N Commands

name-lookup

[no] name-lookup

Syntax Description

no

(Optional) Negate a command or set its defaults

name-lookup

Display OSPF router ids as DNS names

Command Mode

  • /exec/configure/router-ospf /exec/configure/router-ospf/vrf

name-lookup

[no] name-lookup

Syntax Description

no

(Optional) Negate a command or set its defaults

name-lookup

Enable Name Lookup for OSPF Neighbors

Command Mode

  • /exec/configure/router-ospf3 /exec/configure/router-ospf3/vrf

name

name <redundancy-name> | no name [ <redundancy-name> ]

Syntax Description

no

Negate a command or set its defaults

name

Redundancy name

redundancy-name

Name String

Command Mode

  • /exec/configure/if-eth-any/glbp

name

name [ <name> ] | no name

Syntax Description

no

Negate a command or set its defaults

name

Redundancy name string

name

(Optional) name string

Command Mode

  • /exec/configure/if-eth-any/hsrp_ipv4 /exec/configure/if-eth-any/hsrp_ipv6

name

name <name-val> | no name [ <name-val> ]

Syntax Description

no

Negate a command or set its defaults

name

Set configuration name

name-val

Configuration name

Command Mode

  • /exec/configure/spanning-tree/mst/configuration

nat destination

{ nat destination } | { no nat destination }

Syntax Description

no

Negate a command or set its defaults

nat

Network Address Translation

destination

Destination NAT

Command Mode

  • /exec/configure/plb

nbm flow-policy

[no] nbm flow-policy

Syntax Description

no

(Optional) Negate a command or set its defaults

nbm

Non Blocking Multicast

flow-policy

Flow Policy Characteristics

Command Mode

  • /exec/configure

nbm flow acceptance-mode guaranteed nbm flow acceptance-mode

{ nbm flow acceptance-mode { guaranteed | best-fit } } | [ no ] nbm flow acceptance-mode

Syntax Description

nbm

Non Blocking Multicast

flow

Flow Characteristics

acceptance-mode

Flow Acceptance Mode

guaranteed

New flows are guaranteed to be accepted

best-fit

New flows are best-fit among fabric links

Command Mode

  • /exec/configure

nbm flow asm range

[no] nbm flow asm range <group> +

Syntax Description

nbm

Non Blocking Multicast

flow

Flow Characteristics

asm

Any-Source Multicast (ASM) groups

range

Configure explicit group ranges

group

List of group range prefixes

Command Mode

  • /exec/configure

nbm flow bandwidth nbm flow bandwidth

{ nbm flow bandwidth <i0> } | [ no ] nbm flow bandwidth

Syntax Description

nbm

Non Blocking Multicast

flow

Flow Characteristics

bandwidth

Bandwidth per flow

i0

Per Flow Bandwidth in Mbps

Command Mode

  • /exec/configure

nbm mode controller

[no] nbm mode controller [ __readonly__ <output> ]

Syntax Description

no

(Optional) Negate a command or set its defaults

nbm

Non blocking multicast

mode

Set pmn mode

controller

Enable controller-mode for pmn

__readonly__

(Optional)

output

(Optional)

Command Mode

  • /exec/configure

nbm mode pim-active

[no] nbm mode pim-active [ __readonly__ <output> ]

Syntax Description

no

(Optional) Negate a command or set its defaults

nbm

Non blocking multicast

mode

Set pmn mode

pim-active

Bandwidth engine running in fabric

__readonly__

(Optional)

output

(Optional)

Command Mode

  • /exec/configure

nbm mode verbose

[no] nbm mode verbose

Syntax Description

no

(Optional) Negate a command or set its defaults

nbm

Non Blocking Multicast

mode

Set NBM flow mode

verbose

Enable verbose Logs

Command Mode

  • /exec/configure

nbm multicast route add

[no] nbm multicast route add

Syntax Description

nbm

Non Blocking Multicast

multicast

MULTICAST

route

Route

add

add

Command Mode

  • /exec/configure

nbm multicast route delete

[no] nbm multicast route delete

Syntax Description

nbm

Non Blocking Multicast

multicast

MULTICAST

route

Route

delete

delete

Command Mode

  • /exec/configure

nbm reserve unicast fabric bandwidth

nbm reserve unicast fabric bandwidth <percentage> | no nbm reserve unicast fabric bandwidth

Syntax Description

no

Negate a command or set its defaults

nbm

non blocking multicast

reserve

reserve bandwidth

unicast

unicast

fabric

fabric

bandwidth

percentage of bandwidth for unicast flow

percentage

percentage value

Command Mode

  • /exec/configure

nbm test-rest-api secure request-type

nbm test-rest-api { secure | plain } request-type { POST | GET | PUT | DELETE }

Syntax Description

nbm

Non Blocking Multicast

test-rest-api

Test REST API

secure

Over HTTPS

plain

Over plain HTTP

request-type

type of http request

POST

HTTP POST

GET

HTTP GET

PUT

HTTP PUT

DELETE

HTTP DELETE

Command Mode

  • /exec

nbm unit-test all

nbm unit-test all

Syntax Description

nbm

Non Blocking Multicast

unit-test

unit test

all

perform all unit tests

Command Mode

  • /exec/configure

nbm vpc transport-vlan

[no] nbm vpc transport-vlan <vlan_id>

Syntax Description

no

(Optional) Negate a command or set its defaults

nbm

non blocking multicast

vpc

nbm vpc related commands

transport-vlan

configure nbm vpc transport vlan

vlan_id

vlan value

Command Mode

  • /exec/configure

negotiate auto

negotiate auto | no negotiate auto

Syntax Description

no

Negate a command or set its defaults

negotiate

Configure link negotiation parameters

auto

Configure auto-negotiation

Command Mode

  • /exec/configure/if-ethernet-all /exec/configure/if-eth-non-member /exec/configure/if-port-channel

neighbor-down fib-accelerate

[no] neighbor-down fib-accelerate

Syntax Description

no

(Optional) Negate a command or set its defaults

neighbor-down

Handle BGP neighbor down event, due to various reasons

fib-accelerate

Accelerate the hardware updates for IP/IPv6 adjacencies for neighbor

Command Mode

  • /exec/configure/router-bgp/vrf-cmds

neighbor

[no] neighbor { <neighbor-prefix> | <ipv6-neighbor-prefix> } [ remote-as [ <asn> | route-map <rmap-name> ] ]

Syntax Description

no

(Optional) Negate a command or set its defaults

neighbor

Configure a BGP neighbor

neighbor-prefix

IP prefix for neighbors

remote-as

(Optional) Specify Autonomous System Number of the neighbor

asn

(Optional) Autonomous System Number

route-map

(Optional) Route-map to match prefix peer AS number

rmap-name

(Optional) Route-map name

Command Mode

  • /exec/configure/router-bgp/router-bgp-vrf

neighbor

[no] neighbor { <neighbor-id> | <ipv6-neighbor-id> } [ remote-as <asn> ]

Syntax Description

no

(Optional) Negate a command or set its defaults

neighbor

Configure a BGP neighbor

neighbor-id

IP address of the neighbor

remote-as

(Optional) Specify Autonomous System Number of the neighbor

asn

(Optional) Autonomous System Number

Command Mode

  • /exec/configure/router-bgp

neighbor

[no] neighbor { <neighbor-id> | <ipv6-neighbor-id> } [ remote-as <asn> ]

Syntax Description

no

(Optional) Negate a command or set its defaults

neighbor

Configure a BGP neighbor

neighbor-id

IP address of the neighbor

remote-as

(Optional) Specify Autonomous System Number of the neighbor

asn

(Optional) Autonomous System Number

Command Mode

  • /exec/configure/router-bgp/router-bgp-vrf

neighbor

[no] neighbor { <neighbor-prefix> | <ipv6-neighbor-prefix> } [ remote-as [ <asn> | route-map <rmap-name> ] ]

Syntax Description

no

(Optional) Negate a command or set its defaults

neighbor

Configure a BGP neighbor

neighbor-prefix

IP prefix for neighbors

remote-as

(Optional) Specify Autonomous System Number of the neighbor

asn

(Optional) Autonomous System Number

route-map

(Optional) Route-map to match prefix peer AS number

rmap-name

(Optional) Route-map name

Command Mode

  • /exec/configure/router-bgp

neighbor

neighbor [ vrf { <vrf-name> | <vrf-known-name> } ] <ipaddr> { implicit-withdraw | labels accept <pfx-list> | targeted } | no neighbor [ vrf { <vrf-name> | <vrf-known-name> } ] <ipaddr> [ implicit-withdraw | labels accept | targeted ]

Syntax Description

no

Negate a command or set its defaults

neighbor

Configure neighbor parameters

vrf

(Optional) VRF Routing/Forwarding instance information

vrf-name

(Optional) VPN Routing/Forwarding instance name

vrf-known-name

(Optional) Known VRF name

ipaddr

IP address for LDP neighbor

implicit-withdraw

Enable LDP Implicit Withdraw Label

labels

Configure label binding exchange controls

accept

Specify label bindings to accept

pfx-list

Name of prefix list

targeted

Establish targeted session

Command Mode

  • /exec/configure/ldp

neighbor maximum-prefix

{ { neighbor <address> { <interface> | maximum-prefix <value> [ warning-only ] } } | { no neighbor <address> [ <interface> | maximum-prefix <value> [ warning-only ] ] } } | { { neighbor maximum-prefix <value> [ <threshold> ] [ warning-only ] [ restart <time1> ] [ restart-count <count> ] [ reset-time <time2> ] [ dampened ] } | { no neighbor maximum-prefix [ <value> [ <threshold> ] [ warning-only ] [ restart <time1> ] [ restart-count <count> ] ] } }

Syntax Description

no

Negate a command or set its defaults

neighbor

Specify a neighbor router

interface

Interface

address

Neighbor address

maximum-prefix

Maximum number of IP prefixes acceptable from a neighbor

value

Number of IP prefixes for maximum-prefix limit

threshold

(Optional) Threshold value (%) at which to generate a warning message

warning-only

(Optional) Only give warning message when limit is exceeded

restart

(Optional) Duration for which a prefix source is ignored

time1

(Optional) Restart interval in minutes

restart-count

(Optional) Number of times sessions are auto-restarted

count

(Optional) Number of times

reset-time

(Optional) Duration after which restart history is cleared

time2

(Optional) Reset time in minutes

dampened

(Optional) Exponentially increase restart time interval

Command Mode

  • /exec/configure/router-eigrp/router-eigrp-vrf-common /exec/configure/router-eigrp/router-eigrp-af-common

net

[no] net <net>

Syntax Description

no

(Optional) Negate a command or set its defaults

net

Configure Network Entity Title for IS-IS

net

NET in form of XX.XXXX. ... .XXXX[.00]

