINS server

address.
<primary-wins>
Specifies the primary WINS server address.
<secondary-wins>
Specifies the secondary WINS server

address.
Example
configuration#wins-server 10.1.1.0 20.1.1.0
configure crypto contivity-iras ike policy local-address

Use this command to configure the local address to be used in IKE negotiations.
Syntax
local-address <A.B.C.D>
Example
SR/configure/crypto/contivity-iras/ike policy#local-address
10.10.10.1
configure crypto contivity-iras ike policy mode

Use this command to configure the IKE mode for the remote access policy.
844
October 2010
configure crypto contivity-iras ike policy proposal
Syntax
mode {main | aggressive}
Table 1098:
Variable
Value
main
Specifies use of full negotiation to establish

a security association. Main mode provides
identity protection.
aggressive
Specifies use of a faster phase 1

establishment mode. Aggressive mode does
not provide identity protection. (This is the
default mode.)
Example
SR/configure/crypto/contivity-iras/ike policy#mode main

Use this command to configure an IKE proposal for Avaya VPN client.
Syntax
[no] proposal <1-5>
Variable
Value
< 1-5>
Specifies the proposal value. Only one

proposal is allowed in aggressive mode.
[no]
Removes the IKE proposal.
Example
SR/configure/crypto/contivity-iras/ike policy#proposal 2

authentication-method
Use this command to configure the IKE proposal authentication method for Avaya VPN client.
October 2010
845
IPsec VPN commands
Syntax
authentication-method {pre-shared-key | dss-signature | rsasignature}
Variable
Value
pre-shared-key
Authentication using a pre-shared key,

derived out of band.
dss-signature
Authentication using Digital Signature

Standard
rsa-signature
Authentication using RSA Signature
Example
SR/configure/crypto/contivity-iras/ike/policy ike1 10.1.1.1/proposal
1# authentication-method pre-shared-key
configure crypto contivity-iras ike policy proposal dh-group

Use this command to configure the DH group for the IKE proposal.
Syntax
dh-group {group1 | group2 | group5 group14 | group15}
Variable
Value
group1
768-bit. RFC 2409.
group2
1024-bit. RFC 2409.
group5
1536-bit. RFC2409. This is the highest level

of security supported by the Avaya Secure
Router 2330/4134 and requires more
processing time than group 1 and group 2.
group14
2048-bit modular exponential (MODP)

group. RFC 2409.
group15
3072-bit MODP group. RFC 2409.
Example
SR/configure/crypto/contivity-iras/ike policy/proposal 1#dh-group
group1
846
October 2010
configure crypto contivity-iras ike policy proposal encryption-algorithm

encryption-algorithm
Use this command to configure the encryption algorithm for the IKE proposal.
Syntax
encryption-algorithm {des-cbc | 3des-cbc | aes128-cbc | aes192-cbc |
aes256-cbc}
Variable
Value
des-cbc
Specifies DES-CBC encryption.
3des-cbc
Specifies 3DES-CBC encryption.
aes128cbc
Specifies AES-CBC encryption, with 128-bit

key length.
aes192cbc

key length.
aes256cbc

key length.
Example
SR/configure/crypto/contivity-iras/ike policy/proposal 1#encryptionalgorithm des-cbc
configure crypto contivity-iras ike policy proposal hashalgorithm

Use this command to configure the IKE authentication algorithm for a given IKE proposal.
Syntax
hash-algorithm {md5|sha1}
Variable
md5
Value
A 128-bit message digest-RFC 1321.
October 2010
847
IPsec VPN commands
Variable
sha1
Value
Secure Hash Standard: A 160-bit message
digest-NIST,FIPS PUB 180-1.
Example
SR/configure/crypto/contivity-iras/ike policy/proposal 1#hashalgorithm md5
configure crypto contivity-iras ike policy remote-id

Use this command to configure the remote ID to specify the IPsec peer that participates in the
IKE negotiation.
Syntax
remote-id {user-name "<user-name>" | group-name "<group-name>" | derencoded-dn "<name>"} [password <password>]
Important:
All remote IDs in a single IKE policy must be the same type (user, group, or der).
Variable
Value
user-name "<user-name>"
Specifies a user name. The value must be

specified within quotation marks.
group-name "<group-name>"
Specifies a group name. The value must be

der-encoded-dn "<name>"
Specifies the x.509 (subject name)

distinguished name. The value must be
password <password>
Specifies the user or group password.
Example
SR/configure/crypto/contivity-iras/ike policy#remote-id user-name
user1
configure crypto contivity-iras ipsec policy

Use this command to create an IPsec policy for an IPsec SA.
848
October 2010
configure crypto contivity-iras ipsec policy enable
Syntax
[no] ipsec policy <name>
Example
SR/configure/crypto/contivity-iras#ipsec policy pol2
configure crypto contivity-iras ipsec policy enable

Use this command toe nable or disable the Avaya VPN client IPsec policy.
Syntax
[no] enable
Variable
[no]
Value
Example
SR/configure/crypto/contivity-iras/ipsec policy#enable
configure crypto contivity-iras ipsec policy match

Use this command to specify the IP stream on which to apply IPsec.
When you apply this command, a default proposal is created with the following properties:
priority 1
ESP
3DES
SHA1
DH-group2
tunnel mode
Syntax
match {address <A.B.C.D> <mask>} [source-end-ip <A.B.C.D>] [deststart-ip <A.B.C.D>] [dest-netmask <A.B.C.D>] [dest-end-ip <A.B.C.D>]
[protocol <protocol>] [sport <0-65535>] [dport <0-65535>]
October 2010
849
IPsec VPN commands

Variable
Value
[address <A.B.C.D> <mask>]
Specifies the source IP address (the start

address if the range is applicable) in the IP
stream to be applied IPsec.
[source-end-ip <A.B.C.D>]
Specifies source IP address (the end

[dest-start-ip <A.B.C.D>]
Specifies the destination IP address (the

start address if the range is applicable) in the
IP stream to be applied IPsec.
[dest-netmask <A.B.C.D>]
Specifies the subnet mask.
[dest-end-ip <A.B.C.D>]
Specifies the destination IP address (the end

[protocol <protocol>]
Specifies the protocol. Values include:

udpudp protocol
tcptcp protocol
icmpicmp protocol
anyany of the above protocols
[sport <0-65535>]
Specifies the source port value.
[dport <0-65535>]
Specifies the destination port value.
Example
SR/configure/crypto/contivity-iras/ipsec policy#match address
10.1.1.1 255.255.255.0
configure crypto contivity-iras ipsec policy proposal

encryption-algorithm
Use this command to configure the encryption algorithm for the remote access IPsec proposal.
Syntax
encryption-algorithm { 3des-cbc | aes128-cbc | aes192-cbc | aes256cbc }
850
October 2010
configure crypto contivity-iras ipsec policy proposal lifetime

Variable
Value
3des-cbc
aes128cbc

key length.
aes192cbc

key length.
aes256cbc

key length.
Example
SR/configure/crypto/contivity-iras/ipsec policy pol2/proposal
1#encryption-algorithm 3des-cbc
configure crypto contivity-iras ipsec policy proposal

lifetime
Use this command to configure the lifetime of the IPsec SA.
When the SA expires, it is either replaced by a new negotiated SA or terminated.
Syntax
lifetime {kilobytes <300-4194303> | seconds <300-864000>}
Variable
Value
kilobytes <0-4194303>
Specifies the lifetime in kilobytes. The default

is 0 (unlimited).
seconds <100-864000>
Specifies the lifetime in seconds. The default

value is 3600 seconds.
Example
1#lifetime seconds 460
October 2010
851
IPsec VPN commands
configure crypto contivity-iras ipsec policy proposal hashalgorithm

Use this command to configure the hash algorithm for the IPsec proposal.
Syntax
hash-algorithm {md5-hmac | sha1-hmac | null}
Variable
Value
md5
Specifies a 128-bit message digest-RFC

1321.
sha1
Specifies a secure Hash Standard: A 160bit message digest-NIST,FIPS PUB 180-1.
null
No authentication.
Example
1#hash-algorithm md5-hmac
configure crypto dynamic ike policy

Use this command to create a dynamic IKE policy for remote access VPN.
Syntax
ike policy <policy-name> {modecfg-group | l2tp-group}
Variable
852
Value
<policy-name>
Specifies the IKE policy name.
group-type {modecfg-group | l2tp-group}
modecfg-group: Mode config group. To

configure the mode config client parameters,
use the ike policy client
configuration and ike policy
client authentication commands.
l2tp-group: L2TP group. To configure the
October 2010
configure crypto dynamic ike policy modecfg-group client authentication radius
Variable
Value
L2TP server and client parameters, use the
l2tp-server commands.
Example
SR/configure/crypto/dynamic/ike/policy rem-ike1 modecfg-group#
policy {modecfg-group | l2tp-group}
ike
configure crypto dynamic ike policy modecfg-group client

authentication radius
Use this command to configure the authentication method for the remote client.
Syntax
radius {pap | chap}
Variable
Value
pap
RADIUS-PAP authentication method.
chap
RADIUS-CHAP authentication method.
Example
SR/configure/crypto/dynamic/ike/policy rem-ike1 modecfg-group/
client/authentication# radius pap

configuration address-pool
Use this command to configure an address pool for mode config.
Syntax
address-pool <1-3> <start-ip> <end-ip>
Variable
<1-3>
Value
pool number
October 2010
853
IPsec VPN commands
Variable
Value
<start-ip>
start IP address
<end-ip>
end IP address
Example
client/configuration# 1 192.167.0.1 192.167.0.64

configuration dns-server
Use this command to configure the DNS server address for mode config.
Syntax
dns-server <primary-server-ip> <secondary-server-ip>
Example
client/configuration# dns-server 10.2.3.4

configuration wins-server
Use this command to configure the WINS server address for mode config.
Syntax
wins-server <primary-server-ip> <secondary-server-ip>
Example
client/configuration# wins-server 10.3.4.5
854
October 2010
configure crypto dynamic ike policy l2tp-server|modecfg-group key
configure crypto dynamic ike policy l2tp-server|modecfggroup key

Use this command to define a preshared key for the remote access IKE policy. The key is valid
only when the proposal configured has the authentication method as pre-shared-key.
Syntax
key <key-string>
Variable
<key-string>
Value
key string, max 49 characters.
Example
key1624
key
configure crypto dynamic ike policy l2tp-server|modecfggroup local-address

Use this command to configure the local address to be used in IKE negotiations.
Syntax
Example
local-address 100.1.1.3
configure crypto dynamic ike policy l2tp-server|modecfggroup local-id

Use this command to configure the local ID to specify the IPsec identifiers for the host that is
used in the identification payload during IKE negotiation.
October 2010
855
IPsec VPN commands
Syntax
local-id {domain-name <fqdn> | email-id <email>| der-encoded-dn
<name>}
Variable
Value
domain-name <fqdn>
Specifies a fully qualified domain name

(FQDN), like router.com.
email-id <email>
Specifies a fully-qualified email user name

string, like name@router.com.
der-encoded-dn <name>
Specifies the x.500 (LDAP) distinguished

name.
Example
local-id domain-name avaya.com
configure crypto dynamic ike policy l2tp-server|modecfggroup mode

Use this command to configure the IKE mode for the remote access policy
Syntax
mode {main | aggressive}
Variable
Value
main

aggressive
Specifies use of quick negotiation to

establish a security association. Aggressive
mode does not provide identity protection.
(This is the default mode.)
Example
aggressive
856
mode
October 2010
configure crypto dynamic ike policy l2tp-server|modecfg-group ocsp
configure crypto dynamic ike policy l2tp-server|modecfggroup ocsp

Use this command to enable OCSP to instruct the router to contact the CA for verification of
the status of any certificate that the router receives.
Syntax
[no] ocsp
Example
ocsp
configure crypto dynamic ike policy l2tp-server|modecfggroup pfs

Use this command to enable or disable Perfect Forward Secrecy (PFS) of both keys and
identities (RFC 2409) for the remote access IKE policy.
Syntax
pfs
Example
pfs
configure crypto dynamic ike policy l2tp-server|modecfggroup proposal

Use this command to configure an IKE proposal for remote access VPN.
Syntax
proposal <1-5>
Variable
<1-5>
Value
Proposal value. Only one proposal is allows
in aggressive mode.
October 2010
857
IPsec VPN commands
Example
proposal 1
configure crypto dynamic ike policy l2tp-server|modecfggroup proposal authentication-method

Use this command to configure the IKE proposal authentication method for remote access
VPN.
Syntax
Variable
Value
pre-shared-key
Specifies authentication using a pre-shared

key, derived out of band
dss-signature
Specifies authentication using Digital

Signature Standard.
rsa-signature
Specifies authentication using RSA

Signature.
Example
proposal 1# authentication-method pre-shared-key
configure crypto dynamic ike policy l2tp-server|modecfggroup proposal dh-group

Use this command to configure the DH group for the IKE proposal
Syntax
dh-group {group1 | group2 | group5}
858
October 2010
configure crypto dynamic ike policy l2tp-server|modecfg-group proposal encryption-algorithm

Variable
Value
group1
768-bit. RFC 2409.
group2
1024-bit. RFC 2409.
group5

of security and requires more processing
time than group 1 and group 2.
Example
proposal 1# dh-group group1
configure crypto dynamic ike policy l2tp-server|modecfggroup proposal encryption-algorithm

Use this command tonfigure the encryption algorithm for the remote access IKE proposal.
Syntax
aes256-cbc | null}
Variable
Value
des-cbc
3des-cbc
aes128cbc

key length.
aes192cbc

key length.
aes256cbc

key length.
null
Specifies no encryption.
Example
proposal 1# encryption-algorithm des-cbc
October 2010
859
IPsec VPN commands
configure crypto dynamic ike policy l2tp-server|modecfggroup proposal hash-algorithm

Use this command to configure the IKE authentication algorithm for a given remote access
proposal.
Syntax
hash-algorithm {md5|sha1}
Variable
Value
md5
A 128-bit message digest-RFC 1321
sha1

digest-NIST,FIPS PUB 180-1
Example
proposal 1#
configure crypto dynamic ike policy l2tp-server|modecfggroup proposal lifetime

Use this command to configure the lifetime of the remote access IKE SA. When the SA expires,
it is replaced by a new negotiated SA or terminated.
Syntax
Variable
Value
kilobytes <300-4194303>
Lifetime in kilobytes. Default: unlimited.
seconds <300-864000>
Lifetime in seconds. Default: 86400 seconds.
Example
proposal 1# lifetime kilobytes 2400
860
October 2010
configure crypto dynamic ike policy l2tp-server|modecfg-group remote-id
configure crypto dynamic ike policy l2tp-server|modecfggroup remote-id
configure crypto dynamic ipsec policy l2tp-server|modecfggroup

Use this command to create an IPsec policy for a remote access IPsec SA.
Syntax
ipsec policy <name> {modecfg-group | l2tp-group}
Variable
group-type [modecfg-group | l2tp-group]
Value
modecfg-group: Mode config group. To
configure the mode config client parameters,
use the ike policy client
commands. l2tp-group: L2TP group. To
configure the L2TP server and client
parameters, use the l2tp-server
commands.
Example
SR/configure/crypto/dynamic#
ipsec policy jim modecfg-group
configure crypto dynamic ipsec policy l2tp-server|modecfggroup enable

Use this command to enable the dynamic IPSec policy.
Syntax
[no] enable
October 2010
861
IPsec VPN commands

Variable
[no]
Value
Example
SR/configure/crypto/dynamic/ipsec/policy jim modecfg-group#
enable
configure crypto dynamic ipsec policy l2tp-server|modecfggroup match

Use this command to specify the IP stream on which to apply IPsec
When this command is entered, a default proposal is created, with the following properties:
priority 1, ESP, 3DES, SHA1, tunnel mode.
Syntax
match {address <A.B.C.D> <mask>} [source-end-ip <A.B.C.D>] [deststart-ip <A.B.C.D>] [dest-netmask <A.B.C.D>] [dest-end-ip <A.B.C.D>]
[protocol <protocol>] [sport <0-65535>] [dport <0-65535>]
Variable
862
Value
[address <A.B.C.D> <mask>]
source IP address (start address if range is

applicable) in the IP stream to be applied
IPsec.
source IP address (end address if range is

applicable) in the IP stream to be applied
IPsec
[dest-start-ip <A.B.C.D>]
destination IP address (start address if range

is applicable) in the IP stream to be applied
IPsec
[dest-netmask <A.B.C.D>]
Subnet mask.
destination IP address (end address if range

is applicable) in the IP stream to be applied
IPsec
udp udp protocol tcp tcp protocol icmp icmp

protocol any all the protocols
[sport <0-65535>]
Source port value.
[dport <0-65535>]
Destination port value.
October 2010
configure crypto dynamic ipsec policy l2tp-server|modecfg-group pfs-group
Example
address 192.178.1.0 255.255.255.0
match
configure crypto dynamic ipsec policy l2tp-server|modecfggroup pfs-group

Use this command to configure the Diffie-Hellman prime modulus group for Perfect Forward
Secrecy (PFS). This specifies the strength of the PFS group which the IPsec (phase 2) policy
uses.
Syntax
pfs-group {group1 | group2 | group5}
Variable
Value
group1
768-bit. RFC 2409
group2
1024-bit. RFC 2409.
group5
1536-bit. RFC 2409. This is the highest level

Example
group group1
pfs-
configure crypto dynamic ipsec policy l2tp-server|modecfggroup proposal

Use this command to configure the IPsec proposal template
Syntax
proposal <1-5> protocol {esp | ah}
Variable
1-5
Value
proposal priority
October 2010
863
IPsec VPN commands
Variable
protocol [esp | ah]
Value
esp: ESP ah: AH
Example
proposal 1 protocol esp
configure crypto dynamic ipsec policy l2tp-server|modecfggroup proposal encryption-algorithm

Use this command to configure the encryption algorithm for the remote access IPsec proposal.
Syntax
aes256-cbc | null}
Variable
Value
des-cbc
3des-cbc
aes128cbc

key length.
aes192cbc

key length.
aes256cbc

key length.
null
Example
SR/configure/crypto/dynamic/ipsec/policy jim modecfg-group/proposal
1# encryption-algorithm des-cbc
configure crypto dynamic ipsec policy l2tp-server|modecfggroup proposal hash-algorithm

Use this command to configure the hash algorithm for the remote access IPsec proposal.
864
October 2010
configure crypto dynamic ipsec policy l2tp-server|modecfg-group proposal lifetime
Syntax
hash-algorithm {md5-hmac | sha1-hmac | null}
Variable
Value
md5
A 128-bit message digest-RFC 1321
sha1

null
No authentication
Example
1# hash-algorithm md5-hmac
configure crypto dynamic ipsec policy l2tp-server|modecfggroup proposal lifetime

Use this command to configure the lifetime of the remote access IPsec SA. When the SA
expires, it is replaced by a new negotiated SA or terminated.
Syntax
Variable
Value
kilobytes <300-4194303>
Lifetime in kilobytes. Default: 4194303.
seconds <300-864000>
Lifetime in seconds. Default: 3600 seconds.
Example
1# lifetime seconds 4000
configure crypto dynamic ipsec policy l2tp-server|modecfggroup proposal mode

Use this command to configure the IPsec encapsulation mode for the remote access proposal.
October 2010
865
IPsec VPN commands
Syntax
mode {transport | tunnel}
Variable
Value
tunnel
Specifies tunnel mode. In tunnel mode the IP

header of the packet is encapsulated into a
new IP header with a routable destination IP
address. Protection is offered for the
complete packet. This is the default mode.
transport
Specifies transport mode. In transport mode,

the old IP address is retained and the hash
(in case of AH) is generated over the payload
and delivered to the peer. The protection is
offered only for the pay load.
Example
1# mode transport
configure crypto failover

Use this command to specify primary and secondary tunnels to provide IPSec VPN tunnel
failover for branch offices.
Syntax
[no] failover <primary-policy-name> <backup-policy-name>
Variable
Value
[no]
Disables primary and secondary tunnel failover for branch

offices.
primary-policy-name
Specifies the failover policy for the primary branch office

tunnel. This policy must be configured as IPSec nailed up.
backup-policy-name
Specifies the failover policy for the secondary branch office

tunnel.
Important:
You cannot reuse any policies that were previously configured for failover.
866
October 2010
configure crypto ike policy
Example
SR/configure/crypto#failover BOprim BOback
configure crypto ike policy

Use this command to create an IKE policy for a dynamic ISAKMP SA.
Syntax
ike policy <policy-name> <peer>
Variable
Value
<policy-name>
Specifies the IKE policy name. Max 8

characters.
<peer-address>
Specifies the peer IP address or the domain

name for IKE negotiations.
Example
ike policy ike1 10.1.1.1
configure crypto ike policy exchange-type

Use this command to configure the IKE exchange type to control whether the policy can initiate
negotiations, respond to negotiations, or both.
Syntax
exchange-type {initiator-only | responder-only | both}
Variable
Value
initiator-only
Specifies that the policy cannot respond to

IKE negotiations initiated by another party.
This type is not supported if the IKE policy is
configured for main mode and Preshared
Key is configured as the authentication
mode.
responder-only
Specifies that the policy cannot initiate IKE to

any other part, but responds to the IKE
initated by others.
October 2010
867
IPsec VPN commands
Variable
Value
both
Specifies that the policy can initate IKE to the

other party and also respond to IKE
negotiations initated by another. This is the
default setting.
Example
SR/configure/crypto/ike/policy ike1 10.1.1.1#
responder-only
exchange-type
configure crypto ike policy initial-contact

Use this command to enable or disable initial contact for an IKE policy.
Syntax
[no] initial-contact
Variable
[no]
Value
Disables initial contact for an IKE policy.
Example
SR/configure/crypto/ike/policy ike1 10.10.10.1#initial-contact
configure crypto ike policy key

Use this command to define a pre-shared key for the IKE policy. The key is valid only when
the proposal configured has the authentication method as pre-shared-key.
Syntax
key <key-string>
Variable
<key-string>
868
Value
Specifies the pre-shared key. Max 49
characters.
October 2010
configure crypto ike policy local-address
Example
key 100002000300405
configure crypto ike policy local-address

Configure the local address for IKE negotiations. The local address and the address in the
certificate must match.
When executed, this command creates an IKE policy proposal with default values of Preshared
Key, DES, SHA1, and DH-group1.
Syntax
Example
100.1.1.2
local-address
configure crypto ike policy local-id

Use this command to configure the local ID to specify the IPsec identifiers for the host that is
used in the identification payload during IKE negotiation.
Syntax
local-id {domain-name <fqdn> | email-id <email> | der-encoded-dn
<name> | key-id <key_id>}
Variable
Value
domain-name <fqdn>

email-id <email>


name.
key-id <key_id>
Specifies vendor specific information used in

aggressive mode.
October 2010
869
IPsec VPN commands
Example
avaya.com
local-id domain-name
configure crypto ike policy mode

Use this command to configure the IKE mode for the policy. The default mode is main mode.
Syntax
[no] mode {aggressive | main}
Variable
Value
main

aggressive
Specifies use of quick negotiation to

establish a security association. Aggressive
mode does not provide identity protection.
[no]
Sets the mode to the default value (main

mode).
Example
mode main
configure crypto ike policy ocsp

Use this command to enable OCSP to configure the router to contact the CA for verification of
the status of any certificate that the router receives.
Syntax
[no] ocsp
Example
870
ocsp
October 2010
configure crypto ike policy pfs
configure crypto ike policy pfs

Use this command to enable or disable Perfect Forward Secrecy (PFS) of both keys and
identities (RFC 2409) for the IKE policy.
Syntax
[no] pfs
Example
pfs
configure crypto ike policy proposal

Use this command to configure an IKE proposal for a dynamic ISAKMP SA.
Syntax
[no] proposal <priority>
Variable
Value
<priority>
Specifies the proposal priority, from 1 to 5.
[no]
Deletes the proposal.
Example
proposal 1
configure crypto ike policy proposal authentication-method

Use this command to configure the IKE proposal authentication method to authenticate the
peers.
Syntax
October 2010
871
IPsec VPN commands

Variable
Value
pre-shared-key
Authentication using a pre-shared key,

derived out of band.
dss-signature
Authentication using Digital Signature

Standard
rsa-signature
Authentication using RSA Signature
Example
SR/configure/crypto/ike/policy ike1 10.1.1.1/proposal 1#
authentication-method pre-shared-key
configure crypto ike policy proposal dh-group

Use this command to configure the IKE Diffie-Hellman group for key exchange between the
peers. This specifies the type of Diffie-Hellman prime modulus group that IKE uses for the key
exchange.
Syntax
dh-group {group1 | group2 | group5 | group14 | group15}
Variable
Value
group1
768-bit. RFC 2409.
group2
1024-bit. RFC 2409.
group5

group14
2048-bit modular exponential (MODP)

group. RFC 2409.
group15
3072-bit MODP group. RFC 2409.
Example
group1
872
dh-group
October 2010
configure crypto ike policy proposal encryption-algorithm
configure crypto ike policy proposal encryption-algorithm

Use this command to configure encryption algorithm for the IKE proposal.
Syntax
aes256-cbc}
Variable
Value
des-cbc
3des-cbc
aes128cbc

key length.
aes192cbc

key length.
aes256cbc

key length.
Example
algorithm des-cbc
encryption-
configure crypto ike policy proposal hash-algorithm

Use this command to configure the IKE authentication algorithm for a given proposal.
Syntax
[no] hash-algorithm {md5|sha1}
Variable
Value
md5
Specifies a 128-bit message digest (RFC

1321).
sha1
Specifies Secure Hash Standard, a 160-bit

message digest (NIST,FIPS PUB 180-1).
October 2010
873
IPsec VPN commands
Variable
[no]
Value
Sets the hash algorithm to the default value
(sha1).
Example
algorithm md5
hash-
configure crypto ike policy proposal lifetime

Use this command to configure the lifetime of the IKE SA. When the SA expires, it is replaced by
a new negotiated SA or terminated.
You can configure the lifetime to be both kilobytes and seconds. The first limit to be reached
is the one applied.
Syntax
Variable
Value
kilobytes <300-4194303>
Specifies the volume of traffic (in kilobytes)

that can pass between IPsec peers using the
given IKE SA before that SA expires. Default:
unlimited.
seconds <300-864000>
Specifies the number of seconds the IKE SA

runs before expiring. Default: 86400 seconds
(24 hours).
Example
seconds 3600
lifetime
configure crypto ike policy remote-id

Use this command to configure the remote ID to specify the IPsec peer that participates in the
IKE negotiation.
874
October 2010
configure crypto ipsec policy
Syntax
remote-id {domain-name <fqdn> | email-id <email>| der-encoded-dn
<name> | key-id <key_id>}
Variable
Value
domain-name <fqdn>

email-id <email>


name.
key-id <key_id>
Specifies vendor specific information used in

aggressive mode.
Example
domain.com
remote-id domain-name
configure crypto ipsec policy

Use this command to create an IPsec policy for a dynamic IPsec SA.
Syntax
ipsec policy <policy-name> <peer> [before-name <before-name> | aftername <after-name>]
Important:
You cannot assign both an after name and before name to the same IPSec policy.
Variable
Value
<after-name>
Inserts the selected policy in the SPD

immediately following this named policy.
<before-name>
Inserts the selected policy in the SPD

immediately preceding this named policy.
<peer>
Specifies the peer IP address or the domain

name for IKE negotiations.
<policy-name>
IPsec policy name. Max 8 characters.
October 2010
875
IPsec VPN commands
Example
ipsec policy ipsec1 10.1.1.1 before-name ipsec0
configure crypto ipsec policy anti-replay

Use this command to enable or disable anti-replay service on the inbound security association.
The default is disabled.
Syntax
[no] anti-replay
Example
SR/configure/crypto/ipsec/policy ipsec1 10.1.1.1#
anti-replay
configure crypto ipsec policy bypass match address

Use this command to configure a policy that enables selected network traffic to bypass an
IPSec VPN tunnel.
Syntax
match address <source-start-ip> <source-mask> <dest-start-ip> <destmask> [source-end-ip <A.B.C.D>] [dest-end-ip <A.B.C.D>] [protocol
<protocol>] [sport <0-65535>] [dport <0-65535>]
876
Variable
Value
<source-start-ip> <sourcemask>
Source IP address and subnet mask of the IP stream that is

to be protected by the IPsec policy. If you are defining a range
of addresses, this represents the start address in the range.
<dest-start-ip> <destmask>
Destination IP address and subnet mask of the IP stream that

is to be protected by the IPsec policy. If you are defining a
range of addresses, this represents the start address in the
range.
If you are defining a range of addresses for the source IP, this
parameter specifies the end address in the range.
If you are defining a range of addresses for the destination

IP, this parameter specifies the end address in the range.
October 2010
configure crypto ipsec policy enable
Variable
Value
Specifies a protocol for the IP stream to be protected. Values
include:
udpUDP protocol
tcpTCP protocol
icmp ICMP protocol
greGRE protocol
protocol-numberthe number of the protocol
[sport <0-65535>]
Specifies a source port value for the IP stream to be

protected.
[dport <0-65535>]
Specifies a destination port value for the IP stream to be

protected.
Example
SR/configure/crypto/ipsec/policy newpol bypass#match address
10.1.1.0 24 20.1.1.0 24
configure crypto ipsec policy enable

Use this command to enable or disable the IPsec policy entry
Syntax
[no] enable
Example
enable
configure crypto ipsec policy match

Use this command to specify the IP stream on which to apply IPsec.
When this command is entered, a default proposal is created, with the following properties:
priority 1, ESP, 3DES, SHA1, tunnel mode.
Syntax
match address <source-start-ip> <source-mask> <dest-start-ip> <destmask> [source-end-ip <A.B.C.D>] [dest-end-ip <A.B.C.D>] [protocol
October 2010
877
IPsec VPN commands

Variable
Value
<source-start-ip> <source-mask>
Source IP address and subnet mask of the

IP stream that is to be protected by the IPsec
policy. If you are defining a range of
addresses, this represents the start address
in the range.
<dest-start-ip> <dest-mask>
Destination IP address and subnet mask of

the IP stream that is to be protected by the
IPsec policy. If you are defining a range of
addresses, this represents the start address
in the range.
If you are defining a range of addresses for

the source IP, this parameter specifies the
end address in the range.
If you are defining a range of addresses for

the destination IP, this parameter specifies
the end address in the range.
Specifies a protocol for the IP stream to be

protected. Valid values are: udp UDP
protocol tcp TCP protocol icmp ICMP
protocol gre GRE protocol any all the
protocols
[sport <0-65535>]
Specifies a source port value for the IP

stream to be protected.
[dport <0-65535>]
Specifies a destination port value for the IP

stream to be protected.
Example
10.1.1.0 24 20.1.1.0 24
match address
configure crypto ipsec policy match object

