· a 8 m 8 a o m a rT1 a m S. o z a f a m a m a m z 0 {-8-8 . Created Date: 6/4/2007 9:49:21 PM
Swcmdref a m
Transcript of Swcmdref a m
-
8/3/2019 Swcmdref a m
1/387
Juniper Networks, Inc.
1194 North Mathilda Avenue
Sunnyvale, CA 94089
USA
408-745-2000
www.juniper.net
E-Series Routers
Command Reference Guide
A to M
Release 5.1.x
Part No. 162-00739-00 Rev. A00
-
8/3/2019 Swcmdref a m
2/387
Juniper Networks is registered in the U.S. Patent and Trademark Office and in other countries as atrademark of Juniper Networks, Inc. Broadband Cable Processor, ERX, ESP, E-series, G1, G10,G-series, Internet Processor, J-Protect, Juniper Your Net, JUNOS, JUNOScript, JUNOSe, M5, M10,M20, M40, M40e, M160, M-series, NMC-RX, SDX, ServiceGuard, T320, T640, T-series, UMC, andUnison are trademarks of Juniper Networks, Inc. All other trademarks, service marks, registeredtrademarks, or registered service marks are the property of their respective owners. All specificationsare subject to change without notice.
Products made or sold by Juniper Networks (including the G1 and G10 CMTSs, ERX-310, ERX-705,ERX-710, ERX-1410, ERX-1440, M5, M10, M20, M40, M40e, M160, and T320 routers, T640 routingnode, and the JUNOS, SDX-300, and ServiceGuard software) or components thereof might becovered by one or more of the following patents that are owned by or licensed to Juniper Networks:U.S. Patent Nos. 5,473,599, 5,905,725, 5,909,440, 6,333,650, 6,359,479, and 6,406,312.
E-Series RoutersCommand Reference Guide A to M, Release 5.1.xCopyright 2003, Juniper Networks, Inc.All rights reserved. Printed in USA.
Writers: Mark Barnard, Bruce Gillham, Justine Kangas, Helen Shaw, Brian Wesley Simmons, FranSinger, Michael TaillonEditor: Fran Mues
Revision HistoryAugust 2003
The information in this document is current as of the date listed in the revision history above.
Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networksreserves the right to change, modify, transfer, or otherwise revise this publication without notice.
-
8/3/2019 Swcmdref a m
3/387
SOFTWARE LICENSE AGREEMENTa
JUNIPER NETWORKS, INC. IS WILLING TO LICENSE THE ENCLOSED SOFTWARE ANDACCOMPANYING USER DOCUMENTATION (COLLECTIVELY, THE PROGRAM) TO YOU ONLYUPON THE CONDITION THAT YOU ACCEPT ALL OF THE TERMS AND CONDITIONS OF THISLICENSE AGREEMENT. PLEASE READ THESE TERMS AND CONDITIONS CAREFULLYBEFORE COPYING OR USING THE ACCOMPANYING SOFTWARE OR INSTALLING THEHARDWARE UNIT WITH PRE-ENABLED SOFTWARE OR USING THE ACCOMPANYING USERDOCUMENTATION.
BY USING THE ACCOMPANYING SOFTWARE OR INSTALLING THE HARDWARE UNIT WITHPRE-ENABLED SOFTWARE, YOU AGREE TO BE BOUND BY THE TERMS AND CONDITIONSOF THIS LICENSE AGREEMENT. IF YOU DO NOT AGREE TO BE BOUND BY THE TERMS OFTHIS LICENSE AGREEMENT, JUNIPER NETWORKS IS UNWILLING TO LICENSE THEPROGRAM TO YOU, IN WHICH EVENT YOU SHOULD PROMPTLY WITHIN TEN (10) DAYSFROM SHIPMENT RETURN THE UNUSED SOFTWARE, USER DOCUMENTATION, ANDRELATED EQUIPMENT AND HARDWARE TO THE PLACE OF PURCHASE AND YOU WILLRECEIVE A FULL REFUND OF YOUR LICENSE FEE. THIS LICENSE AGREEMENTREPRESENTS THE ENTIRE AGREEMENT CONCERNING THE PROGRAM BETWEEN YOU ANDJUNIPER NETWORKS, AND IT SUPERSEDES ANY PRIOR PROPOSAL, REPRESENTATION ORUNDERSTANDING BETWEEN THE PARTIES.
1. License Grant. Juniper Networks, Inc. (Juniper Networks) and its suppliers and licensorshereby grant to you and you hereby accept a nonexclusive, personal and nontransferable license touse the computer software and/or hardware unit with pre-enabled software, including all patches,
error corrections, updates, and revisions thereto in machine-readable, object code form only (theSoftware), and the accompanying User Documentation on the Juniper Networks product owned byyou and only as authorized in this License Agreement. You may make one (1) archival copy of theSoftware for backup purposes provided you affix to such copy all copyright, confidentiality, andproprietary notices that appear on the original. Except as authorized under this paragraph, no copiesof the Program or any portions thereof may be made, in whole or in part, by you or any person underyour authority or control.
The Software and User Documentation are protected under copyright laws. The title to Software andUser Documentation shall remain solely with Juniper Networks and its suppliers.
Except as authorized above, you shall not: copy, in whole or in part, the Software or the related UserDocumentation; modify, reverse assemble, reverse compile, or otherwise translate, dissemble, orobtain source code for the Software or User Documentation, in whole or in part, or permit a third partyto do so; rent, lease, distribute, sell, or create derivative works of the Software; pledge, lease, rent,sublicense or share its rights under this License Agreement; or, without Juniper Networks prior
written consent, assign or transfer its rights hereunder.
2. Juniper Networks's Rights. You agree that the Software, including the User Documentation,embodies Juniper Networks's and its suppliers' and licensors' confidential and proprietary intellectualproperty protected under U.S. copyright law and you will use your best efforts to maintain theirconfidentiality. You further acknowledge and agree that Juniper Networks or its suppliers andlicensors own all right, title, and interest in and to the Software, including all intellectual propertyrights therein. You shall take no action inconsistent with Juniper Networks's or its suppliers'ownership of such Software. You shall not sublicense, assign, or otherwise disclose to any third partythe Software or any information about the operation, design, performance, or implementation of theSoftware and User Documentation without prior written consent of Juniper Networks. You agree toimplement reasonable security measures to protect such confidential and proprietary information andcopyrighted material. This License Agreement does not convey to you an interest in or to theProgram, but only the limited right of use revocable in accordance with the terms of this LicenseAgreement.
3. License Fees. The license fees paid by you are paid in consideration of the license grantedunder this License Agreement.
4. Term. This license is effective upon opening of the package(s) or use of the hardware containingthe Software, and shall continue until terminated. You may terminate this License at any time byreturning the Software, including any User Documentation, and all copies or portions thereof toJuniper Networks. This License will terminate immediately without notice from Juniper Networks ifyou breach any term or provision of this License. Upon such termination by Juniper Networks, you
a. If you and Juniper Networks, Inc., have executed another license agreement for the Program whichis now in effect, then such agreement (Negotiated Agreement) shall supersede this SoftwareLicense Agreement and shall exclusively govern the use and license terms of the Program.
-
8/3/2019 Swcmdref a m
4/387
must return the Software, including any User Documentation, and all copies or portions thereof toJuniper Networks. Termination of this License Agreement shall not prejudice Juniper Networks' rightsto damages or other available remedy.
5. Limited Software Warranty: Juniper Networks warrants, for your benefit alone, that for a periodof ninety (90) days from the date of shipment from Juniper Networks that the Software substantiallyconforms to its published specifications.
The limited warranty extends only to you as the original licensee. Your exclusive remedy and theentire liability of Juniper Networks and its suppliers under this limited warranty will be, at JuniperNetworks' option, repair or replacement of the Software, or refund of the amounts paid by you underthis License Agreement. You agree that this is your sole and exclusive remedy for breach by JuniperNetworks, its suppliers or its licensors of any warranties made under this License Agreement.
In no event does Juniper Networks warrant that the Software is error free or that you will be able tooperate the Software without problems or interruptions. Juniper Networks does not warrant: 1) thatthe functions contained in the software will meet your requirements; 2) that the Software will operatein the hardware or software combination that you may select; 3) that the operation of the Softwarewill be uninterrupted or error free; or 4) that all defects in the operation of the Software will becorrected.
This warranty does not apply if the product: 1) has been altered, except by Juniper Networks; 2) hasnot been installed, operated, repaired, or maintained in accordance with instruction supplied byJuniper Networks; or 3) has been subjected to or damaged by improper environment, abuse, misuse,accident, or negligence.
EXCEPT FOR THE WARRANTIES SET FORTH ABOVE, THE SOFTWARE IS LICENSED AS IS,AND JUNIPER NETWORKS DISCLAIMS ANY AND ALL OTHER REPRESENTATIONS,CONDITIONS, AND WARRANTIES, WHETHER EXPRESS, IMPLIED, OR STATUTORY,INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY ORFITNESS FOR A PARTICULAR PURPOSE OR ANY WARRANTIES FOR NONINFRINGEMENT ORARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. ANY AND ALL SUCHWARRANTIES ARE HEREBY EXCLUDED TO THE EXTENT ALLOWED BY APPLICABLE LAW.JUNIPER NETWORKS' SUPPLIERS AND LICENSORS DO NOT MAKE OR PASS ON TO YOU ORANY THIRD PARTY ANY EXPRESS, IMPLIED, OR STATUTORY WARRANTY ORREPRESENTATION, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OFMERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE OR ANY WARRANTIES FORNONINFRINGEMENT.