Command Mode

  • /exec/configure/router-isis/router-isis-vrf-common

net

[no] net <net>

Syntax Description

no

(Optional) Negate a command or set its defaults

net

Configure Network Entity Title for IS-IS

net

NET in form of XX.XXXX. ... .XXXX[.00]

Command Mode

  • /exec/configure/otv-isis

network

[no] network <ipv6-prefix> [ route-map <rmap-name> | summarize ] +

Syntax Description

no

(Optional) Negate a command or set its defaults

network

Configure an IPv6 prefix to advertise

route-map

(Optional) Apply route-map to modify attributes

rmap-name

(Optional) Route-map name

summarize

(Optional) Summarize more specific prefixes from routing table

Command Mode

  • /exec/configure/router-bgp/router-bgp-af-ipv6 /exec/configure/router-bgp/router-bgp-vrf-af-ipv6

network

[no] network { <ip-addr> mask <ip-mask> | <ip-prefix> } [ route-map <rmap-name> | summarize | evpn ] +

Syntax Description

no

(Optional) Negate a command or set its defaults

network

Configure an IP prefix to advertise

ip-addr

IP network to advertise

mask

Configure the mask of the IP prefix to advertise

ip-mask

Dotted 4-octet mask

ip-prefix

IP prefix in CIDR format

route-map

(Optional) Apply route-map to modify attributes

rmap-name

(Optional) Route-map name

summarize

(Optional) Summarize more specific prefixes from routing table

evpn

(Optional) Only advertise route towards evpn side

Command Mode

  • /exec/configure/router-bgp/router-bgp-af-ipv4 /exec/configure/router-bgp/router-bgp-vrf-af-ipv4

network

[no] network { <ip-dest> <ip-mask> | <ip-prefix> }

Syntax Description

no

(Optional) Negate a command or set its defaults

network

RIP IP network

ip-dest

IP addr format

ip-mask

IP network mask format

ip-prefix

Exact prefix

Command Mode

  • /exec/configure/router-rip/router-rip-af-ipv4 /exec/configure/router-rip/router-rip-vrf-af-ipv4

network

[no] network { { <address> <mask> } | <prefix> }

Syntax Description

no

(Optional) Negate a command or set its defaults

network

Enable routing on an IP network

address

Network number

mask

EIGRP wild card bits

prefix

IP prefix in slash format

Command Mode

  • /exec/configure/router-eigrp/router-eigrp-vrf-common /exec/configure/router-eigrp/router-eigrp-af-ipv4

network area

[no] network { <ip-dest> <ip-mask> | <ip-prefix> } area { <area-id-ip> | <area-id-int> }

Syntax Description

no

(Optional) Negate a command or set its defaults

network

Enable routing on an IP network

ip-dest

IP prefix format: i.i.i.i

ip-mask

IP network mask format: m.m.m.m

ip-prefix

IP prefix format: x.x.x.x/ml

area

Configure area properties

area-id-ip

OSPF area ID in IP address format

area-id-int

OSPF area ID as a decimal format

Command Mode

  • /exec/configure/router-ospf /exec/configure/router-ospf/vrf

next-address exclude-address

{ next-address [ loose | strict ] <ipaddr> | exclude-address <ipaddr> }

Syntax Description

next-address

Specify the next address in the path

loose

(Optional) Target address is loose

strict

(Optional) Target address is strict

exclude-address

Exclude an address from subsequent partial path segments

ipaddr

Enter IP address (A.B.C.D)

Command Mode

  • /exec/configure/te/expl-path

next-hop-self

[ no | default ] next-hop-self

Syntax Description

no

(Optional) Negate a command or set its defaults

default

(Optional) Inherit values from a peer template

next-hop-self

Set our peering address as nexthop

Command Mode

  • /exec/configure/router-bgp/router-bgp-neighbor/router-bgp-neighbor-af /exec/configure/router-bgp/router-bgp-neighbor/router-bgp-neighbor-af-ipv4-label /exec/configure/router-bgp/router-bgp-neighbor/router-bgp-neighbor-af-vpnv4 /exec/configure/router-bgp/router-bgp-neighbor/router-bgp-neighbor-af-vpnv6

next-hop-self

[ no | default ] next-hop-self

Syntax Description

no

(Optional) Negate a command or set its defaults

default

(Optional) Inherit values from a peer template

next-hop-self

Set our peering address as nexthop

Command Mode

  • /exec/configure/router-bgp/router-bgp-neighbor/router-bgp-neighbor-af-ipv4-mdt

next-hop-third-party

[ no | default ] next-hop-third-party

Syntax Description

no

(Optional) Negate a command or set its defaults

default

(Optional) Inherit values from a peer template

next-hop-third-party

Compute a third-party nexthop if possible

Command Mode

  • /exec/configure/router-bgp/router-bgp-neighbor/router-bgp-neighbor-af /exec/configure/router-bgp/router-bgp-neighbor/router-bgp-neighbor-af-ipv4-label /exec/configure/router-bgp/router-bgp-neighbor/router-bgp-neighbor-af-ipv6-label

next-hop-third-party

[ no | default ] next-hop-third-party

Syntax Description

no

(Optional) Negate a command or set its defaults

default

(Optional) Inherit values from a peer template

next-hop-third-party

Compute a third-party nexthop if possible

Command Mode

  • /exec/configure/router-bgp/router-bgp-neighbor/router-bgp-neighbor-af-ipv4-mdt

next-hop out-label explicit-null implicit-null next-hop auto-resolve out-label explicit-null implicit-null

[no] { next-hop [ backup <interface> ] <next-hop> out-label { <static-outlabel> | explicit-null | implicit-null } | next-hop auto-resolve out-label { <static-outlabel> | explicit-null | implicit-null } }

Syntax Description

no

(Optional) Negate a command or set its defaults

next-hop

Nexthop

next-hop

Destination IPv4 next hop

static-outlabel

Label Value

interface

(Optional) Back up interface

out-label

Output label

explicit-null

IETF MPLS IPv4 explicit null label (0)

implicit-null

IETF MPLS implicit null label (3)

auto-resolve

auto resolve the destination path

backup

(Optional) Backup destination

Command Mode

  • /exec/configure/mpls_static/ipv4/input

next-hop out-label explicit-null implicit-null next-hop auto-resolve out-label explicit-null implicit-null

[no] { next-hop [ backup <interface> ] <ipv6-next-hop> out-label { <static-outlabel> | explicit-null | implicit-null } | next-hop auto-resolve out-label { <static-outlabel> | explicit-null | implicit-null } }

Syntax Description

no

(Optional) Negate a command or set its defaults

next-hop

Nexthop

static-outlabel

Label Value

interface

(Optional) Back up interface

out-label

Output label

explicit-null

IETF MPLS IPv6 explicit null label (2)

implicit-null

IETF MPLS implicit null label (3)

auto-resolve

auto resolve the destination path

backup

(Optional) Backup destination

Command Mode

  • /exec/configure/mpls_static/ipv6/input

nexthop route-map

[no] nexthop route-map <rmap-name>

Syntax Description

no

(Optional) Negate a command or set its defaults

nexthop

Nexthop tracking

route-map

Route map for valid nexthops

rmap-name

Route-map name

Command Mode

  • /exec/configure/router-bgp/router-bgp-af /exec/configure/router-bgp/router-bgp-af-l2vpn-evpn /exec/configure/router-bgp/router-bgp-af-link-state /exec/configure/router-bgp/router-bgp-af-ipv4-mvpn /exec/configure/router-bgp/router-bgp-af-ipv6-mvpn /exec/configure/router-bgp/router-bgp-af-ipv4-mdt /exec/configure/router-bgp/router-bgp-af-l2vpn-vpls

nexthop trigger-delay critical non-critical

{ nexthop trigger-delay critical <criticaldelay> non-critical <noncriticaldelay> } | { no nexthop trigger-delay }

Syntax Description

no

Negate a command or set its defaults

nexthop

Nexthop tracking

trigger-delay

Set the delay to trigger nexthop tracking

critical

Nexthop changes affecting reachability

non-critical

Other nexthop changes

noncriticaldelay

Delay value (miliseconds)

criticaldelay

Delay value (miliseconds)

Command Mode

  • /exec/configure/router-bgp/router-bgp-af /exec/configure/router-bgp/router-bgp-af-ipv4-mdt /exec/configure/router-bgp/router-bgp-af-vpnv4 /exec/configure/router-bgp/router-bgp-af-vpnv6 /exec/configure/router-bgp/router-bgp-af-link-state /exec/configure/router-bgp/router-bgp-af-l2vpn-vpls /exec/configure/router-bgp/router-bgp-af-ipv4-mvpn /exec/configure/router-bgp/router-bgp-af-ipv6-mvpn /exec/configure/router-bgp/router-bgp-af-l2vpn-evpn

ngoam authentication-key

{ ngoam authentication-key <value> } | { no ngoam authentication-key [ <value> ] }

Syntax Description

no

Negate a command or set its defaults

ngoam

Configure ngoam

authentication-key

Ngoam authentication-key

value

authentication key

Command Mode

  • /exec/configure

ngoam connect-check

[no] ngoam connect-check <id>

Syntax Description

no

(Optional) Negate a command or set its defaults

ngoam

Configure ngoam

connect-check

Configure ngoam oam connectivity check

id

connect check id

Command Mode

  • /exec/configure

ngoam install acl

[no] ngoam install acl

Syntax Description

no

(Optional) Negate a command or set its defaults

ngoam

Configure ngoam

install

Ngoam install

acl

Ngoam install acl

Command Mode

  • /exec/configure

ngoam install acl draft-pang action fwd

[no] ngoam install acl draft-pang action { fwd | drop }

Syntax Description

no

(Optional) Negate a command or set its defaults

ngoam

ngoam

install

Ngoam install

acl

Ngoam install acl

draft-pang

Ngoam install acl based on draft pang

action

Choose the action to perform

fwd

Copy and Forward the packet

drop

Copy and Drop the packet

Command Mode

  • /exec/configure

ngoam probe start

ngoam probe start <hex-string>

Syntax Description

ngoam

ngoam exec command

probe

ngoam probe

start

start ngoam probe

hex-string

Specify string in hex string format: 0A1B .. starting with outer header of real draft pang probe packet

Command Mode

  • /exec

ngoam profile

[no] ngoam profile <profile-id>

Syntax Description

no

(Optional) Negate a command or set its defaults

ngoam

Configure ngoam

profile

Configure ngoam oam profile

profile-id

ngoam profile id

Command Mode

  • /exec/configure

no-more

| no-more

Syntax Description

|

Pipe command output to filter

no-more

Turn-off pagination for command output

Command Mode

  • /output

no

{ [ <seqno> ] | no } <permitdeny> { <src_any> | { <src_addr> <src_wild> } } { <dst_any> | { <dst_addr> <dst_wild> } } [ <mac_proto> | <mac_proto_str> ] [ vlan <vlan> | cos <cos> ] + [ time-range <time_range_name> ] [ capture session <session-id> ] { [ <macaction> <macactionid> ] } +

