Skip to main content

Configuration Command Reference Guide

configure authority

Authority configuration is the top-most level in the SSR configuration hierarchy.

Subcommands
commanddescription
access-managementRole Based Access Control (RBAC) configuration.
asset-connection-resiliencyConfigure Asset Connection Resiliency
backwards-compatible-vrf-bgp-tenantsWhen generating tenant names for VRF BGP over SVR, do not use leading or trailing underscores. This enables backwards compatibility with router versions smaller than 5.1.3
bgp-service-generationConfigure Bgp Service Generation
cli-messagesConfigure Cli Messages
client-certificateThe client-certificate configuration contains client certificate content.
cloneClone a list item
conductor-addressIP address or FQDN of the conductor
currencyLocal monetary unit.
deleteDelete configuration data
districtDistricts in the authority.
dscp-mapConfigure Dscp Map
dynamic-hostnameHostname format for interfaces with dynamic addresses. It is a template with subsitution variables used to generate a unique hostname corresponding to Network Interfaces that have dynamically learned IP addresses. Uses the following substitution variables: {interface-id} for Network Interface Global Identifier {router-name} for Router Name {authority-name} for Authority Name For example, 'interface-{interface-id}.{router-name}.{authority-name}'.
fib-service-matchWhen creating FIB entries by matching route updates to service addresses, consider the specified service addresses.
forward-error-correction-profileA profile for Forward Error Correection parameters, describing how often to send parity packets.
icmp-controlSettings for ICMP packet handling
idp-profileUser defined IDP profiles.
ipfix-collectorConfiguration for IPFIX record export.
ipv4-option-filterConfigure Ipv 4 Option Filter
ldap-serverLDAP Servers against which to authenticate user credentials.
management-service-generationConfigure Management Service Generation
metrics-profileA collection of metrics
nameThe identifier for the Authority.
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
password-policyPassword policy for user's passwords.
pcliConfigure the PCLI.
performance-monitoring-profileA performance monitoring profile used to determine how often packets should be marked.
radius-serverRadius Servers against which to authenticate user credentials.
rekey-intervalHours between security key regeneration. Recommended value 24 hours.
remote-loginConfigure Remote Login
resource-groupCollect objects into a management group.
routerThe router configuration element serves as a container for holding the nodes of a single deployed router, along with their policies.
routingauthority level routing configuration
securityThe security elements represent security policies for governing how and when the SSR encrypts and/or authenticates packets.
serviceThe service configuration is where you define the services that reside within the authority's tenants as well as the policies to apply to those services.
service-classDefines the association between DSCP value and a priority queue.
service-policyA service policy, which defines parameters applied to services that reference the policy
session-record-profileA profile to describe how to collect session records.
session-recovery-detectionConfigure Session Recovery Detection
session-typeType of session classification based on protocol and port, and associates it with a default class of service.
showShow configuration data for 'authority'
software-updateConfigure Software Update
stepConfigure Step
step-repoList of Service and Topology Exchange Protocol repositories.
tenantA customer or user group within the Authority.
traffic-profileA set of minimum guaranteed bandwidths, one for each traffic priority
trusted-ca-certificateThe trusted-ca-certificate configuration contains CA certificate content.
web-messagesConfigure Web Messages
web-themeConfigure Web Theme

configure authority access-management

Role Based Access Control (RBAC) configuration.

Subcommands
commanddescription
cloneClone a list item
deleteDelete configuration data
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
roleConfigure Role
showShow configuration data for 'access-management'
tokenConfiguration for HTTP authentication token generation.

configure authority access-management role

Configure Role

Usage

configure authority access-management role <name>
Positional Arguments
namedescription
nameA unique name that identifies this role.
Subcommands
commanddescription
capabilityThe capabilities that this user will be granted.
cloneClone a list item
deleteDelete configuration data
descriptionA description about the role.
exclude-resourceExclude a resource from being associated with this role.
nameA unique name that identifies this role.
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
resourceAssociate this role with a resource.
resource-groupAssociate this role with a top-level resource-group.
showShow configuration data for 'role'

configure authority access-management role capability

The capabilities that this user will be granted.

Usage

configure authority access-management role capability [<identityref>]
Positional Arguments
namedescription
identityrefValue to add to this list

Description

identityref

A value from a set of predefined names.

Options:

  • config-read: Configuration Read Capability
  • config-write: Configuration Write Capability
  • provisioning: Asset Provisioning Capability

configure authority access-management role description

A description about the role.

Usage

configure authority access-management role description [<string>]
Positional Arguments
namedescription
stringThe value to set for this field

Description

string

A text value.

configure authority access-management role exclude-resource

Exclude a resource from being associated with this role.

Usage

configure authority access-management role exclude-resource <id>
Positional Arguments
namedescription
idConfigure Id
Subcommands
commanddescription
idConfigure Id
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
showShow configuration data for 'exclude-resource'

configure authority access-management role exclude-resource id

Configure Id

Usage

configure authority access-management role exclude-resource id [<resource-id>]
Positional Arguments
namedescription
resource-idThe value to set for this field

Description

resource-id (string)

The identifier of the resource.

Must be either just a * asterisk or an identifier followed by a colon which is then followed by either an asterisk, or a path that contains only valid yang names and list-keys separated by forward-slashes and optionally followed by a forward-slash and an asterisk.

Example: 128t:/authority/router/MyRouter/*

configure authority access-management role name

A unique name that identifies this role.

Usage

configure authority access-management role name [<name-id>]
Positional Arguments
namedescription
name-idThe value to set for this field

Description

name-id (string)

A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters.

Must contain only alphanumeric characters or any of the following: _ - Length: 0-63

configure authority access-management role resource

Associate this role with a resource.

Usage

configure authority access-management role resource <id>
Positional Arguments
namedescription
idConfigure Id
Subcommands
commanddescription
deleteDelete configuration data
generatedIndicates whether or not the resource was automatically generated
idConfigure Id
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
showShow configuration data for 'resource'

configure authority access-management role resource generated

Indicates whether or not the resource was automatically generated

Usage

configure authority access-management role resource generated [<boolean>]
Positional Arguments
namedescription
booleanThe value to set for this field

Description

boolean

A true or false value.

Options: true or false

configure authority access-management role resource id

Configure ID

Usage

configure authority access-management role resource id [<resource-id>]
Positional Arguments
namedescription
resource-idThe value to set for this field

Description

resource-id (string)

The identifier of the resource.

Must be either just a * asterisk or an identifier followed by a colon which is then followed by either an asterisk, or a path that contains only valid yang names and list-keys separated by forward-slashes and optionally followed by a forward-slash and an asterisk.

Example: 128t:/authority/router/MyRouter/*

configure authority access-management role resource-group

Associate this role with a top-level resource-group.

Usage

configure authority access-management role resource-group [<resource-group-ref>]
Positional Arguments
namedescription
resource-group-refValue to add to this list

Description

resource-group-ref (leafref)

This type is used by other entities that need to reference configured resource groups.

configure authority access-management token

Configuration for HTTP authentication token generation.

Subcommands
commanddescription
deleteDelete configuration data
expirationMinutes after initial authentication that the authentication token is valid.
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
showShow configuration data for 'token'

configure authority access-management token expiration

Minutes after initial authentication that the authentication token is valid.

Usage

configure authority access-management token expiration [<union>]
Positional Arguments
namedescription
unionThe value to set for this field

Description

Units: minutes

Default: never

union

A value that corresponds to one of its member types.

Must be one of the following types:

(0) uint64

An unsigned 64-bit integer.

Range: 1-18446744073709551615

(1) enumeration

A value from a set of predefined names.

Options:

  • never: Never expire

configure authority asset-connection-resiliency

Configure Asset Connection Resiliency

Subcommands
commanddescription
deleteDelete configuration data
enabledEnable asset connection resiliency by creating SSH tunnels for asset connections from managed Router to Conductor.
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
showShow configuration data for 'asset-connection-resiliency'
ssh-onlyOnly allow the asset connections from managed Router to Conductor to connect via the SSH tunnels.

configure authority asset-connection-resiliency enabled

Enable asset connection resiliency by creating SSH tunnels for asset connections from managed Router to Conductor.

Usage

configure authority asset-connection-resiliency enabled [<boolean>]
Positional Arguments
namedescription
booleanThe value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority asset-connection-resiliency ssh-only

Only allow the asset connections from managed Router to Conductor to connect via the SSH tunnels.

Usage

configure authority asset-connection-resiliency ssh-only [<boolean>]
Positional Arguments
namedescription
booleanThe value to set for this field

configure authority backwards-compatible-vrf-bgp-tenants

When generating tenant names for VRF BGP over SVR, do not use leading or trailing underscores. This enables backwards compatibility with router versions smaller than 5.1.3

Usage

configure authority backwards-compatible-vrf-bgp-tenants [<boolean>]
Positional Arguments
namedescription
booleanThe value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority bgp-service-generation

Configure Bgp Service Generation

Subcommands
commanddescription
deleteDelete configuration data
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
route-reflector-client-meshGenerate service-route mesh for route reflector clients.
security-policySecurity policy to be used instead of 'internal'.
service-policyService policy to be used for generated BGP services.
showShow configuration data for 'bgp-service-generation'

configure authority bgp-service-generation route-reflector-client-mesh

Generate service-route mesh for route reflector clients.

Usage

configure authority bgp-service-generation route-reflector-client-mesh [<boolean>]
Positional Arguments
namedescription
booleanThe value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority bgp-service-generation security-policy

Security policy to be used instead of 'internal'.

Usage

configure authority bgp-service-generation security-policy [<security-ref>]
Positional Arguments
namedescription
security-refThe value to set for this field

Description

security-ref (leafref)

This type is used by other entities that need to reference configured security policies.

configure authority bgp-service-generation service-policy

Service policy to be used for generated BGP services.

Usage

configure authority bgp-service-generation service-policy [<service-policy-ref>]
Positional Arguments
namedescription
service-policy-refThe value to set for this field

Description

service-policy-ref (leafref)

This type is used by other entities that need to reference configured service policies.

configure authority cli-messages

Configure Cli Messages

Subcommands
commanddescription
deleteDelete configuration data
login-messageThe message displayed before login through console.
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
showShow configuration data for 'cli-messages'
welcome-messageThe message displayed after a successful login through console.

configure authority cli-messages login-message

The message displayed before login through console.

Usage

configure authority cli-messages login-message [<string>]
Positional Arguments
namedescription
stringThe value to set for this field

Description

string

A text value.

configure authority cli-messages welcome-message

The message displayed after a successful login through console.

Usage

configure authority cli-messages welcome-message [<string>]
Positional Arguments
namedescription
stringThe value to set for this field

Description

string

A text value.

configure authority client-certificate

The client-certificate configuration contains client certificate content.

Usage

configure authority client-certificate <name>
Positional Arguments
namedescription
nameAn identifier for the client certificate.
Subcommands
commanddescription
contentClient certificate content.
deleteDelete configuration data
nameAn identifier for the client certificate.
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
showShow configuration data for 'client-certificate'

configure authority client-certificate content

Client certificate content.

Usage

configure authority client-certificate content [<string>]
Positional Arguments
namedescription
stringThe value to set for this field

Description

string (required)

A text value.

configure authority client-certificate name

An identifier for the client certificate.

Usage

configure authority client-certificate name [<name-id>]
Positional Arguments
namedescription
name-idThe value to set for this field

Description

name-id (string)

A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters.

Must contain only alphanumeric characters or any of the following: _ - Length: 0-63

configure authority conductor-address

IP address or FQDN of the conductor

Usage

configure authority conductor-address [<hostv4>]
Positional Arguments
namedescription
hostv4Value to add to this list

Description

hostv4 (union)

The host type represents either an IPv4 address or a DNS domain name.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) domain-name (string)

The domain-name type represents a DNS domain name. The name SHOULD be fully qualified whenever possible.

Internet domain names are only loosely specified. Section 3.5 of RFC 1034 recommends a syntax (modified in Section 2.1 of RFC 1123). The pattern above is intended to allow for current practice in domain name use, and some possible future expansion. It is designed to hold various types of domain names, including names used for A or AAAA records (host names) and other records, such as SRV records. Note that Internet host names have a stricter syntax (described in RFC 952) than the DNS recommendations in RFCs 1034 and 1123, and that systems that want to store host names in schema nodes using the domain-name type are recommended to adhere to this stricter standard to ensure interoperability.

The encoding of DNS names in the DNS protocol is limited to 255 characters. Since the encoding consists of labels prefixed by a length bytes and there is a trailing NULL byte, only 253 characters can appear in the textual dotted notation.

The description clause of schema nodes using the domain-name type MUST describe when and how these names are resolved to IP addresses. Note that the resolution of a domain-name value may require to query multiple DNS records (e.g., A for IPv4 and AAAA for IPv6). The order of the resolution process and which DNS record takes precedence can either be defined explicitely or it may depend on the configuration of the resolver.

Domain-name values use the US-ASCII encoding. Their canonical format uses lowercase US-ASCII characters. Internationalized domain names MUST be encoded in punycode as described in RFC 3492

Length: 1-253

configure authority currency

Local monetary unit.

Usage

configure authority currency [<string>]
Positional Arguments
namedescription
stringThe value to set for this field

Description

Default: USD

string

A text value.

configure authority district

Districts in the authority.

Usage

configure authority district <name>
Positional Arguments
namedescription
nameName of the district.
Subcommands
commanddescription
deleteDelete configuration data
nameName of the district.
neighborhoodNeighborhoods which belong to this district.
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
resource-groupAssociate this district with a top-level resource-group.
showShow configuration data for 'district'

configure authority district name

Name of the district.

Usage

configure authority district name [<non-default-district-name>]
Positional Arguments
namedescription
non-default-district-nameThe value to set for this field

Description

non-default-district-name (string)

A text value.

Must contain only alphanumeric characters or any of the following: _ - Length: 0-63

configure authority district neighborhood

Neighborhoods which belong to this district.

Usage

configure authority district neighborhood [<neighborhood-id>]
Positional Arguments
namedescription
neighborhood-idValue to add to this list

Description

neighborhood-id (string)

A string identifier for network neighborhood.

Must contain only alphanumeric characters or any of the following: . _ - Length: 0-63

configure authority district resource-group

Associate this district with a top-level resource-group.

Usage

configure authority district resource-group [<resource-group-ref>]
Positional Arguments
namedescription
resource-group-refValue to add to this list

Description

resource-group-ref (leafref)

This type is used by other entities that need to reference configured resource groups.

configure authority dscp-map

Configure Dscp Map

Usage

configure authority dscp-map <name>
Positional Arguments
namedescription
nameThe name of the DSCP map
Subcommands
commanddescription
cloneClone a list item
deleteDelete configuration data
dscp-prioritizationMapping from incoming DSCP value to a priority. These values are used when in DSCP trust mode.
dscp-traffic-classMapping from incoming DSCP value to a traffic-class. These values are used when in DSCP trust mode.
nameThe name of the DSCP map
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
resource-groupAssociate this DSCP map with a top-level resource-group.
showShow configuration data for 'dscp-map'

configure authority dscp-map dscp-prioritization

Mapping from incoming DSCP value to a priority. These values are used when in DSCP trust mode.

Usage

configure authority dscp-map dscp-prioritization <priority>
Positional Arguments
namedescription
priorityThe priority assigned to the incoming DSCP value.
Subcommands
commanddescription
cloneClone a list item
deleteDelete configuration data
dscp-rangeConfigure Dscp Range
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
priorityThe priority assigned to the incoming DSCP value.
showShow configuration data for 'dscp-prioritization'

configure authority dscp-map dscp-prioritization dscp-range

Configure Dscp Range

Usage

configure authority dscp-map dscp-prioritization dscp-range <start-value>
Positional Arguments
namedescription
start-valueLower DSCP number.
Subcommands
commanddescription
deleteDelete configuration data
end-valueUpper DSCP number.
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
showShow configuration data for 'dscp-range'
start-valueLower DSCP number.

configure authority dscp-map dscp-prioritization dscp-range end-value

Upper DSCP number.

Usage

configure authority dscp-map dscp-prioritization dscp-range end-value [<dscp-end-value>]
Positional Arguments
namedescription
dscp-end-valueThe value to set for this field

Description

dscp-end-value (uint8)

Upper dscp range value. Default value is the start dscp value

Range: 0-63

configure authority dscp-map dscp-prioritization dscp-range start-value

Lower DSCP number.

Usage

configure authority dscp-map dscp-prioritization dscp-range start-value [<dscp>]
Positional Arguments
namedescription
dscpThe value to set for this field

Description

dscp (uint8) (required)

A DSCP value (0-63)

Range: 0-63

configure authority dscp-map dscp-prioritization priority

The priority assigned to the incoming DSCP value.

Usage

configure authority dscp-map dscp-prioritization priority [<priority-id>]
Positional Arguments
namedescription
priority-idThe value to set for this field

Description

priority-id (uint8)

An unsigned 8-bit integer.

Range: 0-3

configure authority dscp-map dscp-traffic-class

Mapping from incoming DSCP value to a traffic-class. These values are used when in DSCP trust mode.

Usage

configure authority dscp-map dscp-traffic-class <traffic-class>
Positional Arguments
namedescription
traffic-classThe traffic-class assigned to the incoming DSCP value.
Subcommands
commanddescription
cloneClone a list item
deleteDelete configuration data
dscp-rangeConfigure Dscp Range
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
showShow configuration data for 'dscp-traffic-class'
traffic-classThe traffic-class assigned to the incoming DSCP value.

configure authority dscp-map dscp-traffic-class dscp-range

Configure Dscp Range

Usage

configure authority dscp-map dscp-traffic-class dscp-range <start-value>
Positional Arguments
namedescription
start-valueLower DSCP number.
Subcommands
commanddescription
deleteDelete configuration data
end-valueUpper DSCP number.
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
showShow configuration data for 'dscp-range'
start-valueLower DSCP number.

configure authority dscp-map dscp-traffic-class dscp-range end-value

Upper DSCP number.

Usage

configure authority dscp-map dscp-traffic-class dscp-range end-value [<dscp-end-value>]
Positional Arguments
namedescription
dscp-end-valueThe value to set for this field

Description

dscp-end-value (uint8)

Upper dscp range value. Default value is the start dscp value

Range: 0-63

configure authority dscp-map dscp-traffic-class dscp-range start-value

Lower DSCP number.