6. Proprietary Rights Indemnification. Juniper Networks shall at its expense defend you againstand, subject to the limitations set forth elsewhere herein, pay all costs and damages made in
settlement or awarded against you resulting from a claim that the Program as supplied by JuniperNetworks infringes a United States copyright or a United States patent, or misappropriates a UnitedStates trade secret, provided that you: (a) provide prompt written notice of any such claim, (b) allowJuniper Networks to direct the defense and settlement of the claim, and (c) provide Juniper Networkswith the authority, information, and assistance that Juniper Networks reasonably deems necessaryfor the defense and sett lement of the claim. You shall not consent to any judgment or decree or doany other act in compromise of any such claim without first obtaining Juniper Networks writtenconsent. In any action based on such a claim, Juniper Networks may, at its sole option, either: (1)obtain for you the right to continue using the Program, (2) replace or modify the Program to avoid theclaim, or (3) if neither (1) nor (2) can reasonably be effected by Juniper Networks, terminate thelicense granted hereunder and give you a pro rata refund of the license fee paid for such Program,calculated on the basis of straight-line depreciation over a five-year useful life. Notwithstanding thepreceding sentence, Juniper Networks will have no liability for any infringement or misappropriationclaim of any kind if such claim is based on: (i) the use of other than the current unaltered release ofthe Program and Juniper Networks has provided or offers to provide such release to you for its thencurrent license fee, or (ii) use or combination of the Program with programs or data not supplied or
approved by Juniper Networks if such use or combination caused the claim.
7. Limitation of Liability. IN NO EVENT WILL JUNIPER NETWORKS OR ITS SUPPLIERS ORLICENSORS BE LIABLE FOR ANY COST FOR SUBSTITUTE PROCUREMENT; SPECIAL,INDIRECT, INCIDENTAL, PUNITIVE, EXEMPLARY, OR CONSEQUENTIAL DAMAGES; OR ANYDAMAGES RESULTING FROM INACCURATE OR LOST DATA OR LOSS OF USE OR PROFITSARISING OUT OF OR IN CONNECTION WITH THE PERFORMANCE OF THE SOFTWARE, EVENIF JUNIPER NETWORKS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.Juniper Networks' cumulative liability to you or any other party for any loss or damages resulting fromany claims, demands, or actions arising out of or relating to this License Agreement shall not exceedthe total fees paid to Juniper Networks for the Software.
8. Export Control. Software, including technical data, is subject to U.S. export control laws,including the U.S. Export Administration Act and its associated regulations, and may be subject to
-
8/3/2019 Swcmdref a m
5/387
export or import regulations in other countries. You agree to comply strictly with all such regulationsand acknowledge that you have the responsibility to obtain licenses to export, re-export, or importSoftware.
9. Government Licensees: If any Software or associated documentation is acquired by or onbehalf of a unit or agency of the United States government, the government agrees that suchSoftware or documentation is a commercial item as that term is defined in 48 C.F.R. 2.101,consisting of commercial computer software or commercial computer software documentation as
such terms are used in 48 C.F.R. 12.212 of the Federal Acquisition Regulations and its successorsand 48 C.F.R. 227.7202-1 through 227.7202-4 of the DoD FAR Supplement and its successors. Theuse, duplication, or disclosure by the United States government of technical, data, computer softwareand documentation is subject to the restrictions set forth in FAR section 12.212(a), FAR section52.227-14(g)(2), FAR section 52.227-19, DFARS section 252.227-7015(b), DFARS section227.7202-1(a), and DFARS section 227.7202-3(a), as applicable. All United States government endusers acquire the Software with only the rights set forth in this License Agreement.
10. General: This License shall be governed by and construed in accordance with the laws of theCommonwealth of Massachusetts, United States of America, as if performed wholly within the stateand without giving effect to the principles of conflict of law. Any dispute arising out of this Agreementshall be referred to an arbitration proceeding in Boston, Massachusetts, in accordance with thecommercial arbitration rules of the American Arbitration Association (the AAA). If the parties cannotagree upon an arbitrator, arbitration shall be conducted by a neutral arbitrator selected by the AAAwho is knowledgeable in electronics equipment manufacturing and software licensing. The partiesshall share the procedural costs of arbitration equally, and each party shall pay its own attorneys'
fees and other costs and expenses associated with the arbitration, unless the arbitrator decidesotherwise. The arbitrator's award shall be in writing and shall include a statement of reasons, but thearbitrator shall not be permitted to award punitive or indirect damages. The arbitrator's decision andaward shall be final and binding and may be entered in any court having jurisdiction. The terms ofthis section shall not prevent any party from seeking injunctive relief in any court of competentjurisdiction in order to protect its proprietary and confidential information. If any term or provisionhereof is found to be void or unenforceable by a court of competent jurisdiction, the remainingprovisions of this License Agreement shall remain in full force and effect. This License Agreementconstitutes the entire agreement between the parties with respect to the use of the Software andUser Documentation and supersedes any and all prior oral or written agreements, discussions,negotiations, commitments, or understandings. No amendment, modification, or waiver of anyprovision of this License Agreement will be valid unless in writing and signed by the authorizedrepresentative of the party against which such amendment, modification, or waiver is sought to beenforced. The waiver by either party of any default or breach of this License Agreement shall notconstitute a waiver of any other or subsequent default or breach. This License Agreement shall bebinding upon the parties and their respective successors and permitted assigns.
Should you have any questions about this agreement, please contact:
Juniper Networks, Inc.1194 North Mathilda AvenueSunnyvale, CA 94089Attn: Contracts Administrator
-
8/3/2019 Swcmdref a m
6/387
-
8/3/2019 Swcmdref a m
7/387
About This Guide
This Command Reference Guide provides all the commands available to
configure an E-series router. Refer to the configuration guides fordetailed information on configuring an E-series router.
Note: If the information in the latest E-Series Release Notes differs from the
information in this guide, follow the E-Series Release Notes.
The E-series router is shipped with the latest system software installed. If
you need to install a future release or reinstall the system software, refer to
the procedures in theE-Series Installation and User Guide, Appendix B,
Installing JUNOSe Software.
E-Series Routers
Five models of E-series routers are available:
ERX-1440 router
ERX-1410 router
ERX-710 router
ERX-705 router
ERX-310 router
All models use the same software. For information about the differences
between the models, seeE-Series Installation and User Guide, Chapter 1,
E-Series Overview.
In the E-series documentation, the term ERX-14xx models refers to both
the ERX-1440 router and the ERX-1410 router. Similarly, the term
ERX-7xx models refers to both the ERX-710 router and the ERX-705
http://hw-erx-install.pdf/http://hw-erx-install.pdf/http://hw-erx-install.pdf/http://hw-erx-install.pdf/http://hw-erx-install.pdf/http://hw-erx-install.pdf/http://hw-erx-install.pdf/http://hw-erx-install.pdf/ -
8/3/2019 Swcmdref a m
8/387
About This Guideviii
router. The terms ERX-1440 router, ERX-1410 router, ERX-710 router,
ERX-705 router, and ERX-310 router refer to the specific models.
Audience
This guide is intended for experienced system and network specialists
working with E-series routers in an Internet access environment.
Conventions
Table 1 defines notice icons used in this guide, and Table 2 defines text
conventions used throughout the book, except for command syntax.
Table 3 provides command syntax conventions used primarily in the
E-SeriesCommand Reference Guide. For more information about
command syntax, seeE-Series System Basics Configuration Guide,Chapter 2, Command Line Interface.
Table 1 Notice icons
Icon Meaning Description
Informational note Indicates important features or instructions.
Caution Indicates that you may risk losing data or damaging your hardware.
Warning Alerts you to the risk of personal injury.
Table 2 Text conventions (except for command syntax)
Convention Description Examples
Bold typeface Represents commands and
keywords in text.
Command example:
Issue the clock source command.
Keyword example:
Specify the keyword exp-msg.
Bold Courier typeface Represents text that the user musttype.user input
Key name in angle brackets Indicates the name of a key on the
keyboard.
Press .
Key names linked with a plus sign
(+) in angle brackets.
Indicates that you must press two or
more keys simultaneously.
Press .
http://swconfig-system-basics.pdf/http://swconfig-system-basics.pdf/http://swconfig-system-basics.pdf/http://swconfig-system-basics.pdf/ -
8/3/2019 Swcmdref a m
9/387
Conventions
E-Series Routers
Using the no vs. the default Version of Commands
Most router configuration commands have a no version, which you can
use to negate a command (or a portion of it specified by an optional
keyword) or restore its default setting. When you use a command without
the keyword no, you can reenable a disabled feature or override a default
setting. You have the option of using the default keyword whenever theno keyword is also a choice; simply enter the keyword default instead of
no.
In most cases, when you execute the default version of a command, it
produces the exact results as the no version. There are some commands
for which the default version yields a different result than the no version.