Syntax Description

seqno

(Optional) Sequence number

no

Negate a command or set its defaults

permitdeny

Permit/deny

src_any

Any

src_addr

Source MAC address

src_wild

Source wildcard bits

dst_any

Any

dst_addr

Destination MAC address

dst_wild

Destination wildcard bits

mac_proto

(Optional) MAC protocol number

mac_proto_str

(Optional) MAC protocol name

vlan

(Optional) VLAN number

cos

(Optional) CoS value

vlan

(Optional) VLAN number

cos

(Optional) CoS value

time-range

(Optional) Specify a time range

time_range_name

(Optional) Time range name

capture

(Optional) Enable packet capture on this filter for session

session

(Optional) Session ID <1-48> for this session

session-id

(Optional) Session ID <1-48> for this session

macaction

(Optional) MAC ACL Action

macactionid

(Optional) redirect: Ethernet1/1,port-channel1

Command Mode

  • /exec/configure/macacl

no

[no] <seqno>

Syntax Description

no

Negate a command or set its defaults

seqno

Sequence number

Command Mode

  • /exec/configure/arpacl /exec/configure/ipgroup /exec/configure/ipv6group /exec/configure/portgroup /exec/configure/timerange

no

[no] <seqno>

Syntax Description

no

Negate a command or set its defaults

seqno

Sequence number

Command Mode

  • /exec/configure/macacl

no

[no] <seqno>

Syntax Description

no

Negate a command or set its defaults

seqno

Sequence number

Command Mode

  • /exec/configure/ipacl /exec/configure/ipv6acl

no

{ [ <seqno> ] | no } <permitdeny> { { { { ethertype <ethertypeid> } | { { ip | <proto> | <ip_other_proto> } { <src_any> | { <src_addr> <src_wild> } | <src_prefix> | { src_key_host <src_host> } | { src_key_addrgrp <src_addrgrp_name> } } { <dst_any> | { <dst_addr> <dst_wild> } | <dst_prefix> | { dst_key_host <dst_host> } | { dst_key_addrgrp <dst_addrgrp_name> } } { { [ [ fragments ] | [ log ] [ time-range <time_range_name> ] | packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } | { dscp { <dscp_num> | <dscp_str> } } | { ttl <ttl_num> } | { udf { <udf_name> <udf_val> <udf_mask> } + } ] } + | { [ [ fragments ] | [ log ] [ time-range <time_range_name> ] | packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } | { tos { <tos_num> | <tos_str> } } | { precedence { <prec_num> | <prec_str> } } | { ttl <ttl_num> } | { udf { <udf_name> <udf_val> <udf_mask> } + } ] } + } [ capture session <session-id> ] } } [ vlan <vlanid> | ingress_intf { <intfid> | <intfname> } | vlan_priority <vlanpriorityid> ] + [ { udf { <udf_name> <udf_val> <udf_mask> } + } ] } | { udf { <udf_name> <udf_val> <udf_mask> } + } } { [ <action> <actionid> ] } + [ log ]

Syntax Description

seqno

(Optional) Sequence number

no

Negate a command or set its defaults

permitdeny

Permit/deny

ethertype

Configure match based on ethertype

vlan

(Optional) Configure match based on vlan

ingress_intf

(Optional) Configure match based on ingress interface

vlan_priority

(Optional) Configure match based on priority

ethertypeid

Configure the ethertype value

vlanid

(Optional) VLAN number

intfid

(Optional) Interface index

intfname

(Optional) Interface name

vlanpriorityid

(Optional) Vlan Priority

ip

Any IP protocol

proto

A protocol number

ip_other_proto

ip_other_proto

src_any

Any

src_addr

Source network address

src_wild

Source wildcard bits

src_prefix

Source network prefix

src_key_host

A single source host

src_host

Source address

src_key_addrgrp

Source address group

src_addrgrp_name

Address group name

dst_any

Any

dst_addr

Destination network address

dst_wild

Destination wildcard bits

dst_prefix

Destination network prefix

dst_key_host

A single destination host

dst_host

Destination address

dst_key_addrgrp

Destination address group

dst_addrgrp_name

Address group name

dscp

(Optional) Match packets with given dscp value

dscp_num

(Optional) Differentiated services codepoint value

dscp_str

(Optional) Differentiated services codepoint label

tos

(Optional) Match packets with given TOS value

tos_num

(Optional) Type of service value

tos_str

(Optional) Type of service label

precedence

(Optional) Match packets with given precedence value

prec_num

(Optional) Precedence value

prec_str

(Optional) Precedence label

fragments

(Optional) Check non-initial fragments

log

(Optional) Log matches against this entry

time-range

(Optional) Specify a time range

time_range_name

(Optional) Time range name

packet-length

(Optional) Match packets based on layer 3 packet length

plen_op

(Optional) Packet-length operator

plen_range

(Optional) Packet-length range

plen0

(Optional) Packet length

plen1

(Optional) Lower packet length

plen2

(Optional) Higher packet length

ttl

(Optional) Match Packets with a given TTL value

ttl_num

(Optional)

capture

(Optional) Enable packet capture on this filter for session

session

(Optional) Session ID <1-48> for this session

session-id

(Optional) Session ID <1-48> for this session

udf

(Optional) User defined field match

udf_name

(Optional) UDF name

udf_val

(Optional) UDF value to match

udf_mask

(Optional) Mask to apply to UDF value

action

(Optional) Action

actionid

(Optional) redirect: Ethernet1/1,port-channel1 set-erspan-dscp: <1-63> set-erspan-gre-proto: <1-65535>

Command Mode

  • /exec/configure/ipacl

no

{ [ <seqno> ] | no } <permitdeny> { { ethertype <ethertypeid> } | { <proto_tcp> { { { { <src_any> | { <src_addr> <src_wild> } | <src_prefix> | { src_key_host <src_host> } | { src_key_addrgrp <src_addrgrp_name> } } [ { { <src_port_op> { <src_port0> | <src_port0_str> } } | { <src_port_range> { <src_port1> | <src_port1_str> } { <src_port2> | <src_port2_str> } } | src_portgroup <src_port_group> } ] { <dst_any> | { <dst_addr> <dst_wild> } | <dst_prefix> | { dst_key_host <dst_host> } | { dst_key_addrgrp <dst_addrgrp_name> } } [ { { <dst_port_op> { <dst_port0> | <dst_port0_str> } } | { <dst_port_range> { <dst_port1> | <dst_port1_str> } { <dst_port2> | <dst_port2_str> } } | dst_portgroup <dst_port_group> } ] { { [ urg | ack | psh | rst | syn | fin | established | [ log ] [ time-range <time_range_name> ] | packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } | { dscp { <dscp_num> | <dscp_str> } } | { http-method { <opt_num> | <opt_str> } } | { tcp-option-length <tcp_opt_len> } | { tcp-flags-mask <tcp_flags_mask> } | { ttl <ttl_num> } ] } + | { [ urg | ack | psh | rst | syn | fin | established | [ log ] [ time-range <time_range_name> ] | packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } | { tos { <tos_num> | <tos_str> } } | { precedence { <prec_num> | <prec_str> } } | { ttl <ttl_num> } ] } + } [ { udf { <udf_name> <udf_val> <udf_mask> } + } ] } | { { <src_any> | { <src_addr> <src_wild> } | <src_prefix> | { src_key_host <src_host> } | { src_key_addrgrp <src_addrgrp_name> } } { <dst_any> | { <dst_addr> <dst_wild> } | <dst_prefix> | { dst_key_host <dst_host> } | { dst_key_addrgrp <dst_addrgrp_name> } } { { [ [ fragments ] | [ log ] [ time-range <time_range_name> ] | packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } | { dscp { <dscp_num> | <dscp_str> } } | { ttl <ttl_num> } | { udf { <udf_name> <udf_val> <udf_mask> } + } ] } + | { [ [ fragments ] | [ log ] [ time-range <time_range_name> ] | packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } | { tos { <tos_num> | <tos_str> } } | { precedence { <prec_num> | <prec_str> } } | { ttl <ttl_num> } | { udf { <udf_name> <udf_val> <udf_mask> } + } ] } + } } } } } } [ vlan <vlanid> | ingress_intf { <intfid> | <intfname> } | vlan_priority <vlanpriorityid> ] + { { [ urg | ack | psh | rst | syn | fin | established | [ log ] [ time-range <time_range_name> ] | packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } | { dscp { <dscp_num> | <dscp_str> } } | { http-method { <opt_num> | <opt_str> } } | { tcp-option-length <tcp_opt_len> } | { tcp-flags-mask <tcp_flags_mask> } | { ttl <ttl_num> } ] } + | { [ urg | ack | psh | rst | syn | fin | established | [ log ] [ time-range <time_range_name> ] | packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } | { tos { <tos_num> | <tos_str> } } | { precedence { <prec_num> | <prec_str> } } | { ttl <ttl_num> } ] } + } [ { udf { <udf_name> <udf_val> <udf_mask> } + } ] [ capture session <session-id> ] { [ <action> <actionid> ] } + [ log ]