Use this command to assign an individual IP address or a range of IP addresses, specified
as IP address objects, to an IPSec policy.
Syntax
match object <source-object> <destination-object> [protocol
878
October 2010
configure crypto ipsec policy nailed-up

Variable
Value
<source-object>
Specifies the crypto object to match to the source IP address.
<destination-object>
Specifies the crypto object to match to the destination IP

address.
Specifies a protocol for the IP stream to be protected. Values

include:
udp-UDP protocol
tcp-TCP protocol
icmp-ICMP protocol
gre-GRE protocol
any-all protocols
[sport <0-65535>]
Specifies a source port. Values range from 0 to 65535.
[dport <0-65535>]
Specifies a destination port. Values range from 0 to 65535.
Example
SR/configure/crypto/ipsec/policy pol2 10.10.10.1#match object BO1 BO2
protocol udp sport 2 dport 5
configure crypto ipsec policy nailed-up

Use this command to configure an IPSec policy with the nailed up feature enabled.
Syntax
[no] nailed-up
Variable
Value
[no]
Disables IPSec nailed up tunnel.
<policy-name>
Specifies the IPsec policy name. The

maximum is 8 characters.
<peer-address>
Specifies the peer security gateway IP

address.
Example
SR/configure/crypto/ipsec/policy pol1 10.10.10.1#nailed-up
October 2010
879
IPsec VPN commands
configure crypto ipsec policy pfs-group

Use this command to configure the Diffie-Hellman prime modulus group for Perfect Forward
Secrecy (PFS).
Syntax
pfs-group {group1 | group2 | group5}
Variable
Value
group1
768-bit. RFC 2409
group2
1024-bit. RFC 2409.
group5
1536-bit. RFC 2409.
Example
pfs-group group1
configure crypto ipsec policy proposal

Configure an IPsec proposal for an IPsec SA.
Before configuring a proposal, you must specify the IP stream on which to apply IPsec using
the configure crypto ipsec policy match command.
In case multiple proposals are configured, all of them are sent in the SA payload in a logical
OR manner in the order they are specified by the proposal priority. The protocol value defaults
to ESP if it is not explicitly specified.
Syntax
proposal <1-5> protocol {esp | ah}
Variable
880
Value
<1-5>
Specifies the proposal priority.
esp
Specifies ESP protocol. When chosen, the

proposal parameters are set to the following
defaults: 3DES, SHA1 and tunnel mode.
October 2010
configure crypto ipsec policy proposal encryption-algorithm
Variable
ah
Value
Specifies AH protocol. When chosen, the
proposal parameters are set to the following
defaults: SHA1 and tunnel mode.
Example
protocol esp
proposal 1
configure crypto ipsec policy proposal encryptionalgorithm

Use this command to configure the encryption algorithm for the IPsec proposal.
Syntax
aes256-cbc | null}
Variable
Value
des-cbc
3des-cbc
aes128cbc

key length.
aes192cbc

key length.
aes256cbc

key length.
null
Example
algorithm des-cbc
encryption-
configure crypto ipsec policy proposal hash-algorithm

Use this command to configure the hash algorithm for the IPsec proposal.
October 2010
881
IPsec VPN commands
Syntax
hash-algorithm {md5|sha1|null}
Variable
Value
md5-hmac
A 128-bit message digest-RFC 1321 + RFC

2085
sha1-hmac

null
no authentication
Example
hash-algorithm md5
configure crypto ipsec policy proposal lifetime

Use this command to configure the lifetime of the IPsec SA. When the SA expires, it is replaced
by a new negotiated SA or terminated.
Syntax
Variable
Value
kilobytes <300-4194303>
Specifies the volume of traffic (in kilobytes)

that can pass between IPsec peers using the
given IPsec SA before that SA expires.
Default: 4194303.
seconds <300-864000>
.Specifies the number of seconds the IPsec

SA can live before expiring. Default: 3600
seconds (1 hour).
Example
configure crypto ipsec policy proposal mode

Use this command to configure the IPsec encapsulation mode for the proposal.
882
October 2010
configure crypto keepalive enable
Syntax
mode {transport | tunnel}
Variable
Value
tunnel
Specifies tunnel mode. In tunnel mode the IP

header of the packet is encapsulated into a
new IP header with a routable destination IP
address. Protection is offered for the
complete packet. This is the default mode.
transport
Specifies transport mode. In transport mode,

the old IP address is retained and the hash
(in case of AH) is generated over the payload
and delivered to the peer. The protection is
offered only for the pay load.
Example
mode transport
configure crypto keepalive enable

Use this command to enable or disable dead peer detection keepalive.
Syntax
[no] keepalive enable
Example
SR/configure/crypto# keepalive enable
configure crypto keepalive mode

Use this command to configure the Secure Router to use on-demand or periodic DPD for
querying the operational status of IKE peers.
Syntax
[no] keepalive mode <on-demand> <periodic>
Variable
Value
October 2010
883
IPsec VPN commands
[no]
Disables the keepalive mode.
on-demand
When selected (default), DPD retries are

sent on demand.
periodic
When selected DPD retries are sent at

regular intervals.
Example
SR/configure/crypto#keepalive mode on-demand
configure crypto keepalive retry-interval

Use this command to configure the number of seconds between the DPD retries, in multiples of
10 seconds. Default is 10 seconds.
Syntax
keepalive retry-interval <retry-interval>
Example
keepalive retry-interval 30
configure crypto keepalive transmit-interval

Use this command to configure the keepalive transmit interval.
Syntax
keepalive transmit-interval <10-3600>
Example
keepalive retry-interval 30
configure crypto keypair

Use this command to specify the key pair details like key ID, signature algorithm (RSA/DSA)
and key size to be used in the certificate request. To clear the key pair details from the
884
October 2010
configure crypto ike policy keyusage
Syntax
[no] keypair <keypair-name> {rsa | dsa} {512 | 1024 | 2048 | 3072 |
4096}
Variable
Value
<keypair-name>
Specifies the name of the key pair.
{rsa | dsa}
Specifies the key type. Values include:

rsa the RSA public key encryption algorithm
dsa Digital Signature Algorithm
{512 | 1024 | 2048 | 3072 |

4096}
Specifies the maximum supported key sizes. Values include:

rsa - 512, 1024, 2048, 3072, and 4096 bits. The default is
1024 bits.
dsa - 512, 1024 bits. The default is 1024 bits.
Example
SR/configure/crypto/ca/trustpoint ca1#keypair pair2 rsa 512
configure crypto ike policy keyusage

Use this command to configure an IKE policy with key usage extension checking.
Syntax
[no] keyusage
Example
SR/configure/crypto/ike/policy pol2 branchoffice#keyusage
configure crypto pmtu df-bit

Use this command to configure the value of the Don't Fragment (DF) bit for an interface.
The DF bit value for an interface can be set, copy, or clear. If the DF bit value is configured as
set for an interface, it forces PMTU discovery regardless of the value of the DF bit value in
the clear packet. If the DF bit value is configured as copy, this enables PMTU only when the
clear packet is generated with the DF bit set. If the DF bit value is configured as clear, PMTU is
not enabled.
October 2010
885
IPsec VPN commands
Syntax
pmtu df-bit {set | copy | clear} <if-name>
Example
pmtu df-bit set wan1
configure crypto pmtu threshold-mtu mtu-size

Use this command to configure the MTU threshold value. If the MTU value received in ICMP
PMTU is less than the threshold, PMTU discovery is reset for that particular SA .That is, the
DF bit is cleared for the particular SA. The default value is 576.
Syntax
pmtu threshold-mtu mtu-size <mtu-value>
Example
pmtu threshold-mtu 750
configure crypto pmtu unsecured-icmp-processing

Use this command to enable or disable processing of clear, unsecured ICMP messages.
Disable processing of unsecured ICMP messages to allow processing of only secured packets.
This option is disabled by default.
Syntax
[no] pmtu unsecured-icmp-processing
Example
pmtu unsecured-icmp-processing
configure interface l2tp-server

Use this command to configure the L2TP server.
Syntax
interface l2tp-server <server-name>
886
October 2010
configure interface l2tp-server ip address
Example
SR/configure#
interface l2tp-server l2tp1
configure interface l2tp-server ip address

Use this command to configure an IP address for the L2TP server.
Syntax
ip adddress <ipaddress>
Example
SR/configure/interface/l2tp-server l2tp1#
ip adddress 101.1.2.3
configure interface l2tp-server ipsec-protection

Use this command to configure IPsec protection for the L2TP server.
Syntax
ipsec-protection <ike-ipsec-policy> <untrusted-if-address> {remoteid-type {ip-address | domain-name | email-id | der-encoded-dn}}
[remote-id-data <remote-id-data>] [key <key>]
Variable
Value
<ike-ipsec-policy>
Name of crypto dynamic IKE and IPsec policy. Max 8

characeters.
<untrusted-if-address>
Address of the local crypto untrusted interface that is used

as the IKE authenticated tunnel endpoint.
{remote-id-type {ip-address | Remote ID type: ip-address: a routeable IPaddress already

domain-name | email-id |
configured on this device domain-name: fully qualified
der-encoded-dn}}
domain name (FQDN) email-id: email address (user FQDN)
der-encoded-dn: x509 certificate subject-name in ascii form
(default) (example: O=ACME Corp,OU=*,C=US,CN=Wile E.
Coyote)
[remote-id-data "<remote-id- Remote ID data, specified in quotation marks. Maximum 48
data>"]
characters.
[key <key>]
Tells IKE to use preshared-key authentication with this key

(no key means use certificates).
October 2010
887
IPsec VPN commands
Example
SR/configure/interface/l2tp-server l2tp1# ipsec-protection Prot
20.1.1.1 remote-id-type domain-name remote-id-data "domain.com" key
myIkePreSharedKey
configure interface l2tp-server remote-config

Use this command to access the L2TP client configuration commands.
Syntax
remote-config [domain-name <domain-name>]
Variable
[domain-name <domain-name>]
Value
L2TP server interface name, max 30
characters.
Example
l2tp1
remote-config domain-name
configure interface l2tp-server remote-config address-pool|

DNS|nbns
Use this command to configure the client parameters for remote access with L2TP.
Syntax
{address-pool <first-address> <last-address> | dns <A.B.C.D> | nbns
<A.B.C.D>}
Variable
888
Value
[address-pool <first-address> <lastaddress>]
Pool of IP addresses given to connecting

clients. Maximum pool size is 200.
[dns <A.B.C.D>]
DNS address the client will use.
[nbns <A.B.C.D>]
Net Bios Name Server (WINS server) the

client will use.
October 2010
configure interface l2tp-server remote-user
Example
SR/configure/interface/l2tp-server l2tp1/remote-config#
pool 40.1.1.2 40.1.1.48
address-
configure interface l2tp-server remote-user

Use this command to configure user parameters for remote access using L2TP.
Syntax
remote-user <username> <password>
Example
password1
remote-user user1
configure interface l2tp-server shutdown

Shut down the L2TP server.
Syntax
[no] shutdown
Example
shutdown
show crypto ca certificates

Use this command to display certificates.
Syntax
show crypto ca certificates {<ca-name> | all} [detail]
Example
SR#
show crypto ca certificates all
October 2010
889
IPsec VPN commands
show crypto ca crl

Use this command to display the CRL information.
Syntax
show crypto ca crl {<ca-name> | all} [detail]
Example
SR#
show crypto ca crl all
show crypto ca trustpoint

Use this command to display trustpoint information.
Syntax
show crypto ca trustpoint {<ca-name> | all} [detail]
Example
SR#
show crypto ca trustpoint all
show crypto clients contivity

Use this command to view remote access IPsec clients.
Syntax
show crypto clients contivity
Example
SR#show crypto clients contivity
show crypto contivity-iras ike policy

Use this command to view IKE policy configuration information.
890
October 2010
show crypto contivity-iras ipsec policy
Syntax
show crypto contivity-iras ike policy {<policy-name> | all}
[proposal-priority <1-5>] [detail]
Variable
Value
all
Displays configuration information for all

configured policies
detail
Displays detailed policy information.
<policy-name>
Identifies the IPsec policy name.
proposal-priority <1-5>
Identifies the IPsec proposal priority number.

Example
SR#show crypto contivity-iras ike policy all
show crypto contivity-iras ipsec policy

Use this command to view IPsec policy configuration information.
Syntax
show crypto contivity-iras ipsec policy {<policy-name> | all}
[proposal-priority <1-5>] [detail]
Variable
Value
all
Displays configuration information for all

configured policies
detail
Displays detailed policy information.
<policy-name>
Identifies the IPsec policy name.
proposal-priority <1-5>
Identifies the IPsec proposal priority number.

Example
SR#show crypto contivity-iras ipsec policy all
October 2010
891
IPsec VPN commands
show crypto dynamic clients

Use this command to display remote access IPsec clients.
Syntax
show crypto dynamic client
Example
SR#
show crypto dynamic client
show crypto dynamic ike policy

Use this command to display remote access IKE policies.
Syntax
show crypto dynamic ike policy {<policy-name> | all} [proposalpriority <1-5>] [detail]
Example
SR#
show crypto dynamic ike policy all
show crypto dynamic ipsec policy

Use this command to display remote access IPsec policies.
Syntax
show crypto dynamic ipsec policy {<policy-name> | all} [proposalpriority <1-5>] [detail]
Example
SR#
show crypto dynamic ipsec policy all
show crypto ike policy

Use this command to display IKE policy information.
892
October 2010
show crypto ike sa
Syntax
show crypto ike policy {<policy-name> | all} [proposal-priority
<1-5>] [detail]
Example
SR#
show crypto ike policy all
show crypto ike sa

Use this command to display IPsec SA information.
Syntax
show crypto ipsec sa {<policy-name> | all} [detail]
Example
SR#
show crypto ipsec sa all
show crypto interfaces

Use this command to display the status of interfaces, whether trusted or untrusted.
Syntax
Example
SR#
show crypto ipsec policy

Use this command to display IPsec policy information.
Syntax
show crypto ipsec policy {<policy-name> | all} [proposal-priority
<1-5>] [detail]
Example
SR#
show crypto ipsec policy all
October 2010
893
IPsec VPN commands
show crypto ipsec sa

Use this command to display IPsec SA information.
Syntax
show crypto ipsec sa {<policy-name> | all} [detail]
Example
SR#
show crypto ipsec sa all
show crypto keepalive

Use this command to display the dead peer detection configuration.
Syntax
Example
SR#
show crypto pmtu

Use this command to display PMTU information.
Syntax
show crypto pmtu {config | df-bit <interface-name>}
Example
SR#
show crypto pmtu config
show crypto statistics

Use this command to display IPsec-related statistics.
Syntax
894
October 2010
show interface l2tp-server
Example
SR#

Use this command to display L2TP server configuration
Syntax
Example
SR#
October 2010
895
IPsec VPN commands
896
October 2010
Chapter 58: GRE and IPIP tunneling

commands
clear interface tunnel

Use this command to clear tunnel counter information.
Syntax
clear interface [tunnel <tunnel-name> | tunnels]
Example
SR#
clear interface tunnels
configure interface tunnel

Use this command to create a tunnel.
Syntax
interface tunnel <tunnel-name>
Example
SR/configure#
interface tunnel tunnel1
configure interface tunnel crypto

Use this command to configure the tunnel as untrusted for the purpose of IPsec protection.
Syntax
crypto {trusted | untrusted}
October 2010
897
GRE and IPIP tunneling commands

Variable
Value
trusted
Specifies that the tunnel is part of a trusted

network.
untrusted
Specifies that the tunnel is part of an

untrusted network.
Example
SR/configure/interface/tunnel tunnel1#
crypto untrusted
configure interface tunnel gvrp

Use this command configure gvrp parameters on a tunnel to provide VLAN support across the
tunnel.
Syntax
gvrp
Example
SR/configure/interface tunnel tun1#gvrp
configure interface tunnel ip|ipv6

Use this command to configure the tunnel IP address.
Syntax
[ip address <ipv4-address> <subnet-mask>] | [ipv6 <ipv6-address>]
Variable
Value
<ipv4-address> <subnet-mask>
Specifies the IPv4 address and subnet mask.
<ipv6-address>
Specifies the IPv6 prefix address. You can

also enter the IPv6 prefix name.
Example
255.255.255.0
898
ip address 192.168.122.10
October 2010
configure interface tunnel ip tcp-mss
configure interface tunnel ip tcp-mss

Use this command to specify the TCP MSS clamping value for a tunnel interface.
Syntax
ip tcp-mss <value>
Variable
<value>
Value
Specifies the TCP MSS clamping value for the tunnel. Values
Example
SR/configure/interface/tunnel tun1#ip tcp-mss 555
configure interface tunnel keepalive

Use this command to enable keepalive packets to keep track of the tunnel end points. The
router sends a keepalive at every configured interval. If no response is received after the
configured number of retries, the tunnel is brought down. You can only configure keepalive on
GRE tunnels.
By default GRE keepalives are disabled.
Syntax
keepalive [interval <0-120>] [retries <1-16>]
Variable
Value
[interval <0-120>]

Default is 10. A value of 0 specifies no
keepalives.
[retries <1-16>]
Specifies the number of retries. If there is no

response after the configured retry value, the
tunnel is brought down. Default value is 3.
Example
October 2010
899
configure interface tunnel shutdown

Use this command to shut down the tunnel interface.
Syntax
[no] shutdown
Example
shutdown
configure interface tunnel tunnel checksum

Use this command to enable end-to-end checksums to force the router to drop any corrupted
packets. You can only configure checksum on GRE tunnels.
By default, checksums are disabled.
Syntax
[no] tunnel checksum
Example
tunnel checksum
configure interface tunnel tunnel destination

Use this command to configure the IP address for the tunnel destination. This is not required
for 6to4 tunnels.
The tunnel destination cannot be a point-to-point interface peer. It should be reachable through
a physical interface.
Syntax
[no] tunnel destination <A.B.C.D>
Example
900
tunnel destination 123.4.5.6
October 2010
configure interface tunnel tunnel key
configure interface tunnel tunnel key

Use this command to configure an ID key for a tunnel interface. This key must be set to the
same value on the tunnel endpoints. The key field is used for identifying an individual traffic
flow within a tunnel. Tunnel ID keys can be used as a form of weak security to prevent
misconfiguration or injection of packets from a foreign source. However this is not a reliable
security option.
You can only configure tunnel key on GRE tunnels. By default, no key is configured.
Syntax
[no] tunnel key <0-4294967295>
Variable
<0-4294967295>
Value
Specifies the key value.
Example
tunnel key 884452
configure interface tunnel tunnel mode

Use this command to configure the tunnel encapsulation mode. The default is GRE.
Syntax
tunnel mode {gre | ipip | ipv6ip [6to4]}
Variable
Value
gre
Specifies GRE encapsulation.
ipip
Specifies IP over IP encapsulation.
ipv6ip [6to4]
Specifies IPv6 over IP encapsulation. If the

6to4 option is included, automatic IPv6
tunneling is used.
Example
tunnel mode ipip
October 2010
901
configure interface tunnel tunnel path_mtu_discovery

Use this command to enable or disable path MTU discovery on the tunnel. The default mode
for this feature is disabled.
Syntax
[no] tunnel path_mtu_discovery
Example
tunnel path_mtu_discovery
configure interface tunnel tunnel protection

This command associates a tunnel with an IPsec profile. IPsec automatically derives the IPsec
peer and proxy information from the configured tunnel source and tunnel destination values.
Therefore, you do not need to create an IPsec policy to define peer and match addresses.
IPsec creates a default IKE policy and transport-mode IPsec policy for the tunnel endpoint.
Syntax
[no] tunnel protection <ipsec-policy> <key-value>
Variable
Value
<ipsec-policy>
Specifies the name of the IPsec policy. Enter

a word of no more than eight characters.
<key-value>
Specifies the IPsec policy key value. Enter a

string of no more than 49 characters.
Example
1234567>
tunnel protection policy28
configure interface tunnel tunnel sequence

Use this command to configure sequencing to enable dropping of out-of-order packets on the
tunnel.
902
October 2010
configure interface tunnel tunnel source
The default mode for this feature is disabled. This feature is available only in the GRE mode.
Syntax
[no] tunnel sequence
Example
tunnel sequence
configure interface tunnel tunnel source

Use this command to to assign a local interface to a tunnel source.
Syntax
[no] tunnel source <A.B.C.D> | <interface_name> | <bundlename:pvc>
Variable
Value
<A.B.C.D>
Specifies the tunnel source IP address.
<bundlename:pvc>
Specifies the tunnel source PVC identifier to which the tunnel

source IP address is assigned.
<interface_name>
Specifies the tunnel source interface to which the tunnel source

IP address is assigned.
[no]
Removes the local interface from the tunnel source.
Example
tunnel source ethernet0/1
configure interface tunnel tunnel tos

Use this command to configure the Type of Service (ToS) value for the tunnel interface. If not
specified, the ToS value of the inner IP header is copied to the outer IP header.
Syntax
[no] tunnel tos <0-255>
Variable
<0-255>
Value
The ToS for the tunnel.
October 2010
903
Variable
[no]
Value
Sets the ToS value to the default, which is 0
(no ToS).
Example
tunnel tos 100
configure interface tunnel tunnel ttl

Use this command to configure the time-to-live (TTL) value for the tunnel interface. The default
value is 30 seconds
Syntax
[no] tunnel ttl <1-255>
Example
tunnel ttl 45
show interface tunnel

Use this command to display tunnel configuration information.
Syntax
show interface [tunnel <tunnel-name> | tunnels]
Example
SR#
904
show interface tunnels
October 2010
Chapter 59: AAA commands
clear dot1x statistics

Use this command to clear 802.1x statistics.
Syntax
clear dot1x statistics
Example
SR# clear dot1x statistics
configure aaa accounting

Configure accounting on the router.
Syntax
aaa accounting [commands | network | exec | system ] <list-name>
[start_stop | stop_only | wait_start | none]
Variable
Value
[commands | network | exec | system ] <list- commands: configure the accounting for
name>
commands. network: configure the
accounting for network usage. exec:
configure the accounting for EXEC sessions.
system: configure the accounting for system
events. <list-name> specifies the name of
the accounting list, either a character string
or the word default. If list_name is default,
all interfaces use this method list without
further configuration.
[start_stop | stop_only | wait_start | none]
The set of records sent for accounting are as

follows: start_stop : START and STOP
records are sent stop_only : only STOP
records are sent wait_start : START and
October 2010
905
AAA commands
Variable
Value
STOP records are sent. Service starts after
ACK. none : No accounting
Example
SR/configure#
aaa accounting network acctlist start_stop
configure aaa accounting update

Use this command to configure the network accounting update scheme.
Syntax
aaa accounting update {newinfo | periodic mins <1-5> }
Variable
Value
newinfo
Send UPDATE records when new info is

available
periodic
Send UPDATE records periodically
mins <1-5>
Time in minutes if the scheme is periodic.

Default is 5 mins.
Example
SR/configure#
aaa accounting update newinfo
configure aaa authentication login

Use this command to configure the login authentication methods.
Syntax
aaa authentication login <login-list-name> <authentication-methods>
Variable
<login-list-name>
906
Value
The name of the login authentication list,
either a character string or the word
default. If list_name is default, all
October 2010
configure aaa authentication protocols
Variable
Value
interfaces use this method list without further
configuration.
<authentication-methods>
A list of up to 3 authentication values,

separated by slashes (/), indicating the order
in which the methods are used for login on
an interface. Possible values are tacacs,
radius, local and none.
Example
SR/configure# aaa authentication login default tacacs/radius
configure aaa authentication protocols

Use this command to configure the login authentication protocols.
Syntax
aaa authentication protocol <protocols-list-name> <protocols>
Variable
Value
<protocols-list-name>
The name of the protocol authentication list,

either a character string or the word
default. If list_name is default, all
interfaces use this method list without further
configuration.
<protocols>
A list of up to 3 protocol values, separated by

slashes (/), indicating the order in which the
protocols are used for login on an interface.
Possible values are pap, chap and ascii.
Example
SR/configure#
aaa authentication protocol default pap/ascii
configure aaa authorization commands

Use this command to configure the authorization methods for accessing an interface.
October 2010
907
AAA commands
Syntax
aaa authorization commands <commands-list-name> <authorizationmethods>
Variable
Value
<commands-list-name>
The name of the authorization list, either a

character string or the word default. If
list_name is default, all interfaces use this
method list without further configuration..
<authorization-methods>
A list of up to 2 authorization values,

separated by slashes (/), indicating the order
in which the methods are used for
authorization on an interface. Possible
values are tacacs, local and none.
Example
SR/configure#
authorization commands default tacacs
configure aaa enable

Enable or disable AAA on the router.
Syntax
[no] aaa enable
Variable
[no]
Value
Disables AAA.
Example
SR/configure#
[no] aaa enable
configure aaa radius primary_server|secondary_server

acct_port
Use this command to configure the port used by the RADIUS server for accounting.
908
October 2010
configure aaa radius primary_server|secondary_server auth_port
Syntax
[no] acct_port <1-65535>
Variable
<1-65535>
Value
The accounting port on the RADIUS server.
The default is port number 1813.
Example
SR/configure#
aaa radius primary_server acct_port 165

auth_port
Use this command to configure the port used by the RADIUS server for authentication.
Syntax
[no] auth_port <1-65535>
Variable
<1-65535>
Value
The authentication port on the RADIUS
server. The default is port number 1812.
Example
SR/configure#
aaa radius primary_server auth_port 164

ipaddress
Use this command to onfigure the IP address of the specified RADIUS server. (A primary
RADIUS server must be configured to enable RADIUS.)
Syntax
[no] ipaddress <A.B.C.D>
October 2010
909
AAA commands

Variable
<A.B.C.D>
Value
The IP address of the specified RADIUS
server.
Example
SR/configure#
aaa radius primary_server ipaddress 142.134.14.100

retries
Use this command to configure the number of client attempts to communicate with the RADIUS
server.
Syntax
retries <1-5>
Variable
<1-5>
Value
The number of attempts to contact the
server.
Example
SR/configure#
aaa radius primary_server retries 5

shared_key
Use this command to onfigure a secret key used by both the RADIUS client and server
Syntax
shared_key <shared-key>
910
October 2010
configure aaa radius primary_server|secondary_server time_out

Variable
<shared-key>
Value
A string of length less than or equal to 48
characters.
Example
SR/configure#
aaa radius primary_server shared_key ax17bfe

time_out
Use this command to configure the maximum wait time for a server response.
Syntax
time_out <1-100>
Variable
1-100
Value
The timeout in seconds. The maximum value
is 100.
Example
SR/configure#
aaa radius primary_server time_out 30
configure aaa radius src_address

Use this command to configure the IP address of the RADIUS client. This address will be used
for all packets sent from the RADIUS client to the RADIUS server.
Syntax
aaa radius src_adress <A.B.C.D>
Example
SR/configure#
aaa radius src_address 134.5.6.7
October 2010
911
AAA commands
configure aaa source-address

Use this command to configure the source IP address for all AAA services.
Syntax
source-address <[ip-address]|[interface-name]>
Variable
Value
[ip-address]
[interface-name]
Example
SR/configure/aaa#source-address 1.1.1.2
configure aaa tacacs primary_server|secondary_server

Use this command to configure the IP address of the primary or secondary TACACS+ server.
Syntax
aaa tacacs [primary_server |secondary_server] <A.B.C.D>
Example
SR/configure#
aaa tacacs primary_server 234.5.6.7
configure aaa tacacs retries

Use this command to configure the number of client attempts to communicate with the TACACS
+ server.
Syntax
[no] retries <1-5>
912
October 2010
configure aaa tacacs server_port

Variable
<1-5>
Value
The number of attempts to contact the
server. The range is 1-5. The default is 2.
Example
SR/configure#
aaa tacacs retries 5
configure aaa tacacs server_port

Use this command to configure the port used by the TACACS+ server.
Syntax
server_port <1-65535>
Variable
<1-65535>
Value
The port on the TACACS+ server.
Example
SR/configure#
aaa tacacs server_port 6234
configure aaa tacacs shared_key

Use this command to configure a secret key used by both the TACACS+ client and server
Syntax
[no] shared_key <encryption-key>
Variable
<encryption-key>
Value
A string of length less than or equal to 8
characters.
Example
SR/configure#
aaa tacacs shared_key testkey
October 2010
913
AAA commands
configure aaa tacacs time_out

Use this command to configure the maximum wait time, in seconds, for a TACACS+ server
response.
Syntax
time_out <1-300>
Example
SR/configure#
aaa tacacs time_out 90
configure dot1x
Use this command to globally enable or disable 802.1x authentication. By default, 802.1x
authentication is disabled.
Syntax
dot1x {enable | disable}
Example
SR/configure# dot1x enable
configure interface ethernet dot1x dot1x-enable

Use this command to enable or disable 802.1x on the Ethernet interface.
EAP IEEE 802.1x can be applied to Ethernet interfaces only.
Syntax
[no] dot1x-enable
Example
SR/configure/interface ethernet (6/4)/dot1x#
914
dot1x-enable
October 2010
configure interface ethernet dot1x max-req
configure interface ethernet dot1x max-req

Use this command to set the maximum of failed EAP requests sent to the supplicant. The
default is 2.
Syntax
max-req <1-10>
Example
max-req 4
configure interface ethernet dot1x port-control

Use this command to configure a forced 802.1x state for a port.
Syntax
[no] port-control {auto | force-authorized | force-unauthorized}
Variable
Value
auto
Enable authentication on a port.
force-authorized
Force a port to always be in an authorized

state.
force-unauthorized
Force a port to always be in an unauthorized

state.
[no]
Removes the port from 802.1x management.
Example
authorized
port-control force-
configure interface ethernet dot1x quiet-period

Use this command to set the 802.1x quiet-period time interval. The default is 60 seconds.
October 2010
915
AAA commands
When the system cannot authenticate a client, the system remains idle for a quiet-period
interval of time, then tries again. By administratively changing the quiet-period interval, by
entering a lower number than the default, a faster response time can be provided.
Syntax
quiet-period <1-65535>
Example
quiet-period 30
configure interface ethernet dot1x reauthentication