Commands for which the default behavior differs from the no behavior
are clearly identified in this guide. Unless otherwise specified, therefore,
Plain Courier typeface Represents information as displayed
on your terminals screen.
host1#show ip ospf 2
Routing Process OSPF 2 withRouter ID 5.5.0.250
Router is an Area BorderRouter (ABR)
Italics Emphasize words.
Identify variables.
Identify chapter, appendix, and
book names.
There are two levels of access,
userandprivileged.
clusterId, ipAddress.
Appendix A, System Specifications.
Table 2 Text conventions (except for command syntax) (continued)
Convention Description Examples
Table 3 Syntax conventions in Command Reference Guide
Convention Description Examples
Words in plain text Represent keywords. terminal length
Words in italics Represent variables. mask, accessListName
Words separated by the | symbol Represent a choice to select one
keyword or variable to the left or
right of this symbol. (The keyword or
variable may be either optional or
required.)
diagnostic | line
Words enclosed in [ brackets ] Represent optional keywords or
variables.
[ internal | external ]
Words enclosed in [ brackets ]* Represent optional keywords or
variables that can be entered more
than once.
[ level1 | level2 | l1 ]*
Words enclosed in { braces } Represent required keywords or
variables.
{ permit | deny } { in | out }
{ clusterId| ipAddress }
-
8/3/2019 Swcmdref a m
10/387
About This Guidex
the default command is identical to the no command and will neither be
documented nor discussed.
The syntax for each no command is described in this guide. Some
commands do not have a no version; this is indicated in the individual
command descriptions except for the show commands, none of which
has a no version.
The CLI can act on no versions of commands when you have entered
sufficient information to distinguish the command syntactically, and
ignores all subsequent input on that line.
To be compatible with some nonE-series implementations, the no
versions of commands will accept the same options as the affirmative
version of the commands. The CLI ignores the optional input if it has no
effect on the command behavior. If using the option changes the behavior
of the no version, the individual command entry in this guide describes
the difference in behavior.
Obsolete Commands
A command that has been made obsolete in a release or in a particular
configuration mode will return a notice when you issue the command
manually:
NOTICE: This command is obsolete. It may be completely
removed from a subsequent software release.
A preferred alternate command will be provided in the notice. If you havea script that uses the obsolete command, the obsolete command is
automatically mapped to the preferred command when you run the
script. If the obsolete command no longer has a function, then that
command has no effect if you run a script containing the command.
We recommend that you use the preferred command when writing new
scripts.
Filtering show Commands
You have access to a variety ofshow commands that display router andprotocol information. You can filter the output of a show command by
specifying| (the UNIX pipe symbol), one of the following keywords, and
either a case-sensitive text string or a regular expression.
begin displays output beginning with the first line that contains the
text string or regular expression
-
8/3/2019 Swcmdref a m
11/387
Conventions
E-Series Routers
include displays output lines that contain the text string or regular
expression and excludes lines that do not contain the text string or
regular expression
exclude displays output lines that do not contain the text string or
regular expression and excludes lines that do contain the text string or
regular expression
For a list of regular expressions, seeE-Series Routing Protocols
Configuration Guide, Vol. 1, Chapter 1, Configuring Routing Policy.
You can press to interrupt the show command output.
Note: The router does not recognize beginning spaces of the text string. For
example, if you enter the include option with IP as the text string on which to
filter, the router ignores the space and displays lines that include words such as
RIP.
Example In the following example, the output display consists only of lines that
contain the stringip. The router omits all other lines of the output from
the display because none of them contain the stringip.
host1#show config include-defaults | include ip
! Configuration script generated on FRI NOV 12 1999 16:56:41UTC
ip address 192.168.1.229 255.255.255.0
ip rip receive version 2 1
ip rip send version 1
ip rip authentication mode md5 17
ip rip authentication key
ip route 10.6.0.0 255.255.0.0 192.168.1.1
ip route 10.10.0.0 255.255.0.0 192.168.1.1
ip route 10.10.0.166 255.255.255.255 192.168.1.1
ip debounce-time 0
router rip
http://swconfig-routing-vol1.pdf/http://swconfig-routing-vol1.pdf/http://swconfig-routing-vol1.pdf/http://swconfig-routing-vol1.pdf/ -
8/3/2019 Swcmdref a m
12/387
About This Guidexii
Interface Types and Specifiers
Many commands take the variablesinterfaceType and interfaceSpecifier.
Some commands support all types of interfaces, whereas other
commands support only certain types of interfaces. Similarly, some
commands support all interface specifier formats for a particular
interface type, whereas other commands support only certain interfacespecifier formats. Table 4 shows the interface specifiers for each type of
interface.
Table 4 Interface types and specifiers
Interface Type Description Interface Specifier Example
atm ATM interface or
ATM 1483 subinterface
Refer to the individual formats listed below.
ATM interface slot/port[.subinterface]
slot number of the chassis slot in
the range 06 (ERX-7xx models),
013 (ERX-14xx models), and
02 (ERX-310 router)
port port number on the I/O
module
subinterface number of the
subinterface in the range
14294967293
atm 3/2.6
ATM 1483subinterfacea
slot/port/vpi/vci
slot number of the chassis slot in
the range 06 (ERX-7xx models),
013 (ERX-14xx models), and
02 (ERX-310 router)
port port number on the I/O
module
vpi virtual path identifier of the
PVC on this ATM 1483 subinterface;
allowable numeric range depends
on the module capabilities and
current configuration
vci virtual circuit identifier of the
PVC on this ATM 1483 subinterface;
allowable numeric range dependson the module capabilities and
current configuration
atm 3/2/1/0
-
8/3/2019 Swcmdref a m
13/387
Conventions
E-Series Routers
fastEthernet IEEE 802.3 Fast
Ethernet (FE) interfaceslot/port[.subinterface1[.subinterface2]]
slot number of the chassis slot in
the range 06 (ERX-7xx models),
013 (ERX-14xx models), and02 (ERX-310 router)
port port number on the I/O
module
subinterface1 number of the FE
subinterface in the range
14294967293; not more than 2
subinterfaces per FE interface.b
subinterface2 number of the
higher-level subinterface in the
range 14294967293; not more than
4094 higher-level subinterfaces perFE subinterfaceb
fastEthernet 3/2.6.20
gigabitEthernet IEEE 802.3 Gigabit
Ethernet (GE) interface
slot/port[.subinterface1[.subinterface2]]
slot number of the chassis slot in
the range 06 (ERX-7xx models),
013 (ERX-14xx models), and
02 (ERX-310 router)
port port number on the I/O
module
subinterface1 number of the GE
subinterface in the range
14294967293; not more than 2
subinterfaces per GE interface.b
subinterface2 number of the
higher-level subinterface in the
range 14294967293; not more than
4094 higher-level subinterfaces per
GE subinterface.b
gigabitEthernet 3/2.6.20
hssi High-speed serial
interfaceslot/port
slot number of the chassis slot in
the range 06 (ERX-7xx models)
and 013 (ERX-14xx models)
port port number on the I/O
module
hssi 3/0
loopback Loopback interface integer
integer integer in the range
14294967293
loopback 20
Table 4 Interface types and specifiers (continued)
Interface Type Description Interface Specifier Example
-
8/3/2019 Swcmdref a m
14/387
About This Guidexiv
mlframe-relay Multilink frame relay
interfacebundle-name [.subinterface ]
bundle-name name of the bundle
subinterface number of the MLFRsubinterface in the range
14294967293
mlframe-relay boston.1
mlppp Multilink PPP interface bundle-name
bundle-name name of the bundle
mlppp chicago
nullc Null interface, which
cannot forward or
receive traffic
0 null 0
pos Packet over SONET
(POS) interfaceslot/port
slot number of the chassis slot in
the range 06 (ERX-7xx models),
013 (ERX-14xx models), and02 (ERX-310 router)
port port number on the I/O
module
pos 3/2
serial CE1, CT1, CT3,
E3-FRAME,
T3-FRAME,
cOCx/STMx interface,
or X.21/V.35 interface
Refer to the individual formats listed below.