Syntax Description

seqno

(Optional) Sequence number

no

Negate a command or set its defaults

permitdeny

Permit/deny

ethertype

Configure match based on ethertype

vlan

(Optional) Configure match based on vlan

ingress_intf

(Optional) Configure match based on ingress interface

vlan_priority

(Optional) Configure match based on priority

ethertypeid

Configure the ethertype value

vlanid

(Optional) VLAN number

intfid

(Optional) Interface index

intfname

(Optional) Interface name

vlanpriorityid

(Optional) Vlan Priority

proto_tcp

Protocol

src_any

Any

src_addr

Source network address

src_wild

Source wildcard bits

src_prefix

Source network prefix

src_key_host

A single source host

src_host

Source address

src_key_addrgrp

Source address group

src_addrgrp_name

Address group name

src_port_op

(Optional) Port operator

src_port_range

(Optional) Port range

src_port0

(Optional) Port number

src_port0_str

(Optional) TCP port

src_port1

(Optional) Port number

src_port1_str

(Optional) TCP port

src_port2

(Optional) Port number

src_port2_str

(Optional) TCP port

src_portgroup

(Optional) src port group

src_port_group

(Optional) Port group name

dst_any

Any

dst_addr

Destination network address

dst_wild

Destination wildcard bits

dst_prefix

Destination network prefix

dst_key_host

A single destination host

dst_host

Destination address

dst_key_addrgrp

Destination address group

dst_addrgrp_name

Address group name

dst_port_op

(Optional) Port operator

dst_port_range

(Optional) Port range

dst_port0

(Optional) Port number

dst_port0_str

(Optional) TCP port

dst_port1

(Optional) Port number

dst_port1_str

(Optional) TCP port

dst_port2

(Optional) Port number

dst_port2_str

(Optional) TCP port

dst_portgroup

(Optional) dst port group

dst_port_group

(Optional) Port group name

dscp

(Optional) Match packets with given dscp value

dscp_num

(Optional) Differentiated services codepoint value

dscp_str

(Optional) Differentiated services codepoint label

tos

(Optional) Match packets with given TOS value

tos_num

(Optional) Type of service value

tos_str

(Optional) Type of service label

precedence

(Optional) Match packets with given precedence value

prec_num

(Optional) Precedence value

prec_str

(Optional) Precedence label

fragments

(Optional) Check non-initial fragments

log

(Optional) Log matches against this entry

time-range

(Optional) Specify a time range

time_range_name

(Optional) Time range name

packet-length

(Optional) Match packets based on layer 3 packet length

plen_op

(Optional) Packet-length operator

plen_range

(Optional) Packet-length range

plen0

(Optional) Packet length

plen1

(Optional) Lower packet length

plen2

(Optional) Higher packet length

ttl

(Optional) Match Packets with a given TTL value

ttl_num

(Optional)

tcp-option-length

(Optional) Specify TCP Options size

tcp_opt_len

(Optional) TCP option length (multiples of 4 bytes)

tcp-flags-mask

(Optional) Specify TCP Flags

tcp_flags_mask

(Optional) TCP flags mask

http-method

(Optional) Match packets based on http-method

opt_num

(Optional) http_option value

opt_str

(Optional) http_option_param

packet-length

(Optional) Match packets based on layer 3 packet length

plen_op

(Optional) Packet-length operator

plen_range

(Optional) Packet-length range

plen0

(Optional) Packet length

plen1

(Optional) Lower packet length

plen2

(Optional) Higher packet length

urg

(Optional) Match on the URG bit

ack

(Optional) Match on the ACK bit

psh

(Optional) Match on the PSH bit

rst

(Optional) Match on the RST bit

syn

(Optional) Match on the SYN bit

fin

(Optional) Match on the FIN bit

established

(Optional) Match established connections

udf

(Optional) User defined field match

udf_name

(Optional) UDF name

udf_val

(Optional) UDF value to match

udf_mask

(Optional) Mask to apply to UDF value

capture

(Optional) Enable packet capture on this filter for session

session

(Optional) Session ID <1-48> for this session

session-id

(Optional) Session ID <1-48> for this session

action

(Optional) Action

actionid

(Optional) redirect: Ethernet1/1,port-channel1 set-erspan-dscp: <1-63> set-erspan-gre-proto: <1-65535>

Command Mode

  • /exec/configure/ipacl

no

{ [ <seqno> ] | no } <permitdeny> { { ethertype <ethertypeid> } | { <proto_udp> { { { { <src_any> | { <src_addr> <src_wild> } | <src_prefix> | { src_key_host <src_host> } | { src_key_addrgrp <src_addrgrp_name> } } [ { { <src_port_op> { <src_port0> | <src_port0_str> } } | { <src_port_range> { <src_port1> | <src_port1_str> } { <src_port2> | <src_port2_str> } } | src_portgroup <src_port_group> } ] { <dst_any> | { <dst_addr> <dst_wild> } | <dst_prefix> | { dst_key_host <dst_host> } | { dst_key_addrgrp <dst_addrgrp_name> } } [ { { <dst_port_op> { <dst_port0> | <dst_port0_str> } } | { <dst_port_range> { <dst_port1> | <dst_port1_str> } { <dst_port2> | <dst_port2_str> } } | dst_portgroup <dst_port_group> } ] { { [ [ log ] [ time-range <time_range_name> ] | packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } | { dscp { <dscp_num> | <dscp_str> } } | { ttl <ttl_num> } ] } + | { [ [ log ] [ time-range <time_range_name> ] | packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } | { tos { <tos_num> | <tos_str> } } | { precedence { <prec_num> | <prec_str> } } | { ttl <ttl_num> } ] } + } [ { udf { <udf_name> <udf_val> <udf_mask> } + } ] [ nve vni <vni-id> ] } | { { <src_any> | { <src_addr> <src_wild> } | <src_prefix> | { src_key_host <src_host> } | { src_key_addrgrp <src_addrgrp_name> } } { <dst_any> | { <dst_addr> <dst_wild> } | <dst_prefix> | { dst_key_host <dst_host> } | { dst_key_addrgrp <dst_addrgrp_name> } } { { [ [ fragments ] | [ log ] [ time-range <time_range_name> ] | packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } | { dscp { <dscp_num> | <dscp_str> } } | { ttl <ttl_num> } | { udf { <udf_name> <udf_val> <udf_mask> } + } ] } + | { [ [ fragments ] | [ log ] [ time-range <time_range_name> ] | packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } | { tos { <tos_num> | <tos_str> } } | { precedence { <prec_num> | <prec_str> } } | { ttl <ttl_num> } | { udf { <udf_name> <udf_val> <udf_mask> } + } ] } + } } } [ nve vni <vni-id> ] } } } [ vlan <vlanid> | ingress_intf { <intfid> | <intfname> } | vlan_priority <vlanpriorityid> ] + { { [ [ log ] [ time-range <time_range_name> ] | packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } | { dscp { <dscp_num> | <dscp_str> } } | { ttl <ttl_num> } ] } + | { [ [ log ] [ time-range <time_range_name> ] | packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } | { tos { <tos_num> | <tos_str> } } | { precedence { <prec_num> | <prec_str> } } | { ttl <ttl_num> } ] } + } [ { udf { <udf_name> <udf_val> <udf_mask> } + } ] # 2061 ../feature/acl_mgr/cli/aclmgr.cmd [ capture session <session-id> ] { [ <action> <actionid> ] } + [ log ]

Syntax Description

seqno

(Optional) Sequence number

no

Negate a command or set its defaults

permitdeny

Permit/deny

ethertype

Configure match based on ethertype

vlan

(Optional) Configure match based on vlan

ingress_intf

(Optional) Configure match based on ingress interface

vlan_priority

(Optional) Configure match based on priority

ethertypeid

Configure the ethertype value

vlanid

(Optional) VLAN number

intfid

(Optional) Interface index

intfname

(Optional) Interface name

vlanpriorityid

(Optional) Vlan Priority

proto_udp

Protocol

src_any

Any

src_addr

Source network address

src_wild

Source wildcard bits

src_prefix

Source network prefix

src_key_host

A single source host

src_host

Source address

src_key_addrgrp

Source address group

src_addrgrp_name

Address group name

src_port_op

(Optional) Port operator

src_port_range

(Optional) Port range

src_port0

(Optional) Port number

src_port0_str

(Optional) UDP port

src_port1

(Optional) Port number

src_port1_str

(Optional) UDP port

src_port2

(Optional) Port number

src_port2_str

(Optional) UDP port

src_portgroup

(Optional) src port group

src_port_group

(Optional) Port group name

dst_any

Any

dst_addr

Destination network address

dst_wild

Destination wildcard bits

dst_prefix

Destination network prefix

dst_key_host

A single destination host

dst_host

Destination address

dst_key_addrgrp

Destination address group

dst_addrgrp_name

Address group name

dst_port_op

(Optional) Port operator

dst_port_range

(Optional) Port range

dst_port0

(Optional) Port number

dst_port0_str

(Optional) UDP port

dst_port1

(Optional) Port number

dst_port1_str

(Optional) UDP port

dst_port2

(Optional) Port number

dst_port2_str

(Optional) UDP port

dst_portgroup

(Optional) dst port group

dst_port_group

(Optional) Port group name

dscp

(Optional) Match packets with given dscp value

dscp_num

(Optional) Differentiated services codepoint value

dscp_str

(Optional) Differentiated services codepoint label

tos

(Optional) Match packets with given TOS value

tos_num

(Optional) Type of service value

tos_str

(Optional) Type of service label

precedence

(Optional) Match packets with given precedence value

prec_num

(Optional) Precedence value

prec_str

(Optional) Precedence label

fragments

(Optional) Check non-initial fragments

log

(Optional) Log matches against this entry

time-range

(Optional) Specify a time range

time_range_name

(Optional) Time range name

packet-length

(Optional) Match packets based on layer 3 packet length

plen_op

(Optional) Packet-length operator

plen_range

(Optional) Packet-length range

plen0

(Optional) Packet length

plen1

(Optional) Lower packet length

plen2

(Optional) Higher packet length

ttl

(Optional) Match Packets with a given TTL value

ttl_num

(Optional)

nve

(Optional) VNI ID <0-16777215>

vni

(Optional) VNI ID <0-16777215>

vni-id

(Optional) VNI ID <0-16777215>

udf

(Optional) User defined field match

udf_name

(Optional) UDF name

udf_val

(Optional) UDF value to match

udf_mask

(Optional) Mask to apply to UDF value

capture

(Optional) Enable packet capture on this filter for session

session

(Optional) Session ID <1-48> for this session

session-id

(Optional) Session ID <1-48> for this session

action

(Optional) Action

actionid

(Optional) redirect: Ethernet1/1,port-channel1 set-erspan-dscp: <1-63> set-erspan-gre-proto: <1-65535>

Command Mode

  • /exec/configure/ipacl

no

{ [ <seqno> ] | no } <permitdeny> <proto_igmp> { { { <src_any> | { <src_addr> <src_wild> } | <src_prefix> | { src_key_host <src_host> } | { src_key_addrgrp <src_addrgrp_name> } } { <dst_any> | { <dst_addr> <dst_wild> } | <dst_prefix> | { dst_key_host <dst_host> } | { dst_key_addrgrp <dst_addrgrp_name> } } { [ [ log ] [ time-range <time_range_name> ] | <igmp_num> | packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } | { dscp { <dscp_num> | <dscp_str> } } ] + | [ [ log ] [ time-range <time_range_name> ] | <igmp_str> | packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } | { dscp { <dscp_num> | <dscp_str> } } ] + | [ [ log ] [ time-range <time_range_name> ] | <igmp_num> | packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } | { tos { <tos_num> | <tos_str> } } | { precedence { <prec_num> | <prec_str> } } ] + | [ [ log ] [ time-range <time_range_name> ] | <igmp_str> | packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } | { tos { <tos_num> | <tos_str> } } | { precedence { <prec_num> | <prec_str> } } ] + } } | { { <src_any> | { <src_addr> <src_wild> } | <src_prefix> | { src_key_host <src_host> } | { src_key_addrgrp <src_addrgrp_name> } } { <dst_any> | { <dst_addr> <dst_wild> } | <dst_prefix> | { dst_key_host <dst_host> } | { dst_key_addrgrp <dst_addrgrp_name> } } { { [ [ fragments ] | [ log ] [ time-range <time_range_name> ] | packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } | { dscp { <dscp_num> | <dscp_str> } } | { ttl <ttl_num> } ] } + | { [ [ fragments ] | [ log ] [ time-range <time_range_name> ] | packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } | { tos { <tos_num> | <tos_str> } } | { precedence { <prec_num> | <prec_str> } } | { ttl <ttl_num> } ] } + } } [ capture session <session-id> ] { [ <action> <actionid> ] } + [ log ] }