Use this command to enable or disable reauthentication on a port.
Syntax
reauthentication {enable | disable}
Example
reauthentication enable
configure interface ethernet dot1x reauth-period

Use this command to set the interval between reauthorization attempts. The default is 3600
seconds.
Syntax
reauth-period <1-65535>
Example
reaut-period 600
configure interface ethernet dot1x server-timeout

Use this command to set the authentication sever response timeout. The default is 30 seconds.
Syntax
server-timeout <1-65535>
Example
916
server-timeout 60
October 2010
configure interface ethernet dot1x supplicant-timeout
configure interface ethernet dot1x supplicant-timeout

Use this command to set the supplicant response timeout. The default is 30 seconds.
Syntax
supplicant-timeout <1-65535>
Example
supplicant-timeout 60
configure interface aaa authentication

Use this command to apply AAA authentication to an interface. This command can be applied
to WAN bundle interfaces, Ethernet ports, or the console port.
Syntax
aaa authentication <login-list-name> <protocol-list-name>
Example
SR/configure# aaa authentication login1 proto1
configure interface aaa authorization

Use this command to apply AAA auhorization to an interface. This command can be applied
to WAN bundle interfaces, Ethernet ports, or the console port.
Syntax
aaa authorization <commands-list-name>
Example
SR/configure# commnd1
configure interface aaa accounting

Use this command to apply AAA accounting to an interface. This command can be applied to
WAN bundle interfaces, Ethernet ports, or the console port.
October 2010
917
AAA commands
Syntax
aaa accounting commands <commands-list-name> exec <exec-list-name>
network <network-list-name> system <system-list-name>
Example
SR/configure# accounting commands cmmnd1 exec exec 1 network ntwrk1
system sys1
show aaa accounting

Use this command to display AAA accounting information.
Syntax
show aaa accounting [commands | exec | network | system | update]
Example
SR# show aaa accounting commands
show aaa authentication

Syntax
show aaa authentication [login | protocols]
Example
SR# show aaa authentication login
show aaa authorization

Syntax
show aaa authorization commands
Example
SR# show aaa authorization commands
918
October 2010
show aaa interface
show aaa interface

Use this command to display AAA interface information.
Syntax
show aaa interface {bundle <bundle-name> | ethernet <slot/port> |
console}
Example
SR# show aaa interface ethernet 0/3
show aaa radius

Use this command to display RADIUS information.
Syntax
show aaa radius
Example
SR# show aaa radius
show aaa status

Use this command to display AAA status information,
Syntax
show aaa status
Example
SR# show aaa status
show aaa tacacs

Use this command to display TACACS+ information.
October 2010
919
AAA commands
Syntax
show aaa tacacs
Example
SR# show aaa tacacs
show dot1x
Use this command to display 802.1x information.
Syntax
show dot1x {detail | interface <if-name>| statistics}
Example
SR# show dot1x statistics
920
October 2010
Chapter 60: PPPoE client commands
configure interface virtual-access ip

Use this command to configure the IP address for the PPPoE interface.
Syntax
{address <ip-address/mask> | negotiated }
Variable
Value
address <ip-address/mask>
Specifies the IP address for the interface.
negotiated
Specifies that the IP address for the interface

is obtained via PPP IPCP (IP Control
Protocol) address negotiation with the
PPPoE server.
Example
SR/configure/interface/virtual-access pppoe1#
198.167.30.2 255.255.255.0
ip address
configure interface virtual-access ppp authentication

Use this command to configure the PPP authentication method and related parameters for the
PPPoE connection.
Syntax
ppp authentication {pap | chap | pap_chap | none} [sent-username
<username>] [password <password>]
Variable
[pap | chap | pap_chap | none]
Value
Specifies the authentication method: one of
PAP, CHAP, either, or none.
October 2010
921
PPPoE client commands
Variable
Value
[sent-username <username>]
Specifies the local username to be

authenticated (max is 64 characters). This
parameter is required for all authentication
types, unless none is specified.
[password <password>]
Specifies the local password to be

authenticated (max is 64 characters). This
parameter is required for all authentication
types, unless none is specified.
Example
chap
ppp authentication
configure interface virtual-access ppp keepalive

Use this command to configure the PPP keepalive interval in seconds. This value specifies
the amount of time PPP stays up when there is no traffic.
Syntax
ppp keepalive interval <0-32767>
Variable
<0-32767>
Value
Specifies the amount of time in seconds that
PPP stays up when there is no traffic. The
default value is 10 seconds. A value of 0
disables keepalives.
Example
ppp keepalive 60
configure interface virtual-access pppoe ac-name

Use this command to configure a specific PPPoE server.
Syntax
pppoe ac-name <ac-name>
922
October 2010
configure interface virtual-access pppoe ethernet

Variable
<ac-name>
Value
Specifies the PPPoE access concentrator
name (max 32 characters).
Example
pppoe ac-name router1
configure interface virtual-access pppoe ethernet

Use this command to configure the Ethernet interface on which PPPoE is enabled.
Syntax
pppoe ethernet <slot/port>
Example
pppoe ethernet 1/1
configure interface virtual-access protocol pppoe

Use this command to configure the PPPoE tunneling protocol. The only available option in this
release is client mode (the default).
Syntax
protocol pppoe pppoe-mode [client]
Example
mode client
protocol pppoe pppoe-
configure interface virtual-access shutdown

Use this command to shut down the PPPoE interface.
Syntax
shutdown
October 2010
923
PPPoE client commands
Example
shutdown
show interface virtual-access

Use this command to display the PPPoE client configuration.
Syntax
show interface virtual-access <pppoe-interface>
Example
SR#
924
show interface virtual-access pppoe1
October 2010
Chapter 61: SSH2 commands
clear ip ssh session

Use this command to clear the SSH server sessions.
Syntax
clear ip ssh {session <1-5> | all}
Example
SR#
clear ip ssh all
configure ssh_keygen change

Use this command to change the passphrase used to encrypt a key file.
Syntax
change "<old-passphrase>" "<new-passphrase>" <key-filename>
Variable
Value
"<old-passphrase>"
The current passphrase. Must be specified in

double quotes.
"<new-passphrase>"
The new passphrase. Must be specified in

double quotes.
<key-filename>
The name of the encrypted key file.
Example
SR/configure/ssh_keygen#
change oldphrase new phrase testfile
October 2010
925
SSH2 commands
configure ssh_keygen convert

Use this command to convert a public key file in OpenSSH format (the default) to a Secure
Shell Standard format, or vice versa.
Syntax
convert {secsh | openssh} <key-filename> newfile <new-key-filename>
Variable
Value
{secsh | openssh}
The type of conversion to perform: secsh: to

convert from OpenSSH public key to SECSH
public key openssh: to convert from
unencrypted private or public SECSH key to
OpenSSH.
<key-filename>
The name of the existing key file to convert.
<new-key-filename>
The name of the new key file to create. If this

parameter is omitted, the output is displayed
on the screen
Example
convert secsh original.pub newfile new.pub
configure ssh_keygen digest

Use this command to generate a key digest of a key file. This is mainly used to compare key
files.
Syntax
digest <public-key-filename> [digest {fingerprint | bubblebabble}]
Variable
926
Value
<public-key-filename>
The name of the key file.
[digest {fingerprint | bubblebabble}]
The type of digest to generate, either

fingerprint or bubblebabble. Default is
fingerprint.
October 2010
configure ssh_keygen encrypt
Example
digest sr4134.pub fingerprint
configure ssh_keygen encrypt

Use this command to encrypt a private key file. The private key used for secure shell server
should not be passphrase protected because you must be able to start the secure shell server
without manual intervention. This command can be used to encrypt the private key with keys
unique to the Router. The "no" form of the command can be used to decrypt the file.
Syntax
encrypt <private-key-filename>
Example
encrypt testfile
configure ssh_keygen generate

Use this command to generate host and user authentication keys.
Syntax
generate {rsa | dsa} [outfile <filename>] [passphrase "<passphrase>"]
[bits <512-2048>] [comment "<comment>"]
Variable
Value
{rsa | dsa}
Specifies the type of key to generate, either

RSA or DSA.
[outfile <filename>]
Specifies the name of the files to contain the

generated keys. The private key is stored in
a file with the provided file name, while the
public key is stored in a file with the same
name with the extension .pub. The default file
name is shrsakey for RSA keys, and
shdsakey for DSA keys.
[passphrase "<passphrase>"]
Specifies the passphrase to encrypt the key

file. The default is a null string. The
passphrase variable must be specified within
double quotes. This option should not be set
when generating host keys.
October 2010
927
SSH2 commands
Variable
Value
[bits <512-2048>]
Specifies the length of the key, in bits. The

default is 1024.
[comment "<comment>"]
Specifies a string to identify the key. The

comment variable must be specified within
double quotes. The default is
"user@hostname"
Example
generate dsa comment "DSA host key"
configure ssh_server authRetries

Use this command to configure the number of authentication retries.
Syntax
authRetries <1-5>
Variable
<1-5>
Value
Specifies the number of authentication
retries (default: 3).
Example
SR/configure/ssh_server#
authRetries 5
configure ssh_server authentication

Use this command to configure SSH2 user authentication.
Syntax
authentication {password | publickey}
Variable
password
928
Value
Specifies password based user
authentication.
October 2010
configure ssh_server cipher
Variable
Value
publickey
Specifies public key based user

authentication.
Example
authentication password
configure ssh_server cipher

Use this command to configure SSH encryption algorithms.
Syntax
cipher {3descbc | blowfishcbc | aes128cbc | aes192cbc | aes256cbc}
Variable
Value
3descbc
Specifies DES encryption.
blowfishcbc
Specifies blowfish encryption.
aes128cbc
Specifies AES, with 128-bit key length.
aes192cbc
aes256cbc
Example
cipher 3descbc
configure ssh_server compression

Use this command to configure SSH compression.
Syntax
compression {none | zlib}
Variable
Value
none
Specifies no compression.
zlib
Specifies zlib (LZ77) compression.
October 2010
929
SSH2 commands
Example
compression zlib
configure ssh_server enable

Use this command to enable or disable the SSH server.
Syntax
[no] enable
Example
enable
configure ssh_server hostfile

Use this command to specify the host key file for the SSH server.
Syntax
hostfile <key-filename>
Variable
<key-filename>
Value
Specifies the host key file name. Default:
shdsakey
Example
hostfile dsakey
configure ssh_server logevents

Use this command to enable or disable log events.
Syntax
[no] logevents
930
October 2010
configure ssh_server mac

Variable
[no]
Value
Disables log events.
Example
logevents
configure ssh_server mac

Use this command to configure MAC algorithms for the SSH2 server.
Syntax
mac {hmacsha1 | hmacsha196 | hmacmd5 | hmacmd596}
Variable
Value
hmacsha1
hmac-sha1
hmacsha196
hmac-sha1-96
hmaccmd5
hmac-md5
hmaccmd596
hmac-md5-96
Example
hmacsha196
configure ssh_server port

Use this command to configure the SSH2 server listen port.
Syntax
port <512-65535>
Variable
<512-65535>
Value
Specifies the port value. Default: 22.
October 2010
931
SSH2 commands
Example
port 24
configure ssh_server restore

Use this command to restore the default SSH2 server parameter values.
Syntax
restore
Example
restore
configure ssh_server sftpd

Use this command to enable or disable the SSH secure FTP (SFTP) server. By default, the
SFTP server is disabled.
Syntax
[no] sftpd
Variable
Value
no
Disables SFTP server.
Example
sftpd
configure ssh_server timeout

Use this command to configure the SSH session timeout.
Syntax
timeout <0-3600>
932
October 2010
show ip ssh config

Variable
0-3600
Value
default 900 seconds. 0 means no timeout
Example
timeout 600
show ip ssh config

Use this command to display the SSH server configuration.
Syntax
show ip ssh config
Example
SR#
show ip ssh config
show ip ssh session

Use this command to display the SSH server sessions.
Syntax
show ip ssh {session <1-5> | sessions}
Example
SR#
show ip ssh sessions
October 2010
933
SSH2 commands
934
October 2010
Chapter 62: SIP Media Gateway commands
DSP channel licensing command
configure system licenses pvim_users

Use this command to load a DSP channel license key onto the router.
Software licensing limits the number of DSP channels available on the Avaya Secure Router
2330/4134. If you boot up the SR2330/4134 with the PVM module only, the maximum number
of DSP channels available is limited to 8. To operate the SR2330/4134 with additional channels,
you must obtain a license key from Avaya support.
Before contacting Avaya for a license key, you must first obtain the SR2330/4134 chassis serial
number by using the show chassis command.
When you have recorded the chassis serial number and determined the number of DSP
channels required, contact Avaya support to obtain a valid license key. After you receive the
license key, use following command to load the key onto the router.
Syntax
system licenses pvim_users {8 | 16 | 32 | 64 | 128}
Variable
{8 | 16 | 32 | 64 | 128}
Value
Specifies the number of users the license key
supports.
Example
SR/configure/sip-ua# system licenses pvim_users 128
When prompted by the system, enter the license key. If the key is valid, the system then
prompts you to reboot. After the reboot is completed, to verify the updated number of supported
DSP channels, enter: show voice dsp status
October 2010
935
SIP Media Gateway commands
SIP UA configuration commands
clear sip-ua statistics

Use this command to reset the SIP UA statistical counters.
Syntax
clear sip-ua statistics
Example
SR# clear sip-ua statistics
configure sip-ua outbound-proxy

Use this command to configure an outbound proxy address for the Session Initiation Protocol
(SIP) server interface. By default, no outbound proxy is configured.
You must configure the outbound proxy before configuring a SIP UA sip-server and registrar.
Syntax
outbound-proxy {dns<host-name> | ipv4:<ip-addr>[:port-num]}
Variable
Value
dns<host-name>
Specifies a valid DNS host name for the SIP

proxy in the following format:
name.gateway.xyz.
ipv4:<ip-addr>
Specifies the SIP proxy interface to an IP

address. A valid IP address takes the
following format: xxx.xxx.xxx.xxx.
[:port-num]
Specifies the port number to use.
Example
SR/configure/sip-ua# outbound-proxy ipv4:10.10.10.1
936
October 2010
configure sip-ua set pstn-cause sip-status
configure sip-ua set pstn-cause sip-status

Use this command to modify the PSTN cause to SIP status code values.
To view the existing and default values, use the show sip-ua map pstn-sip command.
Syntax
[no] set pstn-cause <pstn-cause> sip-status <sip-status>
Variable
Value
<pstn-cause>
Specifies the PSTN cause value. Valid range

is 400-699.
<sip-status>
Specifies the SIP status code value. Valid

range is 1-127.
[no]
Resets the values to the defaults.
Example
SR/configure/sip-ua# set pstn-cause 17 sip-status 486
configure sip-ua set sip-status pstn-cause

Use this command to modify the SIP status code to PSTN cause values.
To view the existing and default values, use the show sip-ua map sip-pstn command.
Syntax
[no] set sip-status <sip-status> pstn-cause <pstn-cause>
Variable
Value
<sip-status>
Specifies the SIP status code value. Valid

range is 1-127.
<pstn-cause>
Specifies the PSTN cause value. Valid range

is 400-699.
[no]
Resets the values to the defaults.
October 2010
937
Example
SR/configure/sip-ua# set pstn-cause 403 sip-status 21
configure sip-ua register dynamic

Use this command to configure dynamic registration with the configured SIP server.
Syntax
register dynamic
Example
SR/configure/sip-ua# register dynamic
configure sip-ua sip-server

Use this command to configure a network address for the Session Initiation Protocol (SIP)
server interface.
Important:
In a network that combines the CS 1000 with the Microsoft OCS, you must configure the
Media Gateway to point to the CS 1000 Call Server for call routing (using the sip server
command as described in the following procedure).
In an OCS-only solution, you must configure the Media Gateway to point to the Mediation
Server that is running in the SR4134 router. In this case, use the sip server command
to point the Media Gateway to the IP address and port of the Mediation Server.
Syntax
[no] sip-server { dns:<host-name> | ipv4:<ip-addr>[:port-num]}
Variable
938
Value
dns:<host-name>
Specifies a valid DNS host name for the

global SIP server in the following format:
name.gateway.xyz.
ipv4:<ip-addr>
Sets the global SIP server interface to an IP

address. A valid IP address takes the
following format: xxx.xxx.xxx.xxx.
[:port-num]
Specifies the port number to use.
October 2010
configure sip-ua sip-server keepalive target
Variable
[no]
Value
Removes the configured network address.
Example
SR/configure/sip-ua# sip-server ipv4:10.0.2.254
configure sip-ua sip-server keepalive target

The SR2330/4134 can monitor the state of SIP servers specified under sip-ua sipserver using a keep-alive mechanism by sending SIP OPTIONS at configurable regular
intervals. The SR2330/4134 monitors both primary and, if configured, secondary SIP servers.
For call routing, the Media Gateway points to the primary server as the active server, assuming
the primary server is up and reachable. Otherwise, the Media Gateway points to the secondary
server as the active server. If both primary and secondary servers are down or otherwise
unreachable, then the active server goes into a fail-safe state and in this mode no active server
is returned to the routing logic. In this case, the routing logic can check for a matching POTS
dial peer. If no POTS dial peer matches, then calls are rejected with a "503 Service
Unavailable" equivalent response on the PSTN side.
When both the servers are down, prefix-based calls continue to function.
If the bound SIP interface (specified by voice service voip sip bind) goes down, then the
keepalive mechanism is disabled until the link comes up. As soon as the link comes up, then
the keepalive mechanism is reenabled according to the configuration.
You can turn the keepalive OPTIONS messages on or off and indicate to which SIP server
they are sent. You can also configure the transport to be used to send the OPTIONS messages
(UDP is default).
The following options are available for monitoring servers:
None of the servers is monitored (no keepalive target command is executed).
Only primary server is monitored (keepalive target command is executed only for
the primary server).
Both primary and secondary servers are monitored (keepalive target command is
executed for both primary and secondary).
Use this command to configure keepalives for the SIP server.
Syntax
keepalive [target sip-server [secondary]] [retry <1-10>] [trigger
<1-10>] [timer <40-600>]
October 2010
939
Variable
Value
[target sip-server [secondary]]
Specifies to use the configured SIP server as

the target for keepalives. If the secondary
option is included, both the primary and
secondary servers are monitored.
[retry <1-10>]
Specifies the retry count before the server

status is set to down. Values range from 1 to
10 seconds. The default is 3 seconds.
[trigger <1-10>]
Specifies a trigger count before the server

status is set to up. Values range from 1 to 10
seconds. The default is 1 second.
[timer <40-600>]
Specifies the interval at which keep-alive

OPTIONS are sent to the server. Values
range from 40 to 600 seconds.
Example
SR/configure/sip-ua# keepalive target sip-server secondary
configure sip-ua transport

Use this command to specify whether the SIP signaling messages on inbound calls are
received through the SIP TCP socket or UDP socket. By default, both TCP and UDP are
enabled.
If the transport parameter is changed, any POTS lines that are currently registered with the
SIP Server are re-registered using the new transport parameter.
Syntax
[no] transport {tcp | udp}
Variable
940
Value
tcp
Specifies that the SIP dial peer uses the TCP

transport layer protocol (on port 5060).
udp
Specifies that the SIP dial peer uses the UDP

transport layer protocol (on port 5060). This
is the default.
[no]
Resets the transport protocol to the default

value: UDP, TCP.
October 2010
show sip-ua calls
Example
SR/configure/sip-ua# transport udp
show sip-ua calls

Use this command to display active user agent client (UAC) and user agent server (UAS)
information on SIP calls.
Syntax
show sip-ua calls
Example
SR# show sip-ua calls
show sip-ua map pstn-sip

Use this command to display the SIP status code to PSTN cause mapping table.
Syntax
show sip-ua map pstn-sip
Variable
Value
pstn-sip
Displays the PSTN cause to SIP status code

mapping table.
sip-pstn
Displays the SIP status code to PSTN cause

mapping table.
Example
SR# show sip-ua map pstn-sip
show sip-ua map sip-pstn

Use this command to display the PSTN cause to SIP status code mapping table.
Syntax
show sip-ua map sip-pstn
October 2010
941
Example
SR# show sip-ua map sip-pstn
show sip-ua statistics

Use this command to display response, traffic, and retry SIP statistics.
Syntax
show sip-ua statistics
Example
SR# show sip-ua statistics
show sip-ua status

Use this command to display the SIP UA status.
Syntax
show sip-ua status
Example
SR# show sip-ua status
show sip-ua timers

Use this command to display the current settings for the SIP UA timers.
Syntax
show sip-ua timers
Example
SR# show sip-ua timers
942
October 2010
Global VoIP configuration commands
Global VoIP configuration commands
configure terminal system logging syslog module voip-cdr

Use this command to keep track of successful and failed calls using Call Detailed Record
(CDR).
The Secure Router has a syslog infrastructure for logging other call events. The Secure Router
provides CDR storage using the same mechanism. Each field of the CDR is collected during
the call and after a call is completed, the record is dispatched to the syslog server. All successful
and failed calls are captured. As expected, failed calls may not have all data available. If data for
a field is not available, the field displays n/a.
The following table describes the supported CDR fields. The following fields are expected to
be available for all successful calls: Call Id, Start Time, Direction, Disconnect Time, Disconnect
reason.
Table 1214: CDR field definitions
CDR field
Definition
Call Id
Provides a unique identifier, used internally

(0-3199).
Start Time
Specifies the time the call originates.
Orig Called Number
Specifies the original called number. The

Secure Router may translate this number
using the translation profile feature or digit
manipulation (or both) in the dial-peer before
sending it out to the other endpoint.
Orig Calling Number
Specifies the original calling number. The

Secure Router may translate this number
using the translation profile feature or digit
manipulation (or both) in the dial-peer before
sending it out to the other endpoint.
Direction
Specifies the direction of the call as either

incoming or outgoing. The direction is in
relation to the TDM endpoint; that is,
incoming corresponds to a TDM-to-SIP call
and outgoing corresponds to a SIP-to-TDM
call.
October 2010
943
Setup time
Specifies the time at which the call is setup;

that is, the call control engine is made aware
of this by the corresponding stack.
Connect time
Specifies the time at which the two parties

connect the call. Two-way voice path must be
established at this point. However, there can
be some exceptions where the media mode
is explicitly set to otherwise and two-way
media is not flowing although both parties are
connected.
Disconnect time
Specifies the time at which the call is

disconnected by either the TDM endpoint or
the SIP endpoint.
Disconnect reason
Specifies the reason for the disconnect.
Syntax
[no] system logging syslog module voip-cdr{sys9 | sys10 | sys11 |
sys12 | sys13| sys14 | local0 | local1 | local2 | local3 | local4 |
local5 | local6 | local7}{emerg | alert | crit | err | warn | notice
| info | debug | none}
Variable
Value
[no]
Disables CDR generation.

local6 | local7

local6 | local7

debug | none}

944
October 2010
configure voice call call-limit
Variable
Value
debug: all messages
none: no messages
Example
SR/configure#system logging syslog module voip-cdr sys9 warn
configure voice call call-limit

Use this command to limit the bandwidth used by limiting the number of simultaneous calls on
the SR2330/4134.
By default, no call limit is configured.
Syntax
[no] call-limit <call-limit>
Variable
Value
<call-limit>
Specifies the call-limit. Valid range: 1 - 128.
[no]
Sets the call-limit to the default value: no

limit.
Example
SR/configure/voice/call# call-limit 10
configure voice class custom-cptone

Use this command to create custom tone classes by associating a class with dualtones..
Syntax
[no] [ringback-tone <dualtone>] [busy-tone <dualtone>] [congestiontone <dualtone>]
Variable
ringback-tone <dualtone>
Value
Specifies a dualtone as the ringback tone.
October 2010
945
Variable
Value
busy-tone <dualtone>
Specifies a dualtone as the busy tone
<congestion-tone <dualtone>
Specifies a dualtone as the congestion tone.
[no]
Removes the custom cptone.
Example
SR/configure/voice/class/custom-cptone custom1#busy-tone dualtone
tone1
configure voice class dualtone

Use this command to define dualtones for your specific country.
Syntax
[no] [amplitude-pair <amplitude-pair>] [freq-pair <freq-pair>]
[cadence-list <cadence-list>] [repeat-cadence <repeat-cadence>]
Variable
Value
<dualtone>
Specifies a name for the dualtone.
<freq-pair>
Specifies the order or frequency pair to play.

Range: 1-4.
<amplitude-pair>
Specifies amplitude of the frequency pair.

Range: 1-4.
<cadence-list>
Specifies on-off times for the fequency pair.

Range: 1-4.
<repeat-cadence>
Specifies the repeat count for the cadence

block. Range: 1-256. Default is 256 (infinite).
[no]
Removes the dualtone.
Example
SR/configure/voice/class/dualtone tone1#cadence-list 1 105 105
configure voice dsp agc-enable

Use this command to configure the AGC direction for DSP.
946
October 2010
configure voice dsp dtmf-level
Syntax
[no] agc-enable <pkt_2_pcm_only> | <pcm_2_pkt_only> | <both>
Variable
Value
<both>
Specifies AGC in both directions.
[no]
Disables AGC direction.
<pcm_2_pkt_only>
Specifies AGC in PCM to packet direction

only.
<pkt_2_pcm_only>
Specifies AGC in packet to PCM direction

only.
Example
SR/configure/voice/dsp# agc-enable both
configure voice dsp dtmf-level

Use this command to configure the DTMF level.
Syntax
[no] dtmf-level <dtmf-level>
Variable
Value
<dtmf-level>
Specifies the DTMF level adjustment in

0.1dB steps (enter as step-in-dB*10). Range
is -60 - 70.
[no]
Resets the dtmf-level to 0dB.
Example
SR/configure/voice/dsp#dtmf-level -40
configure voice dsp dtmf-twist

Use this command to configure the outgoing DTMF amplitude twist.
October 2010
947
Syntax
[no] dtmf-twist <amplitude>
Variable
Value
<amplitude>
Specifies the DTMF amplitude adjustment in

0.1dB steps (enter as step-in-dB*10). Values
range from -30 to 30.
[no]
Resets the DTMF amplitude to 0dB.
Example
SR/configure/voice/dsp#dtmf-twist -20
configure voice dsp no-rtcp-timeout

Use this command to configure the time period before an active call with no received RTCP is
disconnected.
Syntax
[no] no-rtcp-timeout <12700>
Variable
Value
<12700>
Specifies the timeout duration in seconds.