CE1/CT1 slot/port:channel-group
slot number of the chassis slot in
the range 06 (ERX-7xx models)and 013 (ERX-14xx models)
port port number on the I/O
module
channel-group number of the
channel group associated with a
range of DS0 timeslots on a CE1 or
CT1 module; in the range 131 for a
CE1 module, and 124 for a CT1
module
serial 3/2:20
Table 4 Interface types and specifiers (continued)
Interface Type Description Interface Specifier Example
-
8/3/2019 Swcmdref a m
15/387
Conventions
E-Series Routers
CT3 slot/port:channel/subchannel
slot number of the chassis slot in
the range 06 (ERX-7xx models)
and 013 (ERX-14xx models)
port port number on the I/O
module
channel- number of a T1 channel on
a CT3 module; in the range 128
subchannel number of the channel
group associated with a range of
DS0 timeslots on a CT3 module; in
the range 128
serial 3/2:20/15
E3/T3 FRAME slot/port
slot number of the chassis slot in
the range 06 (ERX-7xx models)
and 013 (ERX-14xx models)
port port number on the I/O
module
serial 3/2
cOCx/STMx:unframed E1
slot/port:path-channel/path-payload/
tributary-group/tributary-number/
channelNumber
slot number of the chassis slot in
the range 06 (ERX-7xx models),
013 (ERX-14xx models), and
02 (ERX-310 router)
port port number on the I/Omodule
path-channel number of the
STS-1or STM-0 line in the range
12147483648
path-payload number of the
payload within the path
tributary-group number of the
tributary group within the path
tributary-number number of the
tributary within the group
channelNumber 1 (the routerassigns the number one to an
unframed E1 channel)
serial 3/0:10/1/2/2/1
Table 4 Interface types and specifiers (continued)
Interface Type Description Interface Specifier Example
-
8/3/2019 Swcmdref a m
16/387
About This Guidexvi
cOCx/STMx:fractional
E1/T1
slot/port:path-channel/path-payload/
tributary-group/tributary-number/
channel-group
slot number of the chassis slot inthe range 06 (ERX-7xx models),
013 (ERX-14xx models), and
02 (ERX-310 router)
port port number on the I/O
module
path-channel number of the
STS-1or STM-0 line in the range
12147483648
path-payload number of the
payload within the path
tributary-group number of thetributary group within the path
tributary-number number of the
tributary within the group
channel-group number of a
fractional T1 or E1 line
serial 3/0:10/1/2/2/1
cOCx/STMx:unchannelized
DS3
slot/port:path-channel/
ds3-channel-number
slot number of the chassis slot in
the range 06 (ERX-7xx models),
013 (ERX-14xx models), and
02 (ERX-310 router) port port number on the I/O
module
path-channel number of the
STS-1or STM-0 line in the range
12147483648
ds3-channel-number number of a
T3 channel
serial 3/0:1/1
Table 4 Interface types and specifiers (continued)
Interface Type Description Interface Specifier Example
-
8/3/2019 Swcmdref a m
17/387
Conventions
E-Series Routers
cOCx/STMx:DS3
channelized to
DS0
slot/port:path-channel/
ds3-channel-number/
ds1-channel-number
/subchannel-number slot number of the chassis slot in
the range 06 (ERX-7xx models),
013 (ERX-14xx models), and
02 (ERX-310 router)
port port number on the I/O
module
path-channel number of the
STS-1or STM-0 line in the range
12147483648
ds3-channel-number number of a
T3 channel ds1-channel-number number of a
T1 channel
subchannel-number number of a
fractional T1 channel
serial 3/0:1/1/10/15
X.21/V.35 slot/port
slot number of the chassis slot in
the range 06 (ERX-7xx models)
and 013 (ERX-14xx models)
port port number on the I/O
module
sonet line layer Line layer of aSONET/SDH interface
slot/port
slot number of the chassis slot in
the range 06 (ERX-7xx models),
013 (ERX-14xx models), and
02 (ERX-310 router)
port port number on the I/O
module
sonet 3/0
sonet path layer Path layer of a
SONET/SDH interface
slot/port:path-channel
slot number of the chassis slot in
the range 06 (ERX-7xx models),
013 (ERX-14xx models), and
02 (ERX-310 router) port port number on the I/O
module
path-channel number of the
STS-1or STM-0 line in the range
12147483648
sonet 3/0:2
Table 4 Interface types and specifiers (continued)
Interface Type Description Interface Specifier Example
-
8/3/2019 Swcmdref a m
18/387
About This Guidexviii
Documentation
TheE-SeriesInstallation Quick Start poster is shipped in the box with all
new routers. This poster provides the basic procedures to help you get the
router up and running quickly.
With each software release, we provide theE-Series Routers
Documentation CD (formerly ERX Edge Routers Documentation CD).
The documentation CD contains the document set in PDF format and
HTML format (with and without frames). From the HTML files, you can
also access PDF files of individual chapters and appendixes.
The documentation is also available on the Web. You can order a set of
printed documents from your Juniper Networks sales representative.
The document set comprises the following books:
E-SeriesInstallation and User Guide Provides the necessary
procedures for getting the router operational, including information on
installing, cabling, powering up, configuring the router for
management access, and general troubleshooting. Describes SRP
modules, line modules, and I/O modules available for the E-series
routers, and provides information about the compatibility of line
modules and I/O modules with software releases. Lists the layer 2
sonet section layer Section layer of a
SONET/SDH interfaceslot/port
slot number of the chassis slot in
the range 06 (ERX-7xx models),
013 (ERX-14xx models), and02 (ERX-310 router)
port port number on the I/O
module
sonet 3/0
tunnel Tunnel interface tunnel-type:tunnel-name
tunnel-type type of the tunnel:
dvmrp, gre, ipsec, l2tp, or mpls
tunnel-name name of the tunnel
tunnel gre:boston
a.You can use the atmslot/port/vpi/vciinterface specifier format as an alternative to the atmslot/port.subinterface
format with the specific show interface and show subinterface commands to monitor all ATM 1483 subinterfaces
(except NBMA interfaces) as well as the upper-layer interfaces configured over an ATM 1483 subinterface. Youcannot, however, use the atmslot/port/vpi/vciformat to create or modify an ATM 1483 subinterface.
b.See the interface fastEthernetcommand and the interface gigabitEthernet command for details on specifying
subinterfaces with and without VLANs on Ethernet interfaces.
c.You cannot configure values on the null interface. This interface acts as a data sink; it cannot forward or receive
traffic.
Table 4 Interface types and specifiers (continued)
Interface Type Description Interface Specifier Example
-
8/3/2019 Swcmdref a m
19/387
Documentation
E-Series Routers
protocols, layer 3 protocols, and applications that line modules and
their corresponding I/O modules support.
E-SeriesSystem Basics Configuration Guide Describes planning and
configuring your network, managing the router, configuring passwords
and security, configuring the router clock, and configuring virtual
routers. Includes a list of references that provide information on the
protocols and features supported by the router.
E-SeriesPhysical Layer Configuration Guide Describes configuring
physical layer interfaces.
E-SeriesLink Layer Configuration Guide Describes configuring link
layer interfaces.
E-SeriesRouting Protocols Configuration Guide, Vol. 1 Provides
information about configuring routing policy and configuring IP, IP
routing, and IP security. E-SeriesRouting Protocols Configuration Guide, Vol. 2 Describes
BGP routing, MPLS, BGP-MPLS VPNs, and encapsulation of layer 2
services.
E-Series Policy and QoS Configuration Guide Provides information
about configuring policy management and quality of service (QoS).
E-SeriesBroadband Access Configuration Guide Provides
information about configuring remote access.
E-SeriesCommand Reference Guide A to M; E-SeriesCommandReference Guide N to Z Together comprise theE-Series Command
Reference Guide. Contain important information about commands
implemented in the system software. Use to look up command
descriptions, command syntax, a commands related mode, or a
description of a commands parameters. Use with the E-series
configuration guides.
E-SeriesProduct Overview Guide Gives a thorough overview of the
router from a software and hardware perspective. It provides
illustrations and configuration examples that present the big picture.
MIBS
Copies of the MIBs available in a software release are included on the
JUNOSe Software CD (formerly ERX Edge Routers Software CD) and
on the Web.
-
8/3/2019 Swcmdref a m
20/387
About This Guidexx
Release Notes
Release notes are included on the corresponding software CD and are
available on the Web.
In theRelease Notes, you will find the latest information about features,
changes, known problems, resolved problems, and system maximum
values. If the information in theRelease Notes differs from the
information found in the documentation set, follow theRelease Notes.
Abbreviations
A complete list of abbreviations used in this document set, along with
their spelled-out terms, is provided in theE-Series System Basics
Configuration Guide, Appendix A, Abbreviations and Acronyms.
Web Access To view the documentation on the Web, go to:
http://www.juniper.net/techpubs/
Comments About the Documentation
We encourage you to provide feedback, comments, and suggestions so
that we can improve the documentation to better meet your needs. Please
e-mail your comments to:
Along with your comments, be sure to indicate:
Document name
Document part number
Page number
Software release version
Contacting Customer Support
For technical support, contact Juniper Networks at [email protected],
or at 1-888-314-JTAC (within the United States) or 408-745-9500 (from
outside the United States).
http://swconfig-system-basics.pdf/http://swconfig-system-basics.pdf/http://www.juniper.net/techpubs/http://swconfig-system-basics.pdf/http://swconfig-system-basics.pdf/http://www.juniper.net/techpubs/ -
8/3/2019 Swcmdref a m
21/387
List of Commands, A to M
aaa accounting acct-stop on-aaa-failure
Description: Configures AAA to send an Acct-Stop message if a user fails AAA, butRADIUS grants access. The no version returns the parameter to the default ofenable.
Syntax: aaa accounting acct-stop on-aaa-failure { enable | disable }
no aaa accounting acct-stop on-aaa-failure
Mode(s): Global Configuration
aaa accounting acct-stop on-access-deny
Description: Issues an Acct-Stop message if RADIUS denies access. The no versionreturns the parameter to the default of disable.
Syntax: aaa accounting acct-stop on-access-deny { enable | disable }
no aaa accounting acct-stop on-access-deny
Mode(s): Global Configuration
aaa accounting duplication
Description: Sends duplicate accounting records to the accounting server of a differentvirtual router. The no version disables the feature.
Syntax: aaa accounting duplication routerName
no aaa accounting duplication
routerName virtual router name
Mode(s): Global Configuration
-
8/3/2019 Swcmdref a m
22/387
aaa accounting interval2
aaa accounting interval
Description: Specifies the accounting interval. The no version sets the value to 0, whichturns off interim accounting.