Usage

configure authority dscp-map dscp-traffic-class dscp-range start-value [<dscp>]
Positional Arguments
namedescription
dscpThe value to set for this field

Description

dscp (uint8) (required)

A DSCP value (0-63)

Range: 0-63

configure authority dscp-map dscp-traffic-class traffic-class

The traffic-class assigned to the incoming DSCP value.

Usage

configure authority dscp-map dscp-traffic-class traffic-class [<traffic-class-id>]
Positional Arguments
namedescription
traffic-class-idThe value to set for this field

Description

traffic-class-id (enumeration)

Relative priority of traffic.

Options:

  • high: High priority traffic class.
  • medium: Medium priority traffic class.
  • low: Low priority traffic class.
  • best-effort: Best-effort priority traffic class.

configure authority dscp-map name

The name of the DSCP map

Usage

configure authority dscp-map name [<name-id>]
Positional Arguments
namedescription
name-idThe value to set for this field

Description

name-id (string)

A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters.

Must contain only alphanumeric characters or any of the following: _ - Length: 0-63

configure authority dscp-map resource-group

Associate this DSCP map with a top-level resource-group.

Usage

configure authority dscp-map resource-group [<resource-group-ref>]
Positional Arguments
namedescription
resource-group-refValue to add to this list

Description

resource-group-ref (leafref)

This type is used by other entities that need to reference configured resource groups.

configure authority dynamic-hostname

Hostname format for interfaces with dynamic addresses. It is a template with subsitution variables used to generate a unique hostname corresponding to Network Interfaces that have dynamically learned IP addresses. Uses the following substitution variables: {interface-id} for Network Interface Global Identifier, {router-name} for Router Name, {authority-name} for Authority Name. For example, interface-{interface-id}.{router-name}.{authority-name}.

Usage

configure authority dynamic-hostname [<string>]
Positional Arguments
namedescription
stringThe value to set for this field

Description

Default: interface-{interface-id}.{router-name}.{authority-name}

string

A text value.

Must contain substitution variables: {interface-id} for Network Interface Global Identifier {router-name} for Router Name {authority-name} for Authority Name For example, interface-{interface-id}.{router-name}.{authority-name}. Any other characters must be alphanumeric or any of the following: - _ .

configure authority fib-service-match

When creating FIB entries by matching route updates to service addresses, consider the specified service addresses.

Usage

configure authority fib-service-match [ best-match-only | any-match ]
Positional Arguments
namedescription
best-match-onlyThis is the default value, and legacy behavior. When comparing prefixes from a route update to addresses configured in services, only addresses with the longest prefix match for a particular route are considered. In cases of transport overlap, services are visited in alphabetical order.
any-matchAll service addresses that match the route update are considered when creating the FIB entries, including those with prefixes shorter than the update or those that do not have the best match service address. The transports from the service with the longest prefix are considered first. This minimizes missed entries, but may result in a higher FIB usage.

Description

Default: best-match-only

enumeration

A value from a set of predefined names.

Options:

  • best-match-only: Longest matching service prefix only.
  • any-match: All service prefixes are considered.

configure authority forward-error-correction-profile

A profile for Forward Error Correection parameters, describing how often to send parity packets.

Usage

configure authority forward-error-correction-profile <name>
Positional Arguments
namedescription
nameThe name of the Forward Error Correction profile
Subcommands
commanddescription
deleteDelete configuration data
modeWhether to dynamically adjust forward error correction to account for observed loss.
nameThe name of the Forward Error Correction profile
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
ratioThe ratio (expressed as x:1) which will dictate the number of data packets to transmit before a parity packet will be transmitted.
showShow configuration data for 'forward-error-correction-profile'

configure authority forward-error-correction-profile mode

Whether to dynamically adjust forward error correction to account for observed loss.

Usage

configure authority forward-error-correction-profile mode [<enumeration>]
Positional Arguments
namedescription
enumerationThe value to set for this field

Description

Default: dynamic

enumeration

A value from a set of predefined names.

Options:

  • dynamic: Alter ratio of packets to parity based on loss observed.
  • static: Use a consistent ratio of packets to parity regardless of loss.

configure authority forward-error-correction-profile name

The name of the Forward Error Correction profile

Usage

configure authority forward-error-correction-profile name [<name-id>]
Positional Arguments
namedescription
name-idThe value to set for this field

Description

name-id (string)

A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters.

Must contain only alphanumeric characters or any of the following: _ - Length: 0-63

configure authority forward-error-correction-profile ratio

The ratio (expressed as x:1) which will dictate the number of data packets to transmit before a parity packet will be transmitted.

Usage

configure authority forward-error-correction-profile ratio [<uint8>]
Positional Arguments
namedescription
uint8The value to set for this field

Description

Default: 10

uint8

An unsigned 8-bit integer.

Range: 2-50

configure authority icmp-control

Settings for ICMP packet handling

Subcommands
commanddescription
deleteDelete configuration data
icmp-async-replyWhether to allow ICMP replies to be forwarded without corresponding requests.
icmp-session-matchHow to differentiate ICMP sessions.
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
showShow configuration data for 'icmp-control'

configure authority icmp-control icmp-async-reply

Whether to allow ICMP replies to be forwarded without corresponding requests.

Usage

configure authority icmp-control icmp-async-reply [<enumeration>]
Positional Arguments
namedescription
enumerationThe value to set for this field

Description

Default: allow

enumeration

A value from a set of predefined names.

Options:

  • drop: ICMP replies without matching requests are dropped.
  • allow: ICMP replies without matching requests are forwarded.

configure authority icmp-control icmp-session-match

How to differentiate ICMP sessions.

Usage

configure authority icmp-control icmp-session-match [<enumeration>]
Positional Arguments
namedescription
enumerationThe value to set for this field

Description

Default: identifier-only

enumeration

A value from a set of predefined names.

Options:

  • identifier-only: ICMP sessions are based on identifier.
  • identifier-and-type: ICMP sessions are based on identifier and type.

configure authority idp-profile

User defined IDP profiles.

Usage

configure authority idp-profile <name>
Positional Arguments
namedescription
nameName of the profile.
Subcommands
commanddescription
base-policyBase policy used when building rules.
cloneClone a list item
deleteDelete configuration data
nameName of the profile.
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
ruleConfigure Rule
showShow configuration data for 'idp-profile'

configure authority idp-profile base-policy

Base policy used when building rules.

Usage

configure authority idp-profile base-policy [<idp-policy>]
Positional Arguments
namedescription
idp-policyThe value to set for this field

Description

idp-policy (enumeration) (required)

Predefined policies for intrusion detection actions.

Options:

  • alert: A policy that only alerts.
  • standard: The standard blocking and alerting policy.
  • strict: A strict blocking and alerting policy.

configure authority idp-profile name

Name of the profile.

Usage

configure authority idp-profile name [<name-id>]
Positional Arguments
namedescription
name-idThe value to set for this field

Description

name-id (string)

A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters.

Must contain only alphanumeric characters or any of the following: _ - IDP profile name (alert|strict|standard|none) is reserved. Length: 0-63

configure authority idp-profile rule

Configure Rule

Usage

configure authority idp-profile rule <name>
Positional Arguments
namedescription
nameName of the rule.
Subcommands
commanddescription
deleteDelete configuration data
descriptionDescription of the rule.
matchThe options to use for matching.
nameName of the rule.
outcomeThe outcome applied to the match
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
showShow configuration data for 'rule'

configure authority idp-profile rule description

Description of the rule.

Usage

configure authority idp-profile rule description [<string>]
Positional Arguments
namedescription
stringThe value to set for this field

Description

string

A text value.

configure authority idp-profile rule match

The options to use for matching.

Subcommands
commanddescription
client-addressClient address prefix to match in the rule.
deleteDelete configuration data
destination-addressDestination address prefix to match in the rule.
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
severitiesList of severity to match in the rule.
severityMatch vulnerabilities only with severity mentioned or above.
showShow configuration data for 'match'
vulnerabilityList of custom vulnerabilities to match in the rule.

configure authority idp-profile rule match client-address

Client address prefix to match in the rule.

Usage

configure authority idp-profile rule match client-address [<ip-prefix>]
Positional Arguments
namedescription
ip-prefixValue to add to this list

Description

ip-prefix (union)

The ip-prefix type represents an IP prefix and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-prefix (string)

The ipv4-prefix type represents an IPv4 address prefix. The prefix length is given by the number following the slash character and must be less than or equal to 32.

A prefix length value of n corresponds to an IP address mask that has n contiguous 1-bits from the most significant bit (MSB) and all other bits set to 0.

The canonical format of an IPv4 prefix has all bits of the IPv4 address set to zero that are not part of the IPv4 prefix.

(1) ipv6-prefix (string)

The ipv6-prefix type represents an IPv6 address prefix. The prefix length is given by the number following the slash character and must be less than or equal 128.

A prefix length value of n corresponds to an IP address mask that has n contiguous 1-bits from the most significant bit (MSB) and all other bits set to 0.

The IPv6 address should have all bits that do not belong to the prefix set to zero.

The canonical format of an IPv6 prefix has all bits of the IPv6 address set to zero that are not part of the IPv6 prefix. Furthermore, IPv6 address is represented in the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

configure authority idp-profile rule match destination-address

Destination address prefix to match in the rule.

Usage

configure authority idp-profile rule match destination-address [<ip-prefix>]
Positional Arguments
namedescription
ip-prefixValue to add to this list

Description

ip-prefix (union)

The ip-prefix type represents an IP prefix and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-prefix (string)

The ipv4-prefix type represents an IPv4 address prefix. The prefix length is given by the number following the slash character and must be less than or equal to 32.

A prefix length value of n corresponds to an IP address mask that has n contiguous 1-bits from the most significant bit (MSB) and all other bits set to 0.

The canonical format of an IPv4 prefix has all bits of the IPv4 address set to zero that are not part of the IPv4 prefix.

(1) ipv6-prefix (string)

The ipv6-prefix type represents an IPv6 address prefix. The prefix length is given by the number following the slash character and must be less than or equal 128.

A prefix length value of n corresponds to an IP address mask that has n contiguous 1-bits from the most significant bit (MSB) and all other bits set to 0.

The IPv6 address should have all bits that do not belong to the prefix set to zero.

The canonical format of an IPv6 prefix has all bits of the IPv6 address set to zero that are not part of the IPv6 prefix. Furthermore, IPv6 address is represented in the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

configure authority idp-profile rule match severities

List of severity to match in the rule.

Usage

configure authority idp-profile rule match severities [<idp-severity>]
Positional Arguments
namedescription
idp-severityValue to add to this list

Description

idp-severity (enumeration)

Severity levels for IDP rules.

Options:

  • minor: Filter minor or higher vulnerabilities.
  • major: Filter major or higher vulnerabilities.
  • critical: Filter only critical vulnerabilities.

configure authority idp-profile rule match severity

Match vulnerabilities only with severity mentioned or above.

Usage

configure authority idp-profile rule match severity [<idp-severity>]
Positional Arguments
namedescription
idp-severityThe value to set for this field

Description

idp-severity (enumeration)

Severity levels for IDP rules.

Options:

  • minor: Filter minor or higher vulnerabilities.
  • major: Filter major or higher vulnerabilities.
  • critical: Filter only critical vulnerabilities.

configure authority idp-profile rule match vulnerability

List of custom vulnerabilities to match in the rule.

Usage

configure authority idp-profile rule match vulnerability [<string>]
Positional Arguments
namedescription
stringValue to add to this list

Description

string

A text value.

configure authority idp-profile rule name

Name of the rule.

Usage

configure authority idp-profile rule name [<name-id>]
Positional Arguments
namedescription
name-idThe value to set for this field

Description

name-id (string)

A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters.

Must contain only alphanumeric characters or any of the following: _ - Length: 0-63

configure authority idp-profile rule outcome

The outcome applied to the match

Subcommands
commanddescription
actionDefines what action the system should take for the match.
deleteDelete configuration data
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
severityModify a vulnerability severity level of the match.
showShow configuration data for 'outcome'

configure authority idp-profile rule outcome action

Defines what action the system should take for the match.

Usage

configure authority idp-profile rule outcome action [<enumeration>]
Positional Arguments
namedescription
enumerationThe value to set for this field

Description

enumeration (required)

A value from a set of predefined names.

Options:

  • alert: Alert only.
  • drop: Drop session.
  • close-tcp-connection: Close TCP Connection.

configure authority idp-profile rule outcome severity

Modify a vulnerability severity level of the match.

Usage

configure authority idp-profile rule outcome severity [<idp-severity>]
Positional Arguments
namedescription
idp-severityThe value to set for this field

Description

idp-severity (enumeration)

Severity levels for IDP rules.

Options:

  • minor: Filter minor or higher vulnerabilities.
  • major: Filter major or higher vulnerabilities.
  • critical: Filter only critical vulnerabilities.

configure authority ipfix-collector

Configuration for IPFIX record export.

Usage

configure authority ipfix-collector <name>
Positional Arguments
namedescription
nameA unique name for the collector.
Subcommands
commanddescription
deleteDelete configuration data
interim-record-intervalThe time after which a new interim record will be generated if a flow still exists.
ip-addressThe IP address or hostname of the collector.
nameA unique name for the collector.
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
portThe port of the collector.
protocolThe transport protocol to be used when communicating with the collector.
resource-groupAssociate this IPFIX collector with a top-level resource-group.
sampling-percentageThe percentage of flows to be selected for export OR 'dynamic'. When set to 'dynamic', the system will select a percentage based on the current data volume as follows: || < 100 Mb/s : 1 in 256 || < 1 Gb/s : 1 in 512 || < 10 Gb/s : 1 in 1024 || < 25 Gb/s : 1 in 2048 || > 25 Gb/s : 1 in 8192 ||
showShow configuration data for 'ipfix-collector'
template-refresh-intervalThe time between template retransmissions when using the UDP protocol.
tenantThe tenants whose records this collector should receive. An empty list indicates all tenants.

configure authority ipfix-collector interim-record-interval

The time after which a new interim record will be generated if a flow still exists.

Usage

configure authority ipfix-collector interim-record-interval [<uint32>]
Positional Arguments
namedescription
uint32The value to set for this field

Description

Units: seconds

Default: 120

uint32

An unsigned 32-bit integer.

Range: 60-1800

configure authority ipfix-collector ip-address

The IP address or hostname of the collector.

Usage

configure authority ipfix-collector ip-address [<host>]
Positional Arguments
namedescription
hostThe value to set for this field

Description

host (union) (required)

The host type represents either an IP address or a DNS domain name.

Must be one of the following types:

(0) ip-address (union) (required)

The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-address (string) (required):

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string) (required):

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address. Must be a valid IPv6 address.

(1) domain-name (string) (required)

The domain-name type represents a DNS domain name. The name SHOULD be fully qualified whenever possible.

Internet domain names are only loosely specified. Section 3.5 of RFC 1034 recommends a syntax (modified in Section 2.1 of RFC 1123). The pattern above is intended to allow for current practice in domain name use, and some possible future expansion. It is designed to hold various types of domain names, including names used for A or AAAA records (host names) and other records, such as SRV records. Note that Internet host names have a stricter syntax (described in RFC 952) than the DNS recommendations in RFCs 1034 and 1123, and that systems that want to store host names in schema nodes using the domain-name type are recommended to adhere to this stricter standard to ensure interoperability.

The encoding of DNS names in the DNS protocol is limited to 255 characters. Since the encoding consists of labels prefixed by a length bytes and there is a trailing NULL byte, only 253 characters can appear in the textual dotted notation.

The description clause of schema nodes using the domain-name type MUST describe when and how these names are resolved to IP addresses. Note that the resolution of a domain-name value may require to query multiple DNS records (e.g., A for IPv4 and AAAA for IPv6). The order of the resolution process and which DNS record takes precedence can either be defined explicitely or it may depend on the configuration of the resolver.

Domain-name values use the US-ASCII encoding. Their canonical format uses lowercase US-ASCII characters. Internationalized domain names MUST be encoded in punycode as described in RFC 3492

Length: 1-253

configure authority ipfix-collector name

A unique name for the collector.

Usage

configure authority ipfix-collector name [<name-id>]
Positional Arguments
namedescription
name-idThe value to set for this field

Description

name-id (string)

A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters.

Must contain only alphanumeric characters or any of the following: _ - Length: 0-63

configure authority ipfix-collector port

The port of the collector.

Usage

configure authority ipfix-collector port [<l4-port>]
Positional Arguments
namedescription
l4-portThe value to set for this field

Description

Default: 4739

l4-port (uint16)

Transport (layer 4) port number.

Range: 0-65535

configure authority ipfix-collector protocol

The transport protocol to be used when communicating with the collector.

Usage

configure authority ipfix-collector protocol [<ipfix-protocol>]
Positional Arguments
namedescription
ipfix-protocolThe value to set for this field

Description

Default: tcp

ipfix-protocol (enumeration)

Transport (Layer 4) protocol.

Options:

  • tcp: Transmission Control Protocol.
  • udp: User Datagram Protocol.

configure authority ipfix-collector resource-group

Associate this IPFIX collector with a top-level resource-group.

Usage

configure authority ipfix-collector resource-group [<resource-group-ref>]
Positional Arguments
namedescription
resource-group-refValue to add to this list

Description

resource-group-ref (leafref)

This type is used by other entities that need to reference configured resource groups.

configure authority ipfix-collector sampling-percentage

The percentage of flows to be selected for export OR 'dynamic'. When set to 'dynamic', the system will select a percentage based on the current data volume as follows: || < 100 Mb/s : 1 in 256 || < 1 Gb/s : 1 in 512 || < 10 Gb/s : 1 in 1024 || < 25 Gb/s : 1 in 2048 || > 25 Gb/s : 1 in 8192 ||

Usage

configure authority ipfix-collector sampling-percentage [<union>]
Positional Arguments
namedescription
unionThe value to set for this field

Description

Default: dynamic

union

A value that corresponds to one of its member types.

Must be one of the following types:

(0) decimal64

A 64-bit decimal value.