Values range from 1 to 2700 seconds. The
default value is 180 seconds.
[no]
Disables the RTCP timeout.
Example
SR/configure/voice/dsp#no-rtcp-timeout 120
configure voice service voip codec

Use this command to specify a list of preferred codecs to use on a system.
If you do not specify preferred codecs to use, the SR2330/4134 uses G.711 u-law as preference
1 and G.711 a law as preference 2 by default. When you specify any preferred codecs, your
configuration overrides both of these settings.
948
October 2010
configure voice service voip codec
Syntax
codec <preference> {g711alaw | g711ulaw | g729r8 | g723r53 | g723r63|
g726r16| g726r24| g726r32} [<bytes>]
Variable
Value
<preference>
Specifies the order of preference, with 1

being the most preferred and 8 being the
least preferred.
{g711alaw | g711ulaw | g729r8 | g723r53 |

g723r63| g726r16| g726r24| g726r32}
Specifies the codec preferred. Values are as

follows:
g711alaw: G.711 a law 64,000 bps
g711ulaw: G.711 mu-law 64,000 bps
g723r63: G.723.1 6300 bps
g723r53: G.723.1 5300 bps
g726r16: G.726 16 000 bps
g726r24: G.726 24 000 bps
g726r32: G.726 32 000 bps
g729r8: G.729 ANNEX-A 8000 bps
[<bytes>]
Specifies that the size of the voice frame in

bytes, from 10 to 240.
[no]
Disables the codec preference functionality.
Table 1224: Codec properties

CLI option
CLI comment
Voice data bytes per

frame
ptime
g711alaw
G.711 A Law 64000 bps 80, 160, 240 Default 160 10, 20, 30
g711ulaw
G.711 u Law 64000 bps 80, 160, 240 Default 160 10, 20, 30
g723r53
G.723.1 5300 bps
20, 40 Default 20
30, 60
g723r63
G.723.1 6300 bps
24, 48 Default 24
30, 60
g726r16
G.726 16000 bps
20, 40, 60, 80, 100, 120 10, 20, 30, 40, 50, 60
Default 40
g726r24
G.726 24000 bps
30, 60, 90, 120, 150,

180 Default 60
10, 20, 30, 40, 50, 60
g726r32
G.726 32000 bps
40, 80, 120, 160,

200,240 Default 80
10, 20, 30, 40, 50, 60
October 2010
949
CLI option
g729r8
CLI comment
G.729 8000 bps
Voice data bytes per

frame
10, 20, 30, 40, 50, 60,
70, 80 Default 20
ptime
10, 20, 30, 40, 50, 60,
70, 80
Example
SR/configure/voice/service/voip# codec 2 g711ulaw
configure voice service voip emergency-number

Use this command to configure the VoIP emergency number.
By default, no emergency number is specified.
Syntax
[no] emergency-number <emergency-number>
Variable
Value
<emergency-number>
Specifies the emergency number. The

maximum string size is 6 characters.
[no]
Removes the configured emergency

number.
Example
SR/configure/voice/service/voip# emergency-number 911
configure voice service voip pass-through-call-prefix

Use this command to specify a pass-through prefix digit. A user can enter the configured prefix
digit to force calls to be routed locally to the PSTN through directly connected PSTN interfaces.
By default, pass-through digit functionality is disabled.
Syntax
[no] pass-through-call-prefix <prefix-digit>
950
October 2010
configure voice service voip rtp port-validation

Variable
Value
<prefix-digit>
Specifies a single prefix digit in the range 0-9.
[no]
Resets to the default value: disabled.
Example
SR/configure/voice/service/voip# pass-through-call-prefix 6
configure voice service voip rtp port-validation

Use this command to disable or enable RTP source port validation.
By default, RTP source port validation is enabled.
When negotiating a SIP session, each SIP peer generates a Session Decription Protocol (SDP)
offer/answer message that specifies the media streams and codecs it wishes to use, as well
as the desired IP addresses and ports to use to receive the media.
When the session is established and the SR2330/4134 receives the RTP stream from the peer,
by default, the SR2330/4134 always verifies that the port from which the stream is sent
matches the advertised port in the SDP offer/answer. This provides an additional layer of
protection for the VoIP calls.
However, the SDP offer/answer message specifies only the receiving port, not the sending
port. While peers typically send and receive the RTP stream on the same port, they are not
required to do so. As a result, if the peer sends the RTP stream from a port that is different
from the advertised receiving port, the SR2330/4134 interprets this as an RTP source port
mismatch and does not forward the media to the connected TDM ports. This results in no
speech path for the TDM ports.
To identify whether RTP port validation is the source of a speech path issue, you can perform a
packet capture and analyze whether the peer is sending and receiving the RTP stream from
the same port.
If the packet capture shows different sending and receiving RTP source ports, disable RTP
source validation.
Syntax
[no] rtp port-validation
Variable
no rtp port-validation
Value
Disables the RTP source port validation of
the peer.
October 2010
951
Variable
Value
Enables the RTP source port validation of the
peer.
rtp port-validation
Example
SR/configure/voice/service/voip# no rtp port-validation
configure voice service voip sip bind

Use this command to bind the source address for SIP signaling and media packets to the IP
address of a specific interface. This instructs the interface to listen for SIP signaling and media
packets.
You must configure at least one interface to listen for SIP signaling and media traffic, otherwise
the Media Gateway cannot recognize incoming SIP traffic and is isolated from the VoIP
network. You can configure either one interface to receive both signaling and media traffic, or
one interface to receive the signaling traffic and a second interface to receive the media traffic.
This allows load-sharing of the SIP traffic.
You can only bind one interface to receive a particular type of traffic. For example, you cannot
specify multiple interfaces to load-share the SIP media traffic.
By default, binding is disabled.
Syntax
[no] bind {control | media | all} <source-ip>
Variable
Value
control
Binds only SIP signaling packets.
media
Binds only media packets.
all
Binds SIP signaling and media packets. The

source address (the address that shows
where the SIP request came from) of the
signaling and media packets is set to the IP
address of the specified interface.
<source-ip>
Specifies an address as the source address

of SIP packets.
[no]
Disables the binding.
Example
SR/configure/voice/service/voip/sip# bind control 47.1.1.1
952
October 2010
configure voice service voip sip rel1xx
configure voice service voip sip rel1xx

Use this command to configure reliable provisional response options.
By default on the SR2330/4134, provisional responses are sent reliably to the remote SIP
endpoint. You can use this command to disable this functionality.
Syntax
[no] rel1xx disable
Variable
Value
disable
Disables support of reliable provisional

responses
[no]
Enables support of reliable provisional

responses.
Example
SR/configure/voice/service/voip/sip# rel1xx disable
show voice service voip

Use this command to display global VoIP properties.
Syntax
show voice service voip
Example
SR# show voice service voip
ISDN configuration commands for voice
link pri_t1 | pri_e1 | bri voice

The SR2330/4134 supports ISDN PRI (on T1 and E1 ports) and BRI signaling for data and
voice. The CLI configuration commands are identical for the data and voice configurations,
October 2010
953
except for a voice parameter available in the link command, as shown below. In addition,
when configuring ISDN voice ports, you must specify the network clock using the networkclock-select command.
For details on the other common ISDN PRI and BRI configuration commands, refer to Avaya
Secure Router 2330/4134 Configuration WAN Interfaces (NN47263-500).
Use the following command to link a bundle to an ISDN port for voice.
Syntax
link {pri_t1 <slot/port[<:timeslots>]> | pri_e1 <slot/
port[<:timeslots>]> | bri <slot/port:links>} voice <overlap-receive>
Variable
Value
pri_e1 <slot/port [<:timeslots>]>
Specifies an E1 link and timeslots for ISDN

PRI.
pri_t1 <slot/port [<:timeslots>]>
Specifies T1 link and timeslots (1-23) for

ISDN PRI.
bri <slot/port:links>
Specifies ISDN BRI link. You can specify 1

link (64Kb/s) or 2 (128 Kb/s).
<overlap-receive>
Specifies overlap receiving.
Example
The following example shows the configuration of a T1 link for ISDN PRI voice:
SR/configure# interface bundle isdn_pri SR/configure/interface/
bundle isdn_pri# link pri_t1 4/1 voice SR/configure/interface/
bundle isdn_pri# isdn SR/configure/interface/bundle isdn_pri/isdn#
switch-type primary-5ess SR/configure/interface/bundle isdn_pri/
isdn# side USR SR/configure/interface/bundle isdn_pri/isdn# activate
E1 R2 configuration commands
configure module e1 cas-custom
Use this command to configure the R2 signaling parameters on an E1 module.
954
October 2010
Syntax
[no] cas-custom [backward-digits <backward-digit-string>] [category
<category-string>] [categoryII <categoryII-string>] [country
<country-name>]
Variable
Value
<backward-digit-string>
Specifies the string that allows the compelled

signaling sequence to be modified. Digit
string range: 1 9, A F up to 40 digits.
Default is 1116. (See Group A backward
signals table.)
<category-string>
Identifies the initial category digit, which

distinguishes the type of call (for example,
normal subscriber, payphone, and so on)
Digit string range: 1 9, A F up to 2 digits.
ITU default is 1 (normal subscriber). (See
Group II forward signals table.)
<categoryII-string>
Identifies the second category digit, for those

variants that use two category digits Digit
string range: 1 9, A F up to 2 digits. ITU
default is 1 (normal subscriber). (See Group
II forward signals table.)
<country-name>
Specifies the local country, region or

corporation that is used with R2 signaling.
The name can be one of the following:
BRAZIL, CHINA, GENERIC, KOREA,
MEXICO, SINGAPORE. Default is R2_ITU
GENERIC.
Example
SR/configure/module/e1 (1/1)#cas-custom category 2
The following table describes the G.411 Group II forward signals.
Table 1232: G. 411 Group II forward signals
Combination
Signal
designation
Definition
Comments
These signals are used for
national working only.
II-1
Subscriber without priority
II-2
Subscriber with priority
II-3
Maintenance equipment
II-4
Spare
II-5
Operator
October 2010
955
Combination
Signal
designation
Definition
Comments
II-6
Data transmission
II-7
Subscriber (or operator

without forward transfer
facility)
II-8
Data transmission
II-9
Subscriber with priority
10
II-10
Operator with forward

transfer facility
11
II-11
12
II-12
These are spare signals for

national use.
13
II-13
14
II-14
15
II-15
These signals are used for

international working.
The following table describes the Q.411 Group A backward signal codes.
Table 1233: Q.411 Group A backward signals
Combination
956
Signal
designation
Definition
A-1
Send next digit (n + 1)
A-2
Send last but one digit (n 1)
A-3
Address-complete, changeover to reception of Group B

signals
A-4
Congestion in the national network
A-5
Send calling partys category
A-6
Address-complete, charge, set-up speech conditions
A-7
Send last but two digit (n 2)
A-8
Send last but three digit (n 3)
A-9
10
A-10
11
A-11
Send country code indicator
12
A-12
Send language or discrimination digit
13
A-13
Send nature of circuit
Spare for national use
October 2010
Combination
Signal
designation
Definition
14
A-14
Request for information on use of an echo suppressor (is

an incoming half-echo suppressor required ?)
15
A-15
Congestion in an international exchange or at its output
The following table describes the Q.411 Group B backward signal codes.
Table 1234: Q.441 Group B backward signals
Combination
Signal
designation
Definition
B-1
B-2
Send special information tone
B-3
Subscriber line busy
B-4
Congestion (encountered after changeover from Group A

signals to Group B signals)
B-5
Unallocated number
B-6
Subscriber's line free, charge
B-7
Subscriber's line free, no charge
B-8
Subscribers line out of order
B-9
10
B-10
11
B-11
12
B-12
13
B-13
14
B-14
15
B-15
configure module e1 cas-group timeslots

Use this command to enable R2 signaling on an E1 module.
This command does not address the configuration of E1 port properties. If you do not configure
any port properties, the port is enabled with the default properties. For information on
configuring port properties for an E1 interface, see Avaya Secure Router 4134 Configuration
WAN Interfaces (NN47263-500).
October 2010
957
Syntax
[no] cas-group timeslots <timeslot-list> r2-digital r2-compelled
Variable
<timeslot-list>
Value
Lists time slots in the DS0 group. Valid values
include a single time-slot number, a single
range of numbers, or multiple ranges of
numbers separated by commas, within the
range of 1 to 31 for E1. For example:
2
1-15,17-24
1-31
2, 4, 6-12
r2-digital
Specifies R2 ITU Q421 digital line signaling,

which is the most common signaling
configuration. The A and B bits are used for
line signaling.
r2-compelled
Specifies R2 compelled Interregister

Signaling. When a tone-pair is sent from the
Secure Router (forward signal), the tones
stay on until the remote end responds (sends
an ACK) with a pair of tones that signals the
Secure Router to turn off the tones. The
tones are compelled to stay on until they are
turned off.
[no]
Removes the group and signaling settings.

To modify an existing E1 CAS configuration,
you must first remove the existing
configuration using this option.
Example
SR/configure/module/e1 (1/1)#cas-group timeslots 2 r2-digital r2compelled
958
October 2010
T1 CAS configuration command
T1 CAS configuration command
configure module t1 cas-group

Use this command to specify the DS0 time slots that make up a logical voice port on a T1
module and to specify CAS as the signaling type by which the logical voice port communicates
with the PBX or PSTN.
This command assumes that the T1/E1 module is in T1 mode. If it is not, you can set the module
to T1 mode by entering the system carrier-type <slot> t1 command and then
rebooting the router.
Syntax
[no] cas-group timeslots <timeslot-list> {em-delay-dial | em-winkstart | em-immediate-start }
Variable
<timeslot-list>
Value
Lists time slots in the DS0 group. Valid values
are a single time-slot number, a single range
of numbers, or multiple ranges of numbers
separated by commas, within the range of 1
to 24 for T1. Examples are as follows:
2
1-15,17-24
1-23
2,4,6-12
{em-delay-dial | em-wink-start | emimmediate-start }
Specifies the type of signaling for the CAS

group. The ear and mouth (E&M) interface
allows connection for PBX trunk lines (tie
lines) and telephone equipment. Valid types
are as follows:
em-delay-dial: The originating endpoint
sends an offhook signal and then waits for
October 2010
959
Variable
Value
an off-hook signal followed by an on-hook
signal from the destination.
em-immediate-start: E&M immediate start.
em-wink-start: The originating endpoint
sends an offhook signal and waits for a
wink-start from the destination.
[no]
Removes the group and signaling settings.
Example
SR/configure/module/t1 (3/1)# cas-group timeslots 1-4 em-delay-dial
FXO port configuration commands
configure voice-port ani mapping

Use this command to preprogram the Numbering Plan Area (NPA), or area code, into a single
Multi Frequency (MF) digit.
By default, no ANI mapping is configured.
Syntax
[no] ani mapping <npd-value> <npa-number>
Variable
Value
<npd-value>
Specifies the value of the Numbering Plan

Digit (NPD). Range is 0 to 3.
<npa-number>
Specifies the number (area code) of the NPA.

Range is 100 to 999.
[no]
Disables Automatic Number Identification

(ANI) mapping.
Example
SR/configure/voice-port (7/2/1)# ani mapping 1 408
960
October 2010
configure voice-port connection plar
configure voice-port connection plar

Private line automatic ringdown (PLAR) is an autodialing mechanism that permanently
associates a local voice interface with a far-end voice interface, allowing call completion to a
specific telephone number or PBX without dialing. When the calling telephone goes offhook, a predefined network dial peer is automatically matched, which sets up a call to the
destination telephone or PBX.
By using the connection plar command you can enhance your voice network to offer a
number of useful features including the following:
Providing an off-premises extension (OPX) from a PBX, thus simulating direct
connections between FXS port users on a voice gateway router and the PBX.
Providing dial-tone from a remote PBX in order to offer toll-bypass functionality. Instead
of relying on the gateway routers in your voice network to provide dial-tone, you can
employ PLAR behavior to enable remote sites to behave as though they have a direct
connection to a PBX.
Eliminating the need for user dialing, because both of the endpoints for the VoIP call are
statically configured.
Connection PLAR behavior eliminates the need for user dialing, because both of the
endpoints for the VoIP call are statically configured.
In addition, connection PLAR behavior does not dedicate bandwidth to a call unless one or the
other of the privately associated endpoints goes off-hook.
Take the following items into consideration when planning to configure Connection PLAR
behavior on your VoIP network:
Because Connection PLAR is a switched VoIP call (similar to a switched virtual circuit),
calls are set up and torn down as neededbandwidth is taken up only when a call is
initiated.
Connection PLAR will operate between any types of signaling endpointsFXO, and FXS
and between any combination of analog and digital interfaces.
Connection PLAR does not collect digits from the connected telephony device, so you
can configure Connection PLAR without any subsequent changes to your dial plan.
Connection PLAR can be enabled on one or both of the statically configured endpoints,
thus allowing you the ability to use one-way or two-way Connection PLAR.
By default, PLAR is disabled.
Use the following command to configure a PLAR connection.
Syntax
[no] connection plar <dest-number>
October 2010
961

Variable
Value
<dest-number>
Specifies the destination telephone number.

Valid entries are any series of digits that
specify the E.164 telephone number.
[no]
Removes the specified destination number.
Example
SR/configure/voice-port (7/2/1)# connection plar 51234
configure voice-port ring-number

Use this command to specify the number of rings for a specified FXO voice port.
By default, the value is 1.
Syntax
[no] ring-number <ring-number>
Variable
Value
<ring-number>
Specifies the number of rings that must be

detected before answering the call. Valid
range is from 1 to 10.
[no]
Sets the ring number to the default value: 1.
Example
SR/configure/voice-port (7/2/1)# ring-number 3
configure voice-port signal cama

Use this command to configure an FXO port for 911 calls.
By default, there is no CAMA configuration on any ports.
No two service areas in the existing North American telephony infrastructure supporting E911
calls have identical service implementations, and many of the factors that drive the design of
emergency call handling are matters of local policy and therefore outside the scope of this
document.
Local policy determines which Automatic Number Identification (ANI) format is appropriate for
the specified Physical Service Access Point (PSAP) location. The supported four types of ANI
962
October 2010
configure voice-port signal cama
transmittal schemes are based on the actual number of digits transmitted toward the E911
tandem. In each instance, the actual calling number is proceeded with a key pulse (KP)
followed by an information (I) field or a Numbering Plan Digit (NPD), which is then followed by
the ANI calling number, and finally by a start pulse (ST), STP, ST2P, or ST3P, depending on
the trunk group type in the PSTN and the traffic mix carried. The information field is one or two
digits, depending on how the circuit was ordered originally. For one-digit information fields, a
value of 0 indicates that the calling number is available. A value of 1 indicates that the calling
number is not available. A value of 2 indicates an ANI failure.
For a complete list of values for two-digit information fields, refer to SR-2275: Telcordia Notes
on the Networks at www.telcordia.com.
Syntax
[no] signal cama {kp-0-nxx-xxxx-st | kp-0-npa-nxx-xxxx-st | kp-2-st |
kp-npd-nxx-xxxx-st}
Variable
Value
kp-0-nxx-xxxx-st
Specifies 7-digit ANI transmission. The

calling phone number is transmitted, and the
Numbering Plan Area (NPA) is implied by the
trunk group and not transmitted.
kp2st
Specifies kp2st transmission, which is

used if the PBX is unable to out-pulse the
ANI. If the ANI received by the SR2330/4134
is not as per configured values, kp2st is
transmitted. For example, if the voice port is
configured for out-pulsing a ten-digit ANI and
the 911 call it receives has a seven-digit
calling party number, the router transmits kp
2st.
kp-0-npa-nxx-xxxx-st
Specifies 10-digit transmission. The E.164

number is fully transmitted.
kp-npd-nxx-xxxx-st
Specifies 8-digit ANI transmission. The I field

consists of a single-digit NPD-to-NPA
mapping. The NPD table is preprogrammed
in the sending and receiving equipment (on
each end of the MF trunk); for example: 0=
415, 1=510, 2=650, 3=916 05551234 = (415)
555-1234, 15551234 = (510) 555-1234, and
so on. When the calling party number of
415-555-0122 places a 911 call, and the
SR2330/4134 has an NPD (0)-to-NPA (415)
mapping, the NPA signaling format is
received by the selective router at the central
office (CO). NPD range is from 0 to 3.
October 2010
963
Variable
[no]
Value
Removes the configured 911 transmission
selection.
Example
SR/configure/voice-port (7/2/1)# signal cama kp-0-npa-nxxx-xxxx-st
FXS port configuration commands
configure voice-port signal did

Use this command to enable direct inward dialing (DID) on an FXS voice port. By default, DID is
disabled and the voice port uses loop-start signaling.
Syntax
[no] signal did {immediate-start | wink-start | delay-dial}
Variable
Value
immediate-start
Enables immediate-start signaling on the

FXS/DID voice port.
wink-start
Enables wink-start signaling on the FXS/

DID voice port.
delay-dial
Enables delay-dial signaling on the FXS/

DID voice port.
[no]
Disables DID and resets the port to loopstart signaling.
Example
SR/configure/voice-port (7/2/1)# signal did immediate-start
configure voice-port timeouts initial

Use this command to configure the initial digit timeout value for an FXS DID port.
By default, initial digit timeout is set to 10 seconds.
964
October 2010
Common POTS and VoIP dial peer configuration commands
To disable the initial digit timer, set the timeout value to 0.
Syntax
[no] timeouts initial <timeout>
Variable
Value
<timeout>
Specifies the number of seconds the system

waits for the caller to input the first dialed
digit. Valid range is 0 - 120.
[no]
Resets to the default initial timeout value: 10

seconds.
Example
SR/configure/voice-port (7/2/1)# timeouts initial 5
Common POTS and VoIP dial peer configuration commands
clear statistics dial-peer voice

Use this command to reset voice call counters and recent call details stored in a dial peer.
Syntax
clear statistics dial-peer voice <tag>
Variable
<tag>
Value
Clears statistics for the specified dial peer. A
valid entry is any integer that identifies a
specific dial peer. Range is from 1 to
2147483647.
Example
SR# clear statistics dial-peer voice 1234
October 2010
965
configure dial-peer voice

Use this command to define a particular dial peer and to specify the method of voice
encapsulation.
By default, no dial peers are defined.
Syntax
[no] dial-peer voice {pots | voip} <tag>
Variable
Value
pots
Indicates that this is a POTS peer that uses

VoIP encapsulation on the IP backbone.
voip
Indicates that this is a VoIP peer that uses

voice encapsulation on the POTS network.
<tag>
Specifies a tag for the dial peer. Valid range

is : 1-2147483647.
[no]
Deletes a defined dial peer. Alternately, to

disable a dial peer, you can use the no
shutdown command from the
configure dial-peer voice

{pots | voip} subtree.
Example
SR/configure# dial-peer voice pots 10
configure dial-peer voice description

Use this command to attach a text string description to the connection for this dial-peer. This
description appears in various displays and is useful for tracking the purpose or use of the
dial-peer.
By default, no description is configured.
Syntax
[no] description "<description>"
966
October 2010
configure dial-peer voice destination-pattern

Variable
Value
"<description>"
Specifies a description for the dial peer. Valid

value is a character string from 1 to 25
characters in length, delimited by quotation
marks (" ").
[no]
Example
SR/configure/dial-peer/voice/pots 10# description To FXO Trunk
configure dial-peer voice destination-pattern

Use this command to specify a destination pattern for the E.164 or private dialing plan
telephone number to be used for a dial peer.
By default, no destination pattern is defined.
The pattern you configure is used to match dialed digits to a dial peer. The dial peer is then
used to complete the call. When a router receives voice data, it compares the called number
(the full E.164 telephone number) in the packet header with the number configured as the
destination pattern for the voice-telephony peer. The router then strips out the left-justified
numbers that correspond to the destination pattern.
If you have configured a prefix for the dial peer (using the prefix command), the prefix is
appended to the front of the remaining numbers, creating a dial string, which the router then
dials. If all numbers in the destination pattern are stripped out, the user receives a dial tone.
When you configure the destination pattern, set the string to match the local dialing
conventions. There are certain areas in the world (for example, certain European countries)
where valid telephone numbers can vary in length. Use the optional control character T to
indicate that a particular destination pattern value is a variable-length dial string. In this case,
the system does not match the dialed numbers until the interdigit timeout value has expired.
Syntax
[no] destination-pattern <destination-pattern>
Variable
<destination-pattern>
Value
Specifies a pattern for the E.164 or private
dialing plan telephone number. Valid entries
are the digits 0 through 9, and the following
characters:
October 2010
967
Variable
Value
Period (.), which matches any entered digit
(this character is used as a wildcard).
Percent sign (%), which indicates that the
preceding digit occurred zero or more
times; similar to the wildcard usage.
Plus sign (+), which indicates that the
preceding digit occurred one or more
times.
Brackets ( [ ] ), which indicate a range. A
range is a sequence of characters
enclosed in the brackets; only numeric
characters from 0 to 9 are allowed in the
range.
T: indicates that the destination pattern
value is a variable-length dial string.
[no]
Disables the configured prefix or telephone

number.
Example
The following example shows the configuration of a destination pattern in which the preceding
digit pattern is repeated multiple times:
SR/configure# dial-peer voice voip 200 SR/configure/dial-peer/voice/
voip 200# destination-pattern 555%
The following example shows the configuration of a destination pattern in which the possible
numeric values are between 5550109 and 5550199:
SR/configure# dial-peer voice voip 300 SR/configure/dial-peer/
voice/voip 300# destination-pattern 55501[0-9]9
The following example shows the configuration of a destination pattern in which the possible
numeric values are 5550439, 5553439, 5555439, 5557439, and 5559439:
SR/configure# dial-peer voice voip 400 SR/configure/dial-peer/voice/
pots 400# destination-pattern 555[03579]439
configure dial-peer voice shutdown

Use this procedure to enable and disable the selected dial peer. By default, dial peers are
disabled. To enable the dial peer, use the no form of this command.
968
October 2010
show dial-peer voice
Syntax
[no] shutdown
Example
SR/configure/dial-peer/voice/pots 10# no shutdown
SR/configure/dial-peer/voice/voip 20# shutdown
show dial-peer voice

Use this command to display information for voice dial peers.
Syntax
show dial-peer voice {<tag> | summary}
Variable
Value
<tag>
Displays detailed information about the dial

peer specified by the tag. Range is from 1 to
2147483647.
summary
Displays a short summary of each voice dial

peer.
Example
SR# show dial-peer voice 2
POTS dial peer configuration commands
configure dial-peer voice pots clid

Use this command to configure calling-line ID information for the POTS dial peer.
By default, no calling-line ID information is configured.
Syntax
[no] clid {network-number <network-number> | restrict | substitute
<name> }
October 2010
969

Variable
Value
network-number <network-number>
Specifies the calling party network number in

the CLID.
restrict
Configures caller-id restriction.
substitute <name>
Specifies the display name when the display

name is unavailable.
[no]
Removes the configured CLID information.
Example
SR/configure/dial-peer/voice/pots 10# clid network-number 5551111
configure dial-peer voice pots digit-strip

Use this command to enable digit stripping on a plain old telephone service (POTS) dialpeer call leg. To disable digit stripping on the dial-peer call leg, use the no form of this command.
By default, digit stripping is enabled.
This command is applicable on POTS dial peers only. When a called number is received and
matched to a POTS dial peer, the matched digits are stripped and the remaining digits are
forwarded to the voice interface.
Syntax
[no] digit-strip
Example
SR/configure/dial-peer/voice/pots 10# no digit-strip
configure dial-peer voice pots forward-digits

Use this command to specify which digits to forward for voice calls.
By default, the router forwards any dialed digits that do not match the destination pattern.
This command applies only to POTS dial peers. Forwarded digits are always right justified so
that extra leading digits are stripped. The destination pattern includes both explicit digits and
wildcards if present. Use the default form of this command if a nondefault digit-forwarding
scheme was entered previously and you wish to restore the default.
970
October 2010
configure dial-peer voice pots forward-digits
Syntax
[no] forward-digits {<num-digits> | all | extra | default}
Variable
Value
<num-digits>
Specifies the number of digits to be

forwarded. If the number of digits is greater
than the length of a destination phone
number, the length of the destination number
is used. Range is 0 to 32. Setting the value
to 0 is equivalent to entering the no forwarddigits command.
all
Forwards all digits. If all is entered, the full

length of the destination pattern is used.
extra
With this option, if the length of the dialed

digit string is greater than the length of the
dial-peer destination pattern, the extra rightjustified digits are forwarded. However, if the
dial-peer destination pattern is of variable
length ending with the character T (for
example: T, 123T, 123...T), extra digits are
not forwarded.
default
Restores the default setting: any dialed digits

not matching the destination pattern are
forwarded.
[no]
Specifies that any digits not matching the

destination-pattern are not to be forwarded
Example
In the following example, all digits in the destination pattern of a POTS dial peer are forwarded:
SR/configure> dial-peer voice pots 1 SR /configure/dial-peer/voice/
pots 1> destination-pattern 8... SR /configure/dial-peer/voice/pots
1> forward-digits all
In the following example, four of the digits in the destination pattern of a POTS dial peer are
forwarded:
pots 1> destination-pattern 555.... SR /configure/dial-peer/voice/
pots 1> forward-digits 4
In the following example, the extra right-justified digits that exceed the length of the destination
pattern of a POTS dial peer are forwarded:
October 2010
971

pots 1> destination-pattern 555.... SR /configure/dial-peer/voice/
pots 1> forward-digits extra
configure dial-peer voice pots port

Use this command to associate a POTS dial peer with a specific voice port.
This command is used for:
calls that come from a telephony interface to select an incoming dial peer
calls that come from the VoIP network to match a port with the selected outgoing dial peer
Syntax
[no] port <slot/[<subslot/]port[:<d-channel>]>
Variable
Value
<slot/[<subslot/]port[:<d-channel>]>
Port number of the voice card to be

configured. The <d-channel> value is only
required when ISDN PRI is configured on a
T1 port (<d-channel> = 23).
[no]
Cancels the dial-peer association with the

port.
Example
SR/configure/dial-peer/voice/pots 10# port 4/1
configure dial-peer voice pots prefix

Use this command to specify a prefix to add to the dialed digits of a dial peer.
When an outgoing call is initiated to this dial peer, the prefix string value is sent to the telephony
interface first, before the telephone number associated with the dial peer. By default, no default
string is specified.
If you want to configure different prefixes for dialed numbers on the same interface, you need to
configure different dial peers. This command is applicable only to plain old telephone service
(POTS) dial peers.
Syntax
[no] prefix <prefix>
972
October 2010
VoIP dial peer configuration commands

Variable
Value
<prefix>
Integers that represent the prefix of the

telephone number associated with the
specified dial peer. Valid values are 0 through
9.
[no]
Disables this feature.
Example
SR/configure/dial-peer/voice/pots 10# prefix 5120002
VoIP dial peer configuration commands
configure dial-peer voice voip dtmf-relay rtp-nte

Use this command to specify how the SIP gateway relays DTMF tones between telephony
interfaces and an IP network for a specific VoIP dial peer.
By default, DTMF tones are disabled and sent in-band.
Syntax
[no] dtmf-relay rtp-nte
Variable
Value
rtp-nte
Forwards DTMF tones by using Real-Time

Transport Protocol (RTP) with the Named
Telephone Event (NTE) payload type.
[no]
Removes all signaling options and sends the

DTMF tones as part of the audio stream.
Example
SR/configure/dial-peer/voice/voip 20# dtmf-relay rtp-nte
October 2010
973
configure dial-peer voice voip rtp payload-type

Use this command to identify the payload type of a Real-Time Transport Protocol (RTP) packet.
By default, no RTP payload type is configured.
Syntax
[no] rtp payload-type nte <payload-type>
Variable
Value
nte <payload-type>
A named telephone event (NTE). Range for

payload type is from 96 to 127. Default is
101.
[no]
Removes the RTP payload type.
Example
SR/configure/dial-peer/voice/voip 20# rtp payload-type nte 99
configure dial-peer voice voip session target

Use this command to designate a network-specific address to receive calls from a VoIP dial
peer. The session target is typically the SIP Call Server.
By default, no session target is configured.
Syntax
[no] session target {<ipv4-dest-address> | sip-server}
Variable
Value
<ipv4-dest-address>
Specifies the IP address of the dial peer to

receive calls.
sip-server
Specifies the global Session Initiation

Protocol (SIP) server that is the destination
for calls from this dial peer. If you first define
the SIP server IP address using the
configure sip-ua sip-server

command, you can then enter the session
974
October 2010
configure voice service voip dtmf-relay rtp-nte
Variable
Value
target sip-server option for each dial

peer rather than repeatedly entering the full
SIP server IP address for each dial peer
(using session target <ipv4dest-address>).
[no]
Resets to the default setting: no session

target defined.
Example
SR/configure/dial-peer/voice/voip 20# session target 10.10.1.1
configure voice service voip dtmf-relay rtp-nte

Use this command to specify how the SIP gateway relays dual tone multifrequency (DTMF)
tones between telephony interfaces and an IP network.
By default, DTMF tones are disabled and sent in-band.
Syntax
[no] dtmf-relay rtp-nte
Variable
Value
rtp-nte
Forwards DTMF tones by using Real-Time

Transport Protocol (RTP) with the Named
Telephone Event (NTE) payload type.
[no]
DTMF tones are disabled and sent in-band.
Example
SR/configure/voice/service/voip# dtmf-relay rtp-nte
configure voice service voip rtp payload-type

Use this command to identify the payload type of a Real-Time Transport Protocol (RTP) packet.
By default, no RTP payload type is configured.
Syntax
[no] rtp payload-type nte <payload-type>
October 2010
975

Variable
Value
<payload-type>
A named telephone event (NTE). Range is

from 96 to 127. Default is 101.
[no]
Removes the configured RTP payload type.
Example
SR/configure/voice/service/voip# rtp payload-type nte 99
FXS port registration and authentication commands
configure dial-peer voice pots authentication

If the SIP call server uses a unique authentication value for each user, use this command to
enter SIP digest authentication information.
By default, no authentication is configured.
The SIP digest authenticates the user against the public address, user ID and password. Once
registered and authenticated, the user can dial other registered users in the system.
This command is supported only when the SR2330/4134 is interoperating with Sylantro or
BroadSoft call servers.
Syntax
[no] authentication <username> <password>
Variable
Value
<username>
Specifies the username of the user

authenticating. Maximum length is 12
characters.
<password>
Specifies a password for authentication.