Syntax Description

seqno

(Optional) Sequence number

no

Negate a command or set its defaults

permitdeny

Permit/deny

proto_igmp

Protocol

src_any

Any

src_addr

Source network address

src_wild

Source wildcard bits

src_prefix

Source network prefix

src_key_host

A single source host

src_host

Source address

src_key_addrgrp

Source address group

src_addrgrp_name

Address group name

dst_any

Any

dst_addr

Destination network address

dst_wild

Destination wildcard bits

dst_prefix

Destination network prefix

dst_key_host

A single destination host

dst_host

Destination address

dst_key_addrgrp

Destination address group

dst_addrgrp_name

Address group name

dscp

(Optional) Match packets with given dscp value

dscp_num

(Optional) Differentiated services codepoint value

dscp_str

(Optional) Differentiated services codepoint label

tos

(Optional) Match packets with given TOS value

tos_num

(Optional) Type of service value

tos_str

(Optional) Type of service label

precedence

(Optional) Match packets with given precedence value

prec_num

(Optional) Precedence value

prec_str

(Optional) Precedence label

fragments

(Optional) Check non-initial fragments

log

(Optional) Log matches against this entry

time-range

(Optional) Specify a time range

time_range_name

(Optional) Time range name

packet-length

(Optional) Match packets based on layer 3 packet length

plen_op

(Optional) Packet-length operator

plen_range

(Optional) Packet-length range

plen0

(Optional) Packet length

plen1

(Optional) Lower packet length

plen2

(Optional) Higher packet length

ttl

(Optional) Match Packets with a given TTL value

ttl_num

(Optional)

igmp_num

(Optional) IGMP message type

igmp_str

(Optional) IGMP type

capture

(Optional) Enable packet capture on this filter for session

session

(Optional) Session ID <1-48> for this session

session-id

(Optional) Session ID <1-48> for this session

action

(Optional) Action

actionid

(Optional) redirect: Ethernet1/1,port-channel1 set-erspan-dscp: <1-63> set-erspan-gre-proto: <1-65535>

Command Mode

  • /exec/configure/ipacl

no

{ [ <seqno> ] | no } <permitdeny> { { { ethertype <ethertypeid> } | { <proto_icmp> { { { <src_any> | { <src_addr> <src_wild> } | <src_prefix> | { src_key_host <src_host> } | { src_key_addrgrp <src_addrgrp_name> } } { <dst_any> | { <dst_addr> <dst_wild> } | <dst_prefix> | { dst_key_host <dst_host> } | { dst_key_addrgrp <dst_addrgrp_name> } } { [ [ log ] [ time-range <time_range_name> ] | { <icmp_type> [ <icmp_code> ] } | packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } | { dscp { <dscp_num> | <dscp_str> } } ] + | [ [ log ] [ time-range <time_range_name> ] | <icmp_str> | packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } | { dscp { <dscp_num> | <dscp_str> } } ] + | [ [ log ] [ time-range <time_range_name> ] | { <icmp_type> [ <icmp_code> ] } | packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } | { tos { <tos_num> | <tos_str> } } | { precedence { <prec_num> | <prec_str> } } ] + | [ [ log ] [ time-range <time_range_name> ] | <icmp_str> | packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } | { tos { <tos_num> | <tos_str> } } | { precedence { <prec_num> | <prec_str> } } ] + } } | { { <src_any> | { <src_addr> <src_wild> } | <src_prefix> | { src_key_host <src_host> } | { src_key_addrgrp <src_addrgrp_name> } } { <dst_any> | { <dst_addr> <dst_wild> } | <dst_prefix> | { dst_key_host <dst_host> } | { dst_key_addrgrp <dst_addrgrp_name> } } { { [ [ fragments ] | [ log ] [ time-range <time_range_name> ] | packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } | { dscp { <dscp_num> | <dscp_str> } } | { ttl <ttl_num> } ] } + | { [ [ fragments ] | [ log ] [ time-range <time_range_name> ] | packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } | { tos { <tos_num> | <tos_str> } } | { precedence { <prec_num> | <prec_str> } } | { ttl <ttl_num> } ] } + } } } } } [ vlan <vlanid> | ingress_intf { <intfid> | <intfname> } | vlan_priority <vlanpriorityid> ] + [ capture session <session-id> ] { [ <action> <actionid> ] } + [ log ] }

Syntax Description

seqno

(Optional) Sequence number

no

Negate a command or set its defaults

permitdeny

Permit/deny

ethertype

Configure match based on ethertype

vlan

(Optional) Configure match based on vlan

ingress_intf

(Optional) Configure match based on ingress interface

vlan_priority

(Optional) Configure match based on priority

ethertypeid

Configure the ethertype value

vlanid

(Optional) VLAN number

intfid

(Optional) Interface index

intfname

(Optional) Interface name

vlanpriorityid

(Optional) Vlan Priority

proto_icmp

Protocol

src_any

Any

src_addr

Source network address

src_wild

Source wildcard bits

src_prefix

Source network prefix

src_key_host

A single source host

src_host

Source address

src_key_addrgrp

Source address group

src_addrgrp_name

Address group name

dst_any

Any

dst_addr

Destination network address

dst_wild

Destination wildcard bits

dst_prefix

Destination network prefix

dst_key_host

A single destination host

dst_host

Destination address

dst_key_addrgrp

Destination address group

dst_addrgrp_name

Address group name

dscp

(Optional) Match packets with given dscp value

dscp_num

(Optional) Differentiated services codepoint value

dscp_str

(Optional) Differentiated services codepoint label

tos

(Optional) Match packets with given TOS value

tos_num

(Optional) Type of service value

tos_str

(Optional) Type of service label

precedence

(Optional) Match packets with given precedence value

prec_num

(Optional) Precedence value

prec_str

(Optional) Precedence label

fragments

(Optional) Check non-initial fragments

log

(Optional) Log matches against this entry

time-range

(Optional) Specify a time range

time_range_name

(Optional) Time range name

packet-length

(Optional) Match packets based on layer 3 packet length

plen_op

(Optional) Packet-length operator

plen_range

(Optional) Packet-length range

plen0

(Optional) Packet length

plen1

(Optional) Lower packet length

plen2

(Optional) Higher packet length

ttl

(Optional) Match Packets with a given TTL value

ttl_num

(Optional)

icmp_type

(Optional) ICMP message type

icmp_code

(Optional) ICMP message code

icmp_str

(Optional) ICMP label

capture

(Optional) Enable packet capture on this filter for session

session

(Optional) Session ID <1-48> for this session

session-id

(Optional) Session ID <1-48> for this session

action

(Optional) Action

actionid

(Optional) redirect: Ethernet1/1,port-channel1 set-erspan-dscp: <1-63> set-erspan-gre-proto: <1-65535>

Command Mode

  • /exec/configure/ipacl

no

{ [ <seqno> ] | no } <permitdeny> <proto_tcp> { { { <src_any> | { <src_addr> <src_wild> } | <src_prefix> | { src_key_host <src_host> } | { src_key_addrgrp <src_addrgrp_name> } } [ { { <src_port_op> { <src_port0> | <src_port0_str> } } | { <src_port_range> { <src_port1> | <src_port1_str> } { <src_port2> | <src_port2_str> } } | src_portgroup <src_port_group> } ] { <dst_any> | { <dst_addr> <dst_wild> } | <dst_prefix> | { dst_key_host <dst_host> } | { dst_key_addrgrp <dst_addrgrp_name> } } [ { { <dst_port_op> { <dst_port0> | <dst_port0_str> } } | { <dst_port_range> { <dst_port1> | <dst_port1_str> } { <dst_port2> | <dst_port2_str> } } | dst_portgroup <dst_port_group> } ] { [ { dscp { <dscp_num> | <dscp_str> } } ] | [ { flow-label <flow_num> } ] | [ log ] [ time-range <time_range_name> ] | [ urg | ack | psh | rst | syn | fin | established ] | { tcp-flags-mask <tcp_flags_mask> } | [ packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } ] } + } | { { <src_any> | { <src_addr> <src_wild> } | <src_prefix> | { src_key_host <src_host> } | { src_key_addrgrp <src_addrgrp_name> } } { <dst_any> | { <dst_addr> <dst_wild> } | <dst_prefix> | { dst_key_host <dst_host> } | { dst_key_addrgrp <dst_addrgrp_name> } } { [ { dscp { <dscp_num> | <dscp_str> } } ] [ { flow-label <flow_num> } ] [ fragments ] [ log ] [ time-range <time_range_name> ] [ packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } ] [ { udf { <udf_name> <udf_val> <udf_mask> } + } ] } + } } [ vlan <vlanid> | ingress_intf { <intfid> | <intfname> } | vlan_priority <vlanpriorityid> ] + [ capture session <session-id> ] { [ <actionv6> <actionidv6> ] }