Range: 0-100 Fraction digits: 16

(1) enumeration

A value from a set of predefined names.

Options:

  • dynamic: Dynamically determine sampling based on data volume.

configure authority ipfix-collector template-refresh-interval

The time between template retransmissions when using the UDP protocol.

Usage

configure authority ipfix-collector template-refresh-interval [<uint32>]
Positional Arguments
namedescription
uint32The value to set for this field

Description

Units: seconds

Default: 60

uint32

An unsigned 32-bit integer.

Range: 60-1800

configure authority ipfix-collector tenant

The tenants whose records this collector should receive. An empty list indicates all tenants.

Usage

configure authority ipfix-collector tenant [<tenant-ref>]
Positional Arguments
namedescription
tenant-refValue to add to this list

Description

tenant-ref (leafref)

This type is used by other entities that need to reference configured tenants.

configure authority ipv4-option-filter

Configure Ipv 4 Option Filter

Subcommands
commanddescription
actionHow packets containing option headers are treated when being processed.
deleteDelete configuration data
drop-exclusionOption headers that will not cause the packet to be dropped when present.
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
showShow configuration data for 'ipv4-option-filter'

configure authority ipv4-option-filter action

How packets containing option headers are treated when being processed.

Usage

configure authority ipv4-option-filter action [<enumeration>]
Positional Arguments
namedescription
enumerationThe value to set for this field

Description

Default: allow-all

enumeration

A value from a set of predefined names.

Options:

  • allow-all: Allow all packets that contain options headers.
  • drop-all: Drop all packets that contain options headers except for those defined in the exclusion list.

configure authority ipv4-option-filter drop-exclusion

Option headers that will not cause the packet to be dropped when present.

Usage

configure authority ipv4-option-filter drop-exclusion [<uint8>]
Positional Arguments
namedescription
uint8Value to add to this list

Description

uint8

An unsigned 8-bit integer.

Range: 0-255

configure authority ldap-server

LDAP Servers against which to authenticate user credentials.

Usage

configure authority ldap-server <name>
Positional Arguments
namedescription
nameThe name of the LDAP server.
Subcommands
commanddescription
addressThe IP address or FQDN of the LDAP server.
auto-generate-filterWhen enabled, the SSR will generate user-search-base and group-search-base LDAP filters.
bind-typeThe type of binding to the LDAP server.
certificate-assuranceLDAP assurance level to apply on server certificates in a TLS session.
deleteDelete configuration data
distinguished-nameThe distinguished name to use for binding to the server.
group-search-baseAn optional group search LDAP filter to restrict searches for this attribute type.
nameThe name of the LDAP server.
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
passwordThe password to use for binding to the server.
portPort to connect to LDAP server.
resource-groupAssociate this LDAP server with a top-level resource-group.
search-baseThe LDAP search base string.
server-typeThe type of LDAP server.
showShow configuration data for 'ldap-server'
user-search-baseAn optional user search LDAP filter to restrict searches for this attribute type.

configure authority ldap-server address

The IP address or FQDN of the LDAP server.

Usage

configure authority ldap-server address [<host>]
Positional Arguments
namedescription
hostThe value to set for this field

Description

host (union) (required)

The host type represents either an IP address or a DNS domain name.

Must be one of the following types:

(0) ip-address (union) (required)

The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-address (string) (required):

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string) (required):

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address. Must be a valid IPv6 address.

(1) domain-name (string) (required)

The domain-name type represents a DNS domain name. The name SHOULD be fully qualified whenever possible.

Internet domain names are only loosely specified. Section 3.5 of RFC 1034 recommends a syntax (modified in Section 2.1 of RFC 1123). The pattern above is intended to allow for current practice in domain name use, and some possible future expansion. It is designed to hold various types of domain names, including names used for A or AAAA records (host names) and other records, such as SRV records. Note that Internet host names have a stricter syntax (described in RFC 952) than the DNS recommendations in RFCs 1034 and 1123, and that systems that want to store host names in schema nodes using the domain-name type are recommended to adhere to this stricter standard to ensure interoperability.

The encoding of DNS names in the DNS protocol is limited to 255 characters. Since the encoding consists of labels prefixed by a length bytes and there is a trailing NULL byte, only 253 characters can appear in the textual dotted notation.

The description clause of schema nodes using the domain-name type MUST describe when and how these names are resolved to IP addresses. Note that the resolution of a domain-name value may require to query multiple DNS records (e.g., A for IPv4 and AAAA for IPv6). The order of the resolution process and which DNS record takes precedence can either be defined explicitely or it may depend on the configuration of the resolver.

Domain-name values use the US-ASCII encoding. Their canonical format uses lowercase US-ASCII characters. Internationalized domain names MUST be encoded in punycode as described in RFC 3492

Length: 1-253

configure authority ldap-server auto-generate-filter

When enabled, the SSR will generate user-search-base and group-search-base LDAP filters.

Usage

configure authority ldap-server auto-generate-filter [<boolean>]
Positional Arguments
namedescription
booleanThe value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority ldap-server bind-type

The type of binding to the LDAP server.

Usage

configure authority ldap-server bind-type [<enumeration>]
Positional Arguments
namedescription
enumerationThe value to set for this field

Description

Default: anonymous

enumeration

A value from a set of predefined names.

Options:

  • anonymous: Bind to this server anonymously.
  • unauthenticated: Bind to this server with a distinguished name only.
  • password: Bind to this server with a distinguished name and password.

configure authority ldap-server certificate-assurance

LDAP assurance level to apply on server certificates in a TLS session.

Usage

configure authority ldap-server certificate-assurance [<enumeration>]
Positional Arguments
namedescription
enumerationThe value to set for this field

Description

Default: strong

enumeration

A value from a set of predefined names.

Options:

  • weak: Do not request or check any server certificates.
  • mild: Ignore invalid or missing certificates but check for hostname
  • moderate: Terminate on invalid certificate but ignore missing certificates.
  • strong: Terminate on invalid and missing certificates.

configure authority ldap-server distinguished-name

The distinguished name to use for binding to the server.

Usage

configure authority ldap-server distinguished-name [<string>]
Positional Arguments
namedescription
stringThe value to set for this field

Description

string

A text value.

Length: 1-18446744073709551615

configure authority ldap-server group-search-base

An optional group search LDAP filter to restrict searches for this attribute type.

Usage

configure authority ldap-server group-search-base [<string>]
Positional Arguments
namedescription
stringThe value to set for this field

Description

string

A text value.

Length: 1-18446744073709551615

configure authority ldap-server name

The name of the LDAP server.

Usage

configure authority ldap-server name [<name-id>]
Positional Arguments
namedescription
name-idThe value to set for this field

Description

name-id (string)

A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters.

Must contain only alphanumeric characters or any of the following: _ - Length: 0-63

configure authority ldap-server password

The password to use for binding to the server.

Usage

configure authority ldap-server password [<string>]
Positional Arguments
namedescription
stringThe value to set for this field

Description

string

A text value.

Length: 1-18446744073709551615

configure authority ldap-server port

Port to connect to LDAP server.

Usage

configure authority ldap-server port [<union>]
Positional Arguments
namedescription
unionThe value to set for this field

Description

Default: server-type-default

union

A value that corresponds to one of its member types.

Must be one of the following types:

(0) l4-port (uint16)

Transport (layer 4) port number.

Range: 0-65535

(1) enumeration

A value from a set of predefined names.

Options:

  • server-type-default: Use the default based on server-type.

configure authority ldap-server resource-group

Associate this LDAP server with a top-level resource-group.

Usage

configure authority ldap-server resource-group [<resource-group-ref>]
Positional Arguments
namedescription
resource-group-refValue to add to this list

Description

resource-group-ref (leafref)

This type is used by other entities that need to reference configured resource groups.

configure authority ldap-server search-base

The LDAP search base string.

Usage

configure authority ldap-server search-base [<string>]
Positional Arguments
namedescription
stringThe value to set for this field

Description

string (required)

A text value.

Length: 1-18446744073709551615

configure authority ldap-server server-type

The type of LDAP server.

Usage

configure authority ldap-server server-type [<enumeration>]
Positional Arguments
namedescription
enumerationThe value to set for this field

Description

Default: ldaps

enumeration

A value from a set of predefined names.

Options:

  • starttls: Connect to this server using STARTTLS. Default port is 389.
  • ldaps: Connect to this server via LDAPS. Default port is 636.
  • global-catalog: Connect to this server as an Active Directory Global Catalog. Default port is 3269.

configure authority ldap-server user-search-base

An optional user search LDAP filter to restrict searches for this attribute type.

Usage

configure authority ldap-server user-search-base [<string>]
Positional Arguments
namedescription
stringThe value to set for this field

Description

string

A text value.

Length: 1-18446744073709551615

configure authority management-service-generation

Configure Management Service Generation

Subcommands
commanddescription
deleteDelete configuration data
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
service-policyService policy to be used instead of auto-generated service policy.
service-route-typeStrategy to generate service-routes for management services.
showShow configuration data for 'management-service-generation'

configure authority management-service-generation service-policy

Service policy to be used instead of auto-generated service policy.

Usage

configure authority management-service-generation service-policy [<service-policy-ref>]
Positional Arguments
namedescription
service-policy-refThe value to set for this field

Description

service-policy-ref (leafref)

This type is used by other entities that need to reference configured service policies.

configure authority management-service-generation service-route-type

Strategy to generate service-routes for management services.

Usage

configure authority management-service-generation service-route-type [<enumeration>]
Positional Arguments
namedescription
enumerationThe value to set for this field

Description

Default: paths-as-next-hop

enumeration

A value from a set of predefined names.

Options:

  • paths-as-next-hop: Generate paths on a node as next-hops
  • paths-as-service-route: Generate paths on a node as service-route

configure authority metrics-profile

A collection of metrics

Usage

configure authority metrics-profile <name>
Positional Arguments
namedescription
nameThe name of the profile
Subcommands
commanddescription
cloneClone a list item
deleteDelete configuration data
filterA list of parameter values that should be included in the output.
metricThe ID of the metric as it exists in the REST API
nameThe name of the profile
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
showShow configuration data for 'metrics-profile'

configure authority metrics-profile filter

A list of parameter values that should be included in the output.

Usage

configure authority metrics-profile filter <parameter>
Positional Arguments
namedescription
parameterThe name of the parameter being referenced
Subcommands
commanddescription
deleteDelete configuration data
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
parameterThe name of the parameter being referenced
showShow configuration data for 'filter'
valueThe values that should be included if matched

configure authority metrics-profile filter parameter

The name of the parameter being referenced

Usage

configure authority metrics-profile filter parameter [<name-id>]
Positional Arguments
namedescription
name-idThe value to set for this field

Description

name-id (string)

A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters.

Must contain only alphanumeric characters or any of the following: _ - Length: 0-63

configure authority metrics-profile filter value

The values that should be included if matched

Usage

configure authority metrics-profile filter value [<string>]
Positional Arguments
namedescription
stringValue to add to this list

Description

string

A text value.

configure authority metrics-profile metric

The ID of the metric as it exists in the REST API

Usage

configure authority metrics-profile metric <id>
Positional Arguments
namedescription
idThe ID of the metric as it exists in the REST API
Subcommands
commanddescription
deleteDelete configuration data
descriptionA customizable description of this metric's purpose
idThe ID of the metric as it exists in the REST API
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
showShow configuration data for 'metric'

configure authority metrics-profile metric description

A customizable description of this metric's purpose

Usage

configure authority metrics-profile metric description [<string>]
Positional Arguments
namedescription
stringThe value to set for this field

Description

string

A text value.

configure authority metrics-profile metric id

The ID of the metric as it exists in the REST API

Usage

configure authority metrics-profile metric id [<metric-id>]
Positional Arguments
namedescription
metric-idThe value to set for this field

Description

metric-id (string)

A string metric identifier based on the stats YANG path which only uses alphanumerics, dashes, and forward slashes.

Must contain only alphanumeric characters or any of the following: - /

configure authority metrics-profile name

The name of the profile

Usage

configure authority metrics-profile name [<name-id>]
Positional Arguments
namedescription
name-idThe value to set for this field

Description

name-id (string)

A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters.

Must contain only alphanumeric characters or any of the following: _ - Length: 0-63

configure authority name

The identifier for the Authority.

Usage

configure authority name [<name-id>]
Positional Arguments
namedescription
name-idThe value to set for this field

Description

name-id (string) (required)

A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters.

Must contain only alphanumeric characters or any of the following: _ - Length: 0-63

configure authority password-policy

Password policy for user's passwords.

Subcommands
commanddescription
deleteDelete configuration data
denyThe number of failed login attempts before locking a user
lifetimeThe lifetime of a user's password in days
minimum-lengthThe minimum length of user's password.
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
showShow configuration data for 'password-policy'
unlock-timeThe time a user account will remained locked after failing login attempts

configure authority password-policy deny

The number of failed login attempts before locking a user

Usage

configure authority password-policy deny [<uint32>]
Positional Arguments
namedescription
uint32The value to set for this field

Description

Default: 6

uint32

An unsigned 32-bit integer.

Range: 1-65535

configure authority password-policy lifetime

The lifetime of a user's password in days

Usage

configure authority password-policy lifetime [<uint32>]
Positional Arguments
namedescription
uint32The value to set for this field

Description

Units: days

Default: 99999

uint32

An unsigned 32-bit integer.

Range: 1-99999

configure authority password-policy minimum-length

The minimum length of user's password.

Usage

configure authority password-policy minimum-length [<uint32>]
Positional Arguments
namedescription
uint32The value to set for this field

Description

Default: 9

uint32

An unsigned 32-bit integer.

Range: 8-65535

configure authority password-policy unlock-time

The time a user account will remained locked after failing login attempts

Usage

configure authority password-policy unlock-time [<uint32>]
Positional Arguments
namedescription
uint32The value to set for this field

Description

Units: seconds

Default: 1800

uint32

An unsigned 32-bit integer.

configure authority pcli

Configure the PCLI.

Subcommands
commanddescription
aliasAn alias is a custom PCLI command that executes another PCLI command and optionally filters the output.
cloneClone a list item
deleteDelete configuration data
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
showShow configuration data for 'pcli'

configure authority pcli alias

An alias is a custom PCLI command that executes another PCLI command and optionally filters the output.

Usage

configure authority pcli alias <path>
Positional Arguments
namedescription
pathThe space-delimited path to the alias. This will be the text that a user must enter to run the alias.
Subcommands
commanddescription
cloneClone a list item
commandThe PCLI command that the alias will run.
deleteDelete configuration data
descriptionA short, one line, description of the alias. This will be displayed in the PCLI as part of the command's help text.
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
pathThe space-delimited path to the alias. This will be the text that a user must enter to run the alias.
resource-groupAssociate this PCLI alias with a top-level resource-group.
showShow configuration data for 'alias'

configure authority pcli alias command

The PCLI command that the alias will run.

Usage

configure authority pcli alias command <path>
Positional Arguments
namedescription
pathThe PCLI command that the alias will run. This must be an existing PCLI command but may contain a pipe (|), output redirection (> or >>), input redirection (< or <<), or the question mark to get help (?).
Subcommands
commanddescription
deleteDelete configuration data
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
pathThe PCLI command that the alias will run. This must be an existing PCLI command but may contain a pipe (|), output redirection (> or >>), input redirection (< or <<), or the question mark to get help (?).
showShow configuration data for 'command'
table-filterFilter the output table to only include the specified columns. This is a case-insensitive match (and also excludes special characters such as dashes.)

configure authority pcli alias command path

The PCLI command that the alias will run. This must be an existing PCLI command but may contain a pipe (|), output redirection (> or >>), input redirection (< or <<), or the question mark to get help (?).

Usage

configure authority pcli alias command path [<string>]
Positional Arguments
namedescription
stringThe value to set for this field

Description

string

A text value.

Length: 1-18446744073709551615

configure authority pcli alias command table-filter

Filter the output table to only include the specified columns. This is a case-insensitive match (and also excludes special characters such as dashes.)

Usage

configure authority pcli alias command table-filter [<string>]
Positional Arguments
namedescription
stringValue to add to this list

Description

string

A text value.

Length: 1-18446744073709551615

configure authority pcli alias description

A short, one line, description of the alias. This will be displayed in the PCLI as part of the command's help text.

Usage

configure authority pcli alias description [<string>]
Positional Arguments
namedescription
stringThe value to set for this field

Description

string

A text value.

Length: 1-18446744073709551615

configure authority pcli alias path

The space-delimited path to the alias. This will be the text that a user must enter to run the alias.

Usage

configure authority pcli alias path [<string>]
Positional Arguments
namedescription
stringThe value to set for this field

Description

string

A text value.

Length: 1-18446744073709551615

configure authority pcli alias resource-group

Associate this PCLI alias with a top-level resource-group.

Usage

configure authority pcli alias resource-group [<resource-group-ref>]
Positional Arguments
namedescription
resource-group-refValue to add to this list

Description

resource-group-ref (leafref)

This type is used by other entities that need to reference configured resource groups.

configure authority performance-monitoring-profile

A performance monitoring profile used to determine how often packets should be marked.

Usage

configure authority performance-monitoring-profile <name>
Positional Arguments
namedescription
nameThe name of the performance monitoring profile.
Subcommands
commanddescription
deleteDelete configuration data
interval-durationRepresents the duration of a packet marking interval in milliseconds.
marking-countThe number of packets to mark within a given interval.
monitor-onlyCollect statistics without influencing packet processing features.
nameThe name of the performance monitoring profile.
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
resource-groupAssociate this performance monitoring profile with a top-level resource-group.
showShow configuration data for 'performance-monitoring-profile'

configure authority performance-monitoring-profile interval-duration

Represents the duration of a packet marking interval in milliseconds.

Usage

configure authority performance-monitoring-profile interval-duration [<uint32>]
Positional Arguments
namedescription
uint32The value to set for this field

Description

Units: milliseconds

Default: 10000

uint32

An unsigned 32-bit integer.

Range: 100-3600000

configure authority performance-monitoring-profile marking-count

The number of packets to mark within a given interval.

Usage

configure authority performance-monitoring-profile marking-count [<uint16>]
Positional Arguments
namedescription
uint16The value to set for this field

Description

Units: packets

Default: 100

uint16

An unsigned 16-bit integer.