Maximum length is 12 characters.
[no]
Disables SIP digest authentication.
Example
SR/configure/dial-peer/voice/pots 10# authentication avayauser
avayapw
976
October 2010
configure dial-peer voice pots register e164
configure dial-peer voice pots register e164

Use this command to trigger SIP registration of the full E.164 destination-pattern number of a
POTS dial peer. This allows you to register FXS ports with the SIP registrar.
To enable registration, you must define the dial-peer destination pattern to match the number
that is configured on the SIP Call Server. If the destination pattern does not match the SIP Call
Server number, the dial peer cannot register. To disable registration, use the no form of this
command.
In addition, to enable registration, the selected dial peer must be enabled.
By default, registration is disabled.
Syntax
[no] register e164
Example
SR/configure/dial-peer/voice/pots# register e164
configure sip-ua authentication

If the SIP call server uses a global authentication value for all users, use this command to enter
SIP digest authentication information.
By default, no authentication is configured.
The SIP digest authenticates users against their public address, user ID and password. Once
registered and authenticated, the user can dial other registered users in the system. The
requirement for SIP digest authentication is service-provider (and call-server) dependent.
Syntax
[no] authentication <username> <password>
October 2010
977

Variable
Value
<username>
Specifies the username of the user

authenticating. Maximum length is 12
characters.
<password>
Specifies the password for authentication.

Maximum length is 12 characters.
[no]
Disables SIP digest authentication.
Example
SR/configure/sip-ua# authentication avayauser avayapw
configure sip-ua registrar

Use this command to enable the SR2330/4134 to register E.164 numbers on behalf of analog
telephone voice ports (Foreign Exchange Station [FXS]) with an external SIP registrar.
The requirement to enable this registration is service-provider and call-server dependent.
By default, registration is disabled.
Syntax
[no] registrar {dns:<host-name> | ipv4:<ip-addr>[:port-num]} [expires
<registration-time>]
Variable
978
Value
dns:<host-name>
Specifies the DNS host name of the SIP

registrar server.
ipv4:<ip-addr>
Specifies the IP address of the SIP registrar

server.
[:port-num]
Specifies the SIP registrar server port

number to use.
[expires <registration-time>]
Specifies the default registration time, in

seconds. Range is 60 to 65535. Default
value is 3600.
[no]
Disables registration of E.164 numbers.
October 2010
show sip-ua register status
Example
SR/configure/sip-ua# registrar ipv4:10.8.17.40 expires 3600

Use this command to display the status of E.164 numbers that the SIP Media Gateway has
registered with an external primary SIP registrar.
Syntax
Example
SR# show sip-ua register status
Caller ID configuration commands for FXS and FXO ports
configure voice-port caller-id alerting ring

Use this command to set the ring-cycle method for receiving caller ID information for onhook (Type 1) Caller ID at a receiving FXO or a sending FXS voice port.
This setting is determined by the Bellcore/Telcordia or ETSI standard that your telephone
service provider uses for caller ID. Use it on FXO loop-start and ground-start voice ports where
caller ID information arrives and on FXS voice ports from which caller ID information is sent.
This setting must match on the sending and receiving ends on both ends of the telephone line
connection.
By default, caller ID alerting displays after the first ring at the receiving station.
Syntax
[no] caller-id alerting ring {1 | 2 }
Variable
1
Value
Specifies that caller ID alerting (display) is
provided after the first ring at the receiving
station. This is the most common setting.
October 2010
979
Variable
Value
Specifies that caller ID alerting (display) is

provided after the second ring.
[no]
Sets the alerting ring to the default value: 1.
Example
SR/configure/voice-port (7/2/1)# caller-id alerting ring 2
configure voice-port caller-id block

Use this command to request the blocking of the display of caller ID information at the far end of
a call for calls originated from on FXS port. Use this command on the originating FXS voice
port. To allow the display of caller ID information, use the no form of this command.
By default, caller ID display is not blocked.
Syntax
[no] caller-id block
Example
SR/configure/voice-port (7/2/1)# caller-id block
configure voice-port caller-id enable

Use this command to allow the sending or receiving of caller-ID information. Use this command
at the sending FXS voice port or the receiving foreign exchange office FXO voice port. By
default, the sending and receiving of caller-ID information is disabled.
Syntax
[no] caller-id enable [type <1-2>]
Variable
[type <1-2>]
Value
Specifies the caller-ID type:
1: Type I transmits the signal when the
receiving phone is on hook.
2: Type II transmits the signal when the
receiving phone is off hook; for example, to
display the caller ID of an incoming call
980
October 2010
configure voice-port station name
Variable
Value
when the receiving phone is busy (callwaiting caller ID).
If neither option (1 or 2) is specified, both type
I and II caller ID are enabled.
[no]
Disables the sending and receiving of callerID information.
Example
In the following example, an FXS voice port is configured to send caller-ID information:
SR/configure# voice-port 7/2/1 SR/configure/voice-port (7/2/1)#
station number 4082164655 SR/configure/voice-port (7/2/1)# callerid enable
In the following example, an FXO voice port is configured to receive caller-ID information:
SR/configure# voice-port 7/3/1 SR/configure/voice-port (7/3/1)#
caller-id enable
configure voice-port station name

Use this procedure to specify the name that is to be sent as caller-ID information (on FXS or
FXO ports).
By default, no station name is configured.
Syntax
[no] station name <station-name>
Variable
Value
<station-name>
Specifies the station name. Must be a string

of 1 to 15 characters.
[no]
Removes the station name.
Example
SR/configure/voice-port (7/2/1)# station name SJ
October 2010
981
configure voice-port station number

Use this command to specify the telephone or extension number that is to be sent as caller ID
information. Use this command at the sending FXS voice port or at an FXO port through which
routed caller ID calls pass.
By default, no station number is configured.
This optional command is configured on FXS voice ports that are used to originate on-net calls.
The information entered is displayed by the telephone attached to the FXS port at the far end of
the on-net call.
This command can also be configured on the FXO port of a router on which caller ID information
is expected to be received from the Central Office (CO), to suit situations in which a call is
placed from the CO, then goes through the FXO interface, and continues to a far-end FXS port
through an on-net call. In this case, if no caller ID information is received from the CO telephone
line, the far-end call recipient receives the information configured on the FXO port.
This feature applies only to caller ID name display provided by an FXS port connection to a
telephone device. The station name is not passed through telephone trunk connections
supporting ANI calls. ANI supplies calling number identification only and does not support
calling number names.
Syntax
[no] station number <station-number>
Variable
Value
<station-number>
Specifies the station number. Must be a

string of 1 to 15 characters.
[no]
Removes the configured station number.
Example
SR/configure/voice-port (7/2/1)# station number 4082164655
982
October 2010
DSP configuration commands
DSP configuration commands
clear voice dsp statistics

Use this command to clear DSP statistics.
Syntax
clear voice dsp statistics
Example
SR# clear voice dsp statistics
configure voice-port comfort-noise

Use this command to generate background noise to fill silent gaps during calls if voice activity
detection (VAD) is activated. To provide silence when the remote party is not speaking and
VAD is enabled at the remote end of the connection, use the no form of this command.
By default, no background noise is generated.
Syntax
[no] comfort-noise
Example
SR/configure/voice-port (2/1)# comfort-noise
configure voice-port compand-type

Use this command to specify the companding standard used to convert between analog and
digital signals in pulse code modulation (PCM) systems.
Default value is u-law for T1 digital.
Syntax
[no] compand-type {g711ulaw | g711alaw}
October 2010
983

Variable
Value
g711ulaw
Specifies the North American u-law ITU-T

PCM encoding standard.
g711alaw
Specifies the European a-law ITU-T PCM

encoding standard.
[no]
Disables the compand type.
Example
SR/configure/voice-port (2/1)# compand-type g711ulaw
configure voice-port echo-cancel coverage

Use this command to adjust the size of the echo canceller (EC). If echo-cancel is enabled, this
information is passed as a call parameter during media setup
By default, the echo canceller is set to 64 ms.
Syntax
[no] echo-cancel coverage {8 | 16 | 24 | 32 | 48 | 64 | 128}
Variable
Value
{8 | 16 | 24 | 32 | 48 | 64 | 128}
Specifies the echo canceller size in ms.
[no]
Resets this command to the default value (64

ms).
Example
SR/configure/voice-port (2/1)# echo-cancel coverage 24
configure voice-port echo-cancel enable

Use this command to enable the cancellation of voice that is sent out an interface and returned
to the same interface. To disable echo cancellation, use the no form of this command
By default, the G.168 echo canceller (EC) is enabled with the echo suppressor turned off.
984
October 2010
configure voice-port input gain
Syntax
[no] echo-cancel enable
Example
SR/configure/voice-port (2/1)# echo-cancel enable
configure voice-port input gain

Use this command to configure a specific input gain value or enable automatic gain control.
By default, the input gain value is set to 0 decibels.
Syntax
[no] input gain <decibels>
Variable
Value
<decibels>
Specifies the gain, in decibels (dB), to be

inserted at the receiver side of the interface.
Valid values are 6, 0, or 6. The default is 0.
[no]
Disables the selected amount of inserted

gain.
Example
SR/configure/voice-port (7/2/1)# input gain 6
configure voice-port output attenuation

Use this command to configure a specific output attenuation value.
The default attenuation value is 0 decibels.
Syntax
[no] output attenuation <decibels>
Variable
<decibels>
Value
Specifies the attenuation, in decibels (dB), at
the transmit side of the interface. Valid values
are 6 or 0. The default is 0.
October 2010
985
Variable
[no]
Value
Disables the selected amount of attenuation.
Example
SR/configure/voice-port (7/2/1)# output attenuation -6
show voice dsp statistics

Use this command to display the current status or selective statistics of DSP voice channels.
Syntax
show voice dsp statistics
Example
SR# show voice dsp statistics
show voice dsp status

Use this command to display the current status or selective statistics of DSP voice channels.
Syntax
show voice dsp status
Example
SR# show voice dsp status
Number translation commands
configure dial-peer voice translation-profile

Use this command to associate a translation profile with a dial peer.
By default, the dial peer has no translation profile assigned.
986
October 2010
configure voice translation-profile
Syntax
[no] translation-profile {incoming | outgoing} <profile-tag>
Variable
Value
{incoming | outgoing}
Specifies whether the translation profile is

applied on incoming or outgoing calls.
<profile-tag>
Specifies the profile name to associate with

the dial peer.
[no]
Removes the associated translation profile

from the dial peer.
Example
SR/configure/dial-peer/voice/voip 20# translation-profile outgoing
profile1
configure voice translation-profile

Use this command to define a translation profile to assign to a dial peer.
By default, no translation profiles are configured.
Syntax
[no] voice translation-profile <profile-tag>
Variable
Value
<profile-tag>
Specifies the name of the translation profile.

Maximum length of the voice translation
profile is 31 alphanumeric characters.
[no]
Removes the translation profile.
Example
SR/configure# voice translation-profile profile1
October 2010
987
configure voice translation-profile translate

Use this command to define a translation profile to assign to a dial peer. You can associate
two translation rule groups to each translation profile: one for calling numbers and one for
called numbers.
By default, no rules are configured.
Syntax
[no] translate {calling|called} <trans-rule-number>
Variable
Value
{calling|called}
Specifies whether to associate the

translation-rule with the calling number of the
called number.
<trans-rule-number>
Specifies the number of the translation rule

to be used in the translation profile.
[no]
Removes the associated translation-rulenumber.
Example
SR/configure/voice/translation-profile profile1# translate called 10
configure voice translation-rule

Use this command to define translation rule groups. A maximum of 128 translation-rule groups
are supported
Syntax
[no] voice translation-rule <translation-rule-number>
Variable
988
Value
<trans-rule-number>
Number to identify the translation rule group.

Valid range is from 1 to 2147483647.
[no]
Deletes the specfied translation rule group.
October 2010
configure voice translation-rule rule
Example
SR/configure# voice translation-rule 10
configure voice translation-rule rule

Use this command to define translation rules for voice calls. Each translation-rule group can
contain up to 15 different rules. A maximum of 128 translation-rule groups are supported
Syntax
[no] rule <precedence> /<match-pattern>/ /<replace-pattern>/
Variable
Value
<precedence>
Priority or precedence of the translation rule.

Range is from 1-15.
/<match-pattern>/
Expression used to match incoming

information For the current release, the
match-pattern can only contain digits or +. \
+ is also allowed where \ is an ESC character.
+ or \+ are only allowed at the beginning of
the pattern.
/<replace-pattern>/
Expression used to replace the match

pattern For the current release, the replacepattern can only contain digits or +. \+ is also
allowed where \ is an ESC character. + or \
+ are only allowed at the beginning of the
pattern.
Example
SR/configure/voice/translation-rule 10# rule /613/ /\+613/
October 2010
989
Trunk group configuration commands
configure trunk group

Use this command to create a trunk group and configure it with a name.
By default, no trunk group is configured.
Syntax
[no] trunk group <trunk-group-name>
Variable
Value
<trunk-group-name>
Specifies the name of the trunk group.

Maximum length is 16 alphanumeric
characters.
[no]
Deletes the specified trunk group.
Example
SR/configure# trunk group SPTrunk
configure dial-peer voice pots trunkgroup

Use this command to assign a dial peer to a trunk group for trunk group label routing.
Syntax
[no] trunkgroup <trunk-group-name>
Variable
990
Value
<trunk-group-name>
Specifies the name of the trunk group.

Maximum length is 16 alphanumeric
characters.
[no]
Deletes the dial peer from the trunk group.
October 2010
configure voice-port trunk-group
Example
SR/configure/dial-peer/voice/pots 10# trunkgroup north5
configure voice-port trunk-group

Use this command to assign an analog voice port to a trunk group.
A voice port can belong to only one trunk group. Multiple voice ports can belong to the same
trunk group.
Syntax
[no] trunk-group <trunk-group-name>
Variable
Value
<trunk-group-name>
Specifies the name of the trunk group to

which the port is assigned. Maximum length
of the trunk group name is 16 alphanumeric
characters.
[no]
Removes the port from the specified trunk

group.
Example
SR/configure/voice-port (7/2/1)# trunk-group north5
show trunk group

Use this command to display the configured trunk groups. This command displays the various
trunk groups configured on the system and corresponding voice ports.
Syntax
show trunk group <trunk-group-name>
Variable
<trunk-group-name>
Value
Displays information about the specific trunk
group
October 2010
991
Example
SR# show trunk group
Fax/Modem configuration commands
configure dial-peer voice voip fax protocol

Use this command to specify the fax protocol to be used for a specific VoIP dial peer.
By default, the VoIP dial peer uses the global fax protocol. When you use this command to set
the fax protocol for a specific dial peer, this configuration takes precedence over the global
configuration.
Syntax
[no] fax protocol { none | system | pass-through {g711ulaw | g711alaw}
| t38 [fallback {none | pass-through-g711ulaw | pass-throughg711alaw }] }
Variable
Value
none
Specifies that no fax pass-through or T.38 fax

relay is attempted. All special fax handling is
disabled, except for modem pass-through if
configured with the modem passthrough command.
system
Uses the global configuration that was set

using the configure voice service
voip fax protocol command.
pass-through {g711ulaw | g711alaw}
The fax stream uses one of the following

high-bandwidth codecs:
g711ulaw: Uses the G.711 u-law codec.
g711alaw: Uses the G.711 a-law codec.
992
t38
Specifies ITU-T T.38 standard fax protocol to

be used for all VoIP dial peers
[fallback {none | pass-through-g711ulaw |

pass-through-g711alaw }]
With T.38, specifies a fallback mode to

transfer a fax across a VoIP network if the T.
38 fax relay cannot be successfully
negotiated at the time of the fax transfer:
October 2010
configure dial-peer voice voip fax rate
Variable
Value
none: no fax pass-through is attempted.
pass-through-g711ulaw: uses the G.711 ulaw codec.
pass-through-g711alaw: uses the G.711 alaw codec.
[no]
Resets to the globally defined default fax

protocol.
Example
SR/configure/voice/service/voip# fax protocol pass-through g711ulaw
configure dial-peer voice voip fax rate

Use this command to establish the rate at which a fax is sent to a specified dial peer.
When applying the fax rate, the SR2330/4134 first applies the rate specified for the dial peer,
and if the transmission is failing, applies the global rate.
Syntax
no fax rate {2400 | 4800 | 7200 | 9600 | 12000 | 14400| voice}
Variable
Value
{2400 | 4800 | 7200 | 9600 | 12000 | 14400|

voice}
Specifies the baud rate.
[no]
Resets the fax rate to the globally defined

value: 9600.
Example
SR/configure/dial-peer/voice/voip 20# fax rate 12000
configure dial-peer voice voip modem passthrough

Use this command to enable modem pass-through over VoIP for a specific dial peer.
By default, the dial-peer uses the globally configured codec.
October 2010
993
Syntax
[no] modem passthrough {system | codec {g711ulaw | g711alaw }}
Variable
Value
system
Uses the global configuration that was set

using the global modem passthrough
command.
codec {g711ulaw | g711alaw }
Specifies which high-bandwidth codec the

modem stream uses:
g711ulaw: uses the G.711 u-law codec.
g711alaw: uses the G.711 a-law codec.
[no]
Disables modem pass-through for a specific

dial peer.
Example
SR/configure/dial-peer/voice/voip 20# modem pass-through g711ulaw
configure voice service voip fax protocol

Use this command to specify the global default fax protocol to be used for all VoIP dial peers.
By default, no fax protocol is configured.
If this command is used to set fax relay options for all dial peers and the dial-peer voice
service voip fax protocol command is used on a specific dial peer, the dial-peer
configuration takes precedence over the global configuration.
Syntax
[no] fax protocol {none | pass-through {g711ulaw | g711alaw} | t38
[fallback {none | pass-through-g711ulaw | pass-through-g711alaw }] }
Variable
994
Value
none
Specifies that no fax pass-through is

attempted. All special fax handling is
disabled, except for modem pass-through if
configured with the modem passthrough command.
pass-through {g711ulaw | g711alaw}

fax stream uses:
October 2010
configure voice service voip fax rate
Variable
Value
g711alaw: uses the G.711 a-law codec
t38
Specifies ITU-T T.38 standard fax protocol to

be used for all VoIP dial peers
[fallback {none | pass-through-g711ulaw |

pass-through-g711alaw }]
With T.38, specifies a fallback mode to

transfer a fax across a VoIP network if the T.
38 fax relay cannot be successfully
negotiated at the time of the fax transfer
none: no fax pass-through is attempted.
pass-through-g711ulaw: uses the G.711 ulaw codec.
pass-through-g711alaw: uses the G.711 alaw codec.
[no]
Returns to the default fax protocol value:

none.
Example
SR/configure/voice/service/voip# fax protocol pass-through g711ulaw
configure voice service voip fax rate

Use this command to establish the global fax rate.
The default fax rate is 9600.
Syntax
[no] fax rate {2400 | 4800 | 7200 | 9600 | 12000 | 14400| voice}
Variable
Value
{2400 | 4800 | 7200 | 9600 | 12000 | 14400|

voice}
Specifies the baud rate.
[no]
Resets the fax rate to the default value: 9600.
Example
SR/configure/voice/service/voip# fax rate voice
October 2010
995
configure voice service voip modem passthrough

Use this command to enable modem pass-through over VoIP for all dial peers.
By default, modem pass-through is disabled.
Syntax
[no] modem passthrough {g711ulaw | g711alaw}
Variable
passthrough {g711ulaw | g711alaw}
Value
modem stream uses:
g711alaw: uses the G.711 a-law codec
[no]
Disables modem pass-through.
Example
SR/configure/voice/service/voip# modem passthrough g711ulaw
show call active t38

Use this command to display active T38 fax call information.
Syntax
show call active t38
Example
SR# show call active t38
996
October 2010
Common voice port configuration commands
Common voice port configuration commands
configure voice-port
Use this command to configure the voice port on the given card.
This command also provides access to the voice-port subtree.
Syntax
voice-port <slot/[<subslot/]port[:<d-channel>]>
Variable
Value
slot/[subslot/]port
Specifies the port number of the voice card

to be configured.
[:<d-channel>]
This option is valid only when a T1 port is

configured for ISDN PRI. To configure ISDN
PRI port properties, you must specify the Dchannel timeslot. On a T1 port, <dchannel> = 23.
Example
SR/configure# voice-port 2/1
configure voice-port description

Use this command to attach a text string description to the voice port. This description appears
in various displays and is useful for tracking the purpose or use of the voice port.
By default, no description is configured.
Syntax
October 2010
997

Variable
Value
"<description>"
Specifies a description for the voice port.

Valid value is a character string from 1 to 25
characters enclosed in quotation marks (" ").
[no]
Removes the voice-port description.
Example
SR/configure/voice-port (2/1)# description "front desk"
configure voice-port shutdown

Use this command to enable and disable specific voice ports. To put the ports in service, use the
no form of this command. To put the ports offline, enter shutdown only.
By default, voice ports are disabled.
Syntax
[no] shutdown
Example
SR/configure/voice-port (2/1)# shutdown
show call active voice

Use this command to display call information for voice calls in progress.
Syntax
show call active voice [called-number <called-number> | callingnumber <calling-number>]
Variable
998
Value
called-number <called-number>
Displays specific called number pattern

related information.
calling-number <calling-number>
Displays specific calling number pattern

related information.
October 2010
show voice port
Example
SR# show call active voice
show voice port

Use this command to display configuration information about a specific voice port. There are
many CLI commands under the voice port tree. This command displays information about all
of these configured parameters.
Syntax
show voice port {<slot/[<subslot/]port[:<d-channel>]> | [summary]}
Variable
Value
<slot/[<subslot/]port[:<d-channel>]>
Port number of the voice card to be

displayed. The <d-channel> value is only
valid when ISDN PRI is configured on a T1
port (<d-channel> = 23).
summary
Displays a summary of all ports.
Example
SR# show voice port summary
Common FXS/FXO port configuration commands
configure voice-port battery-reversal

Use this command to configure battery polarity reversal on an FXS or FXO port.
By default, battery reversal is enabled
FXS ports normally reverse battery upon call connection. If an FXS port is connected to an
FXO port that does not support battery reversal detection, you can disable battery reversal
(using the no battery-reversal command) on the FXS port to prevent unexpected
behavior.
October 2010
999
FXO ports in loop-start mode normally disconnect calls when they detect a second battery
reversal (back to normal). You can use the no battery-reversal command on FXO ports
to disable this action.
If an FXO voice port in loop-start mode is connected to the PSTN and supports battery reversal,
you can configure answer supervision using the battery-reversal answer command.
This configures the FXO voice port to detect when a call is answered in order to provide correct
billing information.
The answer option is supported on FXS DID ports as well.
Syntax
[no] battery-reversal [answer]
Variable
Value
[answer]
Configures an FXO port to support answer

supervision by detection of battery reversal.
[no]
Disables battery reversal.
Example
SR/configure/voice-port (7/2/1)# no battery-reversal
configure voice-port cptone

Use this command to specify a regional analog voice-interface-related tone, ring, and cadence
setting for an FXS or FXO voice port.
By default, regional tone is set to USA.
Syntax
[no] cptone {us | ca}
Variable
Value
us
Sets the region tone to USA.
ca
Sets the region tone to Canada.
[no]
Sets the region tone value to the default: us.
Example
SR/configure/voice-port (7/2/1)# cptone us
1000
October 2010
configure voice-port signal
configure voice-port signal

Use this command to specify loop-start or ground-start signaling for an FXS or FXO voice port.
By default, the FXS and FXO ports are configured for loop-start signaling.
Syntax
[no] signal {loop-start | ground-start }
Variable
Value
loop-start
Specifies the use of loop start signaling.
ground-start
Specifies the use of ground start signaling.
[no]
Sets signaling to the default value: loop-start.
Example
SR/configure/voice-port (7/2/1)# signal ground-start
configure voice-port supervisory-disconnect

Use this command to enable a supervisory disconnect signal on an FXO port in loop-start mode
or an FXS DID port.
Supervisory disconnect signaling is a power denial from the switch lasting at least 350 ms.
When this condition is detected, the system interprets this as a disconnect indication from the
switch and clears the call.
When disconnect supervision is enabled in conjunction with answer supervision, disconnect
supervision is detected by battery reversal.
Supervisory disconnect signaling is enabled by default.
Syntax
[no] supervisory-disconnect
Variable
[no]
Value
Disables the supervisory disconnect
signaling.
October 2010
1001
Example
SR/configure/voice-port (7/2/1)# no supervisory-disconnect
Common FXS and T1 CAS command
configure voice-port timeouts interdigit

Use this command to configure the interdigit timeout value for a specified FXS or T1 CAS voice
port.
By default, the interdigit timeout value is 10 seconds.
The interdigit timeout specifies the number of seconds (after the caller inputs a digit) that the
system waits for the caller to input a subsequent digit. The timeouts interdigit timer is activated
when the caller inputs the initial digit and is restarted each time the caller inputs another digit
until the destination address is identified. If the configured timeout value is exceeded before
the destination address is identified, the caller is notified through the appropriate tone and the
call is terminated.
To disable the interdigit timer, set the timeout value to 0.
Syntax
[no] timeouts interdigit <timeout>
Variable
Value
<timeout>
Specifies the interdigit timeout value in

seconds between 0 and 120.
[no]
Resets to the default interdigit timeout value:

10 seconds.
Example
SR/configure/voice-port (2/1)# timeouts interdigit 20
1002
October 2010
Common T1 CAS and ISDN commands
Common T1 CAS and ISDN commands
configure network-clock-select
Use this command to specify the selection priority for ports that provide timing for the network
clock. The port used for the clock source must be a BRI or T1 (ISDN PRI or T1 CAS) module
configured for voice in a small slot.
Syntax
network-clock-select {1|2} <slot/port>
Variable
Value
{1 | 2}
Specifies the priority of the clock source.
<slot/port>
Specifies the slot/port for the clock source

(only T1/BRI cards in small slots).
Example
SR/configure# network-clock-select 1 3/1
show network-clock
Use this command to display the network clock configuration.
Syntax
show network-clocks
Example
SR# show network-clocks
October 2010
1003
Mediation Server module configuration commands
configure interface servmod description

Use the following command to configure a description for the midplane Ethernet interface.
Syntax
Variable
Value
"<description>"
Specifies a description for the dial . Valid

value is a character string from 1 to 15
characters in length, delimited by quotation
marks (" ").
[no]
Example
SR/configure/interface/servmod (6/1)# description "MSM-if"
configure interface servmod ip address

Use the following command to specify an IP address for one of the midplane Ethernet
interfaces that is connected to the Mediation Server module.
Syntax
ip address <ip-address> <subnet-mask>
Variable
Value
<ip-address>
IP address for the midplane Ethernet

interface.
<subnet-mask>
Subnet mask.
Example
SR/configure/interface/servmod (6/1)# ip address 10.1.2.3
255.255.255.0
1004
October 2010
configure interface servmod no shutdown
configure interface servmod no shutdown

Use the following command to enable the midplane Ethernet interface that is connected to the
Mediation Server module
Syntax
no shutdown
Example
SR/configure/interface/servmod (6/1)# no shutdown
show interface servmod

Use the following command to display the configuration of the midplane Ethernet interface.
Syntax
show interface servmod <slot/port>
Example
SR# show interface servmod 6/1
Debugging commands
debug voip dial-peer

Use this command to debug VoIP dial peers. Use the no form of this command to disable the
debug messages.
Syntax
[no] debug voip dial-peer
Example
SR# debug voip dial-peer
October 2010
1005
debug voice cc
Use this command to debug the VoIP call control engine. Use the no form of this command to
disable the debug messages. If no parameters are specified, the router outputs all message
types.
The most common option to use is debug voice cc routing, which acts as a type of trace
command, displaying the dial-peer matching. Verify the status of the dial peer first using the
show dial-peer voice.
If debugging the routing does not identify the problem, then enable specific debugs. Enabling all
debugs at once provides too much output to provide meaningful information.
Syntax
[no] debug voice cc [sip | isdn | cas | pots | fsm | media | routing
| msm | all]
Variable
Value
sip
Enables SIP adaptor specific debugs.
isdn
Enables ISDN adaptor specific debugs.
cas
Enables CAS adaptor specific debugs.
pots
Enables POTS adaptor specific debugs.
fsm
Enables state machine specific debugs.
media
Enables media specific debugs.
routing
Enables call routing specific debugs

including dial peer matching.
msm
Enables call control and media manager

specific debugs.
all
Enables all the above debugs.
Example
SR# debug voice cc
debug voice dspapi

Use this command to enable debugging for DSP APIs. Use the no form of this command to
disable the debug messages. If no timeslot is specified, then all timeslots are output.
1006
October 2010
debug ccsip all
Syntax
[no] debug voice dspapi timeslot <num>
Variable
timeslot <num>
Value
Filters the debugs based on timeslots.
Example
SR# debug voice dspapi timeslot 22
debug ccsip all

Use this command to enable SIP related call control debugging. Use the no form of this
command to disable the debug messages.
Syntax
[no] debug ccsip all
Example
SR# debug ccsip all
debug ccsip messages

Use this command to enable SIP message debugging. If no parameters are specified, all SIP
messages are output. Use the no form of this command to disable the debug messages.
Syntax
[no] debug ccsip messages [calling-num <calling-number>] [called-num
<called-number> ]
Variable
Value
calling-num <calling-number>
Filters debugging information based on

calling-number.
called-num <called-number>

called-number.
Example
SR# debug ccsip messages
October 2010
1007
debug ccsip media

Use this command to enable SIP media interface debugging. If no parameters are specified,
all SIP media related debug messages are output. Use the no form of this command to disable
the debug messages.
Syntax
no debug ccsip media [calling-num <calling-number> ] [called-num
<called-number>]
Variable
Value

calling-number.

called-number.
Example
SR# debug ccsip media
debug ccsip api

Use this command to enable SIP application interface debugging. If no parameters are
specified, all SIP application related debugs are output. Use the no form of this command to
disable the debug messages.
Syntax
[no] debug ccsip api [ calling-num <calling-number> ] [called-num
<called-number> ]
Variable
1008
Value

calling-number.

called-number.
October 2010
debug ccsip errors
Example
SR# debug ccsip api
debug ccsip errors