Syntax Description

seqno

(Optional) Sequence number

no

Negate a command or set its defaults

permitdeny

Permit/deny

proto_tcp

Protocol

vlan

(Optional) Configure match based on vlan

ingress_intf

(Optional) Configure match based on ingress interface

vlan_priority

(Optional) Configure match based on priority

udf

(Optional) User defined field match

udf_name

(Optional) UDF name

udf_val

(Optional) UDF value to match

udf_mask

(Optional) Mask to apply to UDF value

vlanid

(Optional) VLAN number

intfid

(Optional) Interface index

intfname

(Optional) Interface name

vlanpriorityid

(Optional) Vlan Priority

src_any

Any

src_key_host

A single source host

src_key_addrgrp

Source address group

src_addrgrp_name

Address group name

src_port_op

(Optional) Port operator

src_port_range

(Optional) Port range

src_port0

(Optional) Port number

src_port0_str

(Optional) TCP port

src_port1

(Optional) Port number

src_port1_str

(Optional) TCP port

src_port2

(Optional) Port number

src_port2_str

(Optional) TCP port

src_portgroup

(Optional) src port group

src_port_group

(Optional) Port group name

dst_any

Any

dst_key_host

A single destination host

dst_key_addrgrp

Destination address group

dst_addrgrp_name

Address group name

dst_port_op

(Optional) Port operator

dst_port_range

(Optional) Port range

dst_port0

(Optional) Port number

dst_port0_str

(Optional) TCP port

dst_port1

(Optional) Port number

dst_port1_str

(Optional) TCP port

dst_port2

(Optional) Port number

dst_port2_str

(Optional) TCP port

dst_portgroup

(Optional) dst port group

dst_port_group

(Optional) Port group name

dscp

(Optional) Match packets with given dscp value

dscp_num

(Optional) Differentiated services codepoint value

dscp_str

(Optional) Differentiated services codepoint label

flow-label

(Optional) Flow label

flow_num

(Optional) Flow label value

fragments

(Optional) Check non-initial fragments

log

(Optional) Log matches against this entry

time-range

(Optional) Specify a time range

time_range_name

(Optional) Time range name

packet-length

(Optional) Match packets based on layer 3 packet length

plen_op

(Optional) Packet-length operator

plen_range

(Optional) Packet-length range

plen0

(Optional) Packet length

plen1

(Optional) Lower packet length

plen2

(Optional) Higher packet length

tcp-flags-mask

Specify TCP Flags

tcp_flags_mask

TCP flags mask

urg

(Optional) Match on the URG bit

ack

(Optional) Match on the ACK bit

psh

(Optional) Match on the PSH bit

rst

(Optional) Match on the RST bit

syn

(Optional) Match on the SYN bit

fin

(Optional) Match on the FIN bit

established

(Optional) Match established connections

capture

(Optional) Enable packet capture on this filter for session

session

(Optional) Session ID <1-48> for this session

session-id

(Optional) Session ID <1-48> for this session

actionv6

(Optional) ActionV6

actionidv6

(Optional) redirect: Ethernet1/1,port-channel1 set-erspan-dscp: <1-63> set-erspan-gre-proto: <1-65535>

Command Mode

  • /exec/configure/ipv6acl

no

{ [ <seqno> ] | no } <permitdeny> <proto_udp> { { { <src_any> | { <src_addr> <src_wild> } | <src_prefix> | { src_key_host <src_host> } | { src_key_addrgrp <src_addrgrp_name> } } [ { { <src_port_op> { <src_port0> | <src_port0_str> } } | { <src_port_range> { <src_port1> | <src_port1_str> } { <src_port2> | <src_port2_str> } } | src_portgroup <src_port_group> } ] { <dst_any> | { <dst_addr> <dst_wild> } | <dst_prefix> | { dst_key_host <dst_host> } | { dst_key_addrgrp <dst_addrgrp_name> } } [ { { <dst_port_op> { <dst_port0> | <dst_port0_str> } } | { <dst_port_range> { <dst_port1> | <dst_port1_str> } { <dst_port2> | <dst_port2_str> } } | dst_portgroup <dst_port_group> } ] { [ { dscp { <dscp_num> | <dscp_str> } } ] [ { flow-label <flow_num> } ] [ log ] [ time-range <time_range_name> ] [ packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } ] } + } [ nve vni <vni-id> ] | { { <src_any> | { <src_addr> <src_wild> } | <src_prefix> | { src_key_host <src_host> } | { src_key_addrgrp <src_addrgrp_name> } } { <dst_any> | { <dst_addr> <dst_wild> } | <dst_prefix> | { dst_key_host <dst_host> } | { dst_key_addrgrp <dst_addrgrp_name> } } { [ { dscp { <dscp_num> | <dscp_str> } } ] [ { flow-label <flow_num> } ] [ fragments ] [ log ] [ time-range <time_range_name> ] [ packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } ] [ { udf { <udf_name> <udf_val> <udf_mask> } + } ] } + } } [ nve vni <vni-id> ] [ vlan <vlanid> | ingress_intf { <intfid> | <intfname> } | vlan_priority <vlanpriorityid> ] + [ capture session <session-id> ] { [ <actionv6> <actionidv6> ] }

Syntax Description

seqno

(Optional) Sequence number

no

Negate a command or set its defaults

permitdeny

Permit/deny

proto_udp

Protocol

vlan

(Optional) Configure match based on vlan

ingress_intf

(Optional) Configure match based on ingress interface

vlan_priority

(Optional) Configure match based on priority

udf

(Optional) User defined field match

udf_name

(Optional) UDF name

udf_val

(Optional) UDF value to match

udf_mask

(Optional) Mask to apply to UDF value

vlanid

(Optional) VLAN number

intfid

(Optional) Interface index

intfname

(Optional) Interface name

vlanpriorityid

(Optional) Vlan Priority

src_any

Any

src_key_host

A single source host

src_key_addrgrp

Source address group

src_addrgrp_name

Address group name

src_port_op

(Optional) Port operator

src_port_range

(Optional) Port range

src_port0

(Optional) Port number

src_port0_str

(Optional) UDP port

src_port1

(Optional) Port number

src_port1_str

(Optional) UDP port

src_port2

(Optional) Port number

src_port2_str

(Optional) UDP port

src_portgroup

(Optional) src port group

src_port_group

(Optional) Port group name

dst_any

Any

dst_key_host

A single destination host

dst_key_addrgrp

Destination address group

dst_addrgrp_name

Address group name

dst_port_op

(Optional) Port operator

dst_port_range

(Optional) Port range

dst_port0

(Optional) Port number

dst_port0_str

(Optional) UDP port

dst_port1

(Optional) Port number

dst_port1_str

(Optional) UDP port

dst_port2

(Optional) Port number

dst_port2_str

(Optional) UDP port

dst_portgroup

(Optional) dst port group

dst_port_group

(Optional) Port group name

dscp

(Optional) Match packets with given dscp value

dscp_num

(Optional) Differentiated services codepoint value

dscp_str

(Optional) Differentiated services codepoint label

flow-label

(Optional) Flow label

flow_num

(Optional) Flow label value

fragments

(Optional) Check non-initial fragments

log

(Optional) Log matches against this entry

time-range

(Optional) Specify a time range

time_range_name

(Optional) Time range name

packet-length

(Optional) Match packets based on layer 3 packet length

plen_op

(Optional) Packet-length operator

plen_range

(Optional) Packet-length range

plen0

(Optional) Packet length

plen1

(Optional) Lower packet length

plen2

(Optional) Higher packet length

capture

(Optional) Enable packet capture on this filter for session

session

(Optional) Session ID <1-48> for this session

session-id

(Optional) Session ID <1-48> for this session

nve

(Optional) VNI ID <0-16777215>

vni

(Optional) VNI ID <0-16777215>

vni-id

(Optional) VNI ID <0-16777215>

actionv6

(Optional) ActionV6

actionidv6

(Optional) redirect: Ethernet1/1,port-channel1 set-erspan-dscp: <1-63> set-erspan-gre-proto: <1-65535>

Command Mode

  • /exec/configure/ipv6acl

no

{ [ <seqno> ] | no } <permitdeny> <proto_sctp> { { { <src_any> | { <src_addr> <src_wild> } | <src_prefix> | { src_key_host <src_host> } | { src_key_addrgrp <src_addrgrp_name> } } [ { { <src_port_op> { <src_port0> | <src_port0_str> } } | { <src_port_range> { <src_port1> | <src_port1_str> } { <src_port2> | <src_port2_str> } } | src_portgroup <src_port_group> } ] { <dst_any> | { <dst_addr> <dst_wild> } | <dst_prefix> | { dst_key_host <dst_host> } | { dst_key_addrgrp <dst_addrgrp_name> } } [ { { <dst_port_op> { <dst_port0> | <dst_port0_str> } } | { <dst_port_range> { <dst_port1> | <dst_port1_str> } { <dst_port2> | <dst_port2_str> } } | dst_portgroup <dst_port_group> } ] { [ { dscp { <dscp_num> | <dscp_str> } } ] [ { flow-label <flow_num> } ] [ log ] [ time-range <time_range_name> ] [ packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } ] } + } | { { <src_any> | { <src_addr> <src_wild> } | <src_prefix> | { src_key_host <src_host> } | { src_key_addrgrp <src_addrgrp_name> } } { <dst_any> | { <dst_addr> <dst_wild> } | <dst_prefix> | { dst_key_host <dst_host> } | { dst_key_addrgrp <dst_addrgrp_name> } } { [ { dscp { <dscp_num> | <dscp_str> } } ] [ { flow-label <flow_num> } ] [ fragments ] [ log ] [ time-range <time_range_name> ] [ packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } ] [ { udf { <udf_name> <udf_val> <udf_mask> } + } ] } + } [ vlan <vlanid> | ingress_intf { <intfid> | <intfname> } | vlan_priority <vlanpriorityid> ] + [ capture session <session-id> ] }