Range: 1-32767

configure authority performance-monitoring-profile monitor-only

Collect statistics without influencing packet processing features.

Usage

configure authority performance-monitoring-profile monitor-only [<boolean>]
Positional Arguments
namedescription
booleanThe value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority performance-monitoring-profile name

The name of the performance monitoring profile.

Usage

configure authority performance-monitoring-profile name [<name-id>]
Positional Arguments
namedescription
name-idThe value to set for this field

Description

name-id (string)

A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters.

Must contain only alphanumeric characters or any of the following: _ - Length: 0-63

configure authority performance-monitoring-profile resource-group

Associate this performance monitoring profile with a top-level resource-group.

Usage

configure authority performance-monitoring-profile resource-group [<resource-group-ref>]
Positional Arguments
namedescription
resource-group-refValue to add to this list

Description

resource-group-ref (leafref)

This type is used by other entities that need to reference configured resource groups.

configure authority radius-server

Radius Servers against which to authenticate user credentials.

Usage

configure authority radius-server <name>
Positional Arguments
namedescription
nameThe name of the Radius server.
Subcommands
commanddescription
account-creationControl account creation behavior.
addressThe IP address or FQDN of the Radius server.
deleteDelete configuration data
nameThe name of the Radius server.
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
portThe port number Radius server listens on.
secretThe secret key to bind to the Radius server.
showShow configuration data for 'radius-server'
timeoutRadius Request Timeout.

configure authority radius-server account-creation

Control account creation behavior.

Usage

configure authority radius-server account-creation [<enumeration>]
Positional Arguments
namedescription
manual or automaticManual is the default value, requires the user to be created using create-user. Automatic allows remote users that exist only in Radius to connect to the device without needing a local account.

configure authority radius-server address

The IP address or FQDN of the Radius server.

Usage

configure authority radius-server address [<host>]
Positional Arguments
namedescription
hostThe value to set for this field

Description

host (union) (required)

The host type represents either an IP address or a DNS domain name.

Must be one of the following types:

(0) ip-address (union) (required)

The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-address (string) (required):

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string) (required):

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address. Must be a valid IPv6 address.

(1) domain-name (string) (required)

The domain-name type represents a DNS domain name. The name SHOULD be fully qualified whenever possible.

Internet domain names are only loosely specified. Section 3.5 of RFC 1034 recommends a syntax (modified in Section 2.1 of RFC 1123). The pattern above is intended to allow for current practice in domain name use, and some possible future expansion. It is designed to hold various types of domain names, including names used for A or AAAA records (host names) and other records, such as SRV records. Note that Internet host names have a stricter syntax (described in RFC 952) than the DNS recommendations in RFCs 1034 and 1123, and that systems that want to store host names in schema nodes using the domain-name type are recommended to adhere to this stricter standard to ensure interoperability.

The encoding of DNS names in the DNS protocol is limited to 255 characters. Since the encoding consists of labels prefixed by a length bytes and there is a trailing NULL byte, only 253 characters can appear in the textual dotted notation.

The description clause of schema nodes using the domain-name type MUST describe when and how these names are resolved to IP addresses. Note that the resolution of a domain-name value may require to query multiple DNS records (e.g., A for IPv4 and AAAA for IPv6). The order of the resolution process and which DNS record takes precedence can either be defined explicitely or it may depend on the configuration of the resolver.

Domain-name values use the US-ASCII encoding. Their canonical format uses lowercase US-ASCII characters. Internationalized domain names MUST be encoded in punycode as described in RFC 3492

Length: 1-253

configure authority radius-server name

The name of the Radius server.

Usage

configure authority radius-server name [<name-id>]
Positional Arguments
namedescription
name-idThe value to set for this field

Description

name-id (string)

A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters.

Must contain only alphanumeric characters or any of the following: _ - Length: 0-63

configure authority radius-server port

The port number Radius server listens on.

Usage

configure authority radius-server port [<port-number>]
Positional Arguments
namedescription
port-numberThe value to set for this field

Description

Default: 1812

port-number (uint16)

The port-number type represents a 16-bit port number of an Internet transport layer protocol such as UDP, TCP, DCCP, or SCTP. Port numbers are assigned by IANA. A current list of all assignments is available from <http://www.iana.org/>.

Note that the port number value zero is reserved by IANA. In situations where the value zero does not make sense, it can be excluded by subtyping the port-number type.

In the value set and its semantics, this type is equivalent to the InetPortNumber textual convention of the SMIv2.

Range: 0-65535

configure authority radius-server secret

The secret key to bind to the Radius server.

Usage

configure authority radius-server secret [<string>]
Positional Arguments
namedescription
stringThe value to set for this field

Description

string (required)

A text value.

Length: 1-16

configure authority radius-server timeout

Radius Request Timeout.

Usage

configure authority radius-server timeout [<uint32>]
Positional Arguments
namedescription
uint32The value to set for this field

Description

Units: seconds

Default: 3

uint32

An unsigned 32-bit integer.

Range: 1-86400

configure authority rekey-interval

Hours between security key regeneration. Recommended value 24 hours.

Usage

configure authority rekey-interval [<union>]
Positional Arguments
namedescription
unionThe value to set for this field

Description

Units: hours

Default: never

union

A value that corresponds to one of its member types.

Must be one of the following types:

(0) uint32

An unsigned 32-bit integer.

Range: 1-720

(1) enumeration

A value from a set of predefined names.

Options:

  • never: Never regenerate security keys

configure authority remote-login

Configure Remote Login

Subcommands
commanddescription
deleteDelete configuration data
enabledEnable remote login from a Conductor to managed assets.
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
showShow configuration data for 'remote-login'

configure authority remote-login enabled

Enable remote login from a Conductor to managed assets.

Usage

configure authority remote-login enabled [<boolean>]
Positional Arguments
namedescription
booleanThe value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority resource-group

Collect objects into a management group.

Usage

configure authority resource-group <name>
Positional Arguments
namedescription
nameThe name of the resource group.
Subcommands
commanddescription
deleteDelete configuration data
descriptionA description about the resource-group.
nameThe name of the resource group.
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
showShow configuration data for 'resource-group'

configure authority resource-group description

A description about the resource-group.

Usage

configure authority resource-group description [<string>]
Positional Arguments
namedescription
stringThe value to set for this field

Description

string

A text value.

configure authority resource-group name

The name of the resource group.

Usage

configure authority resource-group name [<string>]
Positional Arguments
namedescription
stringThe value to set for this field

Description

string

A text value.

Must be the single character '*' OR Must contain only alphanumeric characters or any of the following: _ - Length: 1-63

configure authority router

The router configuration element serves as a container for holding the nodes of a single deployed router, along with their policies.

Usage

configure authority router <name>
Positional Arguments
namedescription
nameAn identifier for the router.
Subcommands
commanddescription
administrative-groupAn identifier that associates this router with an administrative group.
application-identificationConfigure Application Identification
bfdBFD parameters for sessions between nodes within the router.
cloneClone a list item
conductor-addressIP address or FQDN of the conductor
deleteDelete configuration data
descriptionA human-readable string that allows administrators to describe this configuration.
dhcp-server-generated-address-poolThe address pool for KNI network-interfaces generated for dhcp-servers.
district-settingsPer-district settings for the router.
dns-configConfigure Dns Config
entitlementProject configuration for entitlement reporting.
half-open-connection-limitA limit on half-open TCP sessions.
icmp-probe-profileProfile for active ICMP probes for reachability-detection enforcement
idpAdvanced IDP configuration.
inter-node-securityThe name of the security policy used for inter node communication between router interfaces
locationA descriptive location for this SSR.
location-coordinatesThe geolocation of this router in ISO 6709 format. Some examples: (1) Degrees only: +50.20361-074.00417/ (2) Degrees and minutes: +5012.22-07400.25/ or (3) Degrees, minutes, and seconds: +501213.1-0740015.1/
maintenance-modeWhen enabled, the router will be in maintenance mode and alarms related to this router will be shelved.
management-service-generationConfigure Management Service Generation
max-inter-node-way-pointsMaximum number of way points to be allocated on inter-node path.
nameAn identifier for the router.
nat-poolA pool of shared NAT ports.
nodeList of one or two SSR software instances, comprising an SSR.
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
path-mtu-discoveryAutomatic path MTU discovery between nodes within the router.
peerDefines the properties associated with peer SSRs. The peer may be another router in the same authority or a router in a different authority
rate-limit-policyConfiguration for rate limiting policy for all associated service traffic across all interfaces on a given node, when configured within a service-class.
reachability-profileDefines a traffic profile for reachability-detection enforcement
redundancy-groupA group of redundant interfaces which will fail over together if one goes down for any reason.
resource-groupAssociate this router with a top-level resource-group.
reverse-flow-enforcementWhen to enforce biflow reverse fib entry check
reverse-packet-session-resiliencyParameters for setting session failover behavior without presence of forward traffic.
router-groupLogical group of routers for filtering services.
routingA router-level container for all of the routing policies associated with a given SSR deployment. Each routing element may have one and only one routing-instance.
service-routeDefines a route for a service or an instance of a service (server or service agent).
service-route-policyUsed to define the properties of service routes. These capabilities influence route selection when determining the optimal path for establishing new sessions.
showShow configuration data for 'router'
static-hostname-mappingMap hostnames to ip-address resolutions. These entries will be put in /etc/hosts. This will prevent DNS requests from being sent for these hostnames.
systemSystem group configuration. Lets administrators configure system-wide properties for their SSR deployment.
udp-transformUDP transform settings for interoperating with stateful TCP firewalls for nodes within the router.

configure authority router administrative-group

An identifier that associates this router with an administrative group.

Usage

configure authority router administrative-group [<name-id>]
Positional Arguments
namedescription
name-idValue to add to this list

Description

warning

administrative-group is deprecated and will be removed in a future software version

name-id (string)

A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters.

Must contain only alphanumeric characters or any of the following: _ - Length: 0-63

configure authority router application-identification

Configure Application Identification

Subcommands
commanddescription
application-director-cache-max-capacityThe maximum capacity for caching application-director requests
auto-updateAutomatic updating of application data
deleteDelete configuration data
max-capacityThe maximum capacity for resolved next-hops under a client
modeApplication learning modes.
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
per-app-metricsEnable per app classification metrics
showShow configuration data for 'application-identification'
summary-retentionConfigure Summary Retention
summary-trackingEnable session stats tracking by applications
use-application-director-in-memory-dbUse in-memory db
web-filteringEnhanced application identification with URL based filtering
write-intervalInterval to define how often analytics are calculated

configure authority router application-identification application-director-cache-max-capacity

The maximum capacity for caching application-director requests

Usage

configure authority router application-identification application-director-cache-max-capacity [<uint64>]
Positional Arguments
namedescription
uint64The value to set for this field

Description

Default: 10000

uint64

An unsigned 64-bit integer.

configure authority router application-identification auto-update

Automatic updating of application data

Subcommands
commanddescription
day-of-weekThe day of the week to perform updates
deleteDelete configuration data
enabledEnable updates
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
showShow configuration data for 'auto-update'
update-frequencyHow often to attempt to update
update-jitterThe max random jitter applied to the update time
update-timeThe hour of the day on the local system to fetch

configure authority router application-identification auto-update day-of-week

The day of the week to perform updates

Usage

configure authority router application-identification auto-update day-of-week [<enumeration>]
Positional Arguments
namedescription
enumerationThe value to set for this field

Description

enumeration

A value from a set of predefined names.

Options:

  • sun: Download each Sunday
  • mon: Download each Monday
  • tue: Download each Tuesday
  • wed: Download each Wednesday
  • thu: Download each Thursday
  • fri: Download each Friday
  • sat: Download each Saturday

configure authority router application-identification auto-update enabled

Enable updates

Usage

configure authority router application-identification auto-update enabled [<boolean>]
Positional Arguments
namedescription
booleanThe value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority router application-identification auto-update update-frequency

How often to attempt to update

Usage

configure authority router application-identification auto-update update-frequency [<enumeration>]
Positional Arguments
namedescription
enumerationThe value to set for this field

Description

Default: weekly

enumeration

A value from a set of predefined names.

Options:

  • daily: Download each day
  • weekly: Download each week
  • monthly: Download each month

configure authority router application-identification auto-update update-jitter

The max random jitter applied to the update time

Usage

configure authority router application-identification auto-update update-jitter [<uint8>]
Positional Arguments
namedescription
uint8The value to set for this field

Description

Default: 15

uint8

An unsigned 8-bit integer.

Range: 0-30

configure authority router application-identification auto-update update-time

The hour of the day on the local system to fetch

Usage

configure authority router application-identification auto-update update-time [<uint8>]
Positional Arguments
namedescription
uint8The value to set for this field

Description

Default: 2

uint8

An unsigned 8-bit integer.

Range: 0-23

configure authority router application-identification max-capacity

The maximum capacity for resolved next-hops under a client

Usage

configure authority router application-identification max-capacity [<uint64>]
Positional Arguments
namedescription
uint64The value to set for this field

Description

Default: 10000

uint64

An unsigned 64-bit integer.

configure authority router application-identification mode

Application learning modes.

Usage

configure authority router application-identification mode [<enumeration>]
Positional Arguments
namedescription
enumerationValue to add to this list

Description

enumeration

A value from a set of predefined names.

Options:

  • module: Learn application via modules.
  • tls: Learn application via TLS server name parsing.
  • http: Learn application via HTTP host name parsing.
  • all: Learn application via any available techniques.

configure authority router application-identification per-app-metrics

Enable per app classification metrics

Usage

configure authority router application-identification per-app-metrics [<boolean>]
Positional Arguments
namedescription
booleanThe value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority router application-identification summary-retention

Configure Summary Retention

Subcommands
commanddescription
deleteDelete configuration data
durationHow long the AppID documents should be stored
enabledEnable persistence of app summary to the DB for UI and other uses
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
showShow configuration data for 'summary-retention'

configure authority router application-identification summary-retention duration

How long the AppID documents should be stored

Usage

configure authority router application-identification summary-retention duration [<duration>]
Positional Arguments
namedescription
durationThe value to set for this field

Description

Default: 24h

duration (string)

A simple time duration. Valid units are s - seconds, m - minutes, h - hours, and d - days: 5s, 10m, 24h, 15d

Must be a duration with units of seconds, minutes, hours, or days. e.g. 5s, 10m, 23h, 5d

configure authority router application-identification summary-retention enabled

Enable persistence of app summary to the DB for UI and other uses

Usage

configure authority router application-identification summary-retention enabled [<boolean>]
Positional Arguments
namedescription
booleanThe value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority router application-identification summary-tracking

Enable session stats tracking by applications

Usage

configure authority router application-identification summary-tracking [<boolean>]
Positional Arguments
namedescription
booleanThe value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority router application-identification use-application-director-in-memory-db

Use in-memory db

Usage

configure authority router application-identification use-application-director-in-memory-db [<boolean>]
Positional Arguments
namedescription
booleanThe value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router application-identification web-filtering

Enhanced application identification with URL based filtering

Subcommands
commanddescription
classify-sessionConfigure Classify Session
deleteDelete configuration data
enabledWhether web filtering should be enabled
max-retransmission-attempts-before-allowMaximum number of retransmission packet attempts having a category cache miss before allowing session to continue
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
showShow configuration data for 'web-filtering'

configure authority router application-identification web-filtering classify-session

Configure Classify Session

Subcommands
commanddescription
deleteDelete configuration data
max-cache-sizeThe maximum size for the in-memory cache that stores url data
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
retriesThe maximum retries for client to request for classifying the session
showShow configuration data for 'classify-session'
timeoutMaximum time in seconds that can be taken for classifying the session

configure authority router application-identification web-filtering classify-session max-cache-size

The maximum size for the in-memory cache that stores url data

Usage

configure authority router application-identification web-filtering classify-session max-cache-size [<uint32>]
Positional Arguments
namedescription
uint32The value to set for this field

Description

Default: 1000

uint32

An unsigned 32-bit integer.

Range: 1-500000

configure authority router application-identification web-filtering classify-session retries

The maximum retries for client to request for classifying the session

Usage

configure authority router application-identification web-filtering classify-session retries [<uint32>]
Positional Arguments
namedescription
uint32The value to set for this field

Description

Default: 3

uint32

An unsigned 32-bit integer.

Range: 1-50

configure authority router application-identification web-filtering classify-session timeout

Maximum time in seconds that can be taken for classifying the session

Usage

configure authority router application-identification web-filtering classify-session timeout [<uint32>]
Positional Arguments
namedescription
uint32The value to set for this field

Description

Units: seconds

Default: 5

uint32

An unsigned 32-bit integer.

Range: 1-1000

configure authority router application-identification web-filtering enabled

Whether web filtering should be enabled

Usage

configure authority router application-identification web-filtering enabled [<boolean>]
Positional Arguments
namedescription
booleanThe value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router application-identification web-filtering max-retransmission-attempts-before-allow

Maximum number of retransmission packet attempts having a category cache miss before allowing session to continue

Usage

configure authority router application-identification web-filtering max-retransmission-attempts-before-allow [<uint8>]
Positional Arguments
namedescription
uint8The value to set for this field

Description

Units: packets

Default: 4

uint8

An unsigned 8-bit integer.

Range: 1-100

configure authority router application-identification write-interval

Interval to define how often analytics are calculated

Usage

configure authority router application-identification write-interval [<duration>]
Positional Arguments
namedescription
durationThe value to set for this field

Description

Default: 1m

duration (string)

A simple time duration. Valid units are s - seconds, m - minutes, h - hours, and d - days: 5s, 10m, 24h, 15d

Must be a duration with units of seconds, minutes, hours, or days. e.g. 5s, 10m, 23h, 5d

configure authority router bfd

BFD parameters for sessions between nodes within the router.