Use this command to enable output of SIP error messages. Use the no form of this command to
Syntax
[no] debug ccsip errors
Example
SR# debug ccsip errors
debug cas
Use this command to enable CAS related debugging. Use the no form of this command to
Syntax
[no] debug cas [slot <slot[/subslot/]port>] debug_identifier <debuglevel>
Variable
Value
<slot/[<subslot/]port>
Specifies the port number of the voice card.
<debug-level>
Specifies the debug level: all, signal, or

callcontrol.
Example
SR# debug cas slot 1/1
debug isdn q921

Use this command to enable Q921 related ISDN debugging. Use the no form of this command
to disable the debug messages.
October 2010
1009
Syntax
[no] debug isdn q921 <bundle-name>
Variable
<bundle-name>
Value
Specifies the ISDN bundle name.
Example
SR# debug isdn q921 pri1
debug isdn q931

Use this command to enable Q931 related ISDN debugging. Use the no form of this command
to disable the debug messages.
Syntax
[no] debug isdn q931 <bundle-name> [mon <1-3>]
Variable
Value
<bundle-name>
Specifies the ISDN bundle name.
[mon <1-3>]
Specifies the monitor level.
Example
SR# debug isdn q931 pri1
debug fax
Use this command to enable fax related debugging. Use the no form of this command to disable
the debug messages.
Syntax
[no] debug fax [{passthrough | t38 }]
Variable
passthrough
1010
Value
Specifies passthrough related debugs.
October 2010
debug pots
Variable
t38
Value
Specifies T.38 related debugs.
Example
SR# debug fax
debug pots
Use this command to enable FXS /FXO (POTS) related debugging. Use the no form of this
command to disable the debug messages.
Syntax
[no] debug pots slot <slot/subslot/port>
Variable
<slot/[<subslot/]port>
Value
Specifies the port number of the voice card.
Example
SR# debug pots slot 1/1
October 2010
1011
1012
October 2010
Chapter 63: SSM commands
clear ssm database

Use this command to reset the SSM database to factory default (flush empty).
Syntax
clear ssm database
Example
SR#clear ssm database
clear ssm sip-server statistics

Use this procedure to clear SIP survivability statistics.
Syntax
clear ssm sip-server statistics
Example
SR#clear ssm sip-server statistics
configure terminal system license ssm_users

Use this command to load an SSM license key onto the router to support additional SSM users.
Syntax
system license ssm_users <25-300>
The system then prompts you for the license key.
October 2010
1013
SSM commands

Variable
<25-300>
Value
Specifies the maximum number of registered
users..
Example
SR/configure#system license ssm_users 25
Enter License key:
configure terminal system logging syslog module voipssm-cdr

Use this command to configure the CDR feature for SIP survivability. By default, CDR is
disabled.
In order to enable SSM CDR, you must set the message level to notice.
Syntax
[no] system logging syslog module voip-ssm-cdr{sys9 | sys10 | sys11 |
sys12 | sys13| sys14 | local0 | local1 | local2 | local3 | local4 |
local5 | local6 | local7}{emerg | alert | crit | err | warn | notice
| info | debug | none}
Variable
Value
[no]
Disables CDR generation.
{sys9 | sys10 | sys11 |

local6 | local7}
Specifies system or locally defined messages.

debug | none}

1014
October 2010
configure terminal voice service voip ssm bind ip
Variable
Value
debug: all messages
none: no messages
Example
SR/configure#system logging syslog module voip-ssm-cdr sys9 warn
configure terminal voice service voip ssm bind ip

Use this command to bind the IP address for SSM. This IP address needs to be validated
against an existing IP interface address. Signaling and media uses this address as a source
address. The application listens to this address for SIP signaling.
The configuration does not take effect until enable is executed. Before changing or removing
an IP address or shutting down or deleting the interface, you must first disable SSM (ssm
no enable) .
By default, no IP address is configured.
Syntax
[no] bind ip ipv4:<A.B.C.D>
Variable
Value
[no]
Removes the specified IP address

binding.
<A.B.C.D>
Specifies the IP address to bind for SSM.
Example
SR/configure/voice/service/voip/ssm# bind ip ipv4:10.10.0.1
configure terminal voice service voip ssm bind transport

Use this command to configure the transport protocol and port on which the SSM accepts SIP
requests. By default, SSM listens on both the transport protocols: UDP and TCP. Use the bind
transport command to limit it to either UDP or TCP. Each port is validated against an existing
port used in the local SIP IP port. If the two ports are the same and have the same IP, a warning
message is displayed requesting you to reconfigure the SIP IP port.
October 2010
1015
SSM commands
The configuration does not take effect until ssm enable is executed. Once SSM is enabled, to
modify the transport configuration, you must first enter the no enable command under the
ssm tree.
The default port value for TCP and UDP is 5060.
Syntax
[no] bind transport <transport> <port>
Variable
Value
[no]
Restores binding parameters to the default values.
<transport>
Specifies the transport protocol: udp, or tcp.
<port>
Specifies the port to bind. Range is 1024-65535.
Example
SR/configure/voice/service/voip/ssm#bind transport tcp 1030
configure terminal voice service voip ssm cac exclude-pool

Use this command to configure an exclusion pool that identifies the IP address range of the
SIP endpoints that use SSM. This configuration is required only in cases where the Secure
Router is connected to the branch LAN by a single interface. CAC excludes the incoming
streams from these endpoints from the max-call limit count. The CLI allows a maximum of 8
exclude pool configurations.
Syntax
[no] cac exclude-pool <network-address> <mask>
Variable
Value
[no]
Deletes the specified value.
<network-address>
Specifies the network assigned to the SIP

Phones.
<mask>
Specifies the network mask.
Example
SR/configure/voice/service/voip/ssm#cac exclude-pool 20.20.20.1
255.255.255.0
1016
October 2010
configure terminal voice service voip ssm cac max-calls
configure terminal voice service voip ssm cac max-calls

Use this command to limit the number of calls that can exist simultaneously on an interface.
There are a maximum of five interfaces that can be configured. By default, CAC is disabled.
Syntax
[no] cac max-calls <interface-name> <1-500>
Variable
Value
[no]
Deletes the specified value.
<interface-name>
Specifies the interface to configure.
<1-500>
Specifies the maximum number of calls allowed

on the specified interface.
Example
SR/configure/voice/service/voip/ssm#cac max-calls ethernet0/1 25
configure terminal voice service voip ssm congestionthresholds memory

SSM implements a mechanism to perform SIP message load control and throttling based on
its memory consumption. SSM monitors the memory it utilizes and takes appropriate actions
based on the percentage of memory consumption. There are three threshold levels defined.
Associated with each level are two trigger values: up and down.
Threshold 1: The percentage of memory consumption after which SSM starts rejecting
all new requests which are not part of an existing dialogue with "503 Service Unavailable"
responses. However, all requests within the dialogue are processed normally.
Threshold 2: The percentage of memory consumption after which SSM starts dropping
all new requests which are not part of an existing dialogue. While in this state, SSM does
not send any response to these requests. However, all requests within the dialogue are
processed normally.
Threshold 3: Defines the percentage of memory consumption after which SSM stops
receiving SIP messages from all network interfaces. In this state, SSM only sends
messages out to the network and does not accept any messages from the network.
Use this command to configure SSM congestion control.
October 2010
1017
SSM commands
Syntax
[no] congestion-thresholds memory <up-threshold1> <up-threshold2>
<up-threshold3> <down-threshold1> <down-threshold2> <downthreshold3>
Variable
[no]
Value
Resets the threshold levels to the default values:
up-threshold1: 75
up-threshold2: 85
up-threshold3: 95
down-threshold1 : 70
1018
<up-threshold1>
Specifies a value between 25-95. It must be

greater than <down-threshold1> and less
than <down-threshold2>. Default value is
75.
<up-threshold2>

than <down-threshold3>. Default value is
85.
<up-threshold3>

than or equal to 95. Default value is 95.
<down-threshold1>

greater than or equal to 25 and less than <upthreshold1>. Once SSM crosses <upthreshold1>, it is considered to be back to
normal only after the current memory usage
decreases to this value. Default value is 70.
<down-threshold2>
Specifies a value between 25-95. It should be

greater than <up-threshold1> and less
than <up-threshold2>. Once SSM crosses
<up-threshold2>, it is considered to be
back in threshold level 1 only after the current
memory usage decreases to this value. Default
value is 80.
<down-threshold3>

greater than <up-threshold2> and less
than <up-threshold3>. Once SSM crosses
October 2010
configure terminal voice service voip ssm default-gateway
Variable
Value
<up-threshold3>, it is considered to be
back in threshold level 2 only after the current
memory usage decreases to this value. Default
value is 90.
Example
SR/configure/voice/service/voip/ssm#congestion-thresholds memory 30
45 95 25 40 65
configure terminal voice service voip ssm default-gateway

Use this command to configure the default gateway to be used by SIP survivability. By default,
there is no gateway configured; however the default transport is UDP, and the default port is
5060.
The default gateway IP address must be the same as the bind IP address used by the SIP
Media Gateway.
Syntax
[no] default-gateway { ipv4:<ipaddr>[:port-num] } [transport {tcp |
udp }]
Variable
Value
[no]
Removes the specified default gateway.
ipv4:<ip addr>[:port-num]
Specifies the IP address and optional port

number for the default gateway.
[transport {tcp | udp} ]
Specifies the transport used for the default

gateway. Default value is udp.
Example
SR/configure/voice/service/voip/ssm#default-gateway 10.10.0.1
transport udp
configure terminal voice service voip ssm dialplan load

Use this command to load the preconfigured dial plan. By default, no dial plan is loaded.
October 2010
1019
SSM commands
Syntax
[no] dialplan load {normal | survivable} <path-and-filename>
Variable
load {normal |
survivable} <path-andfilename>
Value
Loads either the normal or survivable mode dial plan
from the specified path. If the full path is not
specified, then the system searches for the specified
filename in cf0 (internal flash memory). The no form
of the command deletes the stored dial plan.
Example
SR/configure/voice/service/voip/ssm#dialplan load survivable
backup.ntm
configure terminal voice service voip ssm dialplan store

Use this command to store the preconfigured dial plan. By default, no dial plan is stored.
Syntax
dialplan store {normal | survivable} <path-and-filename>
You must load a dial plan before you can perform a store operation.
Variable
store {normal |
survivable} <path-andfilename>
Value
Stores either the normal or the survivable mode dial
plan to the specified path. The no form of the
command is not supported.
Example
SR/configure/voice/service/voip/ssm#dialplan store survivable
backup.ntm
configure terminal voice service voip ssm domain

Use this command to configure the managed domain under which the Secure Router is
operational. By default, no domain is configured.
1020
October 2010
configure terminal voice service voip ssm enable
Syntax
[no] domain <domain-name>
Variable
Value
[no]
Removes the specified domain.
<domain-name>
Specifies the domain name as either ipv4:<ipaddr>

or dns:<host-name>.
Example
SR/configure/voice/service/voip/ssm/sip-server# domain 10.10.0.1
configure terminal voice service voip ssm enable

Use this command to enable or disable the SIP survivability functionality. By default,
survivability is disabled.
Prerequisites
You cannot enable SIP survivability until you bind an IP address for SSM using the bind ip
command.
Syntax
[no] enable
Variable
[no]
Value
Disables the SIP survivability server.
Example
SR/configure/voice/service/voip/ssm#enable
configure terminal voice service voip ssm keepalive-server

Use this command to configure the address of the central SIP server to which keepalive
messages are sent. It also specifies the interval at which OPTIONS messages are sent to the
central server along with the number of retries before taking a decision on the change from
normal mode to survivable mode. By default, keepalives are disabled.
October 2010
1021
SSM commands
Syntax
[no] keepalive-server {dns:<server-name>[:port-num] |
ipv4:<ipaddr>[:port-num]}
[interval <10-600>] [retries <1-10>]
[transport {tcp | udp }]
Variable
Value
[no]
dns:<server-name>[:portnum]
Specifies the DNS host name of the central SIP

server.
ipv4:<ip-addr>[:port-num]
Specifies the IP address of the central SIP

server.
interval <10-600>
Specifies the interval in seconds at which to

send OPTIONS messages to the keepalive
server. Default value is 60.
retries <1-10>
Specifies the number of retries before changing

from normal to survivable mode, and vice versa.
Default value is 1.
transport {tcp | udp }
Specifies the transport protocol. Default value

is udp.
Example
SR/configure/voice/service/voip/ssm/sip-server#keepalive-server
10.10.0.1
configure terminal voice service voip ssm protocol-header

Use this command to configure the SIP header values.
Syntax
protocol-header [no] [retry-after-interval <0-4294967295>]
[organization-header <string>] [server-header <string>]
Variable
[no]
1022
Value
October 2010
configure terminal voice service voip ssm provisioning
Variable
Value
retry-after-interval
<0-4294967295>
Specifies the retryafterinterval value (in seconds)

to be inserted into the retry after SIP header. The
no form of this command sets the interval to the
default value (300 seconds).
organization-header
<string>
Specifies the organization name to be inserted as

organization header into the messages
generated by the SIP server. The no form of the
command removes the organization header.
There is no default value.
server-header <string>
Specifies the string to be used in the server

header in responses generated by the SIP server.
The no form of this command removes the server
header. There is no default value.
Example
SR/configure/voice/service/voip/ssm/protocol-header#retry-afterinterval 1200
configure terminal voice service voip ssm provisioning

By default SSM learns the subscriber details from SIP REGISTRATIONS. It also provides a
static method to provision subscriber information. The subscriber information used by SSM
includes user name, domain, alias and identity.
Use this command to configure subscriber details. It is mainly used to configure alias
information.
Syntax
[no] provisioning subscriber <subscriber> <domain> alias <aliasname> calling-line-id <calling-line-id>
Variable
Value
[no]
<subscriber>
Specifies the user name of the subscriber.
<domain>
Specifies the domain name of the subscriber in

format of ipv4:<ip-addrr> or dns:<host-name>
<alias-name>
Specifies the alias name.
<calling-line-id>
Specifies the calling line ID.
October 2010
1023
SSM commands
Example
SR/configure/voice/service/voip/ssm#provisioning subscriber
<subscriber> <domain> alias <alias-name> calling-line-id <callingline-id>
configure terminal voice service voip ssm registrar

Use this command to configure the SIP registrar for SIP survivability.
Syntax
[no] registrar [expires {max|min|default} <sec>] [max-contacts
<1-10>] [allow-backup-reg {all | refresh | provisioned-users}]
Variable
Value
[no]
Removes the specified registrar configuration.
expires {max|min|
default} <sec>
Specifies the range within which the expires header

value is accepted by the survivable SIP registrar. The
no form of the command sets the values for
maximum, minimum and default to their default
values (180, 180, and 180, respectively).
max-contacts <1-10>
Specifies the maximum contacts that can be

registered for a single AOR. The no form of the
command sets the value to the default: 5.
allow-backup-reg {all |
refresh | provisionedusers}
Configures options to allow new registrations in

backup mode. Values include :
all allow all registrations refresh
refresh allow only registration refresh.
provisioned-usersallow only registration from
provisioned users
The default value is all.
Example
SR/configure/voice/service/voip/ssm#registrar expires max 120
configure terminal voice service voip ssm sessiontimer

Use this command to configure session timer values in seconds. By default, session timer
values are max: 3600, min: 90, and default: 1800. Be sure to configure the min value to be
1024
October 2010
configure terminal voice service voip ssm sip-server dns-timeout
less than the default value, and the default value to be less than the max value, otherwise the
configuration is rejected.
Syntax
[no] sessiontimer [session-timer {max|min|default} <sec>] [rangevalidation]
Variable
Value
[no]
Sets the specified parameter to the default value.
range-validation
Turns on the session timer period validation

requested by endpoints. The no form of the
command resets the parameter to the default
value, that is, to not validate the session timer
range.
session-timer {max|min|
default}
Specifies the session timer to configure.
<sec>
Specifies a value in seconds for the session

timer. Range is 904294967295.
Example
SR/configure/voice/service/voip/ssm#sessiontimer session-timer max
1200
configure terminal voice service voip ssm sip-server dnstimeout

Use this command to configure the DNS lookup timeout in milliseconds after which DNS
lookups attempted by the proxy must timeout. By default, the DNS timeout is 86400
milliseconds.
Syntax
[no] dns-timeout <1-4294967295>
Variable
[no]
Value
Restores the DNS timeout to the default value:
86400 milliseconds.
October 2010
1025
SSM commands
Example
SR/configure/voice/service/voip/ssm/sip-server#dns-timeout 1500
configure terminal voice service voip ssm sip-server rejectservices-in-survivable-mode

Use this command to configure the SIP server to reject SIP service messages in the survivable
mode. By default, the SIP server rejects SIP service messages in survivable mode.
Syntax
[no] reject-services-in-survivable-mode
Variable
[no]
Value
Activates the forwarding of service related to
SIP messages.
Example
SR/configure/voice/service/voip/ssm/sip-server#reject-services-insurvivable-mode
configure terminal voice service voip ssm sip-server timer

Use this command to configure the SIP timer values within the SIP server.
Syntax
[no] timer {T1|T2|B|C|D|F|H|I|J|K} <1-2147483647>
Variable
[no]
Value
Resets the specified timer to the default values:
T1: 500 ms
T2: 4000 ms
B: 32000 ms
C: 180000 ms
D: 32000 ms
1026
October 2010
show ssm cac status
Variable
Value
F: 32000 ms
H: 32000 ms
I: 5000 ms
J: 32000 ms
K: 5000 ms
T1, T2, B, C, F, H, I, J, K Specifies values between 1-2147483647.

C
Specifies a value between 180000-2147483647.
Specifies a value between 32000-2147483647.
Example
SR/configure/voice/service/voip/ssm/sip-server#timer T1 1500
show ssm cac status

Use this command to display the total number of active calls on different links and the maximum
number of calls that are configured for each link.
Syntax
show ssm cac status
Example
SR#show ssm cac status
show ssm configuration

Use this command to display SIP survivability feature configuration.
Syntax
show ssm configuration
Example
SR#show ssm configuration
October 2010
1027
SSM commands
show ssm congestion-thresholds

Use this command to verify the configured congestion threshold level values.
Syntax
show ssm congestion-thresholds
Example
SR#show ssm congestion-thresholds
show ssm dial-plan

Use this command to display the values of the normal mode dial plan filename and survivable
mode dial plan filename that are configured within the SIP survivability subsystem.
Syntax
show ssm dial-plan
Example
SR#show ssm dial-plan
show ssm licensed-users

Use this command to display the licensed user capacity in the survivability subsystem.
Syntax
show ssm licensed-users
Example
SR#show ssm licensed-users
show ssm protocol-header

Use this command to display values of the retry after interval, organization header, and server
header that are configured within the survivability subsystem.
1028
October 2010
show ssm registered-users
Syntax
show ssm protocol-header
Example
SR#show ssm protocol-header
show ssm registered-users

Use this command to display the registered users in the survivability subsystem.
Syntax
show ssm registered-users {<username> |all} [domain ipv4:<ipv4address> dns:<host-name>]
Example
SR#show ssm registered-users all
show ssm registrar

Use this command to display the values of the expires and max-contacts properties that are
configured within the survivability subsystem. This command also shows the configured backup registration policy.
Syntax
show ssm registrar
Example
SR#show ssm registrar
show ssm session-timer

Use this command to display the values of the range validation and session timer parameters.
Syntax
show ssm session-timer
Example
SR#show ssm session-timer
October 2010
1029
SSM commands
show ssm sip-server configuration

Use this command to display the values of the parameters central server, domain, DNS lookup
timeout, transport, allow transport switching, reject services in survivable mode and different
timers.
Syntax
show ssm sip-server configuration
Example
SR#show ssm sip-server configuration
show ssm sip-server statistics

Use this command to display the number of SIP messages that have been received, forwarded,
and other transaction related statistics for INVITE and REGISTER methods.
Syntax
show ssm sip-server statistics
Example
SR#show ssm sip-server statistics
show ssm sip-server status

Use this command to display the SIP survivability feature status.
This command shows whether the SSM feature is operational or not. If operational, it shows
the current mode of operation: normal or survivable.
Syntax
show ssm sip-server status
Example
SR#show ssm sip-server status
1030
October 2010
show ssm subscriber
show ssm subscriber

Use this command to display the subscribers in the survivability subsystem.
Syntax
show ssm subscriber {<username>|all} [domain {ipv4:<ipv4-address> |
dns:<host-name>}]
Example
SR#show ssm subscriber all
October 2010
1031
SSM commands
1032
October 2010
Chapter 64: Troubleshooting commands
debug
Use this command to enter debug mode.
Syntax
debug
Example
SR# debug
debug bgp
Use this command to debug the Border Gateway Protocol.
Syntax
[no] debug bgp
Example
SR# debug bgp
debug bgp all

Use this command to enable all BGP debugging features.
Syntax
[no] debug bgp all
Example
SR# debug bgp all
October 2010
1033
Troubleshooting commands
debug bgp dampening

Use this command to debug BGP dampening.
Syntax
[no] debug bgp dampening
Example
SR# debug bgp dampening
debug bgp events

Use this command to debug BGP events.
Syntax
[no] debug bgp events
Example
SR# debug bgp events
debug bgp filters

Use this command to debug BGP filters.
Syntax
[no] debug bgp filters
Example
SR# debug bgp filters
debug bgp fsm

Use this command to debug BGP Finite State Machine.
Syntax
[no] debug bgp fsm
1034
October 2010
debug bgp keepalives
Example
SR# debug bgp fsm
debug bgp keepalives

Use this command to debug BGP keepalives.
Syntax
[no] debug bgp keepalives
Example
SR# debug bgp keepalives
debug bgp nsm

Use this command to debug BGP FIB messages.
Syntax
[no] debug bgp nsm
Example
SR# debug bgp nsm
debug bgp updates

Use this command to debug BGP updates.
Syntax
[no] debug bgp updates <in|out>
Variable
Value
<in>
Debug inbound updates.
<out>
Debug outgoing updates.
Example
SR# debug bgp updates in
October 2010
1035
debug clear_clisession
Use this command to enable or disable debug for clearing a console or Telnet CLI connection.
Syntax
[no] debug clear_clisession <116>
Variable
Value
<116>
Specifies the console session sequence number.
[no]
Disables debug for clearing a console or Telnet CLI connection.
Example
SR#debug clear_clisession 6
debug_eng
Use this command to enable or disable engineering debugging.
Syntax
[no] debug_eng
Variable
[no]
Value
Disables engineering debugging.
Example
SR#debug_eng
debug fr
Use this command to access Frame Relay debug commands.
Syntax
debug fr
1036
October 2010
debug fr pvc-info
Example
SR# debug fr
debug fr pvc-info
Use this command to show detailed frame relay virtual circuit information.
Syntax
[no] debug fr pvc-info <bundle> <dlci>
Variable
Value
<bundle>
The bundle name.
<dlci>
The DLCI number, in the range 16 to 1022.
Example
SR# debug fr pvc-info test 200
debug fr bundle-info
Use this command to show detailed frame relay bundle interface information.
Syntax
[debug] fr bundle-info <bundle>
Variable
<bundle>
Value
The bundle name.
Example
SR# debug fr bundle-info test
debug fr packet
Use this command to enable all fr/mfr packet level debugging. Be advised that using this
command can significantly impact system performance.
October 2010
1037
Syntax
[no] debug fr packet
Example
SR# debug fr packet
debug fr packet lmi

Use this command to show frame relay virtual circuit information.
Syntax
[no] debug fr packet lmi [debug_direction <tx|rx|both>]
Variable
Value
<both>
Both directions.
<debug_direction>
The debug direction.
<tx>
Transmit direction.
<rx>
Receive direction.
Example
SR# debug fr packet lmi debug_direction tx
debug fr packet inverse-arp

Use this command to dump FR inverse arp packets.
Syntax
[no] debug fr packet inverse-arp
Example
SR# debug fr packet inverse-arp
debug fr packet mfr

Use this command to dump FRF.16.1 UNI/NNI MFR control packets.
1038
October 2010
debug fr mfr
Syntax
[no] debug fr packet mfr [content <brief|detailed>]
Variable
Value
<brief>
Print single line information.
[content]
The content level to print.
<detailed>
Print detailed information.
Example
SR# debug fr packet mfr content detailed
debug fr mfr
Use this command to access MFR debug commands.
Syntax
[no] debug fr mfr
Example
SR# debug fr mfr
debug fr mfr states

Use this command to print the current state of links in an MFR bundle.
Syntax
[no] debug fr mfr states <bundle>
Variable
<bundle>
Value
The bundle name.
Example
SR# debug fr mfr states test
October 2010
1039
debug fr mfr state-machine

Use this command to print dynamic MFR state machine changes.
Syntax
[no] debug fr mfr state-machine
Example
SR# debug fr mfr state-machine
debug fr bundle-buffers
Use this command to shows current and max buffers and other stats for all bundles.
Syntax
[no] debug fr bundle-buffers
Example
SR# debug fr bundle-buffers
debug fr frf20
Use this command to show frf20 configuration and status.
Syntax
[no] debug fr frf20 <bundle> <16-1022>
Variable
<bundle>
Value
The bundle name.
Example
SR# debug fr frf20 test 200
1040
October 2010
debug hdlc
debug hdlc
Use this command to display all bundles and corresponding HDLC channels.
Syntax
[no] debug hdlc
Example
SR# debug hdlc
debug igmp
Use this command to debug IGMP.
Syntax
[no] debug igmp
Example
SR# debug igmp
debug igmp all

Use this command to enable all IGMP debugging.
Syntax
[no] debug igmp all
Example
SR# debug igmp all
debug igmp decode

Use this command to enable IGMP decode debugging.
Syntax
[no] debug igmp decode
October 2010
1041
Example
SR# debug igmp decode
debug igmp encode

Use this command to enable IGMP encode debugging.
Syntax
[no] debug igmp encode
Example
SR# debug igmp encode
debug igmp events

Use this command to enable IGMP event debugging.
Syntax
[no] debug igmp events
Example
SR# debug igmp events
debug igmp fsm

Use this command to enable IGMP FSM debugging.
Syntax
[no] debug igmp fsm
Example
SR# debug igmp fsm
debug igmp tib

Use this command to enable IGMP Tree Info Base debugging.
1042
October 2010
debug pim
Syntax
[no] debug igmp tib
Example
SR# debug igmp tib
debug pim
Use this command to access next-level PIM Sparse-Mode debugging commands.
Syntax
[no] debug pim
Example
SR# debug pim
debug pim sparse-mode

Use this command to debug PIM Sparse-Mode.
Syntax
[no] debug pim sparse-mode
Example
SR# debug pim sparse-mode
debug pim sparse-mode all

Use this command to enable all PIM debugging.
Syntax
[no] debug pim sparse-mode all
Example
SR# debug pim sparse-mode all
October 2010
1043
debug pim sparse-mode events

Use this command to debug PIM events.
Syntax
[no] debug pim sparse-mode events
Example
SR# debug pim sparse-mode events
debug pim sparse-mode mfc

Use this command to debug PIM MFC updates.
Syntax
[no] debug pim sparse-mode mfc
Example
SR# debug pim sparse-mode mfc
debug pim sparse-mode mib

Use this command to debug the PIM MIB.
Syntax
[no] debug pim sparse-mode mib
Example
SR# debug pim sparse-mode mib
debug pim sparse-mode nexthop

Use this command to debug the PIM next hop.
Syntax
[no] debug pim sparse-mode nexthop
1044
October 2010
debug pim sparse-mode database
Example
SR# debug pim sparse-mode nexthop
debug pim sparse-mode database

Use this command to debug PIM database information.
Syntax
[no] debug pim sparse-mode database
Example
SR# debug pim sparse-mode database
debug pim sparse-mode packet

Use this command to debug PIM packets.
Syntax
[no] debug pim sparse-mode packet
Example
SR# debug pim sparse-mode packet
debug pim sparse-mode state

Use this command to debug the PIM state.
Syntax
[no] debug pim sparse-mode state
Example
SR# debug pim sparse-mode state
debug pim sparse-mode timer

Use this command to debug PIM timers.
October 2010
1045
Syntax
[no] debug pim sparse-mode timer
Example
SR# debug pim sparse-mode timer
debug pim sparse-mode timer assert

Use this command to debug PIM assert timers.
Syntax
[no] debug pim sparse-mode timer assert
Example
SR# debug pim sparse-mode timer assert
debug pim sparse-mode timer bsr

Use this command to debug PIM bootstrap timers.
Syntax
[no] debug pim sparse-mode timer bsr
Example
SR# debug pim sparse-mode timer bsr
debug pim sparse-mode timer hello

Use this command to debug PIM hello timers.
Syntax
[no] debug pim sparse-mode timer hello
Example
SR# debug pim sparse-mode timer hello
1046
October 2010
debug pim sparse-mode timer joinprune
debug pim sparse-mode timer joinprune

Use this command to debug PIM joinprune timers.
Syntax
[no] debug pim sparse-mode timer joinprune
Example
SR# debug pim sparse-mode timer joinprune
debug pim sparse-mode timer register

Use this command to debug PIM register timers.
Syntax
[no] debug pim sparse-mode timer register
Example
SR# debug pim sparse-mode timer register
debug dvmrp
Use this command to access DVRMP debugging commands.
Syntax
[no] debug dvmrp
Example
SR# debug dvmrp
debug dvmrp all

Use this command to enable all DVMRP debugging.
Syntax
[no] debug dvmrp all
October 2010
1047
Example
SR# debug dvmrp all
debug dvmrp events

Use this command to debug DVMRP events.
Syntax
[no] debug dvmrp events
Example
SR# debug dvmrp events
debug dvmrp events igmp

Use this command to debug DVMRP IGMP events.
Syntax
[no] debug dvmrp events igmp
Example
SR# debug dvmrp events igmp
debug dvmrp events kernel

Use this command to DVMRP kernel events.
Syntax
[no] debug dvmrp events kernel
Example
SR# debug dvmrp events kernel
debug dvmrp events neighbor

Use this command to debug DVMRP neighbor events.
1048
October 2010
debug dvmrp events packet
Syntax
[no] debug dvmrp events neighbor
Example
SR# debug dvmrp events neighbor
debug dvmrp events packet

Use this command to debug DVMRP packet events.
Syntax
[no] debug dvmrp events packet
Example
SR# debug dvmrp events packet
debug dvmrp events prune

Use this command to debug DVMRP prune events.
Syntax
[no] debug dvmrp events prune
Example
SR# debug dvmrp events prune
debug dvmrp events route

Use this command to debug DVMRP route events.
Syntax
[no] debug dvmrp events route
Example
SR# debug dvmrp events route
October 2010
1049
debug dvmrp mfc

Use this command to debug multicast forwarding cache events.
Syntax
[no] debug dvmrp mfc
Example
SR# debug dvmrp mfc
debug dvmrp mib