Syntax: aaa accounting intervalperiod
no aaa accounting interval
period accounting interval in minutes in the range 101080, which setsthe time period between accounting updates
Mode(s): Global Configuration
aaa accounting ppp default
Description: Specifies the default accounting protocol for PPP. The no version producesthe same result as specifying the radius value.
Syntax: aaa accounting ppp default accountor[ accountor]*
no aaa accounting ppp default
accountor specifies the accounting method:
radius uses RADIUS for the accounting method
none disables accounting
* indicates that one or more parameters can be repeated multiple times ina list in the command line
Mode(s): Global Configuration
-
8/3/2019 Swcmdref a m
23/387
aaa authentication enable default
E-Series Routers
aaa authentication enable default
Description: Allows privilege determination to be authenticated through the authenticator(s)you specify. This authentication is applied to vty users. The no versionremoves the authentication settings.
Syntax: aaa authentication enable default authenticator[ authenticator]*no aaa authentication enable default
authenticator specifies the authentication method used:
radius use RADIUS authentication
line use the line password
tacacs+ use TACACS+ authentication
none use no authentication
enable use the enable password
* indicates that one or more parameters can be repeated multipletimes in a list in the command line
Mode(s): Global Configuration
aaa authentication login
Description: Creates an authentication list and the criteria for login. This authentication isapplied to vty users. The no version disables AAA authentication.
Syntax: aaa authentication login { default | authListName } authenticator
[ authenticator]*no aaa authentication login authListName
default specifies the use of the default login for authentication
authListName specifies an existing authentication list name (createdusing the login authentication command); a string of 132 characters
authenticator specifies the authentication method:
line use the line password for authentication
none use no authentication
radius use RADIUS authentication tacacs+ use TACACS+ authentication
* indicates that one or more parameters can be repeated multiple times ina list in the command line
Mode(s): Global Configuration
-
8/3/2019 Swcmdref a m
24/387
aaa authentication ppp default4
aaa authentication ppp default
Description: Specifies the default authentication protocol for PPP and DHCP clients. Theno version produces the same result as specifying the radius value.
Syntax: aaa authentication ppp default authenticator[ authenticator]*
no aaa authentication ppp default
authenticator specifies the authentication method:
enable use the enable password
line use the line password
none means authentication is off, allowing all users access
radius uses RADIUS for authentication
tacacs+ use TACACS+ authentication
* indicates that one or more parameters can be repeated multiple times in
a list in the command line
Mode(s): Global Configuration
-
8/3/2019 Swcmdref a m
25/387
aaa authorization
E-Series Routers
aaa authorization
Description: Sets parameters that restrict a users access to a network. The no versiondisables authorization for a function.
Syntax: aaa authorization { exec | commands level} authorListNameauthMethod
[ authMethod]*no aaa authorization { exec | commands level} authorListName
exec runs authorization to determine if the user is allowed to run Execmode commands
commands runs authorization for all commands at the specified privilegelevel
level privilege level; a number in the range 015
authorListName specifies the name of the authorization methods list ofup to 32 characters
authMethod specifies the authorization method used:
if-authenticated allows the user to access the requested function if theuser is authenticated
none NAS does not request authorization information; authorization isnot performed over this line
tacacs+ NAS exchanges authorization information with the TACASC+security daemon
* indicates that one or more parameters can be repeated multiple times ina list in the command line
Mode(s): Global Configuration
aaa authorization config-commands
Description: Reauthorizes the use of Global Configuration commands. This command isenabled by default when the aaa authorization commands command isexecuted. The no version disables AAA configuration command authorization.
Note: Using the no version can potentially reduce the amount of
administrative control on configuration commands.
Syntax: [ no ] aaa authorization config-commands
Mode(s): Global Configuration
-
8/3/2019 Swcmdref a m
26/387
aaa delimiter6
aaa delimiter
Description: Specifies delimiters for the domain and realm names. You can specify up toeight delimiters each for domain and realm names. The no version restoresthe default value.
Syntax: aaa delimiter { domainName | realmName } delimitersno aaa delimiter { domainName | realmName }
domainName allows you to set delimiters for the domain name
realmName allows you to set delimiters for the realm name
delimiters either the domain or realm delimiter(s). You can specify up toeight characters.
The default domain name delimiter is @.
The default realm name delimiter is NULL (no character). In this case,realm parsing is disabled (having no delimiter disables realm parsing).
Mode(s): Global Configuration
aaa dns
Description: Specifies the IP address of the primary DNS name server. The no version setsthe corresponding address to 0.
Syntax: aaa dns { primary | secondary } ipAddress
no aaa dns { primary | secondary }
primary specifies the primary DNS name server secondary specifies the secondary DNS name server
ipAddress IP address of the name server
Mode(s): Global Configuration
-
8/3/2019 Swcmdref a m
27/387
aaa domain-map
E-Series Routers
aaa domain-map
Description: Maps a user domain name to a virtual router. When you specify only thedomain name, the command sets the mode to Domain Map Configuration. Theno version deletes the map entry.
Syntax: aaa domain-map domainName [ routerName [ loopback interfaceNumber] ]no aaa domain-map domainName
domainName user domain name; specify the domain name none toassign users without domains to a specific virtual router.
routerName router name associated with the domain name
loopback specifies the loopback interface
interfaceNumber interface number in the range 032000
Mode(s): Global Configuration
aaa duplicate-address-check
Description: Allows you to enable or disable routing table address lookup or duplicateaddress check. There is no no version.
Syntax: aaa duplicate-address-check { enable | disable }
Note: To use this command, you must have a B-RAS license. Run the license
b-ras command and enter your password.
Mode(s): Global Configuration
aaa intf-desc-format include sub-intf
Description: Specifies whether the subinterface is included in or omitted from the interfacedescription that the router passes to RADIUS for inclusion in the NAS-Port-Idattribute. Also affects the Interface field displayed by the show subscriberscommand. The no version restores the default, in which the subinterface isincluded.
Syntax: aaa intf-desc-format include sub-intf { enable | disable }
no aaa intf-desc-format include sub-intf
enable includes the subinterface (when it is available) in the interfacedescription; this is the default
disable omits the subinterface from the interface description
Mode(s): Global Configuration
-
8/3/2019 Swcmdref a m
28/387
aaa ipv6-dns8
aaa ipv6-dns
Description: Specifies the IPv6 address of the primary DNS name server. The no versionsets the corresponding address to 0 (or ::).
Syntax: aaa ipv6-dns { primary | secondary } ipv6Address
no aaa ipv6-dns { primary | secondary }
primary specifies the primary DNS name server
secondary specifies the secondary DNS name server
ipv6Address IPv6 address of the name server
Mode(s): Global Configuration
aaa new-model
Description: Specifies AAA authentication for Telnet sessions. The no version restoressimple authentication (login and password).
Syntax: [ no ] aaa new-model
Mode(s): Global Configuration
aaa parse-order
Description: Specifies the order in which the router searches for a domain name. It eithersearches for realm and then domain, or it searches for domain and then realm.The no version returns the parse order to the default of searching for realmfirst.
Syntax: aaa parse-order { domain-first | realm-first }
no aaa parse-order
domain-first causes the router to search for a domain name starting withthe right-most character. When the router reaches a delimiter, it usesanything to the right of the delimiter as the domain name.
realm-first causes the router to search for a domain name starting withthe left-most character. When the router reaches a delimiter, it usesanything to the left of the delimiter as the domain name.
Mode(s): Global Configuration
-
8/3/2019 Swcmdref a m
29/387
aaa profile
E-Series Routers
aaa profile
Description: Creates a new AAA profile to allow mapping to AAA services.
Syntax: aaa profileprofileName
profileName profile name of up to 32 characters
Mode(s): AAA Profile Configuration
aaa subscriber limit per-port
Description: Sets the maximum number of active subscribers permitted on the specifiedport. The no version returns the limit to the default, 0 (zero).
Syntax: aaa subscriber limit per-port interfaceValuelimitValue
no aaa subscriber limit per-port interfaceValue
interfaceValue location of the interface in the slot/port format limitValue maximum number of subscribers. The default is 0 (zero),
which means there is no limit on the number of subscribers.
Mode(s): Global Configuration
aaa subscriber limit per-vr
Description: Sets the maximum number of active subscribers permitted on the virtualrouter. The no version returns the limit to the default, 0 (zero).
Syntax: aaa subscriber limit per-vrlimitValue
no aaa subscriber limit per-vr
limitValue maximum number of subscribers. The default is 0 (zero),which means there is no limit on the number of subscribers.
Mode(s): Global Configuration
aaa timeout
Description: Sets either the default idle or session timeout for B-RAS PPP users. The no
version deletes either the idle or session timeout.
Syntax: aaa timeout { idle idleTimeout| session sessionTimeout}
no aaa timeout { idle | session }
idleTimeout in seconds, 3007200
sessionTimeout in seconds, 601814400 (that is, a minimum of 1 minuteto a maximum of 21 days)
Mode(s): Global Configuration
-
8/3/2019 Swcmdref a m
30/387
aaa tunnel assignment-id-format10
aaa tunnel assignment-id-format
Description: Sets the format for the tunnel assignment ID. Use the no version to set thetunnel assignment ID to the default, assignmentID.