Syntax Description

seqno

(Optional) Sequence number

no

Negate a command or set its defaults

permitdeny

Permit/deny

proto_sctp

Protocol

vlan

(Optional) Configure match based on vlan

ingress_intf

(Optional) Configure match based on ingress interface

vlan_priority

(Optional) Configure match based on priority

udf

(Optional) User defined field match

udf_name

(Optional) UDF name

udf_val

(Optional) UDF value to match

udf_mask

(Optional) Mask to apply to UDF value

vlanid

(Optional) VLAN number

intfid

(Optional) Interface index

intfname

(Optional) Interface name

vlanpriorityid

(Optional) Vlan Priority

src_any

Any

src_key_host

A single source host

src_key_addrgrp

Source address group

src_addrgrp_name

Address group name

src_port_op

(Optional) Port operator

src_port_range

(Optional) Port range

src_port0

(Optional) Port number

src_port0_str

(Optional) SCTP port

src_port1

(Optional) Port number

src_port1_str

(Optional) SCTP port

src_port2

(Optional) Port number

src_port2_str

(Optional) SCTP port

src_portgroup

(Optional) src port group

src_port_group

(Optional) Port group name

dst_any

Any

dst_key_host

A single destination host

dst_key_addrgrp

Destination address group

dst_addrgrp_name

Address group name

dst_port_op

(Optional) Port operator

dst_port_range

(Optional) Port range

dst_port0

(Optional) Port number

dst_port0_str

(Optional) SCTP port

dst_port1

(Optional) Port number

dst_port1_str

(Optional) SCTP port

dst_port2

(Optional) Port number

dst_port2_str

(Optional) SCTP port

dst_portgroup

(Optional) dst port group

dst_port_group

(Optional) Port group name

dscp

(Optional) Match packets with given dscp value

dscp_num

(Optional) Differentiated services codepoint value

dscp_str

(Optional) Differentiated services codepoint label

flow-label

(Optional) Flow label

flow_num

(Optional) Flow label value

fragments

(Optional) Check non-initial fragments

log

(Optional) Log matches against this entry

time-range

(Optional) Specify a time range

time_range_name

(Optional) Time range name

packet-length

(Optional) Match packets based on layer 3 packet length

plen_op

(Optional) Packet-length operator

plen_range

(Optional) Packet-length range

plen0

(Optional) Packet length

plen1

(Optional) Lower packet length

plen2

(Optional) Higher packet length

capture

(Optional) Enable packet capture on this filter for session

session

(Optional) Session ID <1-48> for this session

session-id

(Optional) Session ID <1-48> for this session

Command Mode

  • /exec/configure/ipv6acl

no

{ [ <seqno> ] | no } <permitdeny> <proto_icmpv6> { { { { <src_any> | { <src_addr> <src_wild> } | <src_prefix> | { src_key_host <src_host> } | { src_key_addrgrp <src_addrgrp_name> } } { <dst_any> | { <dst_addr> <dst_wild> } | <dst_prefix> | { dst_key_host <dst_host> } | { dst_key_addrgrp <dst_addrgrp_name> } } { [ { <icmpv6_type> [ <icmpv6_code> ] } | { dscp { <dscp_num> | <dscp_str> } } | { flow-label <flow_num> } | [ log ] [ time-range <time_range_name> ] | packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } ] + | [ <icmpv6_str> | { dscp { <dscp_num> | <dscp_str> } } | { flow-label <flow_num> } | [ log ] [ time-range <time_range_name> ] | packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } ] + } } | { { <src_any> | { <src_addr> <src_wild> } | <src_prefix> | { src_key_host <src_host> } | { src_key_addrgrp <src_addrgrp_name> } } { <dst_any> | { <dst_addr> <dst_wild> } | <dst_prefix> | { dst_key_host <dst_host> } | { dst_key_addrgrp <dst_addrgrp_name> } } { [ { dscp { <dscp_num> | <dscp_str> } } ] [ { flow-label <flow_num> } ] [ fragments ] [ log ] [ time-range <time_range_name> ] [ packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } ] [ { udf { <udf_name> <udf_val> <udf_mask> } + } ] } + } } [ vlan <vlanid> | ingress_intf { <intfid> | <intfname> } | vlan_priority <vlanpriorityid> ] + [ capture session <session-id> ] { [ <actionv6> <actionidv6> ] } }

Syntax Description

seqno

(Optional) Sequence number

no

Negate a command or set its defaults

permitdeny

Permit/deny

proto_icmpv6

Protocol

vlan

(Optional) Configure match based on vlan

ingress_intf

(Optional) Configure match based on ingress interface

vlan_priority

(Optional) Configure match based on priority

udf

(Optional) User defined field match

udf_name

(Optional) UDF name

udf_val

(Optional) UDF value to match

udf_mask

(Optional) Mask to apply to UDF value

vlanid

(Optional) VLAN number

intfid

(Optional) Interface index

intfname

(Optional) Interface name

vlanpriorityid

(Optional) Vlan Priority

src_any

Any

src_key_host

A single source host

src_key_addrgrp

Source address group

src_addrgrp_name

Address group name

dst_any

Any

dst_key_host

A single destination host

dst_key_addrgrp

Destination address group

dst_addrgrp_name

Address group name

dscp

(Optional) Match packets with given dscp value

dscp_num

(Optional) Differentiated services codepoint value

dscp_str

(Optional) Differentiated services codepoint label

flow-label

(Optional) Flow label

flow_num

(Optional) Flow label value

fragments

(Optional) Check non-initial fragments

log

(Optional) Log matches against this entry

time-range

(Optional) Specify a time range

time_range_name

(Optional) Time range name

packet-length

(Optional) Match packets based on layer 3 packet length

plen_op

(Optional) Packet-length operator

plen_range

(Optional) Packet-length range

plen0

(Optional) Packet length

plen1

(Optional) Lower packet length

plen2

(Optional) Higher packet length

icmpv6_type

(Optional) ICMPv6 message type

icmpv6_code

(Optional) ICMPv6 message code

icmpv6_str

(Optional) ICMPv6 label

capture

(Optional) Enable packet capture on this filter for session

session

(Optional) Session ID <1-48> for this session

session-id

(Optional) Session ID <1-48> for this session

actionv6

(Optional) ActionV6

actionidv6

(Optional) redirect: Ethernet1/1,port-channel1 set-erspan-dscp: <1-63> set-erspan-gre-proto: <1-65535>

Command Mode

  • /exec/configure/ipv6acl

no

{ { [ <seqno> ] | no } <permitdeny> { { [ <arp_request> ] req_ip { <sender1_ip_any> | { { <sender1_host> <sender1_ip> | { <sender1_net_ip> <sender1_ip_mask> } } } } mac { <sender1_mac_any> | { { <sender1_mac_host> <sender1_mac> | { <sender1_net_mac> <sender1_mac_mask> } } } } } | { <arp_response> resp_ip { <sender2_ip_any> | { { <sender2_host> <sender2_ip> | { <sender2_net_ip> <sender2_ip_mask> } } } } { <target_ip_any> | { { <target_host> <target_ip> | { <target_net_ip> <target_ip_mask> } } } } mac { <sender2_mac_any> | { { <sender2_mac_host> <sender2_mac> | { <sender2_net_mac> <sender2_mac_mask> } } } } [ { <target_mac_any> | { { <target_mac_host> <target_mac> | { <target_net_mac> <target_mac_mask> } } } } ] } } [ <arp_log> ] [ capture session <session-id> ] }

Syntax Description

seqno

(Optional) Sequence number

no

Negate a command or set its defaults

permitdeny

Permit/deny

req_ip

Any IP protocol

resp_ip

Any IP protocol

arp_request

(Optional) ARP_Request

arp_response

ARP_Response

sender1_ip_any

Any

sender1_host

Host

sender1_ip

IP address <a.b.c.d>

sender1_net_ip

IP address <a.b.c.d>

sender1_ip_mask

IP mask <a.b.c.d>

sender2_ip_any

Any

sender2_host

Host

sender2_ip

IP address <a.b.c.d>

sender2_net_ip

IP address <a.b.c.d>

sender2_ip_mask

IP mask <a.b.c.d>

target_ip_any

Any

target_host

Host

target_ip

IP address <a.b.c.d>

target_net_ip

IP address <a.b.c.d>

target_ip_mask

IP mask <a.b.c.d>

mac

MAC configuration commands

sender1_mac_any

Any

sender1_mac_host

Host

sender1_mac

MAC address EEEE.EEEE.EEEE

sender1_net_mac

MAC address EEEE.EEEE.EEEE

sender1_mac_mask

MAC mask EEEE.EEEE.EEEE

sender2_mac_any

Any

sender2_mac_host

Host

sender2_mac

MAC address EEEE.EEEE.EEEE

sender2_net_mac

MAC address EEEE.EEEE.EEEE

sender2_mac_mask

MAC mask EEEE.EEEE.EEEE

target_mac_any

(Optional) Any

target_mac_host

(Optional) Host

target_mac

(Optional) MAC address EEEE.EEEE.EEEE

target_net_mac

(Optional) MAC address EEEE.EEEE.EEEE

target_mac_mask

(Optional) MAC mask EEEE.EEEE.EEEE

arp_log

(Optional) Log

capture

(Optional) Enable packet capture on this filter for session

session

(Optional) Session ID <1-48> for this session

session-id

(Optional) Session ID <1-48> for this session

Command Mode

  • /exec/configure/arpacl

no

{ [ <seqno> ] | no } { <addr> <wild> | <prefix> | host <hostaddr> }

Syntax Description

seqno

(Optional) Sequence number

no

Negate a command or set its defaults

addr

A.B.C.D Network address of object-group member

wild

A.B.C.D wildcard

prefix

A.B.C.D/nn Network prefix of the object-group member

host

Host address of the object-group member

hostaddr

A.B.C.D Host address

Command Mode

  • /exec/configure/ipgroup

no

{ [ <seqno> ] | no } { <addr> <wild> | <prefix> | host <hostaddr> }

Syntax Description

seqno

(Optional) Sequence number

no

Negate a command or set its defaults

host

Host address of the object-group member

Command Mode

  • /exec/configure/ipv6group

no

{ [ <seqno> ] | no } { <_port_op> <port0_num> | <_port_range> <port1_num> <port2_num> }

Syntax Description

seqno

(Optional) Sequence number

no

Negate a command or set its defaults

_port_op

Port operator

_port_range

Port range

port0_num

Port number

port1_num

Port number

port2_num

Port number

Command Mode

  • /exec/configure/portgroup

no

[no] { userprofile | trustedCert | CRLLookup | user-switch-bind | user-certdn-match | user-pubkey-match }

Syntax Description

no

Negate a command or set its defaults

userprofile

Delete the userprofile

trustedCert

Delete the trustedCert

CRLLookup

Delete the CRLLookup

user-switch-bind

Delete the user-switch-bind

user-certdn-match

Delete the certificate matching

user-pubkey-match

Delete the pubkey matching

Command Mode

  • /exec/configure/ldap/search

node

[no] node [ ip <ip-addr> | IPv6 <ip-addrv6> ]

Syntax Description

no

(Optional) Negate a command or set its defaults

node

ITD node

ip

(Optional) ITD node IPv4 address

ip-addr

(Optional) ITD node IP4 prefix in format i.i.i.i

IPv6

(Optional) ITD node IPv6 address

Command Mode

  • /exec/configure/itd-device-group

node

[no] node [ ip <ip-addr> | IPv6 <ip-addrv6> ]

Syntax Description

no

(Optional) Negate a command or set its defaults

node

Catena device-group node

ip

(Optional) Catena device-group node IPv4 address

ip-addr

(Optional) Catena device-group node IP4 prefix in format i.i.i.i

IPv6

(Optional) Catena device-group node IPv6 address

Command Mode

  • /exec/configure/catena-device-grp

node

[no] node [ ip <ip-addr> | IPv6 <ip-addrv6> ]

Syntax Description

no

(Optional) Negate a command or set its defaults

node

ITD node

ip

(Optional) ITD node IPv4 address

ip-addr

(Optional) ITD node IP4 prefix in format i.i.i.i

IPv6

(Optional) ITD node IPv6 address

Command Mode

  • /exec/configure/itd-session-device-group

node ip

[no] node { ip <ip-addr> | IPv6 <ip-addrv6> }

Syntax Description

no

(Optional) Negate a command or set its defaults

node

Configure nodes for PLB device group

ip

node IPv4 address

ip-addr

IP4 prefix in format i.i.i.i

IPv6

node IPv6 address

Command Mode

  • /exec/configure/plb-session-device-group

node ip

[no] node { ip <ip-addr> | IPv6 <ip-addrv6> }

Syntax Description

no

(Optional) Negate a command or set its defaults

node

Configure nodes for PLB device group

ip

node IPv4 address

ip-addr

IP4 prefix in format i.i.i.i

IPv6

node IPv6 address

Command Mode

  • /exec/configure/plb-device-group

nsf await-redist-proto-convergence

{ [ no ] nsf await-redist-proto-convergence }

Syntax Description

no

(Optional) Negate a command or set its defaults

nsf

Non-stop forwarding

await-redist-proto-convergence

Specify whether EIGRP should wait for other protocols to converge before advertising routes