Use this command to debug the DVMRP MIB.
Syntax
[no] debug dvmrp mib
Example
SR# debug dvmrp mib
debug dvmrp nsm

Use this command to debug FIB messages.
Syntax
[no] debug dvmrp nsm
Example
SR# debug dvmrp nsm
debug dvmrp packet

Use this command to debug all DVMRP packets.
Syntax
[no] debug dvmrp packet
1050
October 2010
debug dvmrp packet graft
Example
SR# debug dvmrp packet
debug dvmrp packet graft

Use this command to debug graft packets.
Syntax
[no] debug dvmrp packet graft
Example
SR# debug dvmrp packet graft
debug dvmrp packet graft-ack

Use this command to debug graft-ack packets.
Syntax
[no] debug dvmrp packet graft-ack
Example
SR# debug dvmrp packet graft-ack
debug dvmrp packet in

Use this command to debug incoming DVMRP packets.
Syntax
[no] debug dvmrp packet in
Example
SR# debug dvmrp packet in
debug dvmrp packet out

Use this command to debug outgoing DVMRP packets.
October 2010
1051
Syntax
[no] debug dvmrp packet out
Example
SR# debug dvmrp packet out
debug dvmrp packet probe

Use this command to debug probe packets.
Syntax
[no] debug dvmrp packet probe
Example
SR# debug dvmrp packet probe
debug dvmrp packet prune

Use this command to debug prune packets.
Syntax
[no] debug dvmrp packet prune
Example
SR# debug dvmrp packet prune
debug dvmrp packet report

Use this command to debug report packets.
Syntax
[no] debug dvmrp packet report
Example
SR# debug dvmrp packet report
1052
October 2010
debug dvmrp timer
debug dvmrp timer

Use this command to debug DVMRP timers.
Syntax
[no] debug dvmrp timer
Example
SR# debug dvmrp timer
debug dvmrp timer probe

Use this command to debug all probe timers.
Syntax
[no] debug dvmrp timer probe
Example
SR# debug dvmrp timer probe
debug dvmrp timer prune

Use this command to debug all prune timers.
Syntax
[no] debug dvmrp timer prune
Example
SR# debug dvmrp timer prune
debug dvmrp timer route

Use this command to debug all route timers.
Syntax
[no] debug dvmrp timer route
October 2010
1053
Example
SR# debug dvmrp timer route
debug mld
Use this command to configure MLD debugging.
Syntax
[no] debug mld
Example
SR# debug mld
debug mld all

Use this command to enable all MLD debugging.
Syntax
[no] debug mld all
Example
SR# debug mld all
debug mld decode

Use this command to enable MLD decode debugging.
Syntax
[no] debug mld decode
Example
SR# debug mld decode
debug mld encode

Use this command to enable MLD encode debugging.
1054
October 2010
debug mld events
Syntax
[no] debug mld encode
Example
SR# debug mld encode
debug mld events

Use this command to enable MLD event debugging.
Syntax
[no] debug mld events
Example
SR# debug mld events
debug mld fsm

Use this command to enable MLD FSM debugging.
Syntax
[no] debug mld fsm
Example
SR# debug mld fsm
debug mld tib

Use this command to enable MLD Tree Info Base debugging.
Syntax
[no] debug mld tib
Example
SR# debug mld tib
October 2010
1055
debug ip
Use this command to access ip/ipmux debug commands.
Syntax
[no] debug ip
Example
SR# debug ip
debug ip arp
Use this command to debug ARP packets.
Syntax
[no] debug ip arp
Example
SR# debug ip arp
debug ip vrrp
Use this command to enable or disable VRRP debugging.
Syntax
[no] debug ip vrrp
Example
SR# debug ip vrrp
debug ip vrrp all

Use this command to debug all VRRP messages.
Syntax
[no] debug ip vrrp all
1056
October 2010
debug ip vrrp error
Example
SR# debug ip vrrp all
debug ip vrrp error

Use this command to debug VRRP error messages.
Syntax
[no] debug ip vrrp error
Example
SR# debug ip vrrp error
debug ip vrrp state

Use this command to debug VRRP state transitions.
Syntax
[no] debug ip vrrp state
Example
SR# debug ip vrrp state
debug ip vrrp events

Use this command to debug all VRRP events.
Syntax
[no] debug ip vrrp events
Example
SR# debug ip vrrp events
debug ip vrrp packet

Use this command to debug VRRP packet errors.
October 2010
1057
Syntax
[no] debug ip vrrp packet
Example
SR# debug ip vrrp packet
debug ip tunnel
Use this command to enable or disable tunnel debug commands.
Syntax
[no] debug ip tunnel
Example
SR# debug ip tunnel
debug ip tunnel all

Use this command to debug all tunnel messages.
Syntax
[no] debug ip tunnel all
Example
SR# debug ip tunnel all
debug ip tunnel error

Use this command to debug tunnel error messages.
Syntax
[no] debug ip tunnel error
Example
SR# debug ip tunnel error
1058
October 2010
debug ip tunnel encap
debug ip tunnel encap

Use this command to debug encapsulation related messages.
Syntax
[no] debug ip tunnel encap
Example
SR# debug ip tunnel encap
debug ip tunnel decap

Use this command to debug decapsulation related messages.
Syntax
[no] debug ip tunnel decap
Example
SR# debug ip tunnel decap
debug ip tunnel packet

Use this command to debug packet trace messages.
Syntax
[no] debug ip tunnel packet
Example
SR# debug ip tunnel packet
debug ip tunnel keepalive

Use this command to debug keepalive messages.
Syntax
[no] debug ip tunnel keepalive
October 2010
1059
Example
SR# debug ip tunnel keepalive
debug ip tunnel state

Use this command to debug interface state change messages.
Syntax
[no] debug ip tunnel state
Example
SR# debug ip tunnel state
debug ip dhcps
Use this command to enable or disable DHCP server debugging.
Syntax
[no] debug ip dhcps
Example
SR# debug ip dhcps
debug ip dhcps all

Use this command to debug all DHCP Server messages.
Syntax
[no] debug ip dhcps all
Example
SR# debug ip dhcps all
debug ip dhcps error

Use this command to debug all DHCP Server error messages.
1060
October 2010
debug ip dhcps state
Syntax
[no] debug ip dhcps error
Example
SR# debug ip dhcps error
debug ip dhcps state

Use this command to debug DHCP Server state transitions.
Syntax
[no] debug ip dhcps state
Example
SR# debug ip dhcps state
debug ip dhcps events

Use this command to debug all DHCP Server events.
Syntax
[no] debug ip dhcps events
Example
SR# debug ip dhcps events
debug ip dhcps packet

Use this command to debug DHCP Server packet debug messages.
Syntax
[no] debug ip dhcps packet
Example
SR# debug ip dhcps packet
October 2010
1061
debug ip ssh
Use this command to enable or disable SSH debug commands.
Syntax
[no] debug ip ssh <level>
Variable
<level>
Value
The debugging level. Values are:
none
fatal
error
log
trace
Example
SR# debug ip ssh none
debug ip statistics
Use this command to show IP debug statistics.
Syntax
[no] debug ip statistics
Example
SR# debug ip statistics
debug ip statistics ipshow

Use this command to show IP statistics.
Syntax
[no] debug ip statistics ipshow
1062
October 2010
debug ip statistics icmpshow
Example
SR# debug ip statistics ipshow
debug ip statistics icmpshow

Use this command to show ICMP statistics.
Syntax
[no] debug ip statistics icmpshow
Example
SR# debug ip statistics icmpshow
debug ip statistics rtshow

Use this command to show route statistics.
Syntax
[no] debug ip statistics rtshow
Example
SR# debug ip statistics rtshow
debug ip statistics tcpshow

Use this command to show TCP statistics.
Syntax
[no] debug ip statistics tcpshow
Example
SR# debug ip statistics tcpshow
debug ip statistics udpshow

Use this command to show UDP statistics.
October 2010
1063
Syntax
[no] debug ip statistics udpshow
Example
SR# debug ip statistics udpshow
debug ip statistics ipmuxshow

Use this command to show IPMUX statistics.
Syntax
[no] debug ip statistics ipmuxshow
Example
SR# debug ip statistics ipmuxshow
debug ip statistics ipmuxclear

Use this command to clear IPMUX statistics.
Syntax
[no] debug ip statistics ipmuxclear
Example
SR# debug ip statistics ipmuxclear
debug ip statistics ipclear

Use this command to clear IP statistics.
Syntax
[no] debug ip statistics ipclear
Example
SR# debug ip statistics ipclear
1064
October 2010
debug ip statistics icmpclear
debug ip statistics icmpclear

Use this command to clear ICMP statistics.
Syntax
[no] debug ip statistics icmpclear
Example
SR# debug ip statistics icmpclear
debug ip multicast
Use this command to debug IP multicast information.
Syntax
[no] debug ip multicast
Example
SR# debug ip multicast
debug ip multicast all

Use this command to enable all IPv4 multicast debugging.
Syntax
[no] debug ip multicast all
Example
SR# debug ip multicast all
debug ip multicast fib-msg

Use this command to debug multicast FIB messages.
Syntax
[no] debug ip multicast fib-msg
October 2010
1065
Example
SR# debug ip multicast fib-msg
debug ip multicast mrt

Use this command to debug a multicast route.
Syntax
[no] debug ip multicast mrt
Example
SR# debug ip multicast mrt
debug ip multicast register

Use this command to debug multicast PIM Register messages.
Syntax
[no] debug ip multicast register
Example
SR# debug ip multicast register
debug ip multicast stats

Use this command to debug multicast statistics.
Syntax
[no] debug ip multicast stats
Example
SR# debug ip multicast stats
debug ip multicast vif

Use this command to debug multicast interface information.
1066
October 2010
debug ipv6
Syntax
[no] debug ip multicast vif
Example
SR# debug ip multicast vif
debug ipv6
Use this command to access IPv6 debug commands.
Syntax
[no] debug ipv6
Example
SR# debug ipv6
debug ipv6 dhcp

Use this command to access DHCPv6 debugging.
Syntax
[no] debug ipv6 dhcp
Example
SR# debug ipv6 dhcp
debug ipv6 dhcp detail

Use this command to debug all levels.
Syntax
[no] debug ipv6 dhcp detail
Example
SR# debug ipv6 dhcp detail
October 2010
1067
debug ipv6 dhcp error

Use this command to debug DHCPv6 errors.
Syntax
[no] debug ipv6 dhcp error
Example
SR# debug ipv6 dhcp error
debug ipv6 dhcp warnings

Use this command to debug DHCPv6 warnings.
Syntax
[no] debug ipv6 dhcp warnings
Example
SR# debug ipv6 dhcp warnings
debug ipv6 dhcp info

Use this command to debug DHCPv6 informational messages.
Syntax
[no] debug ipv6 dhcp info
Example
SR# debug ipv6 dhcp info
debug ipv6 dhcp more

Use this command to debug more DHCPv6 messages.
Syntax
[no] debug ipv6 dhcp more
1068
October 2010
debug ipv6 nd
Example
SR# debug ipv6 dhcp more
debug ipv6 nd
Use this command to access ND6/ICMP6/IPv6 debug levels.
Syntax
[no] debug ipv6 nd
Example
SR# debug ipv6 nd
debug ipv6 nd error

Use this command to enable error message debugging.
Syntax
[no] debug ipv6 nd error
Example
SR# debug ipv6 nd error
debug ipv6 nd trace

Use this command to enable nd trace debugging.
Syntax
[no] debug ipv6 nd trace
Example
SR# debug ipv6 nd trace
debug ipv6 dad

Use this command to access DAD debug levels.
October 2010
1069
Syntax
[no] debug ipv6 dad
Example
SR# debug ipv6 dad
debug ipv6 dad error

Use this command to enable DAD error message debugging.
Syntax
[no] debug ipv6 dad error
Example
SR# debug ipv6 dad error
debug ipv6 dad trace

Use this command to enable DAD trace debugging.
Syntax
[no] debug ipv6 dad trace
Example
SR# debug ipv6 dad trace
debug ipv6 rtadv

Use this command to access Router Advertisement debug levels.
Syntax
[no] debug ipv6 rtadv
Example
SR# debug ipv6 rtadv
1070
October 2010
debug ipv6 rtadv error
debug ipv6 rtadv error

Use this command to enable RTADV error message debugging.
Syntax
[no] debug ipv6 rtadv error
Example
SR# debug ipv6 rtadv error
debug ipv6 rtadv trace

Use this command to enable RTADV trace debugging.
Syntax
[no] debug ipv6 rtadv trace
Example
SR# debug ipv6 rtadv trace
debug ipv6 statistics

Use this command to show statistics.
Syntax
[no] debug ipv6 statistics
Example
SR# debug ipv6 statistics
debug ipv6 statistics ipshow

Use this command to show IP statistics.
Syntax
[no] debug ipv6 statistics ipshow
October 2010
1071
Example
SR# debug ipv6 statistics ipshow
debug ipv6 statistics icmpshow

Use this command to show ICMP statistics.
Syntax
[no] debug ipv6 statistics icmpshow
Example
SR# debug ipv6 statistics icmpshow
debug ipv6 statistics tcpshow

Use this command to show TCP statistics.
Syntax
[no] debug ipv6 statistics tcpshow
Example
SR# debug ipv6 statistics tcpshow
debug ipv6 statistics udpshow

Use this command to show UDP statistics.
Syntax
[no] debug ipv6 statistics udpshow
Example
SR# debug ipv6 statistics udpshow
debug ipv6 statistics ipmuxshow

Use this command to show IPMUX statistics.
1072
October 2010
debug ipv6 statistics ipmuxclear
Syntax
[no] debug ipv6 statistics ipmuxshow
Example
SR# debug ipv6 statistics ipmuxshow
debug ipv6 statistics ipmuxclear

Use this command to clear IPMUX statistics.
Syntax
[no] debug ipv6 statistics ipmuxclear
Example
SR# debug ipv6 statistics ipmuxclear
debug ipv6 tunnel

Use this command to enable or disable tunnel debug commands.
Syntax
[no] debug ipv6 tunnel
Example
SR# debug ipv6 tunnel
debug ipv6 tunnel all

Use this command to debug all messages.
Syntax
[no] debug ipv6 tunnel all
Example
SR# debug ipv6 tunnel all
October 2010
1073
debug ipv6 tunnel error

Use this command to debug error messages.
Syntax
[no] debug ipv6 tunnel error
Example
SR# debug ipv6 tunnel error
debug ipv6 tunnel encap

Use this command to debug encapsulation related messages.
Syntax
[no] debug ipv6 tunnel encap
Example
SR# debug ipv6 tunnel encap
debug ipv6 tunnel decap

Use this command to debug decapsulation related messages.
Syntax
[no] debug ipv6 tunnel decap
Example
SR# debug ipv6 tunnel decap
debug ipv6 tunnel packet

Use this command to debug packet trace messages.
Syntax
[no] debug ipv6 tunnel packet
1074
October 2010
debug ipv6 tunnel keepalive
Example
SR# debug ipv6 tunnel packet
debug ipv6 tunnel keepalive

Use this command to debug keepalive messages.
Syntax
[no] debug ipv6 tunnel keepalive
Example
SR# debug ipv6 tunnel keepalive
debug ipv6 tunnel state

Use this command to debug interface state change messages.
Syntax
[no] debug ipv6 tunnel state
Example
SR# debug ipv6 tunnel state
debug ipv6 rip

Use this command to enable RIP debugging for IPv6.
Syntax
[no] debug ipv6 rip
Example
SR# debug ipv6 rip
debug ipv6 rip all

Use this command to enable all RIP debugging.
October 2010
1075
Syntax
[no] debug ipv6 rip all
Example
SR# debug ipv6 rip all
debug ipv6 rip events

Use this command to debug RIPng events.
Syntax
[no] debug ipv6 rip events
Example
SR# debug ipv6 rip events
debug ipv6 rip nsm

Use this command to debug RIPng and NSM communications.
Syntax
[no] debug ipv6 rip nsm
Example
SR# debug ipv6 rip nsm
debug ipv6 rip packet

Use this command to debug RIPng packets.
Syntax
[no] debug ipv6 rip packet
Example
SR# debug ipv6 rip packet
1076
October 2010
debug ipv6 rip packet detail
debug ipv6 rip packet detail

Use this command to display detailed information.
Syntax
[no] debug ipv6 rip packet detail
Example
SR# debug ipv6 rip packet detail
debug ipv6 rip packet recv

Use this command to debug RIPng receive packets.
Syntax
[no] debug ipv6 rip packet recv
Example
SR# debug ipv6 rip packet recv
debug ipv6 rip packet send

Use this command to debug RIPng send packets.
Syntax
[no] debug ipv6 rip packet send
Example
SR# debug ipv6 rip packet send
debug ipv6 ospf

Use this command to enable OSPF for IPv6 debugging.
Syntax
[no] debug ipv6 ospf
October 2010
1077
Example
SR# debug ipv6 ospf
debug ipv6 ospf packet

Use this command to debug OSPFv3 packets.
Syntax
[no] debug ipv6 ospf packet
Example
SR# debug ipv6 ospf packet
debug ipv6 ospf ifsm

Use this command to debug OSPFv3 Interface State Machine.
Syntax
[no] debug ipv6 ospf ifsm
Example
SR# debug ipv6 ospf ifsm
debug ipv6 ospf nfsm

Use this command to debug OSPFv3 Neighbor State Machine.
Syntax
[no] debug ipv6 ospf nfsm
Example
SR# debug ipv6 ospf nfsm
debug ipv6 ospf lsa

Use this command to debug OSPFv3 Link State Advertisement.
1078
October 2010
debug ipv6 ospf route
Syntax
[no] debug ipv6 ospf lsa
Example
SR# debug ipv6 ospf lsa
debug ipv6 ospf route

Use this command to debug OSPFv3 route information.
Syntax
[no] debug ipv6 ospf route
Example
SR# debug ipv6 ospf route
debug ipv6 ospf nsm

Use this command to debug OSPFv3 RIB information.
Syntax
[no] debug ipv6 ospf nsm
Example
SR# debug ipv6 ospf nsm
debug ipv6 ospf events

Use this command to debug OSPFv3 events.
Syntax
[no] debug ipv6 ospf events
Example
SR# debug ipv6 ospf events
October 2010
1079
debug ipv6 ospf all

Use this command to enable or disable all OSPFv3 debugging.
Syntax
[no] debug ipv6 ospf all
Example
SR# debug ipv6 ospf all
debug ipv6 pim

Use this command to access next level IPv6 PIM commands.
Syntax
[no] debug ipv6 pim
Example
SR# debug ipv6 pim
debug ipv6 pim sparse-mode

Use this command to access debug commands for PIM-SM for IPv6.
Syntax
[no] debug ipv6 pim sparse-mode
Example
SR# debug ipv6 pim sparse-mode
debug ipv6 pim sparse-mode all

Use this command to enable all PIM debugging.
Syntax
[no] debug ipv6 pim sparse-mode all
1080
October 2010
debug ipv6 pim sparse-mode events
Example
SR# debug ipv6 pim sparse-mode all
debug ipv6 pim sparse-mode events

Use this command to debug PIM events.
Syntax
[no] debug ipv6 pim sparse-mode events
Example
SR# debug ipv6 pim sparse-mode events
debug ipv6 pim sparse-mode mfc

Use this command to debug PIM MFC updates.
Syntax
[no] debug ipv6 pim sparse-mode mfc
Example
SR# debug ipv6 pim sparse-mode mfc
debug ipv6 pim sparse-mode mib

Use this command to debug the PIM MIB.
Syntax
[no] debug ipv6 pim sparse-mode mib
Example
SR# debug ipv6 pim sparse-mode mib
debug ipv6 pim sparse-mode nexthop

Use this command to debug the PIM nexthop.
October 2010
1081
Syntax
[no] debug ipv6 pim sparse-mode nexthop
Example
SR# debug ipv6 pim sparse-mode nexthop
debug ipv6 pim sparse-mode database

Use this command to debug PIM database information.
Syntax
[no] debug ipv6 pim sparse-mode database
Example
SR# debug ipv6 pim sparse-mode database
debug ipv6 pim sparse-mode packet

Use this command to debug a PIM packet.
Syntax
[no] debug ipv6 pim sparse-mode packet
Example
SR# debug ipv6 pim sparse-mode packet
debug ipv6 pim sparse-mode state

Use this command to debug the PIM state.
Syntax
[no] debug ipv6 pim sparse-mode state
Example
SR# debug ipv6 pim sparse-mode state
1082
October 2010
debug ipv6 pim sparse-mode timer
debug ipv6 pim sparse-mode timer

Use this command to debug PIM timers.
Syntax
[no] debug ipv6 pim sparse-mode timer
Example
SR# debug ipv6 pim sparse-mode timer
debug ipv6 pim sparse-mode timer assert

Use this command to debug assert timers.
Syntax
[no] debug ipv6 pim sparse-mode timer assert
Example
SR# debug ipv6 pim sparse-mode timer assert
debug ipv6 pim sparse-mode timer bsr

Use this command to debug bootstrap timers.
Syntax
[no] debug ipv6 pim sparse-mode timer bsr
Example
SR# debug ipv6 pim sparse-mode timer bsr
debug ipv6 pim sparse-mode timer hello

Use this command to debug hello timers.
Syntax
[no] debug ipv6 pim sparse-mode timer hello
October 2010
1083
Example
SR# debug ipv6 pim sparse-mode timer hello
debug ipv6 pim sparse-mode timer joinprune

Use this command to debug joinprune timers.
Syntax
[no] debug ipv6 pim sparse-mode timer joinprune
Example
SR# debug ipv6 pim sparse-mode timer joinprune
debug ipv6 pim sparse-mode timer register

Use this command to debug register timers.
Syntax
[no] debug ipv6 pim sparse-mode timer register
Example
SR# debug ipv6 pim sparse-mode timer register
debug ipv6 packet-filter

Use this command to enable or disable IPv6 packet filter debug messages.
Syntax
[no] debug ipv6 packet-filter
Example
SR# debug ipv6 packet-filter
debug ipv6 multicast

Use this command to debug multicast information.
1084
October 2010
debug ipv6 multicast all
Syntax
[no] debug ipv6 multicast
Example
SR# debug ipv6 multicast
debug ipv6 multicast all

Use this command to debug all multicast information.
Syntax
[no] debug ipv6 multicast all
Example
SR# debug ipv6 multicast all
debug ipv6 multicast fib-msg

Use this command to debug multicast FIB messages.
Syntax
[no] debug ipv6 multicast fib-msg
Example
SR# debug ipv6 multicast fib-msg
debug ipv6 multicast mrt

Use this command to debug multicast routes.
Syntax
[no] debug ipv6 multicast mrt
Example
SR# debug ipv6 multicast mrt
October 2010
1085
debug ipv6 multicast register

Use this command to debug multicast PIM register messages.
Syntax
[no] debug ipv6 multicast register
Example
SR# debug ipv6 multicast register
debug ipv6 multicast stats

Use this command to debug multicast statistics.
Syntax
[no] debug ipv6 multicast stats
Example
SR# debug ipv6 multicast stats
debug ipv6 multicast mif

Use this command to debug a multicast interface.
Syntax
[no] debug ipv6 multicast mif
Example
SR# debug ipv6 multicast mif
debug ppp
Use this command to enable or disable PPP debug commands.
Syntax
[no] debug ppp
1086
October 2010
debug ppp mlpinfo
Example
SR# debug ppp
debug ppp mlpinfo

Use this command to display MLPPP information.
Syntax
[no] debug ppp mlpinfo
Example
SR# debug ppp mlpinfo
debug ppp pppstates

Use this command to display PPP states information.
Syntax
[no] debug ppp pppstates
Example
SR# debug ppp pppstates
debug ppp debug_link

Use this command to set link-specific debug.
Syntax
[no] debug ppp debug_link
Example
SR# debug ppp debug_link
debug ppp negotiation

Use this command to show ppp negotiation.
October 2010
1087
Syntax
[no] debug ppp negotiation
Example
SR# debug ppp negotiation
debug ppp lcp

Use this command to show lcp debug information.
Syntax
[no] debug ppp lcp
Example
SR# debug ppp lcp
debug ppp ipcp

Use this command to display ipcp debug information.
Syntax
[no] debug ppp ipcp
Example
SR# debug ppp ipcp
debug ppp bcp

Use this command to display bgp debug information.
Syntax
[no] debug ppp bcp
Example
SR# debug ppp bcp
1088
October 2010
debug ppp ipv6cp
debug ppp ipv6cp

Use this command to display ipv6cp debug information.
Syntax
[no] debug ppp ipv6cp
Example
SR# debug ppp ipv6cp
debug spanning-tree all

Use this command to enable or disable all Spanning Tree debug features.
Syntax
[no] debug spanning-tree all
Variable
[no]
Value
Disables debugging for all Spanning Tree debug features.
Example
SR#debug spanning-tree all
debug spanning-tree cli

Use this command to enable or disable the debugging of Spanning Tree CLI commands.
Syntax
[no] debug spanning-tree cli
Variable
[no]
Value
Disables debugging for Spanning Tree CLI commands.
October 2010
1089
Example
SR#debug spanning-tree cli
debug spanning-tree event

Use this command to enable or disable debugging for Spanning Tree protocols.
Syntax
[no] debug spanning-tree event
Variable
[no]
Value
Disables debugging for Spanning Tree protocols.
Example
SR#debug spanning-tree event
debug spanning-tree packet

Use this command to enable or disable debugging for MSTP packets.
Syntax
[no] debug spanning-tree packet <receive> <transmit>
Variable
Value
[no]
Disables debugging for MSTP packets.
<receive>
Specifies received MSTP packets.
<transmit>
Specifies transmitted MSTP packets.
Example
SR#debug spanning-tree packet receive
1090
October 2010
debug spanning-tree timer
debug spanning-tree timer

Use this command to enable or disable debugging for MSTP timers.
Syntax
[no] debug spanning-tree timer
Variable
[no]
Value
Disables debugging for MSTP timers.
Example
SR#debug spanning-tree timer
debug ssm traces error

Use this command to configure error traces. The no form of the command disables the
specified trace.
Syntax
[no] debug ssm traces error {all| critical | major | minor}
Example
SR#debug ssm traces error all
debug ssm traces message

Use this command to enable the SIP message dump trace. The no form of the command
disables the trace.
Syntax
[no] debug ssm traces message
Example
SR#debug ssm traces message
October 2010
1091
debug ssm traces module

Use this command to configure module traces. The no form of the command disables the
specified trace.
Syntax
[no] debug ssm traces module [brief-traces | detailed-traces] [all |
cac | call | handlers | media | stack | routing | registrar |
keepalive]
Variable
Value
[no]
Disables trace for the specified component.
brief-traces
Specifies brief trace.
detailed-traces
Specifies detailed trace.
all
Enables trace for all components.
cac
Enables trace for the CAC component.
call
Enables trace for the call component.
handlers
Enables trace for the handlers component.
media
Enables trace for the media component.
stack
Enables trace for the stack component.
routing
Enables trace for the routing component.
registrar
Enables trace for the registrar component.
keepalive
Enables trace for the keepalive component.
Example
SR#debug ssm traces module brief-traces all
debug system
Use this command to show system debug commands.
Syntax
[no] debug system
1092
October 2010
debug system show_crash
Example
SR# debug system
debug system show_crash

Use this command to show system crash information.
Syntax
[no] debug system show_crash
Example
SR# debug system show_crash
debug system overwrite_crash_dump

Use this command to overwrite crash dump after maximum 5 are saved.
Syntax
[no] debug system overwrite_crash_dump
Example
SR# debug system overwrite_crash_dump
debug system clear_crash_dump

Use this command to clear all the crash dumps.
Syntax
[no] debug system clear_crash_dump
Example
SR# debug system clear_crash_dump
debug system display_overwrite_crash_dump

Use this command to display the status of crash dump overwrite.
October 2010
1093
Syntax
[no] debug system display_overwrite_crash_dump
Example
SR# debug system display_overwrite_crash_dump
debug system print_stats

Use this command to display WAN card statistics.
Syntax
[no] debug system print_stats
Example
SR# debug system print_stats
debug system clear_stats

Use this command to clear WAN card statistics.
Syntax
[no] debug system clear_stats
Example
SR# debug system clear_stats
debug rtp
Use this command to display RTP information.
Syntax
[no] debug rtp
Example
SR# debug rtp
1094
October 2010
debug rtp tables
debug rtp tables

Use this command to display the transmit and receive table.
Syntax
[no] debug rtp tables
Example
SR# debug rtp tables
debug rtp txtable

Use this command to display the transmit table.
Syntax
[no] debug rtp txtable
Example
SR# debug rtp txtable
debug rtp rxtable

Use this command to display the receive table.
Syntax
[no] debug rtp rxtable
Example
SR# debug rtp rxtable
debug rtp statistics

Use this command to display RTP statistics.
Syntax
[no] debug rtp statistics
October 2010
1095
Example
SR# debug rtp statistics
debug dhcp-client
Use this command to debug DHCP client.
Syntax
[no] debug dhcp-client
Example
SR#debug dhcp-client
debug dhcp_relay
Use this command to access dhcp relay debug commands.
Syntax
[no] debug dhcp_relay
Example
SR# debug dhcp_relay
debug dhcp_relay enable_debug

Use this command to enable printing of client/relay debug messages.
Syntax
[no] debug dhcp_relay enable_debug
Example
SR# debug dhcp_relay enable_debug
debug dhcp_relay display_dhcp_table

Use this command to dump the contents of the client hash table.
1096
October 2010
debug dhcp_relay display_hash_statistics
Syntax
[no] debug dhcp_relay display_dhcp_table
Example
SR# debug dhcp_relay display_dhcp_table
debug dhcp_relay display_hash_statistics

Use this command to display hash statistics for the DHCP table.
Syntax
[no] debug dhcp_relay display_hash_statistics
Example
SR# debug dhcp_relay display_hash_statistics
debug qos
Use this command to enable or disable QoS debug commands.
Syntax
[no] debug qos
Example
SR# debug qos
debug qos chassis

Use this command to access debug chassis QoS commands.
Syntax
[no] debug qos chassis
Example
SR# debug qos chassis
October 2010
1097
debug qos chassis show-buf-mgmt-info

Use this command to show buffer management information for the specified interface.
Syntax
[no] debug qos chassis show-buf-mgmt-info
Example
SR# debug qos chassis show-buf-mgmt-info
debug qos chassis show-class