Subcommands
commanddescription
authentication-typeDescribes the authentication type used in BFD packets
deleteDelete configuration data
desired-tx-intervalRepresents the frequency with which BFD asynchronous control packets are sent to peer nodes/routers.
dscpThe DSCP value to use with BFD packets.
dynamic-dampingWhen enabled, extend the hold-down time if additional link flaps occur during the hold-down period.
hold-down-timeRepresents the hold-down time. If dynamic-damping is enabled, this is the initial hold-down time.
link-test-intervalThis represents the interval between BFD echo tests sent to the peer node/router.
link-test-lengthThis is the number of packets sent during one test cycle. A value of 0 disables BFD echo tests.
maximum-hold-down-timeRepresents the maximum hold-down time of dynamic-damping exponential backoff. If the hold-down-time hits the maximum three times in a row, it will reset back to the original value.
multiplierNumber of consecutive missed messages from a peer before deciding that the link between them is unusable. Valid range is (3,20).
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
required-min-rx-intervalRepresents the minimum interval between BFD asynchronous control packets that this router is capable of supporting.
showShow configuration data for 'bfd'
stateWhen enabled, run BFD between all nodes within the router.

configure authority router bfd authentication-type

Describes the authentication type used in BFD packets

Usage

configure authority router bfd authentication-type [<enumeration>]
Positional Arguments
namedescription
enumerationThe value to set for this field

Description

Default: sha256

enumeration

A value from a set of predefined names.

Options:

  • simple: Simple Password
  • sha256: SHA256

configure authority router bfd desired-tx-interval

Represents the frequency with which BFD asynchronous control packets are sent to peer nodes/routers.

Usage

configure authority router bfd desired-tx-interval [<uint32>]
Positional Arguments
namedescription
uint32The value to set for this field

Description

Units: milliseconds

Default: 1000

uint32

An unsigned 32-bit integer.

Range: 50-600000

configure authority router bfd dscp

The DSCP value to use with BFD packets.

Usage

configure authority router bfd dscp [<dscp>]
Positional Arguments
namedescription
dscpThe value to set for this field

Description

Default: 0

dscp (uint8)

A DSCP value (0-63)

Range: 0-63

configure authority router bfd dynamic-damping

When enabled, extend the hold-down time if additional link flaps occur during the hold-down period.

Usage

configure authority router bfd dynamic-damping [<enumeration>]
Positional Arguments
namedescription
enumerationThe value to set for this field

Description

Default: disabled

enumeration

A value from a set of predefined names.

Options:

  • enabled: Extend hold-down time exponentially if link flaps occur during hold-down time.
  • disabled: Use simple hold-down timer for every link up event.

configure authority router bfd hold-down-time

Represents the hold-down time. If dynamic-damping is enabled, this is the initial hold-down time.

Usage

configure authority router bfd hold-down-time [<uint32>]
Positional Arguments
namedescription
uint32The value to set for this field

Description

Units: seconds

Default: 5

uint32

An unsigned 32-bit integer.

Range: 1-300

This represents the interval between BFD echo tests sent to the peer node/router.

Usage

configure authority router bfd link-test-interval [<uint32>]
Positional Arguments
namedescription
uint32The value to set for this field

Description

Units: seconds

Default: 10

uint32

An unsigned 32-bit integer.

Range: 1-86400

This is the number of packets sent during one test cycle. A value of 0 disables BFD echo tests.

Usage

configure authority router bfd link-test-length [<uint8>]
Positional Arguments
namedescription
uint8The value to set for this field

Description

Units: packets

Default: 10

uint8

An unsigned 8-bit integer.

Range: 0-255

configure authority router bfd maximum-hold-down-time

Represents the maximum hold-down time of dynamic-damping exponential backoff. If the hold-down-time hits the maximum three times in a row, it will reset back to the original value.

Usage

configure authority router bfd maximum-hold-down-time [<uint32>]
Positional Arguments
namedescription
uint32The value to set for this field

Description

Units: seconds

Default: 3600

uint32

An unsigned 32-bit integer.

Range: 1-86400

configure authority router bfd multiplier

Number of consecutive missed messages from a peer before deciding that the link between them is unusable. Valid range is (3,20).

Usage

configure authority router bfd multiplier [<uint8>]
Positional Arguments
namedescription
uint8The value to set for this field

Description

Default: 3

uint8

An unsigned 8-bit integer.

Range: 3-20

configure authority router bfd required-min-rx-interval

Represents the minimum interval between BFD asynchronous control packets that this router is capable of supporting.

Usage

configure authority router bfd required-min-rx-interval [<uint32>]
Positional Arguments
namedescription
uint32The value to set for this field

Description

Units: milliseconds

Default: 1000

uint32

An unsigned 32-bit integer.

configure authority router bfd state

When enabled, run BFD between all nodes within the router.

Usage

configure authority router bfd state [<enumeration>]
Positional Arguments
namedescription
enumerationThe value to set for this field

Description

Default: enabled

enumeration

A value from a set of predefined names.

Options:

  • enabled: BFD is enabled on all nodes of this router.
  • disabled: BFD is disabled on all nodes of this router.

configure authority router conductor-address

IP address or FQDN of the conductor

Usage

configure authority router conductor-address [<hostv4>]
Positional Arguments
namedescription
hostv4Value to add to this list

Description

hostv4 (union)

The host type represents either an IPv4 address or a DNS domain name.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) domain-name (string)

The domain-name type represents a DNS domain name. The name SHOULD be fully qualified whenever possible.

Internet domain names are only loosely specified. Section 3.5 of RFC 1034 recommends a syntax (modified in Section 2.1 of RFC 1123). The pattern above is intended to allow for current practice in domain name use, and some possible future expansion. It is designed to hold various types of domain names, including names used for A or AAAA records (host names) and other records, such as SRV records. Note that Internet host names have a stricter syntax (described in RFC 952) than the DNS recommendations in RFCs 1034 and 1123, and that systems that want to store host names in schema nodes using the domain-name type are recommended to adhere to this stricter standard to ensure interoperability.

The encoding of DNS names in the DNS protocol is limited to 255 characters. Since the encoding consists of labels prefixed by a length bytes and there is a trailing NULL byte, only 253 characters can appear in the textual dotted notation.

The description clause of schema nodes using the domain-name type MUST describe when and how these names are resolved to IP addresses. Note that the resolution of a domain-name value may require to query multiple DNS records (e.g., A for IPv4 and AAAA for IPv6). The order of the resolution process and which DNS record takes precedence can either be defined explicitely or it may depend on the configuration of the resolver.

Domain-name values use the US-ASCII encoding. Their canonical format uses lowercase US-ASCII characters. Internationalized domain names MUST be encoded in punycode as described in RFC 3492

Length: 1-253

configure authority router description

A human-readable string that allows administrators to describe this configuration.

Usage

configure authority router description [<string>]
Positional Arguments
namedescription
stringThe value to set for this field

Description

string

A text value.

configure authority router dhcp-server-generated-address-pool

The address pool for KNI network-interfaces generated for dhcp-servers.

Usage

configure authority router dhcp-server-generated-address-pool [<ipv4-prefix>]
Positional Arguments
namedescription
ipv4-prefixThe value to set for this field

Description

Default: 169.254.130.0/24

ipv4-prefix (string)

The ipv4-prefix type represents an IPv4 address prefix. The prefix length is given by the number following the slash character and must be less than or equal to 32.

A prefix length value of n corresponds to an IP address mask that has n contiguous 1-bits from the most significant bit (MSB) and all other bits set to 0.

The canonical format of an IPv4 prefix has all bits of the IPv4 address set to zero that are not part of the IPv4 prefix.

configure authority router district-settings

Per-district settings for the router.

Usage

configure authority router district-settings <district-name>
Positional Arguments
namedescription
district-nameName of the district.
Subcommands
commanddescription
deleteDelete configuration data
district-nameName of the district.
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
showShow configuration data for 'district-settings'
step-peer-path-sla-metrics-advertisementSTEP advertisement settings for peer path SLA metrics.

configure authority router district-settings district-name

Name of the district.

Usage

configure authority router district-settings district-name [<district-name>]
Positional Arguments
namedescription
district-nameThe value to set for this field

Description

district-name (string)

A text value.

Must contain only alphanumeric characters or any of the following: _ - Length: 0-63

configure authority router district-settings step-peer-path-sla-metrics-advertisement

STEP advertisement settings for peer path SLA metrics.

Subcommands
commanddescription
deleteDelete configuration data
minimum-update-intervalMinimum (burst) interval in between updating peer path SLA metric values advertised in STEP
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
showShow configuration data for 'step-peer-path-sla-metrics-advertisement'
update-burst-sizeLimit on the number of peer path SLA metric value updates advertised in STEP at the minimum (burst) update interval.
update-rate-limitRate limit interval in between updating peer path SLA metric values advertised in STEP

configure authority router district-settings step-peer-path-sla-metrics-advertisement minimum-update-interval

Minimum (burst) interval in between updating peer path SLA metric values advertised in STEP

Usage

configure authority router district-settings step-peer-path-sla-metrics-advertisement minimum-update-interval [<uint32>]
Positional Arguments
namedescription
uint32The value to set for this field

Description

Units: seconds

Default: 30

uint32

An unsigned 32-bit integer.

Range: 0-86400

configure authority router district-settings step-peer-path-sla-metrics-advertisement update-burst-size

Limit on the number of peer path SLA metric value updates advertised in STEP at the minimum (burst) update interval.

Usage

configure authority router district-settings step-peer-path-sla-metrics-advertisement update-burst-size [<uint8>]
Positional Arguments
namedescription
uint8The value to set for this field

Description

Default: 2

uint8

An unsigned 8-bit integer.

Range: 1-100

configure authority router district-settings step-peer-path-sla-metrics-advertisement update-rate-limit

Rate limit interval in between updating peer path SLA metric values advertised in STEP

Usage

configure authority router district-settings step-peer-path-sla-metrics-advertisement update-rate-limit [<uint32>]
Positional Arguments
namedescription
uint32The value to set for this field

Description

Units: seconds

Default: 180

uint32

An unsigned 32-bit integer.

Range: 1-86400

configure authority router dns-config

Configure Dns Config

Usage

configure authority router dns-config <mode>
Positional Arguments
namedescription
modeMode of DNS server configuration.
Subcommands
commanddescription
addressAddress of servers to use for DNS queries.
deleteDelete configuration data
modeMode of DNS server configuration.
moveMove list items
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
showShow configuration data for 'dns-config'

configure authority router dns-config address

Address of servers to use for DNS queries.

Usage

configure authority router dns-config address [<ip-address>]
Positional Arguments
namedescription
ip-addressValue to add to this list

Description

ip-address (union)

The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

configure authority router dns-config mode

Mode of DNS server configuration.

Usage

configure authority router dns-config mode [<enumeration>]
Positional Arguments
namedescription
enumerationThe value to set for this field

Description

enumeration

A value from a set of predefined names.

Options:

  • static: Static list of DNS nameservers
  • automatic: Populate DNS nameservers from learned sources

configure authority router entitlement

Project configuration for entitlement reporting.

Subcommands
commanddescription
deleteDelete configuration data
descriptionA description of the project.
idProject identifier.
max-bandwidthPurchased bandwidth for the project.
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
showShow configuration data for 'entitlement'

configure authority router entitlement description

A description of the project.

Usage

configure authority router entitlement description [<string>]
Positional Arguments
namedescription
stringThe value to set for this field

Description

string

A text value.

configure authority router entitlement id

Project identifier.

Usage

configure authority router entitlement id [<entitlement-project-id>]
Positional Arguments
namedescription
entitlement-project-idThe value to set for this field

Description

Default: trial

entitlement-project-id (string)

Indicates that an enclosing leaf represents the project ID for entitlement.

configure authority router entitlement max-bandwidth

Purchased bandwidth for the project.

Usage

configure authority router entitlement max-bandwidth [<uint64>]
Positional Arguments
namedescription
uint64The value to set for this field

Description

Units: bits/second

Default: 0

uint64

An unsigned 64-bit integer.

configure authority router half-open-connection-limit

A limit on half-open TCP sessions.

Usage

configure authority router half-open-connection-limit [<union>]
Positional Arguments
namedescription
unionThe value to set for this field

Description

Default: unlimited

union

A value that corresponds to one of its member types.

Must be one of the following types:

(0) uint32

An unsigned 32-bit integer.

Range: 100-4294967295

(1) enumeration

A value from a set of predefined names.

Options:

  • unlimited: No limit on this value

configure authority router icmp-probe-profile

Profile for active ICMP probes for reachability-detection enforcement

Usage

configure authority router icmp-probe-profile <name>
Positional Arguments
namedescription
nameName of the ICMP probe profile
Subcommands
commanddescription
deleteDelete configuration data
nameName of the ICMP probe profile
number-of-attemptsNumber of consecutive ICMP ping requests to be sent within the probe-duration before deciding that destination is unreachable
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
probe-addressAddress to send ICMP ping requests to
probe-durationDuration within which to reach the destination. Each attempt will be made in (probe-duration / number-of-attempts) interval
probe-failure-triggerControl how failure to ping probe-addresses impacts state.
probe-intervalDuration of how often to perform a link test to the destination
showShow configuration data for 'icmp-probe-profile'
sla-metricsSLA-metrics requirements for ICMP ping

configure authority router icmp-probe-profile name

Name of the ICMP probe profile

Usage

configure authority router icmp-probe-profile name [<string>]
Positional Arguments
namedescription
stringThe value to set for this field

Description

string

A text value.

configure authority router icmp-probe-profile number-of-attempts

Number of consecutive ICMP ping requests to be sent within the probe-duration before deciding that destination is unreachable

Usage

configure authority router icmp-probe-profile number-of-attempts [<uint8>]
Positional Arguments
namedescription
uint8The value to set for this field

Description

Default: 4

uint8

An unsigned 8-bit integer.

Range: 1-20

configure authority router icmp-probe-profile probe-address

Address to send ICMP ping requests to

Usage

configure authority router icmp-probe-profile probe-address [<ip-address>]
Positional Arguments
namedescription
ip-addressValue to add to this list

Description

ip-address (union) (required)

The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-address (string) (required)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string) (required)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

configure authority router icmp-probe-profile probe-duration

Duration within which to reach the destination. Each attempt will be made in (probe-duration / number-of-attempts) interval

Usage

configure authority router icmp-probe-profile probe-duration [<uint8>]
Positional Arguments
namedescription
uint8The value to set for this field

Description

Units: seconds

Default: 1

uint8

An unsigned 8-bit integer.

Range: 1-10

configure authority router icmp-probe-profile probe-failure-trigger

Control how failure to ping probe-addresses impacts state.

Usage

configure authority router icmp-probe-profile probe-failure-trigger [<enumeration>]
Positional Arguments
namedescription
enumerationThe value to set for this field

Description

Default: any

enumeration

A value from a set of predefined names.

Options:

  • any: Failure to ping any probe-address brings state down.
  • all: Failure to ping all probe-addresses brings state down.

configure authority router icmp-probe-profile probe-interval

Duration of how often to perform a link test to the destination

Usage

configure authority router icmp-probe-profile probe-interval [<uint32>]
Positional Arguments
namedescription
uint32The value to set for this field

Description

Units: seconds

Default: 10

uint32

An unsigned 32-bit integer.

Range: 1-3600

configure authority router icmp-probe-profile sla-metrics

SLA-metrics requirements for ICMP ping

Subcommands
commanddescription
deleteDelete configuration data
latencyConfigure Latency
max-lossThe amount of acceptable loss on the link. Determined by sending number-of-attempts ICMP requests and waiting probe-duration for response
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
showShow configuration data for 'sla-metrics'

configure authority router icmp-probe-profile sla-metrics latency

Configure Latency

Subcommands
commanddescription
deleteDelete configuration data
maxMaximum acceptable latency based on the ping test
meanThe maximum acceptable mean latency based on the ping test
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
showShow configuration data for 'latency'

configure authority router icmp-probe-profile sla-metrics latency max

Maximum acceptable latency based on the ping test

Usage

configure authority router icmp-probe-profile sla-metrics latency max [<uint32>]
Positional Arguments
namedescription
uint32The value to set for this field

Description

Units: milliseconds

Default: 250

uint32

An unsigned 32-bit integer.

configure authority router icmp-probe-profile sla-metrics latency mean

The maximum acceptable mean latency based on the ping test

Usage

configure authority router icmp-probe-profile sla-metrics latency mean [<uint32>]
Positional Arguments
namedescription
uint32The value to set for this field

Description

Units: milliseconds

Default: 100

uint32

An unsigned 32-bit integer.

configure authority router icmp-probe-profile sla-metrics max-loss

The amount of acceptable loss on the link. Determined by sending number-of-attempts ICMP requests and waiting probe-duration for response

Usage

configure authority router icmp-probe-profile sla-metrics max-loss [<percentage>]
Positional Arguments
namedescription
percentageThe value to set for this field

Description

Units: percent

Default: 10

percentage (uint8)

Integer indicating a percentage value

Range: 0-100

configure authority router idp

Advanced IDP configuration.

Subcommands
commanddescription
bypass-enabledIDP config to enable/disable bypass
deleteDelete configuration data
modeIDP config management mode
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
showShow configuration data for 'idp'

configure authority router idp bypass-enabled

IDP config to enable/disable bypass

Usage

configure authority router idp bypass-enabled [<boolean>]
Positional Arguments
namedescription
booleanThe value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority router idp mode

IDP config management mode

Usage

configure authority router idp mode [<enumeration>]
Positional Arguments
namedescription
enumerationThe value to set for this field

Description

Default: auto

enumeration

A value from a set of predefined names.

Options:

  • auto: Automatically toggle IDP based on idp-policies
  • disabled: Disable IDP
  • spoke: Enable spoke mode for IDP
  • hub: Enable hub mode for IDP

configure authority router inter-node-security

The name of the security policy used for inter node communication between router interfaces

Usage

configure authority router inter-node-security [<security-ref>]
Positional Arguments
namedescription
security-refThe value to set for this field

Description

security-ref (leafref) (required)

This type is used by other entities that need to reference configured security policies.

configure authority router location

A descriptive location for this SSR.

Usage

configure authority router location [<string>]
Positional Arguments
namedescription
stringThe value to set for this field

Description

string

A text value.

configure authority router location-coordinates

The geolocation of this router in ISO 6709 format. Some examples: (1) Degrees only: +50.20361-074.00417/ (2) Degrees and minutes: +5012.22-07400.25/ or (3) Degrees, minutes, and seconds: +501213.1-0740015.1/

Usage

configure authority router location-coordinates [<geolocation>]
Positional Arguments
namedescription
geolocationThe value to set for this field

Description

geolocation (string)

Geolocation in ISO 6709 format.