Syntax: aaa tunnel assignment-id-format { assignmentId | client-server-id }
no aaa tunnel assignment-id-format
assignmentId configures the format to be assignmentId only
client-server-id configures the format to be a combination ofclientAuthId + serverAuthId + assignmentId
Mode(s): Global Configuration
aaa tunnel calling-number-format
Description: Configures the E-series LAC to generate L2TP Calling Number attribute value
pair (AVP) 22 in a fixed format similar to RADIUS attribute 31(Calling-Station-Id). Use the no version to return the calling number format tothe default, descriptive.
Syntax: aaa tunnel calling-number-format { descriptive | fixed }
no aaa tunnel calling-number-format
descriptive default format
fixed format calling number AVP to RADIUS format
Mode(s): Global Configuration
aaa tunnel client-name
Description: Specifies the default tunnel client name. If the tunnel client name is notincluded in the tunnel attributes that are returned from the domain map orauthentication server, the router uses the default name. The no versiondeletes the client name.
Syntax: aaa tunnel client-name name
no aaa tunnel client-name
name default tunnel client name; a string of up to 32 characters
Mode(s): Global Configuration
-
8/3/2019 Swcmdref a m
31/387
aaa tunnel ignore
E-Series Routers
aaa tunnel ignore
Description: Specifies whether the tunnel peers NAS-Port [5] and NAS-Port-Type [61]attributes should be used. The no version negates the command or restoresthe default of enable.
Syntax: aaa tunnel ignore { nas-port | nas-port-type } { enable | disable }no aaa tunnel ignore { nas-port | nas-port-type }
nas-port configures the tunnel peers supplied nas-port value
nas-port-type configures the tunnel peers supplied nas-port-type value
Mode(s): Global Configuration
aaa tunnel password
Description: Specifies the default tunnel password. If the tunnel password is not included in
the tunnel attributes that are returned from the domain map or authenticationserver, the router uses the default password. The no version deletes thepassword.
Syntax: aaa tunnel password name
no aaa tunnel password
name default tunnel password; a string of up to 32 characters
Mode(s): Global Configuration
aaa wins
Description: Specifies the IP address of the WINS name server. The no version sets thecorresponding address to 0.
Syntax: aaa wins { primary | secondary } ipAddress
no aaa wins { primary | secondary }
primary specifies the primary WINS name server
secondary specifies the secondary WINS name server
ipAddress IP address of the name server
Mode(s): Global Configuration
-
8/3/2019 Swcmdref a m
32/387
access-class in12
access-class in
Description: Restricts incoming connections between a particular virtual terminal line andthe addresses in an access list. The no version removes access restrictions.
Syntax: access-class listName in
no access-class [ listName ]in
listName name of the access list
Mode(s): Line Configuration
-
8/3/2019 Swcmdref a m
33/387
access-list
E-Series Routers
access-list
Description: Defines a standard or extended IP access list. The extended access listenables you to specify a destination address or host, precedence, and type ofservice. Imposes an implicit last rule of deny ip any any to deny all routes thatdo not match previous rules in the access list. The no version removes the IP
access list, the specified entry in an access list, or the log for a specified entry.
Syntax: Standard IP access list:
access-list accessListName { permit | deny } { srcIP srcWildIp |[ host ] srcIPHost| any } [ log ]
no access-list accessListName [ { permit | deny } { srcIP srcWildIp |[ host ] srcIPHost| any } [ log ] ]
Extended IP access list:
access-list accessListName { permit | deny } ip { srcIPsrcWildIp |host srcIPHost| any } { dstIPdstWildIp | host dstIPHost| any } [ log ]
no access-list accessListName [ { permit | deny } ip { srcIPsrcWildIp |host srcIPHost| any } { dstIPdstWildIp | host dstIPHost| any } [ log ] ]
accessListName string of up to 32 alphanumeric characters
permit permits access if the conditions are matched
deny denies access if the conditions are matched
srcIP source IP address from which the packet is being sent
srcWildIp wildcard mask IP address
srcIPHost source host IP address; assumes a wildcard mask of 0
any creates an address of 0.0.0.0 with a wildcard mask of255.255.255.255
dstIP destination IP address
dstWildIp wildcard mask IP address for destination
dstIPHost destination host IP address to which the packet is being sent
preced number from 1 to the access list maximum that indicates theprecedence level to which packets are filtered
typeOServ number from 1 to the access list maximum that indicates thetype of service to which packets are filtered
log logs an Info event into the ipAccessList log whenever the access-listrule is matched
Mode(s): Global Configuration
-
8/3/2019 Swcmdref a m
34/387
address14
address
Description: From Domain Map Tunnel Configuration mode, sets the tunnel endpointaddress of an L2TP tunnel. The no version removes the address of the tunnel.
From Interface Configuration or Subinterface Configuration mode, configures
RIP to run on the interface specified by the IP address or on an unnumberedinterface. Uses the default values: send version is RIP version 1, receiveversion is RIP version 1 and version 2, authentication is not enabled. The noversion deletes the RIP interface. Use the address commands to configureRIP attributes on the network.
From NAT Pool Configuration mode, configures NAT IP address pool ranges.The no version removes the range from the current NAT address pool.
Syntax: To set the tunnel endpoint address:
address serverAddress
no address
To configure RIP:
[ no ] address { ipAddress | unnumbered interfaceType interfaceSpecifier}
serverAddress IP address of the LNS endpoint
ipAddress address of IP interface where RIP will be run
unnumbered specifies that RIP will be run on an unnumbered interface
interfaceType interface type; see Interface Types and Specifiers inAbout This Guide
interfaceSpecifier particular interface; format varies according to
interface type; see Interface Types and Specifiers inAbout This GuideTo configure NAT address pool ranges:
[ no ] address startIpAddress endIpAddress
startIpAddress starting IP address (inclusive) of the NAT pool range youare creating
endIpAddress ending IP address (inclusive) of the NAT pool range youare creating
Mode(s): Interface Configuration (RIP), Subinterface Configuration (RIP), Domain MapTunnel Configuration, IP NAT Pool Configuration
-
8/3/2019 Swcmdref a m
35/387
address area
E-Series Routers
address area
Description: Creates an interface on which OSPF runs in the specified area, on top of theIP interface at the specified IP address. Uses the default values. The noversion deletes OSPF interfaces. If the OSPF network was previouslyspecified with the network area command, the OSPF interface already exists,
and you do not need to use this command, unless you want to change thearea of the OSPF interface to an area different from the one specified by thenetwork area command.
Syntax: [ no ] address { ipAddress | unnumbered interfaceType interfaceSpecifier}area { areaId | areaIdInt}
ipAddress IP address of the interface on which OSPF will be run
unnumbered configures OSPF on an unnumbered interface
interfaceType interface type; see Interface Types and SpecifiersinAboutThis Guide
interfaceSpecifier particular interface; format varies according tointerface type; see Interface Types and Specifiers inAbout This Guide
areaId OSPF area ID in IP address format
areaIdInt OSPF area ID as a decimal value in the range 14294967295
Note: Before you issue this command, you must first configure an interface
with the IP address specified byipAddress or an interface configured asunnumbered.
Note: You must issue this command before issuing any other OSPFaddress
command.
Mode(s): Router Configuration
-
8/3/2019 Swcmdref a m
36/387
address authentication key16
address authentication key
Description: Specifies the password for text authentication and the key for MD5authentication. The no version clears the key for the interface. Supported onlyin RIP version 2. Authentication is disabled by default.
Syntax: address { ipAddress | unnumbered interfaceType interfaceSpecifier}authentication key [ 0 | 8 ] authkey
no address [ ipAddress | unnumbered interfaceType interfaceSpecifier]authentication key
ipAddress address of IP interface where RIP will be run
unnumbered specifies that RIP will be run on an unnumbered interface
interfaceType interface type; see Interface Types and SpecifiersinAboutThis Guide
interfaceSpecifier particular interface; format varies according to
interface type; see Interface Types and Specifiers inAbout This Guide 0 indicates the authKeyis entered in unencrypted form (plaintext); this is
the default option
8 indicates the authKeyis entered in encrypted form (ciphertext)
authkey password sent with RIP messages or the key used toencrypt/decrypt RIP messages, depending on the authentication mode setfor this interface
Mode(s): Interface Configuration, Subinterface Configuration
-
8/3/2019 Swcmdref a m
37/387
address authentication-key
E-Series Routers
address authentication-key
Description: Assigns a password used by neighboring routers that are using OSPF simplepassword authentication. The no version deletes the password.
Syntax: [ no ] address { ipAddress | unnumbered interfaceType interfaceSpecifier}
authentication-key [ 0 | 8 ] authKey ipAddress OSPF interface address previously specified with the address
command
unnumbered indicates that OSPF is running on an unnumbered interfacepreviously specified with the address command
interfaceType interface type; see Interface Types and SpecifiersinAboutThis Guide
interfaceSpecifier particular interface; format varies according tointerface type; see Interface Types and Specifiers inAbout This Guide
0 indicates the authKeyis entered in unencrypted form (plaintext); this isthe default option
8 indicates the authKeyis entered in encrypted form (ciphertext)
authKey password, string of up to 8 characters
Note: You must issue the address areacommand before issuing this
command.