Command Mode

  • /exec/configure/router-eigrp/router-eigrp-vrf-common /exec/configure/router-eigrp/router-eigrp-af-common

ntp access-group

[no] ntp access-group { peer | serve-only | serve | query-only } <acl-name>

Syntax Description

no

(Optional) Negate a command or set its default

ntp

NTP configuration

access-group

NTP access-group

peer

access-group peer

serve

access-group serve

serve-only

access-group serve-only

query-only

access-group query-only

acl-name

Name of access list

Command Mode

  • /exec/configure

ntp access-group match-all

[no] ntp access-group match-all

Syntax Description

no

(Optional) Negate a command or set its default

ntp

NTP configuration

access-group

NTP access-group

match-all

Scan ACLs present in all ntp access groups

Command Mode

  • /exec/configure

ntp allow private

[no] ntp allow { private | control [ rate-limit <delay> ] }

Syntax Description

no

(Optional) Negate a command or set its default

ntp

NTP configuration

allow

Enable/Disable the packets

private

Enable/Disable Private mode packets

control

Enable/Disable Control mode packets

rate-limit

(Optional) Rate-limit the control packets

delay

(Optional) Rate-limit delay (Default 3)

Command Mode

  • /exec/configure

ntp authenticate

[no] ntp authenticate

Syntax Description

no

(Optional) Negate a command or set its default

ntp

NTP configuration

authenticate

Enable/Disable authentication

Command Mode

  • /exec/configure

ntp authentication-key md5

[no] ntp authentication-key <number> md5 <md5> [ 0 | 7 ]

Syntax Description

no

(Optional) Negate a command or set its default

ntp

NTP configuration

authentication-key

NTP authentication key

number

authentication key number (range 1-65535)

md5

use md5 authentication scheme

md5

MD5 string

0

(Optional) clear text

7

(Optional) encrypted

Command Mode

  • /exec/configure

ntp drop-aged-packet

[no] ntp drop-aged-packet

Syntax Description

no

(Optional) Negate a command or set its defaults

ntp

NTP Configuration

drop-aged-packet

Enable or disable Riviera Timestamp Check.

Command Mode

  • /exec/configure

ntp enable ntpd-logfile debug-level

[no] ntp enable ntpd-logfile debug-level <level>

Syntax Description

no

(Optional) Negate a command or set its default

ntp

NTP configuration

enable

Enable logging

ntpd-logfile

NTP daemon logs

debug-level

debug level of logs

level

debug level of logs

Command Mode

  • /exec/configure

ntp logging

[no] ntp logging

Syntax Description

no

(Optional) Negate a command or set its default

ntp

NTP configuration

logging

Enable/Disable logging of NTPD Events

Command Mode

  • /exec/configure

ntp master

[no] ntp master [ <stratum-no> ]

Syntax Description

no

(Optional) Negate a command or set its default

ntp

NTP configuration

master

Act as NTP master clock

stratum-no

(Optional) Stratum number

Command Mode

  • /exec/configure

ntp passive

[no] ntp passive

Syntax Description

no

(Optional) Negate a command or set its default

ntp

NTP configuration

passive

NTP passive command

Command Mode

  • /exec/configure

ntp peer

[no] ntp peer <host0> [ prefer | key <keyid> | use-vrf { <vrf-name> | <vrf-known-name> } | minpoll <minpoll> | maxpoll <maxpoll> ] +

Syntax Description

no

(Optional) Negate a command or set its defaults

ntp

NTP Configuration

peer

NTP Peer address

host0

Hostname/IP address of the NTP Peer

prefer

(Optional) Preferred Server

key

(Optional) Keyid to be used while communicating to this server

keyid

(Optional) Value of keyid 1-65535

use-vrf

(Optional) Display per-VRF information

vrf-name

(Optional) VRF name

vrf-known-name

(Optional) Known VRF name

minpoll

(Optional) Minimum interval to poll a peer

minpoll

(Optional) Poll interval in secs to a power of 2 [default 4]

maxpoll

(Optional) Maximum interval to poll a peer

maxpoll

(Optional) Poll interval in secs to a power of 2 [default 6]

Command Mode

  • /exec/configure

ntp rts-update

[no] ntp rts-update

Syntax Description

no

(Optional) Negate a command or set its defaults

ntp

NTP Configuration

rts-update

Enable or disable RTS update to linecards.

Command Mode

  • /exec/configure

ntp server

[no] ntp server <host0> [ prefer | key <keyid> | use-vrf { <vrf-name> | <vrf-known-name> } | minpoll <minpoll> | maxpoll <maxpoll> ] +

Syntax Description

no

(Optional) Negate a command or set its defaults

ntp

NTP Configuration

server

NTP server address

host0

Hostname/IP address of the NTP Server

prefer

(Optional) Preferred Server

key

(Optional) Keyid to be used while communicating to this server

keyid

(Optional) Value of keyid 1-65535

use-vrf

(Optional) Display per-VRF information

vrf-name

(Optional) VRF name

vrf-known-name

(Optional) Known VRF name

minpoll

(Optional) Minimum interval to poll a server

minpoll

(Optional) Poll interval in secs to a power of 2 [default 4]

maxpoll

(Optional) Maximum interval to poll a server

maxpoll

(Optional) Poll interval in secs to a power of 2 [default 6]

Command Mode

  • /exec/configure

ntp source-interface

[no] ntp source-interface <interface>

Syntax Description

no

(Optional) Negate a command or set its default

ntp

NTP configuration

source-interface

Source interface sending NTP packets

interface

Source interface

Command Mode

  • /exec/configure

ntp source

[no] ntp source <ip-addr>

Syntax Description

no

(Optional) Negate a command or set its default

ntp

NTP Configuration

source

Source of NTP packets

ip-addr

IPv4/IPv6 address

Command Mode

  • /exec/configure

ntp sync-retry

ntp sync-retry

Syntax Description

ntp

NTP configuration

sync-retry

Retry synchronization with configured servers

Command Mode

  • /exec

ntp trusted-key

[no] ntp trusted-key <number>

Syntax Description

no

(Optional) Negate a command or set its default

ntp

NTP configuration

trusted-key

NTP trusted-key

number

trusted-key number

Command Mode

  • /exec/configure

nv overlay evpn

[no] nv overlay evpn

Syntax Description

no

(Optional) Negate a command or set its defaults

nv

Command to enable/disable features

overlay

Command to enable/disable features

evpn

Enable/Disable Ethernet VPN (EVPN)

Command Mode

  • /exec/configure

nve enable history

[no] nve enable history { all | vni | peer | port }

Syntax Description

no

(Optional) Negate a command or set its defaults

nve

Display NVE information

enable

enable knob for all, vni, port and peer history

history

history for vni|port|peer

all

vni

peer

port

Command Mode

  • /exec/configure

nve event-history size

nve event-history { <buffer-name> } size { <size_in_text> | <size_in_bytes> }

Syntax Description

nve

Display NVE information

event-history

Configure the event-history buffers

buffer-name

Event history buffer whose size is to be configured

size

Configure the buffer sizes

size_in_text

Size of event history buffer

size_in_bytes

Size in bytes in the renage 1-5000000

Command Mode

  • /exec/configure

nve interface remap-replication-servers

nve interface <nve-if> remap-replication-servers

Syntax Description

nve

Configure NVE information

interface

Interface

nve-if

NVE interface

remap-replication-servers

Remap Replication servers to VNIs

Command Mode

  • /exec

nve interface replication-server up

nve interface <nve-if> replication-server <rep-addr> { up | down }

Syntax Description

nve

Configure NVE information

interface

Interface

nve-if

NVE interface

replication-server

Configure a replication server

rep-addr

Replication Server IP Address

up

mark replication-server up

down

mark replication-server down

Command Mode

  • /exec

nve oam mode draft-pang

[no] nve oam mode draft-pang

Syntax Description

no

(Optional) Negate a command or set its defaults

nve

VxLAN functionality

oam

VxLAN OAM functionality

mode

Choose operation mode for OAM

draft-pang

OAM implementation as per Draft Pang

Command Mode

  • /exec/configure

nxapi certificate

{ nxapi certificate { { httpskey { keyfile <uri0> | <line> } } | { httpscrt { certfile <uri1> | <line1> } } | { enable } } }

Syntax Description

nxapi

Configure nxapi

certificate

Https certificate configuration

httpskey

Https private key

httpscrt

Https certificate

keyfile

Https key file

certfile

Https certificate file

enable

Enable the current certificate

uri0

File containing https private key for the user

line

nxapi https private key

uri1

File containing https certificate

line1

nxapi https certificate

Command Mode

  • /exec/configure

nxapi flow

{ [ no ] nxapi flow }

Syntax Description

no

(Optional) Negate a command or set its defaults

nxapi

Configure nxapi

flow

allow frontend to access /sys/flow/

Command Mode

  • /exec/configure

nxapi http port

{ nxapi { http | https } port <s0> } | { no nxapi { http | https } } | { no nxapi { http | https } port <s0> }

Syntax Description

no

Negate a command or set its defaults

nxapi

Configure nxapi

http

Http configuration

https

Https configuration

port

Port number

s0

Port number. Please do not use well-known protocol ports

Command Mode

  • /exec/configure

nxapi use-vrf management default

{ nxapi use-vrf { management | default | <vrf_name> } } | { no nxapi use-vrf { management | default | <vrf_name> } }

Syntax Description

no

Negate a command or set its defaults

nxapi

Configure nxapi

use-vrf

vrf to be used for nxapi communication

management

management vrf

default

default vrf

vrf_name

name of the vrf

Command Mode

  • /exec/configure

nxsdk enable app

[no] nxsdk enable app <app-index>

Syntax Description

no

(Optional) Negate a command or set its defaults

nxsdk

NXOS SDK

enable

Command to enable/disable nxsdk application

app

Enable/disable application

app-index

Application index

Command Mode

  • /exec

nxsdk service-name

{ [ no ] nxsdk service-name <service-name> }

Syntax Description

nxsdk

NXOS SDK

service-name

Complete path and name of file to execute

service-name

Service name

Command Mode

  • /exec/configure