Use this command to show detailed debug information for a traffic class.
Syntax
[no] debug qos chassis show-class
Example
SR# debug qos chassis show-class
debug qos chassis show-intf-qos-info

Use this command to show root class and other debug info for the interface.
Syntax
[no] debug qos chassis show-intf-qos-info
Example
SR# debug qos chassis show-intf-qos-info
debug qos chassis show-red-info

Use this command to show RED debug information for the specified bundle/PVC.
Syntax
[no] debug qos chassis show-red-info
1098
October 2010
debug qos chassis show-sch-list
Example
SR# debug qos chassis show-red-info
debug qos chassis show-sch-list

Use this command to show the scheduler list in the specified interface.
Syntax
[no] debug qos chassis show-sch-list
Example
SR# debug qos chassis show-sch-list
debug qos chassis show-sch-info

Use this command to show scheduler debug information.
Syntax
[no] debug qos chassis show-sch-info
Example
SR# debug qos chassis show-sch-info
debug qos chassis clear-sch-info

Use this command to clear and reset scheduler debug information.
Syntax
[no] debug qos chassis clear-sch-info
Example
SR# debug qos chassis clear-sch-info
debug qos chassis hist-stats-upload-info

Use this command to show debug information about historical statistics upload.
October 2010
1099
Syntax
[no] debug qos chassis hist-stats-upload-info
Example
SR# debug qos chassis hist-stats-upload-info
debug qos chassis clear-upload-counters

Use this command to clear upload debug information for historical statistics.
Syntax
[no] debug qos chassis clear-upload-counters
Example
SR# debug qos chassis clear-upload-counters
debug qos chassis show-buf-overruns

Use this command to show Rx buffer overruns on the comn stack.
Syntax
[no] debug qos chassis show-buf-overruns
Example
SR# debug qos chassis show-buf-overruns
debug qos chassis clear-buf-overruns

Use this command to clear comn stack Rx buffer overrun counters.
Syntax
[no] debug qos chassis clear-buf-overruns
Example
SR# debug qos chassis clear-buf-overruns
1100
October 2010
debug virtual-access
debug virtual-access
Use this command to configure virtual access debug commands.
Syntax
[no] debug virtual-access
Example
SR# debug virtual-access
debug virtual-access pppoe

Use this command to configure PPPoE debug commands.
Syntax
[no] debug virtual-access pppoe
Example
SR# debug virtual-access pppoe
debug virtual-access pppoe events

Use this command to enable or disable the debugging of PPPoE events.
Syntax
[no] debug virtual-access pppoe events
Example
SR# debug virtual-access pppoe events
debug virtual-access pppoe all

Use this command to enable or disable all PPPoE debugging commands.
Syntax
[no] debug virtual-access pppoe all
October 2010
1101
Example
SR# debug virtual-access pppoe all
debug virtual-access pppoe packet

Use this command to enable or disable debugging of PPPoE control packets.
Syntax
[no] debug virtual-access pppoe packet
Example
SR# debug virtual-access pppoe packet
debug virtual-access pppoe data

Use this command to enable or disable PPPoE data packet dumps.
Syntax
[no] debug virtual-access pppoe data
Example
SR# debug virtual-access pppoe data
debug virtual-access ppp

Use this command to enable or disable all PPP debugging.
Syntax
[no] debug virtual-access ppp
Example
SR# debug virtual-access ppp
debug virtual-access l2tp-server

Use this command to enable or disable all l2tp-server debugging.
1102
October 2010
debug crypto
Syntax
[no] debug virtual-access l2tp-server
Example
SR# debug virtual-access l2tp-server
debug crypto
Use this command to enable or disable IPSec debug commands.
Syntax
[no] debug crypto
Example
SR# debug crypto
debug crypto ike

Use this command to enable or disable ike debugging.
Syntax
[no] debug crypto ike
Example
SR# debug crypto ike
debug crypto ca
Use this command to enable or disable pki debug commands.
Syntax
[no] debug crypto ca [mode <mode>]
Variable
<mode>
Value
PKI mode of debugging. Default is all. Available options are:
October 2010
1103
Variable
Value
cmgr
scep
ldap
ocsp
all
Example
SR# debug crypto ca mode all
debug crypto ipsec

Use this command to enable or disable IPSec debug commands.
Syntax
[no] debug crypto ipsec [mode <mode>]
Variable
<mode>
Value
The mode of debugging. Available options are:
ipsec
spd
all
Example
SR# debug crypto ipsec mode ipsec
debug crypto ipsec mode spd

Use this command to debug nailed-up tunnel related messages.
Syntax
[no] debug crypto ipsec mode spd
Example
SR# debug crypto ipsec mode spd
1104
October 2010
debug crypto all
debug crypto all

Use this command to enable or disable all IPSec and firewall debug commands
Syntax
[no] debug crypto all
Example
SR# debug crypto all
debug crypto failover

Use this command to debug static weighted tunnel and dynamic tunnel failover messages.
Syntax
[no] debug crypto failover
Example
SR# debug crypto failover
debug firewall
Use this command to enable or disable firewall debug commands.
Syntax
[no] debug firewall
Example
SR# debug firewall
debug firewall alg

Use this command to enable or disable ALG module debugging.
Syntax
[no] debug firewall alg
October 2010
1105
Example
SR# debug firewall alg
debug firewall attack

Use this command to enable or disable attack debugging.
Syntax
[no] debug firewall attack
Example
SR# debug firewall attack
debug firewall connections

Use this command to enable or disable firewall connection debugging.
Syntax
[no] debug firewall connections
Example
SR# debug firewall connections
debug firewall ip-reassembly

Use this command to enable or disable ip-reassemby debugging.
Syntax
[no] debug firewall ip-reassembly
Example
SR# debug firewall ip-reassembly
debug firewall packet

Use this command to enable or disable a packet trace.
1106
October 2010
debug firewall all
Syntax
[no] debug firewall packet [direction <in|out|both>] [srcip <srcip>]
[destip <destip>] [protocol <protocol>] [numpkts <numpkts>]
Variable
Value
<destip>
The destination IP address.
<numpkts>
The number of packets to display. Default is 100.
<protocol>
The protocol to match. Options are:

all
1 = ICMP
6 = TCP
17 = UDP
47 = GRE
50 = ESP
51 = AH
<srcip>
The source IP address.
Example
SR# debug firewall packet protocol 1
debug firewall all

Use this command to enable or disable all firewall debugging.
Syntax
[no] debug firewall all
Example
SR# debug firewall all
debug disable-firewall
Use this command to disable the firewall in the system.
October 2010
1107
Syntax
[no] debug disable-firewall
Example
SR# debug disable-firewall
debug all
Use this command to disable all debug commands.
Syntax
[no] debug all
Example
SR# debug all
debug cspf
Use this command to debug CSPF information.
Syntax
[no] debug cspf
Example
SR# debug cspf
debug cspf events

Use this command to debug CSPF event information.
Syntax
[no] debug cspf events
Example
SR# debug cspf events
1108
October 2010
debug cspf hexdump
debug cspf hexdump

Use this command to debug CSPF message hexdumps.
Syntax
[no] debug cspf hexdump
Example
SR# debug cspf hexdump
debug cspf lsp

Use this command to debug the CSPF message mpls traffic engineering lsp.
Syntax
[no] debug cspf lsp <lsp>
Variable
<lsp>
Value
The name of the LSP.
Example
SR# debug cspf lsp
debug pcap
Use this command to configure next level packet capture commands.
Syntax
[no] debug pcap
Example
SR# debug pcap
October 2010
1109
debug pcap capture

Use this command to access packet capture related commands.
Syntax
[no] debug pcap capture <capname>
Variable
<capname>
Value
The name for the capture session.
Example
SR# debug pcap capture cap1
debug pcap capture direction

Use this command to configure packet capture direction.
Syntax
direction <in|out|both>
Variable
Value
<both>
Both directions.
<in>
Incoming packets.
<out>
Outgoing packets.
Example
SR# debug pcap capture cap1 SR/debug/pcap/capture cap1# direction in
debug pcap capture snaplen

Use this command to configure the number of bytes to be captured.
1110
October 2010
debug pcap capture count
Syntax
snaplen <0-65535>
Example
SR# debug pcap capture cap1 SR/debug/pcap/capture cap1# snaplen 1000
debug pcap capture count

Use this command to configure the number of packets to be captured.
Syntax
count <0 - 10000>
Example
SR# debug pcap capture cap1 SR/debug/pcap/capture cap1# count 5000
debug pcap capture filter

Use this command to configure the ACL applied.
Syntax
filter <aclname>
Variable
<aclname>
Value
The ACL name.
Example
SR# debug pcap capture cap1 SR/debug/pcap/capture cap1# filter
testacl
debug pcap capture wrap

Use this command to enable buffer wrap.
Syntax
wrap
October 2010
1111
Example
SR# debug pcap capture cap1 SR/debug/pcap/capture cap1# wrap
debug pcap capture size

Use this command to configure the buffer size.
Syntax
size <64-5120>
Example
SR# debug pcap capture cap1 SR/debug/pcap/capture cap1# size 2000
debug pcap capture drop-nonip

Use this command to disable the capturing of non-ip packets.
Syntax
drop-nonip
Example
SR# debug pcap capture cap1 SR/debug/pcap/capture cap1# drop-nonip
debug pcap capture attach

Use this command to configure a packet capture session for the interface.
Syntax
attach [bundle <bundle>] [ethernet <ethernet>] [tunnel <tunnel>]
Variable
1112
Value
<bundle>
<ethernet>
Specifies the ethernet interface name.
<tunnel>
Specifies the tunnel name.
October 2010
debug pcap capture commit
Example
SR# debug pcap capture cap1 SR/debug/pcap/capture cap1# attach bundle
bun1
debug pcap capture commit

Use this command to commit packet capture configurations.
Syntax
commit
Example
SR# debug pcap capture cap1 SR/debug/pcap/capture cap1# commit
debug pcap capture show-config

Use this command to show packet capture configuration.
Syntax
show-config
Example
SR# debug pcap capture cap1 SR/debug/pcap/capture cap1# show-config
debug pcap capture stats

Use this command to display packet capture statistics.
Syntax
stats
Example
SR# debug pcap capture cap1 SR/debug/pcap/capture cap1# stats
October 2010
1113
debug pcap capture dump

Use this command to display a packet capture dump.
Syntax
dump
Example
SR# debug pcap capture cap1 SR/debug/pcap/capture cap1# dump
debug pcap capture clear-stats

Use this command to clear packet capture statistics.
Syntax
clear-stats
Example
SR# debug pcap capture cap1 SR/debug/pcap/capture cap1# clear-stats
debug pcap access-list

Use this command to create or modify an IP access list.
Syntax
[no] debug pcap access-list <listname>
Variable
<listname>
Value
Example
SR# debug pcap access-list acl1
1114
October 2010
debug pcap max-sessions
debug pcap max-sessions

Use this command to configure the number of simultaneous packet capture sessions allowed.
Syntax
[no] debug pcap max-sessions <1-10>
Example
SR# debug pcap max-sessions 6
debug pcap enable

Use this command to enable or disable all configured packet capture sessions.
Syntax
[no] debug pcap enable
Example
SR# debug pcap enable
debug pcap cleanup

Use this command to delete all packet capture sessions, related statistics and data structures..
Syntax
debug pcap cleanup
Example
SR# debug pcap cleanup
debug pcap upload

Use this command to upload captured packets to a remote host.
Syntax
[no] debug pcap upload <X.X.X.X> <name> <username> <password>
October 2010
1115

Variable
Value
<name>
The filename to store as.
<password>
The password to access the server.
<username>
The username to access the server.
Example
SR# debug pcap upload 10.10.10.1 testcap testuser testpass
debug pcap save

Use this command to save the packets captured.
Syntax
[no] debug pcap save [local <filename>] [network <address> <path>]
Variable
Value
<address>
The network address.
<filename>
The filename to save as.
<path>
The path and filename for network storage.
Example
SR# debug pcap save local pcapinfo.log
debug pcap show-config

Use this command to display packet capture configurations.
Syntax
[no] debug pcap show-config
Example
SR# debug pcap show-config
1116
October 2010
debug pcap stats
debug pcap stats

Use this command to display packet capture stats.
Syntax
[no] debug pcap stats
Example
SR# debug pcap stats
debug pcap dump

Use this command to display a packet capture dump.
Syntax
[no] debug pcap dump
Example
SR# debug pcap dump
debug pcap clear-stats

Use this command to clear packet capture statistics.
Syntax
[no] debug pcap clear-stats
Example
SR# debug pcap clear-stats
debug rip
Use this command to configure RIP debugging.
Syntax
[no] debug rip
October 2010
1117
Example
SR#debug rip
debug rip all

Use this command to enable all RIP debugging.
Syntax
[no] debug rip all
Example
SR# debug rip all
debug rip events

Use this command to debug RIP events.
Syntax
[no] debug rip events
Example
SR# debug rip events
debug rip nsm

Use this command to debug RIP RIB information.
Syntax
[no] debug rip nsm
Example
SR# debug rip nsm
debug rip packet

Use this command to debug RIP packets.
1118
October 2010
debug rsvp
Syntax
[no] debug rip packet <detail|recv|send>
Variable
Value
<detail>
Detailed information displayed.
<recv>
Debug RIP receive packets.
<send>
Debug RIP send packets.
Example
SR# debug rip packet detail
debug rsvp
Use this command to debug the Resource Reservation Protocol.
Syntax
[no] debug rsvp
Example
SR# debug rsvp
debug rsvp all

Use this command to enable all debugging.
Syntax
[no] debug rsvp all
Example
SR# debug rsvp all
debug rsvp cspf

Use this command to enable debugging of CSPF messages.
October 2010
1119
Syntax
[no] debug rsvp cspf
Example
SR# debug rsvp cspf
debug rsvp events

Use this command to debug RSVP events.
Syntax
[no] debug rsvp events
Example
SR# debug rsvp events
debug rsvp fsm

Use this command to enable FSM debugging.
Syntax
[no] debug rsvp fsm
Example
SR# debug rsvp fsm
debug rsvp fsm egress

Use this command to enable RSVP Egress FSM debugging.
Syntax
[no] debug rsvp fsm egress
Example
SR# debug rsvp fsm egress
1120
October 2010
debug rsvp fsm ingress
debug rsvp fsm ingress

Use this command to enable RSVP Ingress FSM debugging.
Syntax
[no] debug rsvp fsm ingress
Example
SR# debug rsvp fsm ingress
debug rsvp fsm transit

Use this command to enable RSVP Transit FSM debugging.
Syntax
[no] debug rsvp fsm transit <downstream|upstream>
Variable
Value
<downstream>
Enable downstream debugging.
<upstream>
Enable upstream debugging.
Example
SR# debug rsvp fsm transit downstream
debug rsvp nsm

Use this command to debug RSVP NSM messages.
Syntax
[no] debug rsvp nsm
Example
SR# debug rsvp nsm
October 2010
1121
debug rsvp hexdump

Use this command to debug RSVP hexdump information.
Syntax
[no] debug rsvp hexdump
Example
SR# debug rsvp hexdump
debug rsvp packet

Use this command to debug RSVP packets.
Syntax
[no] debug rsvp packet <in|out>
Variable
Value
<in>
Incoming packets.
<out>
Outgoing packets.
Example
SR# debug rsvp packet in
debug ldp
Use this command to configure debugging of the Label Distribution Protocol.
Syntax
[no] debug ldp
Example
SR# debug ldp
1122
October 2010
debug ldp advertise-labels
debug ldp advertise-labels

Use this command to list IP access lists of advertise-labels.
Syntax
[no] debug ldp advertise-labels
Example
SR# debug ldp advertise-labels
debug ldp all

Syntax
[no] debug ldp all
Example
SR# debug ldp all
debug ldp events

Use this command to debug LDP events.
Syntax
[no] debug ldp events
Example
SR# debug ldp events
debug ldp dsm

Use this command to debug LDP downstream SM.
Syntax
[no] debug ldp dsm
October 2010
1123
Example
SR# debug ldp dsm
debug ldp fsm

Use this command to debug LDP FSM information.
Syntax
[no] debug ldp fsm
Example
SR# debug ldp fsm
debug ldp nsm

Use this command to debug LDP NSM messages.
Syntax
[no] debug ldp nsm
Example
SR# debug ldp nsm
debug ldp hexdump

Use this command to debug LDP hexdump information.
Syntax
[no] debug ldp hexdump
Example
SR# debug ldp hexdump
debug ldp packet

Use this command to debug LDP packets.
1124
October 2010
debug ldp packet address
Syntax
[no] debug ldp packet
Example
SR# debug ldp packet
debug ldp packet address

Use this command to debug LDP address packets.
Syntax
[no] debug ldp packet address
Example
SR# debug ldp packet address
debug ldp packet hello

Use this command to debug LDP hello packets.
Syntax
[no] debug ldp packet hello
Example
SR# debug ldp packet hello
debug ldp packet initialization

Use this command to debug LDP initialization packets.
Syntax
[no] debug ldp packet initialization
Example
SR# debug ldp packet initialization
October 2010
1125
debug ldp packet keepalive

Use this command to debug LDP keepalive packets.
Syntax
[no] debug ldp packet keepalive
Example
SR# debug ldp packet keepalive
debug ldp packet label

Use this command to debug LDP label packets.
Syntax
[no] debug ldp packet label
Example
SR# debug ldp packet label
debug ldp packet notification

Use this command to debug LDP notification packets.
Syntax
[no] debug ldp packet notification
Example
SR# debug ldp packet notification
debug ldp tsm

Use this command to debug the LDP trunk SM.
Syntax
[no] debug ldp tsm
1126
October 2010
debug ldp usm
Example
SR# debug ldp tsm
debug ldp usm

Use this command to debug the LDP upstream SM.
Syntax
[no] debug ldp usm
Example
SR# debug ldp usm
debug ldp vc
Use this command to debug LDP VC information.
Syntax
[no] debug ldp vc
Example
SR# debug ldp vc
debug ldp vc dsm

Use this command to debug LDP VC downstream SM.
Syntax
[no] debug ldp vc dsm
Example
SR# debug ldp vc dsm
debug ldp vc usm

Use this command to debug LDP VC upstream SM.
October 2010
1127
Syntax
[no] debug ldp vc usm
Example
SR# debug ldp vc usm
debug dot1x
Use this command to debug IEEE 802.1x Port-Based access control.
Syntax
[no] debug dot1x
Example
SR# debug dot1x
debug dot1x all

Syntax
[no] debug dot1x all
Example
SR# debug dot1x all
debug dot1x event

Use this command to enable event debugging.
Syntax
[no] debug dot1x event
Example
SR# debug dot1x event
1128
October 2010
debug dot1x packet
debug dot1x packet

Use this command to enable packet debugging.
Syntax
[no] debug dot1x packet
Example
SR# debug dot1x packet
debug dot1x timer

Use this command to enable timer debugging.
Syntax
[no] debug dot1x timer
Example
SR# debug dot1x timer
debug lacp
Use this command to configure LACP debugging.
Syntax
[no] debug lacp
Example
SR# debug lacp
debug lacp all

Use this command to turn on all debugging.
Syntax
[no] debug lacp all
October 2010
1129
Example
SR# debug lacp all
debug lacp event

Use this command to debug LACP events.
Syntax
[no] debug lacp event
Example
SR# debug lacp event
debug lacp packet

Use this command to debug LACP packets.
Syntax
[no] debug lacp packet
Example
SR# debug lacp packet
debug lacp timer

Use this command to debug LACP timers.
Syntax
[no] debug lacp timer [detail]
Variable
[detail]
Value
Display detailed information.
Example
SR# debug lacp timer
1130
October 2010
debug igmp-snooping
debug igmp-snooping
Use this command to configure igmp-snooping debugging.
Syntax
[no] debug igmp-snooping
Example
SR# debug igmp-snooping
debug igmp-snooping all

Syntax
[no] debug igmp-snooping all
Example
SR# debug igmp-snooping all
debug igmp-snooping event

Use this command to debug snooping events.
Syntax
[no] debug igmp-snooping event
Example
SR# debug igmp-snooping event
debug igmp-snooping packet

Use this command to debug snooping packets.
Syntax
[no] debug igmp-snooping packet
October 2010
1131
Example
SR# debug igmp-snooping packet
debug igmp-snooping timer

Use this command to debug snooping timers.
Syntax
[no] debug igmp-snooping timer
Example
SR# debug igmp-snooping timer
debug gvrp
Use this command to configure GVRP debugging.
Syntax
[no] debug gvrp
Example
SR# debug gvrp
debug gvrp all

Syntax
[no] debug gvrp all
Example
SR# debug gvrp all
debug gvrp cli

Use this command to enable CLI command debugging.
1132
October 2010
debug gvrp event
Syntax
[no] debug gvrp cli
Example
SR# debug gvrp cli
debug gvrp event

Use this command to enable event debugging.
Syntax
[no] debug gvrp event
Example
SR# debug gvrp event
debug gvrp packet

Use this command to debug GVRP packets.
Syntax
[no] debug gvrp packet
Example
SR# debug gvrp packet
debug gvrp timer

Use this command to debug GVRP timers.
Syntax
[no] debug gvrp timer
Example
SR# debug gvrp timer
October 2010
1133
debug ospf
Use this command to configure OSPF debugging.
Syntax
[no] debug ospf
Example
SR# debug ospf
debug ospf events

Use this command to debug OSPF event information.
Syntax
[no] debug ospf events <event>
Variable
<event>
Value
The event type. Available options are:
abr - ABR events
asbr - ASBR events
lsa - LSA events
nssa - NSSA events
os - OS interaction events
router - Router events
vlink - Virtual-Link events
Example
SR# debug ospf events nssa
debug ospf ifsm

Use this command to debug OSPF Interface State Machine.
1134
October 2010
debug ospf lsa
Syntax
[no] debug ospf ifsm [events|status|timers]
Variable
Value
[events]
IFSM event information.
[status]
IFSM status information.
[timers]
IFSM timer information.
Example
SR# debug ospf ifsm timers
debug ospf lsa

Use this command to debug OSPF Link State Advertisement.
Syntax
[no] debug ospf lsa [flooding|generate|install|maxage|refresh]
Variable
Value
[flooding]
LSA flooding.
[generate]
LSA generation.
[install]
LSA installation.
[maxage]
LSA maximum age processing.
[refresh]
LSA refreshment.
Example
SR# debug ospf lsa install
debug ospf nfsm

Use this command to debug OSPF Neighbor State Machine.
Syntax
[no] debug ospf nfsm [events|status|timers]
October 2010
1135

Variable
Value
[events]
NFSM event information.
[status]
NFSM status information.
[timers]
NFSM timer information.
Example
SR# debug ospf nfsm status
debug ospf nsm

Use this command to debug OSPF RIB information.
Syntax
[no] debug ospf nsm [interface|redistribute]
Variable
Value
[interface]
The RIB interface.
[redistribute]
RIB redistribution.
Example
SR# debug ospf nsm interface
debug ospf packet

Use this command to debug OSPF packets.
Syntax
[no] debug ospf packet <pkttype>
Variable
<pkttype>
Value
The packet type. Available choices are:
dd - datebase description
detail - detail information
1136
October 2010
debug ospf route
Variable
Value
hello - hello
ls-ack - link state acknowledgement
ls-request - link state request
ls-update - link state update
recv - received packets
send - sent packets
Example
SR# debug ospf packet dd
debug ospf route

Use this command to debug OSPF route information.
Syntax
[no] debug ospf route [ase|ia|install|spf]
Variable
Value
[ase]
External route calculation information.
[ia]
Inter-area route calculation information.
[install]
Route installation information.
[spf]
SPF calculation information.
Example
SR# debug ospf route ase
debug ospf all

Use this command to enable or disable all OSPF debugging.
Syntax
[no] debug ospf all
October 2010
1137
Example
SR# debug ospf all
debug isdn
Use this command to configure ISDN debugging.
Syntax
[no] debug isdn
Example
SR# debug isdn
debug isdn all

Use this command to enable or disable all ISDN debug commands.
Syntax
[no] debug isdn all <bundle>
Variable
<bundle>
Value
The ISDN bundle name.
Example
SR# debug isdn all test
debug isdn cc
Use this command to enable or disable call control debug messages.
Syntax
[no] debug isdn cc <bundle>
1138
October 2010
debug isdn q921

Variable
<bundle>
Value
The bundle name.
Example
SR# debug isdn cc test
debug isdn q921

Use this command to enable or disable q.921 debug messages.
Syntax
[no] debug isdn q921 <bundle>
Variable
<bundle>
Value
The bundle name.
Example
SR# debug isdn q921 test
debug isdn q921-timers

Use this command to display q.921 timers.
Syntax
[no] debug isdn q921-timers <bundle>
Variable
<bundle>
Value
The bundle name.
Example
SR# debug isdn q921-timers test
October 2010
1139
debug isdn q931

Use this command to enable or disable q.931 debug messages.
Syntax
[no] debug isdn q931 <bundle>
Variable
<bundle>
Value
The bundle name.
Example
SR# debug isdn q931 test
debug isdn q931-timers

Use this command to display q.931 timers.
Syntax
[no] debug isdn q931-timers <bundle>
Variable
<bundle>
Value
The bundle name.
Example
SR# debug isdn q931-timers test
debug isdn physical-layer

Use this command to enable or disable physical layer debug messages.
Syntax
[no] debug isdn physical-layer <bundle>
1140
October 2010
debug isdn data-path

Variable
<bundle>
Value
The bundle name.
Example
SR# debug isdn physical-layer test
debug isdn data-path

Use this command to enable or disable ISDN data path debug messages.
Syntax
[no] debug isdn data-path <bundle>
Variable
<bundle>
Value
The bundle name.
Example
SR# debug isdn data-path test
debug isdn test-isdn-call

Use this command to make an ISDN call.
Syntax
[no] debug isdn test-isdn-call <bundle>
Variable
<bundle>
Value
The bundle name.
Example
SR# debug isdn test-isdn-call test
October 2010
1141
debug isdn test-isdn-drop

Use this command to release an ISDN call.
Syntax
[no] debug isdn test-isdn-drop <bundle>
Variable
<bundle>
Value
The bundle name.
Example
SR# debug isdn test-isdn-drop test
debug isdn isdn-status

Use this command to display ISDN status for a SAP.
Syntax
[no] debug isdn isdn-status <bundle>
Variable
<bundle>
Value
The bundle name.
Example
SR# debug isdn isdn-status test
debug isdn q931Statistics

Use this command to display or reset q.931 statistics.
Syntax
[no] debug isdn q931Statistics <bundle>
1142
October 2010

Variable
<bundle>
Value
The bundle name.
Example
SR# debug isdn q931Statistics test

Use this command to display or reset q.921 statistics.
Syntax
[no] debug isdn q921Statistics <bundle>
Variable
<bundle>
Value
The bundle name.
Example
SR# debug isdn q921Statistics test
debug packet-dump
Use this command to apply an access list to an interface for packet dump.
Syntax
[no] debug packet-dump <interface> <in|out> [mac <name>] [ip <name>]
[ ipv6 <name>] [detail]
Variable
Value
<in|out>
The packet direction, in or out.
<interface>
The interface to debug.
<name>
The ruleset name.
October 2010
1143
Example
SR# debug packet-dump ethernet0/1 in ip rs1
debug tacacs
Use this command to debug RSA secure-ID related messages.
Syntax
[no] debug tacacs
This command is used for both RADIUS and TACACS+ protocols.
Example
SR# debug tacacs
1144
October 2010

NN47263-507 03.02 Command Line Reference

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

NN47263-507 03.02 Command Line Reference

Hochgeladen von

Copyright:

Verfügbare Formate

Command Line Reference

Avaya Secure Router 2330/4134

2010 Avaya Inc.

All Rights Reserved.

protected by copyright and other intellectual property laws including the

Command Line Reference

Chapter 2: Basic CLI commands...........................................................................................63

Command Line Reference

Chapter 3: File management commands..............................................................................73

Chapter 4: Commissioning commands.................................................................................77

Command Line Reference

show module configuration...........................................................................................................................100

Chapter 5: T1/E1 module configuration commands..........................................................109

Command Line Reference

show module ietfstats....................................................................................................................................126

Chapter 6: DS3 module configuration commands.............................................................129

Chapter 7: CT3 module configuration commands.............................................................137

Chapter 8: Serial module configuration commands..........................................................147

Command Line Reference

Chapter 9: HSSI module configuration commands............................................................153

Chapter 10: ISDN configuration commands.......................................................................159

Command Line Reference

configure interface bundle link prie1|prit1......................................................................................................176

Chapter 11: WAN bundle commands...................................................................................179

Chapter 12: HDLC configuration commands......................................................................181

Chapter 13: PPP/MLPPP configuration commands...........................................................183

Chapter 14: Frame Relay configuration commands..........................................................193

Command Line Reference

configure interface avc fragment_size..........................................................................................................199

Chapter 15: Static LSP commands......................................................................................221

Command Line Reference

show mpls static-ilm......................................................................................................................................223

Chapter 16: LDP commands.................................................................................................225

Chapter 17: RSVP-TE commands........................................................................................247

Command Line Reference

configure interface rsvp ack-wait-timeout......................................................................................................248

Command Line Reference

configure router rsvp explicit-null..................................................................................................................275

Chapter 18: Common MPLS commands.............................................................................291

Chapter 19: MPLS pseudowire commands.........................................................................293

Command Line Reference

configure interface mpls protocol-rsvp..........................................................................................................295

Chapter 20: Ethernet interface commands.........................................................................301

Chapter 21: Interface mode commands..............................................................................307

Chapter 22: MAC address table commands.......................................................................313

Command Line Reference

Chapter 23: PoE commands.................................................................................................319

Chapter 24: VLAN commands..............................................................................................325

Chapter 25: MSTP commands..............................................................................................331

Command Line Reference

Chapter 26: LACP commands..............................................................................................343

Chapter 27: IGMP snooping commands.............................................................................347

Chapter 28: GVRP commands..............................................................................................359

Chapter 29: Ethernet Connectivity Fault Management commands..................................365

Command Line Reference

configure oam cfm md level..........................................................................................................................367

Chapter 30: Port mirroring commands................................................................................389

Chapter 31: Bridge configuration commands....................................................................391

Chapter 32: SNMP commands.............................................................................................393

Command Line Reference

configure snmp-server contact......................................................................................................................394

Chapter 33: RMON commands.............................................................................................411

Command Line Reference

Chapter 34: DHCPv4 commands..........................................................................................417