Mode(s): Router Configuration
-
8/3/2019 Swcmdref a m
38/387
address authentication message-digest18
address authentication message-digest
Description: Specifies that MD5 authentication is used for the OSPF interface. The noversion sets authentication for the interface to none, but leaves any configuredMD5 key intact.
Syntax: [ no ] address { ipAddress | unnumbered interfaceType interfaceSpecifier}authentication message-digest
ipAddress OSPF interface address previously specified with the addresscommand
unnumbered indicates that OSPF is running on an unnumbered interfacepreviously specified with the address command
interfaceType interface type; see Interface Types and SpecifiersinAboutThis Guide
interfaceSpecifier particular interface; format varies according tointerface type; see Interface Types and Specifiers inAbout This Guide
Note: You must issue the address areacommand before issuing this
command.
Mode(s): Router Configuration
-
8/3/2019 Swcmdref a m
39/387
address authentication mode
E-Series Routers
address authentication mode
Description: Specifies the type of authentication used on this interface. The no versionremoves authentication from the interface. Supported only in RIP version 2.Authentication is disabled by default.
Syntax: address { ipAddress | unnumbered interfaceType interfaceSpecifier}authentication mode { text | md5 keyID }
no address [ ipAddress | unnumbered interfaceType interfaceSpecifier]authentication mode
ipAddress address of IP interface where RIP will be run
unnumbered specifies RIP will be run on an unnumbered interface
interfaceType interface type; see Interface Types and SpecifiersinAboutThis Guide
interfaceSpecifier particular interface; format varies according to
interface type; see Interface Types and Specifiers inAbout This Guide text simple text password is sent with each RIP message. If the password
is not possessed by neighbors, the message is rejected.
md5 MD5 message-digest algorithms are used to encrypt and compressthe RIP message.
keyID number identifying the MD5 key. Neighbors must share the MD5key to decrypt the message and encrypt the response.
Mode(s): Interface Configuration, Subinterface Configuration
-
8/3/2019 Swcmdref a m
40/387
address authentication-none20
address authentication-none
Description: Specifies that no authentication is to be used for the OSPF interface. The noversion has no effect.
Syntax: [ no ] address { ipAddress | unnumbered interfaceType interfaceSpecifier}
authentication-none ipAddress OSPF interface address previously specified with the address
command
unnumbered indicates that OSPF is running on an unnumbered interfacepreviously specified with the address command
interfaceType interface type; see Interface Types and SpecifiersinAboutThis Guide
interfaceSpecifier particular interface; format varies according tointerface type; see Interface Types and Specifiers inAbout This Guide
Note: You must issue the address areacommand before issuing thiscommand.
Mode(s): Router Configuration
address cost
Description: Specifies a cost metric for an OSPF interface. Used in the calculation of theSPF routing table. The no version resets the path cost to the default.
Syntax: [ no ] address { ipAddress | unnumbered interfaceType interfaceSpecifier}
cost intfCost
ipAddress OSPF interface address previously specified with the addresscommand
unnumbered indicates that OSPF is running on an unnumbered interfacepreviously specified with the address command
interfaceType interface type; see Interface Types and SpecifiersinAboutThis Guide
interfaceSpecifier particular interface; format varies according tointerface type; see Interface Types and Specifiers inAbout This Guide
intfCost link state metric cost; a number in the range 065535; defaultvalue is 10
Note: You must issue the address areacommand before issuing this
command.
Mode(s): Router Configuration
-
8/3/2019 Swcmdref a m
41/387
address dead-interval
E-Series Routers
address dead-interval
Description: Sets the time period that the routers neighbors should wait without seeinghello packets from the router before they declare the router to be down. Theno version resets the dead interval to its default.
Syntax: [ no ] address { ipAddress | unnumbered interfaceType interfaceSpecifier}dead-interval deadInterval
ipAddress OSPF interface address previously specified with the addresscommand
unnumbered indicates that OSPF is running on an unnumbered interfacepreviously specified with the address command
interfaceType interface type; see Interface Types and SpecifiersinAboutThis Guide
interfaceSpecifier particular interface; format varies according tointerface type; see Interface Types and Specifiers inAbout This Guide
deadInterval number in the range 165535 seconds; default value is 40seconds
Note: You must issue the address areacommand before issuing this
command.
Mode(s): Router Configuration
-
8/3/2019 Swcmdref a m
42/387
address-family22
address-family
Description: For BGP, configures the router to exchange addresses for the specifiedaddress family. For the IPv4 address family, configures the router or a specificVRF to exchange IPv4 addresses in unicast, multicast, or VPN mode. ForIPv6, configures the router to exchange IPv6 addresses in unicast mode. The
no version removes the address family.
For RIP, configures RIP in a specific VRF to exchange IPv4 addresses. Theno version removes the address family.
Syntax: For BGP:
[ no ] address-family { ipv4 [ multicast | unicast [ vrfvrfName ] |vrfvrfName ] | vpnv4 [ unicast ] | ipv6 [ unicast ] }
For RIP:
[ no ] address-family ipv4 [ unicast ] vrfvrfName
ipv4 sessions that carry standard IPv4 address prefixes (default)
ipv6 specifies sessions that carry IPv6 address prefixes
multicast specifies multicast prefixes
unicast specifies unicast prefixes (default)
vrfName name of the VRF; string of 132 alphanumeric characters
vpnv4 sessions that carry customer VPN-IPv4 prefixes, each of whichhas been made globally unique by adding an 8-byte route distinguisher
Mode(s): Router Configuration
-
8/3/2019 Swcmdref a m
43/387
address hello-interval
E-Series Routers
address hello-interval
Description: Specifies the interval between hello packets that the router sends on theinterface. The no version resets the hello interval to its default.
Syntax: [ no ] address { ipAddress | unnumbered interfaceType interfaceSpecifier}
hello-interval helloInterval ipAddress OSPF interface address previously specified with the address
command
unnumbered indicates that OSPF is running on an unnumbered interfacepreviously specified with the address command
interfaceType interface type; see Interface Types and SpecifiersinAboutThis Guide
interfaceSpecifier particular interface; format varies according tointerface type; see Interface Types and Specifiers inAbout This Guide
helloInterval number in the range 165535 seconds; default value is 10seconds
Note: You must issue the address areacommand before issuing this
command.
Mode(s): Router Configuration
-
8/3/2019 Swcmdref a m
44/387
address message-digest-key md524
address message-digest-key md5
Description: Enables OSPF MD5 authentication and configures the MD5 key. The noversion deletes an MD5 key.
Syntax: address { ipAddress | unnumbered interfaceType interfaceSpecifier}
message-digest-key keyID md5 [ 0 | 8 ] msgDigestKeyno address { ipAddress | unnumbered interfaceType interfaceSpecifier}message-digest-key keyID
ipAddress OSPF interface address previously specified with the addresscommand
unnumbered indicates that OSPF is running on an unnumbered interfacepreviously specified with the address command
interfaceType interface type; see Interface Types and SpecifiersinAboutThis Guide
interfaceSpecifier particular interface; format varies according tointerface type; see Interface Types and Specifiers inAbout This Guide
keyID key identifier in the range 1255
md5 specifies use of the MD5 algorithm
0 indicates the msgDigestKeyis entered in unencrypted form (plaintext);this is the default option
8 indicates the msgDigestKeyis entered in encrypted form (ciphertext)
msgDigestKey OSPF password; string of up to 16 alphanumericcharacters
Note: If all the MD5 keys have been deleted, the authentication type is still
MD5, but you need to configure MD5 keys.
Note: To disable MD5 authentication for the interface, use the address
authentication-none command.
Note: You must issue the address areacommand before issuing this
command.
Mode(s): Router Configuration
-
8/3/2019 Swcmdref a m
45/387
address network
E-Series Routers
address network
Description: Configures the OSPF network type for the specified interface to somethingother than the default for the network medium. The no version restores thedefault value for the medium.
Syntax: address { ipAddress | unnumbered interfaceType interfaceSpecifier}network { broadcast | non-broadcast | point-to-point }
no address { ipAddress | unnumbered interfaceType interfaceSpecifier}network
ipAddress OSPF interface address previously specified with the addresscommand
unnumbered indicates that OSPF is running on an unnumbered interfacepreviously specified with the address command
interfaceType interface type; see Interface Types and SpecifiersinAboutThis Guide
interfaceSpecifier particular interface; format varies according tointerface type; see Interface Types and Specifiers inAbout This Guide
broadcast sets network type to broadcast
non-broadcast sets network type to NBMA
point-to-point sets network type to point-to-point
Note: You must issue the address areacommand before issuing this
command.
Mode(s): Router Configuration
-
8/3/2019 Swcmdref a m
46/387
address passive-interface26
address passive-interface
Description: Disables the transmission of routing updates on an interface. OSPF routinginformation is neither sent nor received through the specified router interface.The specified interface address appears as a stub network in the OSPFdomain. The no version reenables the transmission of routing updates.