Must be a geographic coordinate in ISO-6709 format. Example: +50.1-074.1/

configure authority router maintenance-mode

When enabled, the router will be in maintenance mode and alarms related to this router will be shelved.

Usage

configure authority router maintenance-mode [<boolean>]
Positional Arguments
namedescription
booleanThe value to set for this field

Description

boolean

A true or false value.

Options: true or false

configure authority router management-service-generation

Configure Management Service Generation

Subcommands
commanddescription
deleteDelete configuration data
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
proxyEnable/disable proxy of public to private conductor addresses
service-policyService policy to be used instead of auto-generated service policy.
service-route-typeStrategy to generate service-routes for management services.
showShow configuration data for 'management-service-generation'

configure authority router management-service-generation proxy

Enable/disable proxy of public to private conductor addresses

Usage

configure authority router management-service-generation proxy [<boolean>]
Positional Arguments
namedescription
booleanThe value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router management-service-generation service-policy

Service policy to be used instead of auto-generated service policy.

Usage

configure authority router management-service-generation service-policy [<service-policy-ref>]
Positional Arguments
namedescription
service-policy-refThe value to set for this field

Description

service-policy-ref (leafref)

This type is used by other entities that need to reference configured service policies.

configure authority router management-service-generation service-route-type

Strategy to generate service-routes for management services.

Usage

configure authority router management-service-generation service-route-type [<enumeration>]
Positional Arguments
namedescription
enumerationThe value to set for this field

Description

Default: paths-as-next-hop

enumeration

A value from a set of predefined names.

Options:

  • paths-as-next-hop: Generate paths on a node as next-hops
  • paths-as-service-route: Generate paths on a node as service-route

configure authority router max-inter-node-way-points

Maximum number of way points to be allocated on inter-node path.

Usage

configure authority router max-inter-node-way-points [<uint32>]
Positional Arguments
namedescription
uint32The value to set for this field

Description

Default: 50000

warning

A restart is required if max-inter-node-way-points is created, modified, or deleted

uint32

An unsigned 32-bit integer.

Range: 50000-1000000

configure authority router name

An identifier for the router.

Usage

configure authority router name [<reserved-name-id>]
Positional Arguments
namedescription
reserved-name-idThe value to set for this field

Description

warning

A restart is required if the name is created or deleted

reserved-name-id (string)

A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters, and cannot be the words 'all', 'any', or 'unknown'.

Must contain only alphanumeric characters or any of the following: _ - Length: 0-63

configure authority router nat-pool

A pool of shared NAT ports.

Usage

configure authority router nat-pool <name>
Positional Arguments
namedescription
nameAn identifier for the NAT Pool.
Subcommands
commanddescription
address-poolDefines the NAT prefix and ports in the pool.
cloneClone a list item
deleteDelete configuration data
moveMove list items
nameAn identifier for the NAT Pool.
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
showShow configuration data for 'nat-pool'

configure authority router nat-pool address-pool

Defines the NAT prefix and ports in the pool.

Usage

configure authority router nat-pool address-pool <address>
Positional Arguments
namedescription
addressIP Prefix for the pool of NAT ports.
Subcommands
commanddescription
addressIP Prefix for the pool of NAT ports.
deleteDelete configuration data
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
pool-typeType of NAT pool
showShow configuration data for 'address-pool'
tenant-nameTenant for which this nat pool is applied

configure authority router nat-pool address-pool address

IP Prefix for the pool of NAT ports.

Usage

configure authority router nat-pool address-pool address [<ip-prefix>]
Positional Arguments
namedescription
ip-prefixThe value to set for this field

Description

ip-prefix (union)

The ip-prefix type represents an IP prefix and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-prefix (string)

The ipv4-prefix type represents an IPv4 address prefix. The prefix length is given by the number following the slash character and must be less than or equal to 32.

A prefix length value of n corresponds to an IP address mask that has n contiguous 1-bits from the most significant bit (MSB) and all other bits set to 0.

The canonical format of an IPv4 prefix has all bits of the IPv4 address set to zero that are not part of the IPv4 prefix.

(1) ipv6-prefix (string)

The ipv6-prefix type represents an IPv6 address prefix. The prefix length is given by the number following the slash character and must be less than or equal 128.

A prefix length value of n corresponds to an IP address mask that has n contiguous 1-bits from the most significant bit (MSB) and all other bits set to 0.

The IPv6 address should have all bits that do not belong to the prefix set to zero.

The canonical format of an IPv6 prefix has all bits of the IPv6 address set to zero that are not part of the IPv6 prefix. Furthermore, IPv6 address is represented in the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

configure authority router nat-pool address-pool pool-type

Type of NAT pool

Usage

configure authority router nat-pool address-pool pool-type [<enumeration>]
Positional Arguments
namedescription
enumerationThe value to set for this field

Description

Default: static

enumeration

A value from a set of predefined names.

Options:

  • static: Static IP assignment per endpoint
  • dynamic: Dynamic IP & port assignment per session

configure authority router nat-pool address-pool tenant-name

Tenant for which this nat pool is applied

Usage

configure authority router nat-pool address-pool tenant-name [<tenant-ref>]
Positional Arguments
namedescription
tenant-refValue to add to this list

Description

tenant-ref (leafref)

This type is used by other entities that need to reference configured tenants.

configure authority router nat-pool name

An identifier for the NAT Pool.

Usage

configure authority router nat-pool name [<string>]
Positional Arguments
namedescription
stringThe value to set for this field

Description

string

A text value.

Must contain only alphanumeric characters or any of the following: _ - Length: 0-63

configure authority router node

List of one or two SSR software instances, comprising an SSR.

Usage

configure authority router node <name>
Positional Arguments
namedescription
nameAn arbitrary, unique name for the node, used to reference it in other configuration sections. This MUST match the name in the local initialization file.
Subcommands
commanddescription
asset-idA unique identifier of an SSR node used for automated provisioning
asset-validation-enabledValidate that the asset is suitable to run SSR.
cloneClone a list item
deleteDelete configuration data
descriptionA description about the node.
device-interfaceList of physical or virtual interfaces in the node.
enabledEnable/disable the whole node.
forwarding-core-countThe number of CPU cores to dedicate to traffic forwarding when using 'manual' forwarding core mode.
forwarding-core-modeThe method by which the number of CPU cores dedicated to traffic forwarding should be determined.
ipfixNode specific IPFIX configuration
locationA text description of the node's physical location.
loopback-addressThe loopback IP address to use for management traffic originating on this node when routed via SVR.
nameAn arbitrary, unique name for the node, used to reference it in other configuration sections. This MUST match the name in the local initialization file.
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
port-forwardingConfiguration for establishing local port-forwarding to remote server.
power-saverAllow the traffic forwarding cores to sleep when there is no traffic to process
radiusRadius authentication parameters for this node.
reachability-detectionLayer 2 reachability detection
roleThe node's role in the SSR system.
session-processor-countThe number of threads to use for session processing when using 'manual' session-processor mode.
session-processor-modeThe method by which the number of threads used for session processing should be determined.
session-setup-scalingWhether or not to enable session setup scaling.
showShow configuration data for 'node'
ssh-keepaliveConfigure Ssh Keepalive
top-sessionsViews of top sessions by an ordering criteria.

configure authority router node asset-id

A unique identifier of an SSR node used for automated provisioning

Usage

configure authority router node asset-id [<asset-id>]
Positional Arguments
namedescription
asset-idThe value to set for this field

Description

asset-id (string)

A unique identifier of an SSR node.

Must not contain repeating, leading, or ending '_' character

configure authority router node asset-validation-enabled

Validate that the asset is suitable to run SSR.

Usage

configure authority router node asset-validation-enabled [<boolean>]
Positional Arguments
namedescription
booleanThe value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority router node description

A description about the node.

Usage

configure authority router node description [<string>]
Positional Arguments
namedescription
stringThe value to set for this field

Description

string

A text value.

configure authority router node device-interface

List of physical or virtual interfaces in the node.

Usage

configure authority router node device-interface <name>
Positional Arguments
namedescription
nameA unique name identifier for the physical or virtual interface, used to reference it in other configuration sections and show commands.
Subcommands
commanddescription
bond-settingsConfigure Bond Settings
bridge-nameAn optional bridge name to be used for the bridging the kni and target interfaces. If no name is specified, one will be auto-generated
capture-filterFilter to be used when matching packets on this device interface. Uses Berkeley Packet Filter (BPF) syntax.
cloneClone a list item
deleteDelete configuration data
descriptionA description of the device-interface.
enabledWhether this interface is administratively enabled.
forwardingWhether this interface is used for forwarding traffic.
interface-nameThe interface name associated with the OS network device.
link-settingsEthernet link settings on the interface
lldpLink Layer Description Protocol settings
load-balancingConfigure Load Balancing
lteConfigure Lte
nameA unique name identifier for the physical or virtual interface, used to reference it in other configuration sections and show commands.
network-interfaceList of network interfaces for the device-interface.
network-namespaceThe network namespace in which this network interface will be located
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
parent-bondThe bond type interface that this interface is grouped with.
pci-addressThe PCI address of the device. Only relevant if type is ethernet.
pppoeConfigure Pppoe
promiscuous-modeEnables promiscuous mode on the interface.
q-in-qEnables Q-in-Q encapsulation
reinsert-vlanEnables reinsertion of NIC-stripped VLAN on ingress packets, on supported devices.
session-optimizationConfigure Session Optimization
shared-phys-addressVirtual MAC address for interface redundancy.
showShow configuration data for 'device-interface'
sriov-vlan-filterEnables VLAN filtering on supported SR-IOV devices.
strip-vlanEnables VLAN stripping on ingress packets on supported devices.
target-interfaceSpecifies the name of an external interface to be automatically bridged to a logical interface.
traffic-engineeringConfigure Traffic Engineering
typeType of interface.
vmbus-uuidThe VMBus UUID of the network device. Hyper-V Environment only. Only relevant if type is ethernet.
vrrpParameters for Interface Redundancy using Virtual Router Redundancy Protocol (VRRP).

configure authority router node device-interface bond-settings

Configure Bond Settings

Subcommands
commanddescription
deleteDelete configuration data
lacp-enableUse 802.3ad LACP protocol for the Bond.
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
showShow configuration data for 'bond-settings'

configure authority router node device-interface bond-settings lacp-enable

Use 802.3ad LACP protocol for the Bond.

Usage

configure authority router node device-interface bond-settings lacp-enable [<boolean>]
Positional Arguments
namedescription
booleanThe value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority router node device-interface bridge-name

An optional bridge name to be used for the bridging the kni and target interfaces. If no name is specified, one will be auto-generated

Usage

configure authority router node device-interface bridge-name [<bridge-name>]
Positional Arguments
namedescription
bridge-nameThe value to set for this field

Description

bridge-name (string)

A string identifier for bridge-name which only uses alphanumerics, underscores, or dashes, and cannot exceed 15 characters.

Must contain only alphanumeric characters, start with a alphabet and can contain any of the following: _ - Length: 0-15

configure authority router node device-interface capture-filter

Filter to be used when matching packets on this device interface. Uses Berkeley Packet Filter (BPF) syntax.

Usage

configure authority router node device-interface capture-filter [<string>]
Positional Arguments
namedescription
stringValue to add to this list

Description

string

A text value.

configure authority router node device-interface description

A description of the device-interface.

Usage

configure authority router node device-interface description [<string>]
Positional Arguments
namedescription
stringThe value to set for this field

Description

string

A text value.

configure authority router node device-interface enabled

Whether this interface is administratively enabled.

Usage

configure authority router node device-interface enabled [<boolean>]
Positional Arguments
namedescription
booleanThe value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority router node device-interface forwarding

Whether this interface is used for forwarding traffic.

Usage

configure authority router node device-interface forwarding [<boolean>]
Positional Arguments
namedescription
booleanThe value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority router node device-interface interface-name

The interface name associated with the OS network device.

Usage

configure authority router node device-interface interface-name [<string>]
Positional Arguments
namedescription
stringThe value to set for this field

Description

string

A text value.

Ethernet link settings on the interface

Usage

configure authority router node device-interface link-settings [<enumeration>]
Positional Arguments
namedescription
enumerationThe value to set for this field

Description

Default: auto

enumeration

A value from a set of predefined names.

Options:

  • auto: Use auto-negotation for the Ethernet link
  • 10Mbps-half: Force the Ethernet link to 10 Mbps half duplex
  • 10Mbps-full: Force the Ethernet link to 10 Mbps full duplex
  • 100Mbps-half: Force the Ethernet link to 100 Mbps half duplex
  • 100Mbps-full: Force the Ethernet link to 100 Mbps full duplex

configure authority router node device-interface lldp

Link Layer Description Protocol settings

Subcommands
commanddescription
advertisement-intervalThe frequency of sending LLDP advertisements.
deleteDelete configuration data
enabledWhether or not LLDP sending and receiving is enabled on this device.
hold-multiplierThe multiplier to apply to the advertisement-interval when setting the LLDP TTL.
modeThe mode in which LLDP operates on the interface
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
showShow configuration data for 'lldp'

configure authority router node device-interface lldp advertisement-interval

The frequency of sending LLDP advertisements.

Usage

configure authority router node device-interface lldp advertisement-interval [<uint32>]
Positional Arguments
namedescription
uint32The value to set for this field

Description

Units: seconds

Default: 120

uint32

An unsigned 32-bit integer.

Range: 1-86400

configure authority router node device-interface lldp enabled

Whether or not LLDP sending and receiving is enabled on this device.

Usage

configure authority router node device-interface lldp enabled [<boolean>]
Positional Arguments
namedescription
booleanThe value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority router node device-interface lldp hold-multiplier

The multiplier to apply to the advertisement-interval when setting the LLDP TTL.

Usage

configure authority router node device-interface lldp hold-multiplier [<uint8>]
Positional Arguments
namedescription
uint8The value to set for this field

Description

Default: 4

uint8

An unsigned 8-bit integer.

Range: 2-10

configure authority router node device-interface lldp mode

The mode in which LLDP operates on the interface

Usage

configure authority router node device-interface lldp mode [<enumeration>]
Positional Arguments
namedescription
enumerationThe value to set for this field

Description

Default: disabled

warning

mode is deprecated and will be removed in a future software version

enumeration

A value from a set of predefined names.

Options:

  • disabled: Disable LLDP
  • receive-only: Receive and process incoming LLDP packets
  • enabled: Enable sending and receiving LLDP packets

configure authority router node device-interface load-balancing

Configure Load Balancing

Subcommands
commanddescription
deleteDelete configuration data
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
showShow configuration data for 'load-balancing'
utilization-high-water-markPercentage of allowed bandwidth utilization above which this interface will no longer be considered for load balancing.
utilization-low-water-markPercentage of allowed bandwidth utilization below which this interface will be reconsidered for load balancing.

configure authority router node device-interface load-balancing utilization-high-water-mark

Percentage of allowed bandwidth utilization above which this interface will no longer be considered for load balancing.

Usage

configure authority router node device-interface load-balancing utilization-high-water-mark [<percentage>]
Positional Arguments
namedescription
percentageThe value to set for this field

Description

Units: percent

Default: 100

percentage (uint8)

Integer indicating a percentage value

Range: 0-100

configure authority router node device-interface load-balancing utilization-low-water-mark

Percentage of allowed bandwidth utilization below which this interface will be reconsidered for load balancing.

Usage

configure authority router node device-interface load-balancing utilization-low-water-mark [<percentage>]
Positional Arguments
namedescription
percentageThe value to set for this field

Description

Units: percent

Default: 80

percentage (uint8)

Integer indicating a percentage value

Range: 0-100

configure authority router node device-interface lte

Configure Lte

Subcommands
commanddescription
apn-nameName of the access point to connect to the LTE network.
authenticationConfigure Authentication
carrier-imageName of the carrier-image to load the SIM card with.
deleteDelete configuration data
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
showShow configuration data for 'lte'

configure authority router node device-interface lte apn-name

Name of the access point to connect to the LTE network.

Usage

configure authority router node device-interface lte apn-name [<string>]
Positional Arguments
namedescription
stringThe value to set for this field

Description

string (required)

A text value.

configure authority router node device-interface lte authentication

Configure Authentication

Subcommands
commanddescription
authentication-protocolAuthentication protocol used to authenticate the user.
deleteDelete configuration data
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
passwordPassword required to connect to the LTE network.
showShow configuration data for 'authentication'
user-nameUsername required to connect to the LTE network.

configure authority router node device-interface lte authentication authentication-protocol

Authentication protocol used to authenticate the user.

Usage

configure authority router node device-interface lte authentication authentication-protocol [<enumeration>]
Positional Arguments
namedescription
enumerationThe value to set for this field

Description

enumeration (required)

A value from a set of predefined names.

Options:

  • chap: Challenge-Handshake Authentication Protocol.
  • pap: Password Authentication Protocol.

configure authority router node device-interface lte authentication password

Password required to connect to the LTE network.

Usage

configure authority router node device-interface lte authentication password [<password>]
Positional Arguments
namedescription
passwordThe value to set for this field

Description

password (string) (required)

A password type that is hidden from the UI. The internal storage format is dependent on the individual field.

configure authority router node device-interface lte authentication user-name

Username required to connect to the LTE network.

Usage

configure authority router node device-interface lte authentication user-name [<string>]
Positional Arguments
namedescription
stringThe value to set for this field

Description

string (required)

A text value.

configure authority router node device-interface lte carrier-image

Name of the carrier-image to load the SIM card with.

Usage

configure authority router node device-interface lte carrier-image [<union>]
Positional Arguments
namedescription
unionThe value to set for this field

Description

Default: none

union

A value that corresponds to one of its member types.

Must be one of the following types:

(0) enumeration

A value from a set of predefined names.

Options:

  • none: Leave the current image alone.
  • auto: Automatically set the image to match the carrier network.
(1) string

A text value.

configure authority router node device-interface name

A unique name identifier for the physical or virtual interface, used to reference it in other configuration sections and show commands.