Syntax: [ no ] address { ipAddress | unnumbered interfaceType interfaceSpecifier}passive-interface
ipAddress OSPF interface address previously specified with the addresscommand
unnumbered indicates that OSPF is running on an unnumbered interfacepreviously specified with the address command
interfaceType interface type; see Interface Types and SpecifiersinAboutThis Guide
interfaceSpecifier particular interface; format varies according to
interface type; see Interface Types and Specifiers inAbout This Guide
Note: You must issue the address areacommand before issuing this
command.
Mode(s): Router Configuration
address-pool-name
Description: Specifies an address pool name to associate with the domain name being
configured. The no version removes the pool name.Syntax: address-pool-namepoolName
no address-pool-name
poolName name of the pool to associate with the domain name
Mode(s): Domain Map Configuration
-
8/3/2019 Swcmdref a m
47/387
address priority
E-Series Routers
address priority
Description: Sets the router priority. Used in determining the designated router for theparticular network. This designation only applies to multi-access networks.Every broadcast and nonbroadcast multiaccess network has a designatedrouter. The no version restores the default value.
Syntax: [ no ] address { ipAddress | unnumbered interfaceType interfaceSpecifier}priority intfPriority
ipAddress OSPF interface address previously specified with the addresscommand
unnumbered indicates that OSPF is running on an unnumbered interfacepreviously specified with the address command
interfaceType interface type; see Interface Types and SpecifiersinAboutThis Guide
interfaceSpecifier particular interface; format varies according to
interface type; see Interface Types and Specifiers inAbout This Guide
intfPriority priority value, an 8-bit number in the range 1255; defaultvalue is 1
Note: You must issue the address areacommand before issuing this
command.
Mode(s): Router Configuration
-
8/3/2019 Swcmdref a m
48/387
address receive version28
address receive version
Description: Restricts the RIP version that the router can receive on an interface. The noversion sets the interface back to the default value, receiving both RIP version1 and version 2.
Syntax: address { ipAddress | unnumbered interfaceType interfaceSpecifier}receive version { 1 | 2 | 1 2 | 2 1 | off }
no address [ ipAddress | unnumbered interfaceType interfaceSpecifier]receive version
ipAddress address of IP interface where RIP will be run
unnumbered specifies that RIP will be run on an unnumbered interface
interfaceType interface type; see Interface Types and SpecifiersinAboutThis Guide
interfaceSpecifier particular interface; format varies according to
interface type; see Interface Types and Specifiers inAbout This Guide 1 specifies RIP version 1 only
2 specifies RIP version 2 only
1 2 specifies RIP version 1 and version 2; the default value
2 1 specifies RIP version 2 and version 1
off turns reception off
Mode(s): Interface Configuration, Subinterface Configuration
-
8/3/2019 Swcmdref a m
49/387
address retransmit-interval
E-Series Routers
address retransmit-interval
Description: Specifies the time between LSA retransmissions for the interface when anacknowledgment for the LSA is not received. The no version restores thedefault value.
Syntax: [ no ] address { ipAddress | unnumbered interfaceType interfaceSpecifier}retransmit-interval retransInterval
ipAddress OSPF interface address previously specified with the addresscommand
unnumbered indicates that OSPF is running on an unnumbered interfacepreviously specified with the address command
interfaceType interface type; see Interface Types and SpecifiersinAboutThis Guide
interfaceSpecifier particular interface; format varies according tointerface type; see Interface Types and Specifiers inAbout This Guide
retransInterval number in the range 03600 seconds; default value is 5seconds
Note: You must issue the address areacommand before issuing this
command.
Mode(s): Router Configuration
-
8/3/2019 Swcmdref a m
50/387
address send version30
address send version
Description: Restricts the RIP version that the router can send on an interface. The noversion sets the interface back to the default value, sending only RIPversion 1.
Syntax: address { ipAddress | unnumbered interfaceType interfaceSpecifier}send version {1 | 2 | 1 2 | 2 1 | off }
no address [ ipAddress | unnumbered interfaceType interfaceSpecifier]send version
ipAddress address of IP interface where RIP will be run
unnumbered specifies that RIP will be run on an unnumbered interface
interfaceType interface type; see Interface Types and SpecifiersinAboutThis Guide
interfaceSpecifier particular interface; format varies according to
interface type; see Interface Types and Specifiers inAbout This Guide 1 specifies RIP version 1 only
2 specifies RIP version 2 only
1 2 specifies RIP version 1 and version 2
2 1 specifies RIP version 2 and version 1
off turns reception off
Mode(s): Interface Configuration, Subinterface Configuration
-
8/3/2019 Swcmdref a m
51/387
address transmit-delay
E-Series Routers
address transmit-delay
Description: Sets the estimated time it takes to transmit a link state update packet on theinterface. The no version restores the default value.
Syntax: [ no ] address { ipAddress | unnumbered interfaceType interfaceSpecifier}
transmit-delay transmDelay ipAddress OSPF interface address previously specified with the address
command
unnumbered indicates that OSPF is running on an unnumbered interfacepreviously specified with the address command
interfaceType interface type; see Interface Types and SpecifiersinAboutThis Guide
interfaceSpecifier particular interface; format varies according tointerface type; see Interface Types and Specifiers inAbout This Guide
transmDelay link state transmit delay, a number in the range 03600seconds; default value is 1 second
Note: You must issue the address areacommand before issuing this
command.
Mode(s): Router Configuration
agent context-name
Description: Specifies the virtual router SNMP agent on which you want to poll MIB objects.
The no version returns the context name to the default context (virtual router).
Syntax: agent context-name contextName
no agent
contextName context name of the agent
Mode(s): SNMP Trigger Configuration
-
8/3/2019 Swcmdref a m
52/387
aggregate-address32
aggregate-address
Description: Creates an aggregate entry in a BGP routing table. The no version removesthe aggregate.
Syntax: [ no ] aggregate-address { address mask| ipv6Prefix} [ as-set |
summary-only | attribute-map attributeMapTag|advertise-map advertiseMapTag| suppress-map suppressMapName ]*
address aggregate IPv4 address
mask aggregate IPv4 mask
ipv6Prefix aggregate IPv6 prefix
as-set if the as-set option is not specified, the path attributes of theaggregate route are set in the same way as locally originated routes,except that the atomic_aggregate and aggregator attributes are added. Ifthe as-set option is used, the path attributes of the aggregate route aredetermined by combining the path attributes of the aggregated routes as
described in RFC 1771. If the as-set option is used, the path attributes ofthe aggregate route may change whenever one of the aggregated routeschanges, causing the aggregate route to be readvertised.
summary-only filters all more specific routes from updates.summary-only not only creates the aggregate route but also suppressesadvertisements of more-specific routes to all neighbors. If you only want tosuppress advertisements to certain neighbors, you may use the neighbordistribute-list command, with caution. If a more-specific route leaks out,all BGP speakers will prefer that route over the less-specific aggregate youare generating (using longest-match routing). Alternatively, you can use thesuppress-map keyword to suppress specific routes
attributeMapTag string of up to 32 characters that identifies the routemap used to set the attributes of the aggregate route
advertiseMapTag string of up to 32 characters that identifies the routemap used to set the routes to create AS-SET origin communities in therange
suppressMapName string of up to 32 characters that identifies a routemap that filters routes to be suppressed
* indicates that one or more parameters can be repeated multiple times ina list in the command line
Mode(s): Address Family Configuration, Router Configuration
-
8/3/2019 Swcmdref a m
53/387
aggressive-mode
E-Series Routers
aggressive-mode
Description: Allows aggressive mode negotiation for the tunnel. The no version restoresthe default, main mode.
Syntax: [ no ] aggressive-mode
Mode(s): ISAKMP Policy Configuration
allow
Description: Specifies the domain names that are to be allowed access to AAAauthentication. The no version negates the command.
Syntax: [ no ] allow domainName
domainName name of the domain; maximum of 64 characters
Mode(s): AAA Profile Configuration
append-after
Description: Add a next hop after a particular index in the MPLS explicit path. Thesequence numbers for existing hops after the index adjust automatically.There is no no version.
Syntax: append-afterindexNumbernext-address ipAddress [ mask ipMask] [ loose ]
index number of a node in an ordered set of abstract nodes
ipAddress address of the next hop
ipMask [ not currently used] mask for the next adjacent address
loose indicates the node is not necessarily directly connected (adjacent)to the previous node in the path. If loose is not configured, theconfiguration defaults to strict. Strict indicates that the node is directlyconnected to the previous node.
Mode(s): Explicit Path Configuration
-
8/3/2019 Swcmdref a m
54/387
application34
application
Description: Specifies the type of application that is secured by connections created withthis IPSec transport profile. The no version specifies the default application,L2TP.
Syntax: application applicationTypeno application
applicationType one of the following application types:
l2tp secures L2TP traffic; this is the default application
l2tp-nat-passthrough secures L2TP traffic and also allows clients toconnect from behind NAT devices that support IPSec passthrough
Mode(s): IPSec Transport Profile Configuration
aps force
Description: Forces the specified interface to be replaced by the inactive interface in anAPS/MSP group. The no version allows the specified interface to resumeoperation.
Syntax: aps force channelNumber
noaps force [ channelNumber]
channelNumber number that identifies the working or protectinterface.The number of the working interface is the same as the number ofthe corresponding active port on the I/O module. If there are n active ports
on the I/O module, working interfaces are identified by the numbers 0 ton-1. Protect interfaces are identified by the numbers of the correspondingworking interfaces plus