Usage

configure authority router node device-interface name [<device-name>]
Positional Arguments
namedescription
device-nameThe value to set for this field

Description

device-name (string)

A string identifier for device-interface which only uses alphanumerics, underscores, dashes, or slashes, and cannot exceed 12 characters.

Must contain only alphanumeric characters or any of the following: _ - Length: 0-12

configure authority router node device-interface network-interface

List of network interfaces for the device-interface.

Usage

configure authority router node device-interface network-interface <name>
Positional Arguments
namedescription
nameAn arbitrary, unique name for the interface, used to reference it in other configuration sections.
Subcommands
commanddescription
addressThe list of IP addresses (along with subnet prefix length) on the interface.
adjacencyA list of adjacent routers.
bidirectional-natDefines the prefixes that need to be static natted in both directions.
billing-rateNumeric rate of currency associated with the interface. When the billing-rate is flat the field indicated rate per day. When the billing-rate is metered the field indicates rate per byte.
billing-typeBilling type associated with the interface.
carrierCarrier associated with the interface.
cloneClone a list item
conductorWhether the interface is used for communicating with the conductor.
default-routeWhether the interface is used as default-route for non-forwarding interfaces.
deleteDelete configuration data
descriptionA description about the interface.
dhcpWhether this interface acquires IP address and other parameter via DHCP
dhcp-delayed-auth-keyThe key used to generate the HMAC-MD5 value.
dhcp-delayed-auth-key-idThe key identifier that identifies the key used to generate the HMAC-MD5 value.
dhcp-delayed-auth-realmThe DHCP realm that identifies the key used to generate the HMAC-MD5 value.
dhcp-reconfig-auth-algorithmThe algorithm used by the Reconfigure Key authentication protocol to authenticate prefix-delegation messages.
dscp-mapMapping of DSCP values to priorities.
dscp-steeringConfigure Dscp Steering
egress-source-nat-poolIndicates whether source address and port translation (NAPT) is performed for flows egressing the interface to the final destination.
enforced-mssMaximum allowed value for maximum segment size (MSS) on this interface.
ethernet-over-svrL2 Bridge this network interface is assigned to.
filter-ruleA rule for dropping packets.
global-idGlobal Interface Id (GIID) used in next-hop egress interface for routing data. All instances of a redundant interface will have the same GIID.
host-serviceThe host-service configuration is a service hosted by a router node.
hostnameHostname for the interface. This is an optional fully-qualified domain name (FQDN).
icmpEnable/disable ICMP Blackhole
ifcfg-optionInterface config options for non-forwarding interfaces
ingress-source-nat-poolIndicates whether source address (and optional port) translation is performed for flows targetted towards an inter-router peer. In this case, the nat will be applied on the ingress router as opposed to the final egress router.
inter-router-securityThe name of the security policy used for inbound inter-router traffic.
managementAllow management traffic to be sent over this interface
management-vectorVector configuration for non-forwarding interfaces
moveMove list items
mtuThe maximum transmission unit (MTU) for packets sent on the interface.
multicast-listenersEnables the sending of IGMP and MLD queries on this interface.
multicast-report-proxyEnables the forwarding of IGMP and MLD joins/leaves/reports to valid multicast services to this network interface. These must come from other network interfaces which allow multicast listeners.
nameAn arbitrary, unique name for the interface, used to reference it in other configuration sections.
neighborA list of mappings from IP addresses to physical addresses. Entries in this list are used as static entries in the ARP cache.
neighborhoodThe neighborhoods to which this interface belongs.
off-subnet-arp-prefixAddress(es) for which the router will respond to ARP requests.
off-subnet-reverse-arp-mac-learningWhen enabled, the source MAC address of the packet will be used for reverse traffic for off-subnet source ip address.
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
prefix-delegationEnable/disable IPv6 Prefix Delegation Client.
prefix-delegation-authenticationWhether prefix-delegation messages are authenticated.
prefix-delegation-groupThe name to identify a prefix-delegation group within which the pd-client interface will request a prefix and all the internal interfaces will be assigned a global address from this prefix based on their subnet-ids.
prefix-delegation-subnet-idThe identifier of a subnet within a prefix-delegation group which is used to construct a global IPv6 address for an internal interface.
preserve-dscpControls if DSCP bits are preserved on this interface.
prioritization-modeControls how packets received on this interface are prioritized.
qp-valueQuality points value that represents the 'quality' of the network the interface is connected to. It used for selecting egress interface based on the service class required minimum quality points.
reverse-arp-mac-learningControls whether the source MAC address of the packet can be used for reverse traffic when ARP is unresolved.
rewrite-dscpControls if DSCP bits are rewritten on this interface.
router-advertisementEnable/disable IPv6 router advertisement to advertise the prefix learned via DHCPv6-PD.
showShow configuration data for 'network-interface'
source-natIndicates whether source address and port translation (NAPT) is performed for flows egressing the interface to the final destination.
tenantTenant to which this interface belongs.
tenant-prefixesTenant to source prefix mapping.
tunnelConfigure Tunnel
typeType of network that the interface is connected to. Type is fabric for inter-node traffic, external for regular traffic, and shared for both fabric and external.
vlanThe VLAN id for the interface (0 for no VLAN, otherwise 1-4094).

configure authority router node device-interface network-interface address

The list of IP addresses (along with subnet prefix length) on the interface.

Usage

configure authority router node device-interface network-interface address <ip-address>
Positional Arguments
namedescription
ip-addressThe IP address on the interface.
Subcommands
commanddescription
cloneClone a list item
deleteDelete configuration data
gatewayOptional gateway for destinations outside the subnet of the interface.
host-serviceThe host-service configuration is a service hosted by a router node.
in-subnet-arp-prefixAddress(es) for which the router will respond to ARP requests.
ip-addressThe IP address on the interface.
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
ppp-peer-ipPPP Peer IP address for interfaces like T1.
prefix-lengthThe length of the subnet prefix.
showShow configuration data for 'address'
utility-ip-addressUtility IP address used for purposes other than forwarding traffic.

configure authority router node device-interface network-interface address gateway

Optional gateway for destinations outside the subnet of the interface.

Usage

configure authority router node device-interface network-interface address gateway [<ip-address>]
Positional Arguments
namedescription
ip-addressThe value to set for this field

Description

ip-address (union)

The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

configure authority router node device-interface network-interface address host-service

The host-service configuration is a service hosted by a router node.

Usage

configure authority router node device-interface network-interface address host-service <service-type>
Positional Arguments
namedescription
service-typeThe type of hosted service
Subcommands
commanddescription
access-policyList of access policies by address prefix, QSN or tenant and prefix.
address-poolAddress pool for allocation by the DHCP server
authoritativeWhether this is the authoritative DHCP server in the network. If true, server will respond to requests with NAK where appropriate according to RFC 2131
cloneClone a list item
deleteDelete configuration data
descriptionA description about the hosted service.
echo-client-idWhether the client id should be echoed in DHCP server responses as specified in RFC 6842 or not as specified in the original RFC 2131.
enabledEnable/disable for host services
max-lease-timeMaximum lease time for leases allocated to clients.
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
server-nameServer name that identifies the DHCP server to clients.
service-typeThe type of hosted service
showShow configuration data for 'host-service'
static-assignmentStatic assignment(s) for DHCP configuration for a specific client
transportThe transport protocol(s) and port(s) for the service.

configure authority router node device-interface network-interface address host-service access-policy

List of access policies by address prefix, QSN or tenant and prefix.

Usage

configure authority router node device-interface network-interface address host-service access-policy <source>
Positional Arguments
namedescription
sourceThe source QSN or address(es) to which the policy applies. For a QSN, this may be a tenant, service-group, or service, or a combination there of. The following forms are valid: tenant tenant/service-group/ tenant/service-group/service tenant/service /service-group/ /service-group/service /service
Subcommands
commanddescription
deleteDelete configuration data
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
permissionWhether or not to allow access to the service.
showShow configuration data for 'access-policy'
sourceThe source QSN or address(es) to which the policy applies. For a QSN, this may be a tenant, service-group, or service, or a combination there of. The following forms are valid: tenant tenant/service-group/ tenant/service-group/service tenant/service /service-group/ /service-group/service /service

configure authority router node device-interface network-interface address host-service access-policy permission

Whether or not to allow access to the service.

Usage

configure authority router node device-interface network-interface address host-service access-policy permission [<access-mode>]
Positional Arguments
namedescription
access-modeThe value to set for this field

Description

Default: allow

access-mode (enumeration)

Enumeration defining whether access is allowed or denied.

Options:

  • allow: Allow access.
  • deny: Deny access.

configure authority router node device-interface network-interface address host-service access-policy source

The source QSN or address(es) to which the policy applies. For a QSN, this may be a tenant, service-group, or service, or a combination there of. The following forms are valid: tenant tenant/service-group/ tenant/service-group/service tenant/service /service-group/ /service-group/service /service

Usage

configure authority router node device-interface network-interface address host-service access-policy source [<source-spec>]
Positional Arguments
namedescription
source-specThe value to set for this field

Description

source-spec (union)

A source address prefix, QSN, service-group or combination of tenant-name and prefix.

Must be one of the following types:

(0) ip-prefix (union)

The ip-prefix type represents an IP prefix and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-prefix (string):

The ipv4-prefix type represents an IPv4 address prefix. The prefix length is given by the number following the slash character and must be less than or equal to 32.

A prefix length value of n corresponds to an IP address mask that has n contiguous 1-bits from the most significant bit (MSB) and all other bits set to 0.

The canonical format of an IPv4 prefix has all bits of the IPv4 address set to zero that are not part of the IPv4 prefix.

(1) ipv6-prefix (string):

The ipv6-prefix type represents an IPv6 address prefix. The prefix length is given by the number following the slash character and must be less than or equal 128.

A prefix length value of n corresponds to an IP address mask that has n contiguous 1-bits from the most significant bit (MSB) and all other bits set to 0.

The IPv6 address should have all bits that do not belong to the prefix set to zero.

The canonical format of an IPv6 prefix has all bits of the IPv6 address set to zero that are not part of the IPv6 prefix. Furthermore, IPv6 address is represented in the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

(1) qsn (string)

Qualified Service Name in the form: tenant[.authority][/[service-group/]service]

Must contain only alphanumeric characters or any of the following: / . _ - Required format: 'Tenant[.Authority[/ServiceGroup[/Service]]]'. No forward slash-delimited segment can exceed 62 characters.(e.g., Engineering.Authority128/Video/private_conferencing). Length: 1-1024

(2) service-spec (string)

Service group and service name portion of a Qualified Service Name.

Must contain only alphanumeric characters or any of the following: - _ / . Required format: '/groupLabel1[/groupLabel2[/groupLabel3...]]'. No forward slash-delimited segment can exceed 62 characters. Length: 0-127

(3) tenant-prefix (string)

A string identifier for a tenant prefix. Consists of a valid tenant name, followed by @ and a valid IP Address.

Must contain a valid tenant name, followed by @ and a valid IP Address. Length: 0-280

configure authority router node device-interface network-interface address host-service address-pool

Address pool for allocation by the DHCP server

Usage

configure authority router node device-interface network-interface address host-service address-pool <start-address>
Positional Arguments
namedescription
start-addressStart of address pool.
Subcommands
commanddescription
cloneClone a list item
customCustom DHCP options to be provided to clients.
deleteDelete configuration data
domain-nameDomain name provided to clients.
domain-serverDomain name server address(es) provided to clients in priority order.
end-addressEnd of address pool.
interface-mtuInterface MTU provided to clients.
moveMove list items
ntp-serverNTP server address(es) provided to clients in priority order.
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
pop-serverPOP server address(es) provided to clients in priority order.
routerGateway router address(es) provided to clients in priority order.
showShow configuration data for 'address-pool'
smtp-serverSMTP server address(es) provided to clients in priority order.
start-addressStart of address pool.
static-assignmentStatic assignment(s) for DHCP configuration for a specific client
static-routeStatic route(s) provided to clients. Note that for default routes the router option should be used.
tenantTenant to which clients will be assigned.
vendor-identifying-vendor-specific-informationVendor-Identifying Vendor-Specific Information Options (Option 125) to be provided to clients [RFC3925].
vendor-specific-informationVendor-Specific Information Options (Option 43) to be provided to clients [RFC2132].

configure authority router node device-interface network-interface address host-service address-pool custom

Custom DHCP options to be provided to clients.

Usage

configure authority router node device-interface network-interface address host-service address-pool custom <code>
Positional Arguments
namedescription
codeThe code of the custom DHCP option.
Subcommands
commanddescription
codeThe code of the custom DHCP option.
deleteDelete configuration data
descriptionA description of the custom DHCP option.
encoded-typeThe encoded type of the custom option.
moveMove list items
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
quantityThe allowed quantity of the custom option values.
showShow configuration data for 'custom'
valueThe value(s) of custom option to be provided to clients.

configure authority router node device-interface network-interface address host-service address-pool custom code

The code of the custom DHCP option.

Usage

configure authority router node device-interface network-interface address host-service address-pool custom code [<uint16>]
Positional Arguments
namedescription
uint16The value to set for this field

Description

uint16

An unsigned 16-bit integer.

Range: 0-65535

configure authority router node device-interface network-interface address host-service address-pool custom description

A description of the custom DHCP option.

Usage

configure authority router node device-interface network-interface address host-service address-pool custom description [<string>]
Positional Arguments
namedescription
stringThe value to set for this field

Description

string

A text value.

configure authority router node device-interface network-interface address host-service address-pool custom encoded-type

The encoded type of the custom option.

Usage

configure authority router node device-interface network-interface address host-service address-pool custom encoded-type [<enumeration>]
Positional Arguments
namedescription
enumerationThe value to set for this field

Description

Default: string

enumeration

A value from a set of predefined names.

Options:

  • string
  • uint8
  • uint16
  • uint32
  • boolean
  • ipv4-address
  • int32
  • binary: A continuous string of hexadecimal digits with a '0x' prefix. Valid examples are '0xabcdef' and '0x123456'.

configure authority router node device-interface network-interface address host-service address-pool custom move value

The value(s) of custom option to be provided to clients.

Usage

configure authority router node device-interface network-interface address host-service address-pool custom move value [force] <value> <position> [<relative-to>]
Keyword Arguments
namedescription
forceSkip confirmation prompt
Positional Arguments
namedescription
valueValue to move
positionfirst | last | before | after
relative-toValue before or after which to move

configure authority router node device-interface network-interface address host-service address-pool custom quantity

The allowed quantity of the custom option values.

Usage

configure authority router node device-interface network-interface address host-service address-pool custom quantity [<enumeration>]
Positional Arguments
namedescription
enumerationThe value to set for this field

Description

Default: singular

enumeration

A value from a set of predefined names.

Options:

  • singular
  • array

configure authority router node device-interface network-interface address host-service address-pool custom value

The value(s) of custom option to be provided to clients.

Usage

configure authority router node device-interface network-interface address host-service address-pool custom value [<string>]
Positional Arguments
namedescription
stringValue to add to this list

Description

string (required)

A text value.

configure authority router node device-interface network-interface address host-service address-pool domain-name

Domain name provided to clients.

Usage

configure authority router node device-interface network-interface address host-service address-pool domain-name [<string>]
Positional Arguments
namedescription
stringThe value to set for this field

Description

string

A text value.

configure authority router node device-interface network-interface address host-service address-pool domain-server

Domain name server address(es) provided to clients in priority order.

Usage

configure authority router node device-interface network-interface address host-service address-pool domain-server [<ip-address>]
Positional Arguments
namedescription
ip-addressValue to add to this list

Description

ip-address (union)

The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

configure authority router node device-interface network-interface address host-service address-pool end-address

End of address pool.

Usage

configure authority router node device-interface network-interface address host-service address-pool end-address [<ip-address>]
Positional Arguments
namedescription
ip-addressThe value to set for this field

Description

ip-address (union)

The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

configure authority router node device-interface network-interface address host-service address-pool interface-mtu

Interface MTU provided to clients.

Usage

configure authority router node device-interface network-interface address host-service address-pool interface-mtu [<uint16>]
Positional Arguments
namedescription
uint16The value to set for this field

Description

uint16

An unsigned 16-bit integer.

Range: 68-9198

configure authority router node device-interface network-interface address host-service address-pool ntp-server

NTP server address(es) provided to clients in priority order.

Usage

configure authority router node device-interface network-interface address host-service address-pool ntp-server [<ip-address>]
Positional Arguments
namedescription
ip-addressValue to add to this list

Description

The order of elements matters.

ip-address (union)

The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

configure authority router node device-interface network-interface address host-service address-pool pop-server

POP server address(es) provided to clients in priority order.

Usage

configure authority router node device-interface network-interface address host-service address-pool pop-server [<ip-address>]
Positional Arguments
namedescription
ip-addressValue to add to this list

Description

The order of elements matters.

ip-address (union)

The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

configure authority router node device-interface network-interface address host-service address-pool router

Gateway router address(es) provided to clients in priority order.

Usage

configure authority router node device-interface network-interface address host-service address-pool router [<ip-address>]
Positional Arguments
namedescription
ip-addressValue to add to this list

Description

The order of elements matters.

ip-address (union)

The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

configure authority router node device-interface network-interface address host-service address-pool smtp-server

SMTP server address(es) provided to clients in priority order.

Usage

configure authority router node device-interface network-interface address host-service address-pool smtp-server [<ip-address>]
Positional Arguments
namedescription
ip-addressValue to add to this list

Description

The order of elements matters.

ip-address (union)

The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

configure authority router node device-interface network-interface address host-service address-pool start-address

Start of address pool.

Usage

configure authority router node device-interface network-interface address host-service address-pool start-address [<ip-address>]
Positional Arguments
namedescription
ip-addressThe value to set for this field

Description

ip-address (union)

The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

configure authority router node device-interface network-interface address host-service address-pool static-assignment

Static assignment(s) for DHCP configuration for a specific client

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment <address>
Positional Arguments
namedescription
addressAddress for static assignment of this client.
Subcommands
commanddescription
addressAddress for static assignment of this client.
circuit-identifierDHCP circuit identifier option (RFC3046) identifying this client.
client-identifierDHCP client identifier option identifying this client.
cloneClone a list item
customCustom DHCP options to be provided to clients.
deleteDelete configuration data
descriptionA description of the static DHCP assignment.
domain-nameDomain name provided to clients.
domain-serverDomain name server address(es) provided to clients in priority order.
interface-mtuInterface MTU provided to clients.
link-layer-addressMAC address identifying this client.
moveMove list items
ntp-serverNTP server address(es) provided to clients in priority order.
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
pop-serverPOP server address(es) provided to clients in priority order.
routerGateway router address(es) provided to clients in priority order.
showShow configuration data for 'static-assignment'
smtp-serverSMTP server address(es) provided to clients in priority order.
static-routeStatic route(s) provided to clients. Note that for default routes the router option should be used.
tenantTenant to which clients will be assigned.
vendor-identifying-vendor-specific-informationVendor-Identifying Vendor-Specific Information Options (Option 125) to be provided to clients [RFC3925].
vendor-specific-informationVendor-Specific Information Options (Option 43) to be provided to clients [RFC2132].

configure authority router node device-interface network-interface address host-service address-pool static-assignment address

Address for static assignment of this client.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment address [<ip-address>]
Positional Arguments
namedescription
ip-addressThe value to set for this field

Description

ip-address (union)

The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

configure authority router node device-interface network-interface address host-service address-pool static-assignment circuit-identifier

DHCP circuit identifier option (RFC3046) identifying this client.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment circuit-identifier [<string>]
Positional Arguments
namedescription
stringThe value to set for this field

Description

string

A text value.

configure authority router node device-interface network-interface address host-service address-pool static-assignment client-identifier

DHCP client identifier option identifying this client.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment client-identifier [<string>]
Positional Arguments
namedescription
stringThe value to set for this field

Description

string

A text value.

configure authority router node device-interface network-interface address host-service address-pool static-assignment custom

Custom DHCP options to be provided to clients.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment custom <code>
Positional Arguments
namedescription
codeThe code of the custom DHCP option.
Subcommands
commanddescription
codeThe code of the custom DHCP option.
deleteDelete configuration data
descriptionA description of the custom DHCP option.
encoded-typeThe encoded type of the custom option.
moveMove list items
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
quantityThe allowed quantity of the custom option values.
showShow configuration data for 'custom'
valueThe value(s) of custom option to be provided to clients.

configure authority router node device-interface network-interface address host-service address-pool static-assignment custom code

The code of the custom DHCP option.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment custom code [<uint16>]
Positional Arguments
namedescription
uint16The value to set for this field

Description

uint16

An unsigned 16-bit integer.

Range: 0-65535

configure authority router node device-interface network-interface address host-service address-pool static-assignment custom description

A description of the custom DHCP option.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment custom description [<string>]
Positional Arguments
namedescription
stringThe value to set for this field

Description

string

A text value.

configure authority router node device-interface network-interface address host-service address-pool static-assignment custom encoded-type

The encoded type of the custom option.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment custom encoded-type [<enumeration>]
Positional Arguments
namedescription
enumerationThe value to set for this field

Description

Default: string

enumeration

A value from a set of predefined names.

Options:

  • string
  • uint8
  • uint16
  • uint32
  • boolean
  • ipv4-address
  • int32
  • binary: A continuous string of hexadecimal digits with a '0x' prefix. Valid examples are '0xabcdef' and '0x123456'.

configure authority router node device-interface network-interface address host-service address-pool static-assignment custom quantity

The allowed quantity of the custom option values.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment custom quantity [<enumeration>]
Positional Arguments
namedescription
enumerationThe value to set for this field

Description

Default: singular

enumeration

A value from a set of predefined names.

Options:

  • singular
  • array

configure authority router node device-interface network-interface address host-service address-pool static-assignment custom value

The value(s) of custom option to be provided to clients.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment custom value [<string>]
Positional Arguments
namedescription
stringValue to add to this list

Description

string (required)

A text value.

configure authority router node device-interface network-interface address host-service address-pool static-assignment description

A description of the static DHCP assignment.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment description [<string>]
Positional Arguments
namedescription
stringThe value to set for this field

Description

string

A text value.

configure authority router node device-interface network-interface address host-service address-pool static-assignment domain-name

Domain name provided to clients.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment domain-name [<string>]
Positional Arguments
namedescription
stringThe value to set for this field

Description

string

A text value.

configure authority router node device-interface network-interface address host-service address-pool static-assignment domain-server

Domain name server address(es) provided to clients in priority order.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment domain-server [<ip-address>]
Positional Arguments
namedescription
ip-addressValue to add to this list

Description

The order of elements matters.

ip-address (union)

The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

configure authority router node device-interface network-interface address host-service address-pool static-assignment interface-mtu

Interface MTU provided to clients.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment interface-mtu [<uint16>]
Positional Arguments
namedescription
uint16The value to set for this field

Description

uint16

An unsigned 16-bit integer.

Range: 68-9198

MAC address identifying this client.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment link-layer-address [<mac-address>]
Positional Arguments
namedescription
mac-addressThe value to set for this field

Description

mac-address (string)

The mac-address type represents an IEEE 802 MAC address. The canonical representation uses lowercase characters.

In the value set and its semantics, this type is equivalent to the MacAddress textual convention of the SMIv2.

configure authority router node device-interface network-interface address host-service address-pool static-assignment ntp-server

NTP server address(es) provided to clients in priority order.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment ntp-server [<ip-address>]
Positional Arguments
namedescription
ip-addressValue to add to this list

Description

The order of elements matters.

ip-address (union)

The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

configure authority router node device-interface network-interface address host-service address-pool static-assignment pop-server

POP server address(es) provided to clients in priority order.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment pop-server [<ip-address>]
Positional Arguments
namedescription
ip-addressValue to add to this list

Description

The order of elements matters.

ip-address (union)

The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

configure authority router node device-interface network-interface address host-service address-pool static-assignment router

Gateway router address(es) provided to clients in priority order.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment router [<ip-address>]
Positional Arguments
namedescription
ip-addressValue to add to this list

Description

The order of elements matters.

ip-address (union)

The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

configure authority router node device-interface network-interface address host-service address-pool static-assignment smtp-server

SMTP server address(es) provided to clients in priority order.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment smtp-server [<ip-address>]
Positional Arguments
namedescription
ip-addressValue to add to this list

Description

The order of elements matters.

ip-address (union)

The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

configure authority router node device-interface network-interface address host-service address-pool static-assignment static-route

Static route(s) provided to clients. Note that for default routes the router option should be used.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment static-route <destination-address>
Positional Arguments
namedescription
destination-addressDestination address of static route.
Subcommands
commanddescription
deleteDelete configuration data
destination-addressDestination address of static route.
gatewayGateway address of static route.
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
showShow configuration data for 'static-route'

configure authority router node device-interface network-interface address host-service address-pool static-assignment static-route destination-address

Destination address of static route.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment static-route destination-address [<non-default-ip-address>]
Positional Arguments
namedescription
non-default-ip-addressThe value to set for this field

Description

non-default-ip-address (union)

A non-default IPv4 or IPv6 address

Must be one of the following types:

(0) non-default-ipv4-address (string)

A non-default IPv4 address

Must be a valid IPv4 address.

(1) non-default-ipv6-address (string)

A non-default IPv6 address

Must be a valid IPv4 address.

configure authority router node device-interface network-interface address host-service address-pool static-assignment static-route gateway

Gateway address of static route.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment static-route gateway [<ip-address>]
Positional Arguments
namedescription
ip-addressThe value to set for this field

Description

ip-address (union) (required)

The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-address (string) (required)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string) (required)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

configure authority router node device-interface network-interface address host-service address-pool static-assignment tenant

Tenant to which clients will be assigned.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment tenant [<tenant-ref>]
Positional Arguments
namedescription
tenant-refThe value to set for this field

Description

tenant-ref (leafref)

This type is used by other entities that need to reference configured tenants.

configure authority router node device-interface network-interface address host-service address-pool static-assignment vendor-identifying-vendor-specific-information

Vendor-Identifying Vendor-Specific Information Options (Option 125) to be provided to clients [RFC3925].

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment vendor-identifying-vendor-specific-information <enterprise-number> <code>
Positional Arguments
namedescription
enterprise-numberThe vendor's registered 32-bit Enterprise Number as registered with IANA.
codeThe code of the custom DHCP option.
Subcommands
commanddescription
codeThe code of the custom DHCP option.
deleteDelete configuration data
descriptionA description of the custom DHCP option.
encoded-typeThe encoded type of the custom option.
enterprise-numberThe vendor's registered 32-bit Enterprise Number as registered with IANA.
moveMove list items
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
quantityThe allowed quantity of the custom option values.
showShow configuration data for 'vendor-identifying-vendor-specific-information'
valueThe value(s) of custom option to be provided to clients.

configure authority router node device-interface network-interface address host-service address-pool static-assignment vendor-identifying-vendor-specific-information code

The code of the custom DHCP option.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment vendor-identifying-vendor-specific-information code [<uint16>]
Positional Arguments
namedescription
uint16The value to set for this field

Description

uint16

An unsigned 16-bit integer.

Range: 0-65535

configure authority router node device-interface network-interface address host-service address-pool static-assignment vendor-identifying-vendor-specific-information description

A description of the custom DHCP option.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment vendor-identifying-vendor-specific-information description [<string>]
Positional Arguments
namedescription
stringThe value to set for this field

Description

string

A text value.

configure authority router node device-interface network-interface address host-service address-pool static-assignment vendor-identifying-vendor-specific-information encoded-type

The encoded type of the custom option.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment vendor-identifying-vendor-specific-information encoded-type [<enumeration>]
Positional Arguments
namedescription
enumerationThe value to set for this field

Description

Default: string

enumeration

A value from a set of predefined names.

Options:

  • string
  • uint8
  • uint16
  • uint32
  • boolean
  • ipv4-address
  • int32
  • binary: A continuous string of hexadecimal digits with a '0x' prefix. Valid examples are '0xabcdef' and '0x123456'.

configure authority router node device-interface network-interface address host-service address-pool static-assignment vendor-identifying-vendor-specific-information enterprise-number

The vendor's registered 32-bit Enterprise Number as registered with IANA.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment vendor-identifying-vendor-specific-information enterprise-number [<uint32>]
Positional Arguments
namedescription
uint32The value to set for this field

configure authority router node device-interface network-interface address host-service address-pool static-assignment vendor-identifying-vendor-specific-information quantity

The allowed quantity of the custom option values.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment vendor-identifying-vendor-specific-information quantity [<enumeration>]
Positional Arguments
namedescription
enumerationThe value to set for this field

Description

Default: singular

enumeration

A value from a set of predefined names.

Options:

  • singular
  • array

configure authority router node device-interface network-interface address host-service address-pool static-assignment vendor-identifying-vendor-specific-information value

The value(s) of custom option to be provided to clients.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment vendor-identifying-vendor-specific-information value [<string>]
Positional Arguments
namedescription
stringValue to add to this list

Description

The order of elements matters.

string (required)

A text value.

configure authority router node device-interface network-interface address host-service address-pool static-assignment vendor-specific-information

Vendor-Specific Information Options (Option 43) to be provided to clients [RFC2132].

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment vendor-specific-information <code>
Positional Arguments
namedescription
codeThe code of the custom DHCP option.
Subcommands
commanddescription
codeThe code of the custom DHCP option.
deleteDelete configuration data
descriptionA description of the custom DHCP option.
encoded-typeThe encoded type of the custom option.
moveMove list items
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
quantityThe allowed quantity of the custom option values.
showShow configuration data for 'vendor-specific-information'
valueThe value(s) of custom option to be provided to clients.

configure authority router node device-interface network-interface address host-service address-pool static-assignment vendor-specific-information code

The code of the custom DHCP option.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment vendor-specific-information code [<uint16>]
Positional Arguments
namedescription
uint16The value to set for this field

Description

uint16

An unsigned 16-bit integer.

Range: 0-65535

configure authority router node device-interface network-interface address host-service address-pool static-assignment vendor-specific-information description

A description of the custom DHCP option.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment vendor-specific-information description [<string>]
Positional Arguments
namedescription
stringThe value to set for this field

Description

string

A text value.

configure authority router node device-interface network-interface address host-service address-pool static-assignment vendor-specific-information encoded-type

The encoded type of the custom option.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment vendor-specific-information encoded-type [<enumeration>]
Positional Arguments
namedescription
enumerationThe value to set for this field

Description

Default: string

enumeration

A value from a set of predefined names.

Options:

  • string
  • uint8
  • uint16
  • uint32
  • boolean
  • ipv4-address
  • int32
  • binary: A continuous string of hexadecimal digits with a '0x' prefix. Valid examples are '0xabcdef' and '0x123456'.

configure authority router node device-interface network-interface address host-service address-pool static-assignment vendor-specific-information quantity

The allowed quantity of the custom option values.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment vendor-specific-information quantity [<enumeration>]
Positional Arguments
namedescription
enumerationThe value to set for this field

Description

Default: singular

enumeration

A value from a set of predefined names.

Options:

  • singular
  • array

configure authority router node device-interface network-interface address host-service address-pool static-assignment vendor-specific-information value

The value(s) of custom option to be provided to clients.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment vendor-specific-information value [<string>]
Positional Arguments
namedescription
stringValue to add to this list

Description

The order of elements matters.

string (required)

A text value.

configure authority router node device-interface network-interface address host-service address-pool static-route

Static route(s) provided to clients. Note that for default routes the router option should be used.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-route <destination-address>
Positional Arguments
namedescription
destination-addressDestination address of static route.
Subcommands
commanddescription
deleteDelete configuration data
destination-addressDestination address of static route.
gatewayGateway address of static route.
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
showShow configuration data for 'static-route'

configure authority router node device-interface network-interface address host-service address-pool static-route destination-address

Destination address of static route.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-route destination-address [<non-default-ip-address>]
Positional Arguments
namedescription
non-default-ip-addressThe value to set for this field

Description

non-default-ip-address (union)

A non-default IPv4 or IPv6 address

Must be one of the following types:

(0) non-default-ipv4-address (string)

A non-default IPv4 address

Must be a valid IPv4 address.

(1) non-default-ipv6-address (string)

A non-default IPv6 address

Must be a valid IPv4 address.

configure authority router node device-interface network-interface address host-service address-pool static-route gateway

Gateway address of static route.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-route gateway [<ip-address>]
Positional Arguments
namedescription
ip-addressThe value to set for this field

Description

ip-address (union) (required)

The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-address (string) (required)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string) (required)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

configure authority router node device-interface network-interface address host-service address-pool tenant

Tenant to which clients will be assigned.

Usage

configure authority router node device-interface network-interface address host-service address-pool tenant [<tenant-ref>]
Positional Arguments
namedescription
tenant-refThe value to set for this field

Description

tenant-ref (leafref)

This type is used by other entities that need to reference configured tenants.

configure authority router node device-interface network-interface address host-service address-pool vendor-identifying-vendor-specific-information

Vendor-Identifying Vendor-Specific Information Options (Option 125) to be provided to clients [RFC3925].

Usage

configure authority router node device-interface network-interface address host-service address-pool vendor-identifying-vendor-specific-information <enterprise-number> <code>
Positional Arguments
namedescription
enterprise-numberThe vendor's registered 32-bit Enterprise Number as registered with IANA.
codeThe code of the custom DHCP option.
Subcommands
commanddescription
codeThe code of the custom DHCP option.
deleteDelete configuration data
descriptionA description of the custom DHCP option.
encoded-typeThe encoded type of the custom option.
enterprise-numberThe vendor's registered 32-bit Enterprise Number as registered with IANA.
moveMove list items
override-generatedForce auto-generated configuration and any modifications to it to persist on commit
quantityThe allowed quantity of the custom option values.
showShow configuration data for 'vendor-identifying-vendor-specific-information'
valueThe value(s) of custom option to be provided to clients.

configure authority router node device-interface network-interface address host-service address-pool vendor-identifying-vendor-specific-information code

The code of the custom DHCP option.

Usage

configure authority router node device-interface network-interface address host-service address-pool vendor-identifying-vendor-specific-information code [<uint16>]
Positional Arguments
namedescription
uint16The value to set for this field

Description

uint16

An unsigned 16-bit integer.

Range: 0-65535

configure authority router node device-interface network-interface address host-service address-pool vendor-identifying-vendor-specific-information description

A description of the custom DHCP option.

Usage

configure authority router node device-interface network-interface address host-service address-pool vendor-identifying-vendor-specific-information description [<string>]
Positional Arguments
namedescription
stringThe value to set for this field

Description

string

A text value.

configure authority router node device-interface network-interface address host-service address-pool vendor-identifying-vendor-specific-information encoded-type

The encoded type of the custom option.

Usage

configure authority router node device-interface network-interface address host-service address-pool vendor-identifying-vendor-specific-information encoded-type [<enumeration>]
Positional Arguments
namedescription
enumerationThe value to set for this field

Description

Default: string

enumeration

A value from a set of predefined names.

Options:

  • string
  • uint8
  • uint16
  • uint32
  • boolean
  • ipv4-address
  • int32
  • binary: A continuous string of hexadecimal digits with a '0x' prefix. Valid examples are '0xabcdef' and '0x123456'.

configure authority router node device-interface network-interface address host-service address-pool vendor-identifying-vendor-specific-information enterprise-number

The vendor's registered 32-bit Enterprise Number as registered with IANA.

Usage

configure authority router node device-interface network-interface address host-service address-pool vendor-identifying-vendor-specific-information enterprise-number [<uint32>]
Positional Arguments
namedescription
uint32The value to set for this field

Description

uint32 (required)

An unsigned 32-bit integer.

configure authority router node device-interface network-interface address host-service address-pool vendor-identifying-vendor-specific-information quantity

The allowed quantity of the custom option values.

Usage

configure authority router node device-interface network-interface address host-service address-pool vendor-identifying-vendor-specific-information quantity [<enumeration>]
Positional Arguments
namedescription
enumerationThe value to set for this field

Description

Default: singular

enumeration

A value from a set of predefined names.

Options:

  • singular
  • array

configure authority router node device-interface network-interface address host-service address-pool vendor-identifying-vendor-specific-information value

The value(s) of custom option to be provided to clients.

